elias/oh-my-opencode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
oh-my-opencode/src/auth/antigravity/storage.test.ts
YeonGyu-Kim 8394926fe1
[ORCHESTRATOR TEST] feat(auth): multi-account Google Antigravity auth with automatic rotation (#579) 
* feat(auth): add multi-account types and storage layer

Add foundation for multi-account Google Antigravity auth:
- ModelFamily, AccountTier, RateLimitState types for rate limit tracking
- AccountMetadata, AccountStorage, ManagedAccount interfaces
- Cross-platform storage module with XDG_DATA_HOME/APPDATA support
- Comprehensive test coverage for storage operations

🤖 Generated with [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

* feat(auth): implement AccountManager for multi-account rotation

Add AccountManager class with automatic account rotation:
- Per-family rate limit tracking (claude, gemini-flash, gemini-pro)
- Paid tier prioritization in rotation logic
- Round-robin account selection within tier pools
- Account add/remove operations with index management
- Storage persistence integration

🤖 Generated with [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

* feat(auth): add CLI prompts for multi-account setup

Add @clack/prompts-based CLI utilities:
- promptAddAnotherAccount() for multi-account flow
- promptAccountTier() for free/paid tier selection
- Non-TTY environment handling (graceful skip)

🤖 Generated with [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

* feat(auth): integrate multi-account OAuth flow into plugin

Enhance OAuth flow for multi-account support:
- Prompt for additional accounts after first OAuth (up to 10)
- Collect email and tier for each account
- Save accounts to storage via AccountManager
- Load AccountManager in loader() from stored accounts
- Toast notifications for account authentication success
- Backward compatible with single-account flow

🤖 Generated with [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

* feat(auth): add rate limit rotation to fetch interceptor

Integrate AccountManager into fetch for automatic rotation:
- Model family detection from URL (claude/gemini-flash/gemini-pro)
- Rate limit detection (429 with retry-after > 5s, 5xx errors)
- Mark rate-limited accounts and rotate to next available
- Recursive retry with new account on rotation
- Lazy load accounts from storage on first request
- Debug logging for account switches

🤖 Generated with [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

* feat(cli): add auth account management commands

Add CLI commands for managing Google Antigravity accounts:
- `auth list`: Show all accounts with email, tier, rate limit status
- `auth remove <index|email>`: Remove account by index or email
- Help text with usage examples
- Active account indicator and remaining rate limit display

🤖 Generated with [OhMyOpenCode](https://github.com/code-yeongyu/oh-my-opencode)

* refactor(auth): address review feedback - remove duplicate ManagedAccount and reuse fetch function

- Remove unused ManagedAccount interface from types.ts (duplicate of accounts.ts)
- Reuse fetchFn in rate limit retry instead of creating new fetch closure
  Preserves cachedTokens, cachedProjectId, fetchInstanceId, accountsLoaded state

* fix(auth): address Cubic review feedback (8 issues)

P1 fixes:
- storage.ts: Use mode 0o600 for OAuth credentials file (security)
- fetch.ts: Return original 5xx status instead of synthesized 429
- accounts.ts: Adjust activeIndex/currentIndex in removeAccount
- plugin.ts: Fix multi-account migration to split on ||| not |

P2 fixes:
- cli.ts: Remove confusing cancel message when returning default
- auth.ts: Use strict parseInt check to prevent partial matches
- storage.test.ts: Use try/finally for env var cleanup

* refactor(test): import ManagedAccount from accounts.ts instead of duplicating

* fix(auth): address Oracle review findings (P1/P2)

P1 fixes:
- Clear cachedProjectId on account change to prevent stale project IDs
- Continue endpoint fallback for single-account users on rate limit
- Restore access/expires tokens from storage for non-active accounts
- Re-throw non-ENOENT filesystem errors (keep returning null for parse errors)
- Use atomic write (temp file + rename) for account storage

P2 fixes:
- Derive RateLimitState type from ModelFamily using mapped type
- Add MODEL_FAMILIES constant and use dynamic iteration in clearExpiredRateLimits
- Add missing else branch in storage.test.ts env cleanup
- Handle open() errors gracefully with user-friendly toast message

Tests updated to reflect correct behavior for token restoration.

