openai-ws-opencode 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Jared Boynton
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,129 @@
+# openai-ws-opencode
+
+Standalone OpenCode provider plugin for routing OpenAI Responses API streaming requests over WebSocket transport.
+
+## What it provides
+
+- Provider id: `openai-ws`
+- API-key transport: `wss://api.openai.com/v1/responses`
+- ChatGPT/Codex OAuth transport: `wss://chatgpt.com/backend-api/codex/responses`
+- Curated GPT/Codex model table with OpenCode variants
+- Best-effort model refresh from OpenCode's public `models.dev` catalog at auth-load time
+- WebSocket-to-SSE bridge so OpenCode can keep using its normal streaming path
+
+## Install
+
+```sh
+npm install -g openai-ws-opencode
+openai-ws-opencode setup --global
+opencode auth login openai-ws
+```
+
+For project-local setup:
+
+```sh
+openai-ws-opencode setup --project
+opencode auth login openai-ws
+```
+
+The setup command is idempotent. It adds the npm plugin entry and a fallback `provider.openai-ws` model registry to `opencode.json`, preserving existing user model overrides.
+
+At runtime the plugin also attempts a short best-effort fetch from `https://models.dev/api.json` to pick up newly listed GPT/Codex models. It falls back to the bundled table if the catalog is unavailable. The OpenAI `/v1/models` endpoint is not used for catalog discovery because it requires authentication and returns only basic IDs/ownership metadata, not OpenCode capabilities, limits, or variants.
+
+Set `OPENAI_WS_OPENCODE_SKIP_CATALOG=1` to skip the `models.dev` lookup and use only the bundled fallback table plus your config overrides.
+
+## Manual config
+
+If you do not want to use the setup command, add this shape to your OpenCode config and copy model entries from `openai-ws-opencode setup --path <temp-file>` output:
+
+```jsonc
+{
+  "$schema": "https://opencode.ai/config.json",
+  "plugin": ["openai-ws-opencode@latest"],
+  "provider": {
+    "openai-ws": {
+      "name": "OpenAI WebSocket",
+      "api": "https://api.openai.com/v1",
+      "npm": "@ai-sdk/openai",
+      "models": {
+        "gpt-5.3-codex": {
+          "name": "GPT 5.3 Codex (WebSocket)",
+          "reasoning": true,
+          "temperature": false,
+          "attachment": true,
+          "tool_call": true,
+          "limit": { "context": 400000, "input": 272000, "output": 128000 },
+          "modalities": { "input": ["text", "image"], "output": ["text"] },
+          "options": {},
+          "provider": { "npm": "@ai-sdk/openai", "api": "https://api.openai.com/v1" }
+        }
+      }
+    }
+  }
+}
+```
+
+## Auth modes
+
+### API key
+
+Choose **OpenAI (WebSocket) - API Key** during `opencode auth login openai-ws`.
+
+This path uses the public OpenAI Responses WebSocket endpoint and sends:
+
+- `Authorization: Bearer <OPENAI_API_KEY>`
+- `OpenAI-Beta: responses_websockets=2026-02-06`
+
+### ChatGPT/Codex OAuth
+
+Choose the browser or headless ChatGPT Pro/Plus OAuth option during `opencode auth login openai-ws`.
+
+This path uses the Codex/ChatGPT backend and sends:
+
+- `Authorization: Bearer <access-token>`
+- `ChatGPT-Account-Id` when available
+- `originator: codex_cli_rs`
+- `OpenAI-Beta: responses_websockets=2026-02-06`
+
+Important: the OAuth/Codex WebSocket path is unofficial, reuses Codex OAuth behavior, targets a private ChatGPT backend, can break without notice, and may carry account or terms-of-service risk. This project is not affiliated with OpenAI or OpenCode.
