opencode-deepseek-auth 1.0.3 → 2.0.1

package/README.md

@@ -25,6 +25,8 @@ Add the plugin to your OpenCode configuration file
 
 ## Usage
 
+### Method 1: Email/Password Authentication (Recommended)
+
 1. **Login**: Run the authentication command in your terminal:
 
    ```bash
@@ -36,7 +38,28 @@ Add the plugin to your OpenCode configuration file
    - Enter your email and password when prompted
    - Your credentials will be stored securely for future use
 
-Once authenticated, OpenCode will use your DeepSeek account for requests.
+### Method 2: Direct Access Token
+
+If you have an existing DeepSeek access token, you can set it directly:
+
+```bash
+opencode auth set --provider deepseek --api-key "your-deepseek-access-token"
+```
+
+### Method 3: Config-based Authentication
+
+You can also put DeepSeek credentials directly in your OpenCode config file:
+
+**File:** `~/.config/opencode/opencode.json`
+```json
+{
+  "provider": {
+    "deepseek": {
+      "apiKey": "email:password"  // Replace with your actual email and password
+    }
+  }
+}
+```
 
 ## Configuration
 
@@ -67,29 +90,51 @@ OpenCode config.
 
 ## Features
 
-- Direct authentication using DeepSeek account credentials (email/password)
-- Secure storage of credentials
-- Automatic token refresh when expired
-- Compatibility with OpenCode's authentication system
-- Free usage through your existing DeepSeek account
+- **Dual Authentication Support**: Supports both email:password flow and direct access token authentication
+- **Smart Format Recognition**: Automatically detects between email:password and regular API keys
+- **Secure Storage**: Securely manages your DeepSeek credentials
+- **Automatic Token Refresh**: Handles token lifecycle and refreshing when needed
+- **OpenCode Integration**: Seamless integration with OpenCode's authentication system
+- **Conflict Resolution**: Properly separates OpenCode's own API keys from DeepSeek authentication
+- **Free Usage**: Leverage your existing DeepSeek account quota and features
 
 ## How It Works
 
-The plugin works by:
-1. Authenticating directly with DeepSeek's API using your email and password
-2. Obtaining an access token from DeepSeek
-3. Using this token to make authenticated requests to DeepSeek's API
-4. Managing token lifecycle and refreshing when needed
+The plugin now supports two authentication modes:
+
+**Email/Password Mode**:
+1. Authenticate directly with DeepSeek's API using your email and password
+2. Obtain an access token from DeepSeek
+3. Use this token to make authenticated requests to DeepSeek's API
+4. Manage token lifecycle and refresh when needed
+
+**Direct Token Mode**:
+1. Accept a direct access token as the API key
+2. Use this token directly with DeepSeek's API
+3. Handle request preparation and response transformation
+
+## Authentication Format Detection
 
-This approach bypasses the need for separate API keys, letting you use your existing DeepSeek account quota and features.
+The plugin intelligently determines the authentication method:
+
+- **Email:Password Detection**: If `apiKey` contains exactly one colon (`:`) and the first part contains `@` (email) or appears to be a phone number, it treats it as email:password
+- **Explicit Provider Marking**: If the auth object has `provider: "deepseek"` or `type: "deepseek-email-password"`, it always treats the key as email:password format
+- **Regular API Key**: Otherwise, treats the value as a direct access token
 
 ## Troubleshooting
 
-### Credentials Not Working
+### Authentication Issues
+
+- **OpenCode API key conflict**: If OpenCode reports your API key is invalid, ensure you're using the correct format for your intended authentication method
+- **Email:Password Format**: Must be in `email:password` or `phone:password` format. Special characters in passwords may require URL encoding
+- **Direct Token**: If using a direct access token, ensure it's a valid DeepSeek access token
+
+### Common Solutions
 
 - Verify that your email and password are correct
-- Check that your account is active and not suspended
-- Make sure you're not hitting rate limits
+- Check that your DeepSeek account is active and not suspended
+- Ensure you're not hitting rate limits
+- If experiencing conflicts, try explicit authentication method via the config file
 
