diff --git a/.env.example b/.env.example index bc68456d6..e899d2adc 100644 --- a/.env.example +++ b/.env.example @@ -5,13 +5,10 @@ # ANTHROPIC_API_KEY=sk-ant-xxx # OPENAI_API_KEY=sk-xxx # GEMINI_API_KEY=xxx -# CEREBRAS_API_KEY=xxx - +# CLAUDE_CODE_OAUTH=xxx # ── Chat Channel ────────────────────────── # TELEGRAM_BOT_TOKEN=123456:ABC... # DISCORD_BOT_TOKEN=xxx -# LINE_CHANNEL_SECRET=xxx -# LINE_CHANNEL_ACCESS_TOKEN=xxx # ── Web Search (optional) ──────────────── # BRAVE_SEARCH_API_KEY=BSA... diff --git a/cmd/picoclaw/internal/auth/helpers.go b/cmd/picoclaw/internal/auth/helpers.go index 4dfbc92e7..a0a229167 100644 --- a/cmd/picoclaw/internal/auth/helpers.go +++ b/cmd/picoclaw/internal/auth/helpers.go @@ -1,6 +1,7 @@ package auth import ( + "bufio" "encoding/json" "fmt" "io" @@ -15,14 +16,17 @@ import ( "github.com/sipeed/picoclaw/pkg/providers" ) -const supportedProvidersMsg = "supported providers: openai, anthropic, google-antigravity" +const ( + supportedProvidersMsg = "supported providers: openai, anthropic, google-antigravity" + defaultAnthropicModel = "claude-sonnet-4.6" +) -func authLoginCmd(provider string, useDeviceCode bool) error { +func authLoginCmd(provider string, useDeviceCode bool, useOauth bool) error { switch provider { case "openai": return authLoginOpenAI(useDeviceCode) case "anthropic": - return authLoginPasteToken(provider) + return authLoginAnthropic(useOauth) case "google-antigravity", "antigravity": return authLoginGoogleAntigravity() default: @@ -163,6 +167,81 @@ func authLoginGoogleAntigravity() error { return nil } +func authLoginAnthropic(useOauth bool) error { + if useOauth { + return authLoginAnthropicSetupToken() + } + + fmt.Println("Anthropic login method:") + fmt.Println(" 1) Setup token (from `claude setup-token`) (Recommended)") + fmt.Println(" 2) API key (from console.anthropic.com)") + + scanner := bufio.NewScanner(os.Stdin) + for { + fmt.Print("Choose [1]: ") + choice := "1" + if scanner.Scan() { + text := strings.TrimSpace(scanner.Text()) + if text != "" { + choice = text + } + } + + switch choice { + case "1": + return authLoginAnthropicSetupToken() + case "2": + return authLoginPasteToken("anthropic") + default: + fmt.Printf("Invalid choice: %s. Please enter 1 or 2.\n", choice) + } + } +} + +func authLoginAnthropicSetupToken() error { + cred, err := auth.LoginSetupToken(os.Stdin) + if err != nil { + return fmt.Errorf("login failed: %w", err) + } + + if err = auth.SetCredential("anthropic", cred); err != nil { + return fmt.Errorf("failed to save credentials: %w", err) + } + + appCfg, err := internal.LoadConfig() + if err == nil { + appCfg.Providers.Anthropic.AuthMethod = "oauth" + + found := false + for i := range appCfg.ModelList { + if isAnthropicModel(appCfg.ModelList[i].Model) { + appCfg.ModelList[i].AuthMethod = "oauth" + found = true + break + } + } + if !found { + appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{ + ModelName: defaultAnthropicModel, + Model: "anthropic/" + defaultAnthropicModel, + AuthMethod: "oauth", + }) + // Only set default model if user has no default configured yet + if appCfg.Agents.Defaults.GetModelName() == "" { + appCfg.Agents.Defaults.ModelName = defaultAnthropicModel + } + } + + if err := config.SaveConfig(internal.GetConfigPath(), appCfg); err != nil { + return fmt.Errorf("could not update config: %w", err) + } + } + + fmt.Println("Setup token saved for Anthropic!") + + return nil +} + func fetchGoogleUserEmail(accessToken string) (string, error) { req, err := http.NewRequest("GET", "https://www.googleapis.com/oauth2/v2/userinfo", nil) if err != nil { @@ -220,13 +299,12 @@ func authLoginPasteToken(provider string) error { } if !found { appCfg.ModelList = append(appCfg.ModelList, config.ModelConfig{ - ModelName: "claude-sonnet-4.6", - Model: "anthropic/claude-sonnet-4.6", + ModelName: defaultAnthropicModel, + Model: "anthropic/" + defaultAnthropicModel, AuthMethod: "token", }) + appCfg.Agents.Defaults.ModelName = defaultAnthropicModel } - // Update default model - appCfg.Agents.Defaults.ModelName = "claude-sonnet-4.6" case "openai": appCfg.Providers.OpenAI.AuthMethod = "token" // Update ModelList @@ -363,6 +441,16 @@ func authStatusCmd() error { if !cred.ExpiresAt.IsZero() { fmt.Printf(" Expires: %s\n", cred.ExpiresAt.Format("2006-01-02 15:04")) } + + if provider == "anthropic" && cred.AuthMethod == "oauth" { + usage, err := auth.FetchAnthropicUsage(cred.AccessToken) + if err != nil { + fmt.Printf(" Usage: unavailable (%v)\n", err) + } else { + fmt.Printf(" Usage (5h): %.1f%%\n", usage.FiveHourUtilization*100) + fmt.Printf(" Usage (7d): %.1f%%\n", usage.SevenDayUtilization*100) + } + } } return nil diff --git a/cmd/picoclaw/internal/auth/login.go b/cmd/picoclaw/internal/auth/login.go index 9a6d28d2f..afbe098aa 100644 --- a/cmd/picoclaw/internal/auth/login.go +++ b/cmd/picoclaw/internal/auth/login.go @@ -6,6 +6,7 @@ func newLoginCommand() *cobra.Command { var ( provider string useDeviceCode bool + useOauth bool ) cmd := &cobra.Command{ @@ -13,12 +14,16 @@ func newLoginCommand() *cobra.Command { Short: "Login via OAuth or paste token", Args: cobra.NoArgs, RunE: func(cmd *cobra.Command, _ []string) error { - return authLoginCmd(provider, useDeviceCode) + return authLoginCmd(provider, useDeviceCode, useOauth) }, } cmd.Flags().StringVarP(&provider, "provider", "p", "", "Provider to login with (openai, anthropic)") cmd.Flags().BoolVar(&useDeviceCode, "device-code", false, "Use device code flow (for headless environments)") + cmd.Flags().BoolVar( + &useOauth, "setup-token", false, + "Use setup-token flow for Anthropic (from `claude setup-token`)", + ) _ = cmd.MarkFlagRequired("provider") return cmd diff --git a/pkg/auth/anthropic_usage.go b/pkg/auth/anthropic_usage.go new file mode 100644 index 000000000..716b2908e --- /dev/null +++ b/pkg/auth/anthropic_usage.go @@ -0,0 +1,71 @@ +package auth + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "time" +) + +const ( + anthropicBetaHeader = "oauth-2025-04-20" + anthropicAPIVersion = "2023-06-01" +) + +// anthropicUsageURL is the endpoint for fetching OAuth usage stats. +// It is a var (not const) to allow overriding in tests. +var anthropicUsageURL = "https://api.anthropic.com/api/oauth/usage" + +func setAnthropicUsageURL(url string) { anthropicUsageURL = url } + +type AnthropicUsage struct { + FiveHourUtilization float64 + SevenDayUtilization float64 +} + +func FetchAnthropicUsage(token string) (*AnthropicUsage, error) { + req, err := http.NewRequest("GET", anthropicUsageURL, nil) + if err != nil { + return nil, err + } + req.Header.Set("Authorization", "Bearer "+token) + req.Header.Set("Anthropic-Version", anthropicAPIVersion) + req.Header.Set("Anthropic-Beta", anthropicBetaHeader) + + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("reading usage response: %w", err) + } + + if resp.StatusCode != http.StatusOK { + if resp.StatusCode == http.StatusForbidden { + return nil, fmt.Errorf("insufficient scope: usage endpoint requires oauth scope") + } + return nil, fmt.Errorf("usage request failed (%d): %s", resp.StatusCode, string(body)) + } + + var result struct { + FiveHour struct { + Utilization float64 `json:"utilization"` + } `json:"five_hour"` + SevenDay struct { + Utilization float64 `json:"utilization"` + } `json:"seven_day"` + } + if err := json.Unmarshal(body, &result); err != nil { + return nil, fmt.Errorf("parsing usage response: %w", err) + } + + return &AnthropicUsage{ + FiveHourUtilization: result.FiveHour.Utilization, + SevenDayUtilization: result.SevenDay.Utilization, + }, nil +} diff --git a/pkg/auth/anthropic_usage_test.go b/pkg/auth/anthropic_usage_test.go new file mode 100644 index 000000000..ef4a35364 --- /dev/null +++ b/pkg/auth/anthropic_usage_test.go @@ -0,0 +1,98 @@ +package auth + +import ( + "net/http" + "net/http/httptest" + "strings" + "testing" +) + +func