opencode-codex-auth-rotation 1.0.0

package/config/opencode-modern.json

@@ -0,0 +1,239 @@
+{
+  "$schema": "https://opencode.ai/config.json",
+  "plugin": [
+    "opencode-openai-codex-auth"
+  ],
+  "provider": {
+    "openai": {
+      "options": {
+        "reasoningEffort": "medium",
+        "reasoningSummary": "auto",
+        "textVerbosity": "medium",
+        "include": [
+          "reasoning.encrypted_content"
+        ],
+        "store": false
+      },
+      "models": {
+        "gpt-5.2": {
+          "name": "GPT 5.2 (OAuth)",
+          "limit": {
+            "context": 272000,
+            "output": 128000
+          },
+          "modalities": {
+            "input": [
+              "text",
+              "image"
+            ],
+            "output": [
+              "text"
+            ]
+          },
+          "variants": {
+            "none": {
+              "reasoningEffort": "none",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "low": {
+              "reasoningEffort": "low",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "medium": {
+              "reasoningEffort": "medium",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "high": {
+              "reasoningEffort": "high",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            },
+            "xhigh": {
+              "reasoningEffort": "xhigh",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            }
+          }
+        },
+        "gpt-5.2-codex": {
+          "name": "GPT 5.2 Codex (OAuth)",
+          "limit": {
+            "context": 272000,
+            "output": 128000
+          },
+          "modalities": {
+            "input": [
+              "text",
+              "image"
+            ],
+            "output": [
+              "text"
+            ]
+          },
+          "variants": {
+            "low": {
+              "reasoningEffort": "low",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "medium": {
+              "reasoningEffort": "medium",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "high": {
+              "reasoningEffort": "high",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            },
+            "xhigh": {
+              "reasoningEffort": "xhigh",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            }
+          }
+        },
+        "gpt-5.1-codex-max": {
+          "name": "GPT 5.1 Codex Max (OAuth)",
+          "limit": {
+            "context": 272000,
+            "output": 128000
+          },
+          "modalities": {
+            "input": [
+              "text",
+              "image"
+            ],
+            "output": [
+              "text"
+            ]
+          },
+          "variants": {
+            "low": {
+              "reasoningEffort": "low",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            },
+            "medium": {
+              "reasoningEffort": "medium",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            },
+            "high": {
+              "reasoningEffort": "high",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            },
+            "xhigh": {
+              "reasoningEffort": "xhigh",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            }
+          }
+        },
+        "gpt-5.1-codex": {
+          "name": "GPT 5.1 Codex (OAuth)",
+          "limit": {
+            "context": 272000,
+            "output": 128000
+          },
+          "modalities": {
+            "input": [
+              "text",
+              "image"
+            ],
+            "output": [
+              "text"
+            ]
+          },
+          "variants": {
+            "low": {
+              "reasoningEffort": "low",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "medium": {
+              "reasoningEffort": "medium",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "high": {
+              "reasoningEffort": "high",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            }
+          }
+        },
+        "gpt-5.1-codex-mini": {
+          "name": "GPT 5.1 Codex Mini (OAuth)",
+          "limit": {
+            "context": 272000,
+            "output": 128000
+          },
+          "modalities": {
+            "input": [
+              "text",
+              "image"
+            ],
+            "output": [
+              "text"
+            ]
+          },
+          "variants": {
+            "medium": {
+              "reasoningEffort": "medium",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "high": {
+              "reasoningEffort": "high",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "medium"
+            }
+          }
+        },
+        "gpt-5.1": {
+          "name": "GPT 5.1 (OAuth)",
+          "limit": {
+            "context": 272000,
+            "output": 128000
+          },
+          "modalities": {
+            "input": [
+              "text",
+              "image"
+            ],
+            "output": [
+              "text"
+            ]
+          },
+          "variants": {
+            "none": {
+              "reasoningEffort": "none",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "low": {
+              "reasoningEffort": "low",
+              "reasoningSummary": "auto",
+              "textVerbosity": "low"
+            },
+            "medium": {
+              "reasoningEffort": "medium",
+              "reasoningSummary": "auto",
+              "textVerbosity": "medium"
+            },
+            "high": {
+              "reasoningEffort": "high",
+              "reasoningSummary": "detailed",
+              "textVerbosity": "high"
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/index.d.ts

@@ -0,0 +1,42 @@
+/**
+ * OpenAI ChatGPT (Codex) OAuth Authentication Plugin for opencode
+ *
+ * COMPLIANCE NOTICE:
+ * This plugin uses OpenAI's official OAuth authentication flow (the same method
+ * used by OpenAI's official Codex CLI at https://github.com/openai/codex).