 ### Token Expiration
 
@@ -98,6 +143,11 @@ The plugin handles token refresh automatically, but if you encounter authenticat
 opencode auth login
 ```
 
+Or clear the stored credentials:
+```bash
+opencode auth clear --provider deepseek
+```
+
 ## Development
 
 To develop on this plugin locally:

package/dist/plugin.d.ts

@@ -1,7 +1,7 @@
 import type { PluginContext, PluginResult } from "./types";
 /**
- * Registers the DeepSeek Auth provider for Opencode, handling auth, request rewriting,
- * and response normalization for DeepSeek requests.
+ * Registers the DeepSeek simple API key provider for Opencode.
+ * Users can configure their credentials using `opencode connect` with format: email:password or phone:password
  */
 export declare const DeepSeekAuthPlugin: ({ client }: PluginContext) => Promise<PluginResult>;
 //# sourceMappingURL=plugin.d.ts.map

package/dist/plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAGV,aAAa,EACb,YAAY,EAGb,MAAM,SAAS,CAAC;AAqGjB;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAC7B,YAAY,aAAa,KACxB,OAAO,CAAC,YAAY,CAuJrB,CAAC"}
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAGV,aAAa,EACb,YAAY,EAEb,MAAM,SAAS,CAAC;AA8CjB;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAC7B,YAAY,aAAa,KACxB,OAAO,CAAC,YAAY,CA0JrB,CAAC"}

package/dist/plugin.js

@@ -3,51 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.DeepSeekAuthPlugin = void 0;
 const constants_1 = require("./constants");
 const auth_1 = require("./deepseek/auth");
-// Keep track of active tokens
-const tokenCache = new Map();
-/**
- * Checks if an access token has expired
- */
-function accessTokenExpired(authRecord) {
-    const now = Date.now();
-    return !authRecord.expires || now >= authRecord.expires - 60000; // 1 minute before expiry
-}
-/**
- * Determines if the auth method is OAuth-based
- */
-function isOAuthAuth(auth) {
-    return auth && auth.type === "oauth";
-}
-/**
- * Refresh access token if expired
- */
-async function refreshAccessToken(authRecord, client) {
-    // DeepSeek doesn't have refresh tokens, so a full re-login is required
-    const email = authRecord.email;
-    const password = authRecord.password;
-    if (!email || !password) {
-        return null;
-    }
-    const result = await (0, auth_1.loginDeepSeek)(email, password);
-    if (result.type === "success") {
-        // Update the stored credentials
-        const newAuth = {
-            type: "oauth",
-            access: result.access,
-            expires: result.expires,
-            email: result.email || email,
-            password: password // Store password for refresh
-        };
-        // Update cache
-        tokenCache.set(email, {
-            token: result.access,
-            expires: result.expires,
-            email: result.email || email
-        });
-        return newAuth;
-    }
-    return null;
-}
 /**
  * Prepares the request to DeepSeek API by setting appropriate headers and transforming the payload
  */
@@ -69,7 +24,6 @@ function prepareDeepSeekRequest(input, init, accessToken) {
  */
 async function transformDeepSeekResponse(response) {
     // For now, just pass through the response
-    // If needed, we could transform to match OpenAI format
     return response;
 }
 /**
@@ -82,144 +36,131 @@ function isDeepSeekRequest(input) {
     return urlString.includes('deepseek.com') || urlString.includes('/v1/chat/completions');
 }
 /**
- * Registers the DeepSeek Auth provider for Opencode, handling auth, request rewriting,
- * and response normalization for DeepSeek requests.
+ * Registers the DeepSeek simple API key provider for Opencode.
+ * Users can configure their credentials using `opencode connect` with format: email:password or phone:password
  */
 const DeepSeekAuthPlugin = async ({ client }) => ({
     auth: {
         provider: constants_1.DEEPSEEK_PROVIDER_ID,
         loader: async (getAuth, provider) => {
             const auth = await getAuth();
-            // Handle both OAuth-based auth and API key formatted credentials
-            if (!isOAuthAuth(auth) && !auth.apiKey) {
+            // This plugin only handles API key authentication
+            if (!auth?.apiKey) {
                 return null;
             }
-            // If models are defined in the provider, set cost to 0 to indicate free usage
-            if (provider.models) {
-                for (const model of Object.values(provider.models)) {
-                    if (model) {
-                        model.cost = { input: 0, output: 0 };
-                    }
-                }
-            }
-            // Handle the case where API key contains email:password
-            let resolvedAccessToken = "";
-            if (auth.apiKey) {
-                // Check if API key contains email:password or phone:password format
-                const credentialParts = auth.apiKey.split(':');
-                if (credentialParts.length === 2) {
