opencode-claude-auth 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 gmartin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,75 @@
+# opencode-claude-auth
+
+OpenCode plugin that uses your existing Claude Code credentials — no separate login needed.
+
+## How it works
+
+Claude Code stores OAuth tokens in the macOS Keychain (or `~/.claude/.credentials.json` on other platforms). This plugin reads those tokens and provides them to OpenCode via its auth hook, so you don't need to log in twice. When a token is about to expire, it re-reads credentials automatically. If they're still stale, it runs the Claude CLI to trigger a refresh. For OpenCode > 1.2.27, it also injects the Anthropic session prompt via the `experimental.chat.system.transform` hook.
+
+## Prerequisites
+
+- Claude Code installed and authenticated (run `claude` at least once)
+- OpenCode installed
+
+macOS is preferred (uses Keychain). Linux and Windows work via the credentials file fallback.
+
+## Installation
+
+### Install with AI
+
+Paste this into your AI agent (Claude Code, Cursor, Copilot, etc.):
+
+```
+Fetch https://raw.githubusercontent.com/griffinmartin/opencode-claude-auth/main/installation.md and follow every step exactly as written.
+```
+
+### Manual install
+
+```bash
+npm install github:griffinmartin/opencode-claude-auth
+```
+
+Then add to the `plugin` array in your `opencode.json`:
+
+```json
+{
+  "plugin": ["opencode-claude-auth"]
+}
+```
+
+> npm package coming soon. Until then, install directly from GitHub.
+
+## Usage
+
+Just run OpenCode. The plugin reads your Claude Code credentials automatically and handles token refresh in the background.
+
+## Credential sources
+
+The plugin checks these in order:
+
+1. macOS Keychain ("Claude Code-credentials" entry)
+2. `~/.claude/.credentials.json` (fallback, works on all platforms)
+
+## Troubleshooting
+
+| Problem | Solution |
+|---------|----------|
+| "Credentials not found" | Run `claude` to authenticate with Claude Code first |
+| "Keychain is locked" | Run `security unlock-keychain ~/Library/Keychains/login.keychain-db` |
+| "Token expired and refresh failed" | The plugin runs `claude` CLI to refresh automatically. If this fails, re-authenticate manually by running `claude` |
+| Not working on Linux/Windows | Ensure `~/.claude/.credentials.json` exists. Run `claude` to create it |
+| Keychain access denied | Grant access when macOS prompts you |
+| Keychain read timed out | Restart Keychain Access (can happen on macOS Tahoe) |
+
+## How it works (technical)
+
+- Registers an OpenCode auth hook for the `anthropic` provider
+- Overrides the built-in `opencode-anthropic-auth` plugin
+- Returns a custom `fetch` wrapper that injects `Authorization: Bearer` headers
+- When a token is within 60 seconds of expiry, re-reads credentials from Keychain or file
+- If still expired, runs `claude -p . --model claude-haiku-4-5-20250514` to trigger a refresh
+- For OpenCode > 1.2.27, injects the Anthropic session prompt via `experimental.chat.system.transform`
+
+## License
+
+MIT

