add token plan

Author: heimanba

packages/cli/src/commands/app/call.ts

@@ -102,11 +102,11 @@ export default defineCommand({
     }
 
     if (config.dryRun) {
-      emitResult({ endpoint: appCompletionEndpoint(config.baseUrl, appId), request: body }, format);
+      emitResult({ endpoint: appCompletionEndpoint(config, appId), request: body }, format);
       return;
     }
 
-    const url = appCompletionEndpoint(config.baseUrl, appId);
+    const url = appCompletionEndpoint(config, appId);
 
     if (shouldStream) {
       const headers: Record<string, string> = { "X-DashScope-SSE": "enable" };

packages/cli/src/commands/auth/login.ts

@@ -1,6 +1,9 @@
 import {
+  AUTH_MODES,
   BailianError,
+  CODING_PLAN_REGIONS,
   ExitCode,
+  TOKEN_PLAN_REGIONS,
   chatEndpoint,
   defineCommand,
   getConfigPath,
@@ -9,12 +12,16 @@ import {
   readConfigFile,
   requestJson,
   writeConfigFile,
+  type AuthMode,
+  type CodingPlanRegion,
   type Config,
   type GlobalFlags,
+  type TokenPlanRegion,
 } from "bailian-cli-core";
 import { printQuickStart } from "../../output/banner.ts";
 import { emitBare } from "../../output/output.ts";
 import { promptConfirm } from "../../output/prompt.ts";
+import { interactiveAuthSetup } from "../../utils/auth-wizard.ts";
 import { printCurrentCommandHelp } from "../../utils/command-help.ts";
 import { resolveConsoleOrigin, runConsoleLogin } from "./login-console.ts";
 
@@ -39,11 +46,26 @@ function canRetry(err: unknown): boolean {
   return false;
 }
 
-async function validateKeyAndPersist(config: Config, key: string): Promise<void> {
+async function validateKeyAndPersist(
+  config: Config,
+  key: string,
+  mode: AuthMode,
+  codingPlanRegion: CodingPlanRegion,
+  tokenPlanRegion: TokenPlanRegion,
+): Promise<void> {
   process.stderr.write("Testing key... ");
-  const testConfig = { ...config, apiKey: key };
+  const testConfig: Config = {
+    ...config,
+    activeAuthMode: mode,
+    apiKey: undefined,
+    fileApiKey: mode === "standard-api-key" ? key : undefined,
+    codingPlanApiKey: mode === "coding-plan" ? key : config.codingPlanApiKey,
+    codingPlanRegion,
+    tokenPlanApiKey: mode === "token-plan" ? key : config.tokenPlanApiKey,
+    tokenPlanRegion,
+  };
   const requestOpts = {
-    url: chatEndpoint(testConfig.baseUrl),
+    url: chatEndpoint(testConfig),
     method: "POST",
     timeout: Math.min(config.timeout, 30),
     body: {
@@ -64,7 +86,6 @@ async function validateKeyAndPersist(config: Config, key: string): Promise<void>
           cause: err,
         });
       }
-      // retry delay: 500ms, 1000ms, 2000ms
       const delayMs = RETRY_DELAY_BASE_MS * 2 ** (attempt - 1);
       await new Promise((resolve) => setTimeout(resolve, delayMs));
     }
@@ -73,25 +94,49 @@ async function validateKeyAndPersist(config: Config, key: string): Promise<void>
   process.stderr.write("Valid\n");
 
   const existing = readConfigFile() as Record<string, unknown>;
-  existing.api_key = key;
+  existing.active_auth_mode = mode;
+  if (mode === "standard-api-key") existing.api_key = key;
+  if (mode === "coding-plan") {
+    existing.coding_plan_api_key = key;
+    existing.coding_plan_region = codingPlanRegion;
+  }
+  if (mode === "token-plan") {
+    existing.token_plan_api_key = key;
+    existing.token_plan_region = tokenPlanRegion;
+  }
   await writeConfigFile(existing);
+  process.stderr.write(`Active auth mode set to ${mode}\n`);
   process.stderr.write(`Saved to ${getConfigPath()}\n`);
 }
 
