openllmprovider 0.1.0

package/dist/resolver-BMTvzTt9.cjs

@@ -0,0 +1,662 @@
+const require_logger = require('./logger-jRimlMFR.cjs');
+const require_auto = require('./auto-D77wgMqO.cjs');
+
+//#region src/auth/scanners.ts
+const log$2 = require_logger.createLogger("auth:scanners");
+function createNodeScanContext() {
+	return {
+		async readFile(path) {
+			try {
+				return await (await import("node:fs/promises")).readFile(path, "utf-8");
+			} catch {
+				return;
+			}
+		},
+		homedir() {
+			return process.env.HOME ?? process.env.USERPROFILE ?? "";
+		},
+		platform() {
+			return process.platform;
+		},
+		env(name) {
+			return process.env[name];
+		},
+		async exec(command) {
+			try {
+				const { execSync } = await import("node:child_process");
+				return execSync(command, {
+					encoding: "utf-8",
+					timeout: 5e3,
+					stdio: [
+						"pipe",
+						"pipe",
+						"pipe"
+					]
+				}).trim();
+			} catch {
+				return;
+			}
+		}
+	};
+}
+function join(base, ...segments) {
+	return [base, ...segments].join("/");
+}
+function parseJson(raw) {
+	try {
+		const parsed = JSON.parse(raw);
+		return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : void 0;
+	} catch {
+		return;
+	}
+}
+function stripJsonComments(raw) {
+	return raw.replace(/\/\*[\s\S]*?\*\//g, "").replace(/^\s*\/\/.*$/gm, "");
+}
+async function readJson(ctx, path) {
+	const raw = await ctx.readFile(path);
+	if (!raw) return void 0;
+	return parseJson(raw) ?? parseJson(stripJsonComments(raw));
+}
+function configDir(ctx) {
+	const xdg = ctx.env("XDG_CONFIG_HOME");
+	if (xdg) return xdg;
+	return join(ctx.homedir(), ".config");
+}
+const copilotScanner = {
+	name: "github-copilot",
+	async scan(ctx) {
+		const results = [];
+		const base = join(configDir(ctx), "github-copilot");
+		for (const file of ["hosts.json", "apps.json"]) {
+			const path = join(base, file);
+			const json = await readJson(ctx, path);
+			if (!json) continue;
+			for (const [key, value] of Object.entries(json)) {
+				if (!key.includes("github.com")) continue;
+				const token = value && typeof value === "object" ? value.oauth_token : void 0;
+				if (typeof token === "string" && token.length > 0) {
+					log$2("copilot: found token in %s", path);
+					results.push({
+						providerId: "github-copilot",
+						source: path,
+						key: token
+					});
+					return results;
+				}
+			}
+		}
+		return results;
+	}
+};
+const claudeCodeScanner = {
+	name: "claude-code",
+	async scan(ctx) {
+		const results = [];
+		const base = join(ctx.homedir(), ".claude");
+		for (const file of ["settings.json", "settings.local.json"]) {
+			const path = join(base, file);
+			const json = await readJson(ctx, path);
+			if (!json) continue;
+			for (const field of [
+				"anthropicApiKey",
+				"anthropic_api_key",
+				"ANTHROPIC_API_KEY",
+				"apiKey"
+			]) {
+				const value = json[field];
+				if (typeof value === "string" && value.length > 0) {
+					log$2("claude-code: found key in %s (%s)", path, field);
+					results.push({
+						providerId: "anthropic",
+						source: path,
+						key: value
+					});
+					return results;
+				}
+			}
+		}
+		return results;
+	}
+};
+const codexCliScanner = {
+	name: "codex-cli",
+	async scan(ctx) {
+		const results = [];
+		const authPath = join(ctx.homedir(), ".codex", "auth.json");
+		const json = await readJson(ctx, authPath);
+		if (!json) return results;
+		const apiKey = json.OPENAI_API_KEY;
+		if (typeof apiKey === "string" && apiKey.length > 0) {
+			log$2("codex-cli: found OPENAI_API_KEY in %s", authPath);
+			results.push({
+				providerId: "openai",
