opencode-gemini-oauth 1.0.0

package/README.md

@@ -0,0 +1,73 @@
+# opencode-gemini-oauth
+
+OpenCode plugin for Google Gemini authentication via OAuth. Use your Google AI Pro subscription quota without API billing.
+
+## Features
+
+- OAuth PKCE authentication with Google
+- Automatic token refresh
+- Request interception and transformation for Antigravity/Code Assist API
+- Token storage with secure local file
+
+## Installation
+
+Add to your `opencode.json`:
+
+```json
+{
+  "plugins": ["opencode-gemini-oauth@latest"]
+}
+```
+
+Or use the local path for development:
+
+```json
+{
+  "plugins": ["D:\\git\\opencode-gemini-oauth"]
+}
+```
+
+## Configuration
+
+In your `opencode.json`, configure the Google provider:
+
+```json
+{
+  "provider": {
+    "google": {
+      "npm": "opencode-gemini-oauth"
+    }
+  }
+}
+```
+
+## Usage
+
+1. Start OpenCode
+2. Select "OAuth with Google (Gemini)" authentication method
+3. Complete the OAuth flow in your browser
+4. Your Google AI Pro quota will be used for requests
+
+## Supported Models
+
+- `gemini-2.5-pro`
+- `gemini-2.5-flash`
+- `gemini-2.0-flash`
+- And other Gemini models available through your subscription
+
+## How It Works
+
+This plugin:
+1. Authenticates via Google OAuth using PKCE flow
+2. Stores refresh tokens locally in `%APPDATA%/opencode/gemini-oauth-accounts.json`
+3. Intercepts API requests to `generativelanguage.googleapis.com`
+4. Transforms them to use the Code Assist endpoint with your OAuth token
+5. Automatically refreshes expired tokens
+
+## Credits
+
+Based on the Antigravity OAuth flow used by Google's AI Studio and Cloud Code extensions.
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+import { Plugin } from '@opencode-ai/plugin';
+
+declare const GeminiOAuthPlugin: Plugin;
+
+export { GeminiOAuthPlugin as default };

package/dist/index.js

@@ -0,0 +1,502 @@
+// src/oauth.ts
+import { createServer } from "http";
+import { randomBytes, createHash } from "crypto";
+import { URL as URL2, URLSearchParams as URLSearchParams2 } from "url";
+
+// src/constants.ts
+var OAUTH_CONFIG = {
+  clientId: "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com",
+  clientSecret: "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",
+  redirectUri: "http://localhost:36742/oauth-callback",
+  port: 36742,
+  scopes: [
+    "https://www.googleapis.com/auth/cloud-platform",
+    "https://www.googleapis.com/auth/userinfo.email",
+    "https://www.googleapis.com/auth/userinfo.profile",
+    "https://www.googleapis.com/auth/cclog",
+    "https://www.googleapis.com/auth/experimentsandconfigs"
+  ],
+  authUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+  tokenUrl: "https://oauth2.googleapis.com/token"
+};
+var CODE_ASSIST_ENDPOINTS = [
+  "https://autopush-cloudcode-pa.sandbox.googleapis.com",
+  "https://cloudcode-pa.googleapis.com"
+];
+var CODE_ASSIST_HEADERS = {
+  "User-Agent": "antigravity/1.11.5",
+  "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1"
+};
+var STORAGE_FILE = "gemini-oauth-accounts.json";
+var TOKEN_REFRESH_BUFFER_MS = 60 * 1e3;
+
+// src/storage.ts
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function getStoragePath() {
+  const configDir = process.env.APPDATA || (process.platform === "darwin" ? join(homedir(), "Library", "Application Support") : join(homedir(), ".config"));
+  const opencodeDir = join(configDir, "opencode");
+  if (!existsSync(opencodeDir)) {
+    mkdirSync(opencodeDir, { recursive: true });
+  }
+  return join(opencodeDir, STORAGE_FILE);
+}
+function loadStorage() {
+  const path = getStoragePath();
+  if (!existsSync(path)) {
+    return { version: 1, accounts: [], activeIndex: 0 };
+  }
+  try {
+    const data = JSON.parse(readFileSync(path, "utf-8"));
+    return {
+      version: 1,
+      accounts: data.accounts || [],
+      activeIndex: data.activeIndex || 0
+    };
+  } catch {
+    return { version: 1, accounts: [], activeIndex: 0 };
+  }
+}
+function saveStorage(data) {
+  const path = getStoragePath();
+  writeFileSync(path, JSON.stringify(data, null, 2), "utf-8");
+}
+function getActiveAccount() {
+  const storage = loadStorage();
+  if (storage.accounts.length === 0) {
+    return null;
+  }
+  return storage.accounts[storage.activeIndex] || storage.accounts[0] || null;
+}
+function addOrUpdateAccount(account) {
+  const storage = loadStorage();
+  const existingIndex = storage.accounts.findIndex(
+    (a) => a.email === account.email
+  );
+  if (existingIndex >= 0) {
+    storage.accounts[existingIndex] = account;
+    storage.activeIndex = existingIndex;
+  } else {
+    storage.accounts.push(account);
+    storage.activeIndex = storage.accounts.length - 1;
+  }
+  saveStorage(storage);
