@elizaos/agent 2.0.0-alpha.410 → 2.0.0-alpha.413

package/apps/app-companion/src/components/companion/CompanionAppView.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CompanionAppView.d.ts","sourceRoot":"","sources":["../../../../../../../../apps/app-companion/src/components/companion/CompanionAppView.tsx"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,iBAAiB,EAGvB,MAAM,mBAAmB,CAAC;AA+P3B;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,iBAAiB,2CAQzD"}
+{"version":3,"file":"CompanionAppView.d.ts","sourceRoot":"","sources":["../../../../../../../../apps/app-companion/src/components/companion/CompanionAppView.tsx"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,iBAAiB,EAGvB,MAAM,mBAAmB,CAAC;AA8P3B;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,iBAAiB,2CAQzD"}

package/apps/app-companion/src/components/companion/CompanionAppView.js

@@ -1,5 +1,10 @@
 import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "react/jsx-runtime";
 import { ChatModalView, useApp, useRenderGuard, } from "@elizaos/app-core";
+// Static import: CharacterEditor is statically re-exported by app-core's
+// browser entry, so the previous lazy() was eagerly merged back into the
+// main chunk. Drop the wrapper to silence the dynamic↔static collision
+// warning and remove the unnecessary Suspense boundary overhead.
+import { CharacterEditor } from "@elizaos/app-core/components/character/CharacterEditor";
 import { usePtySessions } from "@elizaos/app-core/state/PtySessionsContext";
 import { PtyConsoleSidePanel } from "@elizaos/app-task-coordinator";
 import { memo, Suspense, useCallback, useEffect, useMemo, useState, } from "react";
@@ -9,11 +14,6 @@ import { useCompanionSceneStatus } from "./companion-scene-status-context";
 import { EmotePicker } from "./EmotePicker";
 import { InferenceCloudAlertButton } from "./InferenceCloudAlertButton";
 import { resolveCompanionInferenceNotice } from "./resolve-companion-inference-notice";
-// Static import: CharacterEditor is statically re-exported by app-core's
-// browser entry, so the previous lazy() was eagerly merged back into the
-// main chunk. Drop the wrapper to silence the dynamic↔static collision
-// warning and remove the unnecessary Suspense boundary overhead.
-import { CharacterEditor } from "@elizaos/app-core/components/character/CharacterEditor";
 const COMPANION_UI_REVEAL_FALLBACK_MS = 1400;
 const COMPANION_DOCK_HEIGHT = "min(42vh, 24rem)";
 /** Isolated PTY panel — avoids polling ptySessions in the main overlay. */

package/apps/app-companion/src/components/companion/CompanionView.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CompanionView.d.ts","sourceRoot":"","sources":["../../../../../../../../apps/app-companion/src/components/companion/CompanionView.tsx"],"names":[],"mappings":"AAqQA;;;;GAIG;AACH,eAAO,MAAM,aAAa,oFAMxB,CAAC"}
+{"version":3,"file":"CompanionView.d.ts","sourceRoot":"","sources":["../../../../../../../../apps/app-companion/src/components/companion/CompanionView.tsx"],"names":[],"mappings":"AAoQA;;;;GAIG;AACH,eAAO,MAAM,aAAa,oFAMxB,CAAC"}