+				source: authPath,
+				key: apiKey,
+				credentialType: "api"
+			});
+			return results;
+		}
+		const tokens = json.tokens;
+		if (tokens !== null && typeof tokens === "object" && !Array.isArray(tokens)) {
+			const t = tokens;
+			const accessToken = t.access_token;
+			if (typeof accessToken === "string" && accessToken.length > 0) {
+				const refreshToken = typeof t.refresh_token === "string" ? t.refresh_token : void 0;
+				const accountId = typeof t.account_id === "string" ? t.account_id : void 0;
+				log$2("codex-cli: found OAuth tokens in %s", authPath);
+				results.push({
+					providerId: "openai",
+					source: authPath,
+					key: accessToken,
+					credentialType: "oauth",
+					refresh: refreshToken,
+					accountId
+				});
+				return results;
+			}
+		}
+		const token = json.token ?? json.apiKey;
+		if (typeof token === "string" && token.length > 0) results.push({
+			providerId: "openai",
+			source: authPath,
+			key: token
+		});
+		return results;
+	}
+};
+const geminiCliScanner = {
+	name: "gemini-cli",
+	async scan(ctx) {
+		const results = [];
+		const geminiHome = ctx.env("GEMINI_CLI_HOME") ?? join(ctx.homedir(), ".gemini");
+		for (const file of ["oauth_creds.json", "google_accounts.json"]) {
+			const path = join(geminiHome, file);
+			const json = await readJson(ctx, path);
+			if (!json) continue;
+			const accessToken = typeof json.access_token === "string" ? json.access_token : void 0;
+			const refreshToken = typeof json.refresh_token === "string" ? json.refresh_token : void 0;
+			const expiryDate = typeof json.expiry_date === "number" ? json.expiry_date : void 0;
+			if (accessToken || refreshToken) {
+				log$2("gemini-cli: found credentials in %s", path);
+				results.push({
+					providerId: "google",
+					source: path,
+					key: accessToken,
+					credentialType: "oauth",
+					refresh: refreshToken,
+					expires: expiryDate
+				});
+				return results;
+			}
+			if (Array.isArray(json.accounts) && json.accounts.length > 0) {
+				log$2("gemini-cli: found credentials in %s", path);
+				results.push({
+					providerId: "google",
+					source: path
+				});
+				return results;
+			}
+		}
+		return results;
+	}
+};
+const gcloudAdcScanner = {
+	name: "gcloud-adc",
+	async scan(ctx) {
+		const results = [];
+		const cloudSdkConfig = ctx.env("CLOUDSDK_CONFIG");
+		const paths = [
+			ctx.env("GOOGLE_APPLICATION_CREDENTIALS"),
+			cloudSdkConfig ? join(cloudSdkConfig, "application_default_credentials.json") : void 0,
+			join(configDir(ctx), "gcloud", "application_default_credentials.json")
+		].filter((p) => typeof p === "string");
+		for (const path of paths) {
+			const json = await readJson(ctx, path);
+			if (!json) continue;
+			if ("refresh_token" in json || "type" in json || "private_key" in json) {
+				log$2("gcloud-adc: found ADC in %s", path);
+				results.push({
+					providerId: "google-vertex",
+					source: path
+				});
+				return results;
+			}
+		}
+		return results;
+	}
+};
+const awsCredentialsScanner = {
+	name: "aws-credentials",
+	async scan(ctx) {
+		const results = [];
+		const credPath = ctx.env("AWS_SHARED_CREDENTIALS_FILE") ?? join(ctx.homedir(), ".aws", "credentials");
+		const raw = await ctx.readFile(credPath);
+		if (!raw) return results;
+		const profile = ctx.env("AWS_PROFILE") ?? "default";
+		if (parseIniProfileKey(raw, profile, "aws_access_key_id")) {
+			log$2("aws: found credentials for profile [%s] in %s", profile, credPath);
+			results.push({
+				providerId: "amazon-bedrock",
+				source: credPath
+			});
+		}
+		return results;
+	}
+};
+const opencodeAuthScanner = {
