kimaki 0.4.80 → 0.4.82

package/dist/anthropic-auth-plugin.js

@@ -15,6 +15,7 @@
  * - https://github.com/badlogic/pi-mono/blob/main/packages/ai/src/providers/anthropic.ts
  */
 import { generatePKCE } from "@openauthjs/openauth/pkce";
+import { spawn } from "node:child_process";
 import * as fs from "node:fs/promises";
 import { createServer } from "node:http";
 import { homedir } from "node:os";
@@ -62,37 +63,88 @@ const OPENCODE_TO_CLAUDE_CODE_TOOL_NAME = {
     write: "Write",
 };
 // --- HTTP helpers ---
-const MAX_RETRIES = 3;
-const BASE_DELAY_MS = 2_000;
-async function sleep(ms) {
-    return new Promise((resolve) => { setTimeout(resolve, ms); });
+// Claude OAuth token exchange can 429 when this runs inside the opencode auth
+// process, even with the same payload that succeeds in a plain Node process.
+// Run these OAuth-only HTTP calls in an isolated Node child to avoid whatever
+// parent-process runtime state is affecting the in-process requests.
+async function requestText(urlString, options) {
+    return new Promise((resolve, reject) => {
+        const payload = JSON.stringify({
+            body: options.body,
+            headers: options.headers,
+            method: options.method,
+            url: urlString,
+        });
+        const child = spawn("node", ["-e", `
+const input = JSON.parse(process.argv[1]);
+(async () => {
+  const response = await fetch(input.url, {
+    method: input.method,
+    headers: input.headers,
+    body: input.body,
+  });
+  const text = await response.text();
+  if (!response.ok) {
+    console.error(JSON.stringify({ status: response.status, body: text }));
+    process.exit(1);
+  }
+  process.stdout.write(text);
+})().catch((error) => {
+  console.error(error instanceof Error ? error.stack ?? error.message : String(error));
+  process.exit(1);
+});
+    `.trim(), payload], {
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        const timeout = setTimeout(() => {
+            child.kill();
+            reject(new Error(`Request timed out. url=${urlString}`));
+        }, 30_000);
+        child.stdout.on("data", (chunk) => {
+            stdout += String(chunk);
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += String(chunk);
+        });
+        child.on("error", (error) => {
+            clearTimeout(timeout);
+            reject(error);
+        });
+        child.on("close", (code) => {
+            clearTimeout(timeout);
+            if (code !== 0) {
+                let details = stderr.trim();
+                try {
+                    const parsed = JSON.parse(details);
+                    if (typeof parsed.status === "number") {
+                        reject(new Error(`HTTP ${parsed.status} from ${urlString}: ${parsed.body ?? ""}`));
+                        return;
+                    }
+                }
+                catch {
+                    // fall back to raw stderr
+                }
+                reject(new Error(details || `Node helper exited with code ${code}`));
+                return;
+            }
+            resolve(stdout);
+        });
+    });
 }
 async function postJson(url, body) {
-    const jsonBody = JSON.stringify(body);
-    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
-        const response = await fetch(url, {
-            method: "POST",
-            headers: { "Content-Type": "application/json", Accept: "application/json" },
-            body: jsonBody,
-            signal: AbortSignal.timeout(30_000),
-        });
-        if (response.status === 429 && attempt < MAX_RETRIES) {
-            // Respect Retry-After header if present, otherwise exponential backoff
-            const retryAfter = response.headers.get("retry-after");
-            const delayMs = retryAfter
-                ? Math.min(Number(retryAfter) * 1000, 60_000)
-                : BASE_DELAY_MS * 2 ** attempt;
-            console.warn(`[anthropic-auth] 429 from ${url}, retrying in ${delayMs}ms (attempt ${attempt + 1}/${MAX_RETRIES})`);
-            await sleep(delayMs);
-            continue;
-        }
-        if (!response.ok) {
-            const text = await response.text().catch(() => "");
-            throw new Error(`HTTP ${response.status} from ${url}: ${text}`);
-        }
-        return response.json();
-    }
-    throw new Error(`Exhausted retries for ${url}`);
+    const requestBody = JSON.stringify(body);
+    const responseText = await requestText(url, {
+        method: "POST",
+        headers: {
+            Accept: "application/json",
+            "Content-Length": String(Buffer.byteLength(requestBody)),
+            "Content-Type": "application/json",
+        },
+        body: requestBody,
+    });
+    return JSON.parse(responseText);
 }
