@albinocrabs/o-switcher 0.1.1 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.3.0
+
+### Minor Changes
+
+- Multi-profile auth rotation for OpenAI accounts
+  - Watch all `auth-work*.json` files, not just `auth.json`
+  - Add `switchProfile` / `switchToNextProfile` for credential rotation
+  - Auto-switch to next healthy profile when health drops below 30%
+
+## 0.2.0
+
+### Minor Changes
+
+- 57f1eb9: Add TUI sidebar panel and status dashboard for OpenCode
+  - Sidebar footer shows active profile, health %, and target count
+  - `/switcher` slash command opens full status dashboard with all targets
+  - File-based state bridge between server plugin and TUI (atomic writes, debounced)
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/),

package/dist/{chunk-VABBGKSR.cjs → chunk-H72U2MNG.cjs}

@@ -6,10 +6,10 @@ var crypto = require('crypto');
 var eventemitter3 = require('eventemitter3');
 var cockatiel = require('cockatiel');
 var PQueue = require('p-queue');
+var tool = require('@opencode-ai/plugin/tool');
 var promises = require('fs/promises');
 var os = require('os');
 var path = require('path');
-var tool = require('@opencode-ai/plugin/tool');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -1363,6 +1363,78 @@ var reloadConfig = (deps, rawConfig) => {
     throw err;
   }
 };
+var { schema: z3 } = tool.tool;
+var createOperatorTools = (deps) => ({
+  listTargets: tool.tool({
+    description: "List all routing targets with health scores, states, and circuit breaker status.",
+    args: {},
+    async execute() {
+      deps.logger.info({ op: "listTargets" }, "operator: listTargets");
+      const result = listTargets(deps);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  pauseTarget: tool.tool({
+    description: "Pause a target, preventing new requests from being routed to it.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info({ op: "pauseTarget", target_id: args.target_id }, "operator: pauseTarget");
+      const result = pauseTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  resumeTarget: tool.tool({
+    description: "Resume a previously paused or disabled target, allowing new requests.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info({ op: "resumeTarget", target_id: args.target_id }, "operator: resumeTarget");
+      const result = resumeTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  drainTarget: tool.tool({
+    description: "Drain a target, allowing in-flight requests to complete but preventing new ones.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info({ op: "drainTarget", target_id: args.target_id }, "operator: drainTarget");
+      const result = drainTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  disableTarget: tool.tool({
+    description: "Disable a target entirely, removing it from routing.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "disableTarget", target_id: args.target_id },
+        "operator: disableTarget"
+      );
+      const result = disableTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  inspectRequest: tool.tool({
+    description: "Inspect a request trace by ID, showing attempts, segments, and outcome.",
+    args: { request_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "inspectRequest", request_id: args.request_id },
+        "operator: inspectRequest"
+      );
+      const result = inspectRequest(deps, args.request_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  reloadConfig: tool.tool({
+    description: "Reload routing configuration with diff-apply. Validates new config before applying.",
+    args: { config: z3.record(z3.string(), z3.unknown()) },
+    async execute(args) {
+      deps.logger.info({ op: "reloadConfig" }, "operator: reloadConfig");
+      const result = reloadConfig(deps, args.config);
+      return JSON.stringify(result, null, 2);
+    }
+  })
+});
 var PROFILES_DIR = path.join(os.homedir(), ".local", "share", "o-switcher");
 var PROFILES_PATH = path.join(PROFILES_DIR, "profiles.json");
