Apply PR #17227: refactor(provider): effectify ProviderAuthService

Author: opencode-agent[bot]

packages/opencode/EFFECT_MIGRATION_PLAN.md

@@ -1,43 +1,27 @@
 import { Effect } from "effect"
-import z from "zod"
 import { runtime } from "@/effect/runtime"
-import * as S from "./service"
+import {
+  Api as ApiSchema,
+  AuthService,
+  type AuthServiceError,
+  Info as InfoSchema,
+  Oauth as OauthSchema,
+  WellKnown as WellKnownSchema,
+  type Info as AuthInfo,
+} from "./service"
 
 export { OAUTH_DUMMY_KEY } from "./service"
 
-function runPromise<A>(f: (service: S.AuthService.Service) => Effect.Effect<A, S.AuthServiceError>) {
-  return runtime.runPromise(S.AuthService.use(f))
+function runPromise<A>(f: (service: AuthService.Service) => Effect.Effect<A, AuthServiceError>) {
+  return runtime.runPromise(AuthService.use(f))
 }
 
 export namespace Auth {
-  export const Oauth = z
-    .object({
-      type: z.literal("oauth"),
-      refresh: z.string(),
-      access: z.string(),
-      expires: z.number(),
-      accountId: z.string().optional(),
-      enterpriseUrl: z.string().optional(),
-    })
-    .meta({ ref: "OAuth" })
-
-  export const Api = z
-    .object({
-      type: z.literal("api"),
-      key: z.string(),
-    })
-    .meta({ ref: "ApiAuth" })
-
-  export const WellKnown = z
-    .object({
-      type: z.literal("wellknown"),
-      key: z.string(),
-      token: z.string(),
-    })
-    .meta({ ref: "WellKnownAuth" })
-
-  export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown]).meta({ ref: "Auth" })
-  export type Info = z.infer<typeof Info>
+  export const Oauth = OauthSchema
+  export const Api = ApiSchema
+  export const WellKnown = WellKnownSchema
+  export const Info = InfoSchema
+  export type Info = AuthInfo
 
   export async function get(providerID: string) {
     return runPromise((service) => service.get(providerID))

packages/opencode/src/auth/index.ts

@@ -1,32 +1,39 @@
 import path from "path"
-import { Effect, Layer, Record, Result, Schema, ServiceMap } from "effect"
+import { Effect, Layer, Schema, ServiceMap } from "effect"
+import z from "zod"
 import { Global } from "../global"
 import { Filesystem } from "../util/filesystem"
 
 export const OAUTH_DUMMY_KEY = "opencode-oauth-dummy-key"
 
-export class Oauth extends Schema.Class<Oauth>("OAuth")({
-  type: Schema.Literal("oauth"),
-  refresh: Schema.String,
-  access: Schema.String,
-  expires: Schema.Number,
-  accountId: Schema.optional(Schema.String),
-  enterpriseUrl: Schema.optional(Schema.String),
-}) {}
-
-export class Api extends Schema.Class<Api>("ApiAuth")({
-  type: Schema.Literal("api"),
-  key: Schema.String,
-}) {}
-
-export class WellKnown extends Schema.Class<WellKnown>("WellKnownAuth")({
-  type: Schema.Literal("wellknown"),
-  key: Schema.String,
-  token: Schema.String,
-}) {}
-
-export const Info = Schema.Union([Oauth, Api, WellKnown])
-export type Info = Schema.Schema.Type<typeof Info>
+export const Oauth = z
+  .object({
+    type: z.literal("oauth"),
+    refresh: z.string(),
+    access: z.string(),
+    expires: z.number(),
+    accountId: z.string().optional(),
+    enterpriseUrl: z.string().optional(),
+  })
+  .meta({ ref: "OAuth" })
+
+export const Api = z
+  .object({
+    type: z.literal("api"),
+    key: z.string(),
+  })
+  .meta({ ref: "ApiAuth" })
+
+export const WellKnown = z
+  .object({
+    type: z.literal("wellknown"),
+    key: z.string(),
+    token: z.string(),
+  })
+  .meta({ ref: "WellKnownAuth" })
+
+export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown]).meta({ ref: "Auth" })
+export type Info = z.infer<typeof Info>
 
