klaude-code 1.8.0__py3-none-any.whl → 1.9.0__py3-none-any.whl

klaude_code/auth/base.py

@@ -0,0 +1,101 @@
+"""Base classes for authentication token management."""
+
+import json
+import time
+from abc import ABC, abstractmethod
+from pathlib import Path
+from typing import Any, Generic, TypeVar, cast
+
+from pydantic import BaseModel
+
+
+KLAUDE_AUTH_FILE = Path.home() / ".klaude" / "klaude-auth.json"
+
+
+class BaseAuthState(BaseModel):
+    """Base authentication state with common OAuth fields."""
+
+    access_token: str
+    refresh_token: str
+    expires_at: int  # Unix timestamp
+
+    def is_expired(self, buffer_seconds: int = 300) -> bool:
+        """Check if token is expired or will expire soon."""
+        return time.time() + buffer_seconds >= self.expires_at
+
+
+T = TypeVar("T", bound=BaseAuthState)
+
+
+class BaseTokenManager(ABC, Generic[T]):
+    """Base class for OAuth token management."""
+
+    def __init__(self, auth_file: Path | None = None):
+        self.auth_file = auth_file or KLAUDE_AUTH_FILE
+        self._state: T | None = None
+
+    @property
+    @abstractmethod
+    def storage_key(self) -> str:
+        """Key used to store this auth state in the JSON file."""
+        ...
+
+    @abstractmethod
+    def _create_state(self, data: dict[str, Any]) -> T:
+        """Create state instance from dict data."""
+        ...
+
+    def _load_store(self) -> dict[str, Any]:
+        if not self.auth_file.exists():
+            return {}
+        try:
+            data: Any = json.loads(self.auth_file.read_text())
+            if isinstance(data, dict):
+                return cast(dict[str, Any], data)
+            return {}
+        except (json.JSONDecodeError, ValueError):
+            return {}
+
+    def _save_store(self, data: dict[str, Any]) -> None:
+        self.auth_file.parent.mkdir(parents=True, exist_ok=True)
+        self.auth_file.write_text(json.dumps(data, indent=2))
+
+    def load(self) -> T | None:
+        """Load authentication state from file."""
+        data: Any = self._load_store().get(self.storage_key)
+        if not isinstance(data, dict):
+            return None
+        try:
+            self._state = self._create_state(cast(dict[str, Any], data))
+            return self._state
+        except ValueError:
+            return None
+
+    def save(self, state: T) -> None:
+        """Save authentication state to file."""
+        store = self._load_store()
+        store[self.storage_key] = state.model_dump(mode="json")
+        self._save_store(store)
+        self._state = state
+
+    def delete(self) -> None:
+        """Delete stored tokens."""
+        store = self._load_store()
+        store.pop(self.storage_key, None)
+        if len(store) == 0:
+            if self.auth_file.exists():
+                self.auth_file.unlink()
+        else:
+            self._save_store(store)
+        self._state = None
+
+    def is_logged_in(self) -> bool:
+        """Check if user is logged in."""
+        state = self._state or self.load()
+        return state is not None
+
+    def get_state(self) -> T | None:
+        """Get current authentication state."""
+        if self._state is None:
+            self._state = self.load()
+        return self._state

klaude_code/auth/claude/__init__.py

@@ -0,0 +1,6 @@
+"""Claude (Anthropic OAuth) authentication helpers."""
+
+from .oauth import ClaudeOAuth
+from .token_manager import ClaudeAuthState, ClaudeTokenManager
+
+__all__ = ["ClaudeAuthState", "ClaudeOAuth", "ClaudeTokenManager"]

klaude_code/auth/claude/exceptions.py

@@ -0,0 +1,9 @@
+"""Exceptions for Claude OAuth authentication."""
+
+
+class ClaudeAuthError(Exception):
+    """Base class for Claude auth errors."""
+
+
+class ClaudeNotLoggedInError(ClaudeAuthError):
+    """Raised when no valid Claude OAuth session is available."""

