Documentation
¶
Index ¶
- Constants
- Variables
- func BuildAuthorizeURL(challenge, state string) string
- func ClaudeHeaders(accessToken string) http.Header
- func GeneratePKCE() (verifier, challenge string, err error)
- func GenerateState() (string, error)
- func SplitCallbackCode(pasted string) (code, state string)
- type ConfigGetter
- type ConfigSaver
- type Lease
- type Manager
- type PersistFn
- type Pool
- func (p *Pool) Acquire(ctx context.Context) (*Lease, error)
- func (p *Pool) AddCredential(cred models.CodexCredential) error
- func (p *Pool) Credentials() []models.CodexCredential
- func (p *Pool) RemoveCredential(id string) error
- func (p *Pool) SetPriority(id string, priority int) error
- func (p *Pool) UpdateCredentials(creds []models.CodexCredential)
- type TokenPair
Constants ¶
const ( StatusOK = "ok" StatusAuthFailed = "auth_failed" StatusRateLimited = "rate_limited" )
const ClaudeCodeSystemPrefix = "You are Claude Code, Anthropic's official CLI for Claude."
ClaudeCodeSystemPrefix must be the first system block on every OAuth request. Anthropic rejects/500s OAuth traffic that lacks the Claude Code identity.
const ProviderType = "claude-code"
ProviderType is the provider_type string for Claude Code subscription auth.
Variables ¶
var ( ErrReloginRequired = errors.New("claude: re-login required") ErrNoCredentials = errors.New("claude: no healthy credentials available") ErrStateMismatch = errors.New("claude: oauth state mismatch") )
var APIBaseURL = resolvedAPIBaseURL()
APIBaseURL is the base URL for Anthropic Messages API requests. Override with DOWNLINK_CLAUDE_BASE_URL for testing or alternative deployments.
Functions ¶
func BuildAuthorizeURL ¶
BuildAuthorizeURL builds the browser authorization URL. The verifier is never placed in the URL; only its S256 challenge is. State is an independent value.
func ClaudeHeaders ¶
ClaudeHeaders returns the identity headers required for every request to the Anthropic Messages API when authenticating with a Claude Code OAuth token. The Authorization: Bearer header is set by the caller, mirroring codexauth.
func GeneratePKCE ¶
GeneratePKCE returns a PKCE code_verifier and its S256 code_challenge.
func GenerateState ¶
GenerateState returns a random CSRF state value, independent of the verifier.
func SplitCallbackCode ¶
SplitCallbackCode splits the user-pasted "<code>#<state>" string.
Types ¶
type ConfigGetter ¶
type ConfigGetter func() *models.ServerConfig
ConfigGetter returns the current in-memory config.
type ConfigSaver ¶
type ConfigSaver func(cfg *models.ServerConfig) error
ConfigSaver is the function the manager calls to atomically persist config.
type Lease ¶
type Lease struct {
CredID string
AccessToken string
Headers http.Header
// contains filtered or unexported fields
}
Lease is a handle to a live credential for a single LLM call. Call one of the Mark* methods when done to update the credential's health state.
func (*Lease) MarkAuthFailed ¶
func (*Lease) MarkRateLimited ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager holds one Pool per claude-code provider config entry and wires pool persistence back to config.json via the ConfigSaver.
func NewManager ¶
func NewManager(get ConfigGetter, save ConfigSaver) *Manager
NewManager creates a Manager and initialises pools from the current config.
func (*Manager) EnsurePool ¶
EnsurePool creates an empty pool for providerName if one doesn't exist yet.
type PersistFn ¶
type PersistFn func(creds []models.CodexCredential) error
PersistFn is called by the pool whenever credentials need to be persisted.
type Pool ¶
type Pool struct {
// contains filtered or unexported fields
}
Pool manages a set of Claude Code OAuth credentials for one provider config entry.
func NewPool ¶
func NewPool(creds []models.CodexCredential, persist PersistFn) *Pool
NewPool creates a pool backed by the given credentials and persist function.
func (*Pool) Acquire ¶
Acquire picks the best available credential, refreshing its access token if needed, and returns a Lease. Returns ErrNoCredentials when all credentials are either rate-limited or auth-failed.
func (*Pool) AddCredential ¶
func (p *Pool) AddCredential(cred models.CodexCredential) error
AddCredential appends a new credential and persists.
func (*Pool) Credentials ¶
func (p *Pool) Credentials() []models.CodexCredential
Credentials returns a snapshot of the current credential list.
func (*Pool) RemoveCredential ¶
RemoveCredential removes a credential by ID and persists.
func (*Pool) SetPriority ¶
SetPriority updates the priority of a credential by ID and persists.
func (*Pool) UpdateCredentials ¶
func (p *Pool) UpdateCredentials(creds []models.CodexCredential)
UpdateCredentials replaces the pool's credential set (e.g. after config reload).
type TokenPair ¶
TokenPair holds the OAuth tokens and the computed absolute expiry.
func ExchangeCode ¶
ExchangeCode exchanges the authorization code (with its PKCE verifier) for tokens. The caller is responsible for validating the returned state against the state it generated before calling this.