+}
+
+// src/oauth.ts
+function generatePKCE() {
+  const verifier = randomBytes(32).toString("base64url").replace(/[^a-zA-Z0-9]/g, "").substring(0, 43);
+  const challenge = createHash("sha256").update(verifier).digest("base64url").replace(/[^a-zA-Z0-9\-_]/g, "");
+  return { verifier, challenge };
+}
+function generateState() {
+  return randomBytes(16).toString("hex");
+}
+function buildAuthUrl(state, codeChallenge) {
+  const params = new URLSearchParams2({
+    client_id: OAUTH_CONFIG.clientId,
+    redirect_uri: OAUTH_CONFIG.redirectUri,
+    response_type: "code",
+    scope: OAUTH_CONFIG.scopes.join(" "),
+    state,
+    code_challenge: codeChallenge,
+    code_challenge_method: "S256",
+    access_type: "offline",
+    prompt: "consent"
+  });
+  return `${OAUTH_CONFIG.authUrl}?${params.toString()}`;
+}
+async function exchangeCodeForTokens(code, codeVerifier) {
+  const response = await fetch(OAUTH_CONFIG.tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: new URLSearchParams2({
+      client_id: OAUTH_CONFIG.clientId,
+      client_secret: OAUTH_CONFIG.clientSecret,
+      code,
+      code_verifier: codeVerifier,
+      grant_type: "authorization_code",
+      redirect_uri: OAUTH_CONFIG.redirectUri
+    }).toString()
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Token exchange failed: ${error}`);
+  }
+  const data = await response.json();
+  return {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token,
+    expiresIn: data.expires_in
+  };
+}
+async function getUserInfo(accessToken) {
+  const response = await fetch(
+    "https://www.googleapis.com/oauth2/v2/userinfo",
+    {
+      headers: {
+        Authorization: `Bearer ${accessToken}`
+      }
+    }
+  );
+  if (!response.ok) {
+    throw new Error("Failed to get user info");
+  }
+  const data = await response.json();
+  return { email: data.email, name: data.name };
+}
+async function getProjectId(accessToken) {
+  try {
+    const response = await fetch(
+      "https://cloudcode-pa.googleapis.com/v1/userWorkspace",
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1"
+        }
+      }
+    );
+    if (response.ok) {
+      const data = await response.json();
+      return data.managedProjectId;
+    }
+  } catch {
+  }
+  return void 0;
+}
+async function startOAuthFlow() {
+  const { verifier, challenge } = generatePKCE();
+  const state = generateState();
+  const authUrl = buildAuthUrl(state, challenge);
+  return new Promise((resolveSetup, rejectSetup) => {
+    let callbackResolve;
+    let callbackReject;
+    const callbackPromise = new Promise((resolve, reject) => {
+      callbackResolve = resolve;
+      callbackReject = reject;
+    });
+    const server = createServer(async (req, res) => {
+      try {
+        const url = new URL2(req.url || "/", `http://localhost:${OAUTH_CONFIG.port}`);
+        if (url.pathname === "/oauth-callback") {
+          const code = url.searchParams.get("code");
+          const returnedState = url.searchParams.get("state");
+          const error = url.searchParams.get("error");
+          if (error) {
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(`
+              <html>
+                <body style="font-family: system-ui; padding: 40px; text-align: center;">
+                  <h1 style="color: #dc2626;">Authentication Failed</h1>
+                  <p>Error: ${error}</p>
+                  <p>You can close this window.</p>
+                </body>
+              </html>
+            `);
+            callbackReject(new Error(`OAuth error: ${error}`));
+            return;
+          }
+          if (!code || returnedState !== state) {
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(`
+              <html>
+                <body style="font-family: system-ui; padding: 40px; text-align: center;">
+                  <h1 style="color: #dc2626;">Invalid Response</h1>
+                  <p>Missing code or invalid state.</p>
+                  <p>You can close this window.</p>
+                </body>
+              </html>
+            `);
+            callbackReject(new Error("Invalid OAuth response"));
+            return;
+          }
+          const tokens = await exchangeCodeForTokens(code, verifier);
+          const userInfo = await getUserInfo(tokens.accessToken);
+          const projectId = await getProjectId(tokens.accessToken);
+          const account = {
+            email: userInfo.email,
+            refreshToken: tokens.refreshToken,
+            accessToken: tokens.accessToken,
+            expiresAt: Date.now() + tokens.expiresIn * 1e3,
+            projectId,
+            managedProjectId: projectId
+          };
+          addOrUpdateAccount(account);
