opencode-account-manager 0.4.1

package/src/core/crypto.ts

@@ -0,0 +1,162 @@
+import * as crypto from "crypto";
+
+// ============================================================================
+// Constants
+// ============================================================================
+
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32; // 256 bits
+const SALT_LENGTH = 32; // 256 bits
+const IV_LENGTH = 12; // 96 bits (recommended for GCM)
+const AUTH_TAG_LENGTH = 16; // 128 bits
+
+// scrypt parameters (N=16384, r=8, p=1)
+const SCRYPT_N = 16384;
+const SCRYPT_R = 8;
+const SCRYPT_P = 1;
+
+// ============================================================================
+// Types
+// ============================================================================
+
+export interface EncryptedData {
+  salt: string; // hex
+  iv: string; // hex
+  authTag: string; // hex
+  data: string; // hex (encrypted content)
+}
+
+// ============================================================================
+// Helper Functions
+// ============================================================================
+
+/**
+ * Generate random bytes and return as hex string
+ */
+function randomHex(length: number): string {
+  return crypto.randomBytes(length).toString("hex");
+}
+
+/**
+ * Derive encryption key from password using scrypt
+ */
+function deriveKey(password: string, salt: Buffer): Buffer {
+  return crypto.scryptSync(password, salt, KEY_LENGTH, {
+    N: SCRYPT_N,
+    r: SCRYPT_R,
+    p: SCRYPT_P,
+  });
+}
+
+// ============================================================================
+// Public Functions
+// ============================================================================
+
+/**
+ * Generate a random salt for encryption
+ */
+export function generateSalt(): string {
+  return randomHex(SALT_LENGTH);
+}
+
+/**
+ * Generate a random IV for encryption
+ */
+export function generateIV(): string {
+  return randomHex(IV_LENGTH);
+}
+
+/**
+ * Encrypt data object with password using AES-256-GCM
+ * 
+ * @param data - Object to encrypt (will be JSON stringified)
+ * @param password - Password for encryption
+ * @returns Encrypted data with salt, iv, authTag, and encrypted content
+ */
+export function encrypt(data: object, password: string): EncryptedData {
+  // Generate random salt and IV
+  const salt = Buffer.from(generateSalt(), "hex");
+  const iv = Buffer.from(generateIV(), "hex");
+
+  // Derive key from password
+  const key = deriveKey(password, salt);
+
+  // Create cipher
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+
+  // Encrypt data
+  const plaintext = JSON.stringify(data);
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf8"),
+    cipher.final(),
+  ]);
+
+  // Get auth tag
+  const authTag = cipher.getAuthTag();
+
+  return {
+    salt: salt.toString("hex"),
+    iv: iv.toString("hex"),
+    authTag: authTag.toString("hex"),
+    data: encrypted.toString("hex"),
+  };
+}
+
+/**
+ * Decrypt data with password using AES-256-GCM
+ * 
+ * @param encrypted - Encrypted data object
+ * @param password - Password for decryption
+ * @returns Decrypted object
+ * @throws Error if password is wrong or data is corrupted
+ */
+export function decrypt<T = unknown>(encrypted: EncryptedData, password: string): T {
+  // Convert hex strings to buffers
+  const salt = Buffer.from(encrypted.salt, "hex");
+  const iv = Buffer.from(encrypted.iv, "hex");
+  const authTag = Buffer.from(encrypted.authTag, "hex");
+  const data = Buffer.from(encrypted.data, "hex");
+
+  // Derive key from password
+  const key = deriveKey(password, salt);
+
+  // Create decipher
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH,
+  });
+
+  // Set auth tag for verification
+  decipher.setAuthTag(authTag);
+
+  try {
+    // Decrypt data
+    const decrypted = Buffer.concat([
+      decipher.update(data),
+      decipher.final(),
+    ]);
+
+    // Parse JSON
+    return JSON.parse(decrypted.toString("utf8")) as T;
+  } catch (error) {
+    // Auth tag verification failed or JSON parse failed
+    throw new Error("Invalid password or corrupted file");
+  }
+}
+
+/**
+ * Verify if a password can decrypt the data
+ * 
+ * @param encrypted - Encrypted data object
+ * @param password - Password to verify
+ * @returns true if password is correct
+ */
+export function verifyPassword(encrypted: EncryptedData, password: string): boolean {
+  try {
+    decrypt(encrypted, password);
+    return true;
+  } catch {
+    return false;
+  }
+}

