feat: add Altimate provider with /login command and credential validation

Author: suryaiyer95

docs/docs/getting-started.md

@@ -81,6 +81,24 @@ Add a warehouse connection to `.altimate-code/connections.json`. Here's a quick
 
 For all warehouse types (Snowflake, BigQuery, Databricks, PostgreSQL, Redshift, DuckDB, MySQL, SQL Server) and advanced options (key-pair auth, ADC, SSH tunneling), see the [Warehouses reference](configure/warehouses.md).
 
+### Connecting to Altimate
+
+If you have an Altimate platform account, create `~/.altimate/altimate.json` with your credentials:
+
+```json
+{
+  "altimateInstanceName": "your-instance",
+  "altimateApiKey": "your-api-key",
+  "altimateUrl": "https://api.myaltimate.com"
+}
+```
+
+- **Instance Name** — the subdomain from your Altimate dashboard URL (e.g. `acme` from `https://acme.app.myaltimate.com`)
+- **API Key** — go to **Settings > API Keys** in your Altimate dashboard and click **Copy**
+- **URL** — matches your dashboard domain: if you access `https://<instance>.app.myaltimate.com`, use `https://api.myaltimate.com`; if `https://<instance>.app.getaltimate.com`, use `https://api.getaltimate.com`
+
+Then run `/connect` and select **Altimate** to start using it as your model.
+
 ## Step 4: Choose an Agent Mode
 
 altimate offers specialized agent modes for different workflows:

packages/opencode/src/altimate/api/client.ts

@@ -54,12 +54,26 @@ export namespace AltimateApi {
     return Filesystem.exists(credentialsPath())
   }
 
+  function resolveEnvVars(obj: unknown): unknown {
+    if (typeof obj === "string") {
+      return obj.replace(/\$\{env:([^}]+)\}/g, (_, envVar) => {
+        const value = process.env[envVar]
+        if (!value) throw new Error(`Environment variable ${envVar} not found`)
+        return value
+      })
+    }
+    if (Array.isArray(obj)) return obj.map(resolveEnvVars)
+    if (obj && typeof obj === "object")
+      return Object.fromEntries(Object.entries(obj).map(([k, v]) => [k, resolveEnvVars(v)]))
+    return obj
+  }
+
   export async function getCredentials(): Promise<AltimateCredentials> {
     const p = credentialsPath()
     if (!(await Filesystem.exists(p))) {
       throw new Error(`Altimate credentials not found at ${p}`)
     }
-    const raw = JSON.parse(await Filesystem.readText(p))
+    const raw = resolveEnvVars(JSON.parse(await Filesystem.readText(p)))
     return AltimateCredentials.parse(raw)
   }
 