klaude_code/auth/claude/oauth.py

@@ -0,0 +1,172 @@
+"""OAuth PKCE flow for Claude (Anthropic OAuth) authentication."""
+
+import base64
+import hashlib
+import secrets
+import time
+from collections.abc import Callable
+
+import httpx
+
+from klaude_code.auth.claude.exceptions import ClaudeAuthError, ClaudeNotLoggedInError
+from klaude_code.auth.claude.token_manager import ClaudeAuthState, ClaudeTokenManager
+
+
+def _decode_base64(value: str) -> str:
+    return base64.b64decode(value).decode()
+
+
+# OAuth configuration (Claude Pro/Max)
+CLIENT_ID = _decode_base64("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl")
+AUTHORIZE_URL = "https://claude.ai/oauth/authorize"
+TOKEN_URL = "https://console.anthropic.com/v1/oauth/token"
+REDIRECT_URI = "https://console.anthropic.com/oauth/code/callback"
+SCOPE = "org:create_api_key user:profile user:inference"
+
+
+def generate_code_verifier() -> str:
+    """Generate a random code verifier for PKCE."""
+    return secrets.token_urlsafe(64)[:128]
+
+
+def generate_code_challenge(verifier: str) -> str:
+    """Generate code challenge from verifier using S256 method."""
+    digest = hashlib.sha256(verifier.encode()).digest()
+    return base64.urlsafe_b64encode(digest).rstrip(b"=").decode()
+
+
+def build_authorize_url(code_challenge: str, state: str) -> str:
+    """Build the authorization URL with all required parameters."""
+    # Note: the `code=true` parameter is required for the console callback flow.
+    params = {
+        "code": "true",
+        "client_id": CLIENT_ID,
+        "response_type": "code",
+        "redirect_uri": REDIRECT_URI,
+        "scope": SCOPE,
+        "code_challenge": code_challenge,
+        "code_challenge_method": "S256",
+        "state": state,
+    }
+
+    encoded = httpx.QueryParams(params)
+    return f"{AUTHORIZE_URL}?{encoded}"
+
+
+def _parse_user_code(value: str) -> tuple[str, str | None]:
+    raw = value.strip()
+    if "#" in raw:
+        code, state = raw.split("#", 1)
+        return code.strip(), state.strip()
+    return raw, None
+
+
+class ClaudeOAuth:
+    """Handle OAuth PKCE flow for Claude (Anthropic OAuth) authentication."""
+
+    def __init__(self, token_manager: ClaudeTokenManager | None = None):
+        self.token_manager = token_manager or ClaudeTokenManager()
+
+    def login(
+        self,
+        *,
+        on_auth_url: Callable[[str], None],
+        on_prompt_code: Callable[[], str],
+    ) -> ClaudeAuthState:
+        """Run the complete OAuth login flow."""
+        verifier = generate_code_verifier()
+        challenge = generate_code_challenge(verifier)
+
+        # Some flows require `state` to be echoed back for token exchange.
+        state = verifier
+
+        auth_url = build_authorize_url(challenge, state)
+        on_auth_url(auth_url)
+
+        raw_user_code = on_prompt_code()
+        code, returned_state = _parse_user_code(raw_user_code)
+        if not code:
+            raise ClaudeAuthError("No authorization code provided")
+
+        exchange_state = returned_state or state
+        auth_state = self._exchange_code(code=code, state=exchange_state, verifier=verifier)
+        self.token_manager.save(auth_state)
+        return auth_state
+
+    def _exchange_code(self, *, code: str, state: str, verifier: str) -> ClaudeAuthState:
+        """Exchange authorization code for tokens."""
+        payload = {
+            "grant_type": "authorization_code",
+            "client_id": CLIENT_ID,
+            "code": code,
+            "state": state,
+            "redirect_uri": REDIRECT_URI,
+            "code_verifier": verifier,
+        }
+
+        with httpx.Client() as client:
+            response = client.post(
+                TOKEN_URL,
+                json=payload,
+                headers={"Content-Type": "application/json"},
+            )
+
+        if response.status_code != 200:
+            raise ClaudeAuthError(f"Token exchange failed: {response.text}")
+
+        tokens = response.json()
+        access_token = tokens["access_token"]
+        refresh_token = tokens["refresh_token"]
+        expires_in = tokens.get("expires_in", 3600)
+
+        return ClaudeAuthState(
+            access_token=access_token,
+            refresh_token=refresh_token,
+            expires_at=int(time.time()) + int(expires_in),
+        )
+
+    def refresh(self) -> ClaudeAuthState:
+        """Refresh the access token using refresh token."""
+        state = self.token_manager.get_state()
+        if state is None:
+            raise ClaudeNotLoggedInError("Not logged in to Claude. Run 'klaude login claude' first.")
+
+        payload = {
+            "grant_type": "refresh_token",
+            "client_id": CLIENT_ID,
+            "refresh_token": state.refresh_token,
+        }
+
+        with httpx.Client() as client:
+            response = client.post(
+                TOKEN_URL,
+                json=payload,
+                headers={"Content-Type": "application/json"},
+            )
+
+        if response.status_code != 200:
+            raise ClaudeAuthError(f"Token refresh failed: {response.text}")
+
+        tokens = response.json()
+        access_token = tokens["access_token"]
+        refresh_token = tokens.get("refresh_token", state.refresh_token)
+        expires_in = tokens.get("expires_in", 3600)
+
+        new_state = ClaudeAuthState(
+            access_token=access_token,
+            refresh_token=refresh_token,
+            expires_at=int(time.time()) + int(expires_in),
+        )
+        self.token_manager.save(new_state)
+        return new_state
+
+    def ensure_valid_token(self) -> str:
+        """Ensure we have a valid access token, refreshing if needed."""
+        state = self.token_manager.get_state()
+        if state is None:
+            raise ClaudeNotLoggedInError("Not logged in to Claude. Run 'klaude login claude' first.")
+
+        if state.is_expired():
+            state = self.refresh()
+
+        return state.access_token

