commit a09cdafa6445fdbf1096721688b397655654ca84 · dunkirk.sh/anthropic-api-key

+40

.gitignore

···

       1
       1
       +
       # dependencies (bun install)

     

       2
       2
       +
       node_modules

     

       3
       3
       +
       

     

       4
       4
       +
       # output

     

       5
       5
       +
       out

     

       6
       6
       +
       dist

     

       7
       7
       +
       *.tgz

     

       8
       8
       +
       

     

       9
       9
       +
       # code coverage

     

       10
       10
       +
       coverage

     

       11
       11
       +
       *.lcov

     

       12
       12
       +
       

     

       13
       13
       +
       # logs

     

       14
       14
       +
       logs

     

       15
       15
       +
       _.log

     

       16
       16
       +
       report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json

     

       17
       17
       +
       

     

       18
       18
       +
       # dotenv environment variable files

     

       19
       19
       +
       .env

     

       20
       20
       +
       .env.development.local

     

       21
       21
       +
       .env.test.local

     

       22
       22
       +
       .env.production.local

     

       23
       23
       +
       .env.local

     

       24
       24
       +
       

     

       25
       25
       +
       # caches

     

       26
       26
       +
       .eslintcache

     

       27
       27
       +
       .cache

     

       28
       28
       +
       *.tsbuildinfo

     

       29
       29
       +
       

     

       30
       30
       +
       # IntelliJ based IDEs

     

       31
       31
       +
       .idea

     

       32
       32
       +
       

     

       33
       33
       +
       # Finder (MacOS) folder config

     

       34
       34
       +
       .DS_Store

     

       35
       35
       +
       

     

       36
       36
       +
       # Crush agent workspace

     

       37
       37
       +
       .crush

     

       38
       38
       +
       

     

       39
       39
       +
       # Bun install cache

     

       40
       40
       +
       bun.lockb

+28

CRUSH.md

···

       1
       1
       +
       # CRUSH.md

     

       2
       2
       +
       

     

       3
       3
       +
       Build/Lint/Test

     

       4
       4
       +
       - Install: bun install

     

       5
       5
       +
       - Typecheck: bun x tsc --noEmit

     

       6
       6
       +
       - Run: bun run index.ts or bun index.ts

     

       7
       7
       +
       - Test all: bun test

     

       8
       8
       +
       - Test watch: bun test --watch

     

       9
       9
       +
       - Test single: bun test path/to/file.test.ts -t "name"

     

       10
       10
       +
       - Lint: bun x biome check --write || bun x eslint . (if configured)

     

       11
       11
       +
       

     

       12
       12
       +
       Conventions

     

       13
       13
       +
       - Runtime: Bun (see CLAUDE.md). Prefer Bun APIs (Bun.serve, Bun.file, Bun.$) over Node shims. Bun auto-loads .env.

     

       14
       14
       +
       - Modules: ESM only ("type": "module"). Use extensionless TS imports within project.

     

       15
       15
       +
       - Formatting: Prettier/biome if present; otherwise 2-space indent, trailing commas where valid, semicolons optional but consistent.

     

       16
       16
       +
       - Types: Strict TypeScript. Prefer explicit types on public APIs; infer locals via const. Use unknown over any. Narrow with guards.

     

       17
       17
       +
       - Imports: Group std/bun, third-party, then local. Use named imports; avoid default exports for libs.

     

       18
       18
       +
       - Naming: camelCase for vars/functions, PascalCase for types/classes, UPPER_SNAKE for env constants.

     

       19
       19
       +
       - Errors: Throw Error (or subclasses) with actionable messages; never swallow. Use Result-like returns only if established.

     

       20
       20
       +
       - Async: Prefer async/await. Always handle rejections. Avoid top-level await outside Bun entrypoints.

     

       21
       21
       +
       - Logging: Use console.* sparingly; no secrets in logs. Prefer structured messages.

     

       22
       22
       +
       - Env/config: Read via process.env or Bun.env at startup; validate and fail fast.

     

       23
       23
       +
       - Files: Prefer Bun.file and Response over fs. Avoid sync IO.

     

       24
       24
       +
       - Tests: bun:test (import { test, expect } from "bun:test"). Keep tests deterministic, no network without mocking.

     

       25
       25
       +
       

     

       26
       26
       +
       Repo Notes

     

       27
       27
       +
       - No Cursor/Copilot rules detected.

     

       28
       28
       +
       - Add ".crush" dir to .gitignore (keeps agent scratch files untracked).

+15

README.md

···

       1
       1
       +
       # anthropic-api-key

     

       2
       2
       +
       

     

       3
       3
       +
       To install dependencies:

     

       4
       4
       +
       

     

       5
       5
       +
       ```bash

     

       6
       6
       +
       bun install

     

       7
       7
       +
       ```

     

       8
       8
       +
       

     

       9
       9
       +
       To run:

     

       10
       10
       +
       

     

       11
       11
       +
       ```bash

     

       12
       12
       +
       bun run index.ts

     

       13
       13
       +
       ```

     

       14
       14
       +
       

     

       15
       15
       +
       This project was created using `bun init` in bun v1.2.19. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.

+531

anthropic.sh

···

       1
       1
       +
       #!/bin/sh

     

       2
       2
       +
       

     

       3
       3
       +
       # Anthropic OAuth client ID

     

       4
       4
       +
       CLIENT_ID="9d1c250a-e61b-44d9-88ed-5944d1962f5e"

     

       5
       5
       +
       

     

       6
       6
       +
       # Token cache file location

     

       7
       7
       +
       CACHE_DIR="${HOME}/.config/crush/anthropic"

     

       8
       8
       +
       CACHE_FILE="${CACHE_DIR}/bearer_token"

     

       9
       9
       +
       REFRESH_TOKEN_FILE="${CACHE_DIR}/refresh_token"

     

       10
       10
       +
       

     

       11
       11
       +
       # Function to extract expiration from cached token file

     

       12
       12
       +
       extract_expiration() {

     

       13
       13
       +
         if [ -f "${CACHE_FILE}.expires" ]; then

     

       14
       14
       +
           cat "${CACHE_FILE}.expires"

     

       15
       15
       +
         fi

     

       16
       16
       +
       }

     

       17
       17
       +
       

     

       18
       18
       +
       # Function to check if token is valid

     

       19
       19
       +
       is_token_valid() {

     

       20
       20
       +
         local expires="$1"

     

       21
       21
       +
       

     

       22
       22
       +
         if [ -z "$expires" ]; then

     

       23
       23
       +
           return 1

     

       24
       24
       +
         fi

     

       25
       25
       +
       

     

       26
       26
       +
         local current_time=$(date +%s)

     

       27
       27
       +
         # Add 60 second buffer before expiration

     

       28
       28
       +
         local buffer_time=$((expires - 60))

     

       29
       29
       +
       

     

       30
       30
       +
         if [ "$current_time" -lt "$buffer_time" ]; then

     

       31
       31
       +
           return 0

     

       32
       32
       +
         else

     

       33
       33
       +
           return 1

     

       34
       34
       +
         fi

     

       35
       35
       +
       }

     

       36
       36
       +
       

     

       37
       37
       +
       # Function to generate PKCE challenge (requires openssl)

     

       38
       38
       +
       generate_pkce() {

     

       39
       39
       +
         # Generate 32 random bytes, base64url encode

     

       40
       40
       +
         local verifier=$(openssl rand -base64 32 | tr -d "=" | tr "/" "_" | tr "+" "-" | tr -d "\n")

     

       41
       41
       +
         # Create SHA256 hash of verifier, base64url encode

     

       42
       42
       +
         local challenge=$(printf '%s' "$verifier" | openssl dgst -sha256 -binary | openssl base64 | tr -d "=" | tr "/" "_" | tr "+" "-" | tr -d "\n")

     

       43
       43
       +
       

     

       44
       44
       +
         echo "$verifier|$challenge"

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       47
       47
       +
       # Function to exchange refresh token for new access token

     

       48
       48
       +
       exchange_refresh_token() {

     

       49
       49
       +
         local refresh_token="$1"

     

       50
       50
       +
       

     

       51
       51
       +
         local bearer_response=$(curl -s -X POST "https://console.anthropic.com/v1/oauth/token" \

     

       52
       52
       +
           -H "Content-Type: application/json" \

     

       53
       53
       +
           -H "User-Agent: CRUSH/1.0" \

     

       54
       54
       +
           -d "{\"grant_type\":\"refresh_token\",\"refresh_token\":\"${refresh_token}\",\"client_id\":\"${CLIENT_ID}\"}")

     

       55
       55
       +
       

     

       56
       56
       +
         # Parse JSON response - try jq first, fallback to sed

     

       57
       57
       +
         local access_token=""

     

       58
       58
       +
         local new_refresh_token=""

     

       59
       59
       +
         local expires_in=""

     

       60
       60
       +
       

     

       61
       61
       +
         if command -v jq >/dev/null 2>&1; then

     

       62
       62
       +
           access_token=$(echo "$bearer_response" | jq -r '.access_token // empty')

     

       63
       63
       +
           new_refresh_token=$(echo "$bearer_response" | jq -r '.refresh_token // empty')