package/apps/app-companion/src/components/companion/CompanionView.js

@@ -1,5 +1,10 @@
 import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "react/jsx-runtime";
 import { ChatModalView, useApp, useRenderGuard } from "@elizaos/app-core";
+// Static import: CharacterEditor is statically re-exported by app-core's
+// browser entry, so the previous lazy() was eagerly merged back into the
+// main chunk. Drop the wrapper to silence the dynamic↔static collision
+// warning and remove the unnecessary Suspense boundary overhead.
+import { CharacterEditor } from "@elizaos/app-core/components/character/CharacterEditor";
 import { usePtySessions } from "@elizaos/app-core/state/PtySessionsContext";
 import { PtyConsoleSidePanel } from "@elizaos/app-task-coordinator";
 import { memo, Suspense, useCallback, useEffect, useMemo, useState, } from "react";
@@ -9,11 +14,6 @@ import { useCompanionSceneStatus } from "./companion-scene-status-context";
 import { EmotePicker } from "./EmotePicker";
 import { InferenceCloudAlertButton } from "./InferenceCloudAlertButton";
 import { resolveCompanionInferenceNotice } from "./resolve-companion-inference-notice";
-// Static import: CharacterEditor is statically re-exported by app-core's
-// browser entry, so the previous lazy() was eagerly merged back into the
-// main chunk. Drop the wrapper to silence the dynamic↔static collision
-// warning and remove the unnecessary Suspense boundary overhead.
-import { CharacterEditor } from "@elizaos/app-core/components/character/CharacterEditor";
 const COMPANION_UI_REVEAL_FALLBACK_MS = 1400;
 const COMPANION_DOCK_HEIGHT = "min(42vh, 24rem)";
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elizaos/agent",
-  "version": "2.0.0-alpha.410",
+  "version": "2.0.0-alpha.413",
   "description": "Standalone elizaOS-based agent and backend server package.",
   "type": "module",
   "license": "MIT",
@@ -467,7 +467,7 @@
     "@elizaos/app-steward": "^0.0.0",
     "@elizaos/app-task-coordinator": "^0.0.0",
     "@elizaos/app-training": "^0.0.1",
-    "@elizaos/core": "^2.0.0-alpha.410",
+    "@elizaos/core": "^2.0.0-alpha.413",
     "@elizaos/plugin-agent-orchestrator": "^0.6.2-alpha.0",
     "@elizaos/plugin-browser-bridge": "^0.1.0",
     "@elizaos/plugin-local-embedding": "^2.0.0-alpha.12",
@@ -476,8 +476,8 @@
     "@elizaos/plugin-solana": "^2.0.0-alpha.6",
     "@elizaos/plugin-sql": "^2.0.0-alpha.19",
     "@elizaos/plugin-wechat": "^0.1.0",
-    "@elizaos/shared": "^2.0.0-alpha.410",
-    "@elizaos/skills": "^2.0.0-alpha.410",
+    "@elizaos/shared": "^2.0.0-alpha.413",
+    "@elizaos/skills": "^2.0.0-alpha.413",
     "@hapi/boom": "^10.0.1",
     "@noble/curves": "^2.0.1",
     "@solana/web3.js": "^1.98.4",

package/packages/agent/src/api/provider-switch-config.d.ts

@@ -1,6 +1,6 @@
 import type { ElizaConfig } from "../config/types.eliza.js";
 import { type OnboardingConnection, type OnboardingCredentialInputs } from "../contracts/onboarding.js";
-import type { DeploymentTargetConfig, LinkedAccountsConfig, ServiceCapability, ServiceRoutingConfig } from "../contracts/service-routing.js";
+import type { DeploymentTargetConfig, LinkedAccountFlagsConfig, ServiceCapability, ServiceRoutingConfig } from "../contracts/service-routing.js";
 type MutableElizaConfig = Partial<ElizaConfig> & {
     cloud?: Record<string, unknown>;
     models?: Record<string, unknown>;
@@ -8,12 +8,12 @@ type MutableElizaConfig = Partial<ElizaConfig> & {
         rpcProviders?: Record<string, string>;
     };
     deploymentTarget?: DeploymentTargetConfig;
-    linkedAccounts?: LinkedAccountsConfig;
+    linkedAccounts?: LinkedAccountFlagsConfig;
     serviceRouting?: ServiceRoutingConfig;
 };
 export declare function applyCanonicalOnboardingConfig(config: MutableElizaConfig, args: {
     deploymentTarget?: DeploymentTargetConfig | null;
-    linkedAccounts?: LinkedAccountsConfig | null;
+    linkedAccounts?: LinkedAccountFlagsConfig | null;
     serviceRouting?: ServiceRoutingConfig | null;
     clearRoutes?: readonly ServiceCapability[];
 }): void;