-                    const [identifier, password] = credentialParts;
-                    // Try to login with these credentials
+            // Determine if this is a DeepSeek-specific authentication by checking the auth metadata
+            const isDeepSeekAuth = auth.provider === 'deepseek' || auth.type === 'deepseek-email-password';
+            const apiKeyValue = auth.apiKey;
+            // If explicitly marked as DeepSeek auth, process as email:password
+            if (isDeepSeekAuth) {
+                const parts = apiKeyValue.split(':');
+                if (parts.length === 2) {
+                    const [identifier, password] = parts;
+                    // Convert credentials to DeepSeek access token
                     const result = await (0, auth_1.loginDeepSeek)(identifier, password);
-                    if (result.type === "success") {
-                        resolvedAccessToken = result.access;
-                        // Cache this for potential future use
-                        tokenCache.set(identifier, {
-                            token: result.access,
-                            expires: result.expires,
-                            email: result.email || identifier
-                        });
+                    if (result.type !== "success") {
+                        console.error(`Failed to authenticate with provided credentials: ${result.error}`);
+                        throw new Error(`Authentication failed: ${result.error}`);
                     }
-                    else {
-                        throw new Error(`Failed to authenticate with provided credentials: ${result.error}`);
+                    // Successfully obtained access token from credentials
+                    const accessToken = result.access;
+                    // If models are defined in the provider, set cost to 0 to indicate free usage
+                    if (provider.models) {
+                        for (const model of Object.values(provider.models)) {
+                            if (model) {
+                                model.cost = { input: 0, output: 0 };
+                            }
+                        }
                     }
+                    return {
+                        apiKey: accessToken,
+                        async fetch(input, init) {
+                            // If this isn't a DeepSeek request, pass through normally
+                            if (!isDeepSeekRequest(input)) {
+                                return fetch(input, init);
+                            }
+                            // Prepare the request with proper headers
+                            const { request, init: transformedInit } = prepareDeepSeekRequest(input, init, accessToken);
+                            // Make the API call
+                            const response = await fetch(request, transformedInit);
+                            // Transform response if needed
+                            return transformDeepSeekResponse(response);
+                        },
+                    };
                 }
                 else {
-                    // If it's not in email:password format, assume it's already a valid access token
-                    resolvedAccessToken = auth.apiKey;
+                    // If explicitly marked as DeepSeek auth but not in correct format, throw error
+                    throw new Error(`DeepSeek authentication requires email:password format`);
                 }
             }
-            else if (isOAuthAuth(auth)) {
-                // Handle normal OAuth flow
-                let authRecord = auth;
-                // Check if token has expired and refresh if possible
-                if (accessTokenExpired(authRecord)) {
-                    const refreshed = await refreshAccessToken(authRecord, client);
-                    if (!refreshed) {
-                        console.warn("Could not refresh DeepSeek access token");
-                        return null;
+            else {
+                // Otherwise, check if this looks like email:password format but isn't explicitly marked
+                const parts = apiKeyValue.split(':');
+                if (parts.length === 2) {
+                    const [potentialIdentifier, potentialPassword] = parts;
+                    // Heuristic: Check if it looks like an email or phone number format, and password seems reasonable
+                    const isEmailFormat = potentialIdentifier.includes('@');
+                    const isPhoneFormat = /^[0-9+\-\s()]+$/.test(potentialIdentifier.trim());
+                    const isPasswordReasonableLength = potentialPassword.length >= 6;
+                    // Only attempt email:password processing if both parts seem valid
+                    if ((isEmailFormat || isPhoneFormat) && isPasswordReasonableLength) {
+                        try {