+	name: "opencode-auth",
+	async scan(ctx) {
+		const results = [];
+		const xdgData = ctx.env("XDG_DATA_HOME");
+		const home = ctx.homedir();
+		const platform = ctx.platform();
+		const paths = [
+			xdgData ? join(xdgData, "opencode", "auth.json") : void 0,
+			platform === "darwin" ? join(home, "Library", "Application Support", "opencode", "auth.json") : void 0,
+			join(home, ".local", "share", "opencode", "auth.json"),
+			join(home, ".config", "opencode", "auth.json")
+		].filter((p) => typeof p === "string");
+		for (const path of paths) {
+			const json = await readJson(ctx, path);
+			if (!json) continue;
+			for (const [providerId, entry] of Object.entries(json)) {
+				if (!entry || typeof entry !== "object") continue;
+				const typed = entry;
+				const type = typed.type;
+				if (type !== "api" && type !== "oauth" && type !== "wellknown") continue;
+				const key = typeof typed.key === "string" ? typed.key : void 0;
+				const refresh = typeof typed.refresh === "string" ? typed.refresh : void 0;
+				const accountId = typeof typed.accountId === "string" ? typed.accountId : void 0;
+				const expires = typeof typed.expires === "number" ? typed.expires : void 0;
+				log$2("opencode-auth: found %s (%s) in %s", providerId, type, path);
+				results.push({
+					providerId,
+					source: path,
+					key,
+					credentialType: type,
+					refresh,
+					accountId,
+					expires
+				});
+			}
+			if (results.length > 0) return results;
+		}
+		return results;
+	}
+};
+const vscodeSettingsScanner = {
+	name: "vscode",
+	async scan(ctx) {
+		const results = [];
+		const home = ctx.homedir();
+		const vscodePaths = [ctx.platform() === "darwin" ? join(home, "Library", "Application Support", "Code", "User", "globalStorage", "github.copilot", "hosts.json") : void 0, join(configDir(ctx), "Code", "User", "globalStorage", "github.copilot", "hosts.json")].filter((p) => typeof p === "string");
+		for (const path of vscodePaths) {
+			const json = await readJson(ctx, path);
+			if (!json) continue;
+			for (const [key, value] of Object.entries(json)) {
+				if (!key.includes("github.com")) continue;
+				const token = value && typeof value === "object" ? value.oauth_token : void 0;
+				if (typeof token === "string" && token.length > 0) {
+					log$2("vscode: found copilot token in %s", path);
+					results.push({
+						providerId: "github-copilot",
+						source: path,
+						key: token
+					});
+					return results;
+				}
+			}
+		}
+		return results;
+	}
+};
+function parseIniProfileKey(raw, profile, key) {
+	const lines = raw.split("\n");
+	let inProfile = false;
+	for (const line of lines) {
+		const trimmed = line.trim();
+		if (trimmed.startsWith("[")) {
+			inProfile = trimmed.slice(1, trimmed.indexOf("]")).trim() === profile;
+			continue;
+		}
+		if (inProfile && trimmed.startsWith(key)) {
+			const eq = trimmed.indexOf("=");
+			if (eq !== -1) return trimmed.slice(eq + 1).trim();
+		}
+	}
+}
+const cursorScanner = {
+	name: "cursor",
+	async scan(ctx) {
+		const results = [];
+		const home = ctx.homedir();
+		const platform = ctx.platform();
+		const dbPaths = [
+			platform === "darwin" ? join(home, "Library", "Application Support", "Cursor", "User", "globalStorage", "state.vscdb") : void 0,
+			platform === "win32" ? join(ctx.env("APPDATA") ?? join(home, "AppData", "Roaming"), "Cursor", "User", "globalStorage", "state.vscdb") : void 0,
+			join(configDir(ctx), "Cursor", "User", "globalStorage", "state.vscdb")
+		].filter((p) => typeof p === "string");
+		if (!ctx.exec) return results;
+		for (const dbPath of dbPaths) {
