WIP: Add CLI for OAuth login, update README

- Add src/cli.ts with login command for OAuth providers - Add bin entry to package.json for 'npx @mariozechner/pi-ai' - Update README: remove setApiKey docs, rewrite OAuth section - OAuth storage is caller's responsibility, not library's - Use getOAuthProviders() instead of duplicating provider list
2026-04-17 08:00:59 +00:00 · 2025-12-25 01:08:09 +01:00 · 2025-12-25 01:08:09 +01:00 · 0ae23f19fe
commit 0ae23f19fe
parent 030788140a
3 changed files with 216 additions and 81 deletions
--- a/packages/ai/README.md
+++ b/packages/ai/README.md
@ -1100,59 +1100,51 @@ const response = await complete(model, context, {
 });
 ```

-### Programmatic API Key Management
-
-You can also set and get API keys programmatically:
+### Checking Environment Variables

 ```typescript
-import { setApiKey, getApiKey } from '@mariozechner/pi-ai';
+import { getApiKeyFromEnv } from '@mariozechner/pi-ai';

-// Set API key for a provider
-setApiKey('openai', 'sk-...');
-setApiKey('anthropic', 'sk-ant-...');
-
-// Get API key for a provider (checks both programmatic and env vars)
-const key = getApiKey('openai');
+// Check if an API key is set in environment variables
+const key = getApiKeyFromEnv('openai');  // checks OPENAI_API_KEY
 ```

 ## OAuth Providers

-Several providers require OAuth authentication instead of static API keys. This library provides login flows, automatic token refresh, and credential storage for:
+Several providers require OAuth authentication instead of static API keys:

 - **Anthropic** (Claude Pro/Max subscription)
 - **GitHub Copilot** (Copilot subscription)
 - **Google Gemini CLI** (Free Gemini 2.0/2.5 via Google Cloud Code Assist)
 - **Antigravity** (Free Gemini 3, Claude, GPT-OSS via Google Cloud)

-Credentials are stored in `~/.pi/agent/oauth.json` by default (with `chmod 600` permissions). Use `setOAuthStorage()` to configure a custom storage backend for different locations or environments (the coding-agent does this to respect its configurable config directory).
+### CLI Login

-### Using with @mariozechner/pi-coding-agent
+The quickest way to authenticate:

-Use `/login` and select a provider to authenticate. Tokens are automatically refreshed when expired.
+```bash
+npx @mariozechner/pi-ai login              # interactive provider selection
+npx @mariozechner/pi-ai login anthropic    # login to specific provider
+npx @mariozechner/pi-ai list               # list available providers
+```
+
+Credentials are saved to `auth.json` in the current directory.

 ### Programmatic OAuth

-For standalone usage, the library exposes low-level OAuth functions:
+The library provides login and token refresh functions. Credential storage is the caller's responsibility.

 ```typescript
 import {
-  // Login functions (each implements provider-specific OAuth flow)
+  // Login functions (return credentials, do not store)
  loginAnthropic,
  loginGitHubCopilot,
  loginGeminiCli,
  loginAntigravity,
  
  // Token management
-  refreshToken,        // Refresh token for any provider
-  getOAuthApiKey,      // Get API key (auto-refreshes if expired)
-  
-  // Credential storage
-  loadOAuthCredentials,
-  saveOAuthCredentials,
-  removeOAuthCredentials,
-  hasOAuthCredentials,
-  listOAuthProviders,
-  getOAuthPath,
+  refreshOAuthToken,   // (provider, credentials) => new credentials
+  getOAuthApiKey,      // (provider, credentialsMap) => { newCredentials, apiKey } | null
  
  // Types
  type OAuthProvider,  // 'anthropic' | 'github-copilot' | 'google-gemini-cli' | 'google-antigravity'
@ -1162,90 +1154,57 @@ import {

