@hasna/accounts 0.1.5 → 0.1.7

package/dist/index.js

@@ -4085,6 +4085,16 @@ function assertSafeWritePath(filePath, opts) {
 }
 
 // src/storage.ts
+var ACCOUNTS_STORAGE_ENV = {
+  mode: "HASNA_ACCOUNTS_STORAGE_MODE",
+  s3Bucket: "HASNA_ACCOUNTS_S3_BUCKET",
+  s3Prefix: "HASNA_ACCOUNTS_S3_PREFIX",
+  awsRegion: "HASNA_ACCOUNTS_AWS_REGION",
+  s3Endpoint: "HASNA_ACCOUNTS_S3_ENDPOINT",
+  s3ForcePathStyle: "HASNA_ACCOUNTS_S3_FORCE_PATH_STYLE",
+  machineId: "HASNA_ACCOUNTS_MACHINE_ID"
+};
+var STORAGE_MODE_ENV = ACCOUNTS_STORAGE_ENV.mode;
 function validateEnvPath(value, label) {
   const trimmed = value.trim();
   if (!trimmed || trimmed.includes("\x00") || /[\r\n]/.test(trimmed)) {
@@ -4177,6 +4187,25 @@ var BUILTIN_TOOLS = [
     loginHint: "complete the Codex login flow for this CODEX_HOME",
     resumeArgs: ["resume", "--last"]
   },
+  {
+    id: "takumi",
+    label: "Takumi",
+    envVar: "TAKUMI_CONFIG_DIR",
+    defaultDir: join2(homedir2(), ".takumi"),
+    bin: "takumi",
+    loginHint: "complete Takumi auth in this TAKUMI_CONFIG_DIR",
+    resumeArgs: ["--continue"],
+    accountFile: ".claude.json",
+    emailPath: ["oauthAccount", "emailAddress"]
+  },
+  {
+    id: "gemini",
+    label: "Gemini CLI",
+    envVar: "GEMINI_CONFIG_DIR",
+    defaultDir: join2(homedir2(), ".gemini"),
+    bin: "gemini",
+    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR"
+  },
   {
     id: "opencode",
     label: "opencode",
@@ -4200,6 +4229,22 @@ var BUILTIN_TOOLS = [
     loginArgs: ["login"],
     loginHint: "complete cursor-agent login for this CURSOR_CONFIG_DIR"
   },
+  {
+    id: "pi",
+    label: "Pi Coding Agent",
+    envVar: "PI_CODING_AGENT_HOME",
+    defaultDir: join2(homedir2(), ".pi"),
+    bin: "pi",
+    loginHint: "complete Pi coding agent auth in this PI_CODING_AGENT_HOME"
+  },
+  {
+    id: "hermes",
+    label: "Hermes",
+    envVar: "HERMES_HOME",
+    defaultDir: join2(homedir2(), ".hermes"),
+    bin: "hermes",
+    loginHint: "complete Hermes auth in this HERMES_HOME"
+  },
   {
     id: "kimi",
     label: "Kimi Code",
@@ -4516,7 +4561,7 @@ function currentProfile(toolId) {
   return store.profiles.find((p) => p.name === name);
 }
 // src/lib/claude-auth.ts
-import { copyFileSync, existsSync as existsSync5, lstatSync as lstatSync2, mkdirSync as mkdirSync4, readFileSync as readFileSync3, unlinkSync, writeFileSync as writeFileSync2 } from "node:fs";
+import { copyFileSync, existsSync as existsSync5, lstatSync as lstatSync2, mkdirSync as mkdirSync4, readFileSync as readFileSync3, statSync, unlinkSync, writeFileSync as writeFileSync2 } from "node:fs";
 import { dirname as dirname4, join as join6 } from "node:path";
 