+			const value = await ctx.exec(`sqlite3 "${dbPath}" "SELECT value FROM ItemTable WHERE key='cursorAuth/openAIKey'"`);
+			if (value && value.length > 0) {
+				log$2("cursor: found openAIKey in %s", dbPath);
+				results.push({
+					providerId: "cursor",
+					source: dbPath,
+					key: value
+				});
+				return results;
+			}
+		}
+		return results;
+	}
+};
+const DEFAULT_SCANNERS = [
+	copilotScanner,
+	vscodeSettingsScanner,
+	claudeCodeScanner,
+	codexCliScanner,
+	geminiCliScanner,
+	gcloudAdcScanner,
+	awsCredentialsScanner,
+	cursorScanner,
+	opencodeAuthScanner
+];
+async function runDiskScanners(scanners, ctx) {
+	const scanCtx = ctx ?? createNodeScanContext();
+	const results = [];
+	for (const scanner of scanners) try {
+		const found = await scanner.scan(scanCtx);
+		results.push(...found);
+	} catch (err) {
+		log$2("scanner %s failed: %s", scanner.name, err instanceof Error ? err.message : String(err));
+	}
+	return results;
+}
+
+//#endregion
+//#region src/auth/store.ts
+const log$1 = require_logger.createLogger("auth");
+function pickBestCredential(creds, prefer = "api") {
+	if (creds.length === 0) return void 0;
+	const preferred = creds.find((c) => c.type === prefer && c.key !== void 0);
+	if (preferred !== void 0) return preferred;
+	const withKey = creds.find((c) => c.key !== void 0);
+	if (withKey !== void 0) return withKey;
+	return creds[0];
+}
+function createAuthStore(options) {
+	const externalData = options?.data;
+	let storagePromise;
+	const discoveredCredentials = /* @__PURE__ */ new Map();
+	log$1("auth store created, external=%s", externalData !== void 0);
+	function getStorage() {
+		if (storagePromise === void 0) storagePromise = options?.storage ? Promise.resolve(options.storage) : require_auto.createDefaultStorage();
+		return storagePromise;
+	}
+	async function readAuthState() {
+		if (externalData !== void 0) {
+			log$1("using external data, skipping file read");
+			return { ...externalData };
+		}
+		const raw = await (await getStorage()).get(AUTH_STORE_KEY);
+		if (raw === null) {
+			log$1("auth store not found, returning empty store");
+			return {};
+		}
+		const parsed = JSON.parse(raw);
+		if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+			log$1("auth store payload is malformed, returning empty store");
+			return {};
+		}
+		const normalized = normalizeAuthState(parsed);
+		log$1("read auth store with %d entries", Object.keys(normalized).length);
+		return normalized;
+	}
+	async function writeAuthState(data) {
+		if (externalData !== void 0) {
+			for (const [k, v] of Object.entries(data)) externalData[k] = v;
+			for (const k of Object.keys(externalData)) if (!(k in data)) delete externalData[k];
+			log$1("updated external data, %d entries", Object.keys(externalData).length);
+			return;
+		}
+		const content = JSON.stringify(data, null, 2);
+		await (await getStorage()).set(AUTH_STORE_KEY, content);
+		log$1("wrote auth store with %d entries", Object.keys(data).length);
+	}
+	function mergeWithDiscovered(fileData) {
+		if (discoveredCredentials.size === 0) return fileData;
+		const merged = { ...fileData };
+		for (const [pid, creds] of discoveredCredentials) if (merged[pid] === void 0 || !merged[pid].key) {
+			const best = pickBestCredential(creds, "api");
+			if (best !== void 0) merged[pid] = best;
+		}
+		log$1("merged %d discovered credentials with %d file entries", discoveredCredentials.size, Object.keys(fileData).length);
+		return merged;
+	}
+	function pushDiscoveredCredential(providerId, credential) {
+		const arr = discoveredCredentials.get(providerId) ?? [];
+		arr.push(credential);
+		discoveredCredentials.set(providerId, arr);
