repoburg 1.3.136 → 1.3.138

package/backend/packages/gemini-core/src/index.ts

@@ -1,35 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-// Export config
-export * from './config/config';
-
-// Export Core Logic
-export * from './core/contentGenerator';
-export * from './core/geminiChat';
-export * from './core/prompts';
-export * from './core/tokenLimits';
-export * from './core/geminiRequest';
-
-export * from './code_assist/codeAssist';
-export * from './code_assist/oauth2';
-export * from './code_assist/server';
-export * from './code_assist/types';
-
-// Export utilities
-export * from './utils/errors';
-export * from './utils/quotaErrorDetection';
-export * from './utils/retry';
-export * from './utils/partUtils';
-export { sessionId } from './utils/session';
-export { Storage } from './config/storage';
-export * from './utils/userAccountManager';
-
-// MCP token storage for auth
-export type {
-  OAuthToken,
-  OAuthCredentials,
-} from './mcp/token-storage/types';

package/backend/packages/gemini-core/src/mcp/token-storage/base-token-storage.ts

@@ -1,49 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import type { TokenStorage, OAuthCredentials } from './types';
-
-export abstract class BaseTokenStorage implements TokenStorage {
-  protected readonly serviceName: string;
-
-  constructor(serviceName: string) {
-    this.serviceName = serviceName;
-  }
-
-  abstract getCredentials(serverName: string): Promise<OAuthCredentials | null>;
-  abstract setCredentials(credentials: OAuthCredentials): Promise<void>;
-  abstract deleteCredentials(serverName: string): Promise<void>;
-  abstract listServers(): Promise<string[]>;
-  abstract getAllCredentials(): Promise<Map<string, OAuthCredentials>>;
-  abstract clearAll(): Promise<void>;
-
-  protected validateCredentials(credentials: OAuthCredentials): void {
-    if (!credentials.serverName) {
-      throw new Error('Server name is required');
-    }
-    if (!credentials.token) {
-      throw new Error('Token is required');
-    }
-    if (!credentials.token.accessToken) {
-      throw new Error('Access token is required');
-    }
-    if (!credentials.token.tokenType) {
-      throw new Error('Token type is required');
-    }
-  }
-
-  protected isTokenExpired(credentials: OAuthCredentials): boolean {
-    if (!credentials.token.expiresAt) {
-      return false;
-    }
-    const bufferMs = 5 * 60 * 1000;
-    return Date.now() > credentials.token.expiresAt - bufferMs;
-  }
-
-  protected sanitizeServerName(serverName: string): string {
-    return serverName.replace(/[^a-zA-Z0-9-_.]/g, '_');
-  }
-}