package/packages/agent/src/api/provider-switch-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"provider-switch-config.d.ts","sourceRoot":"","sources":["../../../../../src/api/provider-switch-config.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAQL,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,EAIhC,MAAM,4BAA4B,CAAC;AACpC,OAAO,KAAK,EACV,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACrB,MAAM,iCAAiC,CAAC;AAQzC,KAAK,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE;QAAE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,CAAC;IACnD,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,cAAc,CAAC,EAAE,oBAAoB,CAAC;IACtC,cAAc,CAAC,EAAE,oBAAoB,CAAC;CACvC,CAAC;AAuHF,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE;IACJ,gBAAgB,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAC;IACjD,cAAc,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC7C,cAAc,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC7C,WAAW,CAAC,EAAE,SAAS,iBAAiB,EAAE,CAAC;CAC5C,GACA,IAAI,CAUN;AAuWD;;;;;;;;;;;;GAYG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAC5B,QAAQ,EAAE,MAAM,GACf,IAAI,CAuBN;AAED;;;;;;;GAOG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,GAC3B,IAAI,CAIN;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,kBAAkB,GACzB,IAAI,CA8EN;AAED,wBAAgB,8BAA8B,CAAC,IAAI,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,oBAAoB,GAAG,IAAI,CAmB9B;AAED,wBAAsB,+BAA+B,CACnD,MAAM,EAAE,kBAAkB,EAC1B,UAAU,EAAE,oBAAoB,GAC/B,OAAO,CAAC,IAAI,CAAC,CAmLf;AAED,wBAAsB,oCAAoC,CACxD,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE;IACJ,gBAAgB,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;IACrD,gBAAgB,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAC;IACjD,cAAc,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;CAC9C,GACA,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAkCxB"}
+{"version":3,"file":"provider-switch-config.d.ts","sourceRoot":"","sources":["../../../../../src/api/provider-switch-config.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAQL,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,EAIhC,MAAM,4BAA4B,CAAC;AACpC,OAAO,KAAK,EACV,sBAAsB,EACtB,wBAAwB,EACxB,iBAAiB,EACjB,oBAAoB,EACrB,MAAM,iCAAiC,CAAC;AAQzC,KAAK,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE;QAAE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,CAAC;IACnD,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,cAAc,CAAC,EAAE,wBAAwB,CAAC;IAC1C,cAAc,CAAC,EAAE,oBAAoB,CAAC;CACvC,CAAC;AAuHF,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE;IACJ,gBAAgB,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAC;IACjD,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACjD,cAAc,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAC7C,WAAW,CAAC,EAAE,SAAS,iBAAiB,EAAE,CAAC;CAC5C,GACA,IAAI,CAUN;AAuWD;;;;;;;;;;;;GAYG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAC5B,QAAQ,EAAE,MAAM,GACf,IAAI,CAuBN;AAED;;;;;;;GAOG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,GAC3B,IAAI,CAIN;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,kBAAkB,GACzB,IAAI,CA8EN;AAED,wBAAgB,8BAA8B,CAAC,IAAI,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,oBAAoB,GAAG,IAAI,CAmB9B;AAED,wBAAsB,+BAA+B,CACnD,MAAM,EAAE,kBAAkB,EAC1B,UAAU,EAAE,oBAAoB,GAC/B,OAAO,CAAC,IAAI,CAAC,CAmLf;AAED,wBAAsB,oCAAoC,CACxD,MAAM,EAAE,kBAAkB,EAC1B,IAAI,EAAE;IACJ,gBAAgB,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;IACrD,gBAAgB,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAC;IACjD,cAAc,CAAC,EAAE,oBAAoB,GAAG,IAAI,CAAC;CAC9C,GACA,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAkCxB"}