+ *
+ * INTENDED USE: Personal development and coding assistance with your own
+ * ChatGPT Plus/Pro subscription.
+ *
+ * NOT INTENDED FOR: Commercial resale, multi-user services, high-volume
+ * automated extraction, or any use that violates OpenAI's Terms of Service.
+ *
+ * Users are responsible for ensuring their usage complies with:
+ * - OpenAI Terms of Use: https://openai.com/policies/terms-of-use/
+ * - OpenAI Usage Policies: https://openai.com/policies/usage-policies/
+ *
+ * For production applications, use the OpenAI Platform API: https://platform.openai.com/
+ *
+ * @license MIT with Usage Disclaimer (see LICENSE file)
+ * @author numman-ali
+ * @repository https://github.com/numman-ali/opencode-openai-codex-auth
+ */
+import type { Plugin } from "@opencode-ai/plugin";
+/**
+ * OpenAI Codex OAuth authentication plugin for opencode
+ *
+ * This plugin enables opencode to use OpenAI's Codex backend via ChatGPT Plus/Pro
+ * OAuth authentication, allowing users to leverage their ChatGPT subscription
+ * instead of OpenAI Platform API credits.
+ *
+ * @example
+ * ```json
+ * {
+ *   "plugin": ["opencode-openai-codex-auth"],
+ *   "model": "openai/gpt-5-codex"
+ * }
+ * ```
+ */
+export declare const OpenAIAuthPlugin: Plugin;
+export default OpenAIAuthPlugin;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAe,MAAM,qBAAqB,CAAC;AA2C/D;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAmU9B,CAAC;AAEF,eAAe,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,299 @@
+/**
+ * OpenAI ChatGPT (Codex) OAuth Authentication Plugin for opencode
+ *
+ * COMPLIANCE NOTICE:
+ * This plugin uses OpenAI's official OAuth authentication flow (the same method
+ * used by OpenAI's official Codex CLI at https://github.com/openai/codex).
+ *
+ * INTENDED USE: Personal development and coding assistance with your own
+ * ChatGPT Plus/Pro subscription.
+ *
+ * NOT INTENDED FOR: Commercial resale, multi-user services, high-volume
+ * automated extraction, or any use that violates OpenAI's Terms of Service.
+ *
+ * Users are responsible for ensuring their usage complies with:
+ * - OpenAI Terms of Use: https://openai.com/policies/terms-of-use/
+ * - OpenAI Usage Policies: https://openai.com/policies/usage-policies/
+ *
+ * For production applications, use the OpenAI Platform API: https://platform.openai.com/
+ *
+ * @license MIT with Usage Disclaimer (see LICENSE file)
+ * @author numman-ali
+ * @repository https://github.com/numman-ali/opencode-openai-codex-auth
+ */
+import { createAuthorizationFlow, decodeJWT, exchangeAuthorizationCode, parseAuthorizationInput, REDIRECT_URI, } from "./lib/auth/auth.js";
+import { openBrowserUrl } from "./lib/auth/browser.js";
+import { startLocalOAuthServer } from "./lib/auth/server.js";
+import { getCodexMode, getStrategy, getPidOffset, loadPluginConfig } from "./lib/config.js";
+import { AUTH_LABELS, CODEX_BASE_URL, DUMMY_API_KEY, ERROR_MESSAGES, JWT_CLAIM_PATH, LOG_STAGES, PLUGIN_NAME, PROVIDER_ID, } from "./lib/constants.js";
+import { logRequest, logDebug } from "./lib/logger.js";
+import { createCodexHeaders, extractRequestUrl, handleErrorResponse, handleSuccessResponse, refreshAndUpdateToken, rewriteUrlForCodex, shouldRefreshToken, transformRequestForCodex, } from "./lib/request/fetch-helpers.js";
+import { AccountManager } from "./src/plugin/accounts.js";
+import { loadAccounts, saveAccounts } from "./src/plugin/storage.js";
+import { fetchUsageBackground, loadUsageCache, saveUsageCache, selectAccountByUsage, } from "./src/plugin/usage.js";
+/**
+ * OpenAI Codex OAuth authentication plugin for opencode
+ *
+ * This plugin enables opencode to use OpenAI's Codex backend via ChatGPT Plus/Pro
+ * OAuth authentication, allowing users to leverage their ChatGPT subscription
+ * instead of OpenAI Platform API credits.