 var loadProfiles = async (path = PROFILES_PATH) => {
@@ -1430,6 +1502,8 @@ var nextProfileId = (store, provider) => {
   return `${provider}-${maxN + 1}`;
 };
 var AUTH_JSON_PATH = path.join(os.homedir(), ".local", "share", "opencode", "auth.json");
+var AUTH_DIR = path.join(os.homedir(), ".local", "share", "opencode");
+var isAuthFile = (filename) => filename === "auth.json" || /^auth-work\d+\.json$/.test(filename);
 var DEBOUNCE_MS = 100;
 var readAuthJson = async (path) => {
   try {
@@ -1439,6 +1513,22 @@ var readAuthJson = async (path) => {
     return {};
   }
 };
+var readAllAuthFiles = async (dir) => {
+  const { readdir } = await import('fs/promises');
+  const merged = {};
+  try {
+    const files = await readdir(dir);
+    for (const file of files.filter(isAuthFile)) {
+      const data = await readAuthJson(path.join(dir, file));
+      for (const [provider, entry] of Object.entries(data)) {
+        const key = `${provider}:${file}`;
+        merged[key] = entry;
+      }
+    }
+  } catch {
+  }
+  return merged;
+};
 var toCredential = (entry) => {
   if (entry.type === "oauth" || entry.refresh !== void 0 && entry.access !== void 0) {
     return {
@@ -1460,22 +1550,23 @@ var entriesEqual = (a, b) => {
   return JSON.stringify(a) === JSON.stringify(b);
 };
 var createAuthWatcher = (options) => {
-  const authPath = options?.authJsonPath ?? AUTH_JSON_PATH;
+  const authDir = options?.authJsonPath ? path.dirname(options.authJsonPath) : AUTH_DIR;
   const profPath = options?.profilesPath ?? PROFILES_PATH;
   const log = options?.logger?.child({ component: "profile-watcher" });
   let lastKnownAuth = {};
   let abortController = null;
   let debounceTimer = null;
   const processChange = async () => {
-    const newAuth = await readAuthJson(authPath);
+    const newAuth = await readAllAuthFiles(authDir);
     let store = await loadProfiles(profPath);
     let changed = false;
-    for (const [provider, entry] of Object.entries(newAuth)) {
+    for (const [compositeKey, entry] of Object.entries(newAuth)) {
       if (!entry) continue;
-      const previousEntry = lastKnownAuth[provider];
+      const provider = compositeKey.split(":")[0] ?? compositeKey;
+      const previousEntry = lastKnownAuth[compositeKey];
       if (previousEntry !== void 0 && !entriesEqual(previousEntry, entry)) {
         log?.info(
-          { provider, action: "credential_changed" },
+          { provider, source: compositeKey, action: "credential_changed" },
           "Credential change detected \u2014 saving previous credential"
         );
         const prevCredential = toCredential(previousEntry);
@@ -1485,7 +1576,7 @@ var createAuthWatcher = (options) => {
           changed = true;
         }
       } else if (previousEntry === void 0) {
-        log?.info({ provider, action: "new_provider" }, "New provider detected");
+        log?.info({ provider, source: compositeKey, action: "new_provider" }, "New auth file detected");
         const credential = toCredential(entry);
         const newStore = addProfile(store, provider, credential);
         if (newStore !== store) {
@@ -1512,32 +1603,32 @@ var createAuthWatcher = (options) => {
     }, DEBOUNCE_MS);
   };
   const start = async () => {
-    const currentAuth = await readAuthJson(authPath);
+    const currentAuth = await readAllAuthFiles(authDir);
     const currentStore = await loadProfiles(profPath);
-    log?.info({ providers: Object.keys(currentAuth) }, "Auth watcher started");
+    log?.info({ auth_keys: Object.keys(currentAuth).length }, "Auth watcher started");
     if (Object.keys(currentStore).length === 0 && Object.keys(currentAuth).length > 0) {
       let store = {};
-      for (const [provider, entry] of Object.entries(currentAuth)) {
+      for (const [compositeKey, entry] of Object.entries(currentAuth)) {
         if (!entry) continue;
+        const provider = compositeKey.split(":")[0] ?? compositeKey;
         const credential = toCredential(entry);
