PyPI - gac - Versions diffs - 3.6.0__py3-none-any.whl → 3.8.1__py3-none-any.whl - Mend

gac 3.6.0py3-none-any.whl → 3.8.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

gac/__version__.py +1 -1
gac/ai_utils.py +47 -0
gac/auth_cli.py +181 -36
gac/cli.py +13 -0
gac/config.py +54 -0
gac/constants.py +7 -0
gac/main.py +53 -11
gac/model_cli.py +65 -10
gac/oauth/__init__.py +26 -0
gac/oauth/claude_code.py +87 -20
gac/oauth/qwen_oauth.py +323 -0
gac/oauth/token_store.py +81 -0
gac/prompt.py +16 -4
gac/providers/__init__.py +3 -0
gac/providers/anthropic.py +11 -1
gac/providers/azure_openai.py +5 -1
gac/providers/cerebras.py +11 -1
gac/providers/chutes.py +11 -1
gac/providers/claude_code.py +11 -1
gac/providers/custom_anthropic.py +5 -1
gac/providers/custom_openai.py +5 -1
gac/providers/deepseek.py +11 -1
gac/providers/fireworks.py +11 -1
gac/providers/gemini.py +11 -1
gac/providers/groq.py +5 -1
gac/providers/kimi_coding.py +5 -1
gac/providers/lmstudio.py +12 -1
gac/providers/minimax.py +11 -1
gac/providers/mistral.py +11 -1
gac/providers/moonshot.py +11 -1
gac/providers/ollama.py +11 -1
gac/providers/openai.py +11 -1
gac/providers/openrouter.py +11 -1
gac/providers/qwen.py +76 -0
gac/providers/replicate.py +14 -2
gac/providers/streamlake.py +11 -1
gac/providers/synthetic.py +11 -1
gac/providers/together.py +11 -1
gac/providers/zai.py +11 -1
gac/utils.py +30 -1
gac/workflow_utils.py +3 -8
{gac-3.6.0.dist-info → gac-3.8.1.dist-info}/METADATA +6 -4
gac-3.8.1.dist-info/RECORD +56 -0
gac-3.6.0.dist-info/RECORD +0 -53
{gac-3.6.0.dist-info → gac-3.8.1.dist-info}/WHEEL +0 -0
{gac-3.6.0.dist-info → gac-3.8.1.dist-info}/entry_points.txt +0 -0
{gac-3.6.0.dist-info → gac-3.8.1.dist-info}/licenses/LICENSE +0 -0

