opencode-antigravity-auth 1.0.3 → 1.0.5

package/dist/src/plugin/server.js

@@ -0,0 +1,216 @@
+import { createServer } from "node:http";
+import { ANTIGRAVITY_REDIRECT_URI } from "../constants";
+const redirectUri = new URL(ANTIGRAVITY_REDIRECT_URI);
+const callbackPath = redirectUri.pathname || "/";
+/**
+ * Starts a lightweight HTTP server that listens for the Antigravity OAuth redirect
+ * and resolves with the captured callback URL.
+ */
+export async function startOAuthListener({ timeoutMs = 5 * 60 * 1000 } = {}) {
+    const port = redirectUri.port
+        ? Number.parseInt(redirectUri.port, 10)
+        : redirectUri.protocol === "https:"
+            ? 443
+            : 80;
+    const origin = `${redirectUri.protocol}//${redirectUri.host}`;
+    let settled = false;
+    let resolveCallback;
+    let rejectCallback;
+    let timeoutHandle;
+    const callbackPromise = new Promise((resolve, reject) => {
+        resolveCallback = (url) => {
+            if (settled)
+                return;
+            settled = true;
+            if (timeoutHandle)
+                clearTimeout(timeoutHandle);
+            resolve(url);
+        };
+        rejectCallback = (error) => {
+            if (settled)
+                return;
+            settled = true;
+            if (timeoutHandle)
+                clearTimeout(timeoutHandle);
+            reject(error);
+        };
+    });
+    const successResponse = `<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Authentication Successful</title>
+    <style>
+      :root {
+        --bg: #FAFAFA;
+        --card-bg: #FFFFFF;
+        --text-primary: #1F2937;
+        --text-secondary: #6B7280;
+        --accent: #2563EB;
+        --success: #10B981;
+        --border: #E5E7EB;
+      }
+      @media (prefers-color-scheme: dark) {
+        :root {
+          --bg: #111827;
+          --card-bg: #1F2937;
+          --text-primary: #F9FAFB;
+          --text-secondary: #9CA3AF;
+          --accent: #3B82F6;
+          --success: #34D399;
+          --border: #374151;
+        }
+      }
+      body {
+        margin: 0;
+        min-height: 100vh;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+        background: var(--bg);
+        color: var(--text-primary);
+        padding: 1rem;
+      }
+      .card {
+        background: var(--card-bg);
+        border-radius: 16px;
+        padding: 3rem 2rem;
+        width: 100%;
+        max-width: 400px;
+        text-align: center;
+        box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
+        border: 1px solid var(--border);
+      }
+      .icon-wrapper {
+        width: 64px;
+        height: 64px;
+        background: rgba(16, 185, 129, 0.1);
+        border-radius: 50%;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        margin: 0 auto 1.5rem;
+      }
+      .icon {
+        width: 32px;
+        height: 32px;
+        color: var(--success);
+      }
+      h1 {
+        font-size: 1.5rem;
+        font-weight: 600;
+        margin: 0 0 0.5rem;
+        letter-spacing: -0.025em;
+      }
+      p {
+        color: var(--text-secondary);
+        font-size: 0.95rem;
+        line-height: 1.5;
+        margin: 0 0 2rem;
+      }
+      .btn {
+        display: inline-flex;
+        align-items: center;
+        justify-content: center;
+        background: var(--text-primary);
+        color: var(--card-bg);
+        font-weight: 500;
+        padding: 0.75rem 1.5rem;
+        border-radius: 8px;
+        text-decoration: none;
+        transition: opacity 0.2s;
+        font-size: 0.95rem;
+        border: none;
+        cursor: pointer;
+        width: 100%;
+        box-sizing: border-box;
+      }
+      .btn:hover {
+        opacity: 0.9;
+      }
+      .sub-text {
+        margin-top: 1rem;
+        font-size: 0.8rem;
+        color: var(--text-secondary);
+      }
+    </style>
+  </head>
+  <body>
+    <div class="card">
+      <div class="icon-wrapper">
+        <svg class="icon" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M5 13l4 4L19 7" />
+        </svg>
+      </div>
+      <h1>All set!</h1>
+      <p>You've successfully authenticated with Antigravity. You can now return to Opencode.</p>
+      <button class="btn" onclick="closeWindow()">Close this tab</button>
+      <div class="sub-text">Usage Tip: Most browsers block auto-closing. If the button doesn't work, please close the tab manually.</div>
+    </div>
+    <script>
+      function closeWindow() {
+        window.close();
+        // Fallback if window.close() is blocked
+        document.querySelector('.btn').textContent = "Tab cannot be closed automatically";
+        document.querySelector('.btn').style.opacity = "0.5";
+        document.querySelector('.btn').style.cursor = "default";
+      }
+    </script>
+  </body>
+</html>`;
+    timeoutHandle = setTimeout(() => {
+        rejectCallback(new Error("Timed out waiting for OAuth callback"));
+    }, timeoutMs);
+    timeoutHandle.unref?.();
+    const server = createServer((request, response) => {
+        if (!request.url) {
+            response.writeHead(400, { "Content-Type": "text/plain" });
+            response.end("Invalid request");
+            return;
+        }
+        const url = new URL(request.url, origin);
+        if (url.pathname !== callbackPath) {
+            response.writeHead(404, { "Content-Type": "text/plain" });
+            response.end("Not found");
+            return;
+        }
+        response.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        response.end(successResponse);
+        resolveCallback(url);
+        setImmediate(() => {
+            server.close();
+        });
+    });
+    await new Promise((resolve, reject) => {
+        const handleError = (error) => {
+            server.off("error", handleError);
+            reject(error);
+        };
+        server.once("error", handleError);
+        server.listen(port, "127.0.0.1", () => {
+            server.off("error", handleError);
+            resolve();
+        });
+    });
+    server.on("error", (error) => {
+        rejectCallback(error instanceof Error ? error : new Error(String(error)));
+    });
+    return {
+        waitForCallback: () => callbackPromise,
+        close: () => new Promise((resolve, reject) => {
+            server.close((error) => {
+                if (error && error.code !== "ERR_SERVER_NOT_RUNNING") {
+                    reject(error);
+                    return;
+                }
+                if (!settled) {
+                    rejectCallback(new Error("OAuth listener closed before callback"));
+                }
+                resolve();
+            });
+        }),
+    };
+}
+//# sourceMappingURL=server.js.map