+
+## Local development install
+
+From this repo:
+
+```sh
+bun install
+bun run build
+npm pack
+```
+
+Then point OpenCode at the packed tarball through the plugin array:
+
+```jsonc
+{
+  "plugin": ["openai-ws-opencode@file:/absolute/path/openai-ws-opencode-0.1.0.tgz"]
+}
+```
+
+Direct `file:///absolute/path/dist/index.js` imports are useful for debugging, but npm/tarball installs better match how OpenCode resolves dependencies.
+
+## Development
+
+```sh
+bun install
+bun run lint
+bun run typecheck
+bun test
+bun run build
+npm pack --dry-run
+```
+
+The root package export intentionally exposes only the OpenCode plugin function because OpenCode calls every function exported by the root module. Test helpers are available from `openai-ws-opencode/testing`.
+
+## Troubleshooting
+
+- **Provider is not visible:** run `openai-ws-opencode setup --global` or add `provider.openai-ws` manually.
+- **Missing auth:** run `opencode auth login openai-ws`.
+- **OAuth refresh failed:** re-run `opencode auth login openai-ws` and choose a ChatGPT OAuth method.
+- **WebSocket 401/403:** verify the selected auth mode and account entitlement. OAuth/Codex behavior may change upstream.
+- **Local `file://` install cannot find `ws`:** use the packed tarball install path or add dependencies to your OpenCode config directory.

package/SECURITY.md

@@ -0,0 +1,11 @@
+# Security Policy
+
+Report security issues privately to the repository owner instead of opening a public issue.
+
+This plugin does not intentionally log API keys, OAuth access tokens, refresh tokens, authorization headers, or account IDs. Do not attach secrets, auth JSON files, screenshots containing tokens, or raw request headers to bug reports.
+
+The ChatGPT/Codex OAuth transport uses unofficial backend behavior and may change without notice. Review your OpenAI/OpenCode account policies before using it. If the Codex OAuth client or backend behavior is revoked or materially changes, the mitigation path is to disable the OAuth/Codex auth method in a patch release while keeping API-key transport available.
+
+The plugin performs a short best-effort request to `https://models.dev/api.json` to refresh public model metadata unless `OPENAI_WS_OPENCODE_SKIP_CATALOG=1` is set. No credentials are sent to that catalog endpoint.
+
+Before release, maintainers should run validators, inspect `git diff`, run a secrets scan, and inspect `npm pack --dry-run` output for accidental credential or local-config inclusion.

package/bin/setup.js

@@ -0,0 +1,239 @@
+#!/usr/bin/env node
+
+// bin/setup.ts
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { applyEdits, format, modify, parse } from "jsonc-parser";
+
+// src/constants.ts
+var OPENAI_API_BASE = "https://api.openai.com/v1";
+var CODEX_API_BASE = "https://chatgpt.com/backend-api/codex";
+var CODEX_API_ENDPOINT = `${CODEX_API_BASE}/responses`;
+
+// src/models/defaults.ts
+function makeVariants(efforts, includeSummary = true) {
+  return Object.fromEntries(efforts.map((effort) => [
+    effort,
+    {
+      reasoningEffort: effort,
+      ...includeSummary ? { reasoningSummary: "auto" } : {},
+      include: ["reasoning.encrypted_content"]
+    }
+  ]));
+}
+var OPENAI_WS_MODELS = {
+  "gpt-5.5": {
+    name: "GPT 5.5 (WebSocket)",
+    reasoning: true,
+    temperature: false,
+    limit: { context: 1050000, input: 922000, output: 128000 },
+    variants: makeVariants(["none", "minimal", "low", "medium", "high"]),
+    release_date: "2026-04-23"
+  },
+  "gpt-5.5-pro": {
+    name: "GPT 5.5 Pro (WebSocket)",
+    reasoning: true,
+    temperature: false,
+    limit: { context: 1050000, input: 922000, output: 128000 },
+    variants: makeVariants(["high"], false),
+    family: "gpt-pro",
+    release_date: "2026-04-23"
+  },
+  "gpt-5.4": {
+    name: "GPT 5.4 (WebSocket)",
+    reasoning: true,
