Fix OAuth exchange hardening and Gemini anyOf schema normalization

[RovshanMuradov]

What

• Hardened OAuth callback handling and token exchange flow.
• Added Gemini/Vertex schema normalization for tool/function parameters with anyOf.
• Added regression tests for both OAuth parsing/exchange guards and schema normalization.

Fixes

Fixes the following error when using OpenCode built-in edit tool with Gemini models:

Bad Request: [{
  "error": {
    "code": 400,
    "message": "Unable to submit request because `edit` functionDeclaration 
    `parameters.edits` schema specified other fields alongside any_of. 
    When using any_of, it must be the only field set.",
    "status": "INVALID_ARGUMENT"
  }
}]

Root cause: OpenCode sends JSON Schema where anyOf has sibling fields
(description, type, etc.), which Vertex AI rejects. This PR normalizes
the schema before sending so anyOf is always the only field.

How

• OAuth: parse callback input robustly (URL/query/raw code), normalize encoded auth codes, enforce state + session TTL, and prevent duplicate code exchange.
• Exchange: handle unexpected non-string inputs safely (no runtime crash on trim).
• Gemini requests: normalize function declaration schemas so anyOf nodes do not carry sibling fields that Vertex rejects.

Why

• Fixes flaky OAuth failures (invalid_grant/malformed code paths) and prevents exchange crashes.
• Fixes Vertex/Gemini request rejections caused by invalid anyOf schema shape.

Validation

• bun test → 34 passed, 0 failed
• bunx tsc --noEmit → no type errors

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4d3fbd72cd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[RovshanMuradov]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a561bf3719

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[jenslys]

Should this not be fixed in opencode instead? anomalyco/opencode#14509

[RovshanMuradov]

Should this not be fixed in opencode instead? anomalyco/opencode#14509

Yeah, sorry didn't see that, it just didn't work for me this morning that's why I tried to fix it in plugin.
This pr fixes it, but probably need to wait for opencode fix

[ArtanisInc]

We will have to wait a couple of weeks then...

[RovshanMuradov]

We will have to wait a couple of weeks then...

I just set this pr as main in plugin, you can do the same until they fix the bug