 ### Login Flow Example

-Each provider has a different OAuth flow. Here's an example with GitHub Copilot:
-
 ```typescript
-import { loginGitHubCopilot, saveOAuthCredentials } from '@mariozechner/pi-ai';
+import { loginGitHubCopilot } from '@mariozechner/pi-ai';
+import { writeFileSync } from 'fs';

 const credentials = await loginGitHubCopilot({
  onAuth: (url, instructions) => {
-    // Display the URL and instructions to the user
    console.log(`Open: ${url}`);
    if (instructions) console.log(instructions);
  },
  onPrompt: async (prompt) => {
-    // Prompt user for input (e.g., device code confirmation)
    return await getUserInput(prompt.message);
  },
-  onProgress: (message) => {
-    // Optional: show progress updates
-    console.log(message);
-  }
+  onProgress: (message) => console.log(message)
 });

-// Save credentials for later use
-saveOAuthCredentials('github-copilot', credentials);
+// Store credentials yourself
+const auth = { 'github-copilot': { type: 'oauth', ...credentials } };
+writeFileSync('auth.json', JSON.stringify(auth, null, 2));
 ```

 ### Using OAuth Tokens

-Call `getOAuthApiKey()` before **every** `complete()` or `stream()` call. This function checks token expiry and refreshes automatically when needed:
+Use `getOAuthApiKey()` to get an API key, automatically refreshing if expired:

 ```typescript
 import { getModel, complete, getOAuthApiKey } from '@mariozechner/pi-ai';
-
-const model = getModel('github-copilot', 'gpt-4o');
-
-// Always call getOAuthApiKey() right before the API call
-// Do NOT cache the result - tokens expire and need refresh
-const apiKey = await getOAuthApiKey('github-copilot');
-if (!apiKey) {
-  throw new Error('Not logged in to GitHub Copilot');
-}
-
-const response = await complete(model, {
-  messages: [{ role: 'user', content: 'Hello!' }]
-}, { apiKey });
-```
-
-### Custom Storage Backend
-
-Override the default storage location with `setOAuthStorage()`:
-
-```typescript
-import { setOAuthStorage, resetOAuthStorage } from '@mariozechner/pi-ai';
 import { readFileSync, writeFileSync } from 'fs';

-// Custom file path
-setOAuthStorage({
-  load: () => {
-    try {
-      return JSON.parse(readFileSync('/custom/path/oauth.json', 'utf-8'));
-    } catch {
-      return {};
-    }
-  },
-  save: (storage) => {
-    writeFileSync('/custom/path/oauth.json', JSON.stringify(storage, null, 2));
-  }
-});
+// Load your stored credentials
+const auth = JSON.parse(readFileSync('auth.json', 'utf-8'));

-// In-memory storage (for testing or browser environments)
-let memoryStorage = {};
-setOAuthStorage({
-  load: () => memoryStorage,
-  save: (storage) => { memoryStorage = storage; }
-});
+// Get API key (refreshes if expired)
+const result = await getOAuthApiKey('github-copilot', auth);
+if (!result) throw new Error('Not logged in');

-// Reset to default (~/.pi/agent/oauth.json)
-resetOAuthStorage();
+// Save refreshed credentials
+auth['github-copilot'] = { type: 'oauth', ...result.newCredentials };
+writeFileSync('auth.json', JSON.stringify(auth, null, 2));
+
+// Use the API key
+const model = getModel('github-copilot', 'gpt-4o');
+const response = await complete(model, {
+  messages: [{ role: 'user', content: 'Hello!' }]
+}, { apiKey: result.apiKey });
 ```

 ### Provider Notes

 **GitHub Copilot**: If you get "The requested model is not supported" error, enable the model manually in VS Code: open Copilot Chat, click the model selector, select the model (warning icon), and click "Enable".

-**Google Gemini CLI / Antigravity**: These use Google Cloud OAuth. The API key returned by `getOAuthApiKey()` is a JSON string containing both the token and project ID, which the library handles automatically.
+**Google Gemini CLI / Antigravity**: These use Google Cloud OAuth. The `apiKey` returned by `getOAuthApiKey()` is a JSON string containing both the token and project ID, which the library handles automatically.

 ## License