package/dist/src/plugin/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/plugin/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAoBxD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACtD,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,IAAI,GAAG,CAAC;AAEjD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,EAAE,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,KAA2B,EAAE;IAExD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI;QAC3B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,CAAC,CAAC,WAAW,CAAC,QAAQ,KAAK,QAAQ;YACnC,CAAC,CAAC,GAAG;YACL,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,KAAK,WAAW,CAAC,IAAI,EAAE,CAAC;IAE9D,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,eAAmC,CAAC;IACxC,IAAI,cAAsC,CAAC;IAC3C,IAAI,aAA6B,CAAC;IAClC,MAAM,eAAe,GAAG,IAAI,OAAO,CAAM,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3D,eAAe,GAAG,CAAC,GAAQ,EAAE,EAAE;YAC7B,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,aAAa;gBAAE,YAAY,CAAC,aAAa,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,CAAC,CAAC;QACF,cAAc,GAAG,CAAC,KAAY,EAAE,EAAE;YAChC,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,aAAa;gBAAE,YAAY,CAAC,aAAa,CAAC,CAAC;YAC/C,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEL,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA4HhB,CAAC;IAEP,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;QAC9B,cAAc,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;IACpE,CAAC,EAAE,SAAS,CAAC,CAAC;IACd,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC;IAExB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;QAChD,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;YAC1D,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YAClC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;YAC1D,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACxE,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAE9B,eAAe,CAAC,GAAG,CAAC,CAAC;QAErB,YAAY,CAAC,GAAG,EAAE;YAChB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,WAAW,GAAG,CAAC,KAAY,EAAE,EAAE;YACnC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACjC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QAC3B,cAAc,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,eAAe,EAAE,GAAG,EAAE,CAAC,eAAe;QACtC,KAAK,EAAE,GAAG,EAAE,CACV,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACpC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACrB,IAAI,KAAK,IAAK,KAA+B,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;oBAChF,MAAM,CAAC,KAAK,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,cAAc,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;gBACrE,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;KACL,CAAC;AACJ,CAAC"}