+    temperature: true,
+    limit: { context: 1050000, output: 128000 },
+    variants: makeVariants(["none", "minimal", "low", "medium", "high"]),
+    release_date: "2026-03-05"
+  },
+  "gpt-5.3-codex": {
+    name: "GPT 5.3 Codex (WebSocket)",
+    reasoning: true,
+    temperature: false,
+    limit: { context: 400000, input: 272000, output: 128000 },
+    variants: makeVariants(["low", "medium", "high"]),
+    family: "gpt-codex",
+    release_date: "2026-02-05"
+  },
+  "gpt-5.3-codex-spark": {
+    name: "GPT 5.3 Codex Spark (WebSocket)",
+    reasoning: true,
+    temperature: false,
+    limit: { context: 128000, output: 128000 },
+    variants: makeVariants(["low", "medium", "high"], false),
+    family: "gpt-codex",
+    release_date: "2026-03-10"
+  },
+  "gpt-5.2": {
+    name: "GPT 5.2 (WebSocket)",
+    reasoning: true,
+    temperature: true,
+    limit: { context: 272000, output: 128000 },
+    variants: makeVariants(["none", "low", "medium", "high"]),
+    release_date: "2025-12-10"
+  },
+  "gpt-5.2-codex": {
+    name: "GPT 5.2 Codex (WebSocket)",
+    reasoning: true,
+    temperature: false,
+    limit: { context: 272000, output: 128000 },
+    variants: makeVariants(["low", "medium", "high"]),
+    family: "gpt-codex",
+    release_date: "2025-12-15"
+  },
+  "gpt-5.1-codex": {
+    name: "GPT 5.1 Codex (WebSocket)",
+    reasoning: true,
+    temperature: false,
+    limit: { context: 272000, output: 128000 },
+    variants: makeVariants(["low", "medium", "high"]),
+    family: "gpt-codex",
+    release_date: "2025-10-01"
+  }
+};
+
+// src/models/resolve.ts
+function modelToOpenCodeConfig(model) {
+  return {
+    name: model.name,
+    ...model.family ? { family: model.family } : {},
+    ...model.release_date ? { release_date: model.release_date } : {},
+    attachment: true,
+    reasoning: model.reasoning,
+    temperature: model.temperature,
+    tool_call: true,
+    limit: model.limit,
+    modalities: {
+      input: ["text", "image"],
+      output: ["text"]
+    },
+    cost: { input: 0, output: 0, cache_read: 0, cache_write: 0 },
+    options: {},
+    provider: { npm: "@ai-sdk/openai", api: OPENAI_API_BASE },
+    variants: model.variants
+  };
+}
+function providerConfigModels(overrides = {}) {
+  const models = {};
+  for (const [id, model] of Object.entries(OPENAI_WS_MODELS)) {
+    models[id] = {
+      ...modelToOpenCodeConfig(model),
+      ...overrides[id] ?? {}
+    };
+  }
+  for (const [id, override] of Object.entries(overrides)) {
+    if (models[id])
+      continue;
+    models[id] = override;
+  }
+  return models;
+}
+function providerConfig(overrides = {}) {
+  return {
+    api: OPENAI_API_BASE,
+    name: "OpenAI WebSocket",
+    npm: "@ai-sdk/openai",
+    models: providerConfigModels(overrides)
+  };
+}
+
+// bin/setup.ts
+var DEFAULT_PLUGIN_SPEC = "openai-ws-opencode@latest";
+var PACKAGE_NAME = "openai-ws-opencode";
+var SCHEMA = "https://opencode.ai/config.json";
+function globalConfigPath() {
+  const configHome = process.env.XDG_CONFIG_HOME ?? path.join(os.homedir(), ".config");
+  return path.join(configHome, "opencode", "opencode.json");
+}
+function projectConfigPath(cwd) {
+  return path.join(cwd, "opencode.json");
+}
+function targetPath(options) {
+  if (options.configPath)
+    return path.resolve(options.configPath);
+  if (options.mode === "project")
+    return projectConfigPath(options.cwd ?? process.cwd());
+  return globalConfigPath();
+}
+function applyJsonPatch(text, jsonPath, value) {
+  return applyEdits(text, modify(text, jsonPath, value, {
+    formattingOptions: { insertSpaces: true, tabSize: 2, eol: `
+` }
+  }));
+}
+function pluginPackageName(specifier) {
+  if (specifier.startsWith("file://"))
+    return path.basename(new URL(specifier).pathname).replace(/\.[cm]?[jt]s$/, "");