+ *
+ * @example
+ * ```json
+ * {
+ *   "plugin": ["opencode-openai-codex-auth"],
+ *   "model": "openai/gpt-5-codex"
+ * }
+ * ```
+ */
+export const OpenAIAuthPlugin = async ({ client }) => {
+    const buildManualOAuthFlow = (pkce, url) => ({
+        url,
+        method: "code",
+        instructions: AUTH_LABELS.INSTRUCTIONS_MANUAL,
+        callback: async (input) => {
+            const parsed = parseAuthorizationInput(input);
+            if (!parsed.code) {
+                return { type: "failed" };
+            }
+            const tokens = await exchangeAuthorizationCode(parsed.code, pkce.verifier, REDIRECT_URI);
+            return tokens?.type === "success" ? tokens : { type: "failed" };
+        },
+    });
+    return {
+        auth: {
+            provider: PROVIDER_ID,
+            /**
+             * Loader function that configures OAuth authentication and request handling
+             *
+             * This function:
+             * 1. Validates OAuth authentication
+             * 2. Extracts ChatGPT account ID from access token
+             * 3. Loads user configuration from opencode.json
+             * 4. Fetches Codex system instructions from GitHub (cached)
+             * 5. Returns SDK configuration with custom fetch implementation
+             *
+             * @param getAuth - Function to retrieve current auth state
+             * @param provider - Provider configuration from opencode.json
+             * @returns SDK configuration object or empty object for non-OAuth auth
+             */
+            async loader(getAuth, provider) {
+                const auth = await getAuth();
+                // Only handle OAuth auth type, skip API key auth
+                if (auth.type !== "oauth") {
+                    return {};
+                }
+                // Extract ChatGPT account ID from JWT access token
+                const decoded = decodeJWT(auth.access);
+                const accountId = decoded?.[JWT_CLAIM_PATH]?.chatgpt_account_id;
+                if (!accountId) {
+                    logDebug(`[${PLUGIN_NAME}] ${ERROR_MESSAGES.NO_ACCOUNT_ID} (skipping plugin)`);
+                    return {};
+                }
+                // Extract user configuration (global + per-model options)
+                const providerConfig = provider;
+                const userConfig = {
+                    global: providerConfig?.options || {},
+                    models: providerConfig?.models || {},
+                };
+                // Load plugin configuration and determine CODEX_MODE
+                // Priority: CODEX_MODE env var > config file > default (true)
+                const pluginConfig = loadPluginConfig();
+                const codexMode = getCodexMode(pluginConfig);
+                // Initialize AccountManager with current OAuth account
+                const accountManager = new AccountManager();
+                const storedAccounts = await loadAccounts();
+                const pid = process.pid;
+                const usageCache = loadUsageCache(pid) ?? { accounts: {} };
+                // 사용량 캐시를 프로세스 단위로 초기화합니다.