 // src/lib/claude-layout.ts
@@ -4638,14 +4683,26 @@ function writeJsonFile(path, data, stayUnder) {
 `, { mode: 384 });
 }
 function readOAuthFromPaths(paths) {
+  return findOAuthSource(paths)?.oauth;
+}
+function findOAuthSource(paths) {
   for (const p of paths) {
     const data = readJsonFile(p);
     const oauth = data?.oauthAccount;
     if (oauth && typeof oauth === "object")
-      return oauth;
+      return { path: p, oauth };
   }
   return;
 }
+function snapshotIsStale(sourcePath, snapshotPath) {
+  if (!existsSync5(snapshotPath))
+    return true;
+  try {
+    return statSync(sourcePath).mtimeMs > statSync(snapshotPath).mtimeMs;
+  } catch {
+    return false;
+  }
+}
 function mergeOAuthInto(paths, oauth, allowDelete, stayUnder) {
   const primary = paths[0];
   if (!primary)
@@ -4669,6 +4726,12 @@ function mergeOAuthInto(paths, oauth, allowDelete, stayUnder) {
     }
   }
 }
+function liveOAuthEmail() {
+  const live = liveClaudePaths();
+  const oauth = readOAuthFromPaths([live.homeJson]);
+  const email = oauth?.emailAddress;
+  return typeof email === "string" && email ? email : undefined;
+}
 function snapshotLiveAuthToProfile(profileDir, _tool) {
   const authDir = profileAuthDir(profileDir);
   assertSafeWritePath(join6(authDir, OAUTH_SNAPSHOT), { mustStayUnder: profileDir });
@@ -4692,19 +4755,19 @@ function snapshotClaudeAuthToProfile(profileDir, tool) {
   snapshotLiveAuthToProfile(profileDir, tool);
 }
 function ensureProfileAuthSnapshot(profileDir, tool, opts = {}) {
-  if (!opts.overwrite && hasAuthSnapshot(profileDir))
-    return;
   const authDir = profileAuthDir(profileDir);
   assertSafeWritePath(join6(authDir, OAUTH_SNAPSHOT), { mustStayUnder: profileDir });
   mkdirSync4(authDir, { recursive: true });
-  const oauth = readOAuthFromPaths(profileAccountJsonPaths(profileDir, tool));
-  if (oauth)
-    writeJsonFile(profileOAuthSnapshot(profileDir), { oauthAccount: oauth }, profileDir);
+  const oauthSource = findOAuthSource(profileAccountJsonPaths(profileDir, tool));
+  const oauthSnap = profileOAuthSnapshot(profileDir);
+  if (oauthSource && (opts.overwrite || snapshotIsStale(oauthSource.path, oauthSnap))) {
+    writeJsonFile(oauthSnap, { oauthAccount: oauthSource.oauth }, profileDir);
+  }
   const credFile = join6(profileDir, ".credentials.json");
-  if (existsSync5(credFile)) {
-    const dest = profileCredentialsSnapshot(profileDir);
-    assertSafeWritePath(dest, { mustStayUnder: profileDir });
-    copyFileSync(credFile, dest);
+  const credSnap = profileCredentialsSnapshot(profileDir);
+  if (existsSync5(credFile) && (opts.overwrite || snapshotIsStale(credFile, credSnap))) {
+    assertSafeWritePath(credSnap, { mustStayUnder: profileDir });
+    copyFileSync(credFile, credSnap);
   }
 }
 function profileHasAuth(profileDir, tool) {
@@ -4794,6 +4857,9 @@ function withApplyLock(fn) {
 }
 
 // src/lib/apply.ts
+function singleMatch(profiles) {
+  return profiles.length === 1 ? profiles[0] : undefined;
+}
 function appliedProfile(toolId) {
   const store = loadStore();
   const name = store.applied[toolId];
@@ -4815,11 +4881,10 @@ function applyProfileUnlocked(name, toolId) {
   }
   const store = loadStore();
   const previous = store.applied[tool.id];
-  if (previous && previous !== name) {
-    const prevProfile = store.profiles.find((p) => p.name === previous && p.tool === tool.id);
-    if (prevProfile)
-      snapshotLiveAuthToProfile(prevProfile.dir, tool);
-  }
+  const liveEmail = liveOAuthEmail();
+  const owner = liveEmail && singleMatch(store.profiles.filter((p) => p.tool === tool.id && p.email === liveEmail)) || (previous ? store.profiles.find((p) => p.name === previous && p.tool === tool.id) : undefined);
+  if (owner)
+    snapshotLiveAuthToProfile(owner.dir, tool);
   ensureProfileAuthSnapshot(profile.dir, tool);
   restoreClaudeAuthFromProfile(profile.dir, tool, name);
   store.applied[tool.id] = name;