+                            // Try to use as email:password
+                            const result = await (0, auth_1.loginDeepSeek)(potentialIdentifier, potentialPassword);
+                            if (result.type === "success") {
+                                // Successfully authenticated with email:password
+                                const accessToken = result.access;
+                                // If models are defined in the provider, set cost to 0 to indicate free usage
+                                if (provider.models) {
+                                    for (const model of Object.values(provider.models)) {
+                                        if (model) {
+                                            model.cost = { input: 0, output: 0 };
+                                        }
+                                    }
+                                }
+                                return {
+                                    apiKey: accessToken,
+                                    async fetch(input, init) {
+                                        // If this isn't a DeepSeek request, pass through normally
+                                        if (!isDeepSeekRequest(input)) {
+                                            return fetch(input, init);
+                                        }
+                                        // Prepare the request with proper headers
+                                        const { request, init: transformedInit } = prepareDeepSeekRequest(input, init, accessToken);
+                                        // Make the API call
+                                        const response = await fetch(request, transformedInit);
+                                        // Transform response if needed
+                                        return transformDeepSeekResponse(response);
+                                    },
+                                };
+                            }
+                        }
+                        catch (error) {
+                            console.warn("Email:password authentication failed, treating as regular API key:", error);
+                            // Fall through to treat as regular API key
+                        }
                     }
-                    authRecord = refreshed;
-                }
-                resolvedAccessToken = authRecord.access;
-                if (!resolvedAccessToken) {
-                    return null;
                 }
+                // Default: treat as direct DeepSeek access token or other API key
+                const accessToken = apiKeyValue;
+                return {
+                    apiKey: accessToken,
+                    async fetch(input, init) {
+                        // If this isn't a DeepSeek request, pass through normally
+                        if (!isDeepSeekRequest(input)) {
+                            return fetch(input, init);
+                        }
+                        // Prepare the request with proper headers
+                        const { request, init: transformedInit } = prepareDeepSeekRequest(input, init, accessToken);
+                        // Make the API call
+                        const response = await fetch(request, transformedInit);
+                        // Transform response if needed
+                        return transformDeepSeekResponse(response);
+                    },
+                };
             }
-            return {
-                apiKey: resolvedAccessToken || "",
-                async fetch(input, init) {
-                    // If this isn't a DeepSeek request, pass through normally
-                    if (!isDeepSeekRequest(input)) {
-                        return fetch(input, init);
-                    }
-                    // Prepare the request with proper headers
-                    const { request, init: transformedInit } = prepareDeepSeekRequest(input, init, resolvedAccessToken);
-                    // Make the API call
-                    const response = await fetch(request, transformedInit);
-                    // Transform response if needed
-                    return transformDeepSeekResponse(response);
-                },
-            };
         },
-        methods: [
-            {
-                label: "Login with DeepSeek Account",
-                type: "oauth",
-                authorize: async () => {
-                    // Direct credential form for DeepSeek as they don't use standard OAuth
-                    const form = {
-                        fields: [
-                            {
-                                name: "email",
-                                label: "Email",
-                                type: "email",
-                                required: true,
-                            },
-                            {