+	}
+	function pushDiscoveredResultOnce(seen, results, result) {
+		if (seen.has(result.providerId)) return false;
+		seen.add(result.providerId);
+		results.push(result);
+		return true;
+	}
+	function buildCredentialFromEnv(envVar, key) {
+		return buildCredential({
+			type: "api",
+			key,
+			location: `env:${envVar}`
+		});
+	}
+	function buildCredentialFromDisk(result) {
+		if (result.key === void 0) return void 0;
+		return buildCredential({
+			type: result.credentialType ?? "api",
+			key: result.key,
+			location: result.source,
+			refresh: result.refresh,
+			accountId: result.accountId,
+			expires: result.expires
+		});
+	}
+	return {
+		async all() {
+			return mergeWithDiscovered(await readAuthState());
+		},
+		async get(providerId) {
+			const credential = mergeWithDiscovered(await readAuthState())[providerId];
+			if (credential === void 0) {
+				log$1("get(%s): not found", providerId);
+				return null;
+			}
+			log$1("get(%s): found type=%s", providerId, credential.type);
+			return credential;
+		},
+		async set(providerId, credential) {
+			const store = await readAuthState();
+			store[providerId] = credential;
+			await writeAuthState(store);
+			log$1("set(%s): type=%s", providerId, credential.type);
+		},
+		async remove(providerId) {
+			const store = await readAuthState();
+			if (!(providerId in store)) {
+				log$1("remove(%s): not found, no-op", providerId);
+				return;
+			}
+			delete store[providerId];
+			await writeAuthState(store);
+			log$1("remove(%s): done", providerId);
+		},
+		async discover(discoverOptions) {
+			const results = [];
+			const seen = /* @__PURE__ */ new Set();
+			if (!discoverOptions?.skipEnvScan) for (const [envVar, providerId] of ENV_HINTS) {
+				const value = process.env[envVar];
+				if (value) {
+					pushDiscoveredCredential(providerId, buildCredentialFromEnv(envVar, value));
+					pushDiscoveredResultOnce(seen, results, {
+						providerId,
+						source: "env",
+						key: value
+					});
+					log$1("discover: %s [api] from env:%s", providerId, envVar);
+				}
+			}
+			if (!discoverOptions?.skipDiskScan) {
+				const diskResults = await runDiskScanners(discoverOptions?.scanners ?? DEFAULT_SCANNERS, discoverOptions?.scanContext ?? createNodeScanContext());
+				for (const disk of diskResults) {
+					const credType = disk.credentialType ?? "api";
+					pushDiscoveredResultOnce(seen, results, {
+						providerId: disk.providerId,
+						source: "disk",
+						key: disk.key,
+						location: disk.source
+					});
+					const cred = buildCredentialFromDisk(disk);
+					if (cred !== void 0) {
+						pushDiscoveredCredential(disk.providerId, cred);
+						log$1("discover: %s [%s] from %s", disk.providerId, credType, disk.source);
+					}
+				}
+			}
+			if (discoverOptions?.persist === true) log$1("discover: persisted %d providers to auth store", await persistDiscoveredCredentials());
+			let authData;
+			try {
+				authData = await readAuthState();
+			} catch (err) {
+				log$1("discover: failed to read auth store: %s", err instanceof Error ? err.message : String(err));
+				authData = {};
+			}
+			for (const [providerId, credential] of Object.entries(authData)) if (pushDiscoveredResultOnce(seen, results, {
+				providerId,
+				source: "auth",
+				credential
+			})) log$1("discover: %s via auth store", providerId);
+			log$1("discover: complete, %d providers found", results.length);
+			return results;
+		},
+		async getPreferred(providerId, prefer) {
+			const creds = discoveredCredentials.get(providerId);
+			if (creds !== void 0 && creds.length > 0) {
