opencode-gemini-auth 1.3.6 → 1.3.8

package/README.md

@@ -15,7 +15,7 @@ directly within Opencode, bypassing separate API billing.
 ## Installation
 
 Add the plugin to your Opencode configuration file
-(`~/.config/opencode/config.json` or similar):
+(`~/.config/opencode/opencode.json` or similar):
 
 ```json
 {
@@ -37,7 +37,7 @@ Add the plugin to your Opencode configuration file
    - A browser window will open for you to approve the access.
    - The plugin spins up a temporary local server to capture the callback.
    - If the local server fails (e.g., port in use or headless environment),
-     you can manually copy/paste the callback URL as instructed.
+     you can manually paste the callback URL or just the authorization code.
 
 Once authenticated, Opencode will use your Google account for Gemini requests.
 
@@ -60,19 +60,41 @@ project. To force a specific project, set the `projectId` in your configuration:
 }
 ```
 
-### Thinking Models
-
-Configure "thinking" capabilities for Gemini models using the `thinkingConfig`
-option in your `config.json`.
+### Model list
 
-**Gemini 3 (Thinking Level)**
-Use `thinkingLevel` (`"low"`, `"high"`) for Gemini 3 models.
+Below are example model entries you can add under `provider.google.models` in your
+Opencode config. Each model can include an `options.thinkingConfig` block to
+enable "thinking" features.
 
 ```json
 {
   "provider": {
     "google": {
       "models": {
+        "gemini-2.5-flash": {
+          "options": {
+            "thinkingConfig": {
+              "thinkingBudget": 8192,
+              "includeThoughts": true
+            }
+          }
+        },
+        "gemini-2.5-pro": {
+          "options": {
+            "thinkingConfig": {
+              "thinkingBudget": 8192,
+              "includeThoughts": true
+            }
+          }
+        },
+        "gemini-3-flash-preview": {
+          "options": {
+            "thinkingConfig": {
+              "thinkingLevel": "high",
+              "includeThoughts": true
+            }
+          }
+        },
         "gemini-3-pro-preview": {
           "options": {
             "thinkingConfig": {
@@ -87,14 +109,33 @@ Use `thinkingLevel` (`"low"`, `"high"`) for Gemini 3 models.
 }
 ```
 
-**Gemini 2.5 (Thinking Budget)**
-Use `thinkingBudget` (token count) for Gemini 2.5 models.
+Note: Available model names and previews may change—check Google's documentation or
+the Gemini product page for the current model identifiers.
+
+### Thinking Models
+
+The plugin supports configuring Gemini "thinking" features per-model via
+`thinkingConfig`. The available fields depend on the model family:
+
+- For Gemini 3 models: use `thinkingLevel` with values `"low"` or `"high"`.
+- For Gemini 2.5 models: use `thinkingBudget` (token count).
+- `includeThoughts` (boolean) controls whether the model emits internal thoughts.
+
+A combined example showing both model types:
 
 ```json
 {
   "provider": {
     "google": {
       "models": {
+        "gemini-3-pro-preview": {
+          "options": {
+            "thinkingConfig": {
+              "thinkingLevel": "high",
+              "includeThoughts": true
+            }
+          }
+        },
         "gemini-2.5-flash": {
           "options": {
             "thinkingConfig": {
@@ -109,6 +150,9 @@ Use `thinkingBudget` (token count) for Gemini 2.5 models.
 }
 ```
 
+If you don't set a `thinkingConfig` for a model, the plugin will use default
+behavior for that model.
+
 ## Troubleshooting
 
