feat(oauth): implement authentication flow with login and logout

crates/forge_api/Cargo.toml

@@ -11,6 +11,7 @@ forge_stream = { path = "../forge_stream" }
 forge_app = { path = "../forge_app" }
 forge_walker = { path = "../forge_walker" }
 forge_infra = { path = "../forge_infra" }
+forge_oauth = { path = "../forge_oauth" }
 serde_yaml = "0.9.34"
 serde_json = { version = "1.0" }
 

crates/forge_api/src/api.rs

@@ -2,9 +2,10 @@ use std::path::Path;
 use std::sync::Arc;
 
 use anyhow::Result;
-use forge_app::{EnvironmentService, ForgeApp, Infrastructure};
+use forge_app::{AuthService, EnvironmentService, ForgeApp, Infrastructure};
 use forge_domain::*;
 use forge_infra::ForgeInfra;
+use forge_oauth::AuthFlowState;
 use forge_stream::MpscStream;
 use serde_json::Value;
 
@@ -64,6 +65,22 @@ impl<F: App + Infrastructure> API for ForgeAPI<F> {
         self.app.conversation_service().create(workflow).await
     }
 
+    fn auth_url(&self) -> AuthFlowState {
+        self.app.auth_service().auth_url()
+    }
+
+    async fn authenticate(&self, auth_flow_state: AuthFlowState) -> anyhow::Result<()> {
+        self.app.auth_service().authenticate(auth_flow_state).await
+    }
+
+    fn logout(&self) -> anyhow::Result<bool> {
+        self.app.auth_service().logout()
+    }
+
+    fn get_key(&self) -> Option<String> {
+        self.app.auth_service().get_auth_token()
+    }
+
     fn environment(&self) -> Environment {
         self.app.environment_service().get_environment().clone()
     }

crates/forge_api/src/lib.rs

@@ -7,6 +7,7 @@ use std::path::Path;
 
 pub use api::*;
 pub use forge_domain::*;
+use forge_oauth::AuthFlowState;
 use forge_stream::MpscStream;
 use serde_json::Value;
 
@@ -29,6 +30,17 @@ pub trait API {
         chat: ChatRequest,
     ) -> anyhow::Result<MpscStream<anyhow::Result<AgentMessage<ChatResponse>, anyhow::Error>>>;
 
+    fn auth_url(&self) -> AuthFlowState;
+    /// Authenticates the user with Clerk OAuth
+    async fn authenticate(&self, auth_flow_state: AuthFlowState) -> anyhow::Result<()>;
+
+    /// Logs out the user by deleting stored credentials
+    /// Returns true if credentials were found and deleted, false otherwise
+    fn logout(&self) -> anyhow::Result<bool>;
+
+    /// Returns the current authentication token if available
+    fn get_key(&self) -> Option<String>;
+
     /// Returns the current environment
     fn environment(&self) -> Environment;
 

crates/forge_app/Cargo.toml

@@ -14,6 +14,7 @@ forge_open_router = { path = "../forge_open_router" }
 forge_tool_macros = { path = "../forge_tool_macros" }
 forge_display = { path = "../forge_display" }
 forge_walker = { path = "../forge_walker" }
+forge_oauth = { path = "../forge_oauth" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.133"
 derive_setters = "0.1.6"

crates/forge_app/src/app.rs

@@ -18,7 +18,7 @@ use crate::Infrastructure;
 pub struct ForgeApp<F> {
     infra: Arc<F>,
     tool_service: Arc<ForgeToolService>,
-    provider_service: ForgeProviderService,
+    provider_service: ForgeProviderService<F>,
     conversation_service: ForgeConversationService,
     prompt_service: ForgeTemplateService<F, ForgeToolService>,
     attachment_service: ForgeChatRequest<F>,
@@ -40,7 +40,7 @@ impl<F: Infrastructure> ForgeApp<F> {
 
 impl<F: Infrastructure> App for ForgeApp<F> {
     type ToolService = ForgeToolService;
-    type ProviderService = ForgeProviderService;
+    type ProviderService = ForgeProviderService<F>;
     type ConversationService = ForgeConversationService;
     type TemplateService = ForgeTemplateService<F, ForgeToolService>;
     type AttachmentService = ForgeChatRequest<F>;
@@ -67,11 +67,16 @@ impl<F: Infrastructure> App for ForgeApp<F> {
 }
 
 impl<F: Infrastructure> Infrastructure for ForgeApp<F> {
+    type AuthService = F::AuthService;
     type EnvironmentService = F::EnvironmentService;
     type FileReadService = F::FileReadService;
     type VectorIndex = F::VectorIndex;
     type EmbeddingService = F::EmbeddingService;
 
+    fn auth_service(&self) -> &Self::AuthService {
+        self.infra.auth_service()
+    }
+
     fn environment_service(&self) -> &Self::EnvironmentService {
         self.infra.environment_service()
     }

crates/forge_app/src/attachment.rs

@@ -60,17 +60,20 @@ impl<F: Infrastructure> AttachmentService for ForgeChatRequest<F> {
 