package/dist/src/plugin/token.d.ts

@@ -0,0 +1,6 @@
+import type { OAuthAuthDetails, PluginClient } from "./types";
+/**
+ * Refreshes an Antigravity OAuth access token, updates persisted credentials, and handles revocation.
+ */
+export declare function refreshAccessToken(auth: OAuthAuthDetails, client: PluginClient, providerId: string): Promise<OAuthAuthDetails | undefined>;
+//# sourceMappingURL=token.d.ts.map

package/dist/src/plugin/token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/plugin/token.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAgB,MAAM,SAAS,CAAC;AAoD5E;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,gBAAgB,EACtB,MAAM,EAAE,YAAY,EACpB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CA+FvC"}

package/dist/src/plugin/token.js

@@ -0,0 +1,126 @@
+import { ANTIGRAVITY_CLIENT_ID, ANTIGRAVITY_CLIENT_SECRET, ANTIGRAVITY_PROVIDER_ID, } from "../constants";
+import { formatRefreshParts, parseRefreshParts } from "./auth";
+import { clearCachedAuth, storeCachedAuth } from "./cache";
+import { invalidateProjectContextCache } from "./project";
+/**
+ * Parses OAuth error payloads returned by Google token endpoints, tolerating varied shapes.
+ */
+function parseOAuthErrorPayload(text) {
+    if (!text) {
+        return {};
+    }
+    try {
+        const payload = JSON.parse(text);
+        if (!payload || typeof payload !== "object") {
+            return { description: text };
+        }
+        let code;
+        if (typeof payload.error === "string") {
+            code = payload.error;
+        }
+        else if (payload.error && typeof payload.error === "object") {
+            code = payload.error.status ?? payload.error.code;
+            if (!payload.error_description && payload.error.message) {
+                return { code, description: payload.error.message };
+            }
+        }
+        const description = payload.error_description;
+        if (description) {
+            return { code, description };
+        }
+        if (payload.error && typeof payload.error === "object" && payload.error.message) {
+            return { code, description: payload.error.message };
+        }
+        return { code };
+    }
+    catch {
+        return { description: text };
+    }
+}
+/**
+ * Refreshes an Antigravity OAuth access token, updates persisted credentials, and handles revocation.
+ */
+export async function refreshAccessToken(auth, client, providerId) {
+    const parts = parseRefreshParts(auth.refresh);
+    if (!parts.refreshToken) {
+        return undefined;
+    }
+    try {
+        const response = await fetch("https://oauth2.googleapis.com/token", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams({
+                grant_type: "refresh_token",
+                refresh_token: parts.refreshToken,
+                client_id: ANTIGRAVITY_CLIENT_ID,
+                client_secret: ANTIGRAVITY_CLIENT_SECRET,
+            }),
+        });
+        if (!response.ok) {
+            let errorText;
+            try {
+                errorText = await response.text();
+            }
+            catch {
+                errorText = undefined;
+            }
+            const { code, description } = parseOAuthErrorPayload(errorText);
+            const details = [code, description ?? errorText].filter(Boolean).join(": ");
+            const baseMessage = `Antigravity token refresh failed (${response.status} ${response.statusText})`;
+            console.warn(`[Antigravity OAuth] ${details ? `${baseMessage} - ${details}` : baseMessage}`);
+            if (code === "invalid_grant") {
+                console.warn("[Antigravity OAuth] Google revoked the stored refresh token. Run `opencode auth login` and reauthenticate the Google provider.");
+                invalidateProjectContextCache(auth.refresh);
+                try {
+                    const clearedAuth = {
+                        type: "oauth",
+                        refresh: formatRefreshParts({
+                            refreshToken: "",
+                            projectId: parts.projectId,
+                            managedProjectId: parts.managedProjectId,
+                        }),
+                    };
+                    await client.auth.set({
+                        path: { id: providerId },
+                        body: clearedAuth,
+                    });
+                }
+                catch (storeError) {
+                    console.error("Failed to clear stored Antigravity OAuth credentials:", storeError);
+                }
+            }
+            return undefined;
+        }
+        const payload = (await response.json());
+        const refreshedParts = {
+            refreshToken: payload.refresh_token ?? parts.refreshToken,
+            projectId: parts.projectId,
+            managedProjectId: parts.managedProjectId,
+        };
+        const updatedAuth = {
+            ...auth,
+            access: payload.access_token,
+            expires: Date.now() + payload.expires_in * 1000,
+            refresh: formatRefreshParts(refreshedParts),
+        };
+        storeCachedAuth(updatedAuth);
+        invalidateProjectContextCache(auth.refresh);
+        try {
+            await client.auth.set({
+                path: { id: providerId },
+                body: updatedAuth,
+            });
+        }
+        catch (storeError) {
+            console.error("Failed to persist refreshed Antigravity OAuth credentials:", storeError);
+        }
+        return updatedAuth;
+    }
+    catch (error) {
+        console.error("Failed to refresh Antigravity access token due to an unexpected error:", error);
+        return undefined;
+    }
+}
+//# sourceMappingURL=token.js.map

