opencode-google-auth 0.0.1

package/src/lib/services/session.ts

@@ -0,0 +1,212 @@
+import {
+  HttpClient,
+  HttpClientRequest,
+  HttpClientResponse,
+} from "@effect/platform"
+import { Data, Effect, pipe, Ref, Schema } from "effect"
+import { OAuth2Client } from "google-auth-library"
+import type { Credentials } from "../../types"
+import { CODE_ASSIST_VERSION, ProviderConfig } from "./config"
+import { OpenCodeContext } from "./opencode"
+
+export class SessionError extends Data.TaggedError("SessionError")<{
+  readonly reason:
+    | "project_fetch"
+    | "token_refresh"
+    | "no_tokens"
+    | "unauthorized"
+  readonly message: string
+  readonly cause?: unknown
+}> {}
+
+export class TokenExpiredError extends Data.TaggedError("TokenExpiredError")<{
+  readonly message?: string
+}> {}
+
+const CodeAssistTier = Schema.Struct({
+  id: Schema.String,
+  name: Schema.String,
+  description: Schema.String,
+  userDefinedCloudaicompanionProject: Schema.Boolean,
+  isDefault: Schema.optional(Schema.Boolean),
+})
+
+const LoadCodeAssistResponse = Schema.Struct({
+  currentTier: CodeAssistTier,
+  allowedTiers: Schema.Array(CodeAssistTier),
+  cloudaicompanionProject: Schema.String,
+  gcpManaged: Schema.Boolean,
+  manageSubscriptionUri: Schema.String,
+})
+
+export type LoadCodeAssistResponse = typeof LoadCodeAssistResponse.Type
+
+export class Session extends Effect.Service<Session>()("Session", {
+  effect: Effect.gen(function* () {
+    const config = yield* ProviderConfig
+    const openCode = yield* OpenCodeContext
+    const httpClient = yield* HttpClient.HttpClient
+
+    const credentialsRef = yield* Ref.make<Credentials | null>(null)
+    const projectRef = yield* Ref.make<LoadCodeAssistResponse | null>(null)
+
+    const endpoint = config.ENDPOINTS.at(0) as string
+    const oauthClient = new OAuth2Client({
+      clientId: config.CLIENT_ID,
+      clientSecret: config.CLIENT_SECRET,
+    })
+
+    const getCredentials = Effect.gen(function* () {
+      const current = yield* Ref.get(credentialsRef)
+      if (!current) {
+        return yield* new SessionError({
+          reason: "no_tokens",
+          message: "No credentials set",
+        })
+      }
+
+      return current
+    })
+
+    const refreshTokens = Effect.gen(function* () {
+      const credentials = yield* getCredentials
+      oauthClient.setCredentials(credentials)
+
+      const result = yield* Effect.tryPromise({
+        try: () => oauthClient.refreshAccessToken(),
+        catch: (cause) =>
+          new SessionError({
+            reason: "token_refresh",
+            message: "Failed to refresh access token",
+            cause,
+          }),
+      })
+
+      const newCredentials = result.credentials
+      yield* Ref.set(credentialsRef, newCredentials as Credentials)
+
+      const accessToken = newCredentials.access_token
+      const refreshToken = newCredentials.refresh_token
+      const expiryDate = newCredentials.expiry_date
+
+      if (accessToken && refreshToken && expiryDate) {
+        yield* Effect.promise(() =>
+          openCode.client.auth.set({
+            path: { id: config.SERVICE_NAME },
+            body: {
+              type: "oauth",
+              access: accessToken,
+              refresh: refreshToken,
+              expires: expiryDate,
+            },
+          }),
+        )
+      }
+
+      return newCredentials
+    })
+
+    const fetchAttempt = Effect.gen(function* () {
+      const credentials = yield* getCredentials
+
+      const request = yield* HttpClientRequest.post(
+        `${endpoint}/${CODE_ASSIST_VERSION}:loadCodeAssist`,
+      ).pipe(
+        HttpClientRequest.bearerToken(credentials.access_token),
+        HttpClientRequest.bodyJson({
+          metadata: {
+            ideType: "IDE_UNSPECIFIED",
+            platform: "PLATFORM_UNSPECIFIED",
+            pluginType: "GEMINI",
