opencode-gemini-cli-oauth 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yusuf
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,256 @@
+# OpenCode Gemini CLI OAuth Plugin
+
+Use Gemini models in OpenCode with your **Google account quota** - no API keys needed!
+
+This plugin integrates Gemini CLI's OAuth authentication with OpenCode, allowing you to use Google's free Gemini quota without generating API keys.
+
+## ✨ Features
+
+- 🔐 **OAuth Authentication** - Reuses Gemini CLI credentials from `~/.gemini/oauth_creds.json`
+- 👥 **Multi-Account Support** - Automatic rotation across multiple Google accounts
+- 🔄 **Auto Token Refresh** - Handles expired tokens seamlessly
+- 🚦 **Rate Limit Handling** - Auto-switches to next account when rate limited
+- 🤝 **Antigravity Compatible** - Works alongside `opencode-antigravity-auth` plugin
+- 🆓 **Free Quota** - Use Google's free tier quota (1,500 requests/day per account)
+
+## 📦 Installation
+
+### Prerequisites
+
+1. **Gemini CLI** must be installed and authenticated:
+   ```bash
+   npm install -g @google/gemini-cli
+   gemini auth login  # Authenticate with your Google account
+   ```
+
+2. **OpenCode** v1.0.0 or higher
+
+### Install Plugin
+
+```bash
+# Clone repository
+git clone https://github.com/yourusername/opencode-gemini-cli-oauth.git
+cd opencode-gemini-cli-oauth
+
+# Install dependencies
+npm install
+
+# Build
+npm run build
+
+# Install globally
+npm link
+```
+
+### Configure OpenCode
+
+Add to `~/.config/opencode/opencode.json`:
+
+```json
+{
+  "plugin": [
+    "opencode-antigravity-auth@beta",
+    "opencode-gemini-cli-oauth"
+  ],
+  "provider": {
+    "gemini-cli-oauth": {
+      "npm": "@ai-sdk/google",
+      "models": {
+        "gemini-2.5-flash-exp": {
+          "name": "Gemini 2.5 Flash (Google Account)",
+          "limit": { "context": 1048576, "output": 65536 },
+          "modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
+        }
+      }
+    }
+  }
+}
+```
+
+## 🚀 Usage
+
+### 1. Authenticate with Gemini CLI
+
+```bash
+# Login with your Google account
+gemini auth login
+
+# Verify authentication
+gemini "hello"
+```
+
+### 2. Launch OpenCode
+
+```bash
+opencode
+```
+
+### 3. Select Model
+
+In OpenCode:
+- Press `Ctrl+P` → "Switch Model"
+- Choose "Gemini 2.5 Flash (Google Account)" or any model with "(Google Account)"
+- Start chatting!
+
+## 🔀 3-Way Authentication Options
+
+After installing this plugin, you have **3 authentication methods** for Google models:
+
+| Method | Provider | Models | Source | Quota |
+|--------|----------|--------|--------|-------|
+| **1. Google Account (OAuth)** | `gemini-cli-oauth` | Gemini 2.5 Flash/Pro, Gemini 2.0 Flash | This plugin | Google account free tier |
+| **2. API Key** | `google-api-key` | Gemini 1.5/2.5 models | Generated from [AI Studio](https://aistudio.google.com/apikey) | API key quota |
+| **3. Antigravity** | `google` | Gemini 3 Pro/Flash, Claude Sonnet/Opus | [opencode-antigravity-auth](https://github.com/NoeFabris/opencode-antigravity-auth) | Antigravity quota |
+
+All three can coexist without conflicts!