+  const lastAt = specifier.lastIndexOf("@");
+  return lastAt > 0 ? specifier.slice(0, lastAt) : specifier;
+}
+function patchConfigText(input, pluginSpec = DEFAULT_PLUGIN_SPEC) {
+  let text = input.trim() ? input : "{}";
+  const config = parse(text) ?? {};
+  if (!config.$schema)
+    text = applyJsonPatch(text, ["$schema"], SCHEMA);
+  const current = (parse(text) ?? {}).plugin;
+  const plugins = Array.isArray(current) ? [...current] : [];
+  if (!plugins.some((plugin) => typeof plugin === "string" && pluginPackageName(plugin) === PACKAGE_NAME)) {
+    plugins.push(pluginSpec);
+  }
+  text = applyJsonPatch(text, ["plugin"], plugins);
+  const next = parse(text) ?? {};
+  const existingModels = next.provider?.["openai-ws"]?.models ?? {};
+  text = applyJsonPatch(text, ["provider", "openai-ws"], providerConfig(existingModels));
+  return applyEdits(text, format(text, undefined, {
+    insertSpaces: true,
+    tabSize: 2,
+    eol: `
+`
+  }));
+}
+async function setupOpenCodeConfig(options = {}) {
+  const file = targetPath(options);
+  let existing = "";
+  try {
+    existing = await fs.readFile(file, "utf8");
+  } catch (error) {
+    if (error?.code !== "ENOENT")
+      throw error;
+  }
+  const updated = patchConfigText(existing, options.pluginSpec ?? DEFAULT_PLUGIN_SPEC);
+  await fs.mkdir(path.dirname(file), { recursive: true });
+  await fs.writeFile(file, updated.endsWith(`
+`) ? updated : `${updated}
+`, "utf8");
+  return file;
+}
+function parseArgs(argv) {
+  const options = { mode: "global" };
+  for (let index = 0;index < argv.length; index++) {
+    const arg = argv[index];
+    if (arg === "--project")
+      options.mode = "project";
+    else if (arg === "--global")
+      options.mode = "global";
+    else if (arg === "--path")
+      options.configPath = argv[++index];
+    else if (arg === "--plugin")
+      options.pluginSpec = argv[++index];
+    else if (arg === "--help" || arg === "-h") {
+      console.log("Usage: openai-ws-opencode setup [--global|--project] [--path <opencode.json>] [--plugin <specifier>]");
+      process.exit(0);
+    }
+  }
+  return options;
+}
+if (import.meta.url === `file://${process.argv[1]}`) {
+  setupOpenCodeConfig(parseArgs(process.argv.slice(2))).then((file) => {
+    console.log(`Updated OpenCode config: ${file}`);
+  }).catch((error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  });
+}
+export {
+  setupOpenCodeConfig,
+  patchConfigText
+};

package/dist/auth/oauth.d.ts

@@ -0,0 +1,55 @@
+import { type IncomingMessage, type ServerResponse } from "node:http";
+declare function handleCallback(req: IncomingMessage, res: ServerResponse): Promise<void>;
+export declare function stopOAuthServer(): void;
+export declare function createBrowserAuthorization(): Promise<{
+    url: string;
+    instructions: string;
+    method: "auto";
+    callback(): Promise<{
+        type: "success";
+        refresh: string;
+        access: string;
+        expires: number;
+        accountId: string | undefined;
+    } | {
+        type: "failed";
+        refresh?: undefined;
+        access?: undefined;
+        expires?: undefined;
+        accountId?: undefined;
+    }>;
+}>;
+export declare function createDeviceAuthorization(): Promise<{
+    url: string;
+    instructions: string;
+    method: "auto";
+    callback(): Promise<{
+        type: "failed";
+        refresh?: undefined;
+        access?: undefined;
+        expires?: undefined;
+        accountId?: undefined;
+    } | {
+        type: "success";
+        refresh: string;
+        access: string;
+        expires: number;
+        accountId: string | undefined;
+    }>;
+}>;
+export declare const oauthMethods: ({
+    label: string;
+    type: "oauth";
+    authorize: typeof createBrowserAuthorization;
+} | {
+    label: string;
+    type: "api";
+    authorize?: undefined;
+})[];
