@botcord/daemon 0.2.15 → 0.2.16

package/dist/index.js

@@ -329,8 +329,9 @@ async function runDeviceCodeFlow(opts) {
  * plane (legacy P0 behavior — caller may still log a warning).
  *
  * Decision tree (plan §4.4 + §6.4):
- * 1. Have existing creds and no `--relogin` → return existing record.
- * 2. `--install-token` → redeem the one-time dashboard ticket.
+ * 1. Have existing creds, no `--relogin`, no `--install-token` → return existing record.
+ * 2. `--install-token` (overrides existing creds — they may be stale or
+ *    belong to a different account) → redeem the one-time dashboard ticket.
  * 3. `--relogin` → device-code login.
  * 4. No creds + TTY → device-code login.
  * 5. No creds + no TTY → exit 1 with the §6.4 hint.
@@ -341,7 +342,7 @@ async function ensureUserAuthForStart(args) {
     const installToken = typeof args.flags["install-token"] === "string" ? args.flags["install-token"] : undefined;
     const relogin = args.flags.relogin === true;
     const existing = safeLoadUserAuth();
-    if (!relogin && existing) {
+    if (!relogin && !installToken && existing) {
         // A previously-set auth-expired flag is stale by definition once the
         // operator runs `start` again — if creds genuinely don't work, the
         // control channel will re-write the flag on the next 4401/4403.
@@ -355,9 +356,6 @@ async function ensureUserAuthForStart(args) {
         if (labelFlag && existing.label !== labelFlag) {
             console.error(`note: --label "${labelFlag}" ignored (already logged in as "${existing.label ?? "<unset>"}"); pass --relogin to change it`);
         }
-        if (installToken) {
-            console.error("note: --install-token ignored because daemon is already logged in");
-        }
         return existing;
     }
     // Need a fresh login. Resolve hubUrl: explicit --hub > existing record > DEFAULT_HUB.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botcord/daemon",
-  "version": "0.2.15",
+  "version": "0.2.16",
   "description": "BotCord local daemon — bridges Hub inbox push to local Claude Code / Codex / Gemini CLIs",
   "type": "module",
   "bin": {

package/src/index.ts

@@ -417,8 +417,9 @@ async function runDeviceCodeFlow(opts: {
  * plane (legacy P0 behavior — caller may still log a warning).
  *
  * Decision tree (plan §4.4 + §6.4):
- * 1. Have existing creds and no `--relogin` → return existing record.
- * 2. `--install-token` → redeem the one-time dashboard ticket.
+ * 1. Have existing creds, no `--relogin`, no `--install-token` → return existing record.
+ * 2. `--install-token` (overrides existing creds — they may be stale or
+ *    belong to a different account) → redeem the one-time dashboard ticket.
  * 3. `--relogin` → device-code login.
  * 4. No creds + TTY → device-code login.
  * 5. No creds + no TTY → exit 1 with the §6.4 hint.
@@ -432,7 +433,7 @@ async function ensureUserAuthForStart(args: ParsedArgs): Promise<UserAuthRecord
 
   const existing = safeLoadUserAuth();
 
-  if (!relogin && existing) {
+  if (!relogin && !installToken && existing) {
     // A previously-set auth-expired flag is stale by definition once the
     // operator runs `start` again — if creds genuinely don't work, the
     // control channel will re-write the flag on the next 4401/4403.
@@ -448,9 +449,6 @@ async function ensureUserAuthForStart(args: ParsedArgs): Promise<UserAuthRecord
         `note: --label "${labelFlag}" ignored (already logged in as "${existing.label ?? "<unset>"}"); pass --relogin to change it`,
       );
     }
-    if (installToken) {
-      console.error("note: --install-token ignored because daemon is already logged in");
-    }
     return existing;
   }