+
+## 👥 Multi-Account Setup
+
+To rotate across multiple Google accounts:
+
+1. **Authenticate each account** with Gemini CLI:
+   ```bash
+   gemini auth login  # Login with account 1
+   # Complete OAuth flow
+
+   # Repeat for more accounts (Gemini CLI will store them)
+   ```
+
+2. **Plugin automatically rotates** between accounts when:
+   - An account hits rate limit (429 error)
+   - Distributing requests evenly
+
+3. **Check account pool**:
+   ```bash
+   cat ~/.gemini/opencode-plugin/account_pool.json
+   ```
+
+## 🔧 How It Works
+
+1. **OAuth Token Injection**
+   - Plugin reads credentials from `~/.gemini/oauth_creds.json` (created by Gemini CLI)
+   - Injects `Authorization: Bearer <access_token>` header to Gemini API requests
+   - Removes `?key=` parameter from URLs (OAuth doesn't need it)
+
+2. **Request Interception**
+   - Only intercepts requests to `generativelanguage.googleapis.com`
+   - Other providers (Antigravity, standard Google) are unaffected
+
+3. **Token Refresh**
+   - Monitors token expiry (`expiry_date` field)
+   - Auto-refreshes 5 minutes before expiration
+   - Uses `refresh_token` to get new `access_token`
+
+4. **Rate Limit Handling**
+   - Detects 429 responses
+   - Marks account as rate-limited with `retry-after` timestamp
+   - Switches to next available account
+   - Retries request automatically
+
+## 📊 Quota Management
+
+**Free Tier Limits (per Google account):**
+- **Requests:** 1,500 requests/day
+- **Tokens:** 1,000,000 tokens/day
+- **RPM:** 15 requests/minute (Gemini 2.5 Flash)
+
+**With 5 accounts, you get:**
+- 7,500 requests/day
+- 5,000,000 tokens/day
+- Automatic rotation on rate limits
+
+## 🐛 Troubleshooting
+
+### "No OAuth credentials found"
+
+```bash
+# Re-authenticate with Gemini CLI
+gemini auth login
+```
+
+### "Failed to refresh access token"
+
+```bash
+# Clear cached credentials and re-auth
+rm ~/.gemini/oauth_creds.json
+gemini auth login
+```
+
+### Plugin not loading
+
+```bash
+# Check plugin is installed
+npm list -g opencode-gemini-cli-oauth
+
+# Re-link if needed
+cd ~/projects/opencode-gemini-cli-oauth
+npm link
+```
+
+### Rate limited on all accounts
+
+```bash
+# Check account pool status
+cat ~/.gemini/opencode-plugin/account_pool.json
+
+# Clear rate limit timestamps
+echo '{"accounts":[],"currentIndex":0}' > ~/.gemini/opencode-plugin/account_pool.json
+
+# Or wait for retry-after period to expire
+```
+
+## 🔒 Security Notes
+
+1. **OAuth credentials are stored locally** in `~/.gemini/oauth_creds.json`
+2. **Client ID/Secret are public** (safe for "installed applications" per Google OAuth guidelines)
+3. **Tokens auto-refresh** - no manual intervention needed
+4. **No credentials sent to third parties** - direct Google API communication only
+
+## 📚 API Reference
+
+### Exported Classes
+
+```typescript
+import {
+  OAuthManager,        // OAuth token management
+  AccountManager,      // Multi-account rotation
+  StorageManager,      // Credentials storage
+} from 'opencode-gemini-cli-oauth';
+
+// Example: Get current access token
+const oauthManager = new OAuthManager();
+const token = await oauthManager.getAccessToken();
+
+// Example: Check account pool stats
+const accountManager = new AccountManager();
+const stats = await accountManager.getPoolStats();
+console.log(stats); // { totalAccounts: 5, availableAccounts: 4, rateLimitedAccounts: 1 }
+```
+
+## 🤝 Contributing
+
+Contributions welcome! Please:
+
+1. Fork the repository
+2. Create a feature branch
+3. Submit a pull request
+
+## 📄 License
+
+MIT License - see LICENSE file for details
+
+## 🙏 Credits
+
+- Built by [@yusuf](https://github.com/yourusername)
+- Inspired by [opencode-antigravity-auth](https://github.com/NoeFabris/opencode-antigravity-auth)
+- Uses [Google Auth Library](https://github.com/googleapis/google-auth-library-nodejs)
+
+## 🔗 Related Projects
+
+- [Gemini CLI](https://github.com/google/generative-ai-cli) - Official Google Gemini CLI
+- [OpenCode](https://opencode.ai) - AI-powered code editor
+- [OpenCode Antigravity Auth](https://github.com/NoeFabris/opencode-antigravity-auth) - Antigravity integration