+          },
+        }),
+      )
+
+      return yield* pipe(
+        httpClient.execute(request),
+        Effect.andThen(
+          HttpClientResponse.matchStatus({
+            "2xx": (res) =>
+              HttpClientResponse.schemaBodyJson(LoadCodeAssistResponse)(res),
+            401: () => new TokenExpiredError({ message: "Token expired" }),
+            orElse: (response) =>
+              new SessionError({
+                reason: "project_fetch",
+                message: `HTTP error: ${response.status}`,
+              }),
+          }),
+        ),
+      )
+    })
+
+    const fetchProject = fetchAttempt.pipe(
+      Effect.catchTag("TokenExpiredError", () =>
+        pipe(
+          Effect.log("Token expired, refreshing..."),
+          Effect.flatMap(() => refreshTokens),
+          Effect.flatMap(() => fetchAttempt),
+        ),
+      ),
+      Effect.catchAll((error) => {
+        if (error instanceof SessionError) {
+          return Effect.fail(error)
+        }
+        return Effect.fail(
+          new SessionError({
+            reason: "project_fetch",
+            message: "Failed to fetch project",
+            cause: error,
+          }),
+        )
+      }),
+    )
+
+    const ensureProject = Effect.gen(function* () {
+      const cached = yield* Ref.get(projectRef)
+      if (cached !== null) {
+        return cached
+      }
+      const project = yield* fetchProject
+      yield* Ref.set(projectRef, project)
+      return project
+    })
+
+    const getAccessToken = Effect.gen(function* () {
+      const currentCreds = yield* Ref.get(credentialsRef)
+
+      if (!currentCreds?.access_token) {
+        return yield* new SessionError({
+          reason: "no_tokens",
+          message: "No access token available",
+        })
+      }
+
+      const buffer = 5 * 60 * 1000
+      const isExpired = (currentCreds.expiry_date ?? 0) < Date.now() + buffer
+
+      let accessToken = currentCreds.access_token
+
+      if (isExpired) {
+        yield* Effect.log("Access token expired, refreshing...")
+        const refreshed = yield* refreshTokens
+        if (!refreshed.access_token) {
+          return yield* new SessionError({
+            reason: "token_refresh",
+            message: "Refresh did not return access token",
+          })
+        }
+        accessToken = refreshed.access_token
+      }
+
+      yield* ensureProject
+      return accessToken
+    })
+
+    return {
+      setCredentials: (credentials: Credentials) =>
+        Ref.set(credentialsRef, credentials),
+      getAccessToken,
+      ensureProject,
+    }
+  }),
+}) {}

package/src/main.ts

@@ -0,0 +1,273 @@
+import type {
+  GoogleGenerativeAIProviderOptions,
+  GoogleGenerativeAIProviderSettings,
+} from "@ai-sdk/google"
+import { HttpClient } from "@effect/platform"
+import type { Plugin } from "@opencode-ai/plugin"
+import { Effect } from "effect"
+import { makeRuntime } from "./lib/runtime"
+import {
+  antigravityConfig,
+  geminiCliConfig,
+  ProviderConfig,
+} from "./lib/services/config"
+import { OAuth } from "./lib/services/oauth"
+import { Session } from "./lib/services/session"
+import { transformRequest } from "./transform/request"
+import { transformNonStreamingResponse } from "./transform/response"
+import { transformStreamingResponse } from "./transform/stream"
+import type { Credentials, ModelsDev } from "./types"
+
+const fetchModelsDev = Effect.gen(function* () {
+  const client = yield* HttpClient.HttpClient
+  const response = yield* client.get("https://models.dev/api.json")
+  return (yield* response.json) as ModelsDev
+})
+
+const customFetch = Effect.fn(function* (
+  input: Parameters<typeof fetch>[0],
+  init: Parameters<typeof fetch>[1],
+) {
+  const config = yield* ProviderConfig
+
+  let lastResponse: Response | null = null
+
+  for (const endpoint of config.ENDPOINTS) {