klaude_code/auth/claude/token_manager.py

@@ -0,0 +1,26 @@
+"""Token storage and management for Claude (Anthropic OAuth) authentication."""
+
+from pathlib import Path
+from typing import Any
+
+from klaude_code.auth.base import BaseAuthState, BaseTokenManager
+
+
+class ClaudeAuthState(BaseAuthState):
+    """Stored authentication state for Claude OAuth."""
+
+    pass
+
+
+class ClaudeTokenManager(BaseTokenManager[ClaudeAuthState]):
+    """Manage Claude OAuth tokens."""
+
+    def __init__(self, auth_file: Path | None = None):
+        super().__init__(auth_file)
+
+    @property
+    def storage_key(self) -> str:
+        return "claude"
+
+    def _create_state(self, data: dict[str, Any]) -> ClaudeAuthState:
+        return ClaudeAuthState.model_validate(data)

klaude_code/auth/codex/token_manager.py

@@ -1,69 +1,29 @@
 """Token storage and management for Codex authentication."""
 
-import json
-import time
 from pathlib import Path
+from typing import Any
 
-from pydantic import BaseModel
+from klaude_code.auth.base import BaseAuthState, BaseTokenManager
 
 
-class CodexAuthState(BaseModel):
+class CodexAuthState(BaseAuthState):
     """Stored authentication state for Codex."""
 
-    access_token: str
-    refresh_token: str
-    expires_at: int  # Unix timestamp
     account_id: str
 
-    def is_expired(self, buffer_seconds: int = 300) -> bool:
-        """Check if token is expired or will expire soon."""
-        return time.time() + buffer_seconds >= self.expires_at
 
-
-CODEX_AUTH_FILE = Path.home() / ".klaude" / "codex-auth.json"
-
-
-class CodexTokenManager:
+class CodexTokenManager(BaseTokenManager[CodexAuthState]):
     """Manage Codex OAuth tokens."""
 