 ### Manual Google Cloud Setup

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opencode-gemini-auth",
   "module": "index.ts",
-  "version": "1.3.6",
+  "version": "1.3.8",
   "author": "jenslys",
   "repository": "https://github.com/jenslys/opencode-gemini-auth",
   "files": [
@@ -11,7 +11,7 @@
   "license": "MIT",
   "type": "module",
   "devDependencies": {
-    "@opencode-ai/plugin": "^0.15.31",
+    "@opencode-ai/plugin": "^1.1.25",
     "@types/bun": "latest"
   },
   "peerDependencies": {

package/src/gemini/oauth.ts

@@ -90,6 +90,8 @@ export async function authorizeGemini(): Promise<GeminiAuthorization> {
   url.searchParams.set("state", encodeState({ verifier: pkce.verifier }));
   url.searchParams.set("access_type", "offline");
   url.searchParams.set("prompt", "consent");
+  // Add a fragment so any stray terminal glyphs are ignored by the auth server.
+  url.hash = "opencode";
 
   return {
     url: url.toString(),
@@ -107,53 +109,24 @@ export async function exchangeGemini(
   try {
     const { verifier } = decodeState(state);
 
-    const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: new URLSearchParams({
-        client_id: GEMINI_CLIENT_ID,
-        client_secret: GEMINI_CLIENT_SECRET,
-        code,
-        grant_type: "authorization_code",
-        redirect_uri: GEMINI_REDIRECT_URI,
-        code_verifier: verifier,
-      }),
-    });
-
-    if (!tokenResponse.ok) {
-      const errorText = await tokenResponse.text();
-      return { type: "failed", error: errorText };
-    }
-
-    const tokenPayload = (await tokenResponse.json()) as GeminiTokenResponse;
-
-    const userInfoResponse = await fetch(
-      "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
-      {
-        headers: {
-          Authorization: `Bearer ${tokenPayload.access_token}`,
-        },
-      },
-    );
-
-    const userInfo = userInfoResponse.ok
-      ? ((await userInfoResponse.json()) as GeminiUserInfo)
-      : {};
-
-    const refreshToken = tokenPayload.refresh_token;
-    if (!refreshToken) {
-      return { type: "failed", error: "Missing refresh token in response" };
-    }
-
+    return await exchangeGeminiWithVerifierInternal(code, verifier);
+  } catch (error) {
     return {
-      type: "success",
-      refresh: refreshToken,
-      access: tokenPayload.access_token,
-      expires: Date.now() + tokenPayload.expires_in * 1000,
-      email: userInfo.email,
+      type: "failed",
+      error: error instanceof Error ? error.message : "Unknown error",
     };
+  }
+}
+
+/**
+ * Exchange an authorization code using a known PKCE verifier.
+ */
+export async function exchangeGeminiWithVerifier(
+  code: string,
+  verifier: string,
+): Promise<GeminiTokenExchangeResult> {
+  try {
+    return await exchangeGeminiWithVerifierInternal(code, verifier);
   } catch (error) {
     return {
       type: "failed",
@@ -161,3 +134,56 @@ export async function exchangeGemini(
     };
   }
 }
+
+async function exchangeGeminiWithVerifierInternal(
+  code: string,
+  verifier: string,
+): Promise<GeminiTokenExchangeResult> {
+  const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: new URLSearchParams({
+      client_id: GEMINI_CLIENT_ID,
+      client_secret: GEMINI_CLIENT_SECRET,
+      code,
+      grant_type: "authorization_code",
+      redirect_uri: GEMINI_REDIRECT_URI,
+      code_verifier: verifier,
+    }),
+  });
+
+  if (!tokenResponse.ok) {
+    const errorText = await tokenResponse.text();
+    return { type: "failed", error: errorText };
+  }
+
+  const tokenPayload = (await tokenResponse.json()) as GeminiTokenResponse;
+
+  const userInfoResponse = await fetch(
+    "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
+    {
+      headers: {
+        Authorization: `Bearer ${tokenPayload.access_token}`,
+      },
+    },
+  );
+
+  const userInfo = userInfoResponse.ok
+    ? ((await userInfoResponse.json()) as GeminiUserInfo)
+    : {};
+
+  const refreshToken = tokenPayload.refresh_token;
+  if (!refreshToken) {
+    return { type: "failed", error: "Missing refresh token in response" };
+  }
+
+  return {
+    type: "success",
+    refresh: refreshToken,
+    access: tokenPayload.access_token,
+    expires: Date.now() + tokenPayload.expires_in * 1000,
+    email: userInfo.email,
+  };
+}