+
+---
+
+**Made with ❤️ for the OpenCode community**

package/dist/auth/account-manager.d.ts

@@ -0,0 +1,50 @@
+/**
+ * @license
+ * Copyright 2025 Yusuf
+ * SPDX-License-Identifier: MIT
+ */
+import type { AccountPoolEntry } from '../types.js';
+/**
+ * Account manager for multi-account rotation and quota management
+ */
+export declare class AccountManager {
+    private oauthManager;
+    constructor();
+    /**
+     * Initialize account pool from Gemini CLI credentials
+     */
+    initialize(): Promise<void>;
+    /**
+     * Get current account from pool
+     */
+    getCurrentAccount(): Promise<AccountPoolEntry | null>;
+    /**
+     * Get access token for current account
+     */
+    getCurrentAccessToken(): Promise<string>;
+    /**
+     * Rotate to next account in pool
+     */
+    rotateAccount(): Promise<AccountPoolEntry | null>;
+    /**
+     * Mark account as rate limited
+     */
+    markAccountRateLimited(email: string, retryAfterSeconds: number): Promise<void>;
+    /**
+     * Get next available account (skips rate-limited accounts)
+     */
+    getNextAvailableAccount(): Promise<AccountPoolEntry | null>;
+    /**
+     * Increment request count for current account
+     */
+    incrementRequestCount(): Promise<void>;
+    /**
+     * Get account pool statistics
+     */
+    getPoolStats(): Promise<{
+        totalAccounts: number;
+        availableAccounts: number;
+        rateLimitedAccounts: number;
+    }>;
+}
+//# sourceMappingURL=account-manager.d.ts.map

package/dist/auth/account-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/auth/account-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAoB,MAAM,aAAa,CAAC;AAEtE;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,YAAY,CAAe;;IAMnC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCjC;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAI3D;;OAEG;IACG,qBAAqB,IAAI,OAAO,CAAC,MAAM,CAAC;IAqC9C;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAIvD;;OAEG;IACG,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKrF;;OAEG;IACG,uBAAuB,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAoBjE;;OAEG;IACG,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IAU5C;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC;QAC5B,aAAa,EAAE,MAAM,CAAC;QACtB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;CAcH"}

package/dist/auth/account-manager.js

@@ -0,0 +1,142 @@
+/**
+ * @license
+ * Copyright 2025 Yusuf
+ * SPDX-License-Identifier: MIT
+ */
+import { StorageManager } from '../storage/storage.js';
+import { OAuthManager } from './oauth.js';
+/**
+ * Account manager for multi-account rotation and quota management
+ */
+export class AccountManager {
+    oauthManager;
+    constructor() {
+        this.oauthManager = new OAuthManager();
+    }
+    /**
+     * Initialize account pool from Gemini CLI credentials
+     */
+    async initialize() {
+        const credentials = await StorageManager.readOAuthCredentials();
+        if (!credentials) {
+            console.warn('⚠️  No OAuth credentials found. Run: gemini auth login');
+            return;
+        }
+        // Get user info
+        const userInfo = await this.oauthManager.getUserInfo();
+        // Check if account already exists in pool
+        const pool = await StorageManager.readAccountPool();
+        const existingAccount = pool.accounts.find((acc) => acc.email === userInfo.email);
+        if (existingAccount) {
+            // Update existing account
+            await StorageManager.updateAccountInPool(userInfo.email, {
+                credentials,
+                lastUsed: Date.now(),
+            });
+        }
+        else {
+            // Add new account
+            const newEntry = {
+                email: userInfo.email,
+                credentials,
+                lastUsed: Date.now(),
+                requestCount: 0,
+            };
+            await StorageManager.upsertAccountInPool(newEntry);
+        }
+    }
+    /**
+     * Get current account from pool
+     */
+    async getCurrentAccount() {
+        return await StorageManager.getCurrentAccount();
+    }
+    /**
