npm - opencode-anthropic-multi-account - Versions diffs - 0.2.4 → 0.2.5 - Mend

opencode-anthropic-multi-account 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.js +239 -11
package/dist/pi-ai-adapter.d.ts +2 -0
package/dist/token-node-request.d.ts +10 -0
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -2194,9 +2194,100 @@ var TOOL_PREFIX = ANTHROPIC_OAUTH_ADAPTER.toolPrefix;
 var ACCOUNTS_FILENAME2 = ANTHROPIC_OAUTH_ADAPTER.accountStorageFilename;
 var PLAN_LABELS = ANTHROPIC_OAUTH_ADAPTER.planLabels;
 var TOKEN_EXPIRY_BUFFER_MS = 6e4;
+var TOKEN_REFRESH_TIMEOUT_MS = 3e4;
 // src/pi-ai-adapter.ts
-import { loginAnthropic, refreshAnthropicToken } from "@mariozechner/pi-ai/oauth";
+import { AsyncLocalStorage } from "node:async_hooks";
+import * as piAiOauth from "@mariozechner/pi-ai/oauth";
+// src/token-node-request.ts
+import * as childProcess from "node:child_process";
+function buildNodeTokenRequestScript() {
+  return `
+const https = require("node:https");
+const endpoint = process.env.ANTHROPIC_REFRESH_ENDPOINT;
+const timeoutMs = Number(process.env.ANTHROPIC_REFRESH_TIMEOUT_MS || "30000");
+const payload = process.env.ANTHROPIC_REFRESH_REQUEST_BODY || "";
+function printSuccess(body) {
+  console.log(JSON.stringify({ ok: true, body }));
+}
+function printFailure(error) {
+  console.log(JSON.stringify({ ok: false, ...error }));
+}
+const request = https.request(endpoint, {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    Accept: "application/json",
+    "Content-Length": Buffer.byteLength(payload).toString(),
+  },
+}, (response) => {
+  let body = "";
+  response.setEncoding("utf8");
+  response.on("data", (chunk) => {
+    body += chunk;
+  });
+  response.on("end", () => {
+    const status = response.statusCode ?? 0;
+    if (status < 200 || status >= 300) {
+      printFailure({ status, body });
+      return;
+    }
+    printSuccess(body);
+  });
+});
+request.setTimeout(timeoutMs, () => {
+  request.destroy(new Error("Request timed out after " + timeoutMs + "ms"));
+});
+request.on("error", (error) => {
+  printFailure({ error: error instanceof Error ? error.name + ": " + error.message : String(error) });
+});
+request.write(payload);
+request.end();
+`;
+}
+async function defaultRunNodeTokenRequest(options) {
+  const script = buildNodeTokenRequestScript();
+  return await new Promise((resolve, reject) => {
+    childProcess.execFile(
+      options.executable,
+      ["-e", script],
+      {
+        timeout: options.timeoutMs + 1e3,
+        maxBuffer: 1024 * 1024,
+        env: {
+          ...process.env,
+          ANTHROPIC_REFRESH_ENDPOINT: options.endpoint,
+          ANTHROPIC_REFRESH_REQUEST_BODY: options.body,
+          ANTHROPIC_REFRESH_TIMEOUT_MS: String(options.timeoutMs)
+        }
+      },
+      (error, stdout, stderr) => {
+        const trimmedStdout = stdout.trim();
+        if (error) {
+          reject(new Error(stderr.trim() || error.message));
+          return;
+        }
+        if (!trimmedStdout) {
+          reject(new Error("Empty response from Node refresh helper"));
+          return;
+        }
+        resolve(trimmedStdout);
+      }
+    );
+  });
+}
+var nodeTokenRequestRunner = defaultRunNodeTokenRequest;
+async function runNodeTokenRequest(options) {
+  return await nodeTokenRequestRunner(options);
+}
 // src/config.ts
 initCoreConfig("claude-multiauth.json");
@@ -2378,19 +2469,140 @@ function fromPiAiCredentials(creds) {
     expiresAt: creds.expires
   };
 }
+var ANTHROPIC_REFRESH_ENDPOINT = "https://platform.claude.com/v1/oauth/token";
+var REFRESH_NODE_EXECUTABLE = process.env.OPENCODE_REFRESH_NODE_EXECUTABLE || "node";
+var tokenProxyContext = new AsyncLocalStorage();
+var tokenProxyInstalled = false;
+var tokenProxyOriginalFetch = null;
+var refreshEndpointUrl = new URL(ANTHROPIC_REFRESH_ENDPOINT);
+function buildRefreshRequestError(details) {
+  return new Error(`Anthropic token refresh request failed. url=${ANTHROPIC_REFRESH_ENDPOINT}; details=${details}`);
+}
+function buildRefreshInvalidJsonError(body, details) {
+  return new Error(`Anthropic token refresh returned invalid JSON. url=${ANTHROPIC_REFRESH_ENDPOINT}; body=${body}; details=${details}`);
+}
+function getRequestUrlString(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.toString();
+  return input.url;
+}
+function isAnthropicTokenEndpoint(input) {
+  const rawUrl = getRequestUrlString(input);
+  try {
+    const url = new URL(rawUrl);