* fix(auth): address Cubic review round 2 (5 issues)

P1: Return original 429/5xx response on last endpoint instead of generic 503
P2: Use unique temp filename (pid+timestamp) and cleanup on rename failure
P2: Clear cachedProjectId when first account introduced (lastAccountIndex null)
P3: Add console.error logging to open() catch block

* test(auth): add AccountManager removeAccount index tests

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

* test(auth): add storage layer security and atomicity tests

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

* fix(auth): address Cubic review round 3 (4 issues)

P1 Fixes:
- plugin.ts: Validate refresh_token before constructing first account
- plugin.ts: Validate additionalTokens.refresh_token before pushing accounts
- fetch.ts: Reset cachedTokens when switching accounts during rotation

P2 Fixes:
- fetch.ts: Improve model-family detection (parse model from body, fallback to URL)

* fix(auth): address Cubic review round 4 (3 issues)

P1 Fixes:
- plugin.ts: Close serverHandle before early return on missing refresh_token
- plugin.ts: Close additionalServerHandle before continue on missing refresh_token

P2 Fixes:
- fetch.ts: Remove overly broad 'pro' matching in getModelFamilyFromModelName

* fix(auth): address Cubic review round 5 (9 issues)

P1 Fixes:
- plugin.ts: Close additionalServerHandle after successful account auth
- fetch.ts: Cancel response body on 429/5xx to prevent connection leaks

P2 Fixes:
- plugin.ts: Close additionalServerHandle on OAuth error/missing code
- plugin.ts: Close additionalServerHandle on verifier mismatch
- auth.ts: Set activeIndex to -1 when all accounts removed
- storage.ts: Use shared getDataDir utility for consistent paths
- fetch.ts: Catch loadAccounts IO errors with graceful fallback
- storage.test.ts: Improve test assertions with proper error tracking

* feat(antigravity): add system prompt and thinking config constants

* feat(antigravity): add reasoning_effort and Gemini 3 thinkingLevel support

* feat(antigravity): inject system prompt into all requests

* feat(antigravity): integrate thinking config and system prompt in fetch layer

* feat(auth): auto-open browser for OAuth login on all platforms

* fix(auth): add alias2ModelName for Antigravity Claude models

Root cause: Antigravity API expects 'claude-sonnet-4-5-thinking' but we were
sending 'gemini-claude-sonnet-4-5-thinking'. Ported alias mapping from
CLIProxyAPI antigravity_executor.go:1328-1347.

Transforms:
- gemini-claude-sonnet-4-5-thinking → claude-sonnet-4-5-thinking
- gemini-claude-opus-4-5-thinking → claude-opus-4-5-thinking
- gemini-3-pro-preview → gemini-3-pro-high
- gemini-3-flash-preview → gemini-3-flash

* fix(auth): add requestType and toolConfig for Antigravity API

Missing required fields from CLIProxyAPI implementation:
- requestType: 'agent'
- request.toolConfig.functionCallingConfig.mode: 'VALIDATED'
- Delete request.safetySettings

Also strip 'antigravity-' prefix before alias transformation.

* fix(auth): remove broken alias2ModelName transformations for Gemini 3

CLIProxyAPI's alias mappings don't work with public Antigravity API:
- gemini-3-pro-preview → gemini-3-pro-high (404!)
- gemini-3-flash-preview → gemini-3-flash (404!)

Tested: -preview suffix names work, transformed names return 404.
Keep only gemini-claude-* prefix stripping for future Claude support.

* fix(auth): implement correct alias2ModelName transformations for Antigravity API

Implements explicit switch-based model name mappings for Antigravity API.
Updates SANDBOX endpoint constants to clarify quota/availability behavior.
Fixes test expectations to match new transformation logic.