package/dist/lib/agents.d.ts

@@ -0,0 +1,37 @@
+import type { Profile } from "../types.js";
+export type AgentEntry = Record<string, unknown>;
+export interface ProfileAgents {
+    profile: string;
+    tool: string;
+    email?: string;
+    dir: string;
+    agents: AgentEntry[];
+    error?: string;
+}
+export interface AgentsRunnerResult {
+    ok: boolean;
+    raw: string;
+    error?: string;
+}
+export type AgentsRunner = (profile: Profile) => AgentsRunnerResult;
+/**
+ * Extract the first top-level JSON array from output that may be wrapped in
+ * pty/ANSI noise (`claude agents --json` only works on a TTY, so we run it
+ * under `script` and the JSON arrives surrounded by control sequences).
+ */
+export declare function extractJsonArray(raw: string): unknown[] | undefined;
+/**
+ * Run `<bin> agents --json` for a profile's config dir under a pseudo-TTY.
+ * Claude Code switches to print-mode argument parsing when stdout is not a
+ * TTY and never reaches the `agents` subcommand, so a plain pipe won't work.
+ */
+export declare function runClaudeAgentsJson(profile: Profile, timeoutMs?: number): AgentsRunnerResult;
+export interface ListAgentsOptions {
+    tool?: string;
+    profile?: string;
+    backgroundOnly?: boolean;
+    runner?: AgentsRunner;
+}
+/** List agent sessions for every profile of a tool (default: claude). */
+export declare function listAgentsAcrossProfiles(opts?: ListAgentsOptions): ProfileAgents[];
+//# sourceMappingURL=agents.d.ts.map

package/dist/lib/agents.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents.d.ts","sourceRoot":"","sources":["../../src/lib/agents.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAI3C,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEjD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,OAAO,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,kBAAkB,CAAC;AAEpE;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,GAAG,SAAS,CA+BnE;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,SAAS,GAAG,kBAAkB,CAqB5F;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB;AAED,yEAAyE;AACzE,wBAAgB,wBAAwB,CAAC,IAAI,GAAE,iBAAsB,GAAG,aAAa,EAAE,CAwBtF"}

package/dist/lib/apply.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apply.d.ts","sourceRoot":"","sources":["../../src/lib/apply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAa3C,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAKlE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAEnG"}
+{"version":3,"file":"apply.d.ts","sourceRoot":"","sources":["../../src/lib/apply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAkB3C,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAKlE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAEnG"}

package/dist/lib/claude-auth.d.ts

@@ -1,9 +1,17 @@
 import type { ToolDef } from "../types.js";
+/** Email address of the account currently authenticated on the live Claude paths. */
+export declare function liveOAuthEmail(): string | undefined;
 /** Snapshot live Claude auth into a profile directory (used when switching away on apply). */
 export declare function snapshotLiveAuthToProfile(profileDir: string, _tool: ToolDef): void;
 /** @deprecated Use snapshotLiveAuthToProfile */
 export declare function snapshotClaudeAuthToProfile(profileDir: string, tool: ToolDef): void;
-/** Build auth snapshots from files already present in the profile config dir. */
+/**
+ * Build auth snapshots from files already present in the profile config dir.
+ * Snapshots are refreshed per-file whenever the source in the profile dir is
+ * newer than the existing snapshot — a running tool rotates its OAuth tokens
+ * in place, and restoring a login-time snapshot over rotated tokens logs the
+ * account out (rotated-out refresh tokens are revoked server-side).
+ */
 export declare function ensureProfileAuthSnapshot(profileDir: string, tool: ToolDef, opts?: {
     overwrite?: boolean;
 }): void;

package/dist/lib/claude-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"claude-auth.d.ts","sourceRoot":"","sources":["../../src/lib/claude-auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AA2E3C,8FAA8F;AAC9F,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAmBlF;AAED,gDAAgD;AAChD,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI,CAEnF;AAED,iFAAiF;AACjF,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,OAAO,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAA;CAAO,GACjC,IAAI,CAeN;AAED,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAEzE;AAED,6DAA6D;AAC7D,wBAAgB,4BAA4B,CAC1C,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,OAAO,EACb,WAAW,CAAC,EAAE,MAAM,GACnB,IAAI,CAqDN;AAED,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAM3D"}
+{"version":3,"file":"claude-auth.d.ts","sourceRoot":"","sources":["../../src/lib/claude-auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAyF3C,qFAAqF;AACrF,wBAAgB,cAAc,IAAI,MAAM,GAAG,SAAS,CAKnD;AAED,8FAA8F;AAC9F,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAmBlF;AAED,gDAAgD;AAChD,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI,CAEnF;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,OAAO,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAA;CAAO,GACjC,IAAI,CAiBN;AAED,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAEzE;AAED,6DAA6D;AAC7D,wBAAgB,4BAA4B,CAC1C,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,OAAO,EACb,WAAW,CAAC,EAAE,MAAM,GACnB,IAAI,CAqDN;AAED,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAM3D"}