package/src/core/importers/amJson.ts

@@ -0,0 +1,185 @@
+/**
+ * Import accounts from Antigravity Manager JSON files
+ * 
+ * AM Structure:
+ * ~/.antigravity_tools/
+ *   accounts.json          - index file with account list
+ *   accounts/<id>.json     - detail files with tokens
+ */
+
+import fs from "fs";
+import path from "path";
+import { Account } from "../types";
+import { getAmFolderPath } from "../paths";
+
+interface AMIndexEntry {
+  id: string;
+  email: string;
+  name: string;
+  disabled: boolean;
+  proxy_disabled: boolean;
+  created_at?: number;
+  last_used?: number;
+}
+
+interface AMAccountsIndex {
+  version: string;
+  accounts: AMIndexEntry[];
+  current_account_id?: string;
+}
+
+interface AMToken {
+  access_token?: string;
+  refresh_token: string;
+  expires_in?: number;
+  expiry_timestamp?: number;
+  token_type?: string;
+  email?: string;
+  project_id?: string;
+}
+
+interface AMAccountDetail {
+  id: string;
+  email: string;
+  name: string;
+  token: AMToken;
+  device_profile?: Record<string, unknown>;
+  disabled?: boolean;
+  proxy_disabled?: boolean;
+  created_at?: number;
+  last_used?: number;
+}
+
+function generateFingerprint() {
+  const randomHex = (len: number) => {
+    let result = "";
+    for (let i = 0; i < len; i++) {
+      result += Math.floor(Math.random() * 16).toString(16);
+    }
+    return result;
+  };
+
+  const platforms = ["win32/x64", "win32/arm64", "darwin/x64", "darwin/arm64"];
+  const ides = ["ANDROID_STUDIO", "INTELLIJ", "IDE_UNSPECIFIED"];
+  const clients = [
+    "google-cloud-sdk android-studio/2024.1",
+    "google-cloud-sdk intellij/2024.1",
+    "google-cloud-sdk vscode/1.87.0",
+  ];
+
+  const platform = platforms[Math.floor(Math.random() * platforms.length)];
+
+  return {
+    deviceId: crypto.randomUUID(),
+    sessionToken: randomHex(32),
+    userAgent: `antigravity/1.15.8 ${platform}`,
+    apiClient: clients[Math.floor(Math.random() * clients.length)],
+    clientMetadata: {
+      ideType: ides[Math.floor(Math.random() * ides.length)],
+      platform: platform.startsWith("darwin") ? "MACOS" : "WINDOWS",
+      pluginType: "GEMINI",
+      osVersion: platform.startsWith("darwin") ? "14.2.1" : "10.0.19042",
+      arch: platform.split("/")[1],
+      sqmId: `{${crypto.randomUUID().toUpperCase()}}`,
+    },
+    quotaUser: `device-${randomHex(16)}`,
+    createdAt: Date.now(),
+  };
+}
+
+export interface ImportFromAmResult {
+  accounts: Account[];
+  skipped: string[];
+  errors: string[];
+}
+
+export function importFromAmFolder(amPath?: string): ImportFromAmResult {