package/packages/agent/src/auth/account-storage.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Per-account credential storage.
+ *
+ * Layout: `~/.eliza/auth/{providerId}/{accountId}.json` (mode 0600,
+ * atomic writes). Multiple accounts per provider are supported.
+ *
+ * Migration: on first read of a provider, if the legacy single-file
+ * `~/.eliza/auth/{providerId}.json` exists and the per-account
+ * directory does not, the legacy file is moved to
+ * `<dir>/default.json` and the legacy file is removed.
+ */
+import type { OAuthCredentials, SubscriptionProvider } from "./types.js";
+export interface AccountCredentialRecord {
+    /** accountId, e.g. "default" or a uuid */
+    id: string;
+    providerId: SubscriptionProvider;
+    /** user-facing name (e.g. "Personal", "Work") */
+    label: string;
+    source: "oauth" | "api-key";
+    /**
+     * Existing OAuth credential blob — `{ access, refresh, expires }`
+     * for OAuth accounts; for `api-key` accounts only `access` is
+     * meaningful (refresh is the empty string and expires is `0` /
+     * a far-future sentinel by convention of the caller).
+     */
+    credentials: OAuthCredentials;
+    createdAt: number;
+    updatedAt: number;
+    lastUsedAt?: number;
+    organizationId?: string;
+    userId?: string;
+    email?: string;
+}
+/**
+ * Run the legacy → per-account migration for both known subscription
+ * providers. Idempotent: each provider migrates at most once per
+ * process. Returns the providers that were actually migrated this
+ * call.
+ */
+export declare function migrateLegacySingleAccount(): {
+    migrated: SubscriptionProvider[];
+};
+export declare function listAccounts(provider: SubscriptionProvider): AccountCredentialRecord[];
+export declare function loadAccount(provider: SubscriptionProvider, accountId: string): AccountCredentialRecord | null;
+export declare function saveAccount(record: AccountCredentialRecord): void;
+export declare function deleteAccount(provider: SubscriptionProvider, accountId: string): void;
+export declare function touchAccount(provider: SubscriptionProvider, accountId: string): void;
+//# sourceMappingURL=account-storage.d.ts.map

package/packages/agent/src/auth/account-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"account-storage.d.ts","sourceRoot":"","sources":["../../../../../src/auth/account-storage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAEzE,MAAM,WAAW,uBAAuB;IACtC,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,oBAAoB,CAAC;IACjC,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B;;;;;OAKG;IACH,WAAW,EAAE,gBAAgB,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA6ID;;;;;GAKG;AACH,wBAAgB,0BAA0B,IAAI;IAC5C,QAAQ,EAAE,oBAAoB,EAAE,CAAC;CAClC,CAWA;AAQD,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,oBAAoB,GAC7B,uBAAuB,EAAE,CAuC3B;AAED,wBAAgB,WAAW,CACzB,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,EAAE,MAAM,GAChB,uBAAuB,GAAG,IAAI,CAgChC;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,uBAAuB,GAAG,IAAI,CAUjE;AAED,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,EAAE,MAAM,GAChB,IAAI,CAUN;AAED,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,EAAE,MAAM,GAChB,IAAI,CAQN"}