package/src/plugin/request.ts

@@ -13,6 +13,137 @@ const STREAM_ACTION = "streamGenerateContent";
 const MODEL_FALLBACKS: Record<string, string> = {
   "gemini-2.5-flash-image": "gemini-2.5-flash",
 };
+
+interface GeminiFunctionCallPart {
+  functionCall?: {
+    name: string;
+    args?: Record<string, unknown>;
+    [key: string]: unknown;
+  };
+  thoughtSignature?: string;
+  [key: string]: unknown;
+}
+
+interface GeminiContentPart {
+  role?: string;
+  parts?: GeminiFunctionCallPart[];
+  [key: string]: unknown;
+}
+
+interface OpenAIToolCall {
+  id?: string;
+  type?: string;
+  function?: {
+    name?: string;
+    arguments?: string;
+    [key: string]: unknown;
+  };
+  [key: string]: unknown;
+}
+
+interface OpenAIMessage {
+  role?: string;
+  content?: string | null;
+  tool_calls?: OpenAIToolCall[];
+  tool_call_id?: string;
+  name?: string;
+  [key: string]: unknown;
+}
+
+/**
+ * Transforms OpenAI tool_calls to Gemini functionCall format and adds thoughtSignature.
+ * This ensures compatibility when OpenCode sends OpenAI-format function calls.
+ */
+function transformOpenAIToolCalls(requestPayload: Record<string, unknown>): void {
+  const messages = requestPayload.messages;
+  if (!messages || !Array.isArray(messages)) {
+    return;
+  }
+
+  for (const message of messages) {
+    if (message && typeof message === "object") {
+      const msgObj = message as OpenAIMessage;
+      const toolCalls = msgObj.tool_calls;
+      if (toolCalls && Array.isArray(toolCalls) && toolCalls.length > 0) {
+        const parts: GeminiFunctionCallPart[] = [];
+
+        if (typeof msgObj.content === "string" && msgObj.content.length > 0) {
+          parts.push({ text: msgObj.content });
+        }
+
+        for (const toolCall of toolCalls) {
+          if (toolCall && typeof toolCall === "object") {
+            const functionObj = toolCall.function;
+            if (functionObj && typeof functionObj === "object") {
+              const name = functionObj.name;
+              const argsStr = functionObj.arguments;
+              let args: Record<string, unknown> = {};
+              if (typeof argsStr === "string") {
+                try {
+                  args = JSON.parse(argsStr) as Record<string, unknown>;
+                } catch {
+                  args = {};
+                }
+              }
+
+              parts.push({
+                functionCall: {
+                  name: name ?? "",
+                  args,
+                },
+                thoughtSignature: "skip_thought_signature_validator",
+              });
+            }
+          }
+        }
+
+        msgObj.parts = parts;
+        delete msgObj.tool_calls;
+        delete msgObj.content;
+      }
+    }
+  }
+}
+
+/**
+ * Adds thoughtSignature to function call parts in the request payload.
+ * Gemini 3+ models require thoughtSignature for function calls when using thinking capabilities.
+ * This must be applied to all content blocks in the conversation history.
+ * Handles both flat contents arrays and nested request.contents (wrapped bodies).
+ */
+function addThoughtSignaturesToFunctionCalls(requestPayload: Record<string, unknown>): void {
+  const processContents = (contents: unknown): void => {
+    if (!contents || !Array.isArray(contents)) {
+      return;
+    }
+
+    for (const content of contents) {
+      if (content && typeof content === "object") {
+        const contentObj = content as Record<string, unknown>;
+        const parts = contentObj.parts;
+        if (parts && Array.isArray(parts)) {
+          for (const part of parts) {
+            if (part && typeof part === "object") {
+              const partObj = part as Record<string, unknown>;
+              if (partObj.functionCall && !partObj.thoughtSignature) {
+                partObj.thoughtSignature = "skip_thought_signature_validator";
+              }
+            }
+          }
+        }
+      }
+    }
+  };
+
+  processContents(requestPayload.contents);
+
+  const nestedRequest = requestPayload.request;
+  if (nestedRequest && typeof nestedRequest === "object") {
+    const requestObj = nestedRequest as Record<string, unknown>;
+    processContents(requestObj.contents);
+  }
+}
+
 /**
  * Detects Gemini/Generative Language API requests by URL.
  * @param input Request target passed to fetch.
@@ -155,6 +286,9 @@ export function prepareGeminiRequest(
       } else {
         const requestPayload: Record<string, unknown> = { ...parsedBody };
 