+  const folderPath = amPath || getAmFolderPath();
+  const result: ImportFromAmResult = {
+    accounts: [],
+    skipped: [],
+    errors: [],
+  };
+
+  // Check if folder exists
+  if (!fs.existsSync(folderPath)) {
+    result.errors.push(`AM folder not found: ${folderPath}`);
+    return result;
+  }
+
+  // Read index file
+  const indexPath = path.join(folderPath, "accounts.json");
+  if (!fs.existsSync(indexPath)) {
+    result.errors.push(`AM accounts.json not found: ${indexPath}`);
+    return result;
+  }
+
+  let index: AMAccountsIndex;
+  try {
+    const content = fs.readFileSync(indexPath, "utf-8");
+    index = JSON.parse(content) as AMAccountsIndex;
+  } catch (err) {
+    result.errors.push(`Failed to parse accounts.json: ${err}`);
+    return result;
+  }
+
+  // Process each account
+  const accountsDir = path.join(folderPath, "accounts");
+  
+  for (const entry of index.accounts) {
+    // Skip disabled accounts
+    if (entry.disabled || entry.proxy_disabled) {
+      result.skipped.push(`${entry.email} (disabled)`);
+      continue;
+    }
+
+    // Read detail file
+    const detailPath = path.join(accountsDir, `${entry.id}.json`);
+    if (!fs.existsSync(detailPath)) {
+      result.skipped.push(`${entry.email} (no detail file)`);
+      continue;
+    }
+
+    let detail: AMAccountDetail;
+    try {
+      const content = fs.readFileSync(detailPath, "utf-8");
+      detail = JSON.parse(content) as AMAccountDetail;
+    } catch (err) {
+      result.skipped.push(`${entry.email} (parse error)`);
+      continue;
+    }
+
+    // Check if has refresh token
+    if (!detail.token?.refresh_token) {
+      result.skipped.push(`${entry.email} (no refresh token)`);
+      continue;
+    }
+
+    // Check proxy_disabled in detail file (AM GUI only updates detail file!)
+    if (detail.proxy_disabled) {
+      result.skipped.push(`${entry.email} (proxy disabled)`);
+      continue;
+    }
+
+    // Convert to Plugin account format
+    const account: Account = {
+      email: detail.email,
+      refreshToken: detail.token.refresh_token,
+      projectId: detail.token.project_id,
+      managedProjectId: detail.token.project_id,
+      addedAt: Date.now(),
+      lastUsed: Date.now(),
+      fingerprint: generateFingerprint(),
+    };
+
+    result.accounts.push(account);
+  }
+
+  return result;
+}
+
+export function isAmFolder(folderPath: string): boolean {
+  const indexPath = path.join(folderPath, "accounts.json");
+  const accountsDir = path.join(folderPath, "accounts");
+  return fs.existsSync(indexPath) && fs.existsSync(accountsDir);
+}

