providers: add Cloudflare AI Gateway (#5174)

packages/opencode/src/provider/provider.ts

@@ -338,6 +338,45 @@ export namespace Provider {
         },
       }
     },
+    "cloudflare-ai-gateway": async (input) => {
+      const accountId = Env.get("CLOUDFLARE_ACCOUNT_ID")
+      const gateway = Env.get("CLOUDFLARE_GATEWAY_ID")
+
+      if (!accountId || !gateway) return { autoload: false }
+
+      // Get API token from env or auth prompt
+      const apiToken = await (async () => {
+        const envToken = Env.get("CLOUDFLARE_API_TOKEN")
+        if (envToken) return envToken
+        const auth = await Auth.get(input.id)
+        if (auth?.type === "api") return auth.key
+        return undefined
+      })()
+
+      return {
+        autoload: true,
+        async getModel(sdk: any, modelID: string, _options?: Record<string, any>) {
+          return sdk.chat(modelID)
+        },
+        options: {
+          baseURL: `https://gateway.ai.cloudflare.com/v1/${accountId}/${gateway}/compat`,
+          headers: {
+            // Cloudflare AI Gateway uses cf-aig-authorization for authenticated gateways
+            // This enables Unified Billing where Cloudflare handles upstream provider auth
+            ...(apiToken ? { "cf-aig-authorization": `Bearer ${apiToken}` } : {}),
+            "HTTP-Referer": "https://opencode.ai/",
+            "X-Title": "opencode",
+          },
+          // Custom fetch to strip Authorization header - AI Gateway uses cf-aig-authorization instead
+          // Sending Authorization header with invalid value causes auth errors
+          fetch: async (input: RequestInfo | URL, init?: RequestInit) => {
+            const headers = new Headers(init?.headers)
+            headers.delete("Authorization")
+            return fetch(input, { ...init, headers })
+          },
+        },
+      }
+    },
     cerebras: async () => {
       return {
         autoload: false,

packages/web/src/content/docs/providers.mdx

@@ -323,6 +323,64 @@ If you encounter "I'm sorry, but I cannot assist with that request" errors, try
 
 ---
 
+### Cloudflare AI Gateway
+
+Cloudflare AI Gateway lets you access models from OpenAI, Anthropic, Workers AI, and more through a unified endpoint. With [Unified Billing](https://developers.cloudflare.com/ai-gateway/features/unified-billing/) you don't need separate API keys for each provider.
+
+1. Head over to the [Cloudflare dashboard](https://dash.cloudflare.com/), navigate to **AI** > **AI Gateway**, and create a new gateway.
+
+2. Set your Account ID and Gateway ID as environment variables.
+
+   ```bash title="~/.bash_profile"
+   export CLOUDFLARE_ACCOUNT_ID=your-32-character-account-id
+   export CLOUDFLARE_GATEWAY_ID=your-gateway-id
+   ```
+
+3. Run the `/connect` command and search for **Cloudflare AI Gateway**.
+
+   ```txt
+   /connect
+   ```
+
+4. Enter your Cloudflare API token.
+
+   ```txt
+   ┌ API key
+   │
+   │
+   └ enter
+   ```
+
+   Or set it as an environment variable.
+
+   ```bash title="~/.bash_profile"
+   export CLOUDFLARE_API_TOKEN=your-api-token
+   ```
+
+5. Run the `/models` command to select a model.
+
+   ```txt
+   /models
+   ```
+
+   You can also add models through your opencode config.
+
+   ```json title="opencode.json"
+   {
+     "$schema": "https://opencode.ai/config.json",
+     "provider": {
+       "cloudflare-ai-gateway": {
+         "models": {
+           "openai/gpt-4o": {},
+           "anthropic/claude-sonnet-4": {}
+         }
+       }
+     }
+   }
+   ```
+
+---
+
 ### Cortecs
 
 1. Head over to the [Cortecs console](https://cortecs.ai/), create an account, and generate an API key.