gac/model_cli.py CHANGED Viewed

@@ -84,7 +84,7 @@ def _configure_model(existing_env: dict[str, str]) -> bool:
         ("Azure OpenAI", "gpt-5-mini"),
         ("Cerebras", "zai-glm-4.6"),
         ("Chutes", "zai-org/GLM-4.6-FP8"),
-        ("Claude Code", "claude-sonnet-4-5"),
+        ("Claude Code (OAuth)", "claude-sonnet-4-5"),
         ("Custom (Anthropic)", ""),
         ("Custom (OpenAI)", ""),
         ("DeepSeek", "deepseek-chat"),
@@ -99,6 +99,7 @@ def _configure_model(existing_env: dict[str, str]) -> bool:
         ("Ollama", "gemma3"),
         ("OpenAI", "gpt-5-mini"),
         ("OpenRouter", "openrouter/auto"),
+        ("Qwen.ai (OAuth)", "qwen3-coder-plus"),
         ("Replicate", "openai/gpt-oss-120b"),
         ("Streamlake", ""),
         ("Synthetic.new", "hf:zai-org/GLM-4.6"),
@@ -116,22 +117,27 @@ def _configure_model(existing_env: dict[str, str]) -> bool:
     provider_key = provider.lower().replace(".", "").replace(" ", "-").replace("(", "").replace(")", "")
     is_azure_openai = provider_key == "azure-openai"
-    is_claude_code = provider_key == "claude-code"
+    is_claude_code = provider_key == "claude-code-oauth"
     is_custom_anthropic = provider_key == "custom-anthropic"
     is_custom_openai = provider_key == "custom-openai"
     is_lmstudio = provider_key == "lm-studio"
     is_ollama = provider_key == "ollama"
+    is_qwen = provider_key == "qwenai-oauth"
     is_streamlake = provider_key == "streamlake"
     is_zai = provider_key in ("zai", "zai-coding")
-    if provider_key == "minimaxio":
+    if provider_key == "claude-code-oauth":
+        provider_key = "claude-code"
+    elif provider_key == "kimi-for-coding":
+        provider_key = "kimi-coding"
+    elif provider_key == "minimaxio":
         provider_key = "minimax"
-    elif provider_key == "syntheticnew":
-        provider_key = "synthetic"
     elif provider_key == "moonshot-ai":
         provider_key = "moonshot"
-    elif provider_key == "kimi-for-coding":
-        provider_key = "kimi-coding"
+    elif provider_key == "qwenai-oauth":
+        provider_key = "qwen"
+    elif provider_key == "syntheticnew":
+        provider_key = "synthetic"
     if is_streamlake:
         endpoint_id = _prompt_required_text("Enter the Streamlake inference endpoint ID (required):")
@@ -269,10 +275,12 @@ def _configure_model(existing_env: dict[str, str]) -> bool:
     # Handle Claude Code OAuth separately
     if is_claude_code:
-        from gac.oauth.claude_code import authenticate_and_save, load_stored_token
+        from gac.oauth.claude_code import authenticate_and_save
+        from gac.oauth.token_store import TokenStore
-        existing_token = load_stored_token()
-        if existing_token:
+        token_store = TokenStore()
+        existing_token_data = token_store.get_token("claude-code")
+        if existing_token_data:
             click.echo("\n✓ Claude Code access token already configured.")
             action = questionary.select(
                 "What would you like to do?",
@@ -305,6 +313,53 @@ def _configure_model(existing_env: dict[str, str]) -> bool:
                 return False
             return True
+    # Handle Qwen OAuth separately
+    if is_qwen:
+        from gac.oauth import QwenOAuthProvider, TokenStore
+        token_store = TokenStore()
+        qwen_token = token_store.get_token("qwen")
+        if qwen_token:
+            click.echo("\n✓ Qwen access token already configured.")
+            action = questionary.select(
+                "What would you like to do?",
+                choices=[
+                    "Keep existing token",
+                    "Re-authenticate (get new token)",
+                ],
+                use_shortcuts=True,
+                use_arrow_keys=True,
+                use_jk_keys=False,
+            ).ask()
+            if action is None or action.startswith("Keep existing"):
+                if action is None:
+                    click.echo("Qwen configuration cancelled. Keeping existing token.")
+                else:
+                    click.echo("Keeping existing Qwen token")
+                return True
+            else:
+                click.echo("\n🔐 Starting Qwen OAuth authentication...")
+                provider = QwenOAuthProvider(token_store)
+                try:
+                    provider.initiate_auth(open_browser=True)
+                    click.echo("✅ Qwen authentication completed successfully!")
+                    return True
+                except Exception as e:
+                    click.echo(f"❌ Qwen authentication failed: {e}")
+                    return False
+        else:
+            click.echo("\n🔐 Starting Qwen OAuth authentication...")
+            click.echo("   (Your browser will open automatically)\n")
+            provider = QwenOAuthProvider(token_store)
+            try:
+                provider.initiate_auth(open_browser=True)
+                click.echo("\n✅ Qwen authentication completed successfully!")
+                return True
+            except Exception as e:
+                click.echo(f"\n❌ Qwen authentication failed: {e}")
+                return False
     # Determine API key name based on provider
     if is_lmstudio:
         api_key_name = "LMSTUDIO_API_KEY"