     def __init__(self, auth_file: Path | None = None):
-        self.auth_file = auth_file or CODEX_AUTH_FILE
-        self._state: CodexAuthState | None = None
-
-    def load(self) -> CodexAuthState | None:
-        """Load authentication state from file."""
-        if not self.auth_file.exists():
-            return None
-
-        try:
-            data = json.loads(self.auth_file.read_text())
-            self._state = CodexAuthState.model_validate(data)
-            return self._state
-        except (json.JSONDecodeError, ValueError):
-            return None
-
-    def save(self, state: CodexAuthState) -> None:
-        """Save authentication state to file."""
-        self.auth_file.parent.mkdir(parents=True, exist_ok=True)
-        self.auth_file.write_text(state.model_dump_json(indent=2))
-        self._state = state
-
-    def delete(self) -> None:
-        """Delete stored tokens."""
-        if self.auth_file.exists():
-            self.auth_file.unlink()
-        self._state = None
+        super().__init__(auth_file)
 
-    def is_logged_in(self) -> bool:
-        """Check if user is logged in."""
-        state = self._state or self.load()
-        return state is not None
+    @property
+    def storage_key(self) -> str:
+        return "codex"
 
-    def get_state(self) -> CodexAuthState | None:
-        """Get current authentication state."""
-        if self._state is None:
-            self._state = self.load()
-        return self._state
+    def _create_state(self, data: dict[str, Any]) -> CodexAuthState:
+        return CodexAuthState.model_validate(data)
 
     def get_access_token(self) -> str:
         """Get access token, raising if not logged in."""

klaude_code/cli/auth_cmd.py

@@ -1,70 +1,151 @@
 """Authentication commands for CLI."""
 
 import datetime
+import webbrowser
 
 import typer
+from prompt_toolkit.styles import Style
 
 from klaude_code.trace import log
+from klaude_code.ui.terminal.selector import SelectItem, select_one
+
+_SELECT_STYLE = Style(
+    [
+        ("instruction", "ansibrightblack"),
+        ("pointer", "ansigreen"),
+        ("highlighted", "ansigreen"),
+        ("text", "ansibrightblack"),
+        ("question", "bold"),
+    ]
+)
+
+
+def _select_provider() -> str | None:
+    """Display provider selection menu and return selected provider."""
+    items: list[SelectItem[str]] = [
+        SelectItem(title=[("class:text", "Claude Max/Pro Subscription\n")], value="claude", search_text="claude"),
+        SelectItem(title=[("class:text", "ChatGPT Codex Subscription\n")], value="codex", search_text="codex"),
+    ]
+    return select_one(
+        message="Select provider to login:",
+        items=items,
+        pointer="→",
+        style=_SELECT_STYLE,
+        use_search_filter=False,
+    )
 