package/packages/agent/src/auth/account-storage.js

@@ -0,0 +1,238 @@
+/**
+ * Per-account credential storage.
+ *
+ * Layout: `~/.eliza/auth/{providerId}/{accountId}.json` (mode 0600,
+ * atomic writes). Multiple accounts per provider are supported.
+ *
+ * Migration: on first read of a provider, if the legacy single-file
+ * `~/.eliza/auth/{providerId}.json` exists and the per-account
+ * directory does not, the legacy file is moved to
+ * `<dir>/default.json` and the legacy file is removed.
+ */
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { logger } from "@elizaos/core";
+function authRoot() {
+    return path.join(process.env.ELIZA_HOME || path.join(os.homedir(), ".eliza"), "auth");
+}
+function providerDir(provider) {
+    return path.join(authRoot(), provider);
+}
+function legacyProviderFile(provider) {
+    return path.join(authRoot(), `${provider}.json`);
+}
+function accountFile(provider, accountId) {
+    return path.join(providerDir(provider), `${accountId}.json`);
+}
+function ensureProviderDir(provider) {
+    const dir = providerDir(provider);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+}
+function atomicWriteJsonSync(filePath, value) {
+    const dir = path.dirname(filePath);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(value, null, 2), {
+        encoding: "utf-8",
+        mode: 0o600,
+    });
+    fs.renameSync(tmp, filePath);
+}
+function isAccountCredentialRecord(value) {
+    if (!value || typeof value !== "object")
+        return false;
+    const v = value;
+    return (typeof v.id === "string" &&
+        typeof v.providerId === "string" &&
+        typeof v.label === "string" &&
+        (v.source === "oauth" || v.source === "api-key") &&
+        typeof v.credentials === "object" &&
+        v.credentials !== null &&
+        typeof v.credentials.access === "string" &&
+        typeof v.createdAt === "number" &&
+        typeof v.updatedAt === "number");
+}
+const migratedProviders = new Set();
+let migrationRunAtLeastOnce = false;
+function migrateProvider(provider) {
+    if (migratedProviders.has(provider))
+        return false;
+    migratedProviders.add(provider);
+    const dir = providerDir(provider);
+    const legacy = legacyProviderFile(provider);
+    if (!fs.existsSync(legacy))
+        return false;
+    if (fs.existsSync(dir)) {
+        // Per-account directory already exists — leave the legacy file
+        // alone (operator may be mid-migration). Don't auto-delete.
+        return false;
+    }
+    let parsed = null;
+    try {
+        const raw = fs.readFileSync(legacy, "utf-8");
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        logger.warn(`[auth] Failed to read legacy credential file for migration ${legacy}: ${String(err)}`);
+        return false;
+    }
+    if (!parsed ||
+        typeof parsed !== "object" ||
+        !parsed.credentials ||
+        typeof parsed.credentials.access !== "string") {
+        logger.warn(`[auth] Legacy credential file ${legacy} is malformed — skipping migration`);
+        return false;
+    }
+    const now = Date.now();
+    const record = {
+        id: "default",
+        providerId: provider,
+        label: "Default",
+        source: "oauth",
+        credentials: parsed.credentials,
+        createdAt: typeof parsed.createdAt === "number" ? parsed.createdAt : now,
+        updatedAt: typeof parsed.updatedAt === "number" ? parsed.updatedAt : now,
+    };
+    ensureProviderDir(provider);
+    atomicWriteJsonSync(accountFile(provider, "default"), record);
+    // Atomic-ish delete: rename to a side path first so a concurrent
+    // reader sees either the legacy file or nothing — then unlink.
+    const removed = `${legacy}.migrated-${now}`;
+    try {
+        fs.renameSync(legacy, removed);
+        fs.unlinkSync(removed);
+    }
+    catch (err) {
+        logger.warn(`[auth] Failed to remove legacy credential file ${legacy} after migration: ${String(err)}`);
+    }
+    logger.info(`[auth] Migrated legacy ${provider} credentials to per-account store as "default"`);