+export declare const oauthTesting: {
+    handleCallback: typeof handleCallback;
+    getPendingState: () => string | undefined;
+    reset: typeof stopOAuthServer;
+};
+export {};
+//# sourceMappingURL=oauth.d.ts.map

package/dist/auth/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAa,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,WAAW,CAAA;AAkE3E,iBAAe,cAAc,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,iBAwCtE;AAeD,wBAAgB,eAAe,SAQ9B;AAED,wBAAsB,0BAA0B;;;;;;;;;;;;;;;;;GAmC/C;AAED,wBAAsB,yBAAyB;;;;;;;;;;;;;;;;;GA+C9C;AAED,eAAO,MAAM,YAAY;;;;;;;;IAexB,CAAA;AAED,eAAO,MAAM,YAAY;;;;CAIxB,CAAA"}

package/dist/auth/oauth.js

@@ -0,0 +1,205 @@
+import http from "node:http";
+import crypto from "node:crypto";
+import { CLIENT_ID, CODEX_ORIGINATOR, ISSUER, OAUTH_PORT } from "../constants.js";
+import { exchangeCodeForTokens, extractAccountId, tokenExpiry } from "./tokens.js";
+let oauthServer;
+let pendingOAuth;
+const HTML_OK = "<!doctype html><html><body><h1>Authorization successful</h1><p>Return to OpenCode.</p></body></html>";
+const HTML_ERROR = "<!doctype html><html><body><h1>Authorization failed</h1></body></html>";
+function base64Url(buffer) {
+    return Buffer.isBuffer(buffer) ? buffer.toString("base64url") : Buffer.from(new Uint8Array(buffer)).toString("base64url");
+}
+function randomString(length) {
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+    const bytes = crypto.randomBytes(length);
+    return Array.from(bytes, (byte) => chars[byte % chars.length]).join("");
+}
+async function generatePKCE() {
+    const verifier = randomString(43);
+    const challenge = base64Url(await crypto.webcrypto.subtle.digest("SHA-256", new TextEncoder().encode(verifier)));
+    return { verifier, challenge };
+}
+function generateState() {
+    return base64Url(crypto.randomBytes(32));
+}
+function buildAuthorizeUrl(redirectUri, pkce, state) {
+    const params = new URLSearchParams({
+        response_type: "code",
+        client_id: CLIENT_ID,
+        redirect_uri: redirectUri,
+        scope: "openid profile email offline_access",
+        code_challenge: pkce.challenge,
+        code_challenge_method: "S256",
+        id_token_add_organizations: "true",
+        codex_cli_simplified_flow: "true",
+        state,
+        originator: CODEX_ORIGINATOR,
+    });
+    return `${ISSUER}/oauth/authorize?${params.toString()}`;
+}
+function reply(res, status, body) {
+    res.writeHead(status, { "Content-Type": "text/html" });
+    res.end(body);
+}
+async function handleCallback(req, res) {
+    const url = new URL(req.url ?? "/", `http://localhost:${OAUTH_PORT}`);
+    if (url.pathname !== "/auth/callback") {
+        reply(res, 404, "Not found");
+        return;
+    }
+    const current = pendingOAuth;
+    if (!current) {
+        reply(res, 400, HTML_ERROR);
+        return;
+    }
+    const state = url.searchParams.get("state");
+    if (!state || state !== current.state) {
+        pendingOAuth = undefined;
+        clearTimeout(current.timeout);
+        current.reject(new Error("OAuth state mismatch"));
+        reply(res, 400, HTML_ERROR);
+        return;
+    }
+    const error = url.searchParams.get("error");
+    const code = url.searchParams.get("code");
+    pendingOAuth = undefined;
+    clearTimeout(current.timeout);
+    if (error || !code) {
+        current.reject(new Error(error || "Missing OAuth code"));
+        reply(res, 400, HTML_ERROR);
+        return;
+    }
+    try {
+        current.resolve(await exchangeCodeForTokens(code, current.redirectUri, current.pkce.verifier));
+        reply(res, 200, HTML_OK);
+    }
+    catch (cause) {
+        current.reject(cause instanceof Error ? cause : new Error("OAuth token exchange failed"));
+        reply(res, 400, HTML_ERROR);
+    }
+}
+async function startOAuthServer() {
+    if (!oauthServer) {