 export class AuthServiceError extends Schema.TaggedErrorClass<AuthServiceError>()("AuthServiceError", {
   message: Schema.String,
@@ -50,13 +57,19 @@ export class AuthService extends ServiceMap.Service<AuthService, AuthService.Ser
   static readonly layer = Layer.effect(
     AuthService,
     Effect.gen(function* () {
-      const decode = Schema.decodeUnknownOption(Info)
-
       const all = Effect.fn("AuthService.all")(() =>
         Effect.tryPromise({
           try: async () => {
             const data = await Filesystem.readJson<Record<string, unknown>>(file).catch(() => ({}))
-            return Record.filterMap(data, (value) => Result.fromOption(decode(value), () => undefined))
+            return Object.entries(data).reduce(
+              (acc, [key, value]) => {
+                const parsed = Info.safeParse(value)
+                if (!parsed.success) return acc
+                acc[key] = parsed.data
+                return acc
+              },
+              {} as Record<string, Info>,
+            )
           },
           catch: fail("Failed to read auth data"),
         }),

packages/opencode/src/auth/service.ts

@@ -1,10 +1,12 @@
+import { Effect } from "effect"
 import { Log } from "@/util/log"
 import { Context } from "../util/context"
 import { Project } from "./project"
 import { State } from "./state"
 import { iife } from "@/util/iife"
 import { GlobalBus } from "@/bus/global"
 import { Filesystem } from "@/util/filesystem"
+import { InstanceState } from "@/util/instance-state"
 
 interface Context {
   directory: string
@@ -106,15 +108,15 @@ export const Instance = {
   async reload(input: { directory: string; init?: () => Promise<any>; project?: Project.Info; worktree?: string }) {
     const directory = Filesystem.resolve(input.directory)
     Log.Default.info("reloading instance", { directory })
-    await State.dispose(directory)
+    await Promise.all([State.dispose(directory), Effect.runPromise(InstanceState.dispose(directory))])
     cache.delete(directory)
     const next = track(directory, boot({ ...input, directory }))
     emit(directory)
     return await next
   },
   async dispose() {
     Log.Default.info("disposing instance", { directory: Instance.directory })
-    await State.dispose(Instance.directory)
+    await Promise.all([State.dispose(Instance.directory), Effect.runPromise(InstanceState.dispose(Instance.directory))])
     cache.delete(Instance.directory)
     emit(Instance.directory)
   },