 export default defineCommand({
   name: "auth login",
-  description: "Authenticate with API key or console browser login (credentials can coexist)",
-  usage: "bl auth login --api-key <key> | bl auth login --console",
+  description: "Authenticate with API key, console browser login, or interactive wizard",
+  usage: "bl auth login --mode <mode> --api-key <key> | bl auth login --console",
   options: [
-    { flag: "--api-key <key>", description: "DashScope API key to store" },
+    {
+      flag: "--mode <mode>",
+      description: "Auth mode: standard-api-key, coding-plan, token-plan",
+    },
+    { flag: "--api-key <key>", description: "API key for the selected auth mode" },
+    { flag: "--coding-plan-api-key <key>", description: "Coding Plan API key (sets mode)" },
+    { flag: "--coding-plan-region <region>", description: "Coding Plan region: cn, intl" },
+    { flag: "--token-plan-api-key <key>", description: "Token Plan API key (sets mode)" },
+    { flag: "--token-plan-region <region>", description: "Token Plan region: cn, intl" },
     {
       flag: "--console",
       description: "Sign in via browser; opens the console login URL in your default browser",
       type: "boolean",
     },
   ],
-  examples: ["bl auth login --api-key sk-xxxxx", "bl auth login --console"],
+  examples: [
+    "bl auth login --api-key sk-xxxxx",
+    "bl auth login --mode coding-plan --api-key sk-sp-xxxxx",
+    "bl auth login --token-plan-api-key sk-xxxxx --token-plan-region intl",
+    "bl auth login --console",
+  ],
   async run(config: Config, flags: GlobalFlags) {
+    // Console login branch (cli-specific)
     if (flags.console) {
       if (config.dryRun) {
         emitBare(
@@ -102,11 +147,32 @@ export default defineCommand({
       const hasApiKey = !!(config.apiKey || config.fileApiKey);
       await runConsoleLogin(resolveConsoleOrigin(), {
         needApiKey: !hasApiKey,
-        onApiKey: (key) => validateKeyAndPersist(config, key),
+        onApiKey: (key) =>
+          validateKeyAndPersist(
+            config,
+            key,
+            "standard-api-key",
+            config.codingPlanRegion,
+            config.tokenPlanRegion,
+          ),
       });
       return;
     }
 
+    const hasFlags = !!(
+      flags.mode ||
+      flags.apiKey ||
+      flags.codingPlanApiKey ||
+      flags.tokenPlanApiKey ||
+      flags.codingPlanRegion ||
+      flags.tokenPlanRegion
+    );
+
+    let mode: AuthMode;
+    let key: string | undefined;
+    let codingPlanRegion: CodingPlanRegion;
+    let tokenPlanRegion: TokenPlanRegion;
+
     const envKey = process.env.DASHSCOPE_API_KEY;
     if (envKey && !flags.apiKey) {
       const maskedEnvKey = maskToken(envKey);
@@ -119,22 +185,93 @@ export default defineCommand({
           process.stdout.write("Login skipped. Using environment variables.\n");
           process.exit(0);
         }
-      } else {
+      } else if (hasFlags) {
         process.stderr.write(`Warning: DASHSCOPE_API_KEY is already set in environment.\n`);
       }
     }
 
-    const key = (flags.apiKey as string) || config.apiKey;
+    if (!hasFlags && isInteractive({ nonInteractive: config.nonInteractive })) {
+      const result = await interactiveAuthSetup(config);
+      mode = result.mode;
+      key = result.key;
+      codingPlanRegion = result.codingPlanRegion ?? config.codingPlanRegion;
+      tokenPlanRegion = result.tokenPlanRegion ?? config.tokenPlanRegion;
+    } else {
+      const explicitMode = flags.mode as string | undefined;
+      mode = resolveLoginMode(explicitMode, flags);
+      key =
+        (flags.apiKey as string | undefined) ||
+        (flags.codingPlanApiKey as string | undefined) ||
+        (flags.tokenPlanApiKey as string | undefined) ||
+        (mode === "standard-api-key" ? config.apiKey : undefined);
+      codingPlanRegion = resolveCodingPlanRegion(flags, config);
+      tokenPlanRegion = resolveTokenPlanRegion(flags, config);
+    }
+
     if (!key) {
-      printCurrentCommandHelp(process.stderr);
-      process.exit(0);
+      if (!hasFlags) {
+        printCurrentCommandHelp(process.stderr);
+        process.exit(0);
+      }
+      throw new BailianError(
+        "--api-key is required.",
+        ExitCode.USAGE,
+        "bl auth login --mode <mode> --api-key <key>",
+      );
+    }
+
+    if (mode === "coding-plan" && !key.startsWith("sk-sp-")) {
+      throw new BailianError(
+        'Invalid API key. Coding Plan API keys start with "sk-sp-".',
+        ExitCode.USAGE,
+      );
     }
 