+                saveUsageCache(pid, usageCache);
+                // Strategy state - initialized once per session
+                const strategy = getStrategy(pluginConfig);
+                const pidOffsetEnabled = getPidOffset(pluginConfig);
+                // Current account index for sticky strategy (module-level state)
+                let currentAccountIndex = null;
+                let pidOffsetApplied = false;
+                // Add current OAuth account first
+                accountManager.addAccount({
+                    id: accountId,
+                    email: decoded?.email || "",
+                    accessToken: auth.access,
+                    refreshToken: auth.refresh,
+                    chatgptAccountId: accountId,
+                    enabled: true,
+                });
+                // Add previously stored accounts (excluding current to avoid duplicates)
+                for (const account of storedAccounts) {
+                    if (account.id !== accountId) {
+                        accountManager.addAccount(account);
+                    }
+                }
+                logDebug(`[${PLUGIN_NAME}] Loaded ${accountManager.getAccountCount()} account(s)`);
+                // Return SDK configuration
+                return {
+                    apiKey: DUMMY_API_KEY,
+                    baseURL: CODEX_BASE_URL,
+                    /**
+                     * Custom fetch implementation for Codex API
+                     *
+                     * Handles:
+                     * - Token refresh when expired
+                     * - URL rewriting for Codex backend
+                     * - Request body transformation
+                     * - OAuth header injection
+                     * - SSE to JSON conversion for non-tool requests
+                     * - Error handling and logging
+                     *
+                     * @param input - Request URL or Request object
+                     * @param init - Request options
+                     * @returns Response from Codex API
+                     */
+                    async fetch(input, init) {
+                        const MAX_RETRIES = accountManager.getAccountCount();
+                        let lastError = null;
+                        for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+                            let currentAuth = await getAuth();
+                            // 사용 가능한 계정 목록을 안전하게 조회합니다.
+                            const accounts = (accountManager
+                                .getAvailableAccounts?.() ?? []);
+                            // Strategy-based account selection
+                            let selectedIndex;
+                            if (strategy === "round-robin") {
+                                selectedIndex = selectAccountByUsage(accounts, usageCache);
+                            }
+                            else {
+                                if (currentAccountIndex === null || currentAccountIndex >= accounts.length) {
+                                    selectedIndex = selectAccountByUsage(accounts, usageCache);
+                                    if (pidOffsetEnabled && !pidOffsetApplied && accounts.length > 1) {
+                                        selectedIndex = (selectedIndex + (process.pid % accounts.length)) % accounts.length;
+                                        pidOffsetApplied = true;
+                                    }
+                                    currentAccountIndex = selectedIndex;
+                                }
+                                else {
+                                    selectedIndex = currentAccountIndex;
+                                }
+                            }
+                            logDebug(`[${PLUGIN_NAME}] Strategy: ${strategy}, Selected account index: ${selectedIndex}`);
+                            const currentAccount = accounts[selectedIndex] ?? null;
+                            if (!currentAccount) {
+                                throw new Error("No available Codex accounts");
+                            }
+                            if (shouldRefreshToken(currentAuth)) {
+                                currentAuth = await refreshAndUpdateToken(currentAuth, client);
+                                if (currentAuth.type === "oauth") {
+                                    currentAccount.accessToken = currentAuth.access;
+                                    currentAccount.refreshToken = currentAuth.refresh;
+                                }
+                            }
+                            const originalUrl = extractRequestUrl(input);
+                            const url = rewriteUrlForCodex(originalUrl);
+                            const originalBody = init?.body ? JSON.parse(init.body) : {};
+                            const isStreaming = originalBody.stream === true;
+                            const transformation = await transformRequestForCodex(init, url, userConfig, codexMode);
+                            const requestInit = transformation?.updatedInit ?? init;
+                            const headers = createCodexHeaders(requestInit, currentAccount.chatgptAccountId, currentAccount.accessToken, {
+                                model: transformation?.body.model,
+                                promptCacheKey: transformation?.body?.prompt_cache_key,
+                            });
+                            const response = await fetch(url, {
+                                ...requestInit,
+                                headers,
+                            });
+                            logRequest(LOG_STAGES.RESPONSE, {
+                                status: response.status,
+                                ok: response.ok,
+                                statusText: response.statusText,
+                                headers: Object.fromEntries(response.headers.entries()),
+                            });
+                            if (response.status === 429) {
+                                const retryAfter = response.headers.get("retry-after");
+                                const resetTime = retryAfter
+                                    ? Date.now() + parseInt(retryAfter, 10) * 1000
+                                    : Date.now() + 60000;
+                                accountManager.updateRateLimitResetTime(currentAccount.id, resetTime);
+                                accountManager.rotateAccount();
+                                if (strategy === "sticky") {
+                                    currentAccountIndex = null;
+                                }
+                                await saveAccounts(accountManager["accounts"] || []);
+                                if (attempt < MAX_RETRIES - 1) {
+                                    logDebug(`[${PLUGIN_NAME}] 429 rate limit, rotating to next account`);
+                                    continue;
+                                }
+                                lastError = new Error("All accounts are rate-limited");
+                                break;
+                            }
+                            if (!response.ok) {
+                                return await handleErrorResponse(response);
+                            }
+                            const successResponse = await handleSuccessResponse(response, isStreaming);
+                            // 성공 응답 후 백그라운드에서 사용량 캐시를 갱신합니다.