+    return true;
+}
+/**
+ * Run the legacy → per-account migration for both known subscription
+ * providers. Idempotent: each provider migrates at most once per
+ * process. Returns the providers that were actually migrated this
+ * call.
+ */
+export function migrateLegacySingleAccount() {
+    migrationRunAtLeastOnce = true;
+    const providers = [
+        "anthropic-subscription",
+        "openai-codex",
+    ];
+    const migrated = [];
+    for (const p of providers) {
+        if (migrateProvider(p))
+            migrated.push(p);
+    }
+    return { migrated };
+}
+function ensureMigrationOnce() {
+    if (!migrationRunAtLeastOnce) {
+        migrateLegacySingleAccount();
+    }
+}
+export function listAccounts(provider) {
+    ensureMigrationOnce();
+    // Run provider-specific migration too in case a new provider was
+    // added after the first global pass.
+    migrateProvider(provider);
+    const dir = providerDir(provider);
+    if (!fs.existsSync(dir))
+        return [];
+    const entries = fs.readdirSync(dir);
+    const records = [];
+    for (const entry of entries) {
+        if (!entry.endsWith(".json"))
+            continue;
+        if (entry.endsWith(".tmp.json") || entry.endsWith(".json.tmp"))
+            continue;
+        const filePath = path.join(dir, entry);
+        let parsed;
+        try {
+            parsed = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+        }
+        catch (err) {
+            logger.warn(`[auth] Skipping malformed credential file ${filePath}: ${String(err)}`);
+            continue;
+        }
+        if (!isAccountCredentialRecord(parsed)) {
+            logger.warn(`[auth] Skipping credential file ${filePath} — wrong shape`);
+            continue;
+        }
+        if (parsed.providerId !== provider) {
+            logger.warn(`[auth] Credential file ${filePath} declares providerId="${parsed.providerId}", expected "${provider}" — skipping`);
+            continue;
+        }
+        records.push(parsed);
+    }
+    records.sort((a, b) => a.createdAt - b.createdAt);
+    return records;
+}
+export function loadAccount(provider, accountId) {
+    ensureMigrationOnce();
+    migrateProvider(provider);
+    const file = accountFile(provider, accountId);
+    let raw;
+    try {
+        raw = fs.readFileSync(file, "utf-8");
+    }
+    catch (err) {
+        if (err.code === "ENOENT")
+            return null;
+        throw err;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        logger.warn(`[auth] Credential file ${file} is malformed JSON: ${String(err)}`);
+        return null;
+    }
+    if (!isAccountCredentialRecord(parsed)) {
+        logger.warn(`[auth] Credential file ${file} has wrong shape`);
+        return null;
+    }
+    if (parsed.providerId !== provider || parsed.id !== accountId) {
+        logger.warn(`[auth] Credential file ${file} provider/id mismatch (got ${parsed.providerId}/${parsed.id})`);
+        return null;
+    }
+    return parsed;
+}
+export function saveAccount(record) {
+    ensureProviderDir(record.providerId);
+    const next = {
+        ...record,
+        updatedAt: Date.now(),
+    };
+    atomicWriteJsonSync(accountFile(record.providerId, record.id), next);
+    logger.info(`[auth] Saved ${record.providerId} account "${record.id}" (label="${record.label}")`);
+}
+export function deleteAccount(provider, accountId) {
+    const file = accountFile(provider, accountId);
+    try {
+        fs.unlinkSync(file);
+        logger.info(`[auth] Deleted ${provider} account "${accountId}"`);
+    }
+    catch (err) {
+        if (err.code !== "ENOENT") {
+            throw err;
+        }
+    }
+}
+export function touchAccount(provider, accountId) {
+    const existing = loadAccount(provider, accountId);
+    if (!existing)
+        return;
+    const next = {
+        ...existing,
+        lastUsedAt: Date.now(),
+    };
+    atomicWriteJsonSync(accountFile(provider, accountId), next);
+}

