vibecore 0.3.0b1__py3-none-any.whl → 0.3.1__py3-none-any.whl

vibecore/auth/__init__.py

@@ -0,0 +1,15 @@
+"""Anthropic Pro/Max authentication module."""
+
+from vibecore.auth.config import ANTHROPIC_CONFIG
+from vibecore.auth.manager import AnthropicAuthManager
+from vibecore.auth.models import AnthropicAuth, ApiKeyCredentials, OAuthCredentials
+from vibecore.auth.storage import SecureAuthStorage
+
+__all__ = [
+    "ANTHROPIC_CONFIG",
+    "AnthropicAuth",
+    "AnthropicAuthManager",
+    "ApiKeyCredentials",
+    "OAuthCredentials",
+    "SecureAuthStorage",
+]

vibecore/auth/config.py

@@ -0,0 +1,38 @@
+"""Configuration constants for Anthropic authentication."""
+
+from typing import Final
+
+
+class AnthropicConfig:
+    """Configuration for Anthropic OAuth and API."""
+
+    # OAuth Client Configuration
+    OAUTH_CLIENT_ID: Final[str] = "9d1c250a-e61b-44d9-88ed-5944d1962f5e"
+    OAUTH_SCOPES: Final[str] = "org:create_api_key user:profile user:inference"
+    OAUTH_REDIRECT_URI: Final[str] = "https://console.anthropic.com/oauth/code/callback"
+    OAUTH_RESPONSE_TYPE: Final[str] = "code"
+    OAUTH_CODE_CHALLENGE_METHOD: Final[str] = "S256"
+
+    # API Endpoints
+    CLAUDE_AI_AUTHORIZE: Final[str] = "https://claude.ai/oauth/authorize"
+    CONSOLE_AUTHORIZE: Final[str] = "https://console.anthropic.com/oauth/authorize"
+    TOKEN_EXCHANGE: Final[str] = "https://console.anthropic.com/v1/oauth/token"
+    API_BASE: Final[str] = "https://api.anthropic.com"
+    MESSAGES: Final[str] = "https://api.anthropic.com/v1/messages"
+
+    # Beta Headers (Critical for Claude Code spoofing)
+    BETA_OAUTH: Final[str] = "oauth-2025-04-20"
+    BETA_CLAUDE_CODE: Final[str] = "claude-code-20250219"  # CRITICAL: Identifies as Claude Code
+    BETA_INTERLEAVED_THINKING: Final[str] = "interleaved-thinking-2025-05-14"
+    BETA_FINE_GRAINED_STREAMING: Final[str] = "fine-grained-tool-streaming-2025-05-14"
+
+    # Token Management
+    TOKEN_REFRESH_BUFFER_SECONDS: Final[int] = 300  # Refresh 5 minutes before expiry
+    TOKEN_MAX_RETRY_ATTEMPTS: Final[int] = 3
+    TOKEN_RETRY_DELAY_MS: Final[int] = 1000
+
+    # Claude Code Identity
+    CLAUDE_CODE_IDENTITY: Final[str] = "You are Claude Code, Anthropic's official CLI for Claude."
+
+
+ANTHROPIC_CONFIG = AnthropicConfig()