+                            fetchUsageBackground(currentAccount.accessToken, currentAccount.id, pid);
+                            return successResponse;
+                        }
+                        throw lastError || new Error("All retry attempts failed");
+                    },
+                };
+            },
+            methods: [
+                {
+                    label: AUTH_LABELS.OAUTH,
+                    type: "oauth",
+                    /**
+                     * OAuth authorization flow
+                     *
+                     * Steps:
+                     * 1. Generate PKCE challenge and state for security
+                     * 2. Start local OAuth callback server on port 1455
+                     * 3. Open browser to OpenAI authorization page
+                     * 4. Wait for user to complete login
+                     * 5. Exchange authorization code for tokens
+                     *
+                     * @returns Authorization flow configuration
+                     */
+                    authorize: async () => {
+                        const { pkce, state, url } = await createAuthorizationFlow();
+                        const serverInfo = await startLocalOAuthServer({ state });
+                        // Attempt to open browser automatically
+                        openBrowserUrl(url);
+                        if (!serverInfo.ready) {
+                            serverInfo.close();
+                            return buildManualOAuthFlow(pkce, url);
+                        }
+                        return {
+                            url,
+                            method: "auto",
+                            instructions: AUTH_LABELS.INSTRUCTIONS,
+                            callback: async () => {
+                                const result = await serverInfo.waitForCode(state);
+                                serverInfo.close();
+                                if (!result) {
+                                    return { type: "failed" };
+                                }
+                                const tokens = await exchangeAuthorizationCode(result.code, pkce.verifier, REDIRECT_URI);
+                                return tokens?.type === "success"
+                                    ? tokens
+                                    : { type: "failed" };
+                            },
+                        };
+                    },
+                },
+                {
+                    label: AUTH_LABELS.OAUTH_MANUAL,
+                    type: "oauth",
+                    authorize: async () => {
+                        const { pkce, url } = await createAuthorizationFlow();
+                        return buildManualOAuthFlow(pkce, url);
+                    },
+                },
+                {
+                    label: AUTH_LABELS.API_KEY,
+                    type: "api",
+                },
+            ],
+        },
+    };
+};
+export default OpenAIAuthPlugin;