+        oauthServer = http.createServer((req, res) => {
+            void handleCallback(req, res);
+        });
+        await new Promise((resolve, reject) => {
+            oauthServer?.once("error", reject);
+            oauthServer?.listen(OAUTH_PORT, "127.0.0.1", () => resolve());
+        });
+    }
+    return `http://localhost:${OAUTH_PORT}/auth/callback`;
+}
+export function stopOAuthServer() {
+    oauthServer?.close();
+    oauthServer = undefined;
+    if (pendingOAuth) {
+        clearTimeout(pendingOAuth.timeout);
+        pendingOAuth.reject(new Error("OAuth server stopped"));
+        pendingOAuth = undefined;
+    }
+}
+export async function createBrowserAuthorization() {
+    const redirectUri = await startOAuthServer();
+    const pkce = await generatePKCE();
+    const state = generateState();
+    const callbackPromise = new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => {
+            pendingOAuth = undefined;
+            reject(new Error("OAuth callback timeout"));
+        }, 5 * 60 * 1000);
+        if (typeof timeout === "object" && "unref" in timeout)
+            timeout.unref();
+        pendingOAuth = { pkce, state, redirectUri, resolve, reject, timeout };
+    });
+    return {
+        url: buildAuthorizeUrl(redirectUri, pkce, state),
+        instructions: "Complete authorization in your browser. This window will close automatically.",
+        method: "auto",
+        async callback() {
+            try {
+                const tokens = await callbackPromise;
+                if (!tokens.refresh_token)
+                    throw new Error("OAuth refresh token missing");
+                stopOAuthServer();
+                return {
+                    type: "success",
+                    refresh: tokens.refresh_token,
+                    access: tokens.access_token,
+                    expires: tokenExpiry(tokens.expires_in),
+                    accountId: extractAccountId(tokens),
+                };
+            }
+            catch {
+                stopOAuthServer();
+                return { type: "failed" };
+            }
+        },
+    };
+}
+export async function createDeviceAuthorization() {
+    const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", "User-Agent": "openai-ws-opencode/0.1.0" },
+        body: JSON.stringify({ client_id: CLIENT_ID }),
+    });
+    if (!deviceResponse.ok)
+        throw new Error("Failed to initiate device authorization");
+    const deviceData = (await deviceResponse.json());
+    const intervalMs = Math.max(Number.parseInt(deviceData.interval ?? "5", 10) || 5, 1) * 1000;
+    return {
+        url: `${ISSUER}/codex/device`,
+        instructions: `Enter code: ${deviceData.user_code}`,
+        method: "auto",
+        async callback() {
+            for (;;) {
+                const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
+                    method: "POST",
+                    headers: { "Content-Type": "application/json", "User-Agent": "openai-ws-opencode/0.1.0" },
+                    body: JSON.stringify({
+                        device_auth_id: deviceData.device_auth_id,
+                        user_code: deviceData.user_code,
+                    }),
+                });
+                if (response.ok) {
+                    const data = (await response.json());
+                    const tokens = await exchangeCodeForTokens(data.authorization_code, `${ISSUER}/deviceauth/callback`, data.code_verifier);
+                    if (!tokens.refresh_token)
+                        return { type: "failed" };
+                    return {
+                        type: "success",
+                        refresh: tokens.refresh_token,
+                        access: tokens.access_token,
+                        expires: tokenExpiry(tokens.expires_in),