gac/oauth/__init__.py CHANGED Viewed

@@ -1 +1,27 @@
 """OAuth authentication utilities for GAC."""
+from .claude_code import (
+    authenticate_and_save,
+    is_token_expired,
+    load_stored_token,
+    perform_oauth_flow,
+    refresh_token_if_expired,
+    remove_token,
+    save_token,
+)
+from .qwen_oauth import QwenDeviceFlow, QwenOAuthProvider
+from .token_store import OAuthToken, TokenStore
+__all__ = [
+    "authenticate_and_save",
+    "is_token_expired",
+    "load_stored_token",
+    "OAuthToken",
+    "perform_oauth_flow",
+    "QwenDeviceFlow",
+    "QwenOAuthProvider",
+    "refresh_token_if_expired",
+    "remove_token",
+    "save_token",
+    "TokenStore",
+]

gac/oauth/claude_code.py CHANGED Viewed

@@ -12,12 +12,14 @@ import time
 import webbrowser
 from dataclasses import dataclass
 from http.server import BaseHTTPRequestHandler, HTTPServer
-from pathlib import Path
 from typing import Any, TypedDict
 from urllib.parse import parse_qs, urlencode, urlparse
 import httpx
+from gac.oauth.token_store import OAuthToken, TokenStore
+from gac.utils import get_ssl_verify
 logger = logging.getLogger(__name__)
@@ -250,6 +252,7 @@ def exchange_code_for_tokens(auth_code: str, context: OAuthContext) -> dict[str,
             json=payload,
             headers=headers,
             timeout=30,
+            verify=get_ssl_verify(),
         )
         logger.info("Token exchange response: %s", response.status_code)
         if response.status_code == 200:
@@ -340,32 +343,82 @@ def perform_oauth_flow(quiet: bool = False) -> dict[str, Any] | None:
     return tokens
-def get_token_storage_path() -> Path:
-    """Get path for storing OAuth tokens."""
-    return Path.home() / ".gac.env"
+def load_stored_token() -> str | None:
+    """Load stored access token from token store."""
+    store = TokenStore()
+    token = store.get_token("claude-code")
+    if token:
+        return token.get("access_token")
+    return None
-def load_stored_token() -> str | None:
-    """Load stored access token from .gac.env."""
-    from dotenv import dotenv_values
+def is_token_expired() -> bool:
+    """Check if the stored Claude Code token has expired.
-    env_path = get_token_storage_path()
-    if not env_path.exists():
-        return None
+    Returns True if the token is expired or close to expiring (within 5 minutes).
+    """
+    store = TokenStore()
+    token = store.get_token("claude-code")
+    if not token:
+        return True
+    expiry = token.get("expiry")
+    if not expiry:
+        # No expiry information, assume it's still valid
+        return False
-    env_vars = dotenv_values(str(env_path))
-    return env_vars.get("CLAUDE_CODE_ACCESS_TOKEN")
+    # Consider token expired if it expires within 5 minutes
+    current_time = time.time()
+    return current_time >= (expiry - 300)
-def save_token(access_token: str) -> bool:
-    """Save access token to .gac.env and update environment."""
-    import os
+def refresh_token_if_expired(quiet: bool = True) -> bool:
+    """Refresh the Claude Code token if it has expired.
+    Args:
+        quiet: If True, suppress output messages
+    Returns:
+        True if token is valid (or was successfully refreshed), False otherwise
+    """
+    if not is_token_expired():
+        return True
+    if not quiet:
+        logger.info("Claude Code token expired, attempting to refresh...")
-    from dotenv import set_key
+    # Perform OAuth flow to get a new token
+    success = authenticate_and_save(quiet=quiet)
+    if not success and not quiet:
+        logger.error("Failed to refresh Claude Code token")
-    env_path = get_token_storage_path()
+    return success
+def save_token(access_token: str, token_data: dict[str, Any] | None = None) -> bool:
+    """Save access token to token store.
+    Args:
+        access_token: The OAuth access token string
+        token_data: Optional full token response data (includes expiry info)
+    """
+    import os
+    store = TokenStore()
     try:
-        set_key(str(env_path), "CLAUDE_CODE_ACCESS_TOKEN", access_token)
+        token: OAuthToken = {
+            "access_token": access_token,
+            "token_type": "Bearer",
+        }
+        # Add expiry information if available
+        if token_data:
+            if "expires_at" in token_data:
+                token["expiry"] = int(token_data["expires_at"])
+            elif "expires_in" in token_data:
+                token["expiry"] = int(time.time() + token_data["expires_in"])
+        store.save_token("claude-code", token)
         # Also update the current environment so the token is immediately available
         os.environ["CLAUDE_CODE_ACCESS_TOKEN"] = access_token
         return True
@@ -374,6 +427,20 @@ def save_token(access_token: str) -> bool:
         return False
+def remove_token() -> bool:
+    """Remove stored access token from token store."""
+    import os
+    store = TokenStore()
+    try:
+        store.remove_token("claude-code")
+        os.environ.pop("CLAUDE_CODE_ACCESS_TOKEN", None)
+        return True
+    except Exception as exc:
+        logger.error("Failed to remove token: %s", exc)
+        return False
 def authenticate_and_save(quiet: bool = False) -> bool:
     """Perform OAuth flow and save token."""
     tokens = perform_oauth_flow(quiet=quiet)
@@ -386,12 +453,12 @@ def authenticate_and_save(quiet: bool = False) -> bool:
             print("❌ No access token returned from authentication")
         return False
-    if not save_token(access_token):
+    if not save_token(access_token, token_data=tokens):
         if not quiet:
             print("❌ Failed to save access token")
         return False
     if not quiet:
-        print(f"✓ Access token saved to {get_token_storage_path()}")
+        print("✓ Access token saved to ~/.gac/oauth/claude-code.json")
     return True