     

       64
       64
       +
           expires_in=$(echo "$bearer_response" | jq -r '.expires_in // empty')

     

       65
       65
       +
         else

     

       66
       66
       +
           # Fallback to sed parsing

     

       67
       67
       +
           access_token=$(echo "$bearer_response" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')

     

       68
       68
       +
           new_refresh_token=$(echo "$bearer_response" | sed -n 's/.*"refresh_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')

     

       69
       69
       +
           expires_in=$(echo "$bearer_response" | sed -n 's/.*"expires_in"[[:space:]]*:[[:space:]]*\([0-9]*\).*/\1/p')

     

       70
       70
       +
         fi

     

       71
       71
       +
       

     

       72
       72
       +
         if [ -n "$access_token" ] && [ -n "$expires_in" ]; then

     

       73
       73
       +
           # Calculate expiration timestamp

     

       74
       74
       +
           local current_time=$(date +%s)

     

       75
       75
       +
           local expires_timestamp=$((current_time + expires_in))

     

       76
       76
       +
       

     

       77
       77
       +
           # Cache the new tokens

     

       78
       78
       +
           mkdir -p "$CACHE_DIR"

     

       79
       79
       +
           echo "$access_token" > "$CACHE_FILE"

     

       80
       80
       +
           chmod 600 "$CACHE_FILE"

     

       81
       81
       +
       

     

       82
       82
       +
           if [ -n "$new_refresh_token" ]; then

     

       83
       83
       +
             echo "$new_refresh_token" > "$REFRESH_TOKEN_FILE"

     

       84
       84
       +
             chmod 600 "$REFRESH_TOKEN_FILE"

     

       85
       85
       +
           fi

     

       86
       86
       +
       

     

       87
       87
       +
           # Store expiration for future reference

     

       88
       88
       +
           echo "$expires_timestamp" > "${CACHE_FILE}.expires"

     

       89
       89
       +
           chmod 600 "${CACHE_FILE}.expires"

     

       90
       90
       +
       

     

       91
       91
       +
           echo "$access_token"

     

       92
       92
       +
           return 0

     

       93
       93
       +
         fi

     

       94
       94
       +
       

     

       95
       95
       +
         return 1

     

       96
       96
       +
       }

     

       97
       97
       +
       

     

       98
       98
       +
       # Function to exchange authorization code for tokens

     

       99
       99
       +
       exchange_authorization_code() {

     

       100
       100
       +
         local auth_code="$1"

     

       101
       101
       +
         local verifier="$2"

     

       102
       102
       +
       

     

       103
       103
       +
         # Split code if it contains state (format: code#state)

     

       104
       104
       +
         local code=$(echo "$auth_code" | cut -d'#' -f1)

     

       105
       105
       +
         local state=""

     

       106
       106
       +
         if echo "$auth_code" | grep -q '#'; then

     

       107
       107
       +
           state=$(echo "$auth_code" | cut -d'#' -f2)

     

       108
       108
       +
         fi

     

       109
       109
       +
       

     

       110
       110
       +
         # Use the working endpoint

     

       111
       111
       +
         local bearer_response=$(curl -s -X POST "https://console.anthropic.com/v1/oauth/token" \

     

       112
       112
       +
           -H "Content-Type: application/json" \

     

       113
       113
       +
           -H "User-Agent: CRUSH/1.0" \

     

       114
       114
       +
           -d "{\"code\":\"${code}\",\"state\":\"${state}\",\"grant_type\":\"authorization_code\",\"client_id\":\"${CLIENT_ID}\",\"redirect_uri\":\"https://console.anthropic.com/oauth/code/callback\",\"code_verifier\":\"${verifier}\"}")

     

       115
       115
       +
       

     

       116
       116
       +
         # Parse JSON response - try jq first, fallback to sed

     

       117
       117
       +
         local access_token=""

     

       118
       118
       +
         local refresh_token=""

     

       119
       119
       +
         local expires_in=""

     

       120
       120
       +
       

     

       121
       121
       +
         if command -v jq >/dev/null 2>&1; then

     

       122
       122
       +
           access_token=$(echo "$bearer_response" | jq -r '.access_token // empty')

     

       123
       123
       +
           refresh_token=$(echo "$bearer_response" | jq -r '.refresh_token // empty')

     

       124
       124
       +
           expires_in=$(echo "$bearer_response" | jq -r '.expires_in // empty')

     

       125
       125
       +
         else

     

       126
       126
       +
           # Fallback to sed parsing

     

       127
       127
       +
           access_token=$(echo "$bearer_response" | sed -n 's/.*"access_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')

     

       128
       128
       +
           refresh_token=$(echo "$bearer_response" | sed -n 's/.*"refresh_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')

     

       129
       129
       +
           expires_in=$(echo "$bearer_response" | sed -n 's/.*"expires_in"[[:space:]]*:[[:space:]]*\([0-9]*\).*/\1/p')

     

       130
       130
       +
         fi

     

       131
       131
       +
       

     

       132
       132
       +
         if [ -n "$access_token" ] && [ -n "$refresh_token" ] && [ -n "$expires_in" ]; then

     

       133
       133
       +
           # Calculate expiration timestamp

     

       134
       134
       +
           local current_time=$(date +%s)

     

       135
       135
       +
           local expires_timestamp=$((current_time + expires_in))

     

       136
       136
       +
       

     

       137
       137
       +
           # Cache the tokens

     

       138
       138
       +
           mkdir -p "$CACHE_DIR"

     

       139
       139
       +
           echo "$access_token" > "$CACHE_FILE"

     

       140
       140
       +
           echo "$refresh_token" > "$REFRESH_TOKEN_FILE"

     

       141
       141
       +
           echo "$expires_timestamp" > "${CACHE_FILE}.expires"

     

       142
       142
       +
           chmod 600 "$CACHE_FILE" "$REFRESH_TOKEN_FILE" "${CACHE_FILE}.expires"

     

       143
       143
       +
       

     

       144
       144
       +
           echo "$access_token"

     

       145
       145
       +
           return 0

     

       146
       146
       +
         else

     

       147
       147
       +
           return 1

     

       148
       148
       +
         fi

     

       149
       149
       +
       }

     

       150
       150
       +
       

     

       151
       151
       +
       # Check for cached bearer token

     

       152
       152
       +
       if [ -f "$CACHE_FILE" ] && [ -f "${CACHE_FILE}.expires" ]; then

     

       153
       153
       +
         CACHED_TOKEN=$(cat "$CACHE_FILE")

     

       154
       154
       +
         CACHED_EXPIRES=$(cat "${CACHE_FILE}.expires")

     

       155
       155
       +
         if is_token_valid "$CACHED_EXPIRES"; then

     

       156
       156
       +
           # Token is still valid, output and exit

     

       157
       157
       +
           echo "$CACHED_TOKEN"

     

       158
       158
       +
           exit 0

     

       159
       159
       +
         fi

     

       160
       160
       +
       fi

     

       161
       161
       +
       

     

       162
       162
       +
       # Bearer token is expired/missing, try to use cached refresh token

     

       163
       163
       +
       if [ -f "$REFRESH_TOKEN_FILE" ]; then

     

       164
       164
       +
         REFRESH_TOKEN=$(cat "$REFRESH_TOKEN_FILE")

     

       165
       165
       +
         if [ -n "$REFRESH_TOKEN" ]; then

     

       166
       166
       +
           # Try to exchange refresh token for new bearer token

     

       167
       167
       +
           BEARER_TOKEN=$(exchange_refresh_token "$REFRESH_TOKEN")

     

       168
       168
       +
           if [ -n "$BEARER_TOKEN" ]; then

     

       169
       169
       +
             # Successfully got new bearer token, output and exit

     

       170
       170
       +
             echo "$BEARER_TOKEN"

     

       171
       171
       +
             exit 0

     

       172
       172
       +
           fi

     

       173
       173
       +
         fi

     

       174
       174
       +
       fi

     

       175
       175
       +
       

     

       176
       176
       +
       # No valid tokens found, start OAuth flow

     

       177
       177
       +
       # Check if openssl is available for PKCE

     

       178
       178
       +
       if ! command -v openssl >/dev/null 2>&1; then

     

       179
       179
       +
         exit 1

     

       180
       180
       +
       fi

     

       181
       181
       +
       

     

       182
       182
       +
       # Generate PKCE challenge

     

       183
       183
       +
       PKCE_DATA=$(generate_pkce)

     

       184
       184
       +
       VERIFIER=$(echo "$PKCE_DATA" | cut -d'|' -f1)

     

       185
       185
       +
       CHALLENGE=$(echo "$PKCE_DATA" | cut -d'|' -f2)

     

       186
       186
       +
       

     

       187
       187
       +
       # Build OAuth URL

     

       188
       188
       +
       AUTH_URL="https://claude.ai/oauth/authorize"

     

       189
       189
       +
       AUTH_URL="${AUTH_URL}?response_type=code"

     

       190
       190
       +
       AUTH_URL="${AUTH_URL}&client_id=${CLIENT_ID}"

     

       191
       191
       +
       AUTH_URL="${AUTH_URL}&redirect_uri=https://console.anthropic.com/oauth/code/callback"