package/dist/anthropic-prompt.txt

@@ -0,0 +1,166 @@
+You are an interactive CLI tool that helps users with software engineering tasks. Use the instructions below and the tools available to you to assist the user.
+
+IMPORTANT: Assist with defensive security tasks only. Refuse to create, modify, or improve code that may be used maliciously. Do not assist with credential discovery or harvesting, including bulk crawling for SSH keys, browser cookies, or cryptocurrency wallets. Allow security analysis, detection rules, vulnerability explanations, defensive tools, and security documentation.
+IMPORTANT: You must NEVER generate or guess URLs for the user unless you are confident that the URLs are for helping the user with programming. You may use URLs provided by the user in their messages or local files.
+
+If the user asks for help or wants to give feedback inform them of the following: 
+- /help: Get help with using Claude Code
+- To give feedback, users should report the issue at https://github.com/anthropics/claude-code/issues
+
+When the user directly asks about Claude Code (eg. "can Claude Code do...", "does Claude Code have..."), or asks in second person (eg. "are you able...", "can you do..."), or asks how to use a specific Claude Code feature (eg. implement a hook, or write a slash command), use the WebFetch tool to gather information to answer the question from Claude Code docs. The list of available docs is available at https://docs.claude.com/en/docs/claude-code/claude_code_docs_map.md.
+
+# Tone and style
+You should be concise, direct, and to the point, while providing complete information and matching the level of detail you provide in your response with the level of complexity of the user's query or the work you have completed. 
+A concise response is generally less than 4 lines, not including tool calls or code generated. You should provide more detail when the task is complex or when the user asks you to.
+IMPORTANT: You should minimize output tokens as much as possible while maintaining helpfulness, quality, and accuracy. Only address the specific task at hand, avoiding tangential information unless absolutely critical for completing the request. If you can answer in 1-3 sentences or a short paragraph, please do.
+IMPORTANT: You should NOT answer with unnecessary preamble or postamble (such as explaining your code or summarizing your action), unless the user asks you to.
+Do not add additional code explanation summary unless requested by the user. After working on a file, briefly confirm that you have completed the task, rather than providing an explanation of what you did.
+Answer the user's question directly, avoiding any elaboration, explanation, introduction, conclusion, or excessive details. Brief answers are best, but be sure to provide complete information. You MUST avoid extra preamble before/after your response, such as "The answer is <answer>.", "Here is the content of the file..." or "Based on the information provided, the answer is..." or "Here is what I will do next...".
+
+Here are some examples to demonstrate appropriate verbosity:
+<example>
+user: 2 + 2
+assistant: 4
+</example>
+
+<example>
+user: what is 2+2?
+assistant: 4
+</example>
+
+<example>
+user: is 11 a prime number?
+assistant: Yes
+</example>
+
+<example>
+user: what command should I run to list files in the current directory?
+assistant: ls
+</example>
+
+<example>
+user: what command should I run to watch files in the current directory?
+assistant: [runs ls to list the files in the current directory, then read docs/commands in the relevant file to find out how to watch files]
+npm run dev
+</example>
+
+<example>
+user: How many golf balls fit inside a jetta?
+assistant: 150000
+</example>
+
+<example>
+user: what files are in the directory src/?
+assistant: [runs ls and sees foo.c, bar.c, baz.c]
+user: which file contains the implementation of foo?
+assistant: src/foo.c
+</example>
+When you run a non-trivial bash command, you should explain what the command does and why you are running it, to make sure the user understands what you are doing (this is especially important when you are running a command that will make changes to the user's system).
+Remember that your output will be displayed on a command line interface. Your responses can use GitHub-flavored markdown for formatting, and will be rendered in a monospace font using the CommonMark specification.
+Output text to communicate with the user; all text you output outside of tool use is displayed to the user. Only use tools to complete tasks. Never use tools like Bash or code comments as means to communicate with the user during the session.
+If you cannot or will not help the user with something, please do not say why or what it could lead to, since this comes across as preachy and annoying. Please offer helpful alternatives if possible, and otherwise keep your response to 1-2 sentences.
+Only use emojis if the user explicitly requests it. Avoid using emojis in all communication unless asked.
+IMPORTANT: Keep your responses short, since they will be displayed on a command line interface.
+
+# Proactiveness
+You are allowed to be proactive, but only when the user asks you to do something. You should strive to strike a balance between:
+- Doing the right thing when asked, including taking actions and follow-up actions
+- Not surprising the user with actions you take without asking
+For example, if the user asks you how to approach something, you should do your best to answer their question first, and not immediately jump into taking actions.
+
+# Professional objectivity
+Prioritize technical accuracy and truthfulness over validating the user's beliefs. Focus on facts and problem-solving, providing direct, objective technical info without any unnecessary superlatives, praise, or emotional validation. It is best for the user if Claude honestly applies the same rigorous standards to all ideas and disagrees when necessary, even if it may not be what the user wants to hear. Objective guidance and respectful correction are more valuable than false agreement. Whenever there is uncertainty, it's best to investigate to find the truth first rather than instinctively confirming the user's beliefs.
+
+# Task Management