vibecore/auth/interceptor.py

@@ -0,0 +1,141 @@
+"""HTTP request interceptor for Claude Code spoofing."""
+
+from typing import Any
+
+import httpx
+from httpx import URL
+
+from vibecore.auth.config import ANTHROPIC_CONFIG
+from vibecore.auth.storage import SecureAuthStorage
+from vibecore.auth.token_manager import TokenRefreshManager
+
+
+class AnthropicRequestInterceptor:
+    """Intercepts and modifies Anthropic API requests."""
+
+    def __init__(self, storage: SecureAuthStorage):
+        """
+        Initialize request interceptor.
+
+        Args:
+            storage: Secure storage for credentials.
+        """
+        self.storage = storage
+        self.token_manager = TokenRefreshManager(storage)
+
+    async def intercept_request(self, url: str, headers: dict[str, str] | None = None, **kwargs: Any) -> dict[str, Any]:
+        """
+        Intercept and modify request for Anthropic API.
+
+        Args:
+            url: Request URL.
+            headers: Request headers.
+            **kwargs: Additional request parameters.
+
+        Returns:
+            Modified request parameters.
+        """
+        auth = await self.storage.load("anthropic")
+
+        if not auth:
+            raise ValueError("Not authenticated with Anthropic")
+
+        # Prepare headers
+        headers = {} if headers is None else headers.copy()
+
+        if auth.type == "oauth":  # OAuth auth
+            await self._configure_oauth_headers(headers)
+        else:  # API key auth
+            self._configure_api_key_headers(headers, auth.key)  # type: ignore
+
+        # Apply Claude Code spoofing headers
+        self._apply_claude_code_headers(headers)
+
+        # Return modified request parameters
+        return {**kwargs, "headers": headers}
+
+    async def _configure_oauth_headers(self, headers: dict[str, str]) -> None:
+        """Configure headers for OAuth authentication."""
+        # Get valid access token (handles refresh automatically)
+        access_token = await self.token_manager.get_valid_token()
+
+        # Remove any API key headers (OAuth takes precedence)
+        headers.pop("x-api-key", None)
+        headers.pop("X-Api-Key", None)
+        headers.pop("anthropic-api-key", None)
+
+        # Set OAuth bearer token
+        headers["Authorization"] = f"Bearer {access_token}"
+
+    def _configure_api_key_headers(self, headers: dict[str, str], api_key: str) -> None:
+        """Configure headers for API key authentication."""
+        # Remove OAuth headers if present
+        headers.pop("Authorization", None)
+
+        # Set API key
+        headers["x-api-key"] = api_key
+
+    def _apply_claude_code_headers(self, headers: dict[str, str]) -> None:
+        """Apply Claude Code spoofing headers."""
+        # Build beta features header
+        beta_features = [
+            ANTHROPIC_CONFIG.BETA_OAUTH,
+            ANTHROPIC_CONFIG.BETA_CLAUDE_CODE,  # Critical for spoofing
+            ANTHROPIC_CONFIG.BETA_INTERLEAVED_THINKING,
+            # ANTHROPIC_CONFIG.BETA_FINE_GRAINED_STREAMING,
+        ]
+
+        # Set the beta header (this is what makes Anthropic think we're Claude Code)
+        headers["anthropic-beta"] = ",".join(beta_features)
+
+        # Set additional headers that Claude Code uses
+        headers["anthropic-version"] = "2023-06-01"
+        headers.setdefault("accept", "application/json")
+
+        # Add Claude Code specific headers
+        headers["user-agent"] = "Claude-Code/1.0"
+        headers["x-client-id"] = ANTHROPIC_CONFIG.OAUTH_CLIENT_ID
+
+        # Ensure content-type is set for POST requests
+        headers.setdefault("content-type", "application/json")
+
+
+class GlobalAnthropicInterceptor:
+    """Global interceptor for automatic Anthropic request modification."""
+
+    def __init__(self, storage: SecureAuthStorage):
+        """
+        Initialize global interceptor.
+
+        Args:
+            storage: Secure storage for credentials.
+        """
+        self.interceptor = AnthropicRequestInterceptor(storage)
+        self.original_client_class = httpx.AsyncClient
+
+    def install(self) -> None:
+        """Install global request interception."""
+        interceptor = self.interceptor
+
+        class InterceptedAsyncClient(httpx.AsyncClient):
+            """Custom AsyncClient that intercepts Anthropic requests."""
+
+            async def request(self, method: str, url: URL | str, **kwargs: Any) -> httpx.Response:
+                """Override request method to intercept Anthropic API calls."""
+                # Convert URL to string if needed
+                url_str = str(url)
+
+                # Check if this is an Anthropic API request
+                if "anthropic.com" in url_str or "claude.ai" in url_str:
+                    # Intercept and modify request
+                    kwargs = await interceptor.intercept_request(url_str, **kwargs)
+
+                # Call original request method
+                return await super().request(method, url, **kwargs)
+
+        # Replace httpx.AsyncClient globally
+        httpx.AsyncClient = InterceptedAsyncClient  # type: ignore
+
+    def uninstall(self) -> None:
+        """Uninstall global request interception."""
+        httpx.AsyncClient = self.original_client_class  # type: ignore