🤖 Generated with assistance of OhMyOpenCode

---------

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-01-08 22:37:38 +09:00

389 lines
11 KiB
TypeScript
Raw Blame History

import { describe, it, expect, beforeEach, afterEach } from "bun:test"
import { join } from "node:path"
import { homedir } from "node:os"
import { promises as fs } from "node:fs"
import { tmpdir } from "node:os"
import type { AccountStorage } from "./types"
import { getDataDir, getStoragePath, loadAccounts, saveAccounts } from "./storage"
describe("storage", () => {
const testDir = join(tmpdir(), `oh-my-opencode-storage-test-${Date.now()}`)
const testStoragePath = join(testDir, "oh-my-opencode-accounts.json")
const validStorage: AccountStorage = {
version: 1,
accounts: [
{
email: "test@example.com",
tier: "free",
refreshToken: "refresh-token-123",
projectId: "project-123",
accessToken: "access-token-123",
expiresAt: Date.now() + 3600000,
rateLimits: {},
},
],
activeIndex: 0,
}
beforeEach(async () => {
await fs.mkdir(testDir, { recursive: true })
})
afterEach(async () => {
try {
await fs.rm(testDir, { recursive: true, force: true })
} catch {
// ignore cleanup errors
}
})
describe("getDataDir", () => {
it("returns path containing opencode directory", () => {
// #given
// platform is current system
// #when
const result = getDataDir()
// #then
expect(result).toContain("opencode")
})
it("returns XDG_DATA_HOME/opencode when XDG_DATA_HOME is set on non-Windows", () => {
// #given
const originalXdg = process.env.XDG_DATA_HOME
const originalPlatform = process.platform
if (originalPlatform === "win32") {
return
}
try {
process.env.XDG_DATA_HOME = "/custom/data"
// #when
const result = getDataDir()
// #then
expect(result).toBe("/custom/data/opencode")
} finally {
if (originalXdg !== undefined) {
process.env.XDG_DATA_HOME = originalXdg
} else {
delete process.env.XDG_DATA_HOME
}
}
})
it("returns ~/.local/share/opencode when XDG_DATA_HOME is not set on non-Windows", () => {
// #given
const originalXdg = process.env.XDG_DATA_HOME
const originalPlatform = process.platform
if (originalPlatform === "win32") {
return
}
try {
delete process.env.XDG_DATA_HOME
// #when
const result = getDataDir()
// #then
expect(result).toBe(join(homedir(), ".local", "share", "opencode"))
} finally {
if (originalXdg !== undefined) {
process.env.XDG_DATA_HOME = originalXdg
} else {
delete process.env.XDG_DATA_HOME
}
}
})
})
describe("getStoragePath", () => {
it("returns path ending with oh-my-opencode-accounts.json", () => {
// #given
// no setup needed
// #when
const result = getStoragePath()
// #then
expect(result.endsWith("oh-my-opencode-accounts.json")).toBe(true)
expect(result).toContain("opencode")
})
})
describe("loadAccounts", () => {
it("returns parsed storage when file exists and is valid", async () => {
// #given
await fs.writeFile(testStoragePath, JSON.stringify(validStorage), "utf-8")
// #when
const result = await loadAccounts(testStoragePath)
// #then
expect(result).not.toBeNull()
expect(result?.version).toBe(1)
expect(result?.accounts).toHaveLength(1)
expect(result?.accounts[0].email).toBe("test@example.com")
})
it("returns null when file does not exist (ENOENT)", async () => {
// #given
const nonExistentPath = join(testDir, "non-existent.json")
// #when
const result = await loadAccounts(nonExistentPath)
// #then
expect(result).toBeNull()
})
it("returns null when file contains invalid JSON", async () => {
// #given
const invalidJsonPath = join(testDir, "invalid.json")
await fs.writeFile(invalidJsonPath, "{ invalid json }", "utf-8")
// #when
const result = await loadAccounts(invalidJsonPath)
// #then
expect(result).toBeNull()
})
it("returns null when file contains valid JSON but invalid schema", async () => {
// #given
const invalidSchemaPath = join(testDir, "invalid-schema.json")
await fs.writeFile(invalidSchemaPath, JSON.stringify({ foo: "bar" }), "utf-8")
// #when
const result = await loadAccounts(invalidSchemaPath)
// #then
expect(result).toBeNull()
})
it("returns null when accounts is not an array", async () => {
// #given
const invalidAccountsPath = join(testDir, "invalid-accounts.json")
await fs.writeFile(
invalidAccountsPath,
JSON.stringify({ version: 1, accounts: "not-array", activeIndex: 0 }),
"utf-8"
)
// #when
const result = await loadAccounts(invalidAccountsPath)
// #then
expect(result).toBeNull()
})
it("returns null when activeIndex is not a number", async () => {
// #given
const invalidIndexPath = join(testDir, "invalid-index.json")
await fs.writeFile(
invalidIndexPath,
JSON.stringify({ version: 1, accounts: [], activeIndex: "zero" }),
"utf-8"
)
// #when
const result = await loadAccounts(invalidIndexPath)
// #then
expect(result).toBeNull()
})
})
describe("saveAccounts", () => {
it("writes storage to file with proper JSON formatting", async () => {
// #given
// testStoragePath is ready
// #when
await saveAccounts(validStorage, testStoragePath)