+    const result = yield* transformRequest(input, init, endpoint)
+
+    const { request, ...loggedBody } = JSON.parse(result.init.body as string)
+    const generationConfig = request.generationConfig
+
+    yield* Effect.log(
+      "Transformed request (Omitting request except generationConfig) :",
+      result.streaming,
+      result.input,
+      { ...loggedBody, request: { generationConfig } },
+    )
+
+    const response = yield* Effect.promise(() =>
+      fetch(result.input, result.init),
+    )
+
+    // On 429 or 403, try next endpoint
+    if (response.status === 429 || response.status === 403) {
+      yield* Effect.log(`${response.status} on ${endpoint}, trying next...`)
+      lastResponse = response
+      continue
+    }
+
+    if (!response.ok) {
+      const cloned = response.clone()
+      const clonedJson = yield* Effect.promise(() => cloned.json())
+
+      yield* Effect.log(
+        "Received response:",
+        cloned.status,
+        clonedJson,
+        cloned.headers,
+      )
+    }
+
+    return result.streaming ?
+        transformStreamingResponse(response)
+      : yield* Effect.promise(() => transformNonStreamingResponse(response))
+  }
+
+  // All endpoints exhausted with 429
+  yield* Effect.logWarning("All endpoints rate limited (429)")
+  return lastResponse as Response
+}, Effect.tapDefect(Effect.logError))
+
+export const geminiCli: Plugin = async (context) => {
+  const runtime = makeRuntime({
+    openCodeCtx: context,
+    providerConfig: geminiCliConfig(),
+  })
+
+  const config = await runtime.runPromise(
+    Effect.gen(function* () {
+      const providerConfig = yield* ProviderConfig
+      const modelsDev = yield* fetchModelsDev
+
+      return providerConfig.getConfig(modelsDev)
+    }),
+  )
+
+  return {
+    config: async (cfg) => {
+      cfg.provider ??= {}
+      cfg.provider[config.id as string] = config
+    },
+    auth: {
+      provider: config.id as string,
+      loader: async (getAuth) => {
+        const auth = await getAuth()
+        if (auth.type !== "oauth") return {}
+
+        const credentials: Credentials = {
+          access_token: auth.access,
+          refresh_token: auth.refresh,
+          expiry_date: auth.expires,
+        }
+
+        await runtime.runPromise(
+          Effect.gen(function* () {
+            const session = yield* Session
+            yield* session.setCredentials(credentials)
+          }),
+        )
+
+        return {
+          apiKey: "",
+          fetch: (async (input, init) => {
+            const response = await runtime.runPromise(customFetch(input, init))
+            return response
+          }) as typeof fetch,
+        } satisfies GoogleGenerativeAIProviderSettings
+      },
+      methods: [
+        {
+          type: "oauth",
+          label: "OAuth with Google",
+          authorize: async () => {
+            const result = await runtime.runPromise(
+              Effect.gen(function* () {
+                const oauth = yield* OAuth
+                return yield* oauth.authenticate
+              }),
+            )
+
+            return {
+              url: "",
+              method: "auto",
+              instructions: "You are now authenticated!",
+              callback: async () => {
+                const accessToken = result.access_token
+                const refreshToken = result.refresh_token
+                const expiryDate = result.expiry_date
+
+                if (!accessToken || !refreshToken || !expiryDate) {
+                  return { type: "failed" }
+                }
+
+                return {
+                  type: "success",
+                  provider: config.id as string,
+                  access: accessToken,
+                  refresh: refreshToken,
+                  expires: expiryDate,
+                }
+              },
+            }