vibecore/auth/manager.py

@@ -0,0 +1,173 @@
+"""Main authentication manager for Anthropic Pro/Max."""
+
+from vibecore.auth.config import ANTHROPIC_CONFIG
+from vibecore.auth.interceptor import GlobalAnthropicInterceptor
+from vibecore.auth.models import ApiKeyCredentials
+from vibecore.auth.oauth_flow import AnthropicOAuthFlow
+from vibecore.auth.storage import SecureAuthStorage
+from vibecore.auth.token_manager import TokenRefreshManager
+
+
+class AnthropicAuthManager:
+    """Main manager for Anthropic authentication."""
+
+    def __init__(self, app_name: str = "vibecore"):
+        """
+        Initialize authentication manager.
+
+        Args:
+            app_name: Application name for storage.
+        """
+        self.storage = SecureAuthStorage(app_name)
+        self.oauth_flow = AnthropicOAuthFlow()
+        self.token_manager = TokenRefreshManager(self.storage)
+        self.interceptor = GlobalAnthropicInterceptor(self.storage)
+
+    async def authenticate_pro_max(self, mode: str = "max") -> bool:
+        """
+        Authenticate with Pro/Max subscription via OAuth.
+
+        Args:
+            mode: "max" for claude.ai, "console" for console.anthropic.com.
+
+        Returns:
+            True if authentication successful.
+        """
+        try:
+            # Step 1: Initiate OAuth flow
+            auth_request = await self.oauth_flow.initiate(mode)
+
+            # Step 2: Open browser for user authorization
+            print("\n🌐 Opening browser for authentication...")
+            print(f"   If browser doesn't open, visit: {auth_request.url}\n")
+            self.oauth_flow.open_browser(auth_request.url)
+
+            # Step 3: Wait for user to provide authorization code
+            print("After authorizing, you'll be redirected to a page showing an authorization code.")
+            print("Copy the entire code (including the part after #) and paste it below.\n")
+            auth_code = input("Authorization code: ").strip()
+
+            if not auth_code:
+                print("❌ No authorization code provided")
+                return False
+
+            # Step 4: Exchange code for tokens
+            print("🔄 Exchanging authorization code for tokens...")
+            credentials = await self.oauth_flow.exchange(auth_code)
+
+            # Step 5: Save credentials securely
+            await self.storage.save("anthropic", credentials)
+
+            print("✅ Authentication successful! You're now using Claude Pro/Max.\n")
+            return True
+
+        except Exception as e:
+            print(f"❌ Authentication failed: {e}")
+            return False
+
+    async def authenticate_with_api_key(self, api_key: str) -> bool:
+        """
+        Authenticate with API key.
+
+        Args:
+            api_key: Anthropic API key.
+
+        Returns:
+            True if authentication successful.
+        """
+        try:
+            # Validate API key format
+            if not api_key.startswith("sk-ant-"):
+                print("❌ Invalid API key format. Anthropic keys start with 'sk-ant-'")
+                return False
+
+            credentials = ApiKeyCredentials(type="api", key=api_key)
+            await self.storage.save("anthropic", credentials)
+
+            print("✅ API key saved successfully!")
+            return True
+
+        except Exception as e:
+            print(f"❌ Failed to save API key: {e}")
+            return False
+
+    async def is_authenticated(self) -> bool:
+        """Check if user is authenticated."""
+        auth = await self.storage.load("anthropic")
+        return auth is not None
+
+    async def get_auth_type(self) -> str | None:
+        """
+        Get current authentication type.
+
+        Returns:
+            "oauth" for Pro/Max, "api" for API key, None if not authenticated.
+        """
+        auth = await self.storage.load("anthropic")
+        if auth:
+            return auth.type
+        return None
+
+    async def logout(self) -> None:
+        """Remove stored authentication."""
+        await self.storage.remove("anthropic")
+        print("✅ Logged out successfully")
+
+    def install_interceptor(self) -> None:
+        """Install global request interceptor for Claude Code spoofing."""
+        self.interceptor.install()
+
+    def uninstall_interceptor(self) -> None:
+        """Uninstall global request interceptor."""
+        self.interceptor.uninstall()
+
+    async def test_connection(self) -> bool:
+        """
+        Test the authentication by making a simple API call.
+
+        Returns:
+            True if connection successful.
+        """
+        try:
+            import httpx
+
+            # Get auth headers
+            auth = await self.storage.load("anthropic")
+            if not auth:
+                print("❌ Not authenticated")
+                return False
+
+            headers = {}
+            if auth.type == "oauth":  # OAuth
+                token = await self.token_manager.get_valid_token()
+                headers["Authorization"] = f"Bearer {token}"
+            else:  # API key
+                headers["x-api-key"] = auth.key  # type: ignore
+
+            # Add Claude Code headers
+            headers["anthropic-beta"] = ",".join(
+                [
+                    ANTHROPIC_CONFIG.BETA_OAUTH,
+                    ANTHROPIC_CONFIG.BETA_CLAUDE_CODE,
+                ]
+            )
+            headers["anthropic-version"] = "2023-06-01"
+
+            # Make test request
+            async with httpx.AsyncClient() as client:
+                response = await client.get(
+                    "https://api.anthropic.com/v1/models",
+                    headers=headers,
+                    timeout=10.0,
+                )
+
+                if response.status_code == 200:
+                    print("✅ Connection test successful!")
+                    return True
+                else:
+                    print(f"❌ Connection test failed: {response.status_code}")
+                    return False
+
+        except Exception as e:
+            print(f"❌ Connection test error: {e}")
+            return False

