ya-oauth-provider 0.74.0__tar.gz

ya_oauth_provider-0.74.0/.gitignore

@@ -0,0 +1,169 @@
+docs/source
+
+# From https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+!apps/
+!apps/ya-claw-web/
+!apps/ya-claw-web/src/
+!apps/ya-claw-web/src/lib/
+!apps/ya-claw-web/src/lib/**
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.yaai/
+**/.yaai/
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.pyright/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# Vscode config files
+# .vscode/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+TO-DO.json
+dev/
+ya_agent_sdk/sandbox/shell/templates/public
+
+# Sync automaticlly
+yaacli/yaacli/skills/building-agents
+
+# Frontend
+node_modules/
+apps/*/dist/
+!apps/ya-desktop/
+!apps/ya-desktop/src/
+!apps/ya-desktop/src/**
+!apps/ya-desktop/src-tauri/
+!apps/ya-desktop/src-tauri/resources/
+!apps/ya-desktop/src-tauri/resources/uv/
+!apps/ya-desktop/src-tauri/resources/uv/.gitkeep
+apps/ya-desktop/src-tauri/resources/uv/uv
+apps/ya-desktop/src-tauri/resources/uv/uv.exe
+*.tsbuildinfo

ya_oauth_provider-0.74.0/PKG-INFO

@@ -0,0 +1,34 @@
+Metadata-Version: 2.4
+Name: ya-oauth-provider
+Version: 0.74.0
+Summary: Pydantic AI OAuth-backed model provider helpers for YA
+Project-URL: Repository, https://github.com/wh1isper/ya-mono
+Author-email: wh1isper <jizhongsheng957@gmail.com>
+Keywords: agents,oauth,pydantic-ai
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Requires-Python: <3.14,>=3.11
+Requires-Dist: httpx>=0.28.1
+Requires-Dist: pydantic-ai>=1.94.0
+Requires-Dist: pydantic>=2.12.0
+Requires-Dist: tenacity>=9.0.0
+Requires-Dist: ya-oauth==0.74.0
+Description-Content-Type: text/markdown
+
+# ya-oauth-provider
+
+Pydantic AI model/provider helpers that consume OAuth token sources from `ya-oauth`.
+
+## Codex model string
+
+YA Agent SDK loads this package for model strings such as:
+
+```text
+oauth@codex:gpt-5.5
+```
+
+The provider attaches Codex-compatible bearer, account, originator, version, session, and thread headers.

ya_oauth_provider-0.74.0/README.md

@@ -0,0 +1,13 @@
+# ya-oauth-provider
+
+Pydantic AI model/provider helpers that consume OAuth token sources from `ya-oauth`.
+
+## Codex model string
+
+YA Agent SDK loads this package for model strings such as:
+
+```text
+oauth@codex:gpt-5.5
+```
+
+The provider attaches Codex-compatible bearer, account, originator, version, session, and thread headers.