+     * Get access token for current account
+     */
+    async getCurrentAccessToken() {
+        const account = await this.getCurrentAccount();
+        if (!account) {
+            // Fallback to default OAuth credentials
+            return await this.oauthManager.getAccessToken();
+        }
+        // Check if token needs refresh
+        const now = Date.now();
+        const expiryTime = account.credentials.expiry_date || 0;
+        const needsRefresh = expiryTime - now < 5 * 60 * 1000; // 5 minutes buffer
+        if (needsRefresh) {
+            const refreshResult = await this.oauthManager.refreshAccessToken(account.credentials.refresh_token);
+            if (refreshResult.success && refreshResult.accessToken) {
+                // Update account credentials in pool
+                const updatedCredentials = {
+                    ...account.credentials,
+                    access_token: refreshResult.accessToken,
+                    expiry_date: refreshResult.expiryDate || Date.now() + 3600 * 1000,
+                };
+                await StorageManager.updateAccountInPool(account.email, {
+                    credentials: updatedCredentials,
+                });
+                return refreshResult.accessToken;
+            }
+        }
+        return account.credentials.access_token;
+    }
+    /**
+     * Rotate to next account in pool
+     */
+    async rotateAccount() {
+        return await StorageManager.rotateToNextAccount();
+    }
+    /**
+     * Mark account as rate limited
+     */
+    async markAccountRateLimited(email, retryAfterSeconds) {
+        const rateLimitUntil = Date.now() + retryAfterSeconds * 1000;
+        await StorageManager.updateAccountInPool(email, { rateLimitUntil });
+    }
+    /**
+     * Get next available account (skips rate-limited accounts)
+     */
+    async getNextAvailableAccount() {
+        const pool = await StorageManager.readAccountPool();
+        const now = Date.now();
+        // Find first account that is not rate limited
+        for (let i = 0; i < pool.accounts.length; i++) {
+            const account = pool.accounts[(pool.currentIndex + i) % pool.accounts.length];
+            if (!account.rateLimitUntil || account.rateLimitUntil < now) {
+                // Update current index
+                pool.currentIndex = (pool.currentIndex + i) % pool.accounts.length;
+                await StorageManager.writeAccountPool(pool);
+                return account;
+            }
+        }
+        // All accounts are rate limited
+        return null;
+    }
+    /**
+     * Increment request count for current account
+     */
+    async incrementRequestCount() {
+        const account = await this.getCurrentAccount();
+        if (account) {
+            await StorageManager.updateAccountInPool(account.email, {
+                requestCount: account.requestCount + 1,
+                lastUsed: Date.now(),
+            });
+        }
+    }
+    /**
+     * Get account pool statistics
+     */
+    async getPoolStats() {
+        const pool = await StorageManager.readAccountPool();
+        const now = Date.now();
+        const rateLimitedCount = pool.accounts.filter((acc) => acc.rateLimitUntil && acc.rateLimitUntil > now).length;
+        return {
+            totalAccounts: pool.accounts.length,
+            availableAccounts: pool.accounts.length - rateLimitedCount,
+            rateLimitedAccounts: rateLimitedCount,
+        };
+    }
+}
+//# sourceMappingURL=account-manager.js.map

package/dist/auth/account-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/auth/account-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1C;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,YAAY,CAAe;IAEnC;QACE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,oBAAoB,EAAE,CAAC;QAEhE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACvE,OAAO;QACT,CAAC;QAED,gBAAgB;QAChB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;QAEvD,0CAA0C;QAC1C,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,eAAe,EAAE,CAAC;QACpD,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,CAAC,CAAC;QAElF,IAAI,eAAe,EAAE,CAAC;YACpB,0BAA0B;YAC1B,MAAM,cAAc,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,EAAE;gBACvD,WAAW;gBACX,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,kBAAkB;YAClB,MAAM,QAAQ,GAAqB;gBACjC,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,WAAW;gBACX,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;gBACpB,YAAY,EAAE,CAAC;aAChB,CAAC;YACF,MAAM,cAAc,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,OAAO,MAAM,cAAc,CAAC,iBAAiB,EAAE,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,wCAAwC;YACxC,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QAClD,CAAC;QAED,+BAA+B;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,IAAI,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,UAAU,GAAG,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,mBAAmB;QAE1E,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAC9D,OAAO,CAAC,WAAW,CAAC,aAAa,CAClC,CAAC;YAEF,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;gBACvD,qCAAqC;gBACrC,MAAM,kBAAkB,GAAqB;oBAC3C,GAAG,OAAO,CAAC,WAAW;oBACtB,YAAY,EAAE,aAAa,CAAC,WAAW;oBACvC,WAAW,EAAE,aAAa,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI;iBAClE,CAAC;gBAEF,MAAM,cAAc,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,EAAE;oBACtD,WAAW,EAAE,kBAAkB;iBAChC,CAAC,CAAC;gBAEH,OAAO,aAAa,CAAC,WAAW,CAAC;YACnC,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,OAAO,MAAM,cAAc,CAAC,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,KAAa,EAAE,iBAAyB;QACnE,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC;QAC7D,MAAM,cAAc,CAAC,mBAAmB,CAAC,KAAK,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB;QAC3B,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,eAAe,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,8CAA8C;QAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAE9E,IAAI,CAAC,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,GAAG,GAAG,EAAE,CAAC;gBAC5D,uBAAuB;gBACvB,IAAI,CAAC,YAAY,GAAG,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnE,MAAM,cAAc,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;gBAC5C,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,cAAc,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,EAAE;gBACtD,YAAY,EAAE,OAAO,CAAC,YAAY,GAAG,CAAC;gBACtC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAKhB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,eAAe,EAAE,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAC3C,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,cAAc,GAAG,GAAG,CACxD,CAAC,MAAM,CAAC;QAET,OAAO;YACL,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YACnC,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,gBAAgB;YAC1D,mBAAmB,EAAE,gBAAgB;SACtC,CAAC;IACJ,CAAC;CACF"}

package/dist/auth/oauth.d.ts

@@ -0,0 +1,40 @@
+/**
+ * @license
+ * Copyright 2025 Yusuf
+ * SPDX-License-Identifier: MIT
+ */
+import { OAuth2Client } from 'google-auth-library';
+import type { TokenRefreshResult } from '../types.js';
+/**
+ * OAuth authentication manager
+ */
+export declare class OAuthManager {
+    private client;
+    constructor();
+    /**
+     * Get access token from stored credentials
+     * Automatically refreshes if expired or near expiry
+     */
+    getAccessToken(): Promise<string>;
+    /**
+     * Refresh access token using refresh token
+     */
+    refreshAccessToken(refreshToken: string, retryCount?: number): Promise<TokenRefreshResult>;
+    /**
+     * Verify if credentials are valid
+     */
+    verifyCredentials(): Promise<boolean>;
+    /**
+     * Get user info from token
+     */
+    getUserInfo(): Promise<{
+        email: string;
+        name?: string;
+        picture?: string;
+    }>;
+    /**
+     * Create OAuth2Client with credentials
+     */
+    createAuthenticatedClient(): Promise<OAuth2Client>;
+}
+//# sourceMappingURL=oauth.d.ts.map

package/dist/auth/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AASnD,OAAO,KAAK,EAAoB,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAExE;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAe;;IAS7B;;;OAGG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IA6BvC;;OAEG;IACG,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,UAAU,SAAI,GACb,OAAO,CAAC,kBAAkB,CAAC;IA0C9B;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC;IAU3C;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAWhF;;OAEG;IACG,yBAAyB,IAAI,OAAO,CAAC,YAAY,CAAC;CAqBzD"}