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAIH,OAAO,EACN,uBAAuB,EACvB,SAAS,EACT,yBAAyB,EACzB,uBAAuB,EACvB,YAAY,GACZ,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EACN,WAAW,EACX,cAAc,EACd,aAAa,EACb,cAAc,EACd,cAAc,EACd,UAAU,EACV,WAAW,EACX,WAAW,GACX,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACN,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,GACxB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,EACN,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,oBAAoB,GACpB,MAAM,uBAAuB,CAAC;AAE/B;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAW,KAAK,EAAE,EAAE,MAAM,EAAe,EAAE,EAAE;IACzE,MAAM,oBAAoB,GAAG,CAAC,IAA0B,EAAE,GAAW,EAAE,EAAE,CAAC,CAAC;QAC1E,GAAG;QACH,MAAM,EAAE,MAAe;QACvB,YAAY,EAAE,WAAW,CAAC,mBAAmB;QAC7C,QAAQ,EAAE,KAAK,EAAE,KAAa,EAAE,EAAE;YACjC,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBAClB,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAC;YACpC,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC7C,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,QAAQ,EACb,YAAY,CACZ,CAAC;YACF,OAAO,MAAM,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAC;QAC1E,CAAC;KACD,CAAC,CAAC;IACH,OAAO;QACN,IAAI,EAAE;YACL,QAAQ,EAAE,WAAW;YACrB;;;;;;;;;;;;;eAaG;YACJ,KAAK,CAAC,MAAM,CAAC,OAA4B,EAAE,QAAiB;gBAC3D,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;gBAE7B,iDAAiD;gBACjD,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC3B,OAAO,EAAE,CAAC;gBACX,CAAC;gBAED,mDAAmD;gBACnD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACvC,MAAM,SAAS,GAAG,OAAO,EAAE,CAAC,cAAc,CAAC,EAAE,kBAAkB,CAAC;gBAEhE,IAAI,CAAC,SAAS,EAAE,CAAC;oBAChB,QAAQ,CACP,IAAI,WAAW,KAAK,cAAc,CAAC,aAAa,oBAAoB,CACpE,CAAC;oBACF,OAAO,EAAE,CAAC;gBACX,CAAC;gBACD,0DAA0D;gBAC1D,MAAM,cAAc,GAAG,QAEX,CAAC;gBACb,MAAM,UAAU,GAAe;oBAC9B,MAAM,EAAE,cAAc,EAAE,OAAO,IAAI,EAAE;oBACrC,MAAM,EAAE,cAAc,EAAE,MAAM,IAAI,EAAE;iBACpC,CAAC;gBAEF,qDAAqD;gBACrD,8DAA8D;gBAC9D,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;gBACxC,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;gBAE7C,uDAAuD;gBACvD,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;gBAC5C,MAAM,cAAc,GAAG,MAAM,YAAY,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;gBACxB,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;gBAC3D,2BAA2B;gBAC3B,cAAc,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;gBAEhC,gDAAgD;gBAChD,MAAM,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;gBAC3C,MAAM,gBAAgB,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;gBAEpD,iEAAiE;gBACjE,IAAI,mBAAmB,GAAkB,IAAI,CAAC;gBAC9C,IAAI,gBAAgB,GAAG,KAAK,CAAC;gBAE7B,kCAAkC;gBAClC,cAAc,CAAC,UAAU,CAAC;oBACzB,EAAE,EAAE,SAAS;oBACb,KAAK,EAAG,OAAe,EAAE,KAAK,IAAI,EAAE;oBACpC,WAAW,EAAE,IAAI,CAAC,MAAM;oBACxB,YAAY,EAAE,IAAI,CAAC,OAAO;oBAC1B,gBAAgB,EAAE,SAAS;oBAC3B,OAAO,EAAE,IAAI;iBACb,CAAC,CAAC;gBAEH,yEAAyE;gBACzE,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;oBACtC,IAAI,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;wBAC9B,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;oBACpC,CAAC;gBACF,CAAC;gBAED,QAAQ,CAAC,IAAI,WAAW,YAAY,cAAc,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;gBAElF,2BAA2B;gBAC3B,OAAO;oBACN,MAAM,EAAE,aAAa;oBACrB,OAAO,EAAE,cAAc;oBACvB;;;;;;;;;;;;;;uBAcG;oBACJ,KAAK,CAAC,KAAK,CACV,KAA6B,EAC7B,IAAkB;wBAElB,MAAM,WAAW,GAAG,cAAc,CAAC,eAAe,EAAE,CAAC;wBACrD,IAAI,SAAS,GAAiB,IAAI,CAAC;wBAEnC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;4BACxD,IAAI,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;4BAClC,4BAA4B;4BAC7B,MAAM,QAAQ,GACb,CAAE,cAEA;iCACA,oBAAoB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;4BAEnC,mCAAmC;4BACnC,IAAI,aAAqB,CAAC;4BAE1B,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;gCAChC,aAAa,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;4BAC5D,CAAC;iCAAM,CAAC;gCACP,IAAI,mBAAmB,KAAK,IAAI,IAAI,mBAAmB,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oCAC5E,aAAa,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;oCAE3D,IAAI,gBAAgB,IAAI,CAAC,gBAAgB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wCAClE,aAAa,GAAG,CAAC,aAAa,