opencode-antigravity-auth 1.0.1 → 1.0.3

package/README.md

@@ -17,7 +17,7 @@ Enable Opencode to authenticate against **Antigravity** (Google's IDE) via OAuth
 
 ```json
 {
-  "plugin": ["opencode-antigravity-auth"]
+  "plugin": ["opencode-antigravity-auth@1.0.3"]
 }
 ```
 

package/package.json

@@ -1,23 +1,56 @@
 {
   "name": "opencode-antigravity-auth",
-  "module": "index.ts",
-  "version": "1.0.1",
+  "version": "1.0.3",
+  "description": "Google Antigravity IDE OAuth auth plugin for Opencode - access Gemini 3 Pro and Claude 4.5 using Google credentials",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "type": "module",
+  "license": "MIT",
   "author": "noefabris",
-  "repository": "https://github.com/NoeFabris/opencode-antigravity-auth",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NoeFabris/opencode-antigravity-auth.git"
+  },
+  "homepage": "https://github.com/NoeFabris/opencode-antigravity-auth#readme",
+  "bugs": {
+    "url": "https://github.com/NoeFabris/opencode-antigravity-auth/issues"
+  },
+  "keywords": [
+    "opencode",
+    "google",
+    "antigravity",
+    "gemini",
+    "oauth",
+    "plugin",
+    "auth",
+    "claude"
+  ],
+  "engines": {
+    "node": ">=20.0.0"
+  },
   "files": [
-    "index.ts",
-    "src"
+    "dist/",
+    "README.md",
+    "LICENSE"
   ],
-  "license": "MIT",
-  "type": "module",
-  "devDependencies": {
-    "@opencode-ai/plugin": "^0.15.30",
-    "@types/bun": "latest",
-    "@types/node": "^24.10.1"
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest run --coverage"
   },
   "peerDependencies": {
     "typescript": "^5"
   },
+  "devDependencies": {
+    "@opencode-ai/plugin": "^0.15.30",
+    "@types/node": "^24.10.1",
+    "@vitest/ui": "^3.0.0",
+    "typescript": "^5.0.0",
+    "vitest": "^3.0.0"
+  },
   "dependencies": {
     "@openauthjs/openauth": "^0.4.3"
   }

package/index.ts

@@ -1,14 +0,0 @@
-export {
-  AntigravityCLIOAuthPlugin,
-  GoogleOAuthPlugin,
-} from "./src/plugin";
-
-export {
-  authorizeAntigravity,
-  exchangeAntigravity,
-} from "./src/antigravity/oauth";
-
-export type {
-  AntigravityAuthorization,
-  AntigravityTokenExchangeResult,
-} from "./src/antigravity/oauth";