     

       192
       192
       +
       AUTH_URL="${AUTH_URL}&scope=org:create_api_key%20user:profile%20user:inference"

     

       193
       193
       +
       AUTH_URL="${AUTH_URL}&code_challenge=${CHALLENGE}"

     

       194
       194
       +
       AUTH_URL="${AUTH_URL}&code_challenge_method=S256"

     

       195
       195
       +
       AUTH_URL="${AUTH_URL}&state=${VERIFIER}"

     

       196
       196
       +
       

     

       197
       197
       +
       # Create a temporary HTML file with the authentication form

     

       198
       198
       +
       TEMP_HTML="/tmp/anthropic_auth_$$.html"

     

       199
       199
       +
       cat > "$TEMP_HTML" << EOF

     

       200
       200
       +
       <!DOCTYPE html>

     

       201
       201
       +
       <html>

     

       202
       202
       +
       <head>

     

       203
       203
       +
           <title>Anthropic Authentication</title>

     

       204
       204
       +
           <style>

     

       205
       205
       +
               * {

     

       206
       206
       +
                   box-sizing: border-box;

     

       207
       207
       +
                   margin: 0;

     

       208
       208
       +
                   padding: 0;

     

       209
       209
       +
               }

     

       210
       210
       +
       

     

       211
       211
       +
               body {

     

       212
       212
       +
                   font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', system-ui, sans-serif;

     

       213
       213
       +
                   background: linear-gradient(135deg, #1a1a1a 0%, #2d1810 100%);

     

       214
       214
       +
                   color: #ffffff;

     

       215
       215
       +
                   min-height: 100vh;

     

       216
       216
       +
                   display: flex;

     

       217
       217
       +
                   align-items: center;

     

       218
       218
       +
                   justify-content: center;

     

       219
       219
       +
                   padding: 20px;

     

       220
       220
       +
               }

     

       221
       221
       +
       

     

       222
       222
       +
               .container {

     

       223
       223
       +
                   background: rgba(40, 40, 40, 0.95);

     

       224
       224
       +
                   border: 1px solid #4a4a4a;

     

       225
       225
       +
                   border-radius: 16px;

     

       226
       226
       +
                   padding: 48px;

     

       227
       227
       +
                   max-width: 480px;

     

       228
       228
       +
                   width: 100%;

     

       229
       229
       +
                   text-align: center;

     

       230
       230
       +
                   backdrop-filter: blur(10px);

     

       231
       231
       +
                   box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3);

     

       232
       232
       +
               }

     

       233
       233
       +
       

     

       234
       234
       +
               .logo {

     

       235
       235
       +
                   width: 48px;

     

       236
       236
       +
                   height: 48px;

     

       237
       237
       +
                   margin: 0 auto 24px;

     

       238
       238
       +
                   background: linear-gradient(135deg, #ff6b35 0%, #ff8e53 100%);

     

       239
       239
       +
                   border-radius: 12px;

     

       240
       240
       +
                   display: flex;

     

       241
       241
       +
                   align-items: center;

     

       242
       242
       +
                   justify-content: center;

     

       243
       243
       +
                   font-weight: bold;

     

       244
       244
       +
                   font-size: 24px;

     

       245
       245
       +
                   color: white;

     

       246
       246
       +
               }

     

       247
       247
       +
       

     

       248
       248
       +
               h1 {

     

       249
       249
       +
                   font-size: 28px;

     

       250
       250
       +
                   font-weight: 600;

     

       251
       251
       +
                   margin-bottom: 12px;

     

       252
       252
       +
                   color: #ffffff;

     

       253
       253
       +
               }

     

       254
       254
       +
       

     

       255
       255
       +
               .subtitle {

     

       256
       256
       +
                   color: #a0a0a0;

     

       257
       257
       +
                   margin-bottom: 32px;

     

       258
       258
       +
                   font-size: 16px;

     

       259
       259
       +
                   line-height: 1.5;

     

       260
       260
       +
               }

     

       261
       261
       +
       

     

       262
       262
       +
               .step {

     

       263
       263
       +
                   margin-bottom: 32px;

     

       264
       264
       +
                   text-align: left;

     

       265
       265
       +
               }

     

       266
       266
       +
       

     

       267
       267
       +
               .step-number {

     

       268
       268
       +
                   display: inline-flex;

     

       269
       269
       +
                   align-items: center;

     

       270
       270
       +
                   justify-content: center;

     

       271
       271
       +
                   width: 24px;

     

       272
       272
       +
                   height: 24px;

     

       273
       273
       +
                   background: #ff6b35;

     

       274
       274
       +
                   color: white;

     

       275
       275
       +
                   border-radius: 50%;

     

       276
       276
       +
                   font-size: 14px;

     

       277
       277
       +
                   font-weight: 600;

     

       278
       278
       +
                   margin-right: 12px;

     

       279
       279
       +
               }

     

       280
       280
       +
       

     

       281
       281
       +
               .step-title {

     

       282
       282
       +
                   font-weight: 600;

     

       283
       283
       +
                   margin-bottom: 8px;

     

       284
       284
       +
                   color: #ffffff;

     

       285
       285
       +
               }

     

       286
       286
       +
       

     

       287
       287
       +
               .step-description {

     

       288
       288
       +
                   color: #a0a0a0;

     

       289
       289
       +
                   font-size: 14px;

     

       290
       290
       +
                   margin-left: 36px;

     

       291
       291
       +
               }

     

       292
       292
       +
       

     

       293
       293
       +
               .button {

     

       294
       294
       +
                   display: inline-block;

     

       295
       295
       +
                   background: linear-gradient(135deg, #ff6b35 0%, #ff8e53 100%);

     

       296
       296
       +
                   color: white;

     

       297
       297
       +
                   padding: 16px 32px;

     

       298
       298
       +
                   text-decoration: none;

     

       299
       299
       +
                   border-radius: 12px;

     

       300
       300
       +
                   font-weight: 600;

     

       301
       301
       +
                   font-size: 16px;

     

       302
       302
       +
                   margin-bottom: 24px;

     

       303
       303
       +
                   transition: all 0.2s ease;

     

       304
       304
       +
                   box-shadow: 0 4px 12px rgba(255, 107, 53, 0.3);

     

       305
       305
       +
               }

     

       306
       306
       +
       

     

       307
       307
       +
               .button:hover {

     

       308
       308
       +
                   transform: translateY(-2px);

     

       309
       309
       +
                   box-shadow: 0 8px 20px rgba(255, 107, 53, 0.4);

     

       310
       310
       +
               }

     

       311
       311
       +
       

     

       312
       312
       +
               .input-group {

     

       313
       313
       +
                   margin-bottom: 24px;

     

       314
       314
       +
                   text-align: left;

     

       315
       315
       +
               }

     

       316
       316
       +
       

     

       317
       317
       +
               label {

     

       318
       318
       +
                   display: block;

     

       319
       319
       +
                   margin-bottom: 8px;

     

       320
       320
       +
                   font-weight: 500;

     

       321
       321
       +
                   color: #ffffff;

     

       322
       322
       +
               }

     

       323
       323
       +
       

     

       324
       324
       +
               textarea {

     

       325
       325
       +
                   width: 100%;

     

       326
       326
       +
                   background: #2a2a2a;

     

       327
       327
       +
                   border: 2px solid #4a4a4a;

     

       328
       328
       +
                   border-radius: 8px;

     

       329
       329
       +
                   padding: 16px;

     

       330
       330
       +
                   color: #ffffff;

     

       331
       331
       +
                   font-family: 'SF Mono', Monaco, 'Cascadia Code', monospace;

     

       332
       332
       +
                   font-size: 14px;

     

       333
       333
       +
                   line-height: 1.4;

     

       334
       334
       +
                   resize: vertical;

     

       335
       335
       +
                   min-height: 120px;

     

       336
       336
       +
                   transition: border-color 0.2s ease;

     

       337
       337
       +
               }

     

       338
       338
       +
       

     

       339
       339
       +
               textarea:focus {

     

       340
       340
       +
                   outline: none;

     

       341
       341
       +
                   border-color: #ff6b35;

     

       342
       342
       +
                   box-shadow: 0 0 0 3px rgba(255, 107, 53, 0.1);

     

       343
       343
       +
               }

     

       344
       344
       +
       

     

       345
       345
       +
               textarea::placeholder {

     

       346
       346
       +
                   color: #666;

     

       347
       347
       +
               }

     

       348
       348
       +
       

     

       349
       349
       +
               .submit-btn {

     

       350
       350
       +
                   background: linear-gradient(135deg, #ff6b35 0%, #ff8e53 100%);

     

       351
       351
       +
                   color: white;

     

       352
       352
       +
                   border: none;

     

       353
       353
       +
                   padding: 16px 32px;

     

       354
       354
       +
                   border-radius: 12px;

     

       355
       355
       +
                   font-weight: 600;

     

       356
       356
       +
                   font-size: 16px;

     

       357
       357
       +
                   cursor: pointer;

     

       358
       358
       +
                   transition: all 0.2s ease;

     

       359
       359
       +
                   box-shadow: 0 4px 12px rgba(255, 107, 53, 0.3);

     

