@hieplp/pi-account-switcher 0.2.1 → 0.2.3

package/README.md

@@ -48,45 +48,55 @@ After installing, reload Pi and add your first account:
 /accounts:add
 ```
 
+### Local development command prefix
+
+If you have the npm package installed and also run a local checkout, set `PI_ACCOUNT_SWITCHER_COMMAND_PREFIX` before launching Pi to avoid command-name collisions:
+
+```bash
+PI_ACCOUNT_SWITCHER_COMMAND_PREFIX=dev pi -e ./src/extension.ts
+```
+
+The local commands will be registered as `/dev:accounts:list`, `/dev:accounts:add`, etc. The prefix may include the trailing colon (`dev:`) or omit it (`dev`).
+
 ---
 
 ## Commands
 
 ### Accounts
 
-| Command | Description |
-|---|---|
-| `/accounts:add` | Add a new account interactively |
-| `/accounts:list` | List all accounts and activate the selected one |
-| `/accounts:switch` | Switch to another account within the current provider |
-| `/accounts:edit` | Edit label, provider, id, or credential source |
-| `/accounts:remove` | Delete an account |
-| `/accounts:oauth` | Import the current Pi `/login` OAuth session as a named account |
+| Command            | Description                                                     |
+| ------------------ | --------------------------------------------------------------- |
+| `/accounts:add`    | Add a new account interactively                                 |
+| `/accounts:list`   | List all accounts and activate the selected one                 |
+| `/accounts:switch` | Switch to another account within the current provider           |
+| `/accounts:edit`   | Edit label, provider, id, or credential source                  |
+| `/accounts:remove` | Delete an account                                               |
+| `/accounts:oauth`  | Import the current Pi `/login` OAuth session as a named account |
 
 ### Providers
 
-| Command | Description |
-|---|---|
-| `/providers:add` | Add a reusable custom provider |
-| `/providers:list` | List custom providers |
-| `/providers:edit` | Edit a custom provider |
+| Command             | Description                      |
+| ------------------- | -------------------------------- |
+| `/providers:add`    | Add a reusable custom provider   |
+| `/providers:list`   | List custom providers            |
+| `/providers:edit`   | Edit a custom provider           |
 | `/providers:remove` | Remove an unused custom provider |
 
 ### Models
 
-| Command | Description |
-|---|---|
-| `/models:list` | List all available models and switch to the selected one |
-| `/models:add` | Add a custom model config to the current provider |
-| `/models:remove` | Remove a custom model config |
+| Command          | Description                                              |
+| ---------------- | -------------------------------------------------------- |
+| `/models:list`   | List all available models and switch to the selected one |
+| `/models:add`    | Add a custom model config to the current provider        |
+| `/models:remove` | Remove a custom model config                             |
 
 ### System
 
-| Command | Description |
-|---|---|
-| `/system:reset` | Delete all accounts, providers, and state |
+| Command          | Description                                              |
+| ---------------- | -------------------------------------------------------- |
+| `/system:reset`  | Delete all accounts, providers, and state                |
 | `/system:export` | Export all accounts, providers, and state to a JSON file |
-| `/system:import` | Import accounts, providers, and state from a JSON file |
+| `/system:import` | Import accounts, providers, and state from a JSON file   |
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hieplp/pi-account-switcher",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "type": "module",
   "description": "Pi extension for quickly switching between multiple accounts/API keys per provider.",
   "license": "MIT",
@@ -27,21 +27,24 @@
   ],
   "scripts": {
     "typecheck": "tsc --noEmit",
-    "test": "vitest run"
+    "test": "vitest run",
+    "format": "prettier --write .",
+    "format:check": "prettier --check ."