+        transformOpenAIToolCalls(requestPayload);
+        addThoughtSignaturesToFunctionCalls(requestPayload);
+
         const rawGenerationConfig = requestPayload.generationConfig as Record<string, unknown> | undefined;
         const normalizedThinking = normalizeThinkingConfig(rawGenerationConfig?.thinkingConfig);
         if (normalizedThinking) {

package/src/plugin.ts

@@ -1,7 +1,11 @@
 import { spawn } from "node:child_process";
 
 import { GEMINI_PROVIDER_ID, GEMINI_REDIRECT_URI } from "./constants";
-import { authorizeGemini, exchangeGemini } from "./gemini/oauth";
+import {
+  authorizeGemini,
+  exchangeGemini,
+  exchangeGeminiWithVerifier,
+} from "./gemini/oauth";
 import type { GeminiTokenExchangeResult } from "./gemini/oauth";
 import { accessTokenExpired, isOAuthAuth } from "./plugin/auth";
 import { ensureProjectContext } from "./plugin/project";
@@ -122,7 +126,7 @@ export const GeminiCLIOAuthPlugin = async (
             projectId: projectContext.effectiveProjectId,
           });
 
-          const response = await fetch(request, transformedInit);
+          const response = await fetchWithRetry(request, transformedInit);
           return transformGeminiResponse(response, streaming, debugContext, requestedModel);
         },
       };
@@ -146,16 +150,18 @@ export const GeminiCLIOAuthPlugin = async (
             } catch (error) {
               if (error instanceof Error) {
                 console.log(
-                  `Warning: Couldn't start the local callback listener (${error.message}). You'll need to paste the callback URL.`,
+                  `Warning: Couldn't start the local callback listener (${error.message}). You'll need to paste the callback URL or authorization code.`,
                 );
               } else {
                 console.log(
-                  "Warning: Couldn't start the local callback listener. You'll need to paste the callback URL.",
+                  "Warning: Couldn't start the local callback listener. You'll need to paste the callback URL or authorization code.",
                 );
               }
             }
           } else {
-            console.log("Headless environment detected. You'll need to paste the callback URL.");
+            console.log(
+              "Headless environment detected. You'll need to paste the callback URL or authorization code.",
+            );
           }
 
           const authorization = await authorizeGemini();
@@ -201,22 +207,24 @@ export const GeminiCLIOAuthPlugin = async (
           return {
             url: authorization.url,
             instructions:
-              "Complete OAuth in your browser, then paste the full redirected URL (e.g., http://localhost:8085/oauth2callback?code=...&state=...)",
+              "Complete OAuth in your browser, then paste the full redirected URL (e.g., http://localhost:8085/oauth2callback?code=...&state=...) or just the authorization code.",
             method: "code",
             callback: async (callbackUrl: string): Promise<GeminiTokenExchangeResult> => {
               try {
-                const url = new URL(callbackUrl);
-                const code = url.searchParams.get("code");
-                const state = url.searchParams.get("state");
+                const { code, state } = parseOAuthCallbackInput(callbackUrl);
 