       360
       360
       +
                   width: 100%;

     

       361
       361
       +
               }

     

       362
       362
       +
       

     

       363
       363
       +
               .submit-btn:hover {

     

       364
       364
       +
                   transform: translateY(-2px);

     

       365
       365
       +
                   box-shadow: 0 8px 20px rgba(255, 107, 53, 0.4);

     

       366
       366
       +
               }

     

       367
       367
       +
       

     

       368
       368
       +
               .submit-btn:disabled {

     

       369
       369
       +
                   opacity: 0.6;

     

       370
       370
       +
                   cursor: not-allowed;

     

       371
       371
       +
                   transform: none;

     

       372
       372
       +
               }

     

       373
       373
       +
       

     

       374
       374
       +
               .status {

     

       375
       375
       +
                   margin-top: 16px;

     

       376
       376
       +
                   padding: 12px;

     

       377
       377
       +
                   border-radius: 8px;

     

       378
       378
       +
                   font-size: 14px;

     

       379
       379
       +
                   display: none;

     

       380
       380
       +
               }

     

       381
       381
       +
       

     

       382
       382
       +
               .status.success {

     

       383
       383
       +
                   background: rgba(52, 168, 83, 0.1);

     

       384
       384
       +
                   border: 1px solid rgba(52, 168, 83, 0.3);

     

       385
       385
       +
                   color: #34a853;

     

       386
       386
       +
               }

     

       387
       387
       +
       

     

       388
       388
       +
               .status.error {

     

       389
       389
       +
                   background: rgba(234, 67, 53, 0.1);

     

       390
       390
       +
                   border: 1px solid rgba(234, 67, 53, 0.3);

     

       391
       391
       +
                   color: #ea4335;

     

       392
       392
       +
               }

     

       393
       393
       +
           </style>

     

       394
       394
       +
       </head>

     

       395
       395
       +
       <body>

     

       396
       396
       +
           <div class="container">

     

       397
       397
       +
               <div class="logo">A</div>

     

       398
       398
       +
               <h1>Anthropic Authentication</h1>

     

       399
       399
       +
               <p class="subtitle">Connect your Anthropic account to continue</p>

     

       400
       400
       +
       

     

       401
       401
       +
               <div class="step">

     

       402
       402
       +
                   <div class="step-title">

     

       403
       403
       +
                       <span class="step-number">1</span>

     

       404
       404
       +
                       Authorize with Anthropic

     

       405
       405
       +
                   </div>

     

       406
       406
       +
                   <div class="step-description">

     

       407
       407
       +
                       Click the button below to open the Anthropic authorization page

     

       408
       408
       +
                   </div>

     

       409
       409
       +
               </div>

     

       410
       410
       +
       

     

       411
       411
       +
               <a href="$AUTH_URL" class="button" target="_blank">

     

       412
       412
       +
                   Open Anthropic Authorization

     

       413
       413
       +
               </a>

     

       414
       414
       +
       

     

       415
       415
       +
               <div class="step">

     

       416
       416
       +
                   <div class="step-title">

     

       417
       417
       +
                       <span class="step-number">2</span>

     

       418
       418
       +
                       Paste your authorization token

     

       419
       419
       +
                   </div>

     

       420
       420
       +
                   <div class="step-description">

     

       421
       421
       +
                       After authorizing, copy the token and paste it below

     

       422
       422
       +
                   </div>

     

       423
       423
       +
               </div>

     

       424
       424
       +
       

     

       425
       425
       +
               <form id="tokenForm">

     

       426
       426
       +
                 <div class="input-group">

     

       427
       427
       +
                   <label for="token">Authorization Token:</label>

     

       428
       428
       +
                   <textarea

     

       429
       429
       +
                       id="token"

     

       430
       430
       +
                       name="token"

     

       431
       431
       +
                       placeholder="Paste your token here..."

     

       432
       432
       +
                       required

     

       433
       433
       +
                   ></textarea>

     

       434
       434
       +
                 </div>

     

       435
       435
       +
                 <button type="submit" class="submit-btn" id="submitBtn">

     

       436
       436
       +
                     Complete Authentication

     

       437
       437
       +
                 </button>

     

       438
       438
       +
               </form>

     

       439
       439
       +
       

     

       440
       440
       +
               <div id="status" class="status"></div>

     

       441
       441
       +
           </div>

     

       442
       442
       +
       

     

       443
       443
       +
           <script>

     

       444
       444
       +
               document.getElementById('tokenForm').addEventListener('submit', function(e) {

     

       445
       445
       +
                   e.preventDefault();

     

       446
       446
       +
       

     

       447
       447
       +
                   const token = document.getElementById('token').value.trim();

     

       448
       448
       +
                   if (!token) {

     

       449
       449
       +
                       showStatus('Please paste your authorization token', 'error');

     

       450
       450
       +
                       return;

     

       451
       451
       +
                   }

     

       452
       452
       +
       

     

       453
       453
       +
                   // Ensure token has content before creating file

     

       454
       454
       +
                   if (token.length > 0) {

     

       455
       455
       +
                       // Save the token as a downloadable file

     

       456
       456
       +
                       const blob = new Blob([token], { type: 'text/plain' });

     

       457
       457
       +
                       const a = document.createElement('a');

     

       458
       458
       +
                       a.href = URL.createObjectURL(blob);

     

       459
       459
       +
                       a.download = "anthropic_token.txt";

     

       460
       460
       +
                       document.body.appendChild(a); // Append to body to ensure it works in all browsers

     

       461
       461
       +
                       a.click();

     

       462
       462
       +
                       document.body.removeChild(a); // Clean up

     

       463
       463
       +
       

     

       464
       464
       +
                       // Verify file creation

     

       465
       465
       +
                       console.log("Token file created with content length: " + token.length);

     

       466
       466
       +
                   } else {

     

       467
       467
       +
                       showStatus('Empty token detected, please provide a valid token', 'error');

     

       468
       468
       +
                       return;

     

       469
       469
       +
                   }

     

       470
       470
       +
       

     

       471
       471
       +
                   document.getElementById('submitBtn').disabled = true;

     

       472
       472
       +
                   document.getElementById('submitBtn').textContent = "Token saved, you may close this tab.";

     

       473
       473
       +
                   showStatus('Token file downloaded! You can close this window.', 'success');

     

       474
       474
       +
       

     

       475
       475
       +
                   // setTimeout(() => {

     

       476
       476
       +
                   //     window.close();

     

       477
       477
       +
                   // }, 2000);

     

       478
       478
       +
               });

     

       479
       479
       +
       

     

       480
       480
       +
               function showStatus(message, type) {

     

       481
       481
       +
                   const status = document.getElementById('status');

     

       482
       482
       +
                   status.textContent = message;

     

       483
       483
       +
                   status.className = 'status ' + type;

     

       484
       484
       +
                   status.style.display = 'block';

     

       485
       485
       +
               }

     

       486
       486
       +
       

     

       487
       487
       +
               // Auto-close after 10 minutes

     

       488
       488
       +
               setTimeout(() => {

     

       489
       489
       +
                   window.close();

     

       490
       490
       +
               }, 600000);

     

       491
       491
       +
           </script>

     

       492
       492
       +
       </body>

     

       493
       493
       +
       </html>

     

       494
       494
       +
       EOF

     

       495
       495
       +
       

     

       496
       496
       +
       # Open the HTML file

     

       497
       497
       +
       if command -v xdg-open >/dev/null 2>&1; then

     

       498
       498
       +
         xdg-open "$TEMP_HTML" >/dev/null 2>&1 &

     

       499
       499
       +
       elif command -v open >/dev/null 2>&1; then

     

       500
       500
       +
         open "$TEMP_HTML" >/dev/null 2>&1 &

     

       501
       501
       +
       elif command -v start >/dev/null 2>&1; then

     

       502
       502
       +
         start "$TEMP_HTML" >/dev/null 2>&1 &

     

       503
       503
       +
       fi

     

       504
       504
       +
       

     

       505
       505
       +
       # Wait for user to download the token file

     

       506
       506
       +
       TOKEN_FILE="$HOME/Downloads/anthropic_token.txt"

     

       507
       507
       +
       

     

       508
       508
       +
       for i in $(seq 1 60); do

     

       509
       509
       +
         if [ -f "$TOKEN_FILE" ]; then

     

       510
       510
       +
           AUTH_CODE=$(cat "$TOKEN_FILE" | tr -d '\r\n')

     

       511
       511
       +
           rm -f "$TOKEN_FILE"

     

       512
       512
       +
           break

     

       513
       513
       +
         fi

     

       514
       514
       +
         sleep 2

     

       515
       515
       +
       done

     

       516
       516
       +
       

     

       517
       517
       +
       # Clean up the temporary HTML file

     

       518
       518
       +
       rm -f "$TEMP_HTML"

     

       519
       519
       +
       

     

       520
       520
       +
       if [ -z "$AUTH_CODE" ]; then

     

       521
       521
       +
         exit 1

     

       522
       522
       +
       fi

     

       523
       523
       +
       

     

       524
       524
       +
       # Exchange code for tokens

     

       525
       525
       +
       ACCESS_TOKEN=$(exchange_authorization_code "$AUTH_CODE" "$VERIFIER")