ya_oauth_provider-0.74.0/pyproject.toml

@@ -0,0 +1,60 @@
+[project]
+name = "ya-oauth-provider"
+dynamic = ["version", "dependencies"]
+description = "Pydantic AI OAuth-backed model provider helpers for YA"
+authors = [{ name = "wh1isper", email = "jizhongsheng957@gmail.com" }]
+readme = "README.md"
+keywords = ["oauth", "pydantic-ai", "agents"]
+requires-python = ">=3.11,<3.14"
+classifiers = [
+    "Intended Audience :: Developers",
+    "Programming Language :: Python",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+]
+
+[project.urls]
+Repository = "https://github.com/wh1isper/ya-mono"
+
+[dependency-groups]
+dev = [
+    "pytest>=7.2.0",
+    "pytest-asyncio>=0.25.3",
+    "pytest-httpx>=0.35.0",
+    "ruff>=0.9.2",
+    "pyright>=1.1.0",
+]
+
+[build-system]
+requires = ["hatchling", "uv-dynamic-versioning>=0.7.0"]
+build-backend = "hatchling.build"
+
+[tool.hatch.version]
+source = "uv-dynamic-versioning"
+
+[tool.uv-dynamic-versioning]
+vcs = "git"
+style = "pep440"
+bump = true
+
+[tool.hatch.metadata.hooks.uv-dynamic-versioning]
+dependencies = [
+    "httpx>=0.28.1",
+    "pydantic>=2.12.0",
+    "pydantic-ai>=1.94.0",
+    "tenacity>=9.0.0",
+    "ya-oauth=={{ version }}",
+]
+
+[tool.hatch.build.targets.wheel]
+packages = ["ya_oauth_provider"]
+
+[tool.uv.sources]
+ya-oauth = { workspace = true }
+
+[tool.deptry]
+ignore = ["DEP001", "DEP002"]
+package_module_name_map = { "httpx" = "httpx", "pydantic" = "pydantic", "pydantic-ai" = "pydantic_ai", "pytest" = "pytest", "pytest-asyncio" = "pytest_asyncio", "pytest-httpx" = "pytest_httpx", "ruff" = "ruff", "pyright" = "pyright", "tenacity" = "tenacity", "ya-oauth" = "ya_oauth" }
+per_rule_ignores = { DEP003 = ["anyio", "httpx", "pydantic-ai", "pytest", "tenacity"], DEP004 = ["pytest"] }

ya_oauth_provider-0.74.0/tests/test_codex_provider.py

@@ -0,0 +1,125 @@
+from __future__ import annotations
+
+import json
+
+import anyio
+import httpx
+import pytest
+from pydantic_ai.exceptions import UserError
+from ya_oauth.types import OAuthAccount, TokenSnapshot
+from ya_oauth_provider.codex import CodexResponsesModel, build_codex_model, build_session_headers
+from ya_oauth_provider.http import OAuthBearerAuth, build_codex_headers
+
+ACCESS_TOKEN_OLD = "fixture-access-token-old"  # noqa: S105
+ACCESS_TOKEN_NEW = "fixture-access-token-new"  # noqa: S105
+
+
+class FakeTokenSource:
+    def __init__(self) -> None:
+        self.refresh_count = 0
+
+    async def get_token(self) -> TokenSnapshot:
+        return TokenSnapshot(
+            provider_name="codex",
+            access_token=ACCESS_TOKEN_OLD,
+            account=OAuthAccount(chatgpt_account_id="acct_123", chatgpt_account_is_fedramp=True),
+        )
+
+    async def refresh_token(self) -> TokenSnapshot:
+        self.refresh_count += 1
+        return TokenSnapshot(
+            provider_name="codex",
+            access_token=ACCESS_TOKEN_NEW,
+            account=OAuthAccount(chatgpt_account_id="acct_456"),
+        )
+
+
+def test_build_codex_headers() -> None:
+    headers = build_codex_headers(
+        OAuthAccount(chatgpt_account_id="acct_123", chatgpt_account_is_fedramp=True),
+        extra_headers={"session_id": "s1", "thread-id": "t1", "x-client-request-id": "t1"},