         store = addProfile(store, provider, credential);
       }
       await saveProfiles(store, profPath);
       log?.info(
         { profiles_initialized: Object.keys(store).length },
-        "Initialized profiles from auth.json"
+        "Initialized profiles from auth files"
       );
     }
     lastKnownAuth = currentAuth;
     abortController = new AbortController();
-    const parentDir = path.dirname(authPath);
     (async () => {
       try {
-        const watcher = promises.watch(parentDir, {
+        const watcher = promises.watch(authDir, {
           signal: abortController.signal
         });
         for await (const event of watcher) {
-          if (event.filename === "auth.json" || event.filename === null) {
+          if (event.filename !== null && isAuthFile(event.filename)) {
             onFileChange();
           }
         }
@@ -1559,7 +1650,89 @@ var createAuthWatcher = (options) => {
   };
   return { start, stop };
 };
-var { schema: z3 } = tool.tool;
+var credentialToAuthEntry = (cred) => {
+  if (cred.type === "oauth") {
+    return {
+      type: "oauth",
+      refresh: cred.refresh,
+      access: cred.access,
+      expires: cred.expires,
+      accountId: cred.accountId
+    };
+  }
+  return {
+    type: "api-key",
+    key: cred.key
+  };
+};
+var readCurrentAuth = async (authPath) => {
+  try {
+    const content = await promises.readFile(authPath, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return void 0;
+  }
+};
+var switchProfile = async (options) => {
+  const profPath = options.profilesPath ?? PROFILES_PATH;
+  const authPath = options.authJsonPath ?? AUTH_JSON_PATH;
+  const log = options.logger?.child({ component: "profile-switcher" });
+  const store = await loadProfiles(profPath);
+  const target = store[options.targetProfileId];
+  if (target === void 0) {
+    log?.warn({ profileId: options.targetProfileId }, "Profile not found");
+    return { success: false, to: options.targetProfileId, reason: "profile_not_found" };
+  }
+  const currentAuth = await readCurrentAuth(authPath);
+  const currentAccountId = currentAuth?.[target.provider] ? currentAuth[target.provider].accountId : void 0;
+  const newAuth = {};
+  newAuth[target.provider] = credentialToAuthEntry(target.credentials);
+  const dir = path.dirname(authPath);
+  await promises.mkdir(dir, { recursive: true });
+  const tmpPath = `${authPath}.tmp`;
+  await promises.writeFile(tmpPath, JSON.stringify(newAuth, null, 2), "utf-8");
+  await promises.rename(tmpPath, authPath);
+  log?.info(
+    {
+      from: currentAccountId,
+      to: target.credentials.type === "oauth" ? target.credentials.accountId : "(api-key)",
+      profileId: target.id,
+      provider: target.provider
+    },
+    "Switched active profile"
+  );
+  return {
+    success: true,
+    from: currentAccountId ?? void 0,
+    to: target.id
+  };
+};
+var switchToNextProfile = async (options) => {
+  const profPath = options.profilesPath ?? PROFILES_PATH;
+  const log = options.logger?.child({ component: "profile-switcher" });
+  const store = await loadProfiles(profPath);
+  const excludeSet = new Set(options.excludeProfileIds ?? []);
+  if (options.currentProfileId) {
+    excludeSet.add(options.currentProfileId);
+  }
+  const candidates = Object.values(store).filter((p) => p.provider === options.provider && !excludeSet.has(p.id)).sort((a, b) => new Date(a.created).getTime() - new Date(b.created).getTime());
+  if (candidates.length === 0) {
+    log?.warn({ provider: options.provider, excluded: [...excludeSet] }, "No available profiles to switch to");
+    return {
+      success: false,
+      to: options.currentProfileId ?? "none",
+      reason: "no_candidates"
+    };
+  }
+  const next = candidates[0];
+  return switchProfile({
+    targetProfileId: next.id,
+    profilesPath: profPath,
+    authJsonPath: options.authJsonPath,
+    logger: options.logger
+  });
+};
+var { schema: z4 } = tool.tool;