package/src/core/opencode-config.ts

@@ -0,0 +1,217 @@
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+
+// ============================================================================
+// Types for opencode.json structure
+// ============================================================================
+
+export interface ModelLimit {
+  context: number;
+  output: number;
+}
+
+export interface ModelModalities {
+  input: string[];
+  output: string[];
+}
+
+export interface ModelVariant {
+  thinkingLevel?: string;
+  thinkingConfig?: {
+    thinkingBudget?: number;
+  };
+}
+
+export interface ModelConfig {
+  name: string;
+  limit?: ModelLimit;
+  modalities?: ModelModalities;
+  variants?: Record<string, ModelVariant>;
+}
+
+export interface ProviderConfig {
+  npm?: string;
+  name?: string;
+  options?: {
+    baseURL?: string;
+    apiKey?: string;
+  };
+  models: Record<string, ModelConfig>;
+}
+
+export interface McpServerConfig {
+  type: "local" | "remote";
+  command?: string[];
+  url?: string;
+  environment?: Record<string, string>;
+  enabled?: boolean;
+}
+
+export interface OpencodeConfig {
+  $schema?: string;
+  plugin?: string[];
+  mcp?: Record<string, McpServerConfig>;
+  provider?: Record<string, ProviderConfig>;
+}
+
+// ============================================================================
+// Parsed/Display structures
+// ============================================================================
+
+export interface ProviderInfo {
+  id: string;
+  name: string;
+  modelCount: number;
+  models: string[];
+  type: "builtin" | "custom";
+  baseURL?: string;
+}
+
+export interface McpServerInfo {
+  id: string;
+  command: string;
+  enabled: boolean;
+  hasEnvVars: boolean;
+  envVarCount: number;
+}
+
+export interface PluginInfo {
+  name: string;
+  version?: string;
+}
+
+export interface OpencodeInfo {
+  configPath: string;
+  exists: boolean;
+  providers: ProviderInfo[];
+  mcpServers: McpServerInfo[];
+  plugins: PluginInfo[];
+  totalModels: number;
+}
+
+// ============================================================================
+// Functions
+// ============================================================================
+
+/**
+ * Get the path to opencode.json
+ */
+export function getOpencodeConfigPath(): string {
+  const home = os.homedir();
+  // Check .config/opencode first (Unix-style)
+  const unixPath = path.join(home, ".config", "opencode", "opencode.json");
+  if (fs.existsSync(unixPath)) {
+    return unixPath;
+  }
+  // Fallback to AppData on Windows
+  const appData = process.env.APPDATA || path.join(home, "AppData", "Roaming");
+  return path.join(appData, "opencode", "opencode.json");
+}
+
+/**
+ * Read and parse opencode.json
+ */
+export function readOpencodeConfig(configPath?: string): OpencodeConfig | null {
+  const resolvedPath = configPath || getOpencodeConfigPath();
+  
+  if (!fs.existsSync(resolvedPath)) {
+    return null;
+  }
+
+  try {
+    const content = fs.readFileSync(resolvedPath, "utf-8");
+    return JSON.parse(content) as OpencodeConfig;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Parse opencode.json into display-friendly info
+ */
+export function parseOpencodeInfo(configPath?: string): OpencodeInfo {
+  const resolvedPath = configPath || getOpencodeConfigPath();
+  const config = readOpencodeConfig(resolvedPath);
+
+  const info: OpencodeInfo = {
+    configPath: resolvedPath,
+    exists: config !== null,
+    providers: [],
+    mcpServers: [],
+    plugins: [],
+    totalModels: 0,
+  };
+
+  if (!config) {
+    return info;
+  }
+
+  // Parse plugins
+  if (config.plugin) {
+    info.plugins = config.plugin.map((p) => {
+      const match = p.match(/^(.+?)(@(.+))?$/);
+      return {
+        name: match?.[1] || p,
+        version: match?.[3],
+      };
+    });
+  }
+
+  // Parse MCP servers
+  if (config.mcp) {
+    info.mcpServers = Object.entries(config.mcp).map(([id, server]) => {
+      const cmd = server.command?.join(" ") || server.url || "N/A";
+      return {
+        id,
+        command: cmd,
+        enabled: server.enabled !== false,
+        hasEnvVars: !!server.environment,
+        envVarCount: server.environment ? Object.keys(server.environment).length : 0,
+      };
+    });
+  }
+
+  // Parse providers
+  if (config.provider) {
+    info.providers = Object.entries(config.provider).map(([id, provider]) => {
+      const modelIds = Object.keys(provider.models);
+      const isBuiltin = id === "google" && !provider.npm;
+      
+      return {
+        id,
+        name: provider.name || id,
+        modelCount: modelIds.length,
+        models: modelIds,
+        type: isBuiltin ? "builtin" : "custom",
+        baseURL: provider.options?.baseURL,
+      };
+    });
+
+    info.totalModels = info.providers.reduce((sum, p) => sum + p.modelCount, 0);
+  }
+
+  return info;
+}
+
+/**
+ * Get summary stats
+ */
+export function getConfigSummary(info: OpencodeInfo): {
+  providers: number;
+  models: number;
+  mcpEnabled: number;
+  mcpDisabled: number;
+  plugins: number;
+} {
+  const mcpEnabled = info.mcpServers.filter((m) => m.enabled).length;
+  const mcpDisabled = info.mcpServers.length - mcpEnabled;
+
+  return {
+    providers: info.providers.length,
+    models: info.totalModels,
+    mcpEnabled,
+    mcpDisabled,
+    plugins: info.plugins.length,
+  };
+}