gac/oauth/qwen_oauth.py ADDED Viewed

@@ -0,0 +1,323 @@
+"""Qwen OAuth device flow implementation.
+Implements OAuth 2.0 Device Authorization Grant (RFC 8628) with PKCE.
+"""
+import base64
+import hashlib
+import logging
+import os
+import secrets
+import time
+import webbrowser
+from dataclasses import dataclass, field
+import httpx
+from gac import __version__
+from gac.errors import AIError
+from gac.oauth.token_store import OAuthToken, TokenStore
+logger = logging.getLogger(__name__)
+QWEN_CLIENT_ID = "f0304373b74a44d2b584a3fb70ca9e56"
+USER_AGENT = f"gac/{__version__}"
+QWEN_DEVICE_CODE_ENDPOINT = "https://chat.qwen.ai/api/v1/oauth2/device/code"
+QWEN_TOKEN_ENDPOINT = "https://chat.qwen.ai/api/v1/oauth2/token"
+QWEN_SCOPES = ["openid", "profile", "email", "model.completion"]
+@dataclass
+class DeviceCodeResponse:
+    """Response from the device authorization endpoint."""
+    device_code: str
+    user_code: str
+    verification_uri: str
+    verification_uri_complete: str | None
+    expires_in: int
+    interval: int = 5
+@dataclass
+class QwenDeviceFlow:
+    """Qwen OAuth device flow implementation with PKCE."""
+    client_id: str = QWEN_CLIENT_ID
+    authorization_endpoint: str = QWEN_DEVICE_CODE_ENDPOINT
+    token_endpoint: str = QWEN_TOKEN_ENDPOINT
+    scopes: list[str] = field(default_factory=lambda: QWEN_SCOPES.copy())
+    _pkce_verifier: str = field(default="", init=False)
+    def _generate_pkce(self) -> tuple[str, str]:
+        """Generate PKCE code verifier and challenge.
+        Returns:
+            Tuple of (verifier, challenge) strings.
+        """
+        verifier = secrets.token_urlsafe(32)
+        challenge = base64.urlsafe_b64encode(hashlib.sha256(verifier.encode()).digest()).rstrip(b"=").decode()
+        return verifier, challenge
+    def initiate_device_flow(self) -> DeviceCodeResponse:
+        """Initiate the device authorization flow.
+        Returns:
+            DeviceCodeResponse with device code and verification URIs.
+        """
+        verifier, challenge = self._generate_pkce()
+        self._pkce_verifier = verifier
+        params = {
+            "client_id": self.client_id,
+            "code_challenge": challenge,
+            "code_challenge_method": "S256",
+        }
+        if self.scopes:
+            params["scope"] = " ".join(self.scopes)
+        response = httpx.post(
+            self.authorization_endpoint,
+            data=params,
+            headers={
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Accept": "application/json",
+                "User-Agent": USER_AGENT,
+            },
+            timeout=30,
+        )
+        if not response.is_success:
+            raise AIError.connection_error(f"Failed to initiate device flow: HTTP {response.status_code}")
+        data = response.json()
+        return DeviceCodeResponse(
+            device_code=data["device_code"],
+            user_code=data["user_code"],
+            verification_uri=data["verification_uri"],
+            verification_uri_complete=data.get("verification_uri_complete"),
+            expires_in=data["expires_in"],
+            interval=data.get("interval", 5),
+        )
+    def poll_for_token(self, device_code: str, max_duration: int = 900) -> OAuthToken:
+        """Poll the authorization server for an access token.
+        Args:
+            device_code: Device code from initiation response.
+            max_duration: Maximum polling duration in seconds (default 15 minutes).
+        Returns:
+            OAuthToken with access token and metadata.
+        """
+        start_time = time.time()
+        interval = 5
+        while time.time() - start_time < max_duration:
+            params = {