     if (!config.dryRun) {
-      await validateKeyAndPersist(config, key);
+      await validateKeyAndPersist(config, key, mode, codingPlanRegion, tokenPlanRegion);
       printQuickStart();
     } else {
-      emitBare("Would validate and save API key.");
+      emitBare(`Would validate and save ${mode} API key.`);
     }
   },
 });
+
+function resolveLoginMode(explicitMode: string | undefined, flags: GlobalFlags): AuthMode {
+  if (explicitMode) {
+    if (!AUTH_MODES.has(explicitMode)) {
+      throw new BailianError(
+        `Invalid auth mode "${explicitMode}".`,
+        ExitCode.USAGE,
+        "Valid modes: standard-api-key, coding-plan, token-plan",
+      );
+    }
+    return explicitMode as AuthMode;
+  }
+  if (flags.codingPlanApiKey) return "coding-plan";
+  if (flags.tokenPlanApiKey) return "token-plan";
+  return "standard-api-key";
+}
+
+function resolveCodingPlanRegion(flags: GlobalFlags, config: Config): CodingPlanRegion {
+  const region = (flags.codingPlanRegion as string | undefined) || config.codingPlanRegion;
+  if (!CODING_PLAN_REGIONS.has(region)) {
+    throw new BailianError(
+      `Invalid Coding Plan region "${region}".`,
+      ExitCode.USAGE,
+      "Valid Coding Plan regions: cn, intl",
+    );
+  }
+  return region as CodingPlanRegion;
+}
+
+function resolveTokenPlanRegion(flags: GlobalFlags, config: Config): TokenPlanRegion {
+  const region = (flags.tokenPlanRegion as string | undefined) || config.tokenPlanRegion;
+  if (!TOKEN_PLAN_REGIONS.has(region)) {
+    throw new BailianError(
+      `Invalid Token Plan region "${region}".`,
+      ExitCode.USAGE,
+      "Valid Token Plan regions: cn, intl",
+    );
+  }
+  return region as TokenPlanRegion;
+}

packages/cli/src/commands/auth/logout.ts

@@ -1,6 +1,5 @@
 import {
   defineCommand,
-  clearApiKey,
   readConfigFile,
   writeConfigFile,
   getConfigPath,
@@ -9,34 +8,27 @@ import {
 } from "bailian-cli-core";
 import { emitBare } from "../../output/output.ts";
 
-async function clearConsoleToken(): Promise<boolean> {
-  const file = readConfigFile() as Record<string, unknown>;
-  if (!file.access_token) return false;
-  delete file.access_token;
-  await writeConfigFile(file);
-  return true;
-}
-
 export default defineCommand({
   name: "auth logout",
   description: "Clear stored credentials",
-  usage: "bl auth logout [--console] [--yes] [--dry-run]",
+  usage: "bl auth logout [--console] [--all] [--yes] [--dry-run]",
   options: [
     {
       flag: "--console",
       description: "Only clear the console access_token, keep api_key intact",
       type: "boolean",
     },
+    { flag: "--all", description: "Clear all stored auth credentials", type: "boolean" },
     { flag: "--yes", description: "Skip confirmation prompt" },
   ],
   examples: [
     "bl auth logout",
     "bl auth logout --console",
+    "bl auth logout --all",
     "bl auth logout --dry-run",
-    "bl auth logout --yes",
   ],
   async run(config: Config, flags: GlobalFlags) {
-    const file = readConfigFile();
+    const file = readConfigFile() as Record<string, unknown>;
 
     if (flags.console) {
       const hasToken = !!file.access_token;
@@ -47,7 +39,8 @@ export default defineCommand({
         return;
       }
       if (hasToken) {
-        await clearConsoleToken();
+        delete file.access_token;
+        await writeConfigFile(file);
         process.stderr.write(`Cleared access_token from ${getConfigPath()}\n`);
         if (file.api_key) {
           process.stderr.write(
@@ -60,20 +53,44 @@ export default defineCommand({
       return;
     }
 
-    const hasKey = !!(file.api_key || file.access_token);
+    const keys = keysToClear(config, !!flags.all);
+    const hasKey = keys.some(
+      (key) => typeof file[key] === "string" && (file[key] as string).length,
+    );
 
     if (config.dryRun) {
-      if (hasKey) emitBare("Would clear api_key / access_token from ~/.bailian/config.json");
+      if (hasKey) emitBare(`Would clear ${keys.join(", ")} from ~/.bailian/config.json`);
       else emitBare("No credentials to clear.");
       emitBare("No changes made.");
       return;
     }
 
     if (hasKey) {
-      await clearApiKey();
-      process.stderr.write("Cleared api_key / access_token from ~/.bailian/config.json\n");
+      for (const key of keys) delete file[key];
+      if (config.activeAuthMode !== "standard-api-key") {
+        file.active_auth_mode = "standard-api-key";
+      }
+      await writeConfigFile(file);
+      process.stderr.write(`Cleared ${keys.join(", ")} from ${getConfigPath()}\n`);
+      if (config.activeAuthMode !== "standard-api-key") {
+        process.stderr.write("Active auth mode reset to standard-api-key.\n");
+      }
     } else {
       process.stderr.write("No credentials to clear.\n");
     }
   },
 });
+
+function keysToClear(config: Config, all: boolean): string[] {
+  if (all)
+    return [
+      "api_key",
+      "coding_plan_api_key",
+      "token_plan_api_key",
+      "active_auth_mode",
+      "access_token",
+    ];
+  if (config.activeAuthMode === "coding-plan") return ["coding_plan_api_key"];
+  if (config.activeAuthMode === "token-plan") return ["token_plan_api_key"];
+  return ["api_key", "access_token"];
+}