+        version="test-version",
+    )
+
+    assert "Authorization" not in headers
+    assert headers["ChatGPT-Account-ID"] == "acct_123"
+    assert headers["X-OpenAI-Fedramp"] == "true"
+    assert headers["originator"] == "ya_agent_sdk"
+    assert headers["version"] == "test-version"
+    assert headers["session_id"] == "s1"
+    assert headers["thread-id"] == "t1"
+    assert headers["x-client-request-id"] == "t1"
+
+
+def test_build_codex_headers_rejects_reserved_extra_headers() -> None:
+    with pytest.raises(ValueError, match="reserved OAuth/Codex header"):
+        build_codex_headers(OAuthAccount(), extra_headers={"Authorization": "Bearer other"})
+
+
+def test_build_session_headers_uses_both_variants() -> None:
+    assert build_session_headers("session", "thread") == {
+        "session_id": "session",
+        "session-id": "session",
+        "thread_id": "thread",
+        "thread-id": "thread",
+        "x-client-request-id": "thread",
+    }
+
+
+def test_build_codex_model_requires_streaming_for_non_stream_request() -> None:
+    model = build_codex_model("gpt-5.5", token_source=FakeTokenSource())
+
+    assert isinstance(model, CodexResponsesModel)
+    with pytest.raises(UserError, match="requires streaming"):
+        anyio.run(model.request, [], None, None)  # type: ignore[arg-type]
+
+
+@pytest.mark.asyncio
+async def test_oauth_bearer_auth_fills_codex_responses_instructions() -> None:
+    source = FakeTokenSource()
+    seen: list[dict[str, object]] = []
+
+    def handler(request: httpx.Request) -> httpx.Response:
+        seen.append(dict(json.loads(request.content)))
+        return httpx.Response(200, json={"ok": True}, request=request)
+
+    client = httpx.AsyncClient(
+        transport=httpx.MockTransport(handler),
+        auth=OAuthBearerAuth(source, provider_name="codex"),
+    )
+
+    await client.post("https://chatgpt.com/backend-api/codex/responses", json={"model": "gpt-5.5"})
+    await client.post(
+        "https://chatgpt.com/backend-api/codex/responses",
+        json={"model": "gpt-5.5", "instructions": None},
+    )
+    await client.aclose()
+
+    assert seen == [
+        {"model": "gpt-5.5", "instructions": "", "store": False},
+        {"model": "gpt-5.5", "instructions": "", "store": False},
+    ]
+
+
+@pytest.mark.asyncio
+async def test_oauth_bearer_auth_refreshes_once_on_401() -> None:
+    source = FakeTokenSource()
+    seen: list[str] = []
+
+    def handler(request: httpx.Request) -> httpx.Response:
+        seen.append(request.headers["Authorization"])
+        if len(seen) == 1:
+            return httpx.Response(401, request=request)
+        return httpx.Response(200, json={"ok": True}, request=request)
+
+    client = httpx.AsyncClient(
+        transport=httpx.MockTransport(handler),
+        auth=OAuthBearerAuth(source, provider_name="codex", extra_headers={"session_id": "s1"}),
+    )
+
+    response = await client.get("https://example.com/test")
+    await client.aclose()
+
+    assert response.status_code == 200
+    assert seen == [f"Bearer {ACCESS_TOKEN_OLD}", f"Bearer {ACCESS_TOKEN_NEW}"]
+    assert source.refresh_count == 1