package/src/core/paths.ts

@@ -0,0 +1,32 @@
+import os from "os";
+import path from "path";
+
+export function getConfigRoot(): string {
+  if (process.env.APPDATA) {
+    return process.env.APPDATA;
+  }
+  if (process.platform === "darwin") {
+    return path.join(os.homedir(), "Library", "Application Support");
+  }
+  return process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
+}
+
+// Plugin ALWAYS uses ~/.config/opencode on ALL platforms (including Windows)
+export function getPluginAccountsPath(customPath?: string): string {
+  if (customPath && customPath.trim().length > 0) {
+    return path.resolve(customPath);
+  }
+  return path.join(os.homedir(), ".config", "opencode", "antigravity-accounts.json");
+}
+
+// AM uses ~/.antigravity_tools on ALL platforms
+export function getAmFolderPath(): string {
+  return path.join(os.homedir(), ".antigravity_tools");
+}
+
+export function getAmDbPath(customPath?: string): string {
+  if (customPath && customPath.trim().length > 0) {
+    return path.resolve(customPath);
+  }
+  return path.join(getConfigRoot(), "antigravity-manager", "accounts.db");
+}

package/src/core/types.ts

@@ -0,0 +1,118 @@
+export type RateLimitResetTimes = Record<string, number>;
+
+export interface AccountFingerprint {
+  deviceId?: string;
+  sessionToken?: string;
+  userAgent?: string;
+  apiClient?: string;
+  clientMetadata?: Record<string, unknown>;
+  quotaUser?: string;
+  createdAt?: number;
+}
+
+export interface FingerprintHistoryEntry {
+  fingerprint: AccountFingerprint;
+  timestamp: number;
+  reason?: string;
+}
+
+export interface Account {
+  email: string;
+  refreshToken?: string;
+  projectId?: string;
+  managedProjectId?: string;
+  addedAt?: number;
+  lastUsed?: number;
+  rateLimitResetTimes?: RateLimitResetTimes;
+  fingerprint?: AccountFingerprint;
+  fingerprintHistory?: FingerprintHistoryEntry[];
+  enabled?: boolean;
+}
+
+export interface PluginAccountsFile {
+  version: number;
+  accounts: Account[];
+  activeIndex?: number;
+  activeIndexByFamily?: Record<string, number>;
+}
+
+export interface PortableExportFile {
+  version: number;
+  exportedAt: number;
+  exportedFrom: "opencode-account-manager" | "antigravity-sync";
+  accounts: Account[];
+}
+
+// ============================================================================
+// Encrypted Export Types (v0.4.0)
+// ============================================================================
+
+export interface EncryptedExportFile {
+  // Header (not encrypted)
+  version: 1;
+  format: "encrypted";
+  algorithm: "aes-256-gcm";
+  
+  // Encryption parameters (hex encoded)
+  salt: string;
+  iv: string;
+  authTag: string;
+  
+  // Encrypted payload (hex encoded JSON)
+  data: string;
+  
+  // Metadata (not encrypted, for display)
+  exportedAt: number;
+  accountCount: number;
+  exportedFrom: "opencode-account-manager";
+}
+
+/**
+ * Type guard to check if data is an encrypted export file
+ */
+export function isEncryptedExportFile(data: unknown): data is EncryptedExportFile {
+  if (typeof data !== "object" || data === null) return false;
+  const obj = data as Record<string, unknown>;
+  return (
+    obj.format === "encrypted" &&
+    obj.algorithm === "aes-256-gcm" &&
+    typeof obj.salt === "string" &&
+    typeof obj.iv === "string" &&
+    typeof obj.authTag === "string" &&
+    typeof obj.data === "string"
+  );
+}
+
+/**
+ * Type guard to check if data is a portable export file
+ */
+export function isPortableExportFile(data: unknown): data is PortableExportFile {
+  if (typeof data !== "object" || data === null) return false;
+  const obj = data as Record<string, unknown>;
+  return (
+    typeof obj.version === "number" &&
+    typeof obj.exportedAt === "number" &&
+    Array.isArray(obj.accounts)
+  );
+}
+
+// ============================================================================
+// Export Format Types
+// ============================================================================
+
+export type ExportFormat = "encrypted" | "plain";
+
+export interface ExportOptions {
+  format: ExportFormat;
+  folder: string;
+  password?: string; // Required for encrypted
+  accounts: Account[];
+}
+
+export interface ImportResult {
+  success: boolean;
+  accounts: Account[];
+  newCount: number;
+  overwrittenCount: number;
+  error?: string;
+}