-                if (!code || !state) {
+                if (!code) {
                   return {
                     type: "failed",
-                    error: "Missing code or state in callback URL",
+                    error: "Missing authorization code in callback input",
                   };
                 }
 
-                return exchangeGemini(code, state);
+                if (state) {
+                  return exchangeGemini(code, state);
+                }
+
+                return exchangeGeminiWithVerifier(code, authorization.verifier);
               } catch (error) {
                 return {
                   type: "failed",
@@ -238,6 +246,11 @@ export const GeminiCLIOAuthPlugin = async (
 
 export const GoogleOAuthPlugin = GeminiCLIOAuthPlugin;
 
+const RETRYABLE_STATUS_CODES = new Set([429, 503]);
+const DEFAULT_MAX_RETRIES = 2;
+const DEFAULT_BASE_DELAY_MS = 800;
+const DEFAULT_MAX_DELAY_MS = 8000;
+
 function toUrlString(value: RequestInfo): string {
   if (typeof value === "string") {
     return value;
@@ -249,6 +262,37 @@ function toUrlString(value: RequestInfo): string {
   return value.toString();
 }
 
+function parseOAuthCallbackInput(input: string): { code?: string; state?: string } {
+  const trimmed = input.trim();
+  if (!trimmed) {
+    return {};
+  }
+
+  if (/^https?:\/\//i.test(trimmed)) {
+    try {
+      const url = new URL(trimmed);
+      return {
+        code: url.searchParams.get("code") || undefined,
+        state: url.searchParams.get("state") || undefined,
+      };
+    } catch {
+      return {};
+    }
+  }
+
+  const candidate = trimmed.startsWith("?") ? trimmed.slice(1) : trimmed;
+  if (candidate.includes("=")) {
+    const params = new URLSearchParams(candidate);
+    const code = params.get("code") || undefined;
+    const state = params.get("state") || undefined;
+    if (code || state) {
+      return { code, state };
+    }
+  }
+
+  return { code: trimmed };
+}
+
 function openBrowserUrl(url: string): void {
   try {
     // Best-effort: don't block auth flow if spawning fails.
@@ -269,3 +313,198 @@ function openBrowserUrl(url: string): void {
   } catch {
   }
 }
+
+async function fetchWithRetry(input: RequestInfo, init: RequestInit | undefined): Promise<Response> {
+  const maxRetries = DEFAULT_MAX_RETRIES;
+  const baseDelayMs = DEFAULT_BASE_DELAY_MS;
+  const maxDelayMs = DEFAULT_MAX_DELAY_MS;
+
+  if (!canRetryRequest(init)) {
+    return fetch(input, init);
+  }
+
+  let attempt = 0;
+  while (true) {
+    const response = await fetch(input, init);
+    if (!RETRYABLE_STATUS_CODES.has(response.status) || attempt >= maxRetries) {
+      return response;
+    }
+
+    const delayMs = await getRetryDelayMs(response, attempt, baseDelayMs, maxDelayMs);
+    if (!delayMs || delayMs <= 0) {
+      return response;
+    }
+
+    if (init?.signal?.aborted) {
+      return response;
+    }
+
+    await wait(delayMs);
+    attempt += 1;
+  }
+}
+
+function canRetryRequest(init: RequestInit | undefined): boolean {
+  if (!init?.body) {
+    return true;
+  }
+
+  const body = init.body;
+  if (typeof body === "string") {
+    return true;
+  }
+  if (typeof URLSearchParams !== "undefined" && body instanceof URLSearchParams) {
+    return true;
+  }
+  if (typeof ArrayBuffer !== "undefined" && body instanceof ArrayBuffer) {
+    return true;
+  }
+  if (typeof ArrayBuffer !== "undefined" && ArrayBuffer.isView(body)) {
+    return true;
+  }