 
 def login_command(
-    provider: str = typer.Argument("codex", help="Provider to login (codex)"),
+    provider: str | None = typer.Argument(None, help="Provider to login (codex|claude)"),
 ) -> None:
     """Login to a provider using OAuth."""
-    if provider.lower() != "codex":
-        log((f"Error: Unknown provider '{provider}'. Currently only 'codex' is supported.", "red"))
-        raise typer.Exit(1)
-
-    from klaude_code.auth.codex.oauth import CodexOAuth
-    from klaude_code.auth.codex.token_manager import CodexTokenManager
-
-    token_manager = CodexTokenManager()
-
-    # Check if already logged in
-    if token_manager.is_logged_in():
-        state = token_manager.get_state()
-        if state and not state.is_expired():
-            log(("You are already logged in to Codex.", "green"))
-            log(f"  Account ID: {state.account_id[:8]}...")
-            expires_dt = datetime.datetime.fromtimestamp(state.expires_at, tz=datetime.UTC)
-            log(f"  Expires: {expires_dt.strftime('%Y-%m-%d %H:%M:%S UTC')}")
-            if not typer.confirm("Do you want to re-login?"):
-                return
-
-    log("Starting Codex OAuth login flow...")
-    log("A browser window will open for authentication.")
-
-    try:
-        oauth = CodexOAuth(token_manager)
-        state = oauth.login()
-        log(("Login successful!", "green"))
-        log(f"  Account ID: {state.account_id[:8]}...")
-        expires_dt = datetime.datetime.fromtimestamp(state.expires_at, tz=datetime.UTC)
-        log(f"  Expires: {expires_dt.strftime('%Y-%m-%d %H:%M:%S UTC')}")
-    except Exception as e:
-        log((f"Login failed: {e}", "red"))
-        raise typer.Exit(1) from None
+    if provider is None:
+        provider = _select_provider()
+        if provider is None:
+            return
+
+    match provider.lower():
+        case "codex":
+            from klaude_code.auth.codex.oauth import CodexOAuth
+            from klaude_code.auth.codex.token_manager import CodexTokenManager
+
+            token_manager = CodexTokenManager()
+
+            # Check if already logged in
+            if token_manager.is_logged_in():
+                state = token_manager.get_state()
+                if state and not state.is_expired():
+                    log(("You are already logged in to Codex.", "green"))
+                    log(f"  Account ID: {state.account_id[:8]}...")
+                    expires_dt = datetime.datetime.fromtimestamp(state.expires_at, tz=datetime.UTC)
+                    log(f"  Expires: {expires_dt.strftime('%Y-%m-%d %H:%M:%S UTC')}")
+                    if not typer.confirm("Do you want to re-login?"):
+                        return
+
+            log("Starting Codex OAuth login flow...")
+            log("A browser window will open for authentication.")
+
+            try:
+                oauth = CodexOAuth(token_manager)
+                state = oauth.login()
+                log(("Login successful!", "green"))
+                log(f"  Account ID: {state.account_id[:8]}...")
+                expires_dt = datetime.datetime.fromtimestamp(state.expires_at, tz=datetime.UTC)
+                log(f"  Expires: {expires_dt.strftime('%Y-%m-%d %H:%M:%S UTC')}")
+            except Exception as e:
+                log((f"Login failed: {e}", "red"))
+                raise typer.Exit(1) from None
+        case "claude":
+            from klaude_code.auth.claude.oauth import ClaudeOAuth
+            from klaude_code.auth.claude.token_manager import ClaudeTokenManager
+
+            token_manager = ClaudeTokenManager()
+
+            if token_manager.is_logged_in():
+                state = token_manager.get_state()
+                if state and not state.is_expired():
+                    log(("You are already logged in to Claude.", "green"))
+                    expires_dt = datetime.datetime.fromtimestamp(state.expires_at, tz=datetime.UTC)
+                    log(f"  Expires: {expires_dt.strftime('%Y-%m-%d %H:%M:%S UTC')}")
+                    if not typer.confirm("Do you want to re-login?"):
+                        return
+
+            log("Starting Claude OAuth login flow...")
+            log("A browser window will open for authentication.")
+            log("After login, paste the authorization code in the terminal.")
+
+            try:
+                oauth = ClaudeOAuth(token_manager)
+                state = oauth.login(
+                    on_auth_url=lambda url: (webbrowser.open(url), None)[1],
+                    on_prompt_code=lambda: typer.prompt(
+                        "Paste the authorization code (format: code#state)",
+                        prompt_suffix=": ",
+                    ),
+                )
+                log(("Login successful!", "green"))
+                expires_dt = datetime.datetime.fromtimestamp(state.expires_at, tz=datetime.UTC)
+                log(f"  Expires: {expires_dt.strftime('%Y-%m-%d %H:%M:%S UTC')}")
+            except Exception as e:
+                log((f"Login failed: {e}", "red"))
+                raise typer.Exit(1) from None
+        case _:
+            log((f"Error: Unknown provider '{provider}'. Supported: codex, claude", "red"))
+            raise typer.Exit(1)
 
 
 def logout_command(
-    provider: str = typer.Argument("codex", help="Provider to logout (codex)"),
+    provider: str = typer.Argument("codex", help="Provider to logout (codex|claude)"),
 ) -> None:
     """Logout from a provider."""
-    if provider.lower() != "codex":
-        log((f"Error: Unknown provider '{provider}'. Currently only 'codex' is supported.", "red"))
-        raise typer.Exit(1)
+    match provider.lower():
+        case "codex":
+            from klaude_code.auth.codex.token_manager import CodexTokenManager
 
-    from klaude_code.auth.codex.token_manager import CodexTokenManager
+            token_manager = CodexTokenManager()
 
-    token_manager = CodexTokenManager()
+            if not token_manager.is_logged_in():
+                log("You are not logged in to Codex.")
+                return
 