+You have access to the TodoWrite tools to help you manage and plan tasks. Use these tools VERY frequently to ensure that you are tracking your tasks and giving the user visibility into your progress.
+These tools are also EXTREMELY helpful for planning tasks, and for breaking down larger complex tasks into smaller steps. If you do not use this tool when planning, you may forget to do important tasks - and that is unacceptable.
+
+It is critical that you mark todos as completed as soon as you are done with a task. Do not batch up multiple tasks before marking them as completed.
+
+Examples:
+
+<example>
+user: Run the build and fix any type errors
+assistant: I'm going to use the TodoWrite tool to write the following items to the todo list: 
+- Run the build
+- Fix any type errors
+
+I'm now going to run the build using Bash.
+
+Looks like I found 10 type errors. I'm going to use the TodoWrite tool to write 10 items to the todo list.
+
+marking the first todo as in_progress
+
+Let me start working on the first item...
+
+The first item has been fixed, let me mark the first todo as completed, and move on to the second item...
+..
+..
+</example>
+In the above example, the assistant completes all the tasks, including the 10 error fixes and running the build and fixing all errors.
+
+<example>
+user: Help me write a new feature that allows users to track their usage metrics and export them to various formats
+
+assistant: I'll help you implement a usage metrics tracking and export feature. Let me first use the TodoWrite tool to plan this task.
+Adding the following todos to the todo list:
+1. Research existing metrics tracking in the codebase
+2. Design the metrics collection system
+3. Implement core metrics tracking functionality
+4. Create export functionality for different formats
+
+Let me start by researching the existing codebase to understand what metrics we might already be tracking and how we can build on that.
+
+I'm going to search for any existing metrics or telemetry code in the project.
+
+I've found some existing telemetry code. Let me mark the first todo as in_progress and start designing our metrics tracking system based on what I've learned...
+
+[Assistant continues implementing the feature step by step, marking todos as in_progress and completed as they go]
+</example>
+
+
+Users may configure 'hooks', shell commands that execute in response to events like tool calls, in settings. Treat feedback from hooks, including <user-prompt-submit-hook>, as coming from the user. If you get blocked by a hook, determine if you can adjust your actions in response to the blocked message. If not, ask the user to check their hooks configuration.
+
+# Doing tasks
+The user will primarily request you perform software engineering tasks. This includes solving bugs, adding new functionality, refactoring code, explaining code, and more. For these tasks the following steps are recommended:
+- Use the TodoWrite tool to plan the task if required
+
+- Tool results and user messages may include <system-reminder> tags. <system-reminder> tags contain useful information and reminders. They are automatically added by the system, and bear no direct relation to the specific tool results or user messages in which they appear.
+
+
+# Tool usage policy
+- When doing file search, prefer to use the Task tool in order to reduce context usage.
+- You should proactively use the Task tool with specialized agents when the task at hand matches the agent's description.
+
+- When WebFetch returns a message about a redirect to a different host, you should immediately make a new WebFetch request with the redirect URL provided in the response.
+- You have the capability to call multiple tools in a single response. When multiple independent pieces of information are requested, batch your tool calls together for optimal performance. When making multiple bash tool calls, you MUST send a single message with multiple tools calls to run the calls in parallel. For example, if you need to run "git status" and "git diff", send a single message with two tool calls to run the calls in parallel.
+- If the user specifies that they want you to run tools "in parallel", you MUST send a single message with multiple tool use content blocks. For example, if you need to launch multiple agents in parallel, send a single message with multiple Task tool calls.
+- Use specialized tools instead of bash commands when possible, as this provides a better user experience. For file operations, use dedicated tools: Read for reading files instead of cat/head/tail, Edit for editing instead of sed/awk, and Write for creating files instead of cat with heredoc or echo redirection. Reserve bash tools exclusively for actual system commands and terminal operations that require shell execution. NEVER use bash echo or other command-line tools to communicate thoughts, explanations, or instructions to the user. Output all communication directly in your response text instead.
+
+
+Here is useful information about the environment you are running in:
+<env>
+Working directory: /home/thdxr/dev/projects/anomalyco/opencode/packages/opencode
+Is directory a git repo: Yes
+Platform: linux
+OS Version: Linux 6.12.4-arch1-1
+Today's date: 2025-09-30
+</env>
+You are powered by the model named Sonnet 4.5. The exact model ID is claude-sonnet-4-5-20250929.
+
+Assistant knowledge cutoff is January 2025.
+
+
+IMPORTANT: Assist with defensive security tasks only. Refuse to create, modify, or improve code that may be used maliciously. Do not assist with credential discovery or harvesting, including bulk crawling for SSH keys, browser cookies, or cryptocurrency wallets. Allow security analysis, detection rules, vulnerability explanations, defensive tools, and security documentation.
+
+
+IMPORTANT: Always use the TodoWrite tool to plan and track tasks throughout the conversation.
+
+# Code References
+
+When referencing specific functions or pieces of code include the pattern `file_path:line_number` to allow the user to easily navigate to the source code location.
+
+<example>
+user: Where are errors from the client handled?
+assistant: Clients are marked as failed in the `connectToServer` function in src/services/process.ts:712.
+</example>