package/dist/src/plugin/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/plugin/token.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAc1D;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAwB;IACtD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAsB,CAAC;QACtD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC/B,CAAC;QAED,IAAI,IAAwB,CAAC;QAC7B,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACtC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9D,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;YAClD,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACxD,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACtD,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;QAC/B,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAChF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACtD,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAsB,EACtB,MAAoB,EACpB,UAAkB;IAElB,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;YAClE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,KAAK,CAAC,YAAY;gBACjC,SAAS,EAAE,qBAAqB;gBAChC,aAAa,EAAE,yBAAyB;aACzC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,SAA6B,CAAC;YAClC,IAAI,CAAC;gBACH,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,GAAG,SAAS,CAAC;YACxB,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChE,MAAM,OAAO,GAAG,CAAC,IAAI,EAAE,WAAW,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5E,MAAM,WAAW,GAAG,qCAAqC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,GAAG,CAAC;YACnG,OAAO,CAAC,IAAI,CAAC,uBAAuB,OAAO,CAAC,CAAC,CAAC,GAAG,WAAW,MAAM,OAAO,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAE7F,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;gBAC7B,OAAO,CAAC,IAAI,CACV,gIAAgI,CACjI,CAAC;gBACF,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC;oBACH,MAAM,WAAW,GAAqB;wBACpC,IAAI,EAAE,OAAO;wBACb,OAAO,EAAE,kBAAkB,CAAC;4BAC1B,YAAY,EAAE,EAAE;4BAChB,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;yBACzC,CAAC;qBACH,CAAC;oBACF,MAAM,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;wBACpB,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE;wBACxB,IAAI,EAAE,WAAW;qBAClB,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,UAAU,EAAE,CAAC;oBACpB,OAAO,CAAC,KAAK,CAAC,uDAAuD,EAAE,UAAU,CAAC,CAAC;gBACrF,CAAC;YACH,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIrC,CAAC;QAEF,MAAM,cAAc,GAAiB;YACnC,YAAY,EAAE,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC,YAAY;YACzD,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;SACzC,CAAC;QAEF,MAAM,WAAW,GAAqB;YACpC,GAAG,IAAI;YACP,MAAM,EAAE,OAAO,CAAC,YAAY;YAC5B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI;YAC/C,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC;SAC5C,CAAC;QAEF,eAAe,CAAC,WAAW,CAAC,CAAC;QAC7B,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;gBACpB,IAAI,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE;gBACxB,IAAI,EAAE,WAAW;aAClB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,4DAA4D,EAAE,UAAU,CAAC,CAAC;QAC1F,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,wEAAwE,EAAE,KAAK,CAAC,CAAC;QAC/F,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/src/plugin/token.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=token.test.d.ts.map