package/src/antigravity/oauth.ts

@@ -1,250 +0,0 @@
-import { generatePKCE } from "@openauthjs/openauth/pkce";
-
-import {
-  ANTIGRAVITY_CLIENT_ID,
-  ANTIGRAVITY_CLIENT_SECRET,
-  ANTIGRAVITY_REDIRECT_URI,
-  ANTIGRAVITY_SCOPES,
-  ANTIGRAVITY_ENDPOINT_FALLBACKS,
-  ANTIGRAVITY_LOAD_ENDPOINTS,
-  ANTIGRAVITY_HEADERS,
-} from "../constants";
-
-interface PkcePair {
-  challenge: string;
-  verifier: string;
-}
-
-interface AntigravityAuthState {
-  verifier: string;
-  projectId: string;
-}
-
-/**
- * Result returned to the caller after constructing an OAuth authorization URL.
- */
-export interface AntigravityAuthorization {
-  url: string;
-  verifier: string;
-  projectId: string;
-}
-
-interface AntigravityTokenExchangeSuccess {
-  type: "success";
-  refresh: string;
-  access: string;
-  expires: number;
-  email?: string;
-  projectId: string;
-}
-
-interface AntigravityTokenExchangeFailure {
-  type: "failed";
-  error: string;
-}
-
-export type AntigravityTokenExchangeResult =
-  | AntigravityTokenExchangeSuccess
-  | AntigravityTokenExchangeFailure;
-
-interface AntigravityTokenResponse {
-  access_token: string;
-  expires_in: number;
-  refresh_token: string;
-}
-
-interface AntigravityUserInfo {
-  email?: string;
-}
-
-/**
- * Encode an object into a URL-safe base64 string.
- */
-function encodeState(payload: AntigravityAuthState): string {
-  return Buffer.from(JSON.stringify(payload), "utf8").toString("base64url");
-}
-
-/**
- * Decode an OAuth state parameter back into its structured representation.
- */
-function decodeState(state: string): AntigravityAuthState {
-  const normalized = state.replace(/-/g, "+").replace(/_/g, "/");
-  const padded = normalized.padEnd(normalized.length + ((4 - normalized.length % 4) % 4), "=");
-  const json = Buffer.from(padded, "base64").toString("utf8");
-  const parsed = JSON.parse(json);
-  if (typeof parsed.verifier !== "string") {
-    throw new Error("Missing PKCE verifier in state");
-  }
-  return {
-    verifier: parsed.verifier,
-    projectId: typeof parsed.projectId === "string" ? parsed.projectId : "",
-  };
-}
-
-/**
- * Build the Antigravity OAuth authorization URL including PKCE and optional project metadata.
- */
-export async function authorizeAntigravity(projectId = ""): Promise<AntigravityAuthorization> {
-  const pkce = (await generatePKCE()) as PkcePair;
-
-  const url = new URL("https://accounts.google.com/o/oauth2/v2/auth");
-  url.searchParams.set("client_id", ANTIGRAVITY_CLIENT_ID);
-  url.searchParams.set("response_type", "code");
-  url.searchParams.set("redirect_uri", ANTIGRAVITY_REDIRECT_URI);
-  url.searchParams.set("scope", ANTIGRAVITY_SCOPES.join(" "));
-  url.searchParams.set("code_challenge", pkce.challenge);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set(
-    "state",
-    encodeState({ verifier: pkce.verifier, projectId: projectId || "" }),
-  );
-  url.searchParams.set("access_type", "offline");
-  url.searchParams.set("prompt", "consent");
-
-  return {
-    url: url.toString(),
-    verifier: pkce.verifier,
-    projectId: projectId || "",
-  };
-}
-
-async function fetchProjectID(accessToken: string): Promise<string> {
-  const errors: string[] = [];
-  // Use CLIProxy-aligned headers for project discovery to match "real" Antigravity clients.
-  const loadHeaders: Record<string, string> = {
-    Authorization: `Bearer ${accessToken}`,
-    "Content-Type": "application/json",
-    "User-Agent": "google-api-nodejs-client/9.15.1",
-    "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1",
-    "Client-Metadata": ANTIGRAVITY_HEADERS["Client-Metadata"],
-  };
-
-  const loadEndpoints = Array.from(
-    new Set<string>([...ANTIGRAVITY_LOAD_ENDPOINTS, ...ANTIGRAVITY_ENDPOINT_FALLBACKS]),
-  );
-
-  for (const baseEndpoint of loadEndpoints) {
-    try {
-      const url = `${baseEndpoint}/v1internal:loadCodeAssist`;
-      const response = await fetch(url, {
-        method: "POST",
-        headers: loadHeaders,
-        body: JSON.stringify({
-          metadata: {
-            ideType: "IDE_UNSPECIFIED",
-            platform: "PLATFORM_UNSPECIFIED",
-            pluginType: "GEMINI",
-          },
-        }),
-      });
-
-      if (!response.ok) {
-        const message = await response.text().catch(() => "");
-        errors.push(
-          `loadCodeAssist ${response.status} at ${baseEndpoint}${
-            message ? `: ${message}` : ""
-          }`,
-        );
-        continue;
-      }
-
-      const data = await response.json();
-      if (typeof data.cloudaicompanionProject === "string" && data.cloudaicompanionProject) {
-        return data.cloudaicompanionProject;
-      }
-      if (
-        data.cloudaicompanionProject &&
-        typeof data.cloudaicompanionProject.id === "string" &&
-        data.cloudaicompanionProject.id
-      ) {
-        return data.cloudaicompanionProject.id;
-      }
-
-      errors.push(`loadCodeAssist missing project id at ${baseEndpoint}`);
-    } catch (e) {
-      errors.push(
-        `loadCodeAssist error at ${baseEndpoint}: ${
-          e instanceof Error ? e.message : String(e)
-        }`,
-      );
-    }
-  }
-
-  if (errors.length) {
-    console.warn("Failed to resolve Antigravity project via loadCodeAssist:", errors.join("; "));
-  }
-  return "";
-}
-
-/**
- * Exchange an authorization code for Antigravity CLI access and refresh tokens.
- */
-export async function exchangeAntigravity(
-  code: string,
-  state: string,
-): Promise<AntigravityTokenExchangeResult> {
-  try {
-    const { verifier, projectId } = decodeState(state);
-
-    const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: new URLSearchParams({
-        client_id: ANTIGRAVITY_CLIENT_ID,
-        client_secret: ANTIGRAVITY_CLIENT_SECRET,
-        code,
-        grant_type: "authorization_code",
-        redirect_uri: ANTIGRAVITY_REDIRECT_URI,
-        code_verifier: verifier,
-      }),
-    });
-
-    if (!tokenResponse.ok) {
-      const errorText = await tokenResponse.text();
-      return { type: "failed", error: errorText };
-    }
-
-    const tokenPayload = (await tokenResponse.json()) as AntigravityTokenResponse;
-
-    const userInfoResponse = await fetch(
-      "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
-      {
-        headers: {
-          Authorization: `Bearer ${tokenPayload.access_token}`,
-        },
-      },
-    );
-
-    const userInfo = userInfoResponse.ok
-      ? ((await userInfoResponse.json()) as AntigravityUserInfo)
-      : {};
-
-    const refreshToken = tokenPayload.refresh_token;
-    if (!refreshToken) {
-      return { type: "failed", error: "Missing refresh token in response" };
-    }
-
-    let effectiveProjectId = projectId;
-    if (!effectiveProjectId) {
-      effectiveProjectId = await fetchProjectID(tokenPayload.access_token);
-    }
-
-    const storedRefresh = `${refreshToken}|${effectiveProjectId || ""}`;
-
-    return {
-      type: "success",
-      refresh: storedRefresh,
-      access: tokenPayload.access_token,
-      expires: Date.now() + tokenPayload.expires_in * 1000,
-      email: userInfo.email,
-      projectId: effectiveProjectId || "",
-    };
-  } catch (error) {
-    return {
-      type: "failed",
-      error: error instanceof Error ? error.message : "Unknown error",
-    };
-  }
-}