 // --- File lock for token refresh ---
 let pendingRefresh;
@@ -163,33 +215,16 @@ async function refreshAnthropicToken(refreshToken) {
     };
 }
 async function createApiKey(accessToken) {
-    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
-        const response = await fetch(CREATE_API_KEY_URL, {
-            method: "POST",
-            headers: {
-                Accept: "application/json",
-                authorization: `Bearer ${accessToken}`,
-                "Content-Type": "application/json",
-            },
-            signal: AbortSignal.timeout(30_000),
-        });
-        if (response.status === 429 && attempt < MAX_RETRIES) {
-            const retryAfter = response.headers.get("retry-after");
-            const delayMs = retryAfter
-                ? Math.min(Number(retryAfter) * 1000, 60_000)
-                : BASE_DELAY_MS * 2 ** attempt;
-            console.warn(`[anthropic-auth] 429 creating API key, retrying in ${delayMs}ms (attempt ${attempt + 1}/${MAX_RETRIES})`);
-            await sleep(delayMs);
-            continue;
-        }
-        if (!response.ok) {
-            const text = await response.text().catch(() => "");
-            throw new Error(`HTTP ${response.status} creating API key: ${text}`);
-        }
-        const json = (await response.json());
-        return { type: "success", key: json.raw_key };
-    }
-    throw new Error(`Exhausted retries for ${CREATE_API_KEY_URL}`);
+    const responseText = await requestText(CREATE_API_KEY_URL, {
+        method: "POST",
+        headers: {
+            Accept: "application/json",
+            authorization: `Bearer ${accessToken}`,
+            "Content-Type": "application/json",
+        },
+    });
+    const json = JSON.parse(responseText);
+    return { type: "success", key: json.raw_key };
 }
 async function startCallbackServer(expectedState) {
     return new Promise((resolve, reject) => {
@@ -317,6 +352,7 @@ function buildAuthorizeHandler(mode) {
     return async () => {
         const auth = await beginAuthorizationFlow();
         const isRemote = Boolean(process.env.KIMAKI);
+        let pendingAuthResult;
         const finalize = async (result) => {
             const verifier = auth.verifier;
             const creds = await exchangeAuthorizationCode(result.code, result.state || verifier, verifier, REDIRECT_URI);
@@ -331,14 +367,17 @@ function buildAuthorizeHandler(mode) {
                 instructions: "Complete login in your browser on this machine. OpenCode will catch the localhost callback automatically.",
                 method: "auto",
                 callback: async () => {
-                    try {
-                        const result = await waitForCallback(auth.callbackServer);
-                        return finalize(result);
-                    }
-                    catch (error) {
-                        console.error(`[anthropic-auth] ${error}`);
-                        return { type: "failed" };
-                    }
+                    pendingAuthResult ??= (async () => {
+                        try {
+                            const result = await waitForCallback(auth.callbackServer);
+                            return await finalize(result);
+                        }
+                        catch (error) {
+                            console.error(`[anthropic-auth] ${error}`);
+                            return { type: "failed" };
+                        }
+                    })();
+                    return pendingAuthResult;
                 },
             };
         }
@@ -347,14 +386,17 @@ function buildAuthorizeHandler(mode) {
             instructions: "Complete login in your browser, then paste the final redirect URL from the address bar here. Pasting just the authorization code also works.",
             method: "code",
             callback: async (input) => {
-                try {
-                    const result = await waitForCallback(auth.callbackServer, input);
-                    return finalize(result);
-                }
-                catch (error) {
-                    console.error(`[anthropic-auth] ${error}`);
-                    return { type: "failed" };
-                }
+                pendingAuthResult ??= (async () => {
+                    try {
+                        const result = await waitForCallback(auth.callbackServer, input);
+                        return await finalize(result);
+                    }
+                    catch (error) {
+                        console.error(`[anthropic-auth] ${error}`);
+                        return { type: "failed" };
+                    }
+                })();
+                return pendingAuthResult;
             },
         };
     };