package/dist/lib/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/lib/tools.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,OAAO,EAAgC,MAAM,aAAa,CAAC;AAGzE;;;;GAIG;AACH,eAAO,MAAM,aAAa,EAAE,OAAO,EA+DlC,CAAC;AAEF,eAAO,MAAM,YAAY,WAAW,CAAC;AAIrC,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED,oFAAoF;AACpF,wBAAgB,SAAS,IAAI,OAAO,EAAE,CAMrC;AAED,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAS3C;AAED,kEAAkE;AAClE,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAanD;AAED,kEAAkE;AAClE,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAWjD"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/lib/tools.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,OAAO,EAAgC,MAAM,aAAa,CAAC;AAGzE;;;;GAIG;AACH,eAAO,MAAM,aAAa,EAAE,OAAO,EAkGlC,CAAC;AAEF,eAAO,MAAM,YAAY,WAAW,CAAC;AAIrC,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED,oFAAoF;AACpF,wBAAgB,SAAS,IAAI,OAAO,EAAE,CAMrC;AAED,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAS3C;AAED,kEAAkE;AAClE,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAanD;AAED,kEAAkE;AAClE,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAWjD"}

package/dist/mcp.js

@@ -16721,6 +16721,16 @@ function assertSafeWritePath(filePath, opts) {
 }
 
 // src/storage.ts
+var ACCOUNTS_STORAGE_ENV = {
+  mode: "HASNA_ACCOUNTS_STORAGE_MODE",
+  s3Bucket: "HASNA_ACCOUNTS_S3_BUCKET",
+  s3Prefix: "HASNA_ACCOUNTS_S3_PREFIX",
+  awsRegion: "HASNA_ACCOUNTS_AWS_REGION",
+  s3Endpoint: "HASNA_ACCOUNTS_S3_ENDPOINT",
+  s3ForcePathStyle: "HASNA_ACCOUNTS_S3_FORCE_PATH_STYLE",
+  machineId: "HASNA_ACCOUNTS_MACHINE_ID"
+};
+var STORAGE_MODE_ENV = ACCOUNTS_STORAGE_ENV.mode;
 function validateEnvPath(value, label) {
   const trimmed = value.trim();
   if (!trimmed || trimmed.includes("\x00") || /[\r\n]/.test(trimmed)) {
@@ -16811,6 +16821,25 @@ var BUILTIN_TOOLS = [
     loginHint: "complete the Codex login flow for this CODEX_HOME",
     resumeArgs: ["resume", "--last"]
   },
+  {
+    id: "takumi",
+    label: "Takumi",
+    envVar: "TAKUMI_CONFIG_DIR",
+    defaultDir: join2(homedir2(), ".takumi"),
+    bin: "takumi",
+    loginHint: "complete Takumi auth in this TAKUMI_CONFIG_DIR",
+    resumeArgs: ["--continue"],
+    accountFile: ".claude.json",
+    emailPath: ["oauthAccount", "emailAddress"]
+  },
+  {
+    id: "gemini",
+    label: "Gemini CLI",
+    envVar: "GEMINI_CONFIG_DIR",
+    defaultDir: join2(homedir2(), ".gemini"),
+    bin: "gemini",
+    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR"
+  },
   {
     id: "opencode",
     label: "opencode",
@@ -16834,6 +16863,22 @@ var BUILTIN_TOOLS = [
     loginArgs: ["login"],
     loginHint: "complete cursor-agent login for this CURSOR_CONFIG_DIR"
   },
+  {
+    id: "pi",
+    label: "Pi Coding Agent",
+    envVar: "PI_CODING_AGENT_HOME",
+    defaultDir: join2(homedir2(), ".pi"),
+    bin: "pi",
+    loginHint: "complete Pi coding agent auth in this PI_CODING_AGENT_HOME"
+  },
+  {
+    id: "hermes",
+    label: "Hermes",
+    envVar: "HERMES_HOME",
+    defaultDir: join2(homedir2(), ".hermes"),
+    bin: "hermes",
+    loginHint: "complete Hermes auth in this HERMES_HOME"
+  },
   {
     id: "kimi",
     label: "Kimi Code",
@@ -16921,7 +16966,7 @@ function currentProfile(toolId) {
 }
 
