getcompanion-ai/co-mono
1
0
Fork 0
mirror of https://github.com/getcompanion-ai/co-mono.git synced 2026-04-17 07:03:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

WIP: Add CLI for OAuth login, update README

Browse source 
- Add src/cli.ts with login command for OAuth providers
- Add bin entry to package.json for 'npx @mariozechner/pi-ai'
- Update README: remove setApiKey docs, rewrite OAuth section
- OAuth storage is caller's responsibility, not library's
- Use getOAuthProviders() instead of duplicating provider list
This commit is contained in:
Mario Zechner 2025-12-25 01:08:09 +01:00
parent 030788140a
commit 0ae23f19fe
3 changed files with 216 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

121
packages/ai/README.md
View file

@ -1100,59 +1100,51 @@ const response = await complete(model, context, {
}); });
``` ```
### Programmatic API Key Management ### Checking Environment Variables
You can also set and get API keys programmatically:
```typescript ```typescript
import { setApiKey, getApiKey } from '@mariozechner/pi-ai'; import { getApiKeyFromEnv } from '@mariozechner/pi-ai';
// Set API key for a provider // Check if an API key is set in environment variables
setApiKey('openai', 'sk-...'); const key = getApiKeyFromEnv('openai'); // checks OPENAI_API_KEY
setApiKey('anthropic', 'sk-ant-...');
// Get API key for a provider (checks both programmatic and env vars)
const key = getApiKey('openai');
``` ```
## OAuth Providers ## OAuth Providers
Several providers require OAuth authentication instead of static API keys. This library provides login flows, automatic token refresh, and credential storage for: Several providers require OAuth authentication instead of static API keys:
- **Anthropic** (Claude Pro/Max subscription) - **Anthropic** (Claude Pro/Max subscription)
- **GitHub Copilot** (Copilot subscription) - **GitHub Copilot** (Copilot subscription)
- **Google Gemini CLI** (Free Gemini 2.0/2.5 via Google Cloud Code Assist) - **Google Gemini CLI** (Free Gemini 2.0/2.5 via Google Cloud Code Assist)
- **Antigravity** (Free Gemini 3, Claude, GPT-OSS via Google Cloud) - **Antigravity** (Free Gemini 3, Claude, GPT-OSS via Google Cloud)
Credentials are stored in `~/.pi/agent/oauth.json` by default (with `chmod 600` permissions). Use `setOAuthStorage()` to configure a custom storage backend for different locations or environments (the coding-agent does this to respect its configurable config directory). ### CLI Login
### Using with @mariozechner/pi-coding-agent The quickest way to authenticate:
Use `/login` and select a provider to authenticate. Tokens are automatically refreshed when expired. ```bash
npx @mariozechner/pi-ai login # interactive provider selection
npx @mariozechner/pi-ai login anthropic # login to specific provider
npx @mariozechner/pi-ai list # list available providers
```
Credentials are saved to `auth.json` in the current directory.
### Programmatic OAuth ### Programmatic OAuth
For standalone usage, the library exposes low-level OAuth functions: The library provides login and token refresh functions. Credential storage is the caller's responsibility.
```typescript ```typescript
import { import {
// Login functions (each implements provider-specific OAuth flow) // Login functions (return credentials, do not store)
loginAnthropic, loginAnthropic,
loginGitHubCopilot, loginGitHubCopilot,
loginGeminiCli, loginGeminiCli,
loginAntigravity, loginAntigravity,
// Token management // Token management
refreshToken, // Refresh token for any provider refreshOAuthToken, // (provider, credentials) => new credentials
getOAuthApiKey, // Get API key (auto-refreshes if expired) getOAuthApiKey, // (provider, credentialsMap) => { newCredentials, apiKey } | null
// Credential storage
loadOAuthCredentials,
saveOAuthCredentials,
removeOAuthCredentials,
hasOAuthCredentials,
listOAuthProviders,
getOAuthPath,
// Types // Types
type OAuthProvider, // 'anthropic' | 'github-copilot' | 'google-gemini-cli' | 'google-antigravity' type OAuthProvider, // 'anthropic' | 'github-copilot' | 'google-gemini-cli' | 'google-antigravity'
@ -1162,90 +1154,57 @@ import {
### Login Flow Example ### Login Flow Example
Each provider has a different OAuth flow. Here's an example with GitHub Copilot:
```typescript ```typescript