     

       526
       526
       +
       if [ -n "$ACCESS_TOKEN" ]; then

     

       527
       527
       +
         echo "$ACCESS_TOKEN"

     

       528
       528
       +
         exit 0

     

       529
       529
       +
       else

     

       530
       530
       +
         exit 1

     

       531
       531
       +
       fi

+314

bin/anthropic.ts

···

       1
       1
       +
       #!/usr/bin/env bun

     

       2
       2
       +
       

     

       3
       3
       +
       import { serve } from "bun";

     

       4
       4
       +
       

     

       5
       5
       +
       const PORT = Number(Bun.env.PORT || 8787);

     

       6
       6
       +
       const ROOT = new URL("../", import.meta.url).pathname;

     

       7
       7
       +
       const PUBLIC_DIR = `${ROOT}public`;

     

       8
       8
       +
       

     

       9
       9
       +
       function notFound() {

     

       10
       10
       +
         return new Response("Not found", { status: 404 });

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       async function serveStatic(pathname: string) {

     

       14
       14
       +
         const filePath = PUBLIC_DIR + (pathname === "/" ? "/index.html" : pathname);

     

       15
       15
       +
         try {

     

       16
       16
       +
           const file = Bun.file(filePath);

     

       17
       17
       +
           if (!(await file.exists())) return null;

     

       18
       18
       +
           return new Response(file);

     

       19
       19
       +
         } catch {

     

       20
       20
       +
           return null;

     

       21
       21
       +
         }

     

       22
       22
       +
       }

     

       23
       23
       +
       

     

       24
       24
       +
       function json(data: unknown, init: ResponseInit = {}) {

     

       25
       25
       +
         return new Response(JSON.stringify(data), {

     

       26
       26
       +
           headers: { "content-type": "application/json", ...(init.headers || {}) },

     

       27
       27
       +
           ...init,

     

       28
       28
       +
         });

     

       29
       29
       +
       }

     

       30
       30
       +
       

     

       31
       31
       +
       function authorizeUrl(verifier: string, challenge: string) {

     

       32
       32
       +
         const u = new URL("https://claude.ai/oauth/authorize");

     

       33
       33
       +
         u.searchParams.set("response_type", "code");

     

       34
       34
       +
         u.searchParams.set("client_id", CLIENT_ID);

     

       35
       35
       +
         u.searchParams.set(

     

       36
       36
       +
           "redirect_uri",

     

       37
       37
       +
           "https://console.anthropic.com/oauth/code/callback",

     

       38
       38
       +
         );

     

       39
       39
       +
         u.searchParams.set("scope", "org:create_api_key user:profile user:inference");

     

       40
       40
       +
         u.searchParams.set("code_challenge", challenge);

     

       41
       41
       +
         u.searchParams.set("code_challenge_method", "S256");

     

       42
       42
       +
         u.searchParams.set("state", verifier);

     

       43
       43
       +
         return u.toString();

     

       44
       44
       +
       }

     

       45
       45
       +
       

     

       46
       46
       +
       function base64url(input: ArrayBuffer | Uint8Array) {

     

       47
       47
       +
         const buf = input instanceof Uint8Array ? input : new Uint8Array(input);

     

       48
       48
       +
         return Buffer.from(buf)

     

       49
       49
       +
           .toString("base64")

     

       50
       50
       +
           .replace(/=/g, "")

     

       51
       51
       +
           .replace(/\+/g, "-")

     

       52
       52
       +
           .replace(/\//g, "_");

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       async function pkcePair() {

     

       56
       56
       +
         const bytes = crypto.getRandomValues(new Uint8Array(32));

     

       57
       57
       +
         const verifier = base64url(bytes);

     

       58
       58
       +
         const digest = await crypto.subtle.digest(

     

       59
       59
       +
           "SHA-256",

     

       60
       60
       +
           new TextEncoder().encode(verifier),

     

       61
       61
       +
         );

     

       62
       62
       +
         const challenge = base64url(digest as ArrayBuffer);

     

       63
       63
       +
         return { verifier, challenge };

     

       64
       64
       +
       }

     

       65
       65
       +
       

     

       66
       66
       +
       const CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";

     

       67
       67
       +
       

     

       68
       68
       +
       async function exchangeRefreshToken(refreshToken: string) {

     

       69
       69
       +
         const res = await fetch("https://console.anthropic.com/v1/oauth/token", {

     

       70
       70
       +
           method: "POST",

     

       71
       71
       +
           headers: {

     

       72
       72
       +
             "content-type": "application/json",

     

       73
       73
       +
             "user-agent": "CRUSH/1.0",

     

       74
       74
       +
           },

     

       75
       75
       +
           body: JSON.stringify({

     

       76
       76
       +
             grant_type: "refresh_token",

     

       77
       77
       +
             refresh_token: refreshToken,

     

       78
       78
       +
             client_id: CLIENT_ID,

     

       79
       79
       +
           }),

     

       80
       80
       +
         });

     

       81
       81
       +
         if (!res.ok) throw new Error(`refresh failed: ${res.status}`);

     

       82
       82
       +
         return (await res.json()) as {

     

       83
       83
       +
           access_token: string;

     

       84
       84
       +
           refresh_token?: string;

     

       85
       85
       +
           expires_in: number;

     

       86
       86
       +
         };

     

       87
       87
       +
       }

     

       88
       88
       +
       

     

       89
       89
       +
       function cleanPastedCode(input: string) {

     

       90
       90
       +
         let v = input.trim();

     

       91
       91
       +
         v = v.replace(/^code\s*[:=]\s*/i, "");

     

       92
       92
       +
         v = v.replace(/^["'`]/, "").replace(/["'`]$/, "");

     

       93
       93
       +
         const m = v.match(/[A-Za-z0-9._~-]+(?:#[A-Za-z0-9._~-]+)?/);

     

       94
       94
       +
         if (m) return m[0];

     

       95
       95
       +
         return v;

     

       96
       96
       +
       }

     

       97
       97
       +
       

     

       98
       98
       +
       async function exchangeAuthorizationCode(code: string, verifier: string) {

     

       99
       99
       +
         const cleaned = cleanPastedCode(code);

     

       100
       100
       +
         const [pure, state = ""] = cleaned.split("#");

     

       101
       101
       +
         const body = {

     

       102
       102
       +
           code: pure ?? "",

     

       103
       103
       +
           state: state ?? "",

     

       104
       104
       +
           grant_type: "authorization_code",

     

       105
       105
       +
           client_id: CLIENT_ID,

     

       106
       106
       +
           redirect_uri: "https://console.anthropic.com/oauth/code/callback",

     

       107
       107
       +
           code_verifier: verifier,

     

       108
       108
       +
         } satisfies Record<string, string>;

     

       109
       109
       +
         const res = await fetch("https://console.anthropic.com/v1/oauth/token", {

     

       110
       110
       +
           method: "POST",

     

       111
       111
       +
           headers: {

     

       112
       112
       +
             "content-type": "application/json",

     

       113
       113
       +
             "user-agent": "CRUSH/1.0",

     

       114
       114
       +
           },

     

       115
       115
       +
           body: JSON.stringify(body),

     

       116
       116
       +
         });

     

       117
       117
       +
         if (!res.ok) throw new Error(`code exchange failed: ${res.status}`);

     

       118
       118
       +
         return (await res.json()) as {

     

       119
       119
       +
           access_token: string;

     

       120
       120
       +
           refresh_token: string;

     

       121
       121
       +
           expires_in: number;

     

       122
       122
       +
         };

     

       123
       123
       +
       }

     

       124
       124
       +
       

     

       125
       125
       +
       const memory = new Map<

     

       126
       126
       +
         string,

     

       127
       127
       +
         { accessToken: string; refreshToken: string; expiresAt: number }

     

       128
       128
       +
       >();

     

       129
       129
       +
       

     

       130
       130
       +
       const HOME = Bun.env.HOME || Bun.env.USERPROFILE || ".";

     

       131
       131
       +
       const CACHE_DIR = `${HOME}/.config/crush/anthropic`;

     

       132
       132
       +
       const BEARER_FILE = `${CACHE_DIR}/bearer_token`;

     

       133
       133
       +
       const REFRESH_FILE = `${CACHE_DIR}/refresh_token`;

     

       134
       134
       +
       const EXPIRES_FILE = `${CACHE_DIR}/bearer_token.expires`;

     

       135
       135
       +
       

     

       136
       136
       +
       async function ensureDir() {

     

       137
       137
       +
         await Bun.$`mkdir -p ${CACHE_DIR}`;

     

       138
       138
       +
       }

     

       139
       139
       +
       

     

       140
       140
       +
       async function writeSecret(path: string, data: string) {

     

       141
       141
       +
         await Bun.write(path, data);

     

       142
       142
       +
         await Bun.$`chmod 600 ${path}`;

     

       143
       143
       +
       }

     

       144
       144
       +
       

     

       145
       145
       +
       async function readText(path: string) {

     

       146
       146
       +
         const f = Bun.file(path);

     

       147
       147
       +
         if (!(await f.exists())) return undefined;

     

       148
       148
       +
         return await f.text();