 var createProfileTools = (options) => ({
   profilesList: tool.tool({
     description: "List all saved auth profiles with provider, type, and creation date.",
@@ -1578,7 +1751,7 @@ var createProfileTools = (options) => ({
   }),
   profilesRemove: tool.tool({
     description: "Remove a saved auth profile by ID.",
-    args: { id: z3.string().min(1) },
+    args: { id: z4.string().min(1) },
     async execute(args) {
       const store = await loadProfiles(options?.profilesPath);
       const { store: newStore, removed } = removeProfile(store, args.id);
@@ -1632,6 +1805,7 @@ exports.createConcurrencyTracker = createConcurrencyTracker;
 exports.createCooldownManager = createCooldownManager;
 exports.createFailoverOrchestrator = createFailoverOrchestrator;
 exports.createLogSubscriber = createLogSubscriber;
+exports.createOperatorTools = createOperatorTools;
 exports.createProfileTools = createProfileTools;
 exports.createRegistry = createRegistry;
 exports.createRequestLogger = createRequestLogger;
@@ -1658,6 +1832,8 @@ exports.removeProfile = removeProfile;
 exports.resumeTarget = resumeTarget;
 exports.saveProfiles = saveProfiles;
 exports.selectTarget = selectTarget;
+exports.switchProfile = switchProfile;
+exports.switchToNextProfile = switchToNextProfile;
 exports.updateHealthScore = updateHealthScore;
 exports.updateLatencyEma = updateLatencyEma;
 exports.validateConfig = validateConfig;

package/dist/{chunk-IKNWSNAS.js → chunk-XXH633FY.js}

@@ -4,10 +4,10 @@ import crypto from 'crypto';
 import { EventEmitter } from 'eventemitter3';
 import { CircuitState, ConsecutiveBreaker, CountBreaker, BrokenCircuitError, IsolatedCircuitError, circuitBreaker, handleAll } from 'cockatiel';
 import PQueue from 'p-queue';
+import { tool } from '@opencode-ai/plugin/tool';
 import { readFile, mkdir, writeFile, rename, watch } from 'fs/promises';
 import { homedir } from 'os';
 import { join, dirname } from 'path';
-import { tool } from '@opencode-ai/plugin/tool';
 
 // src/config/defaults.ts
 var DEFAULT_RETRY_BUDGET = 3;
@@ -1355,6 +1355,78 @@ var reloadConfig = (deps, rawConfig) => {
     throw err;
   }
 };
+var { schema: z3 } = tool;
+var createOperatorTools = (deps) => ({
+  listTargets: tool({
+    description: "List all routing targets with health scores, states, and circuit breaker status.",
+    args: {},
+    async execute() {
+      deps.logger.info({ op: "listTargets" }, "operator: listTargets");
+      const result = listTargets(deps);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  pauseTarget: tool({
+    description: "Pause a target, preventing new requests from being routed to it.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info({ op: "pauseTarget", target_id: args.target_id }, "operator: pauseTarget");
+      const result = pauseTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  resumeTarget: tool({
+    description: "Resume a previously paused or disabled target, allowing new requests.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info({ op: "resumeTarget", target_id: args.target_id }, "operator: resumeTarget");
+      const result = resumeTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  drainTarget: tool({
+    description: "Drain a target, allowing in-flight requests to complete but preventing new ones.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info({ op: "drainTarget", target_id: args.target_id }, "operator: drainTarget");
+      const result = drainTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  disableTarget: tool({
+    description: "Disable a target entirely, removing it from routing.",
+    args: { target_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "disableTarget", target_id: args.target_id },
+        "operator: disableTarget"
+      );
+      const result = disableTarget(deps, args.target_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  inspectRequest: tool({
+    description: "Inspect a request trace by ID, showing attempts, segments, and outcome.",