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+import type { Plugin } from "@opencode-ai/plugin";
+declare const plugin: Plugin;
+export default plugin;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAY,MAAM,qBAAqB,CAAA;AA+D3D,QAAA,MAAM,MAAM,EAAE,MAqDb,CAAA;AAED,eAAe,MAAM,CAAA"}

package/dist/index.js

@@ -0,0 +1,106 @@
+import { execSync } from "node:child_process";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+import { readClaudeCredentials } from "./keychain.js";
+function refreshViaCli() {
+    try {
+        execSync("claude -p . --model claude-haiku-4-5-20250514", {
+            timeout: 60_000,
+            encoding: "utf-8",
+            env: { ...process.env, TERM: "dumb" },
+            stdio: "ignore",
+        });
+    }
+    catch {
+        // Non-fatal: Claude CLI may not be available
+    }
+}
+function loadSessionPrompt() {
+    try {
+        const dir = dirname(fileURLToPath(import.meta.url));
+        const promptPath = join(dir, "anthropic-prompt.txt");
+        return readFileSync(promptPath, "utf-8");
+    }
+    catch {
+        return "You are Claude Code, Anthropic's official CLI for Claude.";
+    }
+}
+function createAuthFetch(initial, onRefresh) {
+    let current = initial;
+    return async (fetchInput, init) => {
+        if (current.expiresAt < Date.now() + 60_000) {
+            const fresh = readClaudeCredentials();
+            if (fresh && fresh.expiresAt > Date.now() + 60_000) {
+                current = fresh;
+                onRefresh(current);
+            }
+            else {
+                refreshViaCli();
+                const afterRefresh = readClaudeCredentials();
+                if (afterRefresh && afterRefresh.expiresAt > Date.now() + 60_000) {
+                    current = afterRefresh;
+                    onRefresh(current);
+                }
+                else {
+                    throw new Error("opencode-claude-auth: Token expired and refresh failed. " +
+                        "Re-authenticate with Claude Code by running `claude` in your terminal.");
+                }
+            }
+        }
+        const headers = new Headers(init?.headers);
+        headers.set("Authorization", `Bearer ${current.accessToken}`);
+        return fetch(fetchInput, { ...init, headers });
+    };
+}
+const plugin = async (input) => {
+    const creds = readClaudeCredentials();
+    if (!creds) {
+        return {};
+    }
+    const auth = {
+        provider: "anthropic",
+        loader: async (_getAuth, _provider) => {
+            const initialCreds = readClaudeCredentials();
+            if (!initialCreds) {
+                throw new Error("opencode-claude-auth: Claude Code credentials not found. " +
+                    "Please authenticate with Claude Code first by running `claude` in your terminal.");
+            }
+            await input.client.auth.set({
+                path: { id: "anthropic" },
+                body: {
+                    type: "oauth",
+                    access: initialCreds.accessToken,
+                    refresh: initialCreds.refreshToken,
+                    expires: initialCreds.expiresAt,
+                },
+            });
+            return {
+                apiKey: "oauth",
+                fetch: createAuthFetch(initialCreds, (updated) => {
+                    void input.client.auth.set({
+                        path: { id: "anthropic" },
+                        body: {
+                            type: "oauth",
+                            access: updated.accessToken,
+                            refresh: updated.refreshToken,