+                "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+                "device_code": device_code,
+                "client_id": self.client_id,
+                "code_verifier": self._pkce_verifier,
+            }
+            try:
+                response = httpx.post(
+                    self.token_endpoint,
+                    data=params,
+                    headers={
+                        "Content-Type": "application/x-www-form-urlencoded",
+                        "Accept": "application/json",
+                        "User-Agent": USER_AGENT,
+                    },
+                    timeout=30,
+                )
+                if response.is_success:
+                    data = response.json()
+                    now = int(time.time())
+                    expires_in = data.get("expires_in", 3600)
+                    return OAuthToken(
+                        access_token=data["access_token"],
+                        token_type="Bearer",
+                        expiry=now + expires_in,
+                        refresh_token=data.get("refresh_token"),
+                        scope=data.get("scope"),
+                        resource_url=data.get("resource_url"),
+                    )
+                error_data = response.json()
+                error = error_data.get("error", "")
+                if error == "authorization_pending":
+                    time.sleep(interval)
+                    continue
+                elif error == "slow_down":
+                    interval += 5
+                    time.sleep(interval)
+                    continue
+                elif error == "access_denied":
+                    raise AIError.authentication_error("Authorization was denied by user")
+                elif error == "expired_token":
+                    raise AIError.authentication_error("Device code expired. Please try again.")
+                raise AIError.connection_error(f"Token request failed: {response.status_code}")
+            except httpx.RequestError as e:
+                interval = int(min(interval * 1.5, 60))
+                logger.debug(f"Network error during polling, retrying in {interval}s: {e}")
+                time.sleep(interval)
+                continue
+        raise AIError.timeout_error("Authorization timeout exceeded. Please try again.")
+    def refresh_token(self, refresh_token: str) -> OAuthToken:
+        """Refresh an expired access token.
+        Args:
+            refresh_token: Valid refresh token.
+        Returns:
+            New OAuthToken with refreshed access token.
+        """
+        params = {
+            "grant_type": "refresh_token",
+            "refresh_token": refresh_token,
+            "client_id": self.client_id,
+        }
+        response = httpx.post(
+            self.token_endpoint,
+            data=params,
+            headers={
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Accept": "application/json",
+                "User-Agent": USER_AGENT,
+            },
+            timeout=30,
+        )
+        if not response.is_success:
+            raise AIError.authentication_error(f"Token refresh failed: HTTP {response.status_code}")
+        data = response.json()
+        now = int(time.time())
+        expires_in = data.get("expires_in", 3600)
+        return OAuthToken(
+            access_token=data["access_token"],
+            token_type="Bearer",
+            expiry=now + expires_in - 30,
+            refresh_token=data.get("refresh_token") or refresh_token,
+            scope=data.get("scope"),
+            resource_url=data.get("resource_url"),
+        )
+class QwenOAuthProvider:
+    """Qwen OAuth provider for authentication management."""
+    name = "qwen"
+    def __init__(self, token_store: TokenStore | None = None):