+    args: { request_id: z3.string().min(1) },
+    async execute(args) {
+      deps.logger.info(
+        { op: "inspectRequest", request_id: args.request_id },
+        "operator: inspectRequest"
+      );
+      const result = inspectRequest(deps, args.request_id);
+      return JSON.stringify(result, null, 2);
+    }
+  }),
+  reloadConfig: tool({
+    description: "Reload routing configuration with diff-apply. Validates new config before applying.",
+    args: { config: z3.record(z3.string(), z3.unknown()) },
+    async execute(args) {
+      deps.logger.info({ op: "reloadConfig" }, "operator: reloadConfig");
+      const result = reloadConfig(deps, args.config);
+      return JSON.stringify(result, null, 2);
+    }
+  })
+});
 var PROFILES_DIR = join(homedir(), ".local", "share", "o-switcher");
 var PROFILES_PATH = join(PROFILES_DIR, "profiles.json");
 var loadProfiles = async (path = PROFILES_PATH) => {
@@ -1422,6 +1494,8 @@ var nextProfileId = (store, provider) => {
   return `${provider}-${maxN + 1}`;
 };
 var AUTH_JSON_PATH = join(homedir(), ".local", "share", "opencode", "auth.json");
+var AUTH_DIR = join(homedir(), ".local", "share", "opencode");
+var isAuthFile = (filename) => filename === "auth.json" || /^auth-work\d+\.json$/.test(filename);
 var DEBOUNCE_MS = 100;
 var readAuthJson = async (path) => {
   try {
@@ -1431,6 +1505,22 @@ var readAuthJson = async (path) => {
     return {};
   }
 };
+var readAllAuthFiles = async (dir) => {
+  const { readdir } = await import('fs/promises');
+  const merged = {};
+  try {
+    const files = await readdir(dir);
+    for (const file of files.filter(isAuthFile)) {
+      const data = await readAuthJson(join(dir, file));
+      for (const [provider, entry] of Object.entries(data)) {
+        const key = `${provider}:${file}`;
+        merged[key] = entry;
+      }
+    }
+  } catch {
+  }
+  return merged;
+};
 var toCredential = (entry) => {
   if (entry.type === "oauth" || entry.refresh !== void 0 && entry.access !== void 0) {
     return {
@@ -1452,22 +1542,23 @@ var entriesEqual = (a, b) => {
   return JSON.stringify(a) === JSON.stringify(b);
 };
 var createAuthWatcher = (options) => {
-  const authPath = options?.authJsonPath ?? AUTH_JSON_PATH;
+  const authDir = options?.authJsonPath ? dirname(options.authJsonPath) : AUTH_DIR;
   const profPath = options?.profilesPath ?? PROFILES_PATH;
   const log = options?.logger?.child({ component: "profile-watcher" });
   let lastKnownAuth = {};
   let abortController = null;
   let debounceTimer = null;
   const processChange = async () => {
-    const newAuth = await readAuthJson(authPath);
+    const newAuth = await readAllAuthFiles(authDir);
     let store = await loadProfiles(profPath);
     let changed = false;
-    for (const [provider, entry] of Object.entries(newAuth)) {
+    for (const [compositeKey, entry] of Object.entries(newAuth)) {
       if (!entry) continue;
-      const previousEntry = lastKnownAuth[provider];
+      const provider = compositeKey.split(":")[0] ?? compositeKey;
+      const previousEntry = lastKnownAuth[compositeKey];
       if (previousEntry !== void 0 && !entriesEqual(previousEntry, entry)) {
         log?.info(
-          { provider, action: "credential_changed" },
+          { provider, source: compositeKey, action: "credential_changed" },
           "Credential change detected \u2014 saving previous credential"
         );
         const prevCredential = toCredential(previousEntry);
@@ -1477,7 +1568,7 @@ var createAuthWatcher = (options) => {
           changed = true;
         }
       } else if (previousEntry === void 0) {
-        log?.info({ provider, action: "new_provider" }, "New provider detected");
+        log?.info({ provider, source: compositeKey, action: "new_provider" }, "New auth file detected");
         const credential = toCredential(entry);
         const newStore = addProfile(store, provider, credential);
         if (newStore !== store) {