package/backend/packages/gemini-core/src/mcp/token-storage/file-token-storage.ts

@@ -1,184 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import { promises as fs } from 'node:fs';
-import * as path from 'node:path';
-import * as os from 'node:os';
-import * as crypto from 'node:crypto';
-import { BaseTokenStorage } from './base-token-storage';
-import type { OAuthCredentials } from './types';
-
-export class FileTokenStorage extends BaseTokenStorage {
-  private readonly tokenFilePath: string;
-  private readonly encryptionKey: Buffer;
-
-  constructor(serviceName: string) {
-    super(serviceName);
-    const configDir = path.join(os.homedir(), '.gemini');
-    this.tokenFilePath = path.join(configDir, 'mcp-oauth-tokens-v2.json');
-    this.encryptionKey = this.deriveEncryptionKey();
-  }
-
-  private deriveEncryptionKey(): Buffer {
-    const salt = `${os.hostname()}-${os.userInfo().username}-gemini-cli`;
-    return crypto.scryptSync('gemini-cli-oauth', salt, 32);
-  }
-
-  private encrypt(text: string): string {
-    const iv = crypto.randomBytes(16);
-    const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
-
-    let encrypted = cipher.update(text, 'utf8', 'hex');
-    encrypted += cipher.final('hex');
-
-    const authTag = cipher.getAuthTag();
-
-    return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
-  }
-
-  private decrypt(encryptedData: string): string {
-    const parts = encryptedData.split(':');
-    if (parts.length !== 3) {
-      throw new Error('Invalid encrypted data format');
-    }
-
-    const iv = Buffer.from(parts[0], 'hex');
-    const authTag = Buffer.from(parts[1], 'hex');
-    const encrypted = parts[2];
-
-    const decipher = crypto.createDecipheriv(
-      'aes-256-gcm',
-      this.encryptionKey,
-      iv,
-    );
-    decipher.setAuthTag(authTag);
-
-    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
-    decrypted += decipher.final('utf8');
-
-    return decrypted;
-  }
-
-  private async ensureDirectoryExists(): Promise<void> {
-    const dir = path.dirname(this.tokenFilePath);
-    await fs.mkdir(dir, { recursive: true, mode: 0o700 });
-  }
-
-  private async loadTokens(): Promise<Map<string, OAuthCredentials>> {
-    try {
-      const data = await fs.readFile(this.tokenFilePath, 'utf-8');
-      const decrypted = this.decrypt(data);
-      const tokens = JSON.parse(decrypted) as Record<string, OAuthCredentials>;
-      return new Map(Object.entries(tokens));
-    } catch (error: unknown) {
-      const err = error as NodeJS.ErrnoException & { message?: string };
-      if (err.code === 'ENOENT') {
-        throw new Error('Token file does not exist');
-      }
-      if (
-        err.message?.includes('Invalid encrypted data format') ||
-        err.message?.includes(
-          'Unsupported state or unable to authenticate data',
-        )
-      ) {
-        throw new Error('Token file corrupted');
-      }
-      throw error;
-    }
-  }
-
-  private async saveTokens(
-    tokens: Map<string, OAuthCredentials>,
-  ): Promise<void> {
-    await this.ensureDirectoryExists();
-
-    const data = Object.fromEntries(tokens);
-    const json = JSON.stringify(data, null, 2);
-    const encrypted = this.encrypt(json);
-
-    await fs.writeFile(this.tokenFilePath, encrypted, { mode: 0o600 });
-  }
-
-  async getCredentials(serverName: string): Promise<OAuthCredentials | null> {
-    const tokens = await this.loadTokens();
-    const credentials = tokens.get(serverName);
-
-    if (!credentials) {
-      return null;
-    }
-
-    if (this.isTokenExpired(credentials)) {
-      return null;
-    }
-
-    return credentials;
-  }
-
-  async setCredentials(credentials: OAuthCredentials): Promise<void> {
-    this.validateCredentials(credentials);
-
-    const tokens = await this.loadTokens();
-    const updatedCredentials: OAuthCredentials = {
-      ...credentials,
-      updatedAt: Date.now(),
-    };
-
-    tokens.set(credentials.serverName, updatedCredentials);
-    await this.saveTokens(tokens);
-  }
-
-  async deleteCredentials(serverName: string): Promise<void> {
-    const tokens = await this.loadTokens();
-
-    if (!tokens.has(serverName)) {
-      throw new Error(`No credentials found for ${serverName}`);
-    }
-
-    tokens.delete(serverName);
-
-    if (tokens.size === 0) {
-      try {
-        await fs.unlink(this.tokenFilePath);
-      } catch (error: unknown) {
-        const err = error as NodeJS.ErrnoException;
-        if (err.code !== 'ENOENT') {
-          throw error;
-        }
-      }
-    } else {
-      await this.saveTokens(tokens);
-    }
-  }
-
-  async listServers(): Promise<string[]> {
-    const tokens = await this.loadTokens();
-    return Array.from(tokens.keys());
-  }
-
-  async getAllCredentials(): Promise<Map<string, OAuthCredentials>> {
-    const tokens = await this.loadTokens();
-    const result = new Map<string, OAuthCredentials>();
-
-    for (const [serverName, credentials] of tokens) {
-      if (!this.isTokenExpired(credentials)) {
-        result.set(serverName, credentials);
-      }
-    }
-
-    return result;
-  }
-
-  async clearAll(): Promise<void> {
-    try {
-      await fs.unlink(this.tokenFilePath);
-    } catch (error: unknown) {
-      const err = error as NodeJS.ErrnoException;
-      if (err.code !== 'ENOENT') {
-        throw error;
-      }
-    }
-  }
-}

package/backend/packages/gemini-core/src/mcp/token-storage/hybrid-token-storage.ts