package/packages/agent/src/auth/credentials.d.ts

@@ -1,49 +1,69 @@
 /**
  * Credential storage and token refresh for subscription providers.
  *
- * Stores OAuth credentials in ~/.eliza/auth/ as JSON files.
+ * Credentials live under `~/.eliza/auth/{providerId}/{accountId}.json`
+ * (see `account-storage.ts` for the on-disk format and atomic-write
+ * details). The `loadCredentials` / `saveCredentials` /
+ * `deleteCredentials` / `hasValidCredentials` / `getAccessToken`
+ * helpers all default to `accountId="default"` so callers that pre-date
+ * multi-account support keep working without changes.
  */
+import { type AccountCredentialRecord } from "./account-storage.js";
 import { type OAuthCredentials, type StoredCredentials, type SubscriptionProvider } from "./types.js";
 /**
- * Save credentials for a provider.
+ * Save credentials for a provider account.
+ *
+ * The `accountId` defaults to `"default"`. New accounts are persisted
+ * with `source: "oauth"` and `label: "Default"` (or the existing
+ * record's label when overwriting).
  */
-export declare function saveCredentials(provider: SubscriptionProvider, credentials: OAuthCredentials): void;
+export declare function saveCredentials(provider: SubscriptionProvider, credentials: OAuthCredentials, accountId?: string): void;
 /**
- * Load stored credentials for a provider.
+ * Load stored credentials for a provider account.
+ * Returns `null` when no account is configured for the given id.
  */
-export declare function loadCredentials(provider: SubscriptionProvider): StoredCredentials | null;
+export declare function loadCredentials(provider: SubscriptionProvider, accountId?: string): StoredCredentials | null;
 /**
- * Delete stored credentials for a provider.
+ * Delete stored credentials for a provider account.
  */
-export declare function deleteCredentials(provider: SubscriptionProvider): void;
+export declare function deleteCredentials(provider: SubscriptionProvider, accountId?: string): void;
 /**
  * Check if credentials exist and are not expired.
  */
-export declare function hasValidCredentials(provider: SubscriptionProvider): boolean;
+export declare function hasValidCredentials(provider: SubscriptionProvider, accountId?: string): boolean;
 /**
- * Get a valid access token, refreshing if needed.
- * Returns null if no credentials stored or refresh fails.
+ * List all accounts configured for a provider.
  */
-export declare function getAccessToken(provider: SubscriptionProvider): Promise<string | null>;
+export declare function listProviderAccounts(provider: SubscriptionProvider): AccountCredentialRecord[];
 /**
- * Get all configured subscription providers and their status.
+ * Get a valid access token, refreshing if needed.
+ *
+ * Refreshes are serialized per `{provider}:{accountId}` via
+ * `accountRefreshMutex` so concurrent callers don't race on the
+ * refresh-token grant or the credential file write.
  *
- * IMPORTANT: stays synchronous. For Anthropic we check whether a
- * Claude Code OAuth credential blob exists on disk or in the keychain
- * via `readClaudeCodeOAuthBlob()` (sync, no refresh) rather than
- * calling `importClaudeCodeOAuthToken()` which is async and returns
- * a `Promise<string | null>` that would always be truthy when
- * awaited without `await` — silently marking every user as
- * "configured: true".
+ * Returns `null` when no credentials are stored or the refresh fails.
  */
+export declare function getAccessToken(provider: SubscriptionProvider, accountId?: string): Promise<string | null>;
 export type SubscriptionCredentialSource = "app" | "claude-code-cli" | "setup-token" | "codex-cli" | null;
-export declare function getSubscriptionStatus(): Array<{
+/**
+ * Per-account subscription status row used by the dashboard / API.
+ *
+ * One row is emitted per stored account for each provider. CLI- /
+ * setup-token-derived sources also produce a row with a synthetic
+ * `accountId` (e.g. `"claude-code-cli"`); those rows are read-only
+ * (they cannot be deleted via `DELETE /api/subscription/{provider}`).
+ */
+export interface SubscriptionAccountStatus {
     provider: SubscriptionProvider;
+    accountId: string;
+    label: string;
     configured: boolean;
     valid: boolean;
     expiresAt: number | null;
     source: SubscriptionCredentialSource;
-}>;
+}
+export declare function getSubscriptionStatus(): SubscriptionAccountStatus[];
 /**
  * Apply subscription credentials to the environment.
  * Called at startup to make credentials available to elizaOS plugins.
@@ -58,10 +78,9 @@ export declare function getSubscriptionStatus(): Array<{
  * Codex / ChatGPT subscription tokens *are* applied to the environment
  * because OpenAI permits direct API usage with those tokens.
  *
- * When a `config` is provided and the active subscription provider has
- * credentials, `model.primary` is auto-set so the user doesn't need to
- * configure it manually — but only for providers whose tokens are applied
- * to the runtime (currently Codex only).
+ * For multi-account installs the FIRST configured Codex account is the one
+ * applied to `process.env.OPENAI_API_KEY`. Real account selection lands in
+ * WS2 (AccountPool).
  */
 export declare function applySubscriptionCredentials(config?: {
     agents?: {