package/dist/auth/oauth.js

@@ -0,0 +1,126 @@
+/**
+ * @license
+ * Copyright 2025 Yusuf
+ * SPDX-License-Identifier: MIT
+ */
+import { OAuth2Client } from 'google-auth-library';
+import { OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, TOKEN_EXPIRY_BUFFER_MS, MAX_REFRESH_RETRIES, } from '../constants.js';
+import { StorageManager } from '../storage/storage.js';
+/**
+ * OAuth authentication manager
+ */
+export class OAuthManager {
+    client;
+    constructor() {
+        this.client = new OAuth2Client({
+            clientId: OAUTH_CLIENT_ID,
+            clientSecret: OAUTH_CLIENT_SECRET,
+        });
+    }
+    /**
+     * Get access token from stored credentials
+     * Automatically refreshes if expired or near expiry
+     */
+    async getAccessToken() {
+        const credentials = await StorageManager.readOAuthCredentials();
+        if (!credentials) {
+            throw new Error('No OAuth credentials found. Please authenticate using Gemini CLI: gemini auth login');
+        }
+        // Check if token needs refresh
+        const now = Date.now();
+        const expiryTime = credentials.expiry_date || 0;
+        const needsRefresh = expiryTime - now < TOKEN_EXPIRY_BUFFER_MS;
+        if (needsRefresh) {
+            const refreshResult = await this.refreshAccessToken(credentials.refresh_token);
+            if (!refreshResult.success) {
+                throw new Error(`Failed to refresh access token: ${refreshResult.error}. Please re-authenticate using: gemini auth login`);
+            }
+            return refreshResult.accessToken;
+        }
+        return credentials.access_token;
+    }
+    /**
+     * Refresh access token using refresh token
+     */
+    async refreshAccessToken(refreshToken, retryCount = 0) {
+        try {
+            this.client.setCredentials({ refresh_token: refreshToken });
+            const { credentials } = await this.client.refreshAccessToken();
+            if (!credentials.access_token) {
+                throw new Error('No access token returned from refresh');
+            }
+            // Update stored credentials
+            const existingCreds = await StorageManager.readOAuthCredentials();
+            const updatedCreds = {
+                ...existingCreds,
+                access_token: credentials.access_token,
+                expiry_date: credentials.expiry_date || Date.now() + 3600 * 1000,
+                token_type: credentials.token_type || 'Bearer',
+            };
+            await StorageManager.writeOAuthCredentials(updatedCreds);
+            return {
+                success: true,
+                accessToken: credentials.access_token,
+                expiryDate: credentials.expiry_date || undefined,
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            // Retry on transient errors
+            if (retryCount < MAX_REFRESH_RETRIES) {
+                await new Promise((resolve) => setTimeout(resolve, 1000 * (retryCount + 1)));
+                return this.refreshAccessToken(refreshToken, retryCount + 1);
+            }
+            return {
+                success: false,
+                error: errorMessage,
+            };
+        }
+    }
+    /**
+     * Verify if credentials are valid
+     */
+    async verifyCredentials() {
+        try {
+            const token = await this.getAccessToken();
+            const tokenInfo = await this.client.getTokenInfo(token);
+            return !!tokenInfo.email;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    /**
+     * Get user info from token
+     */
+    async getUserInfo() {
+        const token = await this.getAccessToken();
+        const tokenInfo = await this.client.getTokenInfo(token);
+        return {
+            email: tokenInfo.email || 'unknown',
+            name: undefined,
+            picture: undefined,
+        };
+    }
+    /**
+     * Create OAuth2Client with credentials
+     */
+    async createAuthenticatedClient() {