+    return url.origin === refreshEndpointUrl.origin && url.pathname === refreshEndpointUrl.pathname;
+  } catch {
+    return rawUrl === ANTHROPIC_REFRESH_ENDPOINT;
+  }
+}
+function getRequestBodySource(input, init) {
+  if (init?.body !== void 0) {
+    return init.body;
+  }
+  if (input instanceof Request) {
+    return input.body;
+  }
+  return void 0;
+}
+function stringifyBinaryBody(body) {
+  if (body instanceof ArrayBuffer) {
+    return Buffer.from(body).toString("utf8");
+  }
+  return Buffer.from(body.buffer, body.byteOffset, body.byteLength).toString("utf8");
+}
+async function getRequestBody(input, init) {
+  const body = getRequestBodySource(input, init);
+  if (typeof body === "string") return body;
+  if (body instanceof URLSearchParams) return body.toString();
+  if (body instanceof Uint8Array || body instanceof ArrayBuffer || ArrayBuffer.isView(body)) {
+    return stringifyBinaryBody(body);
+  }
+  if (typeof Blob !== "undefined" && body instanceof Blob) return await body.text();
+  if (body instanceof ReadableStream) return await new Response(body).text();
+  if (input instanceof Request && init?.body === void 0) return await input.clone().text();
+  if (body == null) return "";
+  throw buildRefreshRequestError(`Unsupported token request body type: ${Object.prototype.toString.call(body)}`);
+}
+function getRequestMethod(input, init) {
+  return init?.method ?? (input instanceof Request ? input.method : "GET");
+}
+function shouldProxyTokenRequest(input) {
+  return tokenProxyContext.getStore() === true && isAnthropicTokenEndpoint(input);
+}
+async function postAnthropicTokenViaNode(body) {
+  let output;
+  try {
+    output = await runNodeTokenRequest({
+      body,
+      endpoint: ANTHROPIC_REFRESH_ENDPOINT,
+      executable: REFRESH_NODE_EXECUTABLE,
+      timeoutMs: TOKEN_REFRESH_TIMEOUT_MS
+    });
+  } catch (error) {
+    const details = error instanceof Error ? error.message : String(error);
+    throw buildRefreshRequestError(details);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(output);
+  } catch (error) {
+    const details = error instanceof Error ? `${error.name}: ${error.message}` : String(error);
+    throw buildRefreshInvalidJsonError(output, details);
+  }
+  const result = parsed;
+  if (!result.ok) {
+    if (result.error) {
+      throw buildRefreshRequestError(result.error);
+    }
+    throw buildRefreshRequestError(`Error: HTTP request failed. status=${result.status ?? 0}; url=${ANTHROPIC_REFRESH_ENDPOINT}; body=${result.body ?? ""}`);
+  }
+  return new Response(result.body ?? "", {
+    status: 200,
+    headers: {
+      "content-type": "application/json"
+    }
+  });
+}
+function createAnthropicTokenProxyFetch(originalFetch) {
+  return (async (input, init) => {
+    if (!shouldProxyTokenRequest(input)) {
+      return originalFetch(input, init);
+    }
+    const method = getRequestMethod(input, init).toUpperCase();
+    if (method !== "POST") {
+      throw buildRefreshRequestError(`Unsupported token endpoint method: ${method}`);
+    }
+    return await postAnthropicTokenViaNode(await getRequestBody(input, init));
+  });
+}
+function ensureAnthropicTokenProxyFetchInstalled() {
+  if (tokenProxyInstalled) return;
+  tokenProxyOriginalFetch = globalThis.fetch;
+  globalThis.fetch = createAnthropicTokenProxyFetch(tokenProxyOriginalFetch);
+  tokenProxyInstalled = true;
+}
+async function withAnthropicTokenProxyFetch(operation) {
+  ensureAnthropicTokenProxyFetchInstalled();
+  return await tokenProxyContext.run(true, operation);
+}
+async function fetchProfileWithSingleRetry(accessToken) {
+  let profileResult = await fetchProfile(accessToken);
+  if (profileResult.ok) {
+    return profileResult;
+  }
+  await new Promise((resolve) => setTimeout(resolve, 1e3));
+  profileResult = await fetchProfile(accessToken);
+  return profileResult;
+}
 async function loginWithPiAi(callbacks) {
-  const piCreds = await loginAnthropic({
+  const piCreds = await withAnthropicTokenProxyFetch(() => piAiOauth.loginAnthropic({
     onAuth: callbacks.onAuth,
     onPrompt: callbacks.onPrompt,
     onProgress: callbacks.onProgress,
     onManualCodeInput: callbacks.onManualCodeInput
-  });
+  }));
   const base = fromPiAiCredentials(piCreds);
-  let profileResult = await fetchProfile(piCreds.access);
-  if (!profileResult.ok) {
-    await new Promise((r) => setTimeout(r, 1e3));
-    profileResult = await fetchProfile(piCreds.access);
-  }
+  const profileResult = await fetchProfileWithSingleRetry(piCreds.access);