import { loginGitHubCopilot, saveOAuthCredentials } from '@mariozechner/pi-ai'; import { loginGitHubCopilot } from '@mariozechner/pi-ai';
import { writeFileSync } from 'fs';
const credentials = await loginGitHubCopilot({ const credentials = await loginGitHubCopilot({
onAuth: (url, instructions) => { onAuth: (url, instructions) => {
// Display the URL and instructions to the user
console.log(`Open: ${url}`); console.log(`Open: ${url}`);
if (instructions) console.log(instructions); if (instructions) console.log(instructions);
}, },
onPrompt: async (prompt) => { onPrompt: async (prompt) => {
// Prompt user for input (e.g., device code confirmation)
return await getUserInput(prompt.message); return await getUserInput(prompt.message);
}, },
onProgress: (message) => { onProgress: (message) => console.log(message)
// Optional: show progress updates
console.log(message);
}
}); });
// Save credentials for later use // Store credentials yourself
saveOAuthCredentials('github-copilot', credentials); const auth = { 'github-copilot': { type: 'oauth', ...credentials } };
writeFileSync('auth.json', JSON.stringify(auth, null, 2));
``` ```
### Using OAuth Tokens ### Using OAuth Tokens
Call `getOAuthApiKey()` before **every** `complete()` or `stream()` call. This function checks token expiry and refreshes automatically when needed: Use `getOAuthApiKey()` to get an API key, automatically refreshing if expired:
```typescript ```typescript
import { getModel, complete, getOAuthApiKey } from '@mariozechner/pi-ai'; import { getModel, complete, getOAuthApiKey } from '@mariozechner/pi-ai';
const model = getModel('github-copilot', 'gpt-4o');
// Always call getOAuthApiKey() right before the API call
// Do NOT cache the result - tokens expire and need refresh
const apiKey = await getOAuthApiKey('github-copilot');
if (!apiKey) {
throw new Error('Not logged in to GitHub Copilot');
}
const response = await complete(model, {
messages: [{ role: 'user', content: 'Hello!' }]
}, { apiKey });
```
### Custom Storage Backend
Override the default storage location with `setOAuthStorage()`:
```typescript
import { setOAuthStorage, resetOAuthStorage } from '@mariozechner/pi-ai';
import { readFileSync, writeFileSync } from 'fs'; import { readFileSync, writeFileSync } from 'fs';
// Custom file path // Load your stored credentials
setOAuthStorage({ const auth = JSON.parse(readFileSync('auth.json', 'utf-8'));
load: () => {
try {
return JSON.parse(readFileSync('/custom/path/oauth.json', 'utf-8'));
} catch {
return {};
}
},
save: (storage) => {
writeFileSync('/custom/path/oauth.json', JSON.stringify(storage, null, 2));
}
});
// In-memory storage (for testing or browser environments) // Get API key (refreshes if expired)
let memoryStorage = {}; const result = await getOAuthApiKey('github-copilot', auth);
setOAuthStorage({ if (!result) throw new Error('Not logged in');
load: () => memoryStorage,
save: (storage) => { memoryStorage = storage; }
});
// Reset to default (~/.pi/agent/oauth.json) // Save refreshed credentials
resetOAuthStorage(); auth['github-copilot'] = { type: 'oauth', ...result.newCredentials };
writeFileSync('auth.json', JSON.stringify(auth, null, 2));
// Use the API key
const model = getModel('github-copilot', 'gpt-4o');
const response = await complete(model, {
messages: [{ role: 'user', content: 'Hello!' }]
}, { apiKey: result.apiKey });
``` ```
### Provider Notes ### Provider Notes
**GitHub Copilot**: If you get "The requested model is not supported" error, enable the model manually in VS Code: open Copilot Chat, click the model selector, select the model (warning icon), and click "Enable". **GitHub Copilot**: If you get "The requested model is not supported" error, enable the model manually in VS Code: open Copilot Chat, click the model selector, select the model (warning icon), and click "Enable".
**Google Gemini CLI / Antigravity**: These use Google Cloud OAuth. The API key returned by `getOAuthApiKey()` is a JSON string containing both the token and project ID, which the library handles automatically. **Google Gemini CLI / Antigravity**: These use Google Cloud OAuth. The `apiKey` returned by `getOAuthApiKey()` is a JSON string containing both the token and project ID, which the library handles automatically.