 #[cfg(test)]
 mod tests {
+    use core::str;
     use std::collections::HashMap;
     use std::path::{Path, PathBuf};
     use std::sync::{Arc, Mutex};
 
     use base64::Engine;
     use bytes::Bytes;
     use forge_domain::{AttachmentService, ContentType, Environment, Point, Query, Suggestion};
+    use forge_oauth::AuthFlowState;
 
     use crate::attachment::ForgeChatRequest;
     use crate::{
-        EmbeddingService, EnvironmentService, FileReadService, Infrastructure, VectorIndex,
+        AuthService, EmbeddingService, EnvironmentService, FileReadService, Infrastructure,
+        VectorIndex,
     };
 
     struct MockEnvironmentService {}
@@ -90,6 +93,7 @@ mod tests {
                 provider_key: "key".to_string(),
                 provider_url: "url".to_string(),
                 openai_key: None,
+                force_antinomy: None,
             }
         }
     }
@@ -162,6 +166,7 @@ mod tests {
         file_service: MockFileReadService,
         vector_index: MockVectorIndex,
         embedding_service: MockEmbeddingService,
+        auth_service: MockAuthService,
     }
 
     impl MockInfrastructure {
@@ -171,16 +176,37 @@ mod tests {
                 file_service: MockFileReadService::new(),
                 vector_index: MockVectorIndex {},
                 embedding_service: MockEmbeddingService {},
+                auth_service: MockAuthService {},
             }
         }
     }
 
+    struct MockAuthService {}
+
+    #[async_trait::async_trait]
+    impl AuthService for MockAuthService {
+        fn auth_url(&self) -> AuthFlowState {
+            unimplemented!()
+        }
+        async fn authenticate(&self, _: AuthFlowState) -> Result<(), anyhow::Error> {
+            Ok(())
+        }
+
+        fn logout(&self) -> Result<bool, anyhow::Error> {
+            Ok(false)
+        }
+
+        fn get_auth_token(&self) -> Option<String> {
+            None
+        }
+    }
+
     impl Infrastructure for MockInfrastructure {
         type EnvironmentService = MockEnvironmentService;
         type FileReadService = MockFileReadService;
         type VectorIndex = MockVectorIndex;
         type EmbeddingService = MockEmbeddingService;
-
+        type AuthService = MockAuthService;
         fn environment_service(&self) -> &Self::EnvironmentService {
             &self.env_service
         }
@@ -196,6 +222,10 @@ mod tests {
         fn embedding_service(&self) -> &Self::EmbeddingService {
             &self.embedding_service
         }
+
+        fn auth_service(&self) -> &Self::AuthService {
+            &self.auth_service
+        }
     }
 
     #[tokio::test]

crates/forge_app/src/lib.rs

@@ -11,6 +11,23 @@ use std::path::Path;
 pub use app::*;
 use bytes::Bytes;
 use forge_domain::{Point, Query, Suggestion};
+use forge_oauth::AuthFlowState;
+
+#[async_trait::async_trait]
+pub trait AuthService: Send + Sync + 'static {
+    /// Returns the current authentication state
+    fn auth_url(&self) -> AuthFlowState;
+    /// Authenticates the user and stores credentials
+    async fn authenticate(&self, auth_flow_state: AuthFlowState) -> anyhow::Result<()>;
+
+    /// Logs out the user by removing stored credentials
+    /// Returns true if credentials were found and removed, false otherwise
+    fn logout(&self) -> anyhow::Result<bool>;
+
+    /// Retrieves the current authentication token if available
+    /// Returns the token as a string if found, or an error if not authenticated
+    fn get_auth_token(&self) -> Option<String>;
+}
 
 /// Repository for accessing system environment information
 #[async_trait::async_trait]
@@ -45,11 +62,13 @@ pub trait EmbeddingService: Send + Sync {
 }
 
 pub trait Infrastructure: Send + Sync + 'static {
+    type AuthService: AuthService;
     type EnvironmentService: EnvironmentService;
     type FileReadService: FileReadService;
     type VectorIndex: VectorIndex<Suggestion>;
     type EmbeddingService: EmbeddingService;
 
+    fn auth_service(&self) -> &Self::AuthService;
     fn environment_service(&self) -> &Self::EnvironmentService;
     fn file_read_service(&self) -> &Self::FileReadService;
     fn vector_index(&self) -> &Self::VectorIndex;

crates/forge_app/src/provider.rs

@@ -8,47 +8,85 @@ use forge_domain::{
 use forge_open_router::ProviderBuilder;
 use moka2::future::Cache;
 
-use crate::{EnvironmentService, Infrastructure};
+use crate::{AuthService, EnvironmentService, Infrastructure};
 