@@ -1,97 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import { BaseTokenStorage } from './base-token-storage';
-import { FileTokenStorage } from './file-token-storage';
-import type { TokenStorage, OAuthCredentials } from './types';
-import { TokenStorageType } from './types';
-
-const FORCE_FILE_STORAGE_ENV_VAR = 'GEMINI_FORCE_FILE_STORAGE';
-
-export class HybridTokenStorage extends BaseTokenStorage {
-  private storage: TokenStorage | null = null;
-  private storageType: TokenStorageType | null = null;
-  private storageInitPromise: Promise<TokenStorage> | null = null;
-
-  constructor(serviceName: string) {
-    super(serviceName);
-  }
-
-  private async initializeStorage(): Promise<TokenStorage> {
-    const forceFileStorage = process.env[FORCE_FILE_STORAGE_ENV_VAR] === 'true';
-
-    if (!forceFileStorage) {
-      try {
-        const { KeychainTokenStorage } = await import(
-          './keychain-token-storage'
-        );
-        const keychainStorage = new KeychainTokenStorage(this.serviceName);
-
-        const isAvailable = await keychainStorage.isAvailable();
-        if (isAvailable) {
-          this.storage = keychainStorage;
-          this.storageType = TokenStorageType.KEYCHAIN;
-          return this.storage;
-        }
-      } catch (_e) {
-        // Fallback to file storage if keychain fails to initialize
-      }
-    }
-
-    this.storage = new FileTokenStorage(this.serviceName);
-    this.storageType = TokenStorageType.ENCRYPTED_FILE;
-    return this.storage;
-  }
-
-  private async getStorage(): Promise<TokenStorage> {
-    if (this.storage !== null) {
-      return this.storage;
-    }
-
-    // Use a single initialization promise to avoid race conditions
-    if (!this.storageInitPromise) {
-      this.storageInitPromise = this.initializeStorage();
-    }
-
-    // Wait for initialization to complete
-    return await this.storageInitPromise;
-  }
-
-  async getCredentials(serverName: string): Promise<OAuthCredentials | null> {
-    const storage = await this.getStorage();
-    return storage.getCredentials(serverName);
-  }
-
-  async setCredentials(credentials: OAuthCredentials): Promise<void> {
-    const storage = await this.getStorage();
-    await storage.setCredentials(credentials);
-  }
-
-  async deleteCredentials(serverName: string): Promise<void> {
-    const storage = await this.getStorage();
-    await storage.deleteCredentials(serverName);
-  }
-
-  async listServers(): Promise<string[]> {
-    const storage = await this.getStorage();
-    return storage.listServers();
-  }
-
-  async getAllCredentials(): Promise<Map<string, OAuthCredentials>> {
-    const storage = await this.getStorage();
-    return storage.getAllCredentials();
-  }
-
-  async clearAll(): Promise<void> {
-    const storage = await this.getStorage();
-    await storage.clearAll();
-  }
-
-  async getStorageType(): Promise<TokenStorageType> {
-    await this.getStorage();
-    return this.storageType!;
-  }
-}

package/backend/packages/gemini-core/src/mcp/token-storage/index.ts

@@ -1,14 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-export * from './types';
-export * from './base-token-storage';
-export * from './file-token-storage';
-export * from './hybrid-token-storage';
-
-export const DEFAULT_SERVICE_NAME = 'gemini-cli-oauth';
-export const FORCE_ENCRYPTED_FILE_ENV_VAR =
-  'GEMINI_FORCE_ENCRYPTED_FILE_STORAGE';

package/backend/packages/gemini-core/src/mcp/token-storage/keychain-token-storage.ts