+        self.token_store = token_store or TokenStore()
+        self.device_flow = QwenDeviceFlow()
+    def _is_token_expired(self, token: OAuthToken) -> bool:
+        """Check if token is expired or near expiry (30-second buffer)."""
+        now = time.time()
+        buffer = 30
+        return token["expiry"] <= now + buffer
+    def initiate_auth(self, open_browser: bool = True) -> None:
+        """Initiate the OAuth authentication flow.
+        Args:
+            open_browser: Whether to automatically open the browser.
+        """
+        device_response = self.device_flow.initiate_device_flow()
+        auth_url = device_response.verification_uri_complete or (
+            f"{device_response.verification_uri}?user_code={device_response.user_code}"
+        )
+        print("\nQwen OAuth Authentication")
+        print("-" * 40)
+        print("Please visit the following URL to authorize:")
+        print(auth_url)
+        print(f"\nUser code: {device_response.user_code}")
+        if open_browser and self._should_launch_browser():
+            print("Opening browser for authentication...")
+            try:
+                webbrowser.open(auth_url)
+            except Exception as e:
+                logger.debug(f"Failed to open browser: {e}")
+                print("Failed to open browser automatically. Please open the URL manually.")
+        print("-" * 40)
+        print("Waiting for authorization...\n")
+        token = self.device_flow.poll_for_token(device_response.device_code)
+        self.token_store.save_token("qwen", token)
+        print("Authentication successful!")
+    def _should_launch_browser(self) -> bool:
+        """Check if we should launch a browser."""
+        if os.getenv("SSH_CLIENT") or os.getenv("SSH_TTY"):
+            return False
+        if not os.getenv("DISPLAY") and os.name != "nt":
+            if os.uname().sysname != "Darwin":
+                return False
+        return True
+    def get_token(self) -> OAuthToken | None:
+        """Get the current access token, refreshing if needed."""
+        token = self.token_store.get_token("qwen")
+        if not token:
+            return None
+        if self._is_token_expired(token):
+            return self.refresh_if_needed()
+        return token
+    def refresh_if_needed(self) -> OAuthToken | None:
+        """Refresh the token if expired.
+        Returns:
+            Refreshed token or None if refresh fails.
+        """
+        current_token = self.token_store.get_token("qwen")
+        if not current_token:
+            return None
+        if self._is_token_expired(current_token):
+            refresh_token = current_token.get("refresh_token")
+            if refresh_token:
+                try:
+                    refreshed_token = self.device_flow.refresh_token(refresh_token)
+                    self.token_store.save_token("qwen", refreshed_token)
+                    return refreshed_token
+                except Exception as e:
+                    logger.debug(f"Token refresh failed: {e}")
+                    self.token_store.remove_token("qwen")
+                    return None
+            else:
+                self.token_store.remove_token("qwen")
+                return None
+        return current_token
+    def logout(self) -> None:
+        """Log out by removing stored tokens."""
+        self.token_store.remove_token("qwen")
+        print("Successfully logged out from Qwen")
+    def is_authenticated(self) -> bool:
+        """Check if we have a valid token."""
+        token = self.get_token()
+        return token is not None

gac 3.6.0__py3-none-any.whl → 3.8.1__py3-none-any.whl

gac 3.6.0py3-none-any.whl → 3.8.1py3-none-any.whl