packages/opencode/src/cli/cmd/tui/component/dialog-altimate-login.tsx

@@ -0,0 +1,198 @@
+import { createSignal, Show, onMount } from "solid-js"
+import { createStore } from "solid-js/store"
+import { TextareaRenderable, TextAttributes } from "@opentui/core"
+import { useKeyboard } from "@opentui/solid"
+import { useDialog } from "@tui/ui/dialog"
+import { useSDK } from "../context/sdk"
+import { useSync } from "@tui/context/sync"
+import { useTheme } from "../context/theme"
+import { AltimateApi } from "@/altimate/api/client"
+import { Filesystem } from "@/util/filesystem"
+
+export function DialogAltimateLogin() {
+  const dialog = useDialog()
+  const sdk = useSDK()
+  const sync = useSync()
+  const { theme } = useTheme()
+  const [error, setError] = createSignal("")
+  const [validating, setValidating] = createSignal(false)
+  const [store, setStore] = createStore({
+    active: "instance" as "instance" | "key" | "url",
+  })
+
+  let instanceRef: TextareaRenderable
+  let keyRef: TextareaRenderable
+  let urlRef: TextareaRenderable
+
+  const fields = ["instance", "key", "url"] as const
+
+  function focusActive() {
+    setTimeout(() => {
+      const ref = { instance: instanceRef, key: keyRef, url: urlRef }[store.active]
+      if (ref && !ref.isDestroyed) ref.focus()
+    }, 1)
+  }
+
+  useKeyboard((evt) => {
+    if (evt.name === "tab") {
+      const idx = fields.indexOf(store.active)
+      const next = fields[(idx + 1) % fields.length]
+      setStore("active", next)
+      focusActive()
+      evt.preventDefault()
+    }
+    if (evt.name === "return") {
+      if (validating()) return
+      void submit().catch((e) => setError(`Unexpected error: ${e?.message ?? e}`))
+    }
+  })
+
+  onMount(() => {
+    dialog.setSize("medium")
+    focusActive()
+  })
+
+  async function submit() {
+    const instance = instanceRef.plainText.trim()
+    const key = keyRef.plainText.trim()
+    const url = urlRef.plainText.trim().replace(/\/+$/, "")
+
+    if (!instance) {
+      setError("Instance name is required")
+      setStore("active", "instance")
+      focusActive()
+      return
+    }
+    if (!key) {
+      setError("API key is required")
+      setStore("active", "key")
+      focusActive()
+      return
+    }
+    if (!url) {
+      setError("URL is required")
+      setStore("active", "url")
+      focusActive()
+      return
+    }
+
+    setError("")
+    setValidating(true)
+    try {
+      const res = await fetch(`${url}/auth_health`, {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${key}`,
+          "x-tenant": instance,
+        },
+      })
+      if (!res.ok) {
+        setError("Invalid credentials — check your instance name, API key, and URL")
+        setValidating(false)
+        return
+      }
+      const data = await res.json()
+      if (data.status !== "auth_valid") {
+        setError("Unexpected response from server")
+        setValidating(false)
+        return
+      }
+    } catch {
+      setError(`Connection failed — could not reach ${url}`)
+      setValidating(false)
+      return
+    }
+
+    try {
+      const creds = {
+        altimateUrl: url,
+        altimateInstanceName: instance,
+        altimateApiKey: key,
+      }
+      await Filesystem.writeJson(AltimateApi.credentialsPath(), creds, 0o600)
+      await sdk.client.instance.dispose()
+      await sync.bootstrap()
+      dialog.clear()
+    } finally {
+      setValidating(false)
+    }
+  }
+
+  return (
+    <box paddingLeft={2} paddingRight={2} gap={1}>
+      <box flexDirection="row" justifyContent="space-between">
+        <text attributes={TextAttributes.BOLD} fg={theme.text}>
+          Connect to Altimate
+        </text>
+        <text fg={theme.textMuted} onMouseUp={() => dialog.clear()}>
+          esc
+        </text>
+      </box>
+
+      <text fg={theme.textMuted}>Find these in Settings &gt; API Keys in your Altimate dashboard</text>
+
+      <box>
+        <text fg={store.active === "instance" ? theme.text : theme.textMuted}>Instance Name:</text>
+        <text fg={theme.textMuted}>  From your URL: https://&lt;instance&gt;.app.myaltimate.com</text>
+        <textarea
+          height={3}
+          ref={(val: TextareaRenderable) => (instanceRef = val)}
+          placeholder="your-instance"
+          textColor={theme.text}
+          focusedTextColor={theme.text}
+          cursorColor={theme.text}
+          onMouseUp={() => {
+            setStore("active", "instance")
+            focusActive()
+          }}
+        />
+      </box>
+
+      <box>
+        <text fg={store.active === "key" ? theme.text : theme.textMuted}>API Key:</text>
+        <text fg={theme.textMuted}>  Settings &gt; API Keys &gt; Copy</text>
+        <textarea
+          height={3}
+          ref={(val: TextareaRenderable) => (keyRef = val)}
+          placeholder="your-api-key"
+          textColor={theme.text}
+          focusedTextColor={theme.text}
+          cursorColor={theme.text}
+          onMouseUp={() => {
+            setStore("active", "key")
+            focusActive()
+          }}
+        />
+      </box>
+
+      <box>
+        <text fg={store.active === "url" ? theme.text : theme.textMuted}>URL:</text>
+        <textarea
+          height={3}
+          ref={(val: TextareaRenderable) => (urlRef = val)}
+          initialValue="https://api.myaltimate.com"
+          placeholder="https://api.myaltimate.com"
+          textColor={theme.text}
+          focusedTextColor={theme.text}
+          cursorColor={theme.text}
+          onMouseUp={() => {
+            setStore("active", "url")
+            focusActive()
+          }}
+        />
+      </box>
+
+      <Show when={error()}>
+        <text fg={theme.error}>{error()}</text>
+      </Show>
+      <Show when={validating()}>
+        <text fg={theme.textMuted}>Validating credentials...</text>
+      </Show>
+
+      <text fg={theme.textMuted} paddingBottom={1}>
+        <span style={{ fg: theme.text }}>tab</span> next field{"  "}
+        <span style={{ fg: theme.text }}>enter</span> submit
+      </text>
+    </box>
+  )
+}

packages/opencode/src/cli/cmd/tui/component/dialog-provider.tsx

@@ -13,6 +13,9 @@ import { DialogModel } from "./dialog-model"
 import { useKeyboard } from "@opentui/solid"
 import { Clipboard } from "@tui/util/clipboard"
 import { useToast } from "../ui/toast"
+// altimate_change start — Altimate backend provider: import login dialog
+import { DialogAltimateLogin } from "./dialog-altimate-login"
+// altimate_change end
 
 const PROVIDER_PRIORITY: Record<string, number> = {
   opencode: 0,
@@ -21,6 +24,9 @@ const PROVIDER_PRIORITY: Record<string, number> = {
   "github-copilot": 3,
   anthropic: 4,
   google: 5,
+  // altimate_change start — Altimate backend provider: priority entry
+  "altimate-backend": 6,
+  // altimate_change end
 }
 