-pub struct ForgeProviderService {
-    or: Box<dyn ProviderService>,
+pub struct ForgeProviderService<F> {
+    infra: Arc<F>,
+    or: Option<Arc<dyn ProviderService>>,
     cache: Cache<ModelId, Parameters>,
 }
 
-impl ForgeProviderService {
-    pub fn new<F: Infrastructure>(infra: Arc<F>) -> Self {
-        let env = infra.environment_service().get_environment();
-        let or = ProviderBuilder::from_url(env.provider_url)
-            .with_key(env.provider_key)
-            .build()
-            .expect("Failed to build provider");
+impl<F: Infrastructure> ForgeProviderService<F> {
+    pub fn new(infra: Arc<F>) -> Self {
+        let infra = infra.clone();
+        Self { infra, or: None, cache: Cache::new(1024) }
+    }
+
+    fn with_provider_service(&self, provider: Arc<dyn ProviderService>) -> Self {
+        Self {
+            infra: self.infra.clone(),
+            or: Some(provider),
+            cache: self.cache.clone(),
+        }
+    }
 
-        Self { or, cache: Cache::new(1024) }
+    fn build_provider_service(&self) -> Result<Self> {
+        if self.or.is_some() {
+            return Ok(Self {
+                infra: self.infra.clone(),
+                or: self.or.clone(),
+                cache: self.cache.clone(),
+            });
+        }
+        let env = self.infra.environment_service().get_environment();
+        let key = if let Some(_antinomy) = env.force_antinomy {
+            self.infra
+                .auth_service()
+                .get_auth_token()
+                .ok_or_else(|| anyhow::anyhow!("No auth token found run login command to login"))?
+        } else {
+            env.provider_key.clone()
+        };
+        let or = ProviderBuilder::from_url(env.provider_url)
+            .with_key(key)
+            .build()?;
+        Ok(self.with_provider_service(or))
     }
 }
 
 #[async_trait::async_trait]
-impl ProviderService for ForgeProviderService {
+impl<F: Infrastructure> ProviderService for ForgeProviderService<F> {
     async fn chat(
         &self,
         model_id: &ModelId,
         request: ChatContext,
     ) -> ResultStream<ChatCompletionMessage, anyhow::Error> {
-        self.or
+        let this: ForgeProviderService<F> = self.build_provider_service()?;
+        this.or
+            .as_ref()
+            .ok_or_else(|| anyhow::anyhow!("Provider service not initialized"))?
             .chat(model_id, request)
             .await
             .with_context(|| format!("Failed to chat with model: {}", model_id))
     }
 
     async fn models(&self) -> Result<Vec<Model>> {
-        self.or.models().await
+        let this = self.build_provider_service()?;
+        this.or
+            .as_ref()
+            .ok_or_else(|| anyhow::anyhow!("Provider service not initialized"))?
+            .models()
+            .await
     }
 
     async fn parameters(&self, model: &ModelId) -> anyhow::Result<Parameters> {
-        Ok(self
+        let this = self.build_provider_service()?;
+        Ok(this
             .cache
             .try_get_with_by_ref(model, async {
-                self.or
+                this.or
+                    .as_ref()
+                    .ok_or_else(|| anyhow::anyhow!("Provider service not initialized"))?
                     .parameters(model)
                     .await
                     .with_context(|| format!("Failed to get parameters for model: {}", model))

crates/forge_app/src/tools/mod.rs

@@ -41,9 +41,10 @@ mod tests {
 
     use bytes::Bytes;
     use forge_domain::{Environment, Point, Query, Suggestion};
+    use forge_oauth::AuthFlowState;
 
     use super::*;
-    use crate::{EmbeddingService, FileReadService, VectorIndex};
+    use crate::{AuthService, EmbeddingService, FileReadService, VectorIndex};
 
     /// Create a default test environment
     fn stub() -> Stub {
@@ -64,6 +65,7 @@ mod tests {
                 provider_url: Default::default(),
                 provider_key: Default::default(),
                 openai_key: Default::default(),
+                force_antinomy: None,
             },
         }
     }
@@ -102,13 +104,36 @@ mod tests {
         }
     }
 
+    #[async_trait::async_trait]
+    impl AuthService for Stub {
+        fn auth_url(&self) -> AuthFlowState {
+            unimplemented!()
+        }
+        async fn authenticate(&self, _auth_flow_state: AuthFlowState) -> anyhow::Result<()> {
+            unimplemented!()
+        }
+
+        fn logout(&self) -> anyhow::Result<bool> {
+            unimplemented!()
+        }
+
+        fn get_auth_token(&self) -> Option<String> {
+            unimplemented!()
+        }
+    }
+
     #[async_trait::async_trait]
     impl Infrastructure for Stub {
+        type AuthService = Stub;
         type EnvironmentService = Stub;
         type FileReadService = Stub;
         type VectorIndex = Stub;
         type EmbeddingService = Stub;
 
+        fn auth_service(&self) -> &Self::AuthService {
+            self
+        }
+
         fn environment_service(&self) -> &Self::EnvironmentService {
             self
         }