-    if not token_manager.is_logged_in():
-        log("You are not logged in to Codex.")
-        return
+            if typer.confirm("Are you sure you want to logout from Codex?"):
+                token_manager.delete()
+                log(("Logged out from Codex.", "green"))
+        case "claude":
+            from klaude_code.auth.claude.token_manager import ClaudeTokenManager
+
+            token_manager = ClaudeTokenManager()
+
+            if not token_manager.is_logged_in():
+                log("You are not logged in to Claude.")
+                return
 
-    if typer.confirm("Are you sure you want to logout from Codex?"):
-        token_manager.delete()
-        log(("Logged out from Codex.", "green"))
+            if typer.confirm("Are you sure you want to logout from Claude?"):
+                token_manager.delete()
+                log(("Logged out from Claude.", "green"))
+        case _:
+            log((f"Error: Unknown provider '{provider}'. Supported: codex, claude", "red"))
+            raise typer.Exit(1)
 
 
 def register_auth_commands(app: typer.Typer) -> None:

klaude_code/cli/config_cmd.py

@@ -10,7 +10,9 @@ from klaude_code.config import config_path, create_example_config, example_confi
 from klaude_code.trace import log
 
 
-def list_models() -> None:
+def list_models(
+    show_all: bool = typer.Option(False, "--all", "-a", help="Show all providers including unavailable ones"),
+) -> None:
     """List all models and providers configuration"""
     from klaude_code.cli.list_model import display_models_and_providers
     from klaude_code.ui.terminal.color import is_light_terminal_background
@@ -25,7 +27,7 @@ def list_models() -> None:
         elif detected is False:
             config.theme = "dark"
 
-    display_models_and_providers(config)
+    display_models_and_providers(config, show_all=show_all)
 
 
 def edit_config() -> None:

klaude_code/cli/cost_cmd.py

@@ -5,8 +5,8 @@ from dataclasses import dataclass, field
 from datetime import datetime
 from pathlib import Path
 
-from rich.box import Box
 import typer
+from rich.box import Box
 from rich.console import Console
 from rich.table import Table
 
@@ -163,13 +163,13 @@ def format_cost_dual(cost_usd: float, cost_cny: float) -> tuple[str, str]:
 
 
 def format_date_display(date_str: str) -> str:
-    """Format date string YYYY-MM-DD to 'YYYY M-D' for table display."""
-    parts = date_str.split("-")
-    if len(parts) == 3:
-        month = int(parts[1])
-        day = int(parts[2])
-        return f"{parts[0]} {month}-{day}"
-    return date_str
+    """Format date string YYYY-MM-DD to 'YYYY M-D WEEKDAY' for table display."""
+    try:
+        dt = datetime.strptime(date_str, "%Y-%m-%d")
+        weekday = dt.strftime("%a").upper()
+        return f"{dt.year} {dt.month}-{dt.day} {weekday}"
+    except (ValueError, TypeError):
+        return date_str
 
 
 def render_cost_table(daily_stats: dict[str, DailyStats]) -> Table:
@@ -178,6 +178,7 @@ def render_cost_table(daily_stats: dict[str, DailyStats]) -> Table:
         title="Usage Statistics",
         show_header=True,
         header_style="bold",
+        border_style="bright_black dim",
         padding=(0, 1, 0, 2),
         box=ASCII_HORIZONAL,
     )
@@ -267,10 +268,14 @@ def render_cost_table(daily_stats: dict[str, DailyStats]) -> Table:
     sorted_global_models = [s.model_name for s in sorted(global_by_model.values(), key=sort_by_cost)]
     first_total_row = True
     for model_name in sorted_global_models:
+        # Add empty row before first model to align with Total date range
+        if first_total_row:
+            table.add_row(total_label, "", "", "", "", "", "", "")
+            first_total_row = False
         stats = global_by_model[model_name]
         usd_str, cny_str = format_cost_dual(stats.cost_usd, stats.cost_cny)
         table.add_row(
-            total_label if first_total_row else "",
+            "",
             f"- {model_name}",
             format_tokens(stats.input_tokens),
             format_tokens(stats.output_tokens),