package/dist/src/plugin/token.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.test.d.ts","sourceRoot":"","sources":["../../../src/plugin/token.test.ts"],"names":[],"mappings":""}

package/dist/src/plugin/token.test.js

@@ -0,0 +1,56 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { ANTIGRAVITY_PROVIDER_ID } from "../constants";
+import { refreshAccessToken } from "./token";
+const baseAuth = {
+    type: "oauth",
+    refresh: "refresh-token|project-123",
+    access: "old-access",
+    expires: Date.now() - 1000,
+};
+function createClient() {
+    return {
+        auth: {
+            set: vi.fn(async () => { }),
+        },
+    };
+}
+describe("refreshAccessToken", () => {
+    beforeEach(() => {
+        vi.restoreAllMocks();
+    });
+    it("updates the caller and persists when refresh token is unchanged", async () => {
+        const client = createClient();
+        const fetchMock = vi.fn(async () => {
+            return new Response(JSON.stringify({
+                access_token: "new-access",
+                expires_in: 3600,
+            }), { status: 200 });
+        });
+        global.fetch = fetchMock;
+        const result = await refreshAccessToken(baseAuth, client, ANTIGRAVITY_PROVIDER_ID);
+        expect(result?.access).toBe("new-access");
+        expect(client.auth.set.mock.calls.length).toBe(1);
+    });
+    it("persists when Google rotates the refresh token", async () => {
+        const client = createClient();
+        const fetchMock = vi.fn(async () => {
+            return new Response(JSON.stringify({
+                access_token: "next-access",
+                expires_in: 3600,
+                refresh_token: "rotated-token",
+            }), { status: 200 });
+        });
+        global.fetch = fetchMock;
+        const result = await refreshAccessToken(baseAuth, client, ANTIGRAVITY_PROVIDER_ID);
+        expect(result?.access).toBe("next-access");
+        expect(client.auth.set.mock.calls.length).toBe(1);
+        expect(client.auth.set.mock.calls[0]?.[0]).toEqual({
+            path: { id: ANTIGRAVITY_PROVIDER_ID },
+            body: expect.objectContaining({
+                type: "oauth",
+                refresh: expect.stringContaining("rotated-token"),
+            }),
+        });
+    });
+});
+//# sourceMappingURL=token.test.js.map

package/dist/src/plugin/token.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.test.js","sourceRoot":"","sources":["../../../src/plugin/token.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9D,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAG7C,MAAM,QAAQ,GAAqB;IACjC,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,2BAA2B;IACpC,MAAM,EAAE,YAAY;IACpB,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;CAC3B,CAAC;AAEF,SAAS,YAAY;IACnB,OAAO;QACL,IAAI,EAAE;YACJ,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,GAAE,CAAC,CAAC;SAC3B;KAGF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,eAAe,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE;YACjC,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,YAAY,EAAE,YAAY;gBAC1B,UAAU,EAAE,IAAI;aACjB,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,KAAK,GAAG,SAAoC,CAAC;QAEpD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,uBAAuB,CAAC,CAAC;QAEnF,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE;YACjC,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,YAAY,EAAE,aAAa;gBAC3B,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,eAAe;aAC/B,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,KAAK,GAAG,SAAoC,CAAC;QAEpD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,uBAAuB,CAAC,CAAC;QAEnF,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACjD,IAAI,EAAE,EAAE,EAAE,EAAE,uBAAuB,EAAE;YACrC,IAAI,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC5B,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,eAAe,CAAC;aAClD,CAAC;SACH,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/plugin/types.d.ts