@@ -1,251 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-import * as crypto from 'node:crypto';
-import { BaseTokenStorage } from './base-token-storage';
-import type { OAuthCredentials } from './types';
-
-interface Keytar {
-  getPassword(service: string, account: string): Promise<string | null>;
-  setPassword(
-    service: string,
-    account: string,
-    password: string,
-  ): Promise<void>;
-  deletePassword(service: string, account: string): Promise<boolean>;
-  findCredentials(
-    service: string,
-  ): Promise<Array<{ account: string; password: string }>>;
-}
-
-const KEYCHAIN_TEST_PREFIX = '__keychain_test__';
-
-export class KeychainTokenStorage extends BaseTokenStorage {
-  private keychainAvailable: boolean | null = null;
-  private keytarModule: Keytar | null = null;
-  private keytarLoadAttempted = false;
-
-  async getKeytar(): Promise<Keytar | null> {
-    // If we've already tried loading (successfully or not), return the result
-    if (this.keytarLoadAttempted) {
-      return this.keytarModule;
-    }
-
-    this.keytarLoadAttempted = true;
-
-    try {
-      // Try to import keytar without any timeout - let the OS handle it
-      const moduleName = 'keytar';
-      const module = await import(moduleName);
-      this.keytarModule = module.default || module;
-    } catch (error) {
-      console.error(error);
-    }
-    return this.keytarModule;
-  }
-
-  async getCredentials(serverName: string): Promise<OAuthCredentials | null> {
-    if (!(await this.checkKeychainAvailability())) {
-      throw new Error('Keychain is not available');
-    }
-
-    const keytar = await this.getKeytar();
-    if (!keytar) {
-      throw new Error('Keytar module not available');
-    }
-
-    try {
-      const sanitizedName = this.sanitizeServerName(serverName);
-      const data = await keytar.getPassword(this.serviceName, sanitizedName);
-
-      if (!data) {
-        return null;
-      }
-
-      const credentials = JSON.parse(data) as OAuthCredentials;
-
-      if (this.isTokenExpired(credentials)) {
-        return null;
-      }
-
-      return credentials;
-    } catch (error) {
-      if (error instanceof SyntaxError) {
-        throw new Error(`Failed to parse stored credentials for ${serverName}`);
-      }
-      throw error;
-    }
-  }
-
-  async setCredentials(credentials: OAuthCredentials): Promise<void> {
-    if (!(await this.checkKeychainAvailability())) {
-      throw new Error('Keychain is not available');
-    }
-
-    const keytar = await this.getKeytar();
-    if (!keytar) {
-      throw new Error('Keytar module not available');
-    }
-
-    this.validateCredentials(credentials);
-
-    const sanitizedName = this.sanitizeServerName(credentials.serverName);
-    const updatedCredentials: OAuthCredentials = {
-      ...credentials,
-      updatedAt: Date.now(),
-    };
-
-    const data = JSON.stringify(updatedCredentials);
-    await keytar.setPassword(this.serviceName, sanitizedName, data);
-  }
-
-  async deleteCredentials(serverName: string): Promise<void> {
-    if (!(await this.checkKeychainAvailability())) {
-      throw new Error('Keychain is not available');
-    }
-
-    const keytar = await this.getKeytar();
-    if (!keytar) {
-      throw new Error('Keytar module not available');
-    }
-
-    const sanitizedName = this.sanitizeServerName(serverName);
-    const deleted = await keytar.deletePassword(
-      this.serviceName,
-      sanitizedName,
-    );
-
-    if (!deleted) {
-      throw new Error(`No credentials found for ${serverName}`);
-    }
-  }
-
-  async listServers(): Promise<string[]> {
-    if (!(await this.checkKeychainAvailability())) {
-      throw new Error('Keychain is not available');
-    }
-
-    const keytar = await this.getKeytar();
-    if (!keytar) {
-      throw new Error('Keytar module not available');
-    }
-
-    try {
-      const credentials = await keytar.findCredentials(this.serviceName);
-      return credentials
-        .filter((cred) => !cred.account.startsWith(KEYCHAIN_TEST_PREFIX))
-        .map((cred: { account: string }) => cred.account);
-    } catch (error) {
-      console.error('Failed to list servers from keychain:', error);
-      return [];
-    }
-  }
-
-  async getAllCredentials(): Promise<Map<string, OAuthCredentials>> {
-    if (!(await this.checkKeychainAvailability())) {
-      throw new Error('Keychain is not available');
-    }
-
-    const keytar = await this.getKeytar();
-    if (!keytar) {
-      throw new Error('Keytar module not available');
-    }
-
-    const result = new Map<string, OAuthCredentials>();
-    try {
-      const credentials = (
-        await keytar.findCredentials(this.serviceName)
-      ).filter((c) => !c.account.startsWith(KEYCHAIN_TEST_PREFIX));
-
-      for (const cred of credentials) {
-        try {
-          const data = JSON.parse(cred.password) as OAuthCredentials;
-          if (!this.isTokenExpired(data)) {
-            result.set(cred.account, data);
-          }
-        } catch (error) {
-          console.error(
-            `Failed to parse credentials for ${cred.account}:`,
-            error,
-          );
-        }
-      }
-    } catch (error) {
-      console.error('Failed to get all credentials from keychain:', error);
-    }
-
-    return result;
-  }
-
-  async clearAll(): Promise<void> {
-    if (!(await this.checkKeychainAvailability())) {
-      throw new Error('Keychain is not available');
-    }
-
-    const servers = this.keytarModule
-      ? await this.keytarModule
-          .findCredentials(this.serviceName)
-          .then((creds) => creds.map((c) => c.account))
-          .catch((error: Error) => {
-            throw new Error(
-              `Failed to list servers for clearing: ${error.message}`,
-            );
-          })
-      : [];
-    const errors: Error[] = [];
-
-    for (const server of servers) {
-      try {
-        await this.deleteCredentials(server);
-      } catch (error) {
-        errors.push(error as Error);
-      }
-    }
-
-    if (errors.length > 0) {
-      throw new Error(
-        `Failed to clear some credentials: ${errors.map((e) => e.message).join(', ')}`,
-      );
-    }
-  }
-
-  // Checks whether or not a set-get-delete cycle with the keychain works.
-  // Returns false if any operation fails.
-  async checkKeychainAvailability(): Promise<boolean> {
-    if (this.keychainAvailable !== null) {
-      return this.keychainAvailable;
-    }
-
-    try {
-      const keytar = await this.getKeytar();
-      if (!keytar) {
-        this.keychainAvailable = false;
-        return false;
-      }
-
-      const testAccount = `${KEYCHAIN_TEST_PREFIX}${crypto.randomBytes(8).toString('hex')}`;
-      const testPassword = 'test';
-
-      await keytar.setPassword(this.serviceName, testAccount, testPassword);
-      const retrieved = await keytar.getPassword(this.serviceName, testAccount);
-      const deleted = await keytar.deletePassword(
-        this.serviceName,
-        testAccount,
-      );
-
-      const success = deleted && retrieved === testPassword;
-      this.keychainAvailable = success;
-      return success;
-    } catch (_error) {
-      this.keychainAvailable = false;
-      return false;
-    }
-  }
-
-  async isAvailable(): Promise<boolean> {
-    return this.checkKeychainAvailability();
-  }
-}