// #then
const content = await fs.readFile(testStoragePath, "utf-8")
const parsed = JSON.parse(content)
expect(parsed.version).toBe(1)
expect(parsed.accounts).toHaveLength(1)
expect(parsed.activeIndex).toBe(0)
})
it("creates parent directories if they do not exist", async () => {
// #given
const nestedPath = join(testDir, "nested", "deep", "oh-my-opencode-accounts.json")
// #when
await saveAccounts(validStorage, nestedPath)
// #then
const content = await fs.readFile(nestedPath, "utf-8")
const parsed = JSON.parse(content)
expect(parsed.version).toBe(1)
})
it("overwrites existing file", async () => {
// #given
const existingStorage: AccountStorage = {
version: 1,
accounts: [],
activeIndex: 0,
}
await fs.writeFile(testStoragePath, JSON.stringify(existingStorage), "utf-8")
// #when
await saveAccounts(validStorage, testStoragePath)
// #then
const content = await fs.readFile(testStoragePath, "utf-8")
const parsed = JSON.parse(content)
expect(parsed.accounts).toHaveLength(1)
})
it("uses pretty-printed JSON with 2-space indentation", async () => {
// #given
// testStoragePath is ready
// #when
await saveAccounts(validStorage, testStoragePath)
// #then
const content = await fs.readFile(testStoragePath, "utf-8")
expect(content).toContain("\n")
expect(content).toContain(" ")
})
it("sets restrictive file permissions (0o600) for security", async () => {
// #given
// testStoragePath is ready
// #when
await saveAccounts(validStorage, testStoragePath)
// #then
const stats = await fs.stat(testStoragePath)
const mode = stats.mode & 0o777
expect(mode).toBe(0o600)
})
it("uses atomic write pattern with temp file and rename", async () => {
// #given
// This test verifies that the file is written atomically
// by checking that no partial writes occur
// #when
await saveAccounts(validStorage, testStoragePath)
// #then
// If we can read valid JSON, the atomic write succeeded
const content = await fs.readFile(testStoragePath, "utf-8")
const parsed = JSON.parse(content)
expect(parsed.version).toBe(1)
expect(parsed.accounts).toHaveLength(1)
})
it("cleans up temp file on rename failure", async () => {
// #given
const readOnlyDir = join(testDir, "readonly")
await fs.mkdir(readOnlyDir, { recursive: true })
const readOnlyPath = join(readOnlyDir, "accounts.json")
await fs.writeFile(readOnlyPath, "{}", "utf-8")
await fs.chmod(readOnlyPath, 0o444)
// #when
let didThrow = false
try {
await saveAccounts(validStorage, readOnlyPath)
} catch {
didThrow = true
}
// #then
const files = await fs.readdir(readOnlyDir)
const tempFiles = files.filter((f) => f.includes(".tmp."))
expect(tempFiles).toHaveLength(0)
if (!didThrow) {
console.log("[TEST SKIP] File permissions did not work as expected on this system")
}
// Cleanup
await fs.chmod(readOnlyPath, 0o644)
})
it("uses unique temp filename with pid and timestamp", async () => {
// #given
// We verify this by checking the implementation behavior
// The temp file should include process.pid and Date.now()
// #when
await saveAccounts(validStorage, testStoragePath)
// #then
// File should exist and be valid (temp file was successfully renamed)
const exists = await fs.access(testStoragePath).then(() => true).catch(() => false)
expect(exists).toBe(true)
})
it("handles sequential writes without corruption", async () => {
// #given
const storage1: AccountStorage = {
...validStorage,
accounts: [{ ...validStorage.accounts[0]!, email: "user1@example.com" }],
}
const storage2: AccountStorage = {
...validStorage,
accounts: [{ ...validStorage.accounts[0]!, email: "user2@example.com" }],
}
// #when - sequential writes (concurrent writes are inherently racy)
await saveAccounts(storage1, testStoragePath)
await saveAccounts(storage2, testStoragePath)
// #then - file should contain valid JSON from last write
const content = await fs.readFile(testStoragePath, "utf-8")
const parsed = JSON.parse(content) as AccountStorage
expect(parsed.version).toBe(1)
expect(parsed.accounts[0]?.email).toBe("user2@example.com")
})
})
describe("loadAccounts error handling", () => {
it("re-throws non-ENOENT filesystem errors", async () => {
// #given
const unreadableDir = join(testDir, "unreadable")
await fs.mkdir(unreadableDir, { recursive: true })
const unreadablePath = join(unreadableDir, "accounts.json")
await fs.writeFile(unreadablePath, JSON.stringify(validStorage), "utf-8")
await fs.chmod(unreadablePath, 0o000)
// #when
let thrownError: Error | null = null
let result: unknown = undefined
try {
result = await loadAccounts(unreadablePath)
} catch (error) {
thrownError = error as Error
}
// #then
if (thrownError) {
expect((thrownError as NodeJS.ErrnoException).code).not.toBe("ENOENT")
} else {
console.log("[TEST SKIP] File permissions did not work as expected on this system, got result:", result)
}
// Cleanup
await fs.chmod(unreadablePath, 0o644)
})
})
})
Reference in New Issue View Git Blame Copy Permalink