@@ -1504,32 +1595,32 @@ var createAuthWatcher = (options) => {
     }, DEBOUNCE_MS);
   };
   const start = async () => {
-    const currentAuth = await readAuthJson(authPath);
+    const currentAuth = await readAllAuthFiles(authDir);
     const currentStore = await loadProfiles(profPath);
-    log?.info({ providers: Object.keys(currentAuth) }, "Auth watcher started");
+    log?.info({ auth_keys: Object.keys(currentAuth).length }, "Auth watcher started");
     if (Object.keys(currentStore).length === 0 && Object.keys(currentAuth).length > 0) {
       let store = {};
-      for (const [provider, entry] of Object.entries(currentAuth)) {
+      for (const [compositeKey, entry] of Object.entries(currentAuth)) {
         if (!entry) continue;
+        const provider = compositeKey.split(":")[0] ?? compositeKey;
         const credential = toCredential(entry);
         store = addProfile(store, provider, credential);
       }
       await saveProfiles(store, profPath);
       log?.info(
         { profiles_initialized: Object.keys(store).length },
-        "Initialized profiles from auth.json"
+        "Initialized profiles from auth files"
       );
     }
     lastKnownAuth = currentAuth;
     abortController = new AbortController();
-    const parentDir = dirname(authPath);
     (async () => {
       try {
-        const watcher = watch(parentDir, {
+        const watcher = watch(authDir, {
           signal: abortController.signal
         });
         for await (const event of watcher) {
-          if (event.filename === "auth.json" || event.filename === null) {
+          if (event.filename !== null && isAuthFile(event.filename)) {
             onFileChange();
           }
         }
@@ -1551,7 +1642,89 @@ var createAuthWatcher = (options) => {
   };
   return { start, stop };
 };
-var { schema: z3 } = tool;
+var credentialToAuthEntry = (cred) => {
+  if (cred.type === "oauth") {
+    return {
+      type: "oauth",
+      refresh: cred.refresh,
+      access: cred.access,
+      expires: cred.expires,
+      accountId: cred.accountId
+    };
+  }
+  return {
+    type: "api-key",
+    key: cred.key
+  };
+};
+var readCurrentAuth = async (authPath) => {
+  try {
+    const content = await readFile(authPath, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return void 0;
+  }
+};
+var switchProfile = async (options) => {
+  const profPath = options.profilesPath ?? PROFILES_PATH;
+  const authPath = options.authJsonPath ?? AUTH_JSON_PATH;
+  const log = options.logger?.child({ component: "profile-switcher" });
+  const store = await loadProfiles(profPath);
+  const target = store[options.targetProfileId];
+  if (target === void 0) {
+    log?.warn({ profileId: options.targetProfileId }, "Profile not found");
+    return { success: false, to: options.targetProfileId, reason: "profile_not_found" };
+  }
+  const currentAuth = await readCurrentAuth(authPath);
+  const currentAccountId = currentAuth?.[target.provider] ? currentAuth[target.provider].accountId : void 0;
+  const newAuth = {};
+  newAuth[target.provider] = credentialToAuthEntry(target.credentials);
+  const dir = dirname(authPath);
+  await mkdir(dir, { recursive: true });
+  const tmpPath = `${authPath}.tmp`;
+  await writeFile(tmpPath, JSON.stringify(newAuth, null, 2), "utf-8");
+  await rename(tmpPath, authPath);
+  log?.info(
+    {
+      from: currentAccountId,
+      to: target.credentials.type === "oauth" ? target.credentials.accountId : "(api-key)",
+      profileId: target.id,
+      provider: target.provider
+    },
+    "Switched active profile"
+  );
+  return {
+    success: true,
+    from: currentAccountId ?? void 0,
+    to: target.id
+  };
+};
+var switchToNextProfile = async (options) => {
+  const profPath = options.profilesPath ?? PROFILES_PATH;
+  const log = options.logger?.child({ component: "profile-switcher" });
+  const store = await loadProfiles(profPath);
+  const excludeSet = new Set(options.excludeProfileIds ?? []);