+  if (typeof Blob !== "undefined" && body instanceof Blob) {
+    return true;
+  }
+
+  return false;
+}
+
+async function getRetryDelayMs(
+  response: Response,
+  attempt: number,
+  baseDelayMs: number,
+  maxDelayMs: number,
+): Promise<number | null> {
+  const headerDelayMs = parseRetryAfterMs(response.headers.get("retry-after-ms"));
+  if (headerDelayMs !== null) {
+    return clampDelay(headerDelayMs, maxDelayMs);
+  }
+
+  const retryAfter = parseRetryAfter(response.headers.get("retry-after"));
+  if (retryAfter !== null) {
+    return clampDelay(retryAfter, maxDelayMs);
+  }
+
+  const bodyDelayMs = await parseRetryDelayFromBody(response);
+  if (bodyDelayMs !== null) {
+    return clampDelay(bodyDelayMs, maxDelayMs);
+  }
+
+  const fallback = baseDelayMs * Math.pow(2, attempt);
+  return clampDelay(fallback, maxDelayMs);
+}
+
+function clampDelay(delayMs: number, maxDelayMs: number): number {
+  if (!Number.isFinite(delayMs)) {
+    return maxDelayMs;
+  }
+  return Math.min(Math.max(0, delayMs), maxDelayMs);
+}
+
+function parseRetryAfterMs(value: string | null): number | null {
+  if (!value) {
+    return null;
+  }
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return null;
+  }
+  return parsed;
+}
+
+function parseRetryAfter(value: string | null): number | null {
+  if (!value) {
+    return null;
+  }
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return null;
+  }
+  const asNumber = Number(trimmed);
+  if (Number.isFinite(asNumber)) {
+    return Math.max(0, Math.round(asNumber * 1000));
+  }
+  const asDate = Date.parse(trimmed);
+  if (!Number.isNaN(asDate)) {
+    return Math.max(0, asDate - Date.now());
+  }
+  return null;
+}
+
+async function parseRetryDelayFromBody(response: Response): Promise<number | null> {
+  let text = "";
+  try {
+    text = await response.clone().text();
+  } catch {
+    return null;
+  }
+
+  if (!text) {
+    return null;
+  }
+
+  let parsed: any;
+  try {
+    parsed = JSON.parse(text);
+  } catch {
+    return null;
+  }
+
+  const details = parsed?.error?.details;
+  if (!Array.isArray(details)) {
+    return null;
+  }
+
+  for (const detail of details) {
+    if (!detail || typeof detail !== "object") {
+      continue;
+    }
+    const retryDelay = (detail as Record<string, unknown>).retryDelay;
+    if (!retryDelay) {
+      continue;
+    }
+    const delayMs = parseRetryDelayValue(retryDelay);
+    if (delayMs !== null) {
+      return delayMs;
+    }
+  }
+
+  return null;
+}
+
+function parseRetryDelayValue(value: unknown): number | null {
+  if (!value) {
+    return null;
+  }
+
+  if (typeof value === "string") {
+    const match = value.match(/^([\d.]+)s$/);
+    if (!match || !match[1]) {
+      return null;
+    }
+    const seconds = Number(match[1]);
+    if (!Number.isFinite(seconds) || seconds <= 0) {
+      return null;
+    }
+    return Math.round(seconds * 1000);
+  }
+
+  if (typeof value === "object") {
+    const record = value as Record<string, unknown>;
+    const seconds = typeof record.seconds === "number" ? record.seconds : 0;
+    const nanos = typeof record.nanos === "number" ? record.nanos : 0;
+    if (!Number.isFinite(seconds) || !Number.isFinite(nanos)) {
+      return null;
+    }
+    const totalMs = Math.round(seconds * 1000 + nanos / 1e6);
+    return totalMs > 0 ? totalMs : null;
+  }
+
+  return null;
+}
+
+function wait(ms: number): Promise<void> {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
+}