package/packages/agent/src/auth/credentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../../../src/auth/credentials.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AASH,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EAEtB,KAAK,oBAAoB,EAC1B,MAAM,YAAY,CAAC;AAqBpB;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,oBAAoB,EAC9B,WAAW,EAAE,gBAAgB,GAC5B,IAAI,CAaN;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,oBAAoB,GAC7B,iBAAiB,GAAG,IAAI,CAW1B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,IAAI,CAUtE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,OAAO,CAI3E;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,oBAAoB,GAC7B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA+BxB;AAuCD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,4BAA4B,GACpC,KAAK,GACL,iBAAiB,GACjB,aAAa,GACb,WAAW,GACX,IAAI,CAAC;AAET,wBAAgB,qBAAqB,IAAI,KAAK,CAAC;IAC7C,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,UAAU,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,4BAA4B,CAAC;CACtC,CAAC,CAmED;AAkJD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,4BAA4B,CAAC,MAAM,CAAC,EAAE;IAC1D,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE;YAAE,oBAAoB,CAAC,EAAE,MAAM,CAAC;YAAC,KAAK,CAAC,EAAE;gBAAE,OAAO,CAAC,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAC;KAC5E,CAAC;CACH,GAAG,OAAO,CAAC,IAAI,CAAC,CAoEhB"}
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../../../src/auth/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAOH,OAAO,EACL,KAAK,uBAAuB,EAM7B,MAAM,sBAAsB,CAAC;AAI9B,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EAEtB,KAAK,oBAAoB,EAC1B,MAAM,YAAY,CAAC;AAsBpB;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,oBAAoB,EAC9B,WAAW,EAAE,gBAAgB,EAC7B,SAAS,GAAE,MAA2B,GACrC,IAAI,CAuBN;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,GAAE,MAA2B,GACrC,iBAAiB,GAAG,IAAI,CAI1B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,GAAE,MAA2B,GACrC,IAAI,CAEN;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,GAAE,MAA2B,GACrC,OAAO,CAIT;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,oBAAoB,GAC7B,uBAAuB,EAAE,CAE3B;AAED;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,oBAAoB,EAC9B,SAAS,GAAE,MAA2B,GACrC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAyCxB;AAuCD,MAAM,MAAM,4BAA4B,GACpC,KAAK,GACL,iBAAiB,GACjB,aAAa,GACb,WAAW,GACX,IAAI,CAAC;AAET;;;;;;;GAOG;AACH,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,4BAA4B,CAAC;CACtC;AAED,wBAAgB,qBAAqB,IAAI,yBAAyB,EAAE,CAwEnE;AA+ID;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,4BAA4B,CAAC,MAAM,CAAC,EAAE;IAC1D,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE;YAAE,oBAAoB,CAAC,EAAE,MAAM,CAAC;YAAC,KAAK,CAAC,EAAE;gBAAE,OAAO,CAAC,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAC;KAC5E,CAAC;CACH,GAAG,OAAO,CAAC,IAAI,CAAC,CAmFhB"}