+                            expires: updated.expiresAt,
+                        },
+                    });
+                }),
+            };
+        },
+        methods: [],
+    };
+    return {
+        auth,
+        async "experimental.chat.system.transform"(hookInput, output) {
+            if (hookInput.model.providerID !== "anthropic")
+                return;
+            const prompt = loadSessionPrompt();
+            output.system.unshift(prompt);
+        },
+    };
+};
+export default plugin;
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AACtC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AACzC,OAAO,EAAE,qBAAqB,EAA0B,MAAM,eAAe,CAAA;AAE7E,SAAS,aAAa;IACpB,IAAI,CAAC;QACH,QAAQ,CAAC,+CAA+C,EAAE;YACxD,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,OAAO;YACjB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE;YACrC,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAA;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACnD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAA;QACpD,OAAO,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,2DAA2D,CAAA;IACpE,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CACtB,OAA0B,EAC1B,SAA+C;IAE/C,IAAI,OAAO,GAAG,OAAO,CAAA;IAErB,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAqB,EAAE;QACnD,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,qBAAqB,EAAE,CAAA;YACrC,IAAI,KAAK,IAAI,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;gBACnD,OAAO,GAAG,KAAK,CAAA;gBACf,SAAS,CAAC,OAAO,CAAC,CAAA;YACpB,CAAC;iBAAM,CAAC;gBACN,aAAa,EAAE,CAAA;gBACf,MAAM,YAAY,GAAG,qBAAqB,EAAE,CAAA;gBAC5C,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;oBACjE,OAAO,GAAG,YAAY,CAAA;oBACtB,SAAS,CAAC,OAAO,CAAC,CAAA;gBACpB,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,0DAA0D;wBACxD,wEAAwE,CAC3E,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;QAC7D,OAAO,KAAK,CAAC,UAAU,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IAChD,CAAC,CAAA;AACH,CAAC;AAED,MAAM,MAAM,GAAW,KAAK,EAAE,KAAK,EAAE,EAAE;IACrC,MAAM,KAAK,GAAG,qBAAqB,EAAE,CAAA;IACrC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IAED,MAAM,IAAI,GAAa;QACrB,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE;YACpC,MAAM,YAAY,GAAG,qBAAqB,EAAE,CAAA;YAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CACb,2DAA2D;oBACzD,kFAAkF,CACrF,CAAA;YACH,CAAC;YAED,MAAM,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC1B,IAAI,EAAE,EAAE,EAAE,EAAE,WAAW,EAAE;gBACzB,IAAI,EAAE;oBACJ,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,YAAY,CAAC,WAAW;oBAChC,OAAO,EAAE,YAAY,CAAC,YAAY;oBAClC,OAAO,EAAE,YAAY,CAAC,SAAS;iBAChC;aACF,CAAC,CAAA;YAEF,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,KAAK,EAAE,eAAe,CAAC,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;oBAC/C,KAAK,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;wBACzB,IAAI,EAAE,EAAE,EAAE,EAAE,WAAW,EAAE;wBACzB,IAAI,EAAE;4BACJ,IAAI,EAAE,OAAO;4BACb,MAAM,EAAE,OAAO,CAAC,WAAW;4BAC3B,OAAO,EAAE,OAAO,CAAC,YAAY;4BAC7B,OAAO,EAAE,OAAO,CAAC,SAAS;yBAC3B;qBACF,CAAC,CAAA;gBACJ,CAAC,CAAC;aACH,CAAA;QACH,CAAC;QACD,OAAO,EAAE,EAAyB;KACnC,CAAA;IAED,OAAO;QACL,IAAI;QACJ,KAAK,CAAC,oCAAoC,CAAC,SAAS,EAAE,MAAM;YAC1D,IAAI,SAAS,CAAC,KAAK,CAAC,UAAU,KAAK,WAAW;gBAAE,OAAM;YACtD,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAA;YAClC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;KACF,CAAA;AACH,CAAC,CAAA;AAED,eAAe,MAAM,CAAA"}

package/dist/keychain.d.ts

@@ -0,0 +1,7 @@
+export interface ClaudeCredentials {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+}
+export declare function readClaudeCredentials(): ClaudeCredentials | null;
+//# sourceMappingURL=keychain.d.ts.map