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(`
+            <html>
+              <body style="font-family: system-ui; padding: 40px; text-align: center;">
+                <h1 style="color: #16a34a;">Authentication Successful!</h1>
+                <p>Logged in as: <strong>${userInfo.email}</strong></p>
+                <p>You can close this window and return to OpenCode.</p>
+                <script>setTimeout(() => window.close(), 2000);</script>
+              </body>
+            </html>
+          `);
+          callbackResolve(account);
+        } else {
+          res.writeHead(404);
+          res.end("Not found");
+        }
+      } catch (err) {
+        res.writeHead(500, { "Content-Type": "text/html" });
+        res.end(`
+          <html>
+            <body style="font-family: system-ui; padding: 40px; text-align: center;">
+              <h1 style="color: #dc2626;">Error</h1>
+              <p>${err instanceof Error ? err.message : "Unknown error"}</p>
+              <p>You can close this window.</p>
+            </body>
+          </html>
+        `);
+        callbackReject(err instanceof Error ? err : new Error("Unknown error"));
+      }
+    });
+    server.listen(OAUTH_CONFIG.port, async () => {
+      try {
+        const open = (await import("open")).default;
+        await open(authUrl);
+      } catch {
+      }
+      resolveSetup({
+        authUrl,
+        server,
+        waitForCallback: () => callbackPromise
+      });
+    });
+    server.on("error", (err) => {
+      rejectSetup(new Error(`Failed to start OAuth server: ${err.message}`));
+    });
+    setTimeout(() => {
+      server.close();
+      callbackReject(new Error("OAuth flow timed out"));
+    }, 5 * 60 * 1e3);
+  });
+}
+
+// src/token.ts
+function isTokenExpired(account) {
+  if (!account.accessToken || !account.accessTokenExpiry) {
+    return true;
+  }
+  return Date.now() >= account.accessTokenExpiry - TOKEN_REFRESH_BUFFER_MS;
+}
+async function refreshAccessToken(account) {
+  const response = await fetch(OAUTH_CONFIG.tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: new URLSearchParams({
+      client_id: OAUTH_CONFIG.clientId,
+      client_secret: OAUTH_CONFIG.clientSecret,
+      refresh_token: account.refreshToken,
+      grant_type: "refresh_token"
+    }).toString()
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Token refresh failed: ${error}`);
+  }
+  const data = await response.json();
+  const expiresAt = Date.now() + data.expires_in * 1e3;
+  const updatedAccount = {
+    ...account,
+    accessToken: data.access_token,
+    accessTokenExpiry: expiresAt
+  };
+  addOrUpdateAccount(updatedAccount);
+  return {
+    accessToken: data.access_token,
+    expiresAt
+  };
+}
+async function getValidAccessToken() {
+  const account = getActiveAccount();
+  if (!account) {
+    throw new Error("No authenticated account. Please run OAuth login first.");
+  }
+  if (isTokenExpired(account)) {
+    const { accessToken } = await refreshAccessToken(account);
+    return accessToken;
+  }
+  return account.accessToken;
+}
+
+// src/fetch-wrapper.ts
+var MODEL_ALIASES = {
+  "gemini-3-pro-preview": "gemini-3-pro-high",
+  "gemini-3-flash-preview": "gemini-3-flash",
+  "gemini-2.5-pro": "gemini-2.5-pro-exp-03-25",
+  "gemini-2.5-flash": "gemini-2.5-flash",
+  "gemini-2.5-flash-lite": "gemini-2.5-flash-lite-001",
+  // Claude models via Antigravity
+  "gemini-claude-sonnet-4-5": "claude-sonnet-4-5",
+  "gemini-claude-sonnet-4-5-thinking": "claude-sonnet-4-5-thinking",
+  "gemini-claude-opus-4-5": "claude-opus-4-5",
+  "gemini-claude-opus-4-5-thinking": "claude-opus-4-5-thinking"
+};
+function extractAction(url) {
+  const match = url.match(/:(\w+)(?:\?|$)/);
+  return match ? match[1] : null;
+}
+function transformRequestBody(body) {
+  try {
+    const parsed = JSON.parse(body);
+    if (parsed.model) {
+      const modelName = parsed.model.replace(/^models\//, "");
+      parsed.model = `models/${MODEL_ALIASES[modelName] || modelName}`;
+    }
+    return JSON.stringify(parsed);
+  } catch {
+    return body;
+  }
+}
+function createAntigravityFetch() {
+  let currentEndpointIndex = 0;
+  const antigravityFetch = async (input, init) => {
+    const url = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    if (!url.includes("generativelanguage.googleapis.com")) {
+      return fetch(input, init);
+    }
+    const action = extractAction(url);
+    if (!action) {
+      return fetch(input, init);
+    }
+    let accessToken;
+    try {
+      accessToken = await getValidAccessToken();
+    } catch (error) {
+      throw new Error(