package/src/constants.ts

@@ -1,75 +0,0 @@
-/**
- * Constants used for Antigravity OAuth flows and Cloud Code Assist API integration.
- */
-export const ANTIGRAVITY_CLIENT_ID = "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com";
-
-/**
- * Client secret issued for the Antigravity OAuth application.
- */
-export const ANTIGRAVITY_CLIENT_SECRET = "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";
-
-/**
- * Scopes required for Antigravity integrations.
- */
-export const ANTIGRAVITY_SCOPES: readonly string[] = [
-  "https://www.googleapis.com/auth/cloud-platform",
-  "https://www.googleapis.com/auth/userinfo.email",
-  "https://www.googleapis.com/auth/userinfo.profile",
-  "https://www.googleapis.com/auth/cclog",
-  "https://www.googleapis.com/auth/experimentsandconfigs",
-];
-
-/**
- * OAuth redirect URI used by the local CLI callback server.
- */
-export const ANTIGRAVITY_REDIRECT_URI = "http://localhost:51121/oauth-callback";
-
-/**
- * Root endpoints for the Antigravity API (in fallback order).
- * CLIProxy and Vibeproxy use the daily sandbox endpoint first,
- * then fallback to autopush and prod if needed.
- */
-export const ANTIGRAVITY_ENDPOINT_DAILY = "https://daily-cloudcode-pa.sandbox.googleapis.com";
-export const ANTIGRAVITY_ENDPOINT_AUTOPUSH = "https://autopush-cloudcode-pa.sandbox.googleapis.com";
-export const ANTIGRAVITY_ENDPOINT_PROD = "https://cloudcode-pa.googleapis.com";
-
-/**
- * Endpoint fallback order (daily → autopush → prod).
- * Shared across request handling and project discovery to mirror CLIProxy behavior.
- */
-export const ANTIGRAVITY_ENDPOINT_FALLBACKS = [
-  ANTIGRAVITY_ENDPOINT_DAILY,
-  ANTIGRAVITY_ENDPOINT_AUTOPUSH,
-  ANTIGRAVITY_ENDPOINT_PROD,
-] as const;
-
-/**
- * Preferred endpoint order for project discovery (prod first, then fallbacks).
- * loadCodeAssist appears to be best supported on prod for managed project resolution.
- */
-export const ANTIGRAVITY_LOAD_ENDPOINTS = [
-  ANTIGRAVITY_ENDPOINT_PROD,
-  ANTIGRAVITY_ENDPOINT_DAILY,
-  ANTIGRAVITY_ENDPOINT_AUTOPUSH,
-] as const;
-
-/**
- * Primary endpoint to use (daily sandbox - same as CLIProxy/Vibeproxy).
- */
-export const ANTIGRAVITY_ENDPOINT = ANTIGRAVITY_ENDPOINT_DAILY;
-
-/**
- * Hardcoded project id used when Antigravity does not return one (e.g., business/workspace accounts).
- */
-export const ANTIGRAVITY_DEFAULT_PROJECT_ID = "rising-fact-p41fc";
-
-export const ANTIGRAVITY_HEADERS = {
-  "User-Agent": "antigravity/1.11.5 windows/amd64",
-  "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1",
-  "Client-Metadata": '{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI"}',
-} as const;
-
-/**
- * Provider identifier shared between the plugin loader and credential store.
- */
-export const ANTIGRAVITY_PROVIDER_ID = "google";