 // src/lib/claude-auth.ts
-import { copyFileSync, existsSync as existsSync3, lstatSync as lstatSync2, mkdirSync as mkdirSync3, readFileSync as readFileSync2, unlinkSync, writeFileSync as writeFileSync2 } from "node:fs";
+import { copyFileSync, existsSync as existsSync3, lstatSync as lstatSync2, mkdirSync as mkdirSync3, readFileSync as readFileSync2, statSync, unlinkSync, writeFileSync as writeFileSync2 } from "node:fs";
 import { dirname as dirname3, join as join4 } from "node:path";
 
 // src/lib/claude-layout.ts
@@ -17043,14 +17088,26 @@ function writeJsonFile(path, data, stayUnder) {
 `, { mode: 384 });
 }
 function readOAuthFromPaths(paths) {
+  return findOAuthSource(paths)?.oauth;
+}
+function findOAuthSource(paths) {
   for (const p of paths) {
     const data = readJsonFile(p);
     const oauth = data?.oauthAccount;
     if (oauth && typeof oauth === "object")
-      return oauth;
+      return { path: p, oauth };
   }
   return;
 }
+function snapshotIsStale(sourcePath, snapshotPath) {
+  if (!existsSync3(snapshotPath))
+    return true;
+  try {
+    return statSync(sourcePath).mtimeMs > statSync(snapshotPath).mtimeMs;
+  } catch {
+    return false;
+  }
+}
 function mergeOAuthInto(paths, oauth, allowDelete, stayUnder) {
   const primary = paths[0];
   if (!primary)
@@ -17074,6 +17131,12 @@ function mergeOAuthInto(paths, oauth, allowDelete, stayUnder) {
     }
   }
 }
+function liveOAuthEmail() {
+  const live = liveClaudePaths();
+  const oauth = readOAuthFromPaths([live.homeJson]);
+  const email2 = oauth?.emailAddress;
+  return typeof email2 === "string" && email2 ? email2 : undefined;
+}
 function snapshotLiveAuthToProfile(profileDir, _tool) {
   const authDir = profileAuthDir(profileDir);
   assertSafeWritePath(join4(authDir, OAUTH_SNAPSHOT), { mustStayUnder: profileDir });
@@ -17094,19 +17157,19 @@ function snapshotLiveAuthToProfile(profileDir, _tool) {
   }
 }
 function ensureProfileAuthSnapshot(profileDir, tool, opts = {}) {
-  if (!opts.overwrite && hasAuthSnapshot(profileDir))
-    return;
   const authDir = profileAuthDir(profileDir);
   assertSafeWritePath(join4(authDir, OAUTH_SNAPSHOT), { mustStayUnder: profileDir });
   mkdirSync3(authDir, { recursive: true });
-  const oauth = readOAuthFromPaths(profileAccountJsonPaths(profileDir, tool));
-  if (oauth)
-    writeJsonFile(profileOAuthSnapshot(profileDir), { oauthAccount: oauth }, profileDir);
+  const oauthSource = findOAuthSource(profileAccountJsonPaths(profileDir, tool));
+  const oauthSnap = profileOAuthSnapshot(profileDir);
+  if (oauthSource && (opts.overwrite || snapshotIsStale(oauthSource.path, oauthSnap))) {
+    writeJsonFile(oauthSnap, { oauthAccount: oauthSource.oauth }, profileDir);
+  }
   const credFile = join4(profileDir, ".credentials.json");
-  if (existsSync3(credFile)) {
-    const dest = profileCredentialsSnapshot(profileDir);
-    assertSafeWritePath(dest, { mustStayUnder: profileDir });
-    copyFileSync(credFile, dest);
+  const credSnap = profileCredentialsSnapshot(profileDir);
+  if (existsSync3(credFile) && (opts.overwrite || snapshotIsStale(credFile, credSnap))) {
+    assertSafeWritePath(credSnap, { mustStayUnder: profileDir });
+    copyFileSync(credFile, credSnap);
   }
 }
 function profileHasAuth(profileDir, tool) {
@@ -17196,6 +17259,9 @@ function withApplyLock(fn) {
 }
 