ya_oauth_provider-0.74.0/ya_oauth_provider/__init__.py

@@ -0,0 +1,6 @@
+"""OAuth-backed Pydantic AI provider helpers."""
+
+from ya_oauth_provider.codex import build_codex_model, build_session_headers, infer_oauth_model
+from ya_oauth_provider.http import OAuthBearerAuth, build_codex_headers
+
+__all__ = ["OAuthBearerAuth", "build_codex_headers", "build_codex_model", "build_session_headers", "infer_oauth_model"]

ya_oauth_provider-0.74.0/ya_oauth_provider/codex.py

@@ -0,0 +1,107 @@
+from __future__ import annotations
+
+from collections.abc import AsyncIterator
+from contextlib import asynccontextmanager
+from typing import Any
+
+from pydantic_ai.exceptions import UserError
+from pydantic_ai.messages import ModelMessage, ModelResponse
+from pydantic_ai.models import Model, ModelRequestParameters, StreamedResponse
+from pydantic_ai.models.openai import OpenAIResponsesModel
+from pydantic_ai.profiles.openai import OpenAIModelProfile
+from pydantic_ai.providers.openai import OpenAIProvider
+from pydantic_ai.settings import ModelSettings
+from ya_oauth.codex import CODEX_BASE_URL, create_codex_token_source
+from ya_oauth.types import OAuthTokenSource
+
+from ya_oauth_provider.http import OAuthBearerAuth
+
+
+def infer_oauth_model(provider_name: str, model_name: str, *, extra_headers: dict[str, str] | None = None) -> Model:
+    """Infer an OAuth-backed model from `oauth@provider:model` parts."""
+    if provider_name == "codex":
+        return build_codex_model(model_name, extra_headers=extra_headers)
+    raise KeyError(f"Unknown OAuth provider: {provider_name}")
+
+
+def build_codex_model(
+    model_name: str,
+    *,
+    token_source: OAuthTokenSource | None = None,
+    extra_headers: dict[str, str] | None = None,
+    base_url: str = CODEX_BASE_URL,
+) -> Model:
+    """Build a Codex OAuth-backed OpenAI Responses model."""
+    import httpx
+    from pydantic_ai.models import get_user_agent
+    from pydantic_ai.retries import AsyncTenacityTransport, RetryConfig
+    from tenacity import retry_if_exception_type, stop_after_attempt, wait_exponential
+
+    source = token_source or create_codex_token_source()
+    http_client = httpx.AsyncClient(
+        auth=OAuthBearerAuth(source, provider_name="codex", extra_headers=extra_headers),
+        headers={"User-Agent": get_user_agent()},
+        timeout=httpx.Timeout(timeout=900, connect=5, read=300),
+        transport=AsyncTenacityTransport(
+            config=RetryConfig(
+                retry=retry_if_exception_type((httpx.HTTPError, httpx.StreamError)),
+                wait=wait_exponential(multiplier=1, max=10),
+                stop=stop_after_attempt(10),
+                reraise=True,
+            )
+        ),
+    )
+    provider = OpenAIProvider(api_key="oauth-managed", base_url=base_url, http_client=http_client)
+    return CodexResponsesModel(model_name, provider=provider, profile=_codex_profile())
+
+
+class CodexResponsesModel(OpenAIResponsesModel):
+    """Codex Responses API model that requires streaming calls."""
+
+    async def request(
+        self,
+        messages: list[ModelMessage],
+        model_settings: ModelSettings | None,
+        model_request_parameters: ModelRequestParameters,
+    ) -> ModelResponse:
+        raise UserError(
+            "Codex OAuth Responses API requires streaming. "
+            "Use agent.run_stream(), agent.iter(), or ya_agent_sdk.stream_agent()."
+        )
+
+    @asynccontextmanager
+    async def request_stream(
+        self,
+        messages: list[ModelMessage],
+        model_settings: ModelSettings | None,
+        model_request_parameters: ModelRequestParameters,
+        run_context: Any | None = None,
+    ) -> AsyncIterator[StreamedResponse]:
+        async with super().request_stream(messages, model_settings, model_request_parameters, run_context) as response:
+            yield response
+
+
+def _codex_profile() -> OpenAIModelProfile:
+    return OpenAIModelProfile(
+        supports_tools=True,
+        supports_json_schema_output=True,
+        supports_thinking=True,
+        thinking_always_enabled=True,
+        openai_supports_reasoning=True,
+        openai_supports_encrypted_reasoning_content=True,
+        openai_supports_strict_tool_definition=True,
+        openai_responses_requires_function_call_status_none=True,
+    )
+
+
+def build_session_headers(session_id: str | None, thread_id: str | None) -> dict[str, str]:
+    """Build Codex session/thread headers with underscore and hyphen variants."""
+    headers: dict[str, str] = {}
+    if session_id:
+        headers["session_id"] = session_id
+        headers["session-id"] = session_id
+    if thread_id:
+        headers["thread_id"] = thread_id
+        headers["thread-id"] = thread_id
+        headers["x-client-request-id"] = thread_id
+    return headers