+                        accountId: extractAccountId(tokens),
+                    };
+                }
+                if (response.status !== 403 && response.status !== 404)
+                    return { type: "failed" };
+                await new Promise((resolve) => setTimeout(resolve, intervalMs + 3000));
+            }
+        },
+    };
+}
+export const oauthMethods = [
+    {
+        label: "OpenAI (WebSocket) - ChatGPT Pro/Plus (browser)",
+        type: "oauth",
+        authorize: createBrowserAuthorization,
+    },
+    {
+        label: "OpenAI (WebSocket) - ChatGPT Pro/Plus (headless)",
+        type: "oauth",
+        authorize: createDeviceAuthorization,
+    },
+    {
+        label: "OpenAI (WebSocket) - API Key",
+        type: "api",
+    },
+];
+export const oauthTesting = {
+    handleCallback,
+    getPendingState: () => pendingOAuth?.state,
+    reset: stopOAuthServer,
+};
+//# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,IAAmD,MAAM,WAAW,CAAA;AAC3E,OAAO,MAAM,MAAM,aAAa,CAAA;AAChC,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACjF,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,WAAW,EAAsB,MAAM,aAAa,CAAA;AAgBtG,IAAI,WAAoC,CAAA;AACxC,IAAI,YAAsC,CAAA;AAE1C,MAAM,OAAO,GAAG,sGAAsG,CAAA;AACtH,MAAM,UAAU,GAAG,wEAAwE,CAAA;AAE3F,SAAS,SAAS,CAAC,MAA4B;IAC7C,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;AAC3H,CAAC;AAED,SAAS,YAAY,CAAC,MAAc;IAClC,MAAM,KAAK,GAAG,oEAAoE,CAAA;IAClF,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;IACxC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;IAChH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAA;AAChC,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;AAC1C,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAmB,EAAE,IAAe,EAAE,KAAa;IAC5E,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,aAAa,EAAE,MAAM;QACrB,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,WAAW;QACzB,KAAK,EAAE,qCAAqC;QAC5C,cAAc,EAAE,IAAI,CAAC,SAAS;QAC9B,qBAAqB,EAAE,MAAM;QAC7B,0BAA0B,EAAE,MAAM;QAClC,yBAAyB,EAAE,MAAM;QACjC,KAAK;QACL,UAAU,EAAE,gBAAgB;KAC7B,CAAC,CAAA;IACF,OAAO,GAAG,MAAM,oBAAoB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAA;AACzD,CAAC;AAED,SAAS,KAAK,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAY;IAC9D,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAA;IACtD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;AACf,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,GAAoB,EAAE,GAAmB;IACrE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,UAAU,EAAE,CAAC,CAAA;IACrE,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;QACtC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QAC5B,OAAM;IACR,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAA;IAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;QAC3B,OAAM;IACR,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAC3C,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;QACtC,YAAY,GAAG,SAAS,CAAA;QACxB,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;QAC7B,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAA;QACjD,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;QAC3B,OAAM;IACR,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IACzC,YAAY,GAAG,SAAS,CAAA;IACxB,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAE7B,IAAI,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,CAAA;QACxD,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;QAC3B,OAAM;IACR,CAAC;IAED,IAAI,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,MAAM,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC9F,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC1B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAA;QACzF,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;IAC7B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC3C,KAAK,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC/B,CAAC,CAAC,CAAA;QACF,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