vibecore/auth/models.py

@@ -0,0 +1,54 @@
+"""Data models for Anthropic authentication."""
+
+from dataclasses import dataclass
+from typing import Literal
+
+
+@dataclass
+class OAuthCredentials:
+    """OAuth credentials for Pro/Max users."""
+
+    type: Literal["oauth"] = "oauth"
+    refresh: str = ""  # Refresh token (long-lived)
+    access: str = ""  # Access token (short-lived)
+    expires: int = 0  # Unix timestamp in milliseconds
+
+
+@dataclass
+class ApiKeyCredentials:
+    """API key credentials for standard users."""
+
+    type: Literal["api"] = "api"
+    key: str = ""  # API key
+
+
+# Union type for both authentication methods
+AnthropicAuth = OAuthCredentials | ApiKeyCredentials
+
+
+@dataclass
+class PKCEChallenge:
+    """PKCE challenge pair for OAuth flow."""
+
+    verifier: str
+    challenge: str
+
+
+@dataclass
+class AuthorizationRequest:
+    """OAuth authorization request details."""
+
+    url: str
+    verifier: str
+    state: str = ""
+
+
+@dataclass
+class TokenResponse:
+    """OAuth token response from server."""
+
+    access_token: str
+    refresh_token: str
+    expires_in: int
+    token_type: str
+    scope: str = ""