 // src/lib/apply.ts
+function singleMatch(profiles) {
+  return profiles.length === 1 ? profiles[0] : undefined;
+}
 function appliedProfile(toolId) {
   const store = loadStore();
   const name = store.applied[toolId];
@@ -17217,11 +17283,10 @@ function applyProfileUnlocked(name, toolId) {
   }
   const store = loadStore();
   const previous = store.applied[tool.id];
-  if (previous && previous !== name) {
-    const prevProfile = store.profiles.find((p) => p.name === previous && p.tool === tool.id);
-    if (prevProfile)
-      snapshotLiveAuthToProfile(prevProfile.dir, tool);
-  }
+  const liveEmail = liveOAuthEmail();
+  const owner = liveEmail && singleMatch(store.profiles.filter((p) => p.tool === tool.id && p.email === liveEmail)) || (previous ? store.profiles.find((p) => p.name === previous && p.tool === tool.id) : undefined);
+  if (owner)
+    snapshotLiveAuthToProfile(owner.dir, tool);
   ensureProfileAuthSnapshot(profile.dir, tool);
   restoreClaudeAuthFromProfile(profile.dir, tool, name);
   store.applied[tool.id] = name;
@@ -17399,7 +17464,7 @@ function ok(data) {
 function fail(message) {
   return { content: [{ type: "text", text: JSON.stringify({ error: message }) }], isError: true };
 }
-var server = new Server({ name: "accounts", version: "0.1.5" }, { capabilities: { tools: {} } });
+var server = new Server({ name: "accounts", version: "0.1.7" }, { capabilities: { tools: {} } });
 server.setRequestHandler(ListToolsRequestSchema, async () => ({
   tools: [
     {

package/dist/storage.d.ts

@@ -1,4 +1,69 @@
 import { type Store } from "./types.js";
+export declare const ACCOUNTS_STORAGE_ENV: {
+    readonly mode: "HASNA_ACCOUNTS_STORAGE_MODE";
+    readonly s3Bucket: "HASNA_ACCOUNTS_S3_BUCKET";
+    readonly s3Prefix: "HASNA_ACCOUNTS_S3_PREFIX";
+    readonly awsRegion: "HASNA_ACCOUNTS_AWS_REGION";
+    readonly s3Endpoint: "HASNA_ACCOUNTS_S3_ENDPOINT";
+    readonly s3ForcePathStyle: "HASNA_ACCOUNTS_S3_FORCE_PATH_STYLE";
+    readonly machineId: "HASNA_ACCOUNTS_MACHINE_ID";
+};
+export declare const ACCOUNTS_STORAGE_FALLBACK_ENV: {
+    readonly mode: "ACCOUNTS_STORAGE_MODE";
+    readonly s3Bucket: "ACCOUNTS_S3_BUCKET";
+    readonly s3Prefix: "ACCOUNTS_S3_PREFIX";
+    readonly awsRegion: "ACCOUNTS_AWS_REGION";
+    readonly s3Endpoint: "ACCOUNTS_S3_ENDPOINT";
+    readonly s3ForcePathStyle: "ACCOUNTS_S3_FORCE_PATH_STYLE";
+    readonly machineId: "ACCOUNTS_MACHINE_ID";
+};
+export declare const STORAGE_MODE_ENV: "HASNA_ACCOUNTS_STORAGE_MODE";
+export declare const STORAGE_TABLES: readonly [];
+export type AccountsStorageMode = "local" | "remote" | "hybrid";
+export interface AccountsStorageConfig {
+    mode: AccountsStorageMode;
+    s3Bucket?: string;
+    s3Prefix: string;
+    awsRegion?: string;
+    s3Endpoint?: string;
+    s3ForcePathStyle?: boolean;
+    machineId: string;
+}
+export interface AccountsStorageStatus {
+    configured: boolean;
+    mode: AccountsStorageMode;
+    local: {
+        home: string;
+        storePath: string;
+        profilesDir: string;
+    };
+    remote: {
+        configured: boolean;
+        bucketEnv: string;
+        bucket?: string;
+        prefix: string;
+        regionEnv: string;
+        endpointConfigured: boolean;
+    };
+    env: typeof ACCOUNTS_STORAGE_ENV;
+    fallbackEnv: typeof ACCOUNTS_STORAGE_FALLBACK_ENV;
+    tables: readonly [];
+}
+export interface AccountsStorageSnapshot {
+    schemaVersion: 1;
+    source: "accounts";
+    createdAt: string;
+    machineId: string;
+    store: Store;
+}
+export interface AccountsStorageSyncResult {
+    mode: AccountsStorageMode;
+    pushed: number;
+    pulled: number;
+    skipped: boolean;
+    key: string;
+    reason?: string;
+}
 /** Base directory for all accounts state. Override with `ACCOUNTS_HOME`. */
 export declare function accountsHome(): string;
 /** Path to the registry file. Override with `ACCOUNTS_STORE_PATH`. */
@@ -7,4 +72,13 @@ export declare function storePath(): string;
 export declare function profilesDir(): string;
 export declare function loadStore(): Store;
 export declare function saveStore(store: Store): void;
+export declare function getAccountsStorageConfig(env?: NodeJS.ProcessEnv): AccountsStorageConfig;
+export declare function getAccountsStorageStatus(env?: NodeJS.ProcessEnv): AccountsStorageStatus;
+export declare function createAccountsStorageSnapshot(env?: NodeJS.ProcessEnv): AccountsStorageSnapshot;
+export declare function restoreAccountsStorageSnapshot(snapshot: AccountsStorageSnapshot): void;
+export declare function accountsStorageSnapshotKey(env?: NodeJS.ProcessEnv): string;
+export declare function storagePush(env?: NodeJS.ProcessEnv): Promise<AccountsStorageSyncResult>;
+export declare function storagePull(env?: NodeJS.ProcessEnv): Promise<AccountsStorageSyncResult>;
+export declare function storageSync(env?: NodeJS.ProcessEnv): Promise<AccountsStorageSyncResult>;
+export declare const getStorageStatus: typeof getAccountsStorageStatus;
 //# sourceMappingURL=storage.d.ts.map