+        `Failed to get access token: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+    let body = init?.body;
+    if (typeof body === "string") {
+      body = transformRequestBody(body);
+    }
+    let lastError = null;
+    for (let i = 0; i < CODE_ASSIST_ENDPOINTS.length; i++) {
+      const endpointIndex = (currentEndpointIndex + i) % CODE_ASSIST_ENDPOINTS.length;
+      const endpoint = CODE_ASSIST_ENDPOINTS[endpointIndex];
+      const targetUrl = `${endpoint}/v1internal:${action}`;
+      try {
+        const response = await fetch(targetUrl, {
+          method: init?.method || "POST",
+          headers: {
+            ...CODE_ASSIST_HEADERS,
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${accessToken}`,
+            ...init?.headers
+          },
+          body,
+          signal: init?.signal
+        });
+        if (response.ok || response.status >= 400 && response.status < 500) {
+          currentEndpointIndex = endpointIndex;
+          return response;
+        }
+        if (response.status >= 500) {
+          lastError = new Error(`Server error: ${response.status}`);
+          continue;
+        }
+        return response;
+      } catch (error) {
+        lastError = error instanceof Error ? error : new Error(String(error));
+        continue;
+      }
+    }
+    throw lastError || new Error("All Code Assist endpoints failed");
+  };
+  return antigravityFetch;
+}
+
+// src/index.ts
+var GeminiOAuthPlugin = async (_input) => {
+  const authHook = {
+    provider: "google",
+    loader: async (_auth, _provider) => {
+      const account = getActiveAccount();
+      if (!account) {
+        return {
+          apiKey: ""
+        };
+      }
+      return {
+        apiKey: "",
+        fetch: createAntigravityFetch()
+      };
+    },
+    methods: [
+      {
+        type: "oauth",
+        label: "OAuth with Google (Gemini Pro)",
+        authorize: async () => {
+          const { authUrl, waitForCallback, server } = await startOAuthFlow();
+          return {
+            url: authUrl,
+            instructions: "Opening browser for Google authentication. Please sign in with your Google AI Pro account.",
+            method: "auto",
+            callback: async () => {
+              try {
+                const account = await waitForCallback();
+                return {
+                  type: "success",
+                  refresh: account.refreshToken,
+                  access: account.accessToken || "",
+                  expires: account.expiresAt || Date.now() + 3600 * 1e3
+                };
+              } catch (error) {
+                console.error("OAuth failed:", error);
+                return { type: "failed" };
+              } finally {
+                server.close();
+              }
+            }
+          };
+        }
+      },
+      {
+        type: "api",
+        label: "Manually enter API Key",
+        prompts: [
+          {
+            type: "text",
+            key: "apiKey",
+            message: "Enter your Google API Key:",
+            placeholder: "AIza...",
+            validate: (value) => {
+              if (!value || value.trim().length === 0) {
+                return "API Key is required";
+              }
+              if (!value.startsWith("AIza")) {
+                return "Invalid Google API Key format";
+              }
+              return void 0;
+            }
+          }
+        ],
+        authorize: async (inputs) => {
+          const apiKey = inputs?.apiKey;
+          if (!apiKey) {
+            return { type: "failed" };
+          }
+          return {
+            type: "success",
+            key: apiKey
+          };
+        }
+      }
+    ]
+  };
+  return {
+    auth: authHook
+  };
+};
+var index_default = GeminiOAuthPlugin;
+export {
+  index_default as default
+};

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "opencode-gemini-oauth",
+  "version": "1.0.0",
+  "description": "OpenCode plugin for Google Gemini OAuth authentication (Antigravity)",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean",
+    "dev": "tsup src/index.ts --format esm --dts --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "opencode",
+    "opencode-plugin",
+    "gemini",
+    "google",
+    "oauth",
+    "antigravity"
+  ],
+  "author": "Marquinho",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Marquinho/opencode-gemini-oauth"
+  },
+  "dependencies": {
+    "open": "^10.1.0"
+  },
+  "devDependencies": {
+    "@opencode-ai/plugin": "^1.0.182",
+    "@types/node": "^22.10.2",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.2"
+  },
+  "peerDependencies": {
+    "@opencode-ai/plugin": "^1.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist"
+  ]
+}