vibecore/auth/oauth_flow.py

@@ -0,0 +1,129 @@
+"""OAuth flow implementation for Anthropic Pro/Max authentication."""
+
+import time
+import webbrowser
+from urllib.parse import urlencode
+
+import httpx
+
+from vibecore.auth.config import ANTHROPIC_CONFIG
+from vibecore.auth.models import AuthorizationRequest, OAuthCredentials, PKCEChallenge
+from vibecore.auth.pkce import PKCEGenerator
+
+
+class AnthropicOAuthFlow:
+    """Handles OAuth flow for Pro/Max authentication."""
+
+    def __init__(self):
+        """Initialize OAuth flow handler."""
+        self.pkce_challenge: PKCEChallenge | None = None
+
+    async def initiate(self, mode: str = "max") -> AuthorizationRequest:
+        """
+        Initiate OAuth flow for Pro/Max authentication.
+
+        Args:
+            mode: "max" for claude.ai, "console" for console.anthropic.com.
+
+        Returns:
+            Authorization request with URL and PKCE verifier.
+        """
+        # Generate PKCE challenge
+        self.pkce_challenge = PKCEGenerator.generate()
+
+        # Select appropriate authorization endpoint
+        base_url = ANTHROPIC_CONFIG.CLAUDE_AI_AUTHORIZE if mode == "max" else ANTHROPIC_CONFIG.CONSOLE_AUTHORIZE
+
+        # Build authorization URL with all required parameters
+        params = {
+            "code": "true",
+            "client_id": ANTHROPIC_CONFIG.OAUTH_CLIENT_ID,
+            "response_type": ANTHROPIC_CONFIG.OAUTH_RESPONSE_TYPE,
+            "redirect_uri": ANTHROPIC_CONFIG.OAUTH_REDIRECT_URI,
+            "scope": ANTHROPIC_CONFIG.OAUTH_SCOPES,
+            "code_challenge": self.pkce_challenge.challenge,
+            "code_challenge_method": ANTHROPIC_CONFIG.OAUTH_CODE_CHALLENGE_METHOD,
+            "state": self.pkce_challenge.verifier,  # Using verifier as state
+        }
+
+        # Create full URL
+        auth_url = f"{base_url}?{urlencode(params)}"
+
+        return AuthorizationRequest(
+            url=auth_url,
+            verifier=self.pkce_challenge.verifier,
+            state=self.pkce_challenge.verifier,
+        )
+
+    async def exchange(self, auth_code: str) -> OAuthCredentials:
+        """
+        Exchange authorization code for tokens.
+
+        Args:
+            auth_code: Format: "code#state" from callback.
+
+        Returns:
+            OAuth credentials with access and refresh tokens.
+
+        Raises:
+            ValueError: If OAuth flow not initiated or invalid code format.
+            httpx.HTTPError: If token exchange fails.
+        """
+        if not self.pkce_challenge:
+            raise ValueError("OAuth flow not initiated")
+
+        # Parse the authorization code
+        parts = auth_code.split("#")
+        if len(parts) != 2:
+            raise ValueError("Invalid authorization code format. Expected: code#state")
+
+        code, state = parts
+
+        # Prepare token exchange request
+        request_body = {
+            "code": code,
+            "state": state,
+            "grant_type": "authorization_code",
+            "client_id": ANTHROPIC_CONFIG.OAUTH_CLIENT_ID,
+            "redirect_uri": ANTHROPIC_CONFIG.OAUTH_REDIRECT_URI,
+            "code_verifier": self.pkce_challenge.verifier,
+        }
+
+        # Exchange code for tokens
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                ANTHROPIC_CONFIG.TOKEN_EXCHANGE,
+                headers={
+                    "Content-Type": "application/json",
+                    "Accept": "application/json",
+                },
+                json=request_body,
+            )
+
+            if response.status_code != 200:
+                error_text = response.text
+                raise httpx.HTTPError(f"Token exchange failed: {response.status_code} - {error_text}")
+
+            tokens_data = response.json()
+
+        # Create credentials object
+        credentials = OAuthCredentials(
+            type="oauth",
+            refresh=tokens_data["refresh_token"],
+            access=tokens_data["access_token"],
+            expires=int(time.time() * 1000) + tokens_data["expires_in"] * 1000,
+        )
+
+        # Clear PKCE challenge
+        self.pkce_challenge = None
+
+        return credentials
+
+    def open_browser(self, url: str) -> None:
+        """
+        Open browser for user authorization.
+
+        Args:
+            url: Authorization URL.
+        """
+        webbrowser.open(url)