TestFetchAnthropicUsage_Success(t *testing.T) { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if got := r.Header.Get("Authorization"); got != "Bearer test-token" { + t.Errorf("Authorization = %q, want %q", got, "Bearer test-token") + } + if got := r.Header.Get("Anthropic-Beta"); got != anthropicBetaHeader { + t.Errorf("Anthropic-Beta = %q, want %q", got, anthropicBetaHeader) + } + w.WriteHeader(http.StatusOK) + w.Write([]byte(`{"five_hour":{"utilization":0.42},"seven_day":{"utilization":0.85}}`)) + })) + defer srv.Close() + + // Temporarily override the URL by using the test server + origURL := anthropicUsageURL + defer func() { setAnthropicUsageURL(origURL) }() + setAnthropicUsageURL(srv.URL) + + usage, err := FetchAnthropicUsage("test-token") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if usage.FiveHourUtilization != 0.42 { + t.Errorf("FiveHourUtilization = %v, want 0.42", usage.FiveHourUtilization) + } + if usage.SevenDayUtilization != 0.85 { + t.Errorf("SevenDayUtilization = %v, want 0.85", usage.SevenDayUtilization) + } +} + +func TestFetchAnthropicUsage_Forbidden(t *testing.T) { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusForbidden) + w.Write([]byte(`{"error":"forbidden"}`)) + })) + defer srv.Close() + + origURL := anthropicUsageURL + defer func() { setAnthropicUsageURL(origURL) }() + setAnthropicUsageURL(srv.URL) + + _, err := FetchAnthropicUsage("test-token") + if err == nil { + t.Fatal("expected error for 403, got nil") + } + if !strings.Contains(err.Error(), "insufficient scope") { + t.Errorf("expected 'insufficient scope' error, got %q", err.Error()) + } +} + +func TestFetchAnthropicUsage_ServerError(t *testing.T) { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusInternalServerError) + w.Write([]byte(`internal error`)) + })) + defer srv.Close() + + origURL := anthropicUsageURL + defer func() { setAnthropicUsageURL(origURL) }() + setAnthropicUsageURL(srv.URL) + + _, err := FetchAnthropicUsage("test-token") + if err == nil { + t.Fatal("expected error for 500, got nil") + } + if !strings.Contains(err.Error(), "500") { + t.Errorf("expected error containing '500', got %q", err.Error()) + } +} + +func TestFetchAnthropicUsage_MalformedJSON(t *testing.T) { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + w.Write([]byte(`not json`)) + })) + defer srv.Close() + + origURL := anthropicUsageURL + defer func() { setAnthropicUsageURL(origURL) }() + setAnthropicUsageURL(srv.URL) + + _, err := FetchAnthropicUsage("test-token") + if err == nil { + t.Fatal("expected error for malformed JSON, got nil") + } + if !strings.Contains(err.Error(), "parsing usage response") { + t.Errorf("expected 'parsing usage response' error, got %q", err.Error()) + } +} diff --git a/pkg/auth/token.go b/pkg/auth/token.go index a5a13ff03..0e69e60ac 100644 --- a/pkg/auth/token.go +++ b/pkg/auth/token.go @@ -31,6 +31,35 @@ func LoginPasteToken(provider string, r io.Reader) (*AuthCredential, error) { }, nil } +func LoginSetupToken(r io.Reader) (*AuthCredential, error) { + fmt.Println("Paste your setup token from `claude setup-token`:") + fmt.Print("> ") + + scanner := bufio.NewScanner(r) + if !scanner.Scan() { + if err := scanner.Err(); err != nil { + return nil, fmt.Errorf("reading token: %w", err) + } + return nil, fmt.Errorf("no input received") + } + + token := strings.TrimSpace(scanner.Text()) + + if !strings.HasPrefix(token, "sk-ant-oat01-") { + return nil, fmt.Errorf("invalid setup token: expected prefix sk-ant-oat01-") + } + + if len(token) < 80 { + return nil, fmt.Errorf("invalid setup token: too short (expected at least 80 characters)") + } + + return &AuthCredential{ + AccessToken: token, + Provider: "anthropic", + AuthMethod: "oauth", + }, nil +} + func providerDisplayName(provider string) string { switch provider { case "anthropic": diff --git a/pkg/auth/token_test.go b/pkg/auth/token_test.go