packages/opencode/src/project/instance.ts

@@ -0,0 +1,160 @@
+import { Effect, Layer, Record, ServiceMap, Struct } from "effect"
+import { Instance } from "@/project/instance"
+import { Plugin } from "../plugin"
+import { filter, fromEntries, map, pipe } from "remeda"
+import type { AuthOuathResult } from "@opencode-ai/plugin"
+import { NamedError } from "@opencode-ai/util/error"
+import * as Auth from "@/auth/service"
+import { InstanceState } from "@/util/instance-state"
+import { ProviderID } from "./schema"
+import z from "zod"
+
+export type Method = {
+  type: "oauth" | "api"
+  label: string
+}
+
+export type Authorization = {
+  url: string
+  method: "auto" | "code"
+  instructions: string
+}
+
+export const OauthMissing = NamedError.create(
+  "ProviderAuthOauthMissing",
+  z.object({
+    providerID: ProviderID.zod,
+  }),
+)
+
+export const OauthCodeMissing = NamedError.create(
+  "ProviderAuthOauthCodeMissing",
+  z.object({
+    providerID: ProviderID.zod,
+  }),
+)
+
+export const OauthCallbackFailed = NamedError.create("ProviderAuthOauthCallbackFailed", z.object({}))
+
+export type ProviderAuthError =
+  | Auth.AuthServiceError
+  | InstanceType<typeof OauthMissing>
+  | InstanceType<typeof OauthCodeMissing>
+  | InstanceType<typeof OauthCallbackFailed>
+
+export namespace ProviderAuthService {
+  export interface Service {
+    /** Get available auth methods for each provider (e.g. OAuth, API key). */
+    readonly methods: () => Effect.Effect<Record<string, Method[]>>
+
+    /** Start an OAuth authorization flow for a provider. Returns the URL to redirect to. */
+    readonly authorize: (input: { providerID: ProviderID; method: number }) => Effect.Effect<Authorization | undefined>
+
+    /** Complete an OAuth flow after the user has authorized. Exchanges the code/callback for credentials. */
+    readonly callback: (input: {
+      providerID: ProviderID
+      method: number
+      code?: string
+    }) => Effect.Effect<void, ProviderAuthError>
+
+    /** Set an API key directly for a provider (no OAuth flow). */
+    readonly api: (input: { providerID: ProviderID; key: string }) => Effect.Effect<void, Auth.AuthServiceError>
+  }
+}
+
+export class ProviderAuthService extends ServiceMap.Service<ProviderAuthService, ProviderAuthService.Service>()(
+  "@opencode/ProviderAuth",
+) {
+  static readonly layer = Layer.effect(
+    ProviderAuthService,
+    Effect.gen(function* () {
+      const auth = yield* Auth.AuthService
+      const state = yield* InstanceState.make({
+        lookup: () =>
+          Effect.promise(async () => {
+            const methods = pipe(
+              await Plugin.list(),
+              filter((x) => x.auth?.provider !== undefined),
+              map((x) => [x.auth!.provider, x.auth!] as const),
+              fromEntries(),
+            )
+            return { methods, pending: new Map<string, AuthOuathResult>() }
+          }),
+      })
+
+      const methods = Effect.fn("ProviderAuthService.methods")(function* () {
+        const x = yield* InstanceState.get(state)
+        return Record.map(x.methods, (y) => y.methods.map((z): Method => Struct.pick(z, ["type", "label"])))
+      })
+
+      const authorize = Effect.fn("ProviderAuthService.authorize")(function* (input: {
+        providerID: ProviderID
+        method: number
+      }) {
+        const authHook = (yield* InstanceState.get(state)).methods[input.providerID]
+        const method = authHook.methods[input.method]
+        if (method.type !== "oauth") return
+        const result = yield* Effect.promise(() => method.authorize())
+
+        const s = yield* InstanceState.get(state)
+        s.pending.set(input.providerID, result)
+        return {
+          url: result.url,
+          method: result.method,
+          instructions: result.instructions,
+        }
+      })
+
+      const callback = Effect.fn("ProviderAuthService.callback")(function* (input: {
+        providerID: ProviderID
+        method: number
+        code?: string
+      }) {
+        const match = (yield* InstanceState.get(state)).pending.get(input.providerID)
+        if (!match) return yield* Effect.fail(new OauthMissing({ providerID: input.providerID }))
+
+        if (match.method === "code" && !input.code)
+          return yield* Effect.fail(new OauthCodeMissing({ providerID: input.providerID }))
+
+        const result = yield* Effect.promise(() =>
+          match.method === "code" ? match.callback(input.code!) : match.callback(),
+        )
+
+        if (!result || result.type !== "success") return yield* Effect.fail(new OauthCallbackFailed({}))
+
+        if ("key" in result) {
+          yield* auth.set(input.providerID, {
+            type: "api",
+            key: result.key,
+          })
+        }
+
+        if ("refresh" in result) {
+          yield* auth.set(input.providerID, {
+            type: "oauth",
+            access: result.access,
+            refresh: result.refresh,
+            expires: result.expires,
+            ...(result.accountId ? { accountId: result.accountId } : {}),
+          })
+        }
+      })
+
+      const api = Effect.fn("ProviderAuthService.api")(function* (input: { providerID: ProviderID; key: string }) {
+        yield* auth.set(input.providerID, {
+          type: "api",
+          key: input.key,
+        })
+      })
+
+      return ProviderAuthService.of({
+        methods,
+        authorize,
+        callback,
+        api,
+      })
+    }),
+  )
+
+  static readonly defaultLayer = ProviderAuthService.layer.pipe(Layer.provide(Auth.AuthService.defaultLayer))
+}