-                                name: "password",
-                                label: "Password",
-                                type: "password",
-                                required: true,
-                            }
-                        ]
-                    };
-                    return {
-                        url: "https://chat.deepseek.com",
-                        instructions: "Enter your DeepSeek account credentials below. Your credentials will be stored securely and used for authentication.",
-                        method: "form",
-                        form: form,
-                        callback: async (formData) => {
-                            const email = formData.email;
-                            const password = formData.password;
-                            // Validate inputs
-                            if (!email || !password) {
-                                return {
-                                    type: "failed",
-                                    error: "Email and password are required for DeepSeek authentication"
-                                };
-                            }
-                            // Attempt to log in using the provided credentials
-                            const result = await (0, auth_1.loginDeepSeek)(email, password);
-                            if (result.type === "success") {
-                                // Cache the token
-                                tokenCache.set(email, {
-                                    token: result.access,
-                                    expires: result.expires,
-                                    email: result.email || email
-                                });
-                            }
-                            return result;
-                        },
-                    };
-                },
-            },
-            {
-                provider: constants_1.DEEPSEEK_PROVIDER_ID,
-                label: "Enter credentials (email:password or phone:password)",
-                type: "api",
-            },
-        ],
+        methods: [], // Empty methods array since we're using config-based auth
     },
 });
 exports.DeepSeekAuthPlugin = DeepSeekAuthPlugin;

package/dist/plugin.js.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":";;;AAEA,2CAAiG;AACjG,0CAIyB;AAYzB,8BAA8B;AAC9B,MAAM,UAAU,GAAG,IAAI,GAAG,EAA6D,CAAC;AAExF;;GAEG;AACH,SAAS,kBAAkB,CAAC,UAAe;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO,CAAC,UAAU,CAAC,OAAO,IAAI,GAAG,IAAI,UAAU,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC,yBAAyB;AAC5F,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAS;IAC5B,OAAO,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,UAAe,EAAE,MAAW;IAC5D,uEAAuE;IACvE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC;IAC/B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;IAErC,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAa,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACpD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,gCAAgC;QAChC,MAAM,OAAO,GAAG;YACd,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,KAAK;YAC5B,QAAQ,EAAE,QAAQ,CAAE,6BAA6B;SAClD,CAAC;QAEF,eAAe;QACf,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;YACpB,KAAK,EAAE,MAAM,CAAC,MAAM;YACpB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7B,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,KAAkC,EAClC,IAA6B,EAC7B,WAAmB;IAEnB,+CAA+C;IAC/C,MAAM,eAAe,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;IAEpC,2BAA2B;IAC3B,eAAe,CAAC,OAAO,GAAG;QACxB,GAAG,eAAe,CAAC,OAAO;QAC1B,GAAG,iCAAqB;QACxB,eAAe,EAAE,UAAU,WAAW,EAAE;KACzC,CAAC;IAEF,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAoB,EAAE,eAAe,CAAC,CAAC;IAEnE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,yBAAyB,CACtC,QAAkB;IAElB,0CAA0C;IAC1C,uDAAuD;IACvD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAkC;IAC3D,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACpC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxC,KAAiB,CAAC,GAAG,IAAI,EAAE,CAAC;IAC9C,OAAO,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;AAC1F,CAAC;AAED;;;GAGG;AACI,MAAM,kBAAkB,GAAG,KAAK,EACrC,EAAE,MAAM,EAAiB,EACF,EAAE,CAAC,CAAC;IAC3B,IAAI,EAAE;QACJ,QAAQ,EAAE,gCAAoB;QAC7B,MAAM,EAAE,KAAK,EAAE,OAAgB,EAAE,QAAkB,EAAgC,EAAE;YACnF,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;YAE7B,iEAAiE;YACjE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,8EAA8E;YAC9E,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnD,IAAI,KAAK,EAAE,CAAC;wBACV,KAAK,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wDAAwD;YACxD,IAAI,mBAAmB,GAAG,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,oEAAoE;gBACpE,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC/C,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACjC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,eAAe,CAAC;oBAC/C,sCAAsC;oBACtC,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAa,EAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;oBACzD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAC9B,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;wBACpC,sCAAsC;wBACtC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE;4BACzB,KAAK,EAAE,MAAM,CAAC,MAAM;4BACpB,OAAO,EAAE,MAAM,CAAC,OAAO;4BACvB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,UAAU;yBAClC,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,MAAM,IAAI,KAAK,CAAC,qDAAqD,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;oBACvF,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,iFAAiF;oBACjF,mBAAmB,GAAG,IAAI,CAAC,MAAM,CAAC;gBACpC,CAAC;YACH,CAAC;iBAAM,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,2BAA2B;gBAC3B,IAAI,UAAU,GAAG,IAAI,CAAC;gBAEtB,qDAAqD;gBACrD,IAAI,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;oBACnC,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;oBAC/D,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,OAAO,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;wBACxD,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,UAAU,GAAG,SAAS,CAAC;gBACzB,CAAC;gBAED,mBAAmB,GAAG,UAAU,CAAC,MAAM,CAAC;gBACxC,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACzB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,mBAAmB,IAAI,EAAE;gBACjC,KAAK,CAAC,KAAK,CAAC,KAAkC,EAAE,IAAkB;oBAChE,0DAA0D;oBAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC9B,OAAO,KAAK,CAAC,KAAoB,EAAE,IAAI,CAAC,CAAC;oBAC3C,CAAC;oBAED,0CAA0C;oBAC1C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,sBAAsB,CAC/D,KAAK,EACL,IAAI,EACJ,mBAAmB,CACpB,CAAC;oBAEF,oBAAoB;oBACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;oBAEvD,+BAA+B;oBAC/B,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;gBAC7C,CAAC;aACF,CAAC;QACJ,CAAC;QACD,OAAO,EAAE;YACP;gBACE,KAAK,EAAE,6BAA6B;gBACpC,IAAI,EAAE,OAAO;gBACb,SAAS,EAAE,KAAK,IAAI,EAAE;oBACpB,uEAAuE;oBACvE,MAAM,IAAI,GAAe;wBACvB,MAAM,EAAE;4BACN;gCACE,IAAI,EAAE,OAAO;gCACb,KAAK,EAAE,OAAO;gCACd,IAAI,EAAE,OAAO;gCACb,QAAQ,EAAE,IAAI;6BACf;4BACD;gCACE,IAAI,EAAE,UAAU;gCAChB,KAAK,EAAE,UAAU;gCACjB,IAAI,EAAE,UAAU;gCAChB,QAAQ,EAAE,IAAI;6BACf;yBACF;qBACF,CAAC;oBAEF,OAAO;wBACL,GAAG,EAAE,2BAA2B;wBAChC,YAAY,EAAE,sHAAsH;wBACpI,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,IAAI;wBACV,QAAQ,EAAE,KAAK,EAAE,QAAgC,EAAwC,EAAE;4BACzF,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;4BAC7B,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;4BAEnC,kBAAkB;4BAClB,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gCACxB,OAAO;oCACL,IAAI,EAAE,QAAQ;oCACd,KAAK,EAAE,6DAA6D;iCACrE,CAAC;4BACJ,CAAC;4BAED,mDAAmD;4BACnD,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAa,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;4BAEpD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gCAC9B,kBAAkB;gCAClB,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE;oCACpB,KAAK,EAAE,MAAM,CAAC,MAAM;oCACpB,OAAO,EAAE,MAAM,CAAC,OAAO;oCACvB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,KAAK;iCAC7B,CAAC,CAAC;4BACL,CAAC;4BAED,OAAO,MAAM,CAAC;wBAChB,CAAC;qBACF,CAAC;gBACJ,CAAC;aACF;YACD;gBACE,QAAQ,EAAE,gCAAoB;gBAC9B,KAAK,EAAE,sDAAsD;gBAC7D,IAAI,EAAE,KAAK;aACZ;SACF;KACH;CACF,CAAC,CAAC;AAzJU,QAAA,kBAAkB,sBAyJ5B"}
+{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":";;;AAEA,2CAAiG;AACjG,0CAEyB;AAWzB;;GAEG;AACH,SAAS,sBAAsB,CAC7B,KAAkC,EAClC,IAA6B,EAC7B,WAAmB;IAEnB,+CAA+C;IAC/C,MAAM,eAAe,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;IAEpC,2BAA2B;IAC3B,eAAe,CAAC,OAAO,GAAG;QACxB,GAAG,eAAe,CAAC,OAAO;QAC1B,GAAG,iCAAqB;QACxB,eAAe,EAAE,UAAU,WAAW,EAAE;KACzC,CAAC;IAEF,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAoB,EAAE,eAAe,CAAC,CAAC;IAEnE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,yBAAyB,CACtC,QAAkB;IAElB,0CAA0C;IAC1C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAkC;IAC3D,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACpC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxC,KAAiB,CAAC,GAAG,IAAI,EAAE,CAAC;IAC9C,OAAO,SAAS,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;AAC1F,CAAC;AAED;;;GAGG;AACI,MAAM,kBAAkB,GAAG,KAAK,EACrC,EAAE,MAAM,EAAiB,EACF,EAAE,CAAC,CAAC;IAC3B,IAAI,EAAE;QACJ,QAAQ,EAAE,gCAAoB;QAC9B,MAAM,EAAE,KAAK,EAAE,OAAgB,EAAE,QAAkB,EAAgC,EAAE;YACnF,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;YAE7B,kDAAkD;YAClD,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;gBAClB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,wFAAwF;YACxF,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB,CAAC;YAC/F,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC;YAEhC,mEAAmE;YACnE,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;oBAErC,+CAA+C;oBAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAa,EAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;oBACzD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAC9B,OAAO,CAAC,KAAK,CAAC,qDAAqD,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;wBACnF,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