npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

pi-provider-qoder

v0.2.1

Published

Pi extension for Qoder AI — with OAuth authentication, COSY signatures and WAF bypass

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

simonsmhsimonsmh

Keywords

pi-packagepiqoderaiprovider

Readme

pi-provider-qoder

A pi provider extension that connects pi to the Qoder API, exposing Qoder models through one provider surface.

Features

  • Interactive Login: Standard OAuth browser device-code flow or Personal Access Token (PAT) login.
  • WAF Bypass: Built-in WAF obfuscation and body encoding (Encode=1).
  • COSY Signing: Full COSY signature header generation (RSA/AES-CBC/MD5).
  • Dynamic Model Catalog: Dynamically fetches model limits, effort configurations, and options from the /algo/api/v2/model/list endpoint.
  • Reasoning/Thinking Support: Real-time extraction of thinking process from API reasoning or HTML-like <think> tags.

Quick start

Install the provider:

pi install npm:pi-provider-qoder

Or install it globally with npm:

npm install -g pi-provider-qoder

Then log in from pi:

/login qoder

The login menu offers two methods:

  • Browser Login — OAuth device-code flow; complete authorization in your browser.
  • Use API Key (PAT) — paste a Qoder Personal Access Token (pt-...).

Personal Access Token (PAT)

A Qoder PAT (pt-...) cannot authenticate API calls directly — the provider exchanges it for a short-lived job token (mirroring the official qodercli flow) and resolves your account identity automatically. You can supply a PAT in two ways:

  • Run /login qoder and choose Use API Key (PAT), then paste the token.
  • Set the QODER_PERSONAL_ACCESS_TOKEN (or QODER_PAT) environment variable, then run /login qoder — the PAT is picked up automatically and exchanged without further prompts. This is the recommended path for headless/CI setups.

The exchanged job token is short-lived; the provider transparently re-exchanges the stored PAT when it expires.

Models

Exposes the following backing models:

  • Tier Tiers: auto, ultimate, performance, efficient, lite
  • Frontier Models:
    • qmodel (Qwen3.7 Plus)
    • qmodel_latest (Qwen3.7 Max)
    • dmodel (DeepSeek V4 Pro)
    • dfmodel (DeepSeek V4 Flash)
    • gm51model (GLM 5.1)
    • kmodel (Kimi K2.6)
    • mmodel (MiniMax M3)

Usage

Once logged in, select any Qoder model in pi:

/model ultimate

Or let Qoder select automatically:

/model auto

Architecture

src/
├── index.ts            # Extension registration
├── cosy.ts             # COSY Signature and Machine ID resolver
├── login.ts            # OAuth Device Flow + PAT login sequence
├── pat.ts              # PAT → job-token exchange + identity resolution
├── models.ts           # Model definitions and Dynamic Config Cache
├── oauth.ts            # PAT / OAuth callback orchestrator
├── stream.ts           # Main streaming response handler
├── transform.ts        # Message conversions (OpenAI schema mapping)
├── thinking-parser.ts  # Fallback <think> tag parser
└── qoder-encoding.ts   # WAF bypass body encoder

License

MIT