package/src/plugin/auth.ts

@@ -1,38 +0,0 @@
-import type { AuthDetails, OAuthAuthDetails, RefreshParts } from "./types";
-
-const ACCESS_TOKEN_EXPIRY_BUFFER_MS = 60 * 1000;
-
-export function isOAuthAuth(auth: AuthDetails): auth is OAuthAuthDetails {
-  return auth.type === "oauth";
-}
-
-/**
- * Splits a packed refresh string into its constituent refresh token and project IDs.
- */
-export function parseRefreshParts(refresh: string): RefreshParts {
-  const [refreshToken = "", projectId = "", managedProjectId = ""] = (refresh ?? "").split("|");
-  return {
-    refreshToken,
-    projectId: projectId || undefined,
-    managedProjectId: managedProjectId || undefined,
-  };
-}
-
-/**
- * Serializes refresh token parts into the stored string format.
- */
-export function formatRefreshParts(parts: RefreshParts): string {
-  const projectSegment = parts.projectId ?? "";
-  const base = `${parts.refreshToken}|${projectSegment}`;
-  return parts.managedProjectId ? `${base}|${parts.managedProjectId}` : base;
-}
-
-/**
- * Determines whether an access token is expired or missing, with buffer for clock skew.
- */
-export function accessTokenExpired(auth: OAuthAuthDetails): boolean {
-  if (!auth.access || typeof auth.expires !== "number") {
-    return true;
-  }
-  return auth.expires <= Date.now() + ACCESS_TOKEN_EXPIRY_BUFFER_MS;
-}

package/src/plugin/cache.ts

@@ -1,65 +0,0 @@
-import { accessTokenExpired } from "./auth";
-import type { OAuthAuthDetails } from "./types";
-
-const authCache = new Map<string, OAuthAuthDetails>();
-
-/**
- * Produces a stable cache key from a refresh token string.
- */
-function normalizeRefreshKey(refresh?: string): string | undefined {
-  const key = refresh?.trim();
-  return key ? key : undefined;
-}
-
-/**
- * Returns a cached auth snapshot when available, favoring unexpired tokens.
- */
-export function resolveCachedAuth(auth: OAuthAuthDetails): OAuthAuthDetails {
-  const key = normalizeRefreshKey(auth.refresh);
-  if (!key) {
-    return auth;
-  }
-
-  const cached = authCache.get(key);
-  if (!cached) {
-    authCache.set(key, auth);
-    return auth;
-  }
-
-  if (!accessTokenExpired(auth)) {
-    authCache.set(key, auth);
-    return auth;
-  }
-
-  if (!accessTokenExpired(cached)) {
-    return cached;
-  }
-
-  authCache.set(key, auth);
-  return auth;
-}
-
-/**
- * Stores the latest auth snapshot keyed by refresh token.
- */
-export function storeCachedAuth(auth: OAuthAuthDetails): void {
-  const key = normalizeRefreshKey(auth.refresh);
-  if (!key) {
-    return;
-  }
-  authCache.set(key, auth);
-}
-
-/**
- * Clears cached auth globally or for a specific refresh token.
- */
-export function clearCachedAuth(refresh?: string): void {
-  if (!refresh) {
-    authCache.clear();
-    return;
-  }
-  const key = normalizeRefreshKey(refresh);
-  if (key) {
-    authCache.delete(key);
-  }
-}

package/src/plugin/cli.ts

@@ -1,15 +0,0 @@
-import { createInterface } from "node:readline/promises";
-import { stdin as input, stdout as output } from "node:process";
-
-/**
- * Prompts the user for a project ID via stdin/stdout.
- */
-export async function promptProjectId(): Promise<string> {
-  const rl = createInterface({ input, output });
-  try {
-    const answer = await rl.question("Project ID (leave blank to use your default project): ");
-    return answer.trim();
-  } finally {
-    rl.close();
-  }
-}