+        const credentials = await StorageManager.readOAuthCredentials();
+        if (!credentials) {
+            throw new Error('No OAuth credentials found');
+        }
+        const client = new OAuth2Client({
+            clientId: OAUTH_CLIENT_ID,
+            clientSecret: OAUTH_CLIENT_SECRET,
+        });
+        client.setCredentials({
+            access_token: credentials.access_token,
+            refresh_token: credentials.refresh_token,
+            expiry_date: credentials.expiry_date,
+            token_type: credentials.token_type,
+        });
+        return client;
+    }
+}
+//# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EACL,eAAe,EACf,mBAAmB,EAEnB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAGvD;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,MAAM,CAAe;IAE7B;QACE,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC;YAC7B,QAAQ,EAAE,eAAe;YACzB,YAAY,EAAE,mBAAmB;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,oBAAoB,EAAE,CAAC;QAEhE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,qFAAqF,CACtF,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,WAAW,CAAC,WAAW,IAAI,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,UAAU,GAAG,GAAG,GAAG,sBAAsB,CAAC;QAE/D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YAE/E,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CACb,mCAAmC,aAAa,CAAC,KAAK,mDAAmD,CAC1G,CAAC;YACJ,CAAC;YAED,OAAO,aAAa,CAAC,WAAY,CAAC;QACpC,CAAC;QAED,OAAO,WAAW,CAAC,YAAY,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,YAAoB,EACpB,UAAU,GAAG,CAAC;QAEd,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC,CAAC;YAE5D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAE/D,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;YAED,4BAA4B;YAC5B,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,oBAAoB,EAAE,CAAC;YAClE,MAAM,YAAY,GAAqB;gBACrC,GAAG,aAAc;gBACjB,YAAY,EAAE,WAAW,CAAC,YAAY;gBACtC,WAAW,EAAE,WAAW,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI;gBAChE,UAAU,EAAE,WAAW,CAAC,UAAU,IAAI,QAAQ;aAC/C,CAAC;YAEF,MAAM,cAAc,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;YAEzD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,WAAW,CAAC,YAAY;gBACrC,UAAU,EAAE,WAAW,CAAC,WAAW,IAAI,SAAS;aACjD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE5E,4BAA4B;YAC5B,IAAI,UAAU,GAAG,mBAAmB,EAAE,CAAC;gBACrC,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC7E,OAAO,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YAC/D,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY;aACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAExD,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,SAAS;YACnC,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,SAAS;SACnB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,yBAAyB;QAC7B,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,oBAAoB,EAAE,CAAC;QAEhE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC;YAC9B,QAAQ,EAAE,eAAe;YACzB,YAAY,EAAE,mBAAmB;SAClC,CAAC,CAAC;QAEH,MAAM,CAAC,cAAc,CAAC;YACpB,YAAY,EAAE,WAAW,CAAC,YAAY;YACtC,aAAa,EAAE,WAAW,CAAC,aAAa;YACxC,WAAW,EAAE,WAAW,CAAC,WAAW;YACpC,UAAU,EAAE,WAAW,CAAC,UAAU;SACnC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/auth/request-interceptor.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @license
+ * Copyright 2025 Yusuf
+ * SPDX-License-Identifier: MIT
+ */
+import { AccountManager } from '../auth/account-manager.js';
+/**
+ * Create authenticated fetch function with OAuth token injection
+ */
+export declare function createAuthenticatedFetch(accountManager: AccountManager): typeof fetch;
+/**
+ * Create request interceptor for OpenCode plugin
+ */
+export declare function createRequestInterceptor(): Promise<{
+    fetch: typeof fetch;
+    accountManager: AccountManager;
+}>;
+//# sourceMappingURL=request-interceptor.d.ts.map

package/dist/auth/request-interceptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-interceptor.d.ts","sourceRoot":"","sources":["../../src/auth/request-interceptor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AA0B5D;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,cAAc,EAAE,cAAc,GAAG,OAAO,KAAK,CA6DrF;AAED;;GAEG;AACH,wBAAsB,wBAAwB;;;GAkB7C"}