+  if (options.currentProfileId) {
+    excludeSet.add(options.currentProfileId);
+  }
+  const candidates = Object.values(store).filter((p) => p.provider === options.provider && !excludeSet.has(p.id)).sort((a, b) => new Date(a.created).getTime() - new Date(b.created).getTime());
+  if (candidates.length === 0) {
+    log?.warn({ provider: options.provider, excluded: [...excludeSet] }, "No available profiles to switch to");
+    return {
+      success: false,
+      to: options.currentProfileId ?? "none",
+      reason: "no_candidates"
+    };
+  }
+  const next = candidates[0];
+  return switchProfile({
+    targetProfileId: next.id,
+    profilesPath: profPath,
+    authJsonPath: options.authJsonPath,
+    logger: options.logger
+  });
+};
+var { schema: z4 } = tool;
 var createProfileTools = (options) => ({
   profilesList: tool({
     description: "List all saved auth profiles with provider, type, and creation date.",
@@ -1570,7 +1743,7 @@ var createProfileTools = (options) => ({
   }),
   profilesRemove: tool({
     description: "Remove a saved auth profile by ID.",
-    args: { id: z3.string().min(1) },
+    args: { id: z4.string().min(1) },
     async execute(args) {
       const store = await loadProfiles(options?.profilesPath);
       const { store: newStore, removed } = removeProfile(store, args.id);
@@ -1587,4 +1760,4 @@ var createProfileTools = (options) => ({
   })
 });
 
-export { ADMISSION_RESULTS, BackoffConfigSchema, ConfigValidationError, DEFAULT_ALPHA, DEFAULT_BACKOFF_BASE_MS, DEFAULT_BACKOFF_JITTER, DEFAULT_BACKOFF_MAX_MS, DEFAULT_BACKOFF_MULTIPLIER, DEFAULT_BACKOFF_PARAMS, DEFAULT_FAILOVER_BUDGET, DEFAULT_RETRY, DEFAULT_RETRY_BUDGET, DEFAULT_TIMEOUT_MS, DualBreaker, EXCLUSION_REASONS, ErrorClassSchema, INITIAL_HEALTH_SCORE, REDACT_PATHS, SwitcherConfigSchema, TARGET_STATES, TargetConfigSchema, TargetRegistry, addProfile, applyConfigDiff, checkHardRejects, computeBackoffMs, computeConfigDiff, computeCooldownMs, computeScore, createAdmissionController, createAuditLogger, createAuthWatcher, createCircuitBreaker, createConcurrencyTracker, createCooldownManager, createFailoverOrchestrator, createLogSubscriber, createProfileTools, createRegistry, createRequestLogger, createRequestTraceBuffer, createRetryPolicy, createRoutingEventBus, disableTarget, discoverTargets, discoverTargetsFromProfiles, drainTarget, generateCorrelationId, getExclusionReason, getTargetStateTransition, inspectRequest, isRetryable, listProfiles, listTargets, loadProfiles, nextProfileId, normalizeLatency, pauseTarget, reloadConfig, removeProfile, resumeTarget, saveProfiles, selectTarget, updateHealthScore, updateLatencyEma, validateConfig };
+export { ADMISSION_RESULTS, BackoffConfigSchema, ConfigValidationError, DEFAULT_ALPHA, DEFAULT_BACKOFF_BASE_MS, DEFAULT_BACKOFF_JITTER, DEFAULT_BACKOFF_MAX_MS, DEFAULT_BACKOFF_MULTIPLIER, DEFAULT_BACKOFF_PARAMS, DEFAULT_FAILOVER_BUDGET, DEFAULT_RETRY, DEFAULT_RETRY_BUDGET, DEFAULT_TIMEOUT_MS, DualBreaker, EXCLUSION_REASONS, ErrorClassSchema, INITIAL_HEALTH_SCORE, REDACT_PATHS, SwitcherConfigSchema, TARGET_STATES, TargetConfigSchema, TargetRegistry, addProfile, applyConfigDiff, checkHardRejects, computeBackoffMs, computeConfigDiff, computeCooldownMs, computeScore, createAdmissionController, createAuditLogger, createAuthWatcher, createCircuitBreaker, createConcurrencyTracker, createCooldownManager, createFailoverOrchestrator, createLogSubscriber, createOperatorTools, createProfileTools, createRegistry, createRequestLogger, createRequestTraceBuffer, createRetryPolicy, createRoutingEventBus, disableTarget, discoverTargets, discoverTargetsFromProfiles, drainTarget, generateCorrelationId, getExclusionReason, getTargetStateTransition, inspectRequest, isRetryable, listProfiles, listTargets, loadProfiles, nextProfileId, normalizeLatency, pauseTarget, reloadConfig, removeProfile, resumeTarget, saveProfiles, selectTarget, switchProfile, switchToNextProfile, updateHealthScore, updateLatencyEma, validateConfig };