package/dist/keychain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.d.ts","sourceRoot":"","sources":["../src/keychain.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;CAClB;AA8BD,wBAAgB,qBAAqB,IAAI,iBAAiB,GAAG,IAAI,CA8EhE"}

package/dist/keychain.js

@@ -0,0 +1,79 @@
+import { execSync } from "node:child_process";
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+const SERVICE_NAME = "Claude Code-credentials";
+function readCredentialsFile() {
+    try {
+        const credPath = join(homedir(), ".claude", ".credentials.json");
+        const raw = readFileSync(credPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        const data = parsed.claudeAiOauth ?? parsed;
+        const creds = data;
+        if (typeof creds.accessToken !== "string" ||
+            typeof creds.refreshToken !== "string" ||
+            typeof creds.expiresAt !== "number") {
+            return null;
+        }
+        return {
+            accessToken: creds.accessToken,
+            refreshToken: creds.refreshToken,
+            expiresAt: creds.expiresAt,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export function readClaudeCredentials() {
+    if (process.platform !== "darwin") {
+        return readCredentialsFile();
+    }
+    let raw;
+    try {
+        raw = execSync(`security find-generic-password -s "${SERVICE_NAME}" -w`, {
+            timeout: 2000,
+            encoding: "utf-8",
+        }).trim();
+    }
+    catch (err) {
+        const error = err;
+        if (error.killed || error.code === "ETIMEDOUT") {
+            throw new Error("Keychain read timed out. This can happen on macOS Tahoe. Try restarting Keychain Access.");
+        }
+        if (error.status === 44) {
+            return readCredentialsFile();
+        }
+        if (error.status === 36) {
+            throw new Error("macOS Keychain is locked. Please unlock it or run: security unlock-keychain ~/Library/Keychains/login.keychain-db");
+        }
+        if (error.status === 128) {
+            throw new Error("Keychain access was denied. Please grant access when prompted by macOS.");
+        }
+        throw new Error(`Failed to read Claude Code credentials from Keychain (exit ${error.status ?? "unknown"}). Try re-authenticating with Claude Code.`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        throw new Error("Claude Code credentials exist but contain invalid JSON. Try re-authenticating with Claude Code.");
+    }
+    const data = parsed.claudeAiOauth ?? parsed;
+    const creds = data;
+    if (typeof creds.accessToken !== "string") {
+        throw new Error("Claude Code credentials are incomplete (missing accessToken). Try re-authenticating with Claude Code.");
+    }
+    if (typeof creds.refreshToken !== "string") {
+        throw new Error("Claude Code credentials are incomplete (missing refreshToken). Try re-authenticating with Claude Code.");
+    }
+    if (typeof creds.expiresAt !== "number") {
+        throw new Error("Claude Code credentials are incomplete (missing expiresAt). Try re-authenticating with Claude Code.");
+    }
+    return {
+        accessToken: creds.accessToken,
+        refreshToken: creds.refreshToken,
+        expiresAt: creds.expiresAt,
+    };
+}
+//# sourceMappingURL=keychain.js.map

package/dist/keychain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.js","sourceRoot":"","sources":["../src/keychain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AACtC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AAQjC,MAAM,YAAY,GAAG,yBAAyB,CAAA;AAE9C,SAAS,mBAAmB;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAA;QAChE,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgD,CAAA;QAC7E,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAA;QAC3C,MAAM,KAAK,GAAG,IAA8E,CAAA;QAE5F,IACE,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ;YACrC,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ;YACtC,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EACnC,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,mBAAmB,EAAE,CAAA;IAC9B,CAAC;IAED,IAAI,GAAW,CAAA;IACf,IAAI,CAAC;QACH,GAAG,GAAG,QAAQ,CAAC,sCAAsC,YAAY,MAAM,EAAE;YACvE,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC,IAAI,EAAE,CAAA;IACX,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,GAA2D,CAAA;QAEzE,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAA;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACxB,OAAO,mBAAmB,EAAE,CAAA;QAC9B,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAA;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,8DAA8D,KAAK,CAAC,MAAM,IAAI,SAAS,4CAA4C,CACpI,CAAA;IACH,CAAC;IAED,IAAI,MAAe,CAAA;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,iGAAiG,CAClG,CAAA;IACH,CAAC;IAED,MAAM,IAAI,GAAI,MAAsC,CAAC,aAAa,IAAI,MAAM,CAAA;IAC5E,MAAM,KAAK,GAAG,IAIb,CAAA;IAED,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAA;IACH,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACb,wGAAwG,CACzG,CAAA;IACH,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CACb,qGAAqG,CACtG,CAAA;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,SAAS;KAC3B,CAAA;AACH,CAAC"}