;oBAC5D,CAAC;oBAED,sDAAsD;oBACtD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;oBAElC,8EAA8E;oBAC9E,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;wBACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;4BACnD,IAAI,KAAK,EAAE,CAAC;gCACV,KAAK,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;4BACvC,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,OAAO;wBACL,MAAM,EAAE,WAAW;wBACnB,KAAK,CAAC,KAAK,CAAC,KAAkC,EAAE,IAAkB;4BAChE,0DAA0D;4BAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;gCAC9B,OAAO,KAAK,CAAC,KAAoB,EAAE,IAAI,CAAC,CAAC;4BAC3C,CAAC;4BAED,0CAA0C;4BAC1C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,sBAAsB,CAC/D,KAAK,EACL,IAAI,EACJ,WAAW,CACZ,CAAC;4BAEF,oBAAoB;4BACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;4BAEvD,+BAA+B;4BAC/B,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;wBAC7C,CAAC;qBACF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,+EAA+E;oBAC/E,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,wFAAwF;gBACxF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,MAAM,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,GAAG,KAAK,CAAC;oBAEvD,mGAAmG;oBACnG,MAAM,aAAa,GAAG,mBAAmB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;oBACxD,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC;oBACzE,MAAM,0BAA0B,GAAG,iBAAiB,CAAC,MAAM,IAAI,CAAC,CAAC;oBAEjE,kEAAkE;oBAClE,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,IAAI,0BAA0B,EAAE,CAAC;wBACnE,IAAI,CAAC;4BACH,+BAA+B;4BAC/B,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAa,EAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAC;4BAC3E,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gCAC9B,iDAAiD;gCACjD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;gCAElC,8EAA8E;gCAC9E,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oCACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;wCACnD,IAAI,KAAK,EAAE,CAAC;4CACV,KAAK,CAAC,IAAI,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;wCACvC,CAAC;oCACH,CAAC;gCACH,CAAC;gCAED,OAAO;oCACL,MAAM,EAAE,WAAW;oCACnB,KAAK,CAAC,KAAK,CAAC,KAAkC,EAAE,IAAkB;wCAChE,0DAA0D;wCAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;4CAC9B,OAAO,KAAK,CAAC,KAAoB,EAAE,IAAI,CAAC,CAAC;wCAC3C,CAAC;wCAED,0CAA0C;wCAC1C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,sBAAsB,CAC/D,KAAK,EACL,IAAI,EACJ,WAAW,CACZ,CAAC;wCAEF,oBAAoB;wCACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;wCAEvD,+BAA+B;wCAC/B,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;oCAC7C,CAAC;iCACF,CAAC;4BACJ,CAAC;wBACH,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,IAAI,CAAC,oEAAoE,EAAE,KAAK,CAAC,CAAC;4BAC1F,2CAA2C;wBAC7C,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,kEAAkE;gBAClE,MAAM,WAAW,GAAG,WAAW,CAAC;gBAEhC,OAAO;oBACL,MAAM,EAAE,WAAW;oBACnB,KAAK,CAAC,KAAK,CAAC,KAAkC,EAAE,IAAkB;wBAChE,0DAA0D;wBAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;4BAC9B,OAAO,KAAK,CAAC,KAAoB,EAAE,IAAI,CAAC,CAAC;wBAC3C,CAAC;wBAED,0CAA0C;wBAC1C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,sBAAsB,CAC/D,KAAK,EACL,IAAI,EACJ,WAAW,CACZ,CAAC;wBAEF,oBAAoB;wBACpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;wBAEvD,+BAA+B;wBAC/B,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;oBAC7C,CAAC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,0DAA0D;KACxE;CACF,CAAC,CAAC;AA5JU,QAAA,kBAAkB,sBA4J5B"}

package/dist/types.d.ts

@@ -21,7 +21,11 @@ export interface PluginResult {
     };
 }
 export interface GetAuth {
-    (): Promise<any>;
+    (): Promise<{
+        apiKey?: string;
+        type?: string;
+        provider?: string;
+    }>;
 }
 export interface LoaderResult {
     apiKey: string;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,GAAG,CAAC;CACb;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;QAC/E,OAAO,EAAE,UAAU,EAAE,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,CAAC,KAAK,EAAE,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtF;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC;QACxB,GAAG,EAAE,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,UAAU,CAAC;QAClB,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;KAC1C,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE,MAAM,CAAC;CAC5B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,GAAG,CAAC;CACb;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE;QACJ,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;QAC/E,OAAO,EAAE,UAAU,EAAE,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,OAAO,CAAC;QACV,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,CAAC,KAAK,EAAE,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtF;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC;QACxB,GAAG,EAAE,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,UAAU,CAAC;QAClB,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;KAC1C,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE,MAAM,CAAC;CAC5B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-deepseek-auth",
-  "version": "1.0.3",