     

       149
       149
       +
       }

     

       150
       150
       +
       

     

       151
       151
       +
       async function loadFromDisk() {

     

       152
       152
       +
         const [bearer, refresh, expires] = await Promise.all([

     

       153
       153
       +
           readText(BEARER_FILE),

     

       154
       154
       +
           readText(REFRESH_FILE),

     

       155
       155
       +
           readText(EXPIRES_FILE),

     

       156
       156
       +
         ]);

     

       157
       157
       +
         if (!bearer || !refresh || !expires) return undefined;

     

       158
       158
       +
         const exp = Number.parseInt(expires, 10) || 0;

     

       159
       159
       +
         return {

     

       160
       160
       +
           accessToken: bearer.trim(),

     

       161
       161
       +
           refreshToken: refresh.trim(),

     

       162
       162
       +
           expiresAt: exp,

     

       163
       163
       +
         };

     

       164
       164
       +
       }

     

       165
       165
       +
       

     

       166
       166
       +
       async function saveToDisk(entry: {

     

       167
       167
       +
         accessToken: string;

     

       168
       168
       +
         refreshToken: string;

     

       169
       169
       +
         expiresAt: number;

     

       170
       170
       +
       }) {

     

       171
       171
       +
         await ensureDir();

     

       172
       172
       +
         await writeSecret(BEARER_FILE, `${entry.accessToken}\n`);

     

       173
       173
       +
         await writeSecret(REFRESH_FILE, `${entry.refreshToken}\n`);

     

       174
       174
       +
         await writeSecret(EXPIRES_FILE, `${String(entry.expiresAt)}\n`);

     

       175
       175
       +
       }

     

       176
       176
       +
       

     

       177
       177
       +
       let serverStarted = false;

     

       178
       178
       +
       

     

       179
       179
       +
       async function bootstrapFromDisk() {

     

       180
       180
       +
         const entry = await loadFromDisk();

     

       181
       181
       +
         if (!entry) return false;

     

       182
       182
       +
         const now = Math.floor(Date.now() / 1000);

     

       183
       183
       +
         if (now < entry.expiresAt - 60) {

     

       184
       184
       +
           Bun.write(Bun.stdout, `${entry.accessToken}\n`);

     

       185
       185
       +
           setTimeout(() => process.exit(0), 50);

     

       186
       186
       +
           memory.set("tokens", entry);

     

       187
       187
       +
           return true;

     

       188
       188
       +
         }

     

       189
       189
       +
         try {

     

       190
       190
       +
           const refreshed = await exchangeRefreshToken(entry.refreshToken);

     

       191
       191
       +
           entry.accessToken = refreshed.access_token;

     

       192
       192
       +
           entry.expiresAt = Math.floor(Date.now() / 1000) + refreshed.expires_in;

     

       193
       193
       +
           if (refreshed.refresh_token) entry.refreshToken = refreshed.refresh_token;

     

       194
       194
       +
           await saveToDisk(entry);

     

       195
       195
       +
           memory.set("tokens", entry);

     

       196
       196
       +
           Bun.write(Bun.stdout, `${entry.accessToken}\n`);

     

       197
       197
       +
           setTimeout(() => process.exit(0), 50);

     

       198
       198
       +
           return true;

     

       199
       199
       +
         } catch {

     

       200
       200
       +
           return false;

     

       201
       201
       +
         }

     

       202
       202
       +
       }

     

       203
       203
       +
       

     

       204
       204
       +
       await bootstrapFromDisk();

     

       205
       205
       +
       

     

       206
       206
       +
       const argv = process.argv.slice(2);

     

       207
       207
       +
       if (argv.includes("-h") || argv.includes("--help")) {

     

       208
       208
       +
         Bun.write(Bun.stdout, `Usage: anthropic\n\n`);

     

       209
       209
       +
         Bun.write(Bun.stdout, `  anthropic                Start UI and flow; prints token on success and exits.\n`);

     

       210
       210
       +
         Bun.write(Bun.stdout, `  PORT=xxxx anthropic      Override port (default 8787).\n`);

     

       211
       211
       +
         Bun.write(Bun.stdout, `\nTokens are cached at ~/.config/crush/anthropic and reused on later runs.\n`);

     

       212
       212
       +
         process.exit(0);

     

       213
       213
       +
       }

     

       214
       214
       +
       

     

       215
       215
       +
       serve({

     

       216
       216
       +
         port: PORT,

     

       217
       217
       +
         development: { console: false },

     

       218
       218
       +
         async fetch(req) {

     

       219
       219
       +
           const url = new URL(req.url);

     

       220
       220
       +
       

     

       221
       221
       +
           if (url.pathname.startsWith("/api/")) {

     

       222
       222
       +
             if (url.pathname === "/api/ping")

     

       223
       223
       +
               return json({ ok: true, ts: Date.now() });

     

       224
       224
       +
       

     

       225
       225
       +
             if (url.pathname === "/api/auth/start" && req.method === "POST") {

     

       226
       226
       +
               const { verifier, challenge } = await pkcePair();

     

       227
       227
       +
               const authUrl = authorizeUrl(verifier, challenge);

     

       228
       228
       +
               return json({ authUrl, verifier });

     

       229
       229
       +
             }

     

       230
       230
       +
       

     

       231
       231
       +
             if (url.pathname === "/api/auth/complete" && req.method === "POST") {

     

       232
       232
       +
               const body = (await req.json().catch(() => ({}))) as {

     

       233
       233
       +
                 code?: string;

     

       234
       234
       +
                 verifier?: string;

     

       235
       235
       +
               };

     

       236
       236
       +
               const code = String(body.code ?? "");

     

       237
       237
       +
               const verifier = String(body.verifier ?? "");

     

       238
       238
       +
               if (!code || !verifier)

     

       239
       239
       +
                 return json({ error: "missing code or verifier" }, { status: 400 });

     

       240
       240
       +
               const tokens = await exchangeAuthorizationCode(code, verifier);

     

       241
       241
       +
               const expiresAt =

     

       242
       242
       +
                 Math.floor(Date.now() / 1000) + (tokens.expires_in ?? 0);

     

       243
       243
       +
               const entry = {

     

       244
       244
       +
                 accessToken: tokens.access_token,

     

       245
       245
       +
                 refreshToken: tokens.refresh_token,

     

       246
       246
       +
                 expiresAt,

     

       247
       247
       +
               };

     

       248
       248
       +
               memory.set("tokens", entry);

     

       249
       249
       +
               await saveToDisk(entry);

     

       250
       250
       +
               Bun.write(Bun.stdout, `${entry.accessToken}\n`);

     

       251
       251
       +
               setTimeout(() => process.exit(0), 100);

     

       252
       252
       +
               return json({ ok: true });

     

       253
       253
       +
             }

     

       254
       254
       +
       

     

       255
       255
       +
             if (url.pathname === "/api/token" && req.method === "GET") {

     

       256
       256
       +
               let entry = memory.get("tokens");

     

       257
       257
       +
               if (!entry) {

     

       258
       258
       +
                 const disk = await loadFromDisk();

     

       259
       259
       +
                 if (disk) {

     

       260
       260
       +
                   entry = disk;

     

       261
       261
       +
                   memory.set("tokens", entry);

     

       262
       262
       +
                 }

     

       263
       263
       +
               }

     

       264
       264
       +
               if (!entry)

     

       265
       265
       +
                 return json({ error: "not_authenticated" }, { status: 401 });

     

       266
       266
       +
               const now = Math.floor(Date.now() / 1000);

     

       267
       267
       +
               if (now >= entry.expiresAt - 60) {

     

       268
       268
       +
                 const refreshed = await exchangeRefreshToken(entry.refreshToken);

     

       269
       269
       +
                 entry.accessToken = refreshed.access_token;

     

       270
       270
       +
                 entry.expiresAt =

     

       271
       271
       +
                   Math.floor(Date.now() / 1000) + refreshed.expires_in;

     

       272
       272
       +
                 if (refreshed.refresh_token)

     

       273
       273
       +
                   entry.refreshToken = refreshed.refresh_token;

     

       274
       274
       +
                 memory.set("tokens", entry);

     

       275
       275
       +
                 await saveToDisk(entry);

     

       276
       276
       +
               }

     

       277
       277
       +
               return json({

     

       278
       278
       +
                 accessToken: entry.accessToken,

     

       279
       279
       +
                 expiresAt: entry.expiresAt,

     

       280
       280
       +
               });

     

       281
       281
       +
             }

     

       282
       282
       +
       

     

       283
       283
       +
             return notFound();

     

       284
       284
       +
           }

     

       285
       285
       +
       

     

       286
       286
       +
           const staticResp = await serveStatic(url.pathname);

     

       287
       287
       +
           if (staticResp) return staticResp;

     

       288
       288
       +
       

     

       289
       289
       +
           return notFound();

     

       290
       290
       +
         },

     

       291
       291
       +
         error() {},

     

       292
       292
       +
       });

     

       293
       293
       +
       

     

       294
       294
       +
       if (!serverStarted) {

     

       295
       295
       +
         serverStarted = true;

     

       296
       296
       +
         const url = `http://localhost:${PORT}`;