vibecore/auth/pkce.py

@@ -0,0 +1,29 @@
+"""PKCE (Proof Key for Code Exchange) implementation for OAuth."""
+
+import hashlib
+import secrets
+from base64 import urlsafe_b64encode
+
+from vibecore.auth.models import PKCEChallenge
+
+
+class PKCEGenerator:
+    """Generates cryptographically secure PKCE challenge pairs."""
+
+    @staticmethod
+    def generate() -> PKCEChallenge:
+        """
+        Generate a PKCE challenge pair following RFC 7636.
+
+        Returns:
+            PKCEChallenge with verifier and challenge.
+        """
+        # Generate 32 bytes of random data for verifier
+        verifier_bytes = secrets.token_bytes(32)
+        verifier = urlsafe_b64encode(verifier_bytes).decode("ascii").rstrip("=")
+
+        # Create SHA256 hash of verifier for challenge
+        challenge_bytes = hashlib.sha256(verifier.encode("ascii")).digest()
+        challenge = urlsafe_b64encode(challenge_bytes).decode("ascii").rstrip("=")
+
+        return PKCEChallenge(verifier=verifier, challenge=challenge)

vibecore/auth/storage.py

@@ -0,0 +1,111 @@
+"""Secure storage for authentication credentials."""
+
+import json
+import os
+from pathlib import Path
+from typing import Any
+
+from vibecore.auth.models import AnthropicAuth, ApiKeyCredentials, OAuthCredentials
+
+
+class SecureAuthStorage:
+    """Secure storage for authentication credentials."""
+
+    def __init__(self, app_name: str = "vibecore"):
+        """
+        Initialize secure storage.
+
+        Args:
+            app_name: Application name for storage directory.
+        """
+        # Store in user's local data directory
+        self.storage_path = Path.home() / ".local" / "share" / app_name / "auth.json"
+
+    async def save(self, provider: str, credentials: AnthropicAuth) -> None:
+        """
+        Save credentials securely.
+
+        Args:
+            provider: Provider name (e.g., "anthropic").
+            credentials: Authentication credentials.
+        """
+        # Ensure directory exists
+        self.storage_path.parent.mkdir(parents=True, exist_ok=True)
+
+        # Load existing data
+        data = await self._load_all()
+
+        # Convert credentials to dict
+        if isinstance(credentials, OAuthCredentials):
+            cred_dict = {
+                "type": "oauth",
+                "refresh": credentials.refresh,
+                "access": credentials.access,
+                "expires": credentials.expires,
+            }
+        elif isinstance(credentials, ApiKeyCredentials):
+            cred_dict = {"type": "api", "key": credentials.key}
+        else:
+            raise ValueError(f"Unknown credential type: {type(credentials)}")
+
+        # Update credentials
+        data[provider] = cred_dict
+
+        # Write with secure permissions (owner read/write only)
+        self.storage_path.write_text(json.dumps(data, indent=2))
+        os.chmod(self.storage_path, 0o600)
+
+    async def load(self, provider: str) -> AnthropicAuth | None:
+        """
+        Load credentials for a provider.
+
+        Args:
+            provider: Provider name.
+
+        Returns:
+            Authentication credentials or None if not found.
+        """
+        data = await self._load_all()
+        cred_dict = data.get(provider)
+
+        if not cred_dict:
+            return None
+
+        # Convert dict back to credentials object
+        if cred_dict.get("type") == "oauth":
+            return OAuthCredentials(
+                type="oauth",
+                refresh=cred_dict.get("refresh", ""),
+                access=cred_dict.get("access", ""),
+                expires=cred_dict.get("expires", 0),
+            )
+        elif cred_dict.get("type") == "api":
+            return ApiKeyCredentials(type="api", key=cred_dict.get("key", ""))
+
+        return None
+
+    async def remove(self, provider: str) -> None:
+        """
+        Remove credentials for a provider.
+
+        Args:
+            provider: Provider name.
+        """
+        data = await self._load_all()
+        data.pop(provider, None)
+        self.storage_path.write_text(json.dumps(data, indent=2))
+        os.chmod(self.storage_path, 0o600)
+
+    async def _load_all(self) -> dict[str, Any]:
+        """Load all stored credentials."""
+        if not self.storage_path.exists():
+            return {}
+
+        try:
+            return json.loads(self.storage_path.read_text())
+        except (json.JSONDecodeError, OSError):
+            return {}
+
+    def exists(self) -> bool:
+        """Check if any credentials are stored."""
+        return self.storage_path.exists() and self.storage_path.stat().st_size > 2