+  "version": "2.0.1",
   "description": "Authenticate the Opencode CLI with your DeepSeek account credentials",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/constants.js

@@ -0,0 +1,43 @@
+"use strict";
+/**
+ * Constants used for DeepSeek authentication flows and API integration.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEEPSEEK_AUTH_SCOPES = exports.DEEPSEEK_PROVIDER_ID = exports.DEEPSEEK_BASE_HEADERS = exports.DEEPSEEK_LOGIN_URL = exports.DEEPSEEK_API_BASE_URL = exports.DEEPSEEK_REDIRECT_URI = void 0;
+/**
+ * OAuth redirect URI used by the local CLI callback server.
+ */
+exports.DEEPSEEK_REDIRECT_URI = "http://localhost:8085/oauth2callback";
+/**
+ * Base endpoint for the DeepSeek API
+ */
+exports.DEEPSEEK_API_BASE_URL = "https://chat.deepseek.com/api/v0";
+/**
+ * Login endpoint
+ */
+exports.DEEPSEEK_LOGIN_URL = `${exports.DEEPSEEK_API_BASE_URL}/users/login`;
+/**
+ * Headers used for DeepSeek API requests
+ */
+exports.DEEPSEEK_BASE_HEADERS = {
+    "Host": "chat.deepseek.com",
+    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+    "Accept": "application/json",
+    "Accept-Encoding": "gzip",
+    "Content-Type": "application/json",
+    "x-client-platform": "web",
+    "x-client-version": "1.5.0",
+    "x-client-locale": "en_US",
+    "accept-charset": "UTF-8",
+    "origin": "https://chat.deepseek.com",
+    "referer": "https://chat.deepseek.com/"
+};
+/**
+ * Provider identifier shared between the plugin loader and credential store.
+ */
+exports.DEEPSEEK_PROVIDER_ID = "deepseek";
+exports.DEEPSEEK_AUTH_SCOPES = [
+    "user:profile",
+    "user:chat",
+    "user:tokens"
+];

package/src/deepseek/auth.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginDeepSeek = loginDeepSeek;
+exports.exchangeDeepSeek = exchangeDeepSeek;
+exports.authorizeDeepSeek = authorizeDeepSeek;
+/**
+ * Direct login to DeepSeek using email/password
+ */
+async function loginDeepSeek(email, password) {
+    try {
+        // Prepare login payload
+        const payload = {
+            email,
+            password,
+            device_id: "opencode-plugin",
+            os: "web"
+        };
+        // Make login request to DeepSeek API
+        const response = await fetch("https://chat.deepseek.com/api/v0/users/login", {
+            method: "POST",
+            headers: {
+                "Host": "chat.deepseek.com",
+                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+                "Accept": "application/json",
+                "Accept-Encoding": "gzip",
+                "Content-Type": "application/json",
+                "x-client-platform": "web",
+                "x-client-version": "1.5.0",
+                "x-client-locale": "en_US",
+                "accept-charset": "UTF-8",
+                "origin": "https://chat.deepseek.com",
+                "referer": "https://chat.deepseek.com/"
+            },
+            body: JSON.stringify(payload)
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            return {
+                type: "failed",
+                error: `Login failed with status ${response.status}: ${errorText}`
+            };
+        }
+        const data = await response.json();
+        if (!data.data || !data.data.biz_data || !data.data.biz_data.user) {
+            return {
+                type: "failed",
+                error: "Invalid response format from DeepSeek login API"
+            };
+        }
+        const userData = data.data.biz_data.user;
+        const token = userData.token;
+        if (!token) {
+            return {
+                type: "failed",
+                error: "No token returned from DeepSeek login"
+            };
+        }
+        // Calculate expiration (default to 1 hour if not provided)
+        // In the actual DeepSeek API response, look for expires_in field
+        const expiresIn = data.data.biz_data.expires_in || 3600;
+        const expiresAt = Date.now() + (expiresIn * 1000);
+        return {
+            type: "success",
+            access: token,
+            expires: expiresAt,
+            email: userData.email || email
+        };
+    }
+    catch (error) {
+        return {
+            type: "failed",
+            error: error instanceof Error ? error.message : "Unknown error occurred during login"
+        };
+    }
+}
+/**
+ * Exchange credentials for tokens (for direct login approach)
+ */
+async function exchangeDeepSeek(credentials) {
+    return loginDeepSeek(credentials.email, credentials.password);
+}
+/**
+ * Placeholder authorize function for compatibility
+ */
+async function authorizeDeepSeek() {
+    // Since DeepSeek doesn't use standard OAuth, we'll return info indicating 
+    // that direct login should be used
+    return {
+        verifier: "", // Placeholder since we don't use PKCE
+        success: false,
+        url: "Direct login required - use email and password"
+    };
+}