+				const best = pickBestCredential(creds, prefer);
+				if (best !== void 0) return best;
+			}
+			return mergeWithDiscovered(await readAuthState())[providerId] ?? null;
+		}
+	};
+	async function persistDiscoveredCredentials() {
+		if (discoveredCredentials.size === 0) return 0;
+		const store = await readAuthState();
+		let changed = 0;
+		for (const [providerId, creds] of discoveredCredentials) {
+			if (store[providerId]?.key) continue;
+			const best = pickBestCredential(creds, "api");
+			if (best === void 0) continue;
+			store[providerId] = best;
+			changed += 1;
+		}
+		if (changed > 0) await writeAuthState(store);
+		return changed;
+	}
+}
+const AUTH_STORE_KEY = "auth:store";
+function buildCredential(input) {
+	const credential = {
+		type: input.type,
+		key: input.key,
+		location: input.location
+	};
+	if (input.refresh !== void 0) credential.refresh = input.refresh;
+	if (input.accountId !== void 0) credential.accountId = input.accountId;
+	if (input.expires !== void 0) credential.expires = input.expires;
+	return credential;
+}
+function normalizeAuthState(input) {
+	const normalized = {};
+	for (const [providerId, rawCredential] of Object.entries(input)) {
+		const credential = normalizeCredential(rawCredential);
+		if (credential !== void 0) normalized[providerId] = credential;
+	}
+	return normalized;
+}
+function normalizeCredential(rawCredential) {
+	if (typeof rawCredential !== "object" || rawCredential === null || Array.isArray(rawCredential)) return;
+	const typed = rawCredential;
+	const type = typed.type === "api" || typed.type === "oauth" || typed.type === "wellknown" ? typed.type : "api";
+	const key = typeof typed.key === "string" && typed.key.length > 0 ? typed.key : void 0;
+	return {
+		...typed,
+		type,
+		key
+	};
+}
+const ENV_HINTS = [
+	["ANTHROPIC_API_KEY", "anthropic"],
+	["OPENAI_API_KEY", "openai"],
+	["GOOGLE_GENERATIVE_AI_API_KEY", "google"],
+	["GOOGLE_API_KEY", "google"],
+	["AZURE_API_KEY", "azure"],
+	["XAI_API_KEY", "xai"],
+	["MISTRAL_API_KEY", "mistral"],
+	["GROQ_API_KEY", "groq"],
+	["OPENROUTER_API_KEY", "openrouter"]
+];
+
+//#endregion
+//#region src/auth/resolver.ts
+const log = require_logger.createLogger("auth:resolver");
+function createSecretResolver(storage) {
+	log("secret resolver created, storage=%s", storage !== void 0);
+	return { async resolve(ref) {
+		if (typeof ref === "string") {
+			log("resolve: plain string");
+			return ref;
+		}
+		if (ref.type === "plain") {
+			log("resolve: plain value");
+			return ref.value;
+		}
+		if (ref.type === "env") {
+			const value = process.env[ref.name];
+			if (value === void 0) throw new Error(`Environment variable not set: ${ref.name}`);
+			log("resolve: env %s", ref.name);
+			return value;
+		}
+		if (ref.type === "storage") {
+			if (!storage) throw new Error(`Storage not configured, cannot resolve key: ${ref.key}`);
+			const value = await storage.get(ref.key);
+			if (value === null) throw new Error(`Key not found in storage: ${ref.key}`);
+			log("resolve: storage key=%s", ref.key);
+			return value;
+		}
+		throw new Error(`Unknown SecretRef type: ${JSON.stringify(ref)}`);
+	} };
+}
+
+//#endregion
+Object.defineProperty(exports, 'DEFAULT_SCANNERS', {
+  enumerable: true,
+  get: function () {
+    return DEFAULT_SCANNERS;
+  }
+});
+Object.defineProperty(exports, 'createAuthStore', {
+  enumerable: true,
+  get: function () {
+    return createAuthStore;
+  }
+});
+Object.defineProperty(exports, 'createSecretResolver', {
+  enumerable: true,
+  get: function () {
+    return createSecretResolver;
+  }
+});
+//# sourceMappingURL=resolver-BMTvzTt9.cjs.map