     

       297
       297
       +
         const tryRun = async (cmd: string, ...args: string[]) => {

     

       298
       298
       +
           try {

     

       299
       299
       +
             await Bun.$`${[cmd, ...args]}`.quiet();

     

       300
       300
       +
             return true;

     

       301
       301
       +
           } catch {

     

       302
       302
       +
             return false;

     

       303
       303
       +
           }

     

       304
       304
       +
         };

     

       305
       305
       +
         (async () => {

     

       306
       306
       +
           if (process.platform === "darwin") {

     

       307
       307
       +
             if (await tryRun("open", url)) return;

     

       308
       308
       +
           } else if (process.platform === "win32") {

     

       309
       309
       +
             if (await tryRun("cmd", "/c", "start", "", url)) return;

     

       310
       310
       +
           } else {

     

       311
       311
       +
             if (await tryRun("xdg-open", url)) return;

     

       312
       312
       +
           }

     

       313
       313
       +
         })();

     

       314
       314
       +
       }

+23

bin/open.ts

···

       1
       1
       +
       #!/usr/bin/env bun

     

       2
       2
       +
       

     

       3
       3
       +
       const PORT = Number(Bun.env.PORT || 8787);

     

       4
       4
       +
       

     

       5
       5
       +
       async function open(url: string) {

     

       6
       6
       +
         const tryRun = async (cmd: string, ...args: string[]) => {

     

       7
       7
       +
           try {

     

       8
       8
       +
             await Bun.$`${[cmd, ...args]}`.quiet();

     

       9
       9
       +
             return true;

     

       10
       10
       +
           } catch {

     

       11
       11
       +
             return false;

     

       12
       12
       +
           }

     

       13
       13
       +
         };

     

       14
       14
       +
         if (process.platform === "darwin") {

     

       15
       15
       +
           if (await tryRun("open", url)) return;

     

       16
       16
       +
         } else if (process.platform === "win32") {

     

       17
       17
       +
           if (await tryRun("cmd", "/c", "start", "", url)) return;

     

       18
       18
       +
         } else {

     

       19
       19
       +
           if (await tryRun("xdg-open", url)) return;

     

       20
       20
       +
         }

     

       21
       21
       +
       }

     

       22
       22
       +
       

     

       23
       23
       +
       await open(`http://localhost:${PORT}`);

+29

bun.lock

···

       1
       1
       +
       {

     

       2
       2
       +
         "lockfileVersion": 1,

     

       3
       3
       +
         "workspaces": {

     

       4
       4
       +
           "": {

     

       5
       5
       +
             "name": "anthropic-api-key",

     

       6
       6
       +
             "devDependencies": {

     

       7
       7
       +
               "@types/bun": "latest",

     

       8
       8
       +
             },

     

       9
       9
       +
             "peerDependencies": {

     

       10
       10
       +
               "typescript": "^5",

     

       11
       11
       +
             },

     

       12
       12
       +
           },

     

       13
       13
       +
         },

     

       14
       14
       +
         "packages": {

     

       15
       15
       +
           "@types/bun": ["@types/bun@1.2.19", "", { "dependencies": { "bun-types": "1.2.19" } }, "sha512-d9ZCmrH3CJ2uYKXQIUuZ/pUnTqIvLDS0SK7pFmbx8ma+ziH/FRMoAq5bYpRG7y+w1gl+HgyNZbtqgMq4W4e2Lg=="],

     

       16
       16
       +
       

     

       17
       17
       +
           "@types/node": ["@types/node@24.1.0", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w=="],

     

       18
       18
       +
       

     

       19
       19
       +
           "@types/react": ["@types/react@19.1.9", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-WmdoynAX8Stew/36uTSVMcLJJ1KRh6L3IZRx1PZ7qJtBqT3dYTgyDTx8H1qoRghErydW7xw9mSJ3wS//tCRpFA=="],

     

       20
       20
       +
       

     

       21
       21
       +
           "bun-types": ["bun-types@1.2.19", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-uAOTaZSPuYsWIXRpj7o56Let0g/wjihKCkeRqUBhlLVM/Bt+Fj9xTo+LhC1OV1XDaGkz4hNC80et5xgy+9KTHQ=="],

     

       22
       22
       +
       

     

       23
       23
       +
           "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],

     

       24
       24
       +
       

     

       25
       25
       +
           "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],

     

       26
       26
       +
       

     

       27
       27
       +
           "undici-types": ["undici-types@7.8.0", "", {}, "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw=="],

     

       28
       28
       +
         }

     

       29
       29
       +
       }

+12

crush.json

···

       1
       1
       +
       {

     

       2
       2
       +
         "$schema": "https://charm.land/crush.json",

     

       3
       3
       +
         "lsp": {

     

       4
       4
       +
           "biome": {

     

       5
       5
       +
             "command": "npx",

     

       6
       6
       +
             "args": [

     

       7
       7
       +
               "biome",

     

       8
       8
       +
               "lsp-proxy"

     

       9
       9
       +
             ]

     

       10
       10
       +
           }

     

       11
       11
       +
         }

     

       12
       12
       +
       }

+35

package.json

···

       1
       1
       +
       {

     

       2
       2
       +
         "name": "anthropic-api-key",

     

       3
       3
       +
         "version": "0.1.0",

     

       4
       4
       +
         "description": "CLI to fetch Anthropic API access tokens via OAuth with PKCE using Bun.",

     

       5
       5
       +
         "type": "module",

     

       6
       6
       +
         "private": false,

     

       7
       7
       +
         "license": "MIT",

     

       8
       8
       +
         "author": "taciturnaxolotl",

     

       9
       9
       +
         "repository": {

     

       10
       10
       +
           "type": "git",

     

       11
       11
       +
           "url": "https://github.com/taciturnaxolotl/anthropic-api-key.git"

     

       12
       12
       +
         },

     

       13
       13
       +
         "bugs": {

     

       14
       14
       +
           "url": "https://github.com/taciturnaxolotl/anthropic-api-key/issues"

     

       15
       15
       +
         },

     

       16
       16
       +
         "homepage": "https://github.com/taciturnaxolotl/anthropic-api-key#readme",

     

       17
       17
       +
         "bin": {

     

       18
       18
       +
           "anthropic": "dist/anthropic.js"

     

       19
       19
       +
         },

     

       20
       20
       +
         "exports": {

     

       21
       21
       +
           ".": "./dist/anthropic.js"

     

       22
       22
       +
         },

     

       23
       23
       +
         "files": [

     

       24
       24
       +
           "dist",

     

       25
       25
       +
           "public"

     

       26
       26
       +
         ],

     

       27
       27
       +
         "scripts": {

     

       28
       28
       +
           "build": "bun build bin/anthropic.ts --outdir=dist --target=bun --sourcemap=external",

     

       29
       29
       +
           "prepare": "bun run build"

     

       30
       30
       +
         },

     

       31
       31
       +
         "devDependencies": {

     

       32
       32
       +
           "@types/bun": "latest",

     

       33
       33
       +
           "typescript": "^5"

     

       34
       34
       +
         }

     

       35
       35
       +
       }

+181

public/index.html

···

       1
       1
       +
       <!doctype html>

     

       2
       2
       +
       <html>

     

       3
       3
       +
           <head>

     

       4
       4
       +
               <meta charset="utf-8" />

     

       5
       5
       +
               <meta name="viewport" content="width=device-width, initial-scale=1" />

     

       6
       6
       +
               <title>Anthropic Auth</title>

     

       7
       7
       +
               <style>

     

       8
       8
       +
                   body {

     

       9
       9
       +
                       font-family:

     

       10
       10
       +
                           system-ui,

     

       11
       11
       +
                           -apple-system,

     

       12
       12
       +
                           Segoe UI,

     

       13
       13
       +
                           Roboto,

     

       14
       14
       +
                           Ubuntu,

     

       15
       15
       +
                           Cantarell,

     

       16
       16
       +
                           Noto Sans,

     

       17
       17
       +
                           sans-serif;

     

       18
       18
       +
                       background: #0f0f10;

     

       19
       19
       +
                       color: #fff;

     

       20
       20
       +
                       margin: 0;

     

       21
       21
       +
                       display: flex;

     

       22
       22
       +
                       min-height: 100vh;

     

       23
       23
       +
                       align-items: center;

     

       24
       24
       +
                       justify-content: center;

     

       25
       25
       +
                   }

     

       26
       26
       +
                   .card {

     

       27
       27
       +
                       background: #1a1a1b;

     

       28
       28
       +
                       border: 1px solid #2b2b2c;

     

       29
       29
       +
                       border-radius: 14px;

     

       30
       30
       +
                       padding: 28px;

     

       31
       31
       +
                       max-width: 560px;

     

       32
       32
       +
                       width: 100%;

     

       33
       33
       +
                   }

     

       34
       34
       +
                   h1 {

     

       35
       35
       +
                       margin: 0 0 8px;

     

       36
       36
       +
                   }

     

       37
       37
       +
                   p {

     

       38
       38
       +
                       color: #9aa0a6;

     

       39
       39
       +
                   }

     

       40
       40
       +
                   button,

     

       41
       41
       +
                   a.button {

     