;YAClC,WAAW,EAAE,MAAM,CAAC,UAAU,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAA;QAC/D,CAAC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,oBAAoB,UAAU,gBAAgB,CAAA;AACvD,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,WAAW,EAAE,KAAK,EAAE,CAAA;IACpB,WAAW,GAAG,SAAS,CAAA;IACvB,IAAI,YAAY,EAAE,CAAC;QACjB,YAAY,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;QAClC,YAAY,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAA;QACtD,YAAY,GAAG,SAAS,CAAA;IAC1B,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,MAAM,WAAW,GAAG,MAAM,gBAAgB,EAAE,CAAA;IAC5C,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAA;IAC7B,MAAM,eAAe,GAAG,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrE,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,YAAY,GAAG,SAAS,CAAA;YACxB,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAA;QAC7C,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QACjB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,IAAI,OAAO;YAAE,OAAO,CAAC,KAAK,EAAE,CAAA;QACtE,YAAY,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA;IACvE,CAAC,CAAC,CAAA;IAEF,OAAO;QACL,GAAG,EAAE,iBAAiB,CAAC,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC;QAChD,YAAY,EAAE,+EAA+E;QAC7F,MAAM,EAAE,MAAe;QACvB,KAAK,CAAC,QAAQ;YACZ,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAA;gBACpC,IAAI,CAAC,MAAM,CAAC,aAAa;oBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;gBACzE,eAAe,EAAE,CAAA;gBACjB,OAAO;oBACL,IAAI,EAAE,SAAkB;oBACxB,OAAO,EAAE,MAAM,CAAC,aAAa;oBAC7B,MAAM,EAAE,MAAM,CAAC,YAAY;oBAC3B,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC;oBACvC,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;iBACpC,CAAA;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe,EAAE,CAAA;gBACjB,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAA;YACpC,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,mCAAmC,EAAE;QAC/E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,YAAY,EAAE,0BAA0B,EAAE;QACzF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;KAC/C,CAAC,CAAA;IACF,IAAI,CAAC,cAAc,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAClF,MAAM,UAAU,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAI9C,CAAA;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,IAAI,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAA;IAE3F,OAAO;QACL,GAAG,EAAE,GAAG,MAAM,eAAe;QAC7B,YAAY,EAAE,eAAe,UAAU,CAAC,SAAS,EAAE;QACnD,MAAM,EAAE,MAAe;QACvB,KAAK,CAAC,QAAQ;YACZ,SAAS,CAAC;gBACR,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,gCAAgC,EAAE;oBACtE,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,YAAY,EAAE,0BAA0B,EAAE;oBACzF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,cAAc,EAAE,UAAU,CAAC,cAAc;wBACzC,SAAS,EAAE,UAAU,CAAC,SAAS;qBAChC,CAAC;iBACH,CAAC,CAAA;gBAEF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;oBAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA0D,CAAA;oBAC7F,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,EAAE,GAAG,MAAM,sBAAsB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;oBACxH,IAAI,CAAC,MAAM,CAAC,aAAa;wBAAE,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAA;oBAC7D,OAAO;wBACL,IAAI,EAAE,SAAkB;wBACxB,OAAO,EAAE,MAAM,CAAC,aAAa;wBAC7B,MAAM,EAAE,MAAM,CAAC,YAAY;wBAC3B,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC;wBACvC,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;qBACpC,CAAA;gBACH,CAAC;gBAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;oBAAE,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAA;gBAC1F,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B;QACE,KAAK,EAAE,iDAAiD;QACxD,IAAI,EAAE,OAAgB;QACtB,SAAS,EAAE,0BAA0B;KACtC;IACD;QACE,KAAK,EAAE,kDAAkD;QACzD,IAAI,EAAE,OAAgB;QACtB,SAAS,EAAE,yBAAyB;KACrC;IACD;QACE,KAAK,EAAE,8BAA8B;QACrC,IAAI,EAAE,KAAc;KACrB;CACF,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,cAAc;IACd,eAAe,EAAE,GAAG,EAAE,CAAC,YAAY,EAAE,KAAK;IAC1C,KAAK,EAAE,eAAe;CACvB,CAAA"}