GAAG,CAAC,OAAO,CAAC,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;wCACpF,gBAAgB,GAAG,IAAI,CAAC;oCACzB,CAAC;oCAED,mBAAmB,GAAG,aAAa,CAAC;gCACrC,CAAC;qCAAM,CAAC;oCACP,aAAa,GAAG,mBAAmB,CAAC;gCACrC,CAAC;4BACF,CAAC;4BAED,QAAQ,CAAC,IAAI,WAAW,eAAe,QAAQ,6BAA6B,aAAa,EAAE,CAAC,CAAC;4BAC7F,MAAM,cAAc,GAAG,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC;4BAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;gCACrB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;4BAChD,CAAC;4BAED,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;gCACrC,WAAW,GAAG,MAAM,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;gCAC/D,IAAI,WAAW,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oCAClC,cAAc,CAAC,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC;oCAChD,cAAc,CAAC,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC;gCACnD,CAAC;4BACF,CAAC;4BAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;4BAC7C,MAAM,GAAG,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;4BAE5C,MAAM,YAAY,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BACvE,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,KAAK,IAAI,CAAC;4BAEjD,MAAM,cAAc,GAAG,MAAM,wBAAwB,CACpD,IAAI,EACJ,GAAG,EACH,UAAU,EACV,SAAS,CACT,CAAC;4BACF,MAAM,WAAW,GAAG,cAAc,EAAE,WAAW,IAAI,IAAI,CAAC;4BAExD,MAAM,OAAO,GAAG,kBAAkB,CACjC,WAAW,EACX,cAAc,CAAC,gBAAgB,EAC/B,cAAc,CAAC,WAAW,EAC1B;gCACC,KAAK,EAAE,cAAc,EAAE,IAAI,CAAC,KAAK;gCACjC,cAAc,EAAG,cAAc,EAAE,IAAY,EAAE,gBAAgB;6BAC/D,CACD,CAAC;4BAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gCACjC,GAAG,WAAW;gCACd,OAAO;6BACP,CAAC,CAAC;4BAEH,UAAU,CAAC,UAAU,CAAC,QAAQ,EAAE;gCAC/B,MAAM,EAAE,QAAQ,CAAC,MAAM;gCACvB,EAAE,EAAE,QAAQ,CAAC,EAAE;gCACf,UAAU,EAAE,QAAQ,CAAC,UAAU;gCAC/B,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;6BACvD,CAAC,CAAC;4BAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gCAC7B,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gCACvD,MAAM,SAAS,GAAG,UAAU;oCAC3B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,IAAI;oCAC9C,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;gCAEvB,cAAc,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gCACtE,cAAc,CAAC,aAAa,EAAE,CAAC;gCAE/B,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;oCAC3B,mBAAmB,GAAG,IAAI,CAAC;gCAC5B,CAAC;gCAED,MAAM,YAAY,CAChB,cAAc,CAAC,UAAU,CAAC,IAAI,EAAE,CAChC,CAAC;gCAEF,IAAI,OAAO,GAAG,WAAW,GAAG,CAAC,EAAE,CAAC;oCAC/B,QAAQ,CAAC,IAAI,WAAW,4CAA4C,CAAC,CAAC;oCACtE,SAAS;gCACV,CAAC;gCAED,SAAS,GAAG,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gCACvD,MAAM;4BACP,CAAC;4BAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gCAClB,OAAO,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;4BAC5C,CAAC;4BAED,MAAM,eAAe,GAAG,MAAM,qBAAqB,CAClD,QAAQ,EACR,WAAW,CACX,CAAC;4BACF,iCAAiC;4BACjC,oBAAoB,CACnB,cAAc,CAAC,WAAW,EAC1B,cAAc,CAAC,EAAE,EACjB,GAAG,CACH,CAAC;4BACF,OAAO,eAAe,CAAC;wBACxB,CAAC;wBAEF,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;oBAC1D,CAAC;iBACD,CAAC;YACF,CAAC;YACD,OAAO,EAAE;gBACP;oBACC,KAAK,EAAE,WAAW,CAAC,KAAK;oBACxB,IAAI,EAAE,OAAgB;oBACvB;;;;;;;;;;;uBAWG;oBACH,SAAS,EAAE,KAAK,IAAI,EAAE;wBACrB,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,MAAM,uBAAuB,EAAE,CAAC;wBAC7D,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;wBAE1D,wCAAwC;wBACxC,cAAc,CAAC,GAAG,CAAC,CAAC;wBAEpB,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;4BACvB,UAAU,CAAC,KAAK,EAAE,CAAC;4BACnB,OAAO,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;wBACxC,CAAC;wBAED,OAAO;4BACN,GAAG;4BACH,MAAM,EAAE,MAAe;4BACvB,YAAY,EAAE,WAAW,CAAC,YAAY;4BACtC,QAAQ,EAAE,KAAK,IAAI,