+          },
+        },
+      ],
+    },
+  }
+}
+
+export const antigravity: Plugin = async (context) => {
+  const runtime = makeRuntime({
+    openCodeCtx: context,
+    providerConfig: antigravityConfig(),
+  })
+
+  const config = await runtime.runPromise(
+    Effect.gen(function* () {
+      const providerConfig = yield* ProviderConfig
+      const modelsDev = yield* fetchModelsDev
+
+      return providerConfig.getConfig(modelsDev)
+    }),
+  )
+
+  return {
+    config: async (cfg) => {
+      cfg.provider ??= {}
+      cfg.provider[config.id as string] = config
+    },
+    auth: {
+      provider: config.id as string,
+      loader: async (getAuth) => {
+        const auth = await getAuth()
+        if (auth.type !== "oauth") return {}
+
+        const credentials: Credentials = {
+          access_token: auth.access,
+          refresh_token: auth.refresh,
+          expiry_date: auth.expires,
+        }
+
+        await runtime.runPromise(
+          Effect.gen(function* () {
+            const session = yield* Session
+            yield* session.setCredentials(credentials)
+          }),
+        )
+
+        return {
+          apiKey: "",
+          fetch: (async (input, init) => {
+            const response = await runtime.runPromise(customFetch(input, init))
+            return response
+          }) as typeof fetch,
+        } satisfies GoogleGenerativeAIProviderSettings
+      },
+      methods: [
+        {
+          type: "oauth",
+          label: "OAuth with Google",
+          authorize: async () => {
+            const result = await runtime.runPromise(
+              Effect.gen(function* () {
+                const oauth = yield* OAuth
+                return yield* oauth.authenticate
+              }),
+            )
+
+            return {
+              url: "",
+              method: "auto",
+              instructions: "You are now authenticated!",
+              callback: async () => {
+                const accessToken = result.access_token
+                const refreshToken = result.refresh_token
+                const expiryDate = result.expiry_date
+
+                if (!accessToken || !refreshToken || !expiryDate) {
+                  return { type: "failed" }
+                }
+
+                return {
+                  type: "success",
+                  provider: config.id as string,
+                  access: accessToken,
+                  refresh: refreshToken,
+                  expires: expiryDate,
+                }
+              },
+            }
+          },
+        },
+      ],
+    },
+    "chat.params": async (input, output) => {
+      await runtime.runPromise(
+        Effect.log("chat.params event before:", input.model, output.options),
+      )
+
+      if (input.model.providerID === config.id) {
+        output.options = {
+          ...output.options,
+          labels: {
+            sessionId: input.sessionID,
+          },
+        } satisfies GoogleGenerativeAIProviderOptions
+      }
+
+      await runtime.runPromise(
+        Effect.log("chat.params event after:", input.model, output.options),
+      )
+    },
+  }
+}

package/src/models.json

@@ -0,0 +1,198 @@
+{
+  "id": "google",
+  "env": [
+    "GOOGLE_GENERATIVE_AI_API_KEY",
+    "GEMINI_API_KEY"
+  ],
+  "npm": "@ai-sdk/google",
+  "name": "Google",
+  "doc": "https://ai.google.dev/gemini-api/docs/pricing",
+  "models": {
+    "gemini-3-flash-preview": {
+      "id": "gemini-3-flash-preview",
+      "name": "Gemini 3 Flash Preview",
+      "family": "gemini-flash",
+      "attachment": true,
+      "reasoning": true,
+      "tool_call": true,
+      "structured_output": true,
+      "temperature": true,
+      "knowledge": "2025-01",
+      "release_date": "2025-12-17",
+      "last_updated": "2025-12-17",
+      "modalities": {
+        "input": [
+          "text",