package/backend/packages/gemini-core/src/mcp/token-storage/types.ts

@@ -1,42 +0,0 @@
-/**
- * @license
- * Copyright 2025 Google LLC
- * SPDX-License-Identifier: Apache-2.0
- */
-
-/**
- * Interface for OAuth tokens.
- */
-export interface OAuthToken {
-  accessToken: string;
-  refreshToken?: string;
-  expiresAt?: number;
-  tokenType: string;
-  scope?: string;
-}
-
-/**
- * Interface for stored OAuth credentials.
- */
-export interface OAuthCredentials {
-  serverName: string;
-  token: OAuthToken;
-  clientId?: string;
-  tokenUrl?: string;
-  mcpServerUrl?: string;
-  updatedAt: number;
-}
-
-export interface TokenStorage {
-  getCredentials(serverName: string): Promise<OAuthCredentials | null>;
-  setCredentials(credentials: OAuthCredentials): Promise<void>;
-  deleteCredentials(serverName: string): Promise<void>;
-  listServers(): Promise<string[]>;
-  getAllCredentials(): Promise<Map<string, OAuthCredentials>>;
-  clearAll(): Promise<void>;
-}
-
-export enum TokenStorageType {
-  KEYCHAIN = 'keychain',
-  ENCRYPTED_FILE = 'encrypted_file',
-}