@@ -0,0 +1,68 @@
+import type { AntigravityTokenExchangeResult } from "../antigravity/oauth";
+export interface OAuthAuthDetails {
+    type: "oauth";
+    refresh: string;
+    access?: string;
+    expires?: number;
+}
+export interface NonOAuthAuthDetails {
+    type: string;
+    [key: string]: unknown;
+}
+export type AuthDetails = OAuthAuthDetails | NonOAuthAuthDetails;
+export type GetAuth = () => Promise<AuthDetails>;
+export interface ProviderModel {
+    cost?: {
+        input: number;
+        output: number;
+    };
+    [key: string]: unknown;
+}
+export interface Provider {
+    models?: Record<string, ProviderModel>;
+}
+export interface LoaderResult {
+    apiKey: string;
+    fetch(input: RequestInfo, init?: RequestInit): Promise<Response>;
+}
+export interface AuthMethod {
+    provider?: string;
+    label: string;
+    type: "oauth" | "api";
+    authorize?: () => Promise<{
+        url: string;
+        instructions: string;
+        method: string;
+        callback: (callbackUrl: string) => Promise<AntigravityTokenExchangeResult>;
+    }>;
+}
+export interface PluginClient {
+    auth: {
+        set(input: {
+            path: {
+                id: string;
+            };
+            body: OAuthAuthDetails;
+        }): Promise<void>;
+    };
+}
+export interface PluginContext {
+    client: PluginClient;
+}
+export interface PluginResult {
+    auth: {
+        provider: string;
+        loader: (getAuth: GetAuth, provider: Provider) => Promise<LoaderResult | null>;
+        methods: AuthMethod[];
+    };
+}
+export interface RefreshParts {
+    refreshToken: string;
+    projectId?: string;
+    managedProjectId?: string;
+}
+export interface ProjectContextResult {
+    auth: OAuthAuthDetails;
+    effectiveProjectId: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/plugin/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/plugin/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,sBAAsB,CAAC;AAE3E,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,MAAM,WAAW,GAAG,gBAAgB,GAAG,mBAAmB,CAAC;AAEjE,MAAM,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;AAEjD,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE;QACL,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAClE;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC;QACxB,GAAG,EAAE,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC,8BAA8B,CAAC,CAAC;KAC5E,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE;QACJ,GAAG,CAAC,KAAK,EAAE;YAAE,IAAI,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAA;aAAE,CAAC;YAAC,IAAI,EAAE,gBAAgB,CAAA;SAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KAC7E,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;QAC/E,OAAO,EAAE,UAAU,EAAE,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,gBAAgB,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;CAC5B"}

package/dist/src/plugin/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/src/plugin/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugin/types.ts"],"names":[],"mappings":""}

package/dist/src/plugin.d.ts

@@ -0,0 +1,8 @@
+import type { PluginContext, PluginResult } from "./plugin/types";
+/**
+ * Creates an Antigravity OAuth plugin for a specific provider ID.
+ */
+export declare const createAntigravityPlugin: (providerId: string) => ({ client }: PluginContext) => Promise<PluginResult>;
+export declare const AntigravityCLIOAuthPlugin: ({ client }: PluginContext) => Promise<PluginResult>;
+export declare const GoogleOAuthPlugin: ({ client }: PluginContext) => Promise<PluginResult>;
+//# sourceMappingURL=plugin.d.ts.map

package/dist/src/plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/plugin.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAGV,aAAa,EACb,YAAY,EAGb,MAAM,gBAAgB,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,uBAAuB,GAAI,YAAY,MAAM,MACxD,YAAY,aAAa,KACxB,OAAO,CAAC,YAAY,CA6SrB,CAAC;AAEH,eAAO,MAAM,yBAAyB,eAhTxB,aAAa,KACxB,OAAO,CAAC,YAAY,CA+SkE,CAAC;AAC1F,eAAO,MAAM,iBAAiB,eAjThB,aAAa,KACxB,OAAO,CAAC,YAAY,CAgTmC,CAAC"}