ya_oauth_provider-0.74.0/ya_oauth_provider/http.py

@@ -0,0 +1,132 @@
+from __future__ import annotations
+
+import json
+from collections.abc import AsyncGenerator
+from typing import Any
+
+import httpx
+from ya_oauth.types import OAuthAccount, OAuthTokenSource, TokenSnapshot
+
+_RESERVED_EXTRA_HEADERS = {
+    "authorization",
+    "proxy-authorization",
+    "chatgpt-account-id",
+    "x-openai-fedramp",
+    "originator",
+    "version",
+}
+
+
+class OAuthBearerAuth(httpx.Auth):
+    """httpx auth flow that attaches OAuth bearer headers and refreshes once on 401."""
+
+    requires_response_body = True
+
+    def __init__(
+        self, token_source: OAuthTokenSource, *, provider_name: str, extra_headers: dict[str, str] | None = None
+    ) -> None:
+        self.token_source = token_source
+        self.provider_name = provider_name
+        self.extra_headers = _safe_extra_headers(extra_headers)
+
+    async def async_auth_flow(self, request: httpx.Request) -> AsyncGenerator[httpx.Request, httpx.Response]:
+        snapshot = await self.token_source.get_token()
+        self._prepare_request(request)
+        self._apply_headers(request, snapshot)
+        response = yield request
+        if response.status_code != 401:
+            return
+        refreshed = await self.token_source.refresh_token()
+        retry = _clone_request(request)
+        self._prepare_request(retry)
+        self._apply_headers(retry, refreshed)
+        yield retry
+
+    def _prepare_request(self, request: httpx.Request) -> None:
+        if self.provider_name == "codex":
+            _ensure_codex_responses_instructions(request)
+
+    def _apply_headers(self, request: httpx.Request, snapshot: TokenSnapshot) -> None:
+        request.headers["Authorization"] = f"Bearer {snapshot.access_token}"
+        if self.provider_name == "codex":
+            request.headers.update(build_codex_headers(snapshot.account, extra_headers=self.extra_headers))
+        else:
+            request.headers.update(self.extra_headers)
+
+
+def build_codex_headers(
+    account: OAuthAccount,
+    *,
+    extra_headers: dict[str, str] | None = None,
+    version: str | None = None,
+) -> dict[str, str]:
+    """Build Codex-compatible request headers."""
+    headers: dict[str, str] = {
+        "originator": "ya_agent_sdk",
+        "version": version or _sdk_version(),
+    }
+    if account.chatgpt_account_id:
+        headers["ChatGPT-Account-ID"] = account.chatgpt_account_id
+    if account.chatgpt_account_is_fedramp:
+        headers["X-OpenAI-Fedramp"] = "true"
+    headers.update(_safe_extra_headers(extra_headers))
+    return headers
+
+
+def _safe_extra_headers(extra_headers: dict[str, str] | None) -> dict[str, str]:
+    safe_headers: dict[str, str] = {}
+    for key, value in (extra_headers or {}).items():
+        if key.lower() in _RESERVED_EXTRA_HEADERS:
+            raise ValueError(f"extra_headers may not override reserved OAuth/Codex header: {key}")
+        safe_headers[key] = value
+    return safe_headers
+
+
+def _ensure_codex_responses_instructions(request: httpx.Request) -> None:
+    """Align Codex Responses API request body requirements."""
+    if request.method.upper() != "POST" or request.url.path.rstrip("/") != "/backend-api/codex/responses":
+        return
+
+    try:
+        body = json.loads(request.content or b"{}")
+    except (json.JSONDecodeError, httpx.RequestNotRead):
+        return
+    if not isinstance(body, dict):
+        return
+
+    changed = False
+    instructions = body.get("instructions")
+    if not instructions:
+        body["instructions"] = ""
+        changed = True
+    if body.get("store") is not False:
+        body["store"] = False
+        changed = True
+    if changed:
+        _replace_json_body(request, body)
+
+
+def _replace_json_body(request: httpx.Request, body: dict[str, Any]) -> None:
+    content = json.dumps(body, separators=(",", ":")).encode()
+    request.stream = httpx.ByteStream(content)
+    request._content = content
+    request.headers["Content-Length"] = str(len(content))
+
+
+def _clone_request(request: httpx.Request) -> httpx.Request:
+    return httpx.Request(
+        method=request.method,
+        url=request.url,
+        headers=request.headers.copy(),
+        content=request.content,
+        extensions=request.extensions.copy(),
+    )
+
+
+def _sdk_version() -> str:
+    try:
+        from importlib.metadata import version
+
+        return version("ya-agent-sdk")
+    except Exception:
+        return "0.0.0"