package/dist/storage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,KAAK,EAAiD,MAAM,YAAY,CAAC;AAWvF,4EAA4E;AAC5E,wBAAgB,YAAY,IAAI,MAAM,CAIrC;AAED,sEAAsE;AACtE,wBAAgB,SAAS,IAAI,MAAM,CAIlC;AAED,0EAA0E;AAC1E,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAID,wBAAgB,SAAS,IAAI,KAAK,CA+BjC;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAK5C"}
+{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../src/storage.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,KAAK,EAAiD,MAAM,YAAY,CAAC;AAGvF,eAAO,MAAM,oBAAoB;;;;;;;;CAQvB,CAAC;AAEX,eAAO,MAAM,6BAA6B;;;;;;;;CAQhC,CAAC;AAEX,eAAO,MAAM,gBAAgB,+BAA4B,CAAC;AAC1D,eAAO,MAAM,cAAc,aAAc,CAAC;AAE1C,MAAM,MAAM,mBAAmB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEhE,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,mBAAmB,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,mBAAmB,CAAC;IAC1B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,EAAE;QACN,UAAU,EAAE,OAAO,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,kBAAkB,EAAE,OAAO,CAAC;KAC7B,CAAC;IACF,GAAG,EAAE,OAAO,oBAAoB,CAAC;IACjC,WAAW,EAAE,OAAO,6BAA6B,CAAC;IAClD,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,CAAC,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,KAAK,CAAC;CACd;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,mBAAmB,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAUD,4EAA4E;AAC5E,wBAAgB,YAAY,IAAI,MAAM,CAIrC;AAED,sEAAsE;AACtE,wBAAgB,SAAS,IAAI,MAAM,CAIlC;AAED,0EAA0E;AAC1E,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAID,wBAAgB,SAAS,IAAI,KAAK,CA+BjC;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAK5C;AAwBD,wBAAgB,wBAAwB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,qBAAqB,CAUpG;AAED,wBAAgB,wBAAwB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,qBAAqB,CAsBpG;AAED,wBAAgB,6BAA6B,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,uBAAuB,CAS3G;AAED,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,uBAAuB,GAAG,IAAI,CAKtF;AAED,wBAAgB,0BAA0B,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,CAGvF;AAoBD,wBAAsB,WAAW,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAiB1G;AAED,wBAAsB,WAAW,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAa1G;AAED,wBAAsB,WAAW,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAS1G;AAED,eAAO,MAAM,gBAAgB,iCAA2B,CAAC"}