       42
       42
       +
                       background: linear-gradient(135deg, #ff6b35, #ff8e53);

     

       43
       43
       +
                       color: #fff;

     

       44
       44
       +
                       border: none;

     

       45
       45
       +
                       border-radius: 10px;

     

       46
       46
       +
                       padding: 12px 16px;

     

       47
       47
       +
                       font-weight: 600;

     

       48
       48
       +
                       cursor: pointer;

     

       49
       49
       +
                       text-decoration: none;

     

       50
       50
       +
                       display: inline-block;

     

       51
       51
       +
                   }

     

       52
       52
       +
                   textarea {

     

       53
       53
       +
                       width: 100%;

     

       54
       54
       +
                       min-height: 120px;

     

       55
       55
       +
                       background: #111;

     

       56
       56
       +
                       border: 1px solid #2b2b2c;

     

       57
       57
       +
                       border-radius: 10px;

     

       58
       58
       +
                       color: #fff;

     

       59
       59
       +
                       padding: 10px;

     

       60
       60
       +
                   }

     

       61
       61
       +
                   .row {

     

       62
       62
       +
                       margin: 16px 0;

     

       63
       63
       +
                   }

     

       64
       64
       +
                   .muted {

     

       65
       65
       +
                       color: #9aa0a6;

     

       66
       66
       +
                   }

     

       67
       67
       +
                   .status {

     

       68
       68
       +
                       margin-top: 8px;

     

       69
       69
       +
                       font-size: 14px;

     

       70
       70
       +
                   }

     

       71
       71
       +
               </style>

     

       72
       72
       +
           </head>

     

       73
       73
       +
           <body>

     

       74
       74
       +
               <div class="card">

     

       75
       75
       +
                   <h1>Anthropic Authentication</h1>

     

       76
       76
       +
                   <p class="muted">

     

       77
       77
       +
                       Start the OAuth flow, authorize in the new tab, then paste the

     

       78
       78
       +
                       returned token here.

     

       79
       79
       +
                   </p>

     

       80
       80
       +
       

     

       81
       81
       +
                   <div class="row">

     

       82
       82
       +
                       <a

     

       83
       83
       +
                           id="authlink"

     

       84
       84
       +
                           class="button"

     

       85
       85
       +
                           href="#"

     

       86
       86
       +
                           target="_blank"

     

       87
       87
       +
                           style="display: none"

     

       88
       88
       +
                           >Open Anthropic Authorization</a

     

       89
       89
       +
                       >

     

       90
       90
       +
                   </div>

     

       91
       91
       +
       

     

       92
       92
       +
                   <div class="row">

     

       93
       93
       +
                       <label for="code">Authorization code</label>

     

       94
       94
       +
                       <textarea

     

       95
       95
       +
                           id="code"

     

       96
       96
       +
                           placeholder="Paste the exact code shown by Anthropic (not a URL). If it includes a #, keep the part after it too."

     

       97
       97
       +
                       ></textarea>

     

       98
       98
       +
                   </div>

     

       99
       99
       +
       

     

       100
       100
       +
                   <div class="row">

     

       101
       101
       +
                       <button id="complete">Complete Authentication</button>

     

       102
       102
       +
                   </div>

     

       103
       103
       +
       

     

       104
       104
       +
                   <div id="status" class="status"></div>

     

       105
       105
       +
               </div>

     

       106
       106
       +
       

     

       107
       107
       +
               <script>

     

       108
       108
       +
                   let verifier = "";

     

       109
       109
       +
                   const statusEl = document.getElementById("status");

     

       110
       110
       +
       

     

       111
       111
       +
                   function setStatus(msg, ok) {

     

       112
       112
       +
                       statusEl.textContent = msg;

     

       113
       113
       +
                       statusEl.style.color = ok ? "#34a853" : "#ea4335";

     

       114
       114
       +
                   }

     

       115
       115
       +
       

     

       116
       116
       +
                   (async () => {

     

       117
       117
       +
                       setStatus("Preparing authorization...", true);

     

       118
       118
       +
                       const res = await fetch("/api/auth/start", { method: "POST" });

     

       119
       119
       +
                       if (!res.ok) {

     

       120
       120
       +
                           setStatus("Failed to prepare auth", false);

     

       121
       121
       +
                           return;

     

       122
       122
       +
                       }

     

       123
       123
       +
                       const data = await res.json();

     

       124
       124
       +
                       verifier = data.verifier;

     

       125
       125
       +
                       const a = document.getElementById("authlink");

     

       126
       126
       +
                       a.href = data.authUrl;

     

       127
       127
       +
                       a.style.display = "inline-block";

     

       128
       128
       +
                       setStatus(

     

       129
       129
       +
                           'Ready. Click "Open Authorization" to continue.',

     

       130
       130
       +
                           true,

     

       131
       131
       +
                       );

     

       132
       132
       +
                   })();

     

       133
       133
       +
       

     

       134
       134
       +
                   const completeBtn = document.getElementById("complete");

     

       135
       135
       +
                   document

     

       136
       136
       +
                       .getElementById("complete")

     

       137
       137
       +
                       .addEventListener("click", async () => {

     

       138
       138
       +
                           if (completeBtn.disabled) return;

     

       139
       139
       +
                           completeBtn.disabled = true;

     

       140
       140
       +
                           const code = document.getElementById("code").value.trim();

     

       141
       141
       +
                           if (!code || !verifier) {

     

       142
       142
       +
                               setStatus(

     

       143
       143
       +
                                   "Missing code or verifier. Click Start first.",

     

       144
       144
       +
                                   false,

     

       145
       145
       +
                               );

     

       146
       146
       +
                               completeBtn.disabled = false;

     

       147
       147
       +
                               return;

     

       148
       148
       +
                           }

     

       149
       149
       +
                           const res = await fetch("/api/auth/complete", {

     

       150
       150
       +
                               method: "POST",

     

       151
       151
       +
                               headers: { "content-type": "application/json" },

     

       152
       152
       +
                               body: JSON.stringify({ code, verifier }),

     

       153
       153
       +
                           });

     

       154
       154
       +
                           if (!res.ok) {

     

       155
       155
       +
                               setStatus("Code exchange failed", false);

     

       156
       156
       +
                               completeBtn.disabled = false;

     

       157
       157
       +
                               return;

     

       158
       158
       +
                           }

     

       159
       159
       +
                           setStatus("Authenticated! Fetching token...", true);

     

       160
       160
       +
                           const t = await fetch("/api/token");

     

       161
       161
       +
                           if (!t.ok) {

     

       162
       162
       +
                               setStatus("Could not fetch token", false);

     

       163
       163
       +
                               completeBtn.disabled = false;

     

       164
       164
       +
                               return;

     

       165
       165
       +
                           }

     

       166
       166
       +
                           const tok = await t.json();

     

       167
       167
       +
                           setStatus(

     

       168
       168
       +
                               "Access token acquired (expires " +

     

       169
       169
       +
                                   new Date(tok.expiresAt * 1000).toLocaleString() +

     

       170
       170
       +
                                   ")",

     

       171
       171
       +
                               true,

     

       172
       172
       +
                           );

     

       173
       173
       +
                           setTimeout(() => {

     

       174
       174
       +
                               try {

     

       175
       175
       +
                                   window.close();

     

       176
       176
       +
                               } catch {}

     

       177
       177
       +
                           }, 500);

     

       178
       178
       +
                       });

     

       179
       179
       +
               </script>

     

       180
       180
       +
           </body>

     

       181
       181
       +
       </html>

src/server.ts

···

       1
       1
       +
       export {};

+29

tsconfig.json

···

       1
       1
       +
       {

     

       2
       2
       +
         "compilerOptions": {

     

       3
       3
       +
           // Environment setup & latest features

     

       4
       4
       +
           "lib": ["ESNext"],

     

       5
       5
       +
           "target": "ESNext",

     

       6
       6
       +
           "module": "Preserve",

     

       7
       7
       +
           "moduleDetection": "force",

     

       8
       8
       +
           "jsx": "react-jsx",

     

       9
       9
       +
           "allowJs": true,

     

       10
       10
       +
       

     

       11
       11
       +
           // Bundler mode

     

       12
       12
       +
           "moduleResolution": "bundler",

     

       13
       13
       +
           "allowImportingTsExtensions": true,

     

       14
       14
       +
           "verbatimModuleSyntax": true,

     

       15
       15
       +
           "noEmit": true,

     

       16
       16
       +
       

     

       17
       17
       +
           // Best practices

     

       18
       18
       +
           "strict": true,

     

       19
       19
       +
           "skipLibCheck": true,

     

       20
       20
       +
           "noFallthroughCasesInSwitch": true,

     

       21
       21
       +
           "noUncheckedIndexedAccess": true,

     

       22
       22
       +
           "noImplicitOverride": true,

     

       23
       23
       +
       

     

       24
       24
       +
           // Some stricter flags (disabled by default)

     

       25
       25
       +
           "noUnusedLocals": false,

     

       26
       26
       +
           "noUnusedParameters": false,

     

       27
       27
       +
           "noPropertyAccessFromIndexSignature": false

     

       28
       28
       +
         }

     

       29
       29
       +
       }