## License ## License

3
packages/ai/package.json
View file

@ -5,6 +5,9 @@
"type": "module", "type": "module",
"main": "./dist/index.js", "main": "./dist/index.js",
"types": "./dist/index.d.ts", "types": "./dist/index.d.ts",
"bin": {
"pi-ai": "./dist/cli.js"
},
"files": [ "files": [
"dist", "dist",
"README.md" "README.md"

173
packages/ai/src/cli.ts Normal file
View file

@ -0,0 +1,173 @@
#!/usr/bin/env node
import { existsSync, readFileSync, writeFileSync } from "fs";
import { createInterface } from "readline";
import { loginAnthropic } from "./utils/oauth/anthropic.js";
import { loginGitHubCopilot } from "./utils/oauth/github-copilot.js";
import { loginAntigravity } from "./utils/oauth/google-antigravity.js";
import { loginGeminiCli } from "./utils/oauth/google-gemini-cli.js";
import { getOAuthProviders } from "./utils/oauth/index.js";
import type { OAuthCredentials, OAuthProvider } from "./utils/oauth/types.js";
const AUTH_FILE = "auth.json";
const PROVIDERS = getOAuthProviders();
function prompt(rl: ReturnType<typeof createInterface>, question: string): Promise<string> {
return new Promise((resolve) => rl.question(question, resolve));
}
function loadAuth(): Record<string, { type: "oauth" } & OAuthCredentials> {
if (!existsSync(AUTH_FILE)) return {};
try {
return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
} catch {
return {};
}
}
function saveAuth(auth: Record<string, { type: "oauth" } & OAuthCredentials>): void {
writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2), "utf-8");
}
async function login(provider: OAuthProvider): Promise<void> {
const rl = createInterface({ input: process.stdin, output: process.stdout });
const promptFn = (msg: string) => prompt(rl, `${msg} `);
try {
let credentials: OAuthCredentials;
switch (provider) {
case "anthropic":
credentials = await loginAnthropic(
(url) => {
console.log(`\nOpen this URL in your browser:\n${url}\n`);
},
async () => {
return await promptFn("Paste the authorization code:");
},
);
break;
case "github-copilot":
credentials = await loginGitHubCopilot({
onAuth: (url, instructions) => {
console.log(`\nOpen this URL in your browser:\n${url}`);
if (instructions) console.log(instructions);
console.log();
},
onPrompt: async (p) => {
return await promptFn(`${p.message}${p.placeholder ? ` (${p.placeholder})` : ""}:`);
},
onProgress: (msg) => console.log(msg),
});
break;
case "google-gemini-cli":
credentials = await loginGeminiCli(
(info) => {
console.log(`\nOpen this URL in your browser:\n${info.url}`);
if (info.instructions) console.log(info.instructions);
console.log();
},
(msg) => console.log(msg),
);
break;
case "google-antigravity":
credentials = await loginAntigravity(
(info) => {
console.log(`\nOpen this URL in your browser:\n${info.url}`);
if (info.instructions) console.log(info.instructions);
console.log();
},
(msg) => console.log(msg),
);
break;
}
const auth = loadAuth();
auth[provider] = { type: "oauth", ...credentials };
saveAuth(auth);
console.log(`\nCredentials saved to ${AUTH_FILE}`);
} finally {
rl.close();
}
}
async function main(): Promise<void> {
const args = process.argv.slice(2);
const command = args[0];
if (!command || command === "help" || command === "--help" || command === "-h") {
console.log(`Usage: npx @mariozechner/pi-ai <command> [provider]
Commands:
login [provider] Login to an OAuth provider
list List available providers
Providers:
anthropic Anthropic (Claude Pro/Max)
github-copilot GitHub Copilot
google-gemini-cli Google Gemini CLI
google-antigravity Antigravity (Gemini 3, Claude, GPT-OSS)
Examples:
npx @mariozechner/pi-ai login # interactive provider selection
npx @mariozechner/pi-ai login anthropic # login to specific provider
npx @mariozechner/pi-ai list # list providers
`);
return;
}
if (command === "list") {
console.log("Available OAuth providers:\n");
for (const p of PROVIDERS) {
console.log(` ${p.id.padEnd(20)} ${p.name}`);
}
return;
}
if (command === "login") {
let provider = args[1] as OAuthProvider | undefined;
if (!provider) {
const rl = createInterface({ input: process.stdin, output: process.stdout });
console.log("Select a provider:\n");
for (let i = 0; i < PROVIDERS.length; i++) {
console.log(` ${i + 1}. ${PROVIDERS[i].name}`);
}
console.log();
const choice = await prompt(rl, "Enter number (1-4): ");
rl.close();
const index = parseInt(choice, 10) - 1;
if (index < 0 || index >= PROVIDERS.length) {
console.error("Invalid selection");
process.exit(1);
}
provider = PROVIDERS[index].id;
}
if (!PROVIDERS.some((p) => p.id === provider)) {
console.error(`Unknown provider: ${provider}`);
console.error(`Use 'npx @mariozechner/pi-ai list' to see available providers`);
process.exit(1);
}
console.log(`Logging in to ${provider}...`);
await login(provider);
return;
}
console.error(`Unknown command: ${command}`);
console.error(`Use 'npx @mariozechner/pi-ai --help' for usage`);
process.exit(1);
}
main().catch((err) => {
console.error("Error:", err.message);
process.exit(1);
});