   const profileData = profileResult.ok ? profileResult.data : void 0;
   return {
     ...base,
@@ -2401,7 +2613,7 @@ async function loginWithPiAi(callbacks) {
   };
 }
 async function refreshWithPiAi(currentRefreshToken) {
-  const piCreds = await refreshAnthropicToken(currentRefreshToken);
+  const piCreds = await withAnthropicTokenProxyFetch(() => piAiOauth.refreshAnthropicToken(currentRefreshToken));
   return {
     accessToken: piCreds.access,
     refreshToken: piCreds.refresh,
@@ -2412,6 +2624,13 @@ var PI_AI_ADAPTER_SERVICE = ANTHROPIC_OAUTH_ADAPTER.serviceLogName;
 // src/token.ts
 var PERMANENT_FAILURE_HTTP_STATUSES = /* @__PURE__ */ new Set([400, 401, 403]);
+var PERMANENT_FAILURE_MESSAGE_PATTERNS = [
+  /\binvalid_grant\b/i,
+  /\binvalid_scope\b/i,
+  /\bunauthorized_client\b/i,
+  /\brefresh token\b.*\b(invalid|expired|revoked|no longer valid)\b/i,
+  /\bauth(?:entication)?(?:[_\s-]+)?invalid\b/i
+];
 var refreshMutexByAccountId = /* @__PURE__ */ new Map();
 function isTokenExpired(account) {
   if (!account.accessToken || !account.expiresAt) return true;
@@ -2428,7 +2647,9 @@ async function refreshToken(currentRefreshToken, accountId, client) {
     } catch (error) {
       const message = error instanceof Error ? error.message : String(error);
       const statusMatch = message.match(/\b(400|401|403)\b/);
-      const isPermanent = statusMatch !== null && PERMANENT_FAILURE_HTTP_STATUSES.has(Number(statusMatch[1]));
+      const hasPermanentStatus = statusMatch !== null && PERMANENT_FAILURE_HTTP_STATUSES.has(Number(statusMatch[1]));
+      const hasPermanentMessage = PERMANENT_FAILURE_MESSAGE_PATTERNS.some((pattern) => pattern.test(message));
+      const isPermanent = hasPermanentStatus || hasPermanentMessage;
       await client.app.log({
         body: {
           service: ANTHROPIC_OAUTH_ADAPTER.serviceLogName,
@@ -3039,7 +3260,14 @@ async function checkAccountQuota(manager, account, client) {
     }
     const refreshResult = await manager.ensureValidToken(account.uuid, client);
     if (!refreshResult.ok) {
-      printQuotaError(account, account.isAuthDisabled ? `${account.authDisabledReason ?? "Auth disabled"} (refresh failed)` : "Failed to refresh token");
+      await manager.markAuthFailure(account.uuid, refreshResult);
+      await manager.refresh();
+      const updatedAccount = manager.getAccounts().find((candidate) => candidate.uuid === account.uuid);
+      if (!updatedAccount) {
+        printQuotaError(account, refreshResult.permanent ? "Refresh failed permanently; account removed" : "Failed to refresh token");
+        return;
+      }
+      printQuotaError(updatedAccount, updatedAccount.isAuthDisabled ? `${updatedAccount.authDisabledReason ?? "Auth disabled"} (refresh failed)` : "Failed to refresh token");
       return;
     }
     await manager.refresh();

package/dist/pi-ai-adapter.d.ts CHANGED Viewed

@@ -11,6 +11,8 @@ export interface LoginWithPiAiCallbacks {
     onProgress?: (message: string) => void;
     onManualCodeInput?: () => Promise<string>;
 }
+export declare function withAnthropicTokenProxyFetch<T>(operation: () => Promise<T>): Promise<T>;
+export declare function resetAnthropicTokenProxyStateForTest(): void;
 export declare function loginWithPiAi(callbacks: LoginWithPiAiCallbacks): Promise<Partial<StoredAccount>>;
 export declare function refreshWithPiAi(currentRefreshToken: string): Promise<CredentialRefreshPatch>;
 export declare const PI_AI_ADAPTER_SERVICE: string;

package/dist/token-node-request.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export interface NodeTokenRequestOptions {
+    body: string;
+    endpoint: string;
+    executable: string;
+    timeoutMs: number;
+}
+type NodeTokenRequestRunner = (options: NodeTokenRequestOptions) => Promise<string>;
+export declare function runNodeTokenRequest(options: NodeTokenRequestOptions): Promise<string>;
+export declare function setNodeTokenRequestRunnerForTest(runner: NodeTokenRequestRunner | null): void;
+export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-anthropic-multi-account",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "OpenCode plugin for Anthropic multi-account management with automatic rate limit switching",
   "main": "./dist/index.js",
   "type": "module",
@@ -39,7 +39,7 @@
     "directory": "packages/anthropic-multi-account"
   },
   "dependencies": {
-    "opencode-multi-account-core": "^0.2.4",
+    "opencode-multi-account-core": "^0.2.5",
     "@mariozechner/pi-ai": "^0.61.0",
     "valibot": "^1.2.0"
   },