+          "image",
+          "video",
+          "audio",
+          "pdf"
+        ],
+        "output": [
+          "text"
+        ]
+      },
+      "open_weights": false,
+      "cost": {
+        "input": 0.5,
+        "output": 3,
+        "cache_read": 0.05,
+        "context_over_200k": {
+          "input": 0.5,
+          "output": 3,
+          "cache_read": 0.05
+        }
+      },
+      "limit": {
+        "context": 1048576,
+        "output": 65536
+      }
+    },
+    "gemini-3-pro-preview": {
+      "id": "gemini-3-pro-preview",
+      "name": "Gemini 3 Pro Preview",
+      "family": "gemini-pro",
+      "attachment": true,
+      "reasoning": true,
+      "tool_call": true,
+      "structured_output": true,
+      "temperature": true,
+      "knowledge": "2025-01",
+      "release_date": "2025-11-18",
+      "last_updated": "2025-11-18",
+      "modalities": {
+        "input": [
+          "text",
+          "image",
+          "video",
+          "audio",
+          "pdf"
+        ],
+        "output": [
+          "text"
+        ]
+      },
+      "open_weights": false,
+      "cost": {
+        "input": 2,
+        "output": 12,
+        "cache_read": 0.2,
+        "context_over_200k": {
+          "input": 4,
+          "output": 18,
+          "cache_read": 0.4
+        }
+      },
+      "limit": {
+        "context": 1000000,
+        "output": 64000
+      }
+    },
+    "gemini-2.5-flash": {
+      "id": "gemini-2.5-flash",
+      "name": "Gemini 2.5 Flash",
+      "family": "gemini-flash",
+      "attachment": true,
+      "reasoning": true,
+      "tool_call": true,
+      "structured_output": true,
+      "temperature": true,
+      "knowledge": "2025-01",
+      "release_date": "2025-03-20",
+      "last_updated": "2025-06-05",
+      "modalities": {
+        "input": [
+          "text",
+          "image",
+          "audio",
+          "video",
+          "pdf"
+        ],
+        "output": [
+          "text"
+        ]
+      },
+      "open_weights": false,
+      "cost": {
+        "input": 0.3,
+        "output": 2.5,
+        "cache_read": 0.075,
+        "input_audio": 1
+      },
+      "limit": {
+        "context": 1048576,
+        "output": 65536
+      }
+    },
+    "gemini-2.5-flash-lite": {
+      "id": "gemini-2.5-flash-lite",
+      "name": "Gemini 2.5 Flash Lite",
+      "family": "gemini-flash-lite",
+      "attachment": true,
+      "reasoning": true,
+      "tool_call": true,
+      "structured_output": true,
+      "temperature": true,
+      "knowledge": "2025-01",
+      "release_date": "2025-06-17",
+      "last_updated": "2025-06-17",
+      "modalities": {
+        "input": [
+          "text",
+          "image",
+          "audio",
+          "video",
+          "pdf"
+        ],
+        "output": [
+          "text"
+        ]
+      },
+      "open_weights": false,
+      "cost": {
+        "input": 0.1,
+        "output": 0.4,
+        "cache_read": 0.025
+      },
+      "limit": {
+        "context": 1048576,
+        "output": 65536
+      }
+    },
+    "gemini-2.5-pro": {
+      "id": "gemini-2.5-pro",
+      "name": "Gemini 2.5 Pro",
+      "family": "gemini-pro",
+      "attachment": true,
+      "reasoning": true,
+      "tool_call": true,
+      "structured_output": true,
+      "temperature": true,
+      "knowledge": "2025-01",
+      "release_date": "2025-03-20",
+      "last_updated": "2025-06-05",
+      "modalities": {
+        "input": [
+          "text",
+          "image",
+          "audio",
+          "video",
+          "pdf"
+        ],
+        "output": [
+          "text"
+        ]
+      },
+      "open_weights": false,
+      "cost": {
+        "input": 1.25,
+        "output": 10,
+        "cache_read": 0.31
+      },
+      "limit": {
+        "context": 1048576,
+        "output": 65536
+      }
+    }
+  }
+}