EAAE;gCACpB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;gCACnD,UAAU,CAAC,KAAK,EAAE,CAAC;gCAEnB,IAAI,CAAC,MAAM,EAAE,CAAC;oCACb,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAC;gCACpC,CAAC;gCAED,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC7C,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,QAAQ,EACb,YAAY,CACZ,CAAC;gCAEF,OAAO,MAAM,EAAE,IAAI,KAAK,SAAS;oCAChC,CAAC,CAAC,MAAM;oCACR,CAAC,CAAC,EAAE,IAAI,EAAE,QAAiB,EAAE,CAAC;4BAChC,CAAC;yBACD,CAAC;oBACH,CAAC;iBACA;gBACD;oBACC,KAAK,EAAE,WAAW,CAAC,YAAY;oBAC/B,IAAI,EAAE,OAAgB;oBACtB,SAAS,EAAE,KAAK,IAAI,EAAE;wBACrB,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,uBAAuB,EAAE,CAAC;wBACtD,OAAO,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;oBACxC,CAAC;iBACD;gBACD;oBACC,KAAK,EAAE,WAAW,CAAC,OAAO;oBAC1B,IAAI,EAAE,KAAc;iBACpB;aACF;SACD;KACD,CAAC;AACH,CAAC,CAAC;AAEF,eAAe,gBAAgB,CAAC"}

package/dist/lib/auth/auth.d.ts

@@ -0,0 +1,43 @@
+import type { AuthorizationFlow, TokenResult, ParsedAuthInput, JWTPayload } from "../types.js";
+export declare const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+export declare const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+export declare const TOKEN_URL = "https://auth.openai.com/oauth/token";
+export declare const REDIRECT_URI = "http://localhost:1455/auth/callback";
+export declare const SCOPE = "openid profile email offline_access";
+/**
+ * Generate a random state value for OAuth flow
+ * @returns Random hex string
+ */
+export declare function createState(): string;
+/**
+ * Parse authorization code and state from user input
+ * @param input - User input (URL, code#state, or just code)
+ * @returns Parsed authorization data
+ */
+export declare function parseAuthorizationInput(input: string): ParsedAuthInput;
+/**
+ * Exchange authorization code for access and refresh tokens
+ * @param code - Authorization code from OAuth flow
+ * @param verifier - PKCE verifier
+ * @param redirectUri - OAuth redirect URI
+ * @returns Token result
+ */
+export declare function exchangeAuthorizationCode(code: string, verifier: string, redirectUri?: string): Promise<TokenResult>;
+/**
+ * Decode a JWT token to extract payload
+ * @param token - JWT token to decode
+ * @returns Decoded payload or null if invalid
+ */
+export declare function decodeJWT(token: string): JWTPayload | null;
+/**
+ * Refresh access token using refresh token
+ * @param refreshToken - Refresh token
+ * @returns Token result
+ */
+export declare function refreshAccessToken(refreshToken: string): Promise<TokenResult>;
+/**
+ * Create OAuth authorization flow
+ * @returns Authorization flow details
+ */
+export declare function createAuthorizationFlow(): Promise<AuthorizationFlow>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/lib/auth/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../lib/auth/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAY,iBAAiB,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzG,eAAO,MAAM,SAAS,iCAAiC,CAAC;AACxD,eAAO,MAAM,aAAa,4CAA4C,CAAC;AACvE,eAAO,MAAM,SAAS,wCAAwC,CAAC;AAC/D,eAAO,MAAM,YAAY,wCAAwC,CAAC;AAClE,eAAO,MAAM,KAAK,wCAAwC,CAAC;AAE3D;;;GAGG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,CAwBtE;AAED;;;;;;GAMG;AACH,wBAAsB,yBAAyB,CAC9C,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,WAAW,GAAE,MAAqB,GAChC,OAAO,CAAC,WAAW,CAAC,CAoCtB;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAU1D;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAkDnF;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAiB1E"}