 export function createDialogProviderOptions() {
@@ -35,13 +41,22 @@ export function createDialogProviderOptions() {
         title: provider.name,
         value: provider.id,
         description: {
+          // altimate_change start — Altimate backend provider: description label
+          "altimate-backend": "(API key)",
+          // altimate_change end
           opencode: "(Recommended)",
           anthropic: "(API key)",
           openai: "(ChatGPT Plus/Pro or API key)",
           "opencode-go": "Low cost subscription for everyone",
         }[provider.id],
         category: provider.id in PROVIDER_PRIORITY ? "Popular" : "Other",
         async onSelect() {
+          // altimate_change start — Altimate backend provider: route to login dialog
+          if (provider.id === "altimate-backend") {
+            dialog.replace(() => <DialogAltimateLogin />)
+            return
+          }
+          // altimate_change end
           const methods = sync.data.provider_auth[provider.id] ?? [
             {
               type: "api",

packages/opencode/src/provider/provider.ts

@@ -18,6 +18,7 @@ import { iife } from "@/util/iife"
 import { Global } from "../global"
 import path from "path"
 import { Filesystem } from "../util/filesystem"
+import { AltimateApi } from "../altimate/api/client"
 
 // Direct imports for bundled providers
 import { createAmazonBedrock, type AmazonBedrockProviderSettings } from "@ai-sdk/amazon-bedrock"
@@ -181,6 +182,28 @@ export namespace Provider {
         options: hasKey ? {} : { apiKey: "public" },
       }
     },
+    // altimate_change start — Altimate backend provider: autoload handler reads credentials from ~/.altimate/altimate.json
+    "altimate-backend": async () => {
+      const isConfigured = await AltimateApi.isConfigured()
+      if (!isConfigured) return { autoload: false }
+
+      try {
+        const creds = await AltimateApi.getCredentials()
+        return {
+          autoload: true,
+          options: {
+            baseURL: `${creds.altimateUrl.replace(/\/+$/, "")}/agents/v1`,
+            apiKey: creds.altimateApiKey,
+            headers: {
+              "x-tenant": creds.altimateInstanceName,
+            },
+          },
+        }
+      } catch {
+        return { autoload: false }
+      }
+    },
+    // altimate_change end
     openai: async () => {
       return {
         autoload: false,
@@ -973,6 +996,45 @@ export namespace Provider {
     }
     // altimate_change end
 
+    // altimate_change start — register altimate-backend as an OpenAI-compatible provider
+    if (!database["altimate-backend"]) {
+      const backendModels: Record<string, Model> = {
+        "altimate-default": {
+          id: ModelID.make("altimate-default"),
+          providerID: ProviderID.make("altimate-backend"),
+          name: "Altimate AI",
+          family: "openai",
+          api: { id: "altimate-default", url: "", npm: "@ai-sdk/openai-compatible" },
+          status: "active",
+          headers: {},
+          options: {},
+          cost: { input: 0, output: 0, cache: { read: 0, write: 0 } },
+          limit: { context: 200000, output: 128000 },
+          capabilities: {
+            temperature: true,
+            reasoning: false,
+            attachment: false,
+            toolcall: true,
+            input: { text: true, audio: false, image: true, video: false, pdf: false },
+            output: { text: true, audio: false, image: false, video: false, pdf: false },
+            interleaved: false,
+          },
+          release_date: "2025-01-01",
+          variants: {},
+        },
+      }
+      database["altimate-backend"] = {
+        id: ProviderID.make("altimate-backend"),
+        name: "Altimate",
+        source: "custom",
+        env: [],
+        options: {},
+        models: backendModels,
+      }
+    }
+    // altimate_change end
+
+
     function mergeProvider(providerID: ProviderID, provider: Partial<Info>) {
       const existing = providers[providerID]
       if (existing) {

packages/opencode/src/util/filesystem.ts

@@ -55,6 +55,9 @@ export namespace Filesystem {
     try {
       if (mode) {
         await writeFile(p, content, { mode })
+        // altimate_change start — upstream_fix: writeFile { mode } option does not reliably set permissions; explicit chmod ensures correct mode is applied
+        await chmod(p, mode)
+        // altimate_change end
       } else {
         await writeFile(p, content)
       }
@@ -63,6 +66,9 @@ export namespace Filesystem {
         await mkdir(dirname(p), { recursive: true })
         if (mode) {
           await writeFile(p, content, { mode })
+          // altimate_change start — upstream_fix: writeFile { mode } option does not reliably set permissions; explicit chmod ensures correct mode is applied
+          await chmod(p, mode)
+          // altimate_change end
         } else {
           await writeFile(p, content)
         }