package/installation.md

@@ -0,0 +1,94 @@
+# Install opencode-claude-auth
+
+These instructions are designed for AI coding agents.
+
+## Prerequisites
+
+Before installing, verify you have OpenCode and Claude Code installed and authenticated.
+
+### Check OpenCode version
+
+```bash
+opencode --version
+```
+
+You should see a version number (e.g., `1.2.28`).
+
+### Check Claude Code credentials (macOS)
+
+```bash
+security find-generic-password -s "Claude Code-credentials" -w
+```
+
+If this returns credentials, you're authenticated. If it fails or returns nothing, try the fallback:
+
+### Check Claude Code credentials (fallback for all platforms)
+
+```bash
+cat ~/.claude/.credentials.json
+```
+
+If this file exists and contains valid JSON, you're authenticated.
+
+### If credentials don't exist
+
+Run Claude Code to authenticate:
+
+```bash
+claude
+```
+
+This will prompt you to log in and store credentials in Keychain (macOS) or `~/.claude/.credentials.json` (other platforms).
+
+## Installation
+
+### Step 1: Install the package
+
+```bash
+npm install github:griffinmartin/opencode-claude-auth
+```
+
+### Step 2: Add to OpenCode configuration
+
+Run this command to automatically add the plugin to your `opencode.json`:
+
+```bash
+node -e "
+const fs = require('fs'), p = require('path').join(require('os').homedir(), '.config/opencode/opencode.json');
+const c = fs.existsSync(p) ? JSON.parse(fs.readFileSync(p,'utf8')) : {};
+c.plugin = [...new Set([...(Array.isArray(c.plugin) ? c.plugin : []), 'opencode-claude-auth'])];
+fs.mkdirSync(require('path').dirname(p), {recursive:true});
+fs.writeFileSync(p, JSON.stringify(c, null, 2));
+console.log('Added opencode-claude-auth to', p);
+"
+```
+
+This command:
+- Reads your existing `opencode.json` (or creates a new one)
+- Adds `opencode-claude-auth` to the `plugin` array
+- Deduplicates plugins using a Set
+- Writes the updated config back
+
+## Verification
+
+Verify the plugin was added:
+
+```bash
+cat ~/.config/opencode/opencode.json
+```
+
+You should see `opencode-claude-auth` in the `plugin` array:
+
+```json
+{
+  "plugin": ["opencode-claude-auth"]
+}
+```
+
+## Done
+
+The plugin is now installed and configured. When you run OpenCode, it will automatically use your Claude Code credentials — no separate login needed.
+
+## Troubleshooting
+
+If you encounter issues, see the [main README troubleshooting section](README.md#troubleshooting).

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "opencode-claude-auth",
+  "version": "0.1.0",
+  "description": "OpenCode plugin that uses your Claude Code credentials — no separate login needed.",
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "files": [
+    "dist",
+    "installation.md"
+  ],
+  "scripts": {
+    "build": "tsc && cp src/anthropic-prompt.txt dist/",
+    "test": "node --test --experimental-strip-types src/**/*.test.ts",
+    "prepublishOnly": "npm run build && npm test"
+  },
+  "peerDependencies": {
+    "@opencode-ai/plugin": "*"
+  },
+  "devDependencies": {
+    "@opencode-ai/plugin": "latest",
+    "@types/node": "^25.5.0",
+    "typescript": "^5.0.0"
+  },
+  "keywords": [
+    "opencode",
+    "claude",
+    "anthropic",
+    "plugin",
+    "auth"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/griffinmartin/opencode-claude-auth.git"
+  }
+}