new file mode 100644 index 000000000..673cd9d5d --- /dev/null +++ b/pkg/auth/token_test.go @@ -0,0 +1,61 @@ +package auth + +import ( + "strings" + "testing" +) + +func TestLoginSetupToken(t *testing.T) { + // A valid token: correct prefix + at least 80 chars + validToken := "sk-ant-oat01-" + strings.Repeat("a", 80) + + tests := []struct { + name string + input string + wantErr string + }{ + {"valid token", validToken, ""}, + {"empty input", "", "expected prefix sk-ant-oat01-"}, + {"wrong prefix", "sk-ant-api-" + strings.Repeat("a", 80), "expected prefix sk-ant-oat01-"}, + {"too short", "sk-ant-oat01-short", "too short"}, + {"whitespace only", " ", "expected prefix sk-ant-oat01-"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := strings.NewReader(tt.input + "\n") + cred, err := LoginSetupToken(r) + + if tt.wantErr != "" { + if err == nil { + t.Fatalf("expected error containing %q, got nil", tt.wantErr) + } + if !strings.Contains(err.Error(), tt.wantErr) { + t.Fatalf("expected error containing %q, got %q", tt.wantErr, err.Error()) + } + return + } + + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if cred.AccessToken != validToken { + t.Errorf("AccessToken = %q, want %q", cred.AccessToken, validToken) + } + if cred.Provider != "anthropic" { + t.Errorf("Provider = %q, want %q", cred.Provider, "anthropic") + } + if cred.AuthMethod != "oauth" { + t.Errorf("AuthMethod = %q, want %q", cred.AuthMethod, "oauth") + } + }) + } +} + +func TestLoginSetupToken_EmptyReader(t *testing.T) { + r := strings.NewReader("") + _, err := LoginSetupToken(r) + if err == nil { + t.Fatal("expected error for empty reader, got nil") + } +} diff --git a/pkg/providers/anthropic/provider.go b/pkg/providers/anthropic/provider.go index 1b250b9b4..242ded175 100644 --- a/pkg/providers/anthropic/provider.go +++ b/pkg/providers/anthropic/provider.go @@ -23,7 +23,10 @@ type ( ToolFunctionDefinition = protocoltypes.ToolFunctionDefinition ) -const defaultBaseURL = "https://api.anthropic.com" +const ( + defaultBaseURL = "https://api.anthropic.com" + anthropicBetaHeader = "oauth-2025-04-20" +) type Provider struct { client *anthropic.Client @@ -80,7 +83,10 @@ func (p *Provider) Chat( if err != nil { return nil, fmt.Errorf("refreshing token: %w", err) } - opts = append(opts, option.WithAuthToken(tok)) + opts = append(opts, + option.WithAuthToken(tok), + option.WithHeader("anthropic-beta", anthropicBetaHeader), + ) } params, err := buildParams(messages, tools, model, options) @@ -88,6 +94,11 @@ func (p *Provider) Chat( return nil, err } + // OAuth/setup-tokens require streaming; API keys use non-streaming. + if p.tokenSource != nil { + return p.chatStreaming(ctx, params, opts) + } + resp, err := p.client.Messages.New(ctx, params, opts...) if err != nil { return nil, fmt.Errorf("claude API call: %w", err) @@ -96,6 +107,28 @@ func (p *Provider) Chat( return parseResponse(resp), nil } +func (p *Provider) chatStreaming( + ctx context.Context, + params anthropic.MessageNewParams, + opts []option.RequestOption, +) (*LLMResponse, error) { + stream := p.client.Messages.NewStreaming(ctx, params, opts...) + defer stream.Close() + + var msg anthropic.Message + for stream.Next() { + event := stream.Current() + if err := msg.Accumulate(event); err != nil { + return nil, fmt.Errorf("claude streaming accumulate: %w", err) + } + } + if err := stream.Err(); err != nil { + return nil, fmt.Errorf("claude API call: %w", err) + } + + return parseResponse(&msg), nil +} + func (p *Provider) GetDefaultModel() string { return "claude-sonnet-4.6" } @@ -147,7 +180,16 @@ func buildParams( blocks = append(blocks, anthropic.NewTextBlock(msg.Content)) } for _, tc := range msg.ToolCalls { - blocks = append(blocks, anthropic.NewToolUseBlock(tc.ID, tc.Arguments, tc.Name)) + args := tc.Arguments + if args == nil && tc.Function != nil && tc.Function.Arguments != "" { + if err := json.Unmarshal([]byte(tc.Function.Arguments), &args); err != nil { + args = map[string]any{} + } + } + if args == nil { + args = map[string]any{} + } + blocks = append(blocks, anthropic.NewToolUseBlock(tc.ID, args, tc.Name)) } anthropicMessages = append(anthropicMessages, anthropic.NewAssistantMessage(blocks...)) } else { @@ -167,8 +209,12 @@ func buildParams( maxTokens = int64(mt) } + // Normalize model ID: Anthropic API uses hyphens (claude-sonnet-4-6), + // but config may use dots (claude-sonnet-4.6). + apiModel := strings.ReplaceAll(model, ".", "-") + params := anthropic.MessageNewParams{ - Model: anthropic.Model(model), + Model: anthropic.Model(apiModel), Messages: anthropicMessages, MaxTokens: maxTokens, } diff --git a/pkg/providers/anthropic/provider_test.go b/pkg/providers/anthropic/provider_test.go index 3d21c1d0b..b1aed17b5 100644 --- a/pkg/providers/anthropic/provider_test.go +++ b/pkg/providers/anthropic/provider_test.go @@ -21,8 +21,8 @@ func TestBuildParams_BasicMessage(t *testing.T) { if err != nil { t.Fatalf("buildParams() error: %v", err) } - if string(params.Model) != "claude-sonnet-4.6" { - t.Errorf("Model = %q, want %q", params.Model, "claude-sonnet-4.6") + if string(params.Model) != "claude-sonnet-4-6" { + t.Errorf("Model = %q, want %q", params.Model, "claude-sonnet-4-6") } if params.MaxTokens != 1024 { t.Errorf("MaxTokens = %d, want 1024", params.MaxTokens) @@ -262,6 +262,65 @@ func TestProvider_ChatUsesTokenSource(t *testing.T) { } } +func TestProvider_ChatStreamingRoundTrip(t *testing.T) { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != "/v1/messages" { + http.Error(w, "not found", http.StatusNotFound) + return + } + if got := r.Header.Get("Authorization"); got != "Bearer refreshed-token" { + t.Errorf("Authorization = %q, want %q", got, "Bearer refreshed-token") + } + if got := r.Header.Get("Anthropic-Beta"); got != anthropicBetaHeader { + t.Errorf("Anthropic-Beta = %q, want %q", got, anthropicBetaHeader) + } + + w.Header().Set("Content-Type", "text/event-stream") + flusher, _ := w.(http.Flusher) + + events := []string{ + "event: message_start\ndata: {\"type\":\"message_start\",\"message\":{\"id\":\"msg_stream\",\"type\":\"message\",\"role\":\"assistant\",\"content\":[],\"model\":\"claude-sonnet-4-6\",\"stop_reason\":null,\"usage\":{\"input_tokens\":12,\"output_tokens\":0}}}\n\n", + "event: content_block_start\ndata: {\"type\":\"content_block_start\",\"index\":0,\"content_block\":{\"type\":\"text\",\"text\":\"\"}}\n\n", + "event: content_block_delta\ndata: {\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"Hello\"}}\n\n", + "event: content_block_delta\ndata: {\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" world\"}}\n\n", + "event: content_block_stop\ndata: {\"type\":\"content_block_stop\",\"index\":0}\n\n", + "event: message_delta\ndata: {\"type\":\"message_delta\",\"delta\":{\"stop_reason\":\"end_turn\"},\"usage\":{\"output_tokens\":5}}\n\n", + "event: message_stop\ndata: {\"type\":\"message_stop\"}\n\n", + } + for _, e := range events { + w.Write([]byte(e)) + if flusher != nil { + flusher.Flush() + } + } + })) + defer server.Close() + + p := NewProviderWithTokenSourceAndBaseURL("stale-token", func() (string, error) { + return "refreshed-token", nil + }, server.URL) + + resp, err := p.Chat( + t.Context(), + []Message{{Role: "user", Content: "Hello"}}, + nil, + "claude-sonnet-4.6", + map[string]any{}, + ) + if err != nil { + t.Fatalf("Chat() error: %v", err) + } + if resp.Content != "Hello world" { + t.Errorf("Content = %q, want %q", resp.Content, "Hello world") + } + if resp.FinishReason != "stop" { + t.Errorf("FinishReason = %q, want %q", resp.FinishReason, "stop") + } + if resp.Usage.CompletionTokens != 5 { + t.Errorf("CompletionTokens = %d, want 5", resp.Usage.CompletionTokens) + } +} + func createAnthropicTestClient(baseURL, token string) *anthropic.Client { c := anthropic.NewClient( anthropicoption.WithAuthToken(token),