opencode
opencode is the recommended way to use fremai for coding. It is OAuth-only on fremai: you log in once in the browser, and a plugin supplies a short-lived key at request time — you never see, paste, or store a credential. When the key nears expiry, the plugin refreshes it automatically.
Under the hood the OAuth flow mints an ephemeral sk-fremai-… key scoped to your user, which carries your usage metering and budgets. It stays inside the plugin — hidden from you.
Option A — fremai login (quickest)
Once fremai is listed as a provider in your opencode model picker, the fastest path is:
fremai loginThis runs the browser OAuth flow, stores a refresh token in your OS keychain, and configures opencode to use fremai. Pick a fremai model in opencode and start coding — the plugin handles the key.
Option B — the auth plugin
Install the plugin into your own opencode setup:
npm install @fremai/opencode-authThen, from opencode:
opencode auth loginChoose fremai in the provider list and complete the browser sign-in. The plugin’s loader supplies a fresh key on every request and refreshes on 401 or shortly before expiry — the reason there is no auth.json for opencode to re-read and no key rotation for you to manage.
fremai init opencodewrites the provider block and installs the plugin for environments that pin their opencode config explicitly.
What you get
- No long-lived key on disk. The credential is ephemeral (short TTL) and lives only in memory inside the plugin.
- Automatic refresh. Sessions keep working across the token lifetime without re-authenticating each time.
- Your budgets apply. The ephemeral key is scoped to your fremai user, so per-user budgets, rate limits, and usage tracking (see rate limits) work exactly as they do for a static key.
Model selection
Reference any model from the catalog by its id (e.g. glm-5.2) in opencode’s model settings. GET /models returns the ids available to you.
Not using opencode?
Every other client uses a static sk-fremai-… key — see the OpenAI SDK, curl, and LangChain guides, and the authentication reference for the OAuth client-credentials path for machines.