   },
   "dependencies": {
+    "@earendil-works/pi-tui": "^0.74.0",
     "@mariozechner/jiti": "^2.6.5",
-    "@mariozechner/pi-tui": "^0.73.1",
     "zod": "^4.4.3"
   },
   "peerDependencies": {
-    "@mariozechner/pi-ai": "*",
-    "@mariozechner/pi-coding-agent": "*"
+    "@earendil-works/pi-ai": "*",
+    "@earendil-works/pi-coding-agent": "*"
   },
   "devDependencies": {
-    "@mariozechner/pi-ai": "latest",
-    "@mariozechner/pi-coding-agent": "latest",
+    "@earendil-works/pi-ai": "latest",
+    "@earendil-works/pi-coding-agent": "latest",
     "@types/node": "latest",
+    "prettier": "^3.8.3",
     "typescript": "latest",
     "vitest": "latest"
   },
@@ -49,5 +52,6 @@
     "extensions": [
       "./src/extension.ts"
     ]
-  }
+  },
+  "packageManager": "pnpm@11.5.0+sha512.dbfcc4f81cf48597afd4bc391ffdf12c11f1a9fb83a395bfa6b0a2d9cc2fd8ffebafdb1ccbd529632153f793904c2615b7f09fe1a345473fd1c35845172a8eb1"
 }

package/src/commands/accounts/add.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountConfig, AccountSwitcherContext } from "@/types";
 import { COMMANDS } from "@/constants";

package/src/commands/accounts/edit.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountSwitcherContext } from "@/types";
 import { COMMANDS } from "@/constants";
@@ -19,7 +19,7 @@ class EditAccountCommand extends AccountCommand {
       const original = await this.loadAndSelectAccount(ctx, "Select account to edit");
       if (!original) return;
 
-      const updated = await new AccountConfigBuilder(ctx.ui, this.runtime.getProviders(), original).collect();
+      const updated = await new AccountConfigBuilder(ctx.ui, this.runtime.getProviders(), original).collect(true);
       if (!updated) return;
 
       await this.runtime.editAccount(original, updated);

package/src/commands/accounts/index.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import { useAddAccountCommand } from "./add";
 import { useEditAccountCommand } from "./edit";
@@ -6,6 +6,7 @@ import { useListAccountsCommand } from "./list";
 import { useOAuthImportCommand } from "./oauth";
 import { useRemoveAccountCommand } from "./remove";
 import { useSwitchAccountCommand } from "./switch";
+import { useVerifyAccountsCommand } from "./verify";
 
 const useAccountCommands = (pi: ExtensionAPI, runtime: AccountSwitcher) => {
   useAddAccountCommand(pi, runtime);
@@ -14,6 +15,7 @@ const useAccountCommands = (pi: ExtensionAPI, runtime: AccountSwitcher) => {
   useOAuthImportCommand(pi, runtime);
   useRemoveAccountCommand(pi, runtime);
   useSwitchAccountCommand(pi, runtime);
+  useVerifyAccountsCommand(pi, runtime);
 };
 
 export default useAccountCommands;

package/src/commands/accounts/list.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountSwitcherContext } from "@/types";
 import { COMMANDS } from "@/constants";

package/src/commands/accounts/oauth.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountConfig, AccountSwitcherContext } from "@/types";
 import { COMMANDS, OAUTH_PROVIDER_IDS, PI_AUTH_PATH } from "@/constants";

package/src/commands/accounts/remove.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountSwitcherContext } from "@/types";
 import { COMMANDS } from "@/constants";

package/src/commands/accounts/shared/base.ts

@@ -1,4 +1,4 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountConfig, AccountSwitcherContext } from "@/types";
 import { uiUtil } from "@/utils";
@@ -69,6 +69,31 @@ export abstract class AccountCommand extends BaseCommand {
     accounts: AccountConfig[],
     label = "Pick account",
   ): Promise<AccountConfig | undefined> {
+    const { labels, values } = this.buildGroupedAccountSelectItems(accounts, true);
+    return this.pickGrouped(ctx, label, labels, values);
+  }
+
+  protected async pickGroupedAccounts(
+    ctx: AccountSwitcherContext,
+    accounts: AccountConfig[],
+    label = "Pick accounts",
+  ): Promise<AccountConfig[] | undefined> {
+    const activeId = this.runtime.getActiveAccount()?.id;
+    const { labels, values } = this.buildGroupedAccountSelectItems(accounts, false);
+    const firstAccountIndex = values.findIndex((value) => value !== null);
+    const initialChecked = values.map((value, index) =>
+      activeId ? value?.id === activeId : firstAccountIndex !== -1 && index === firstAccountIndex,
+    );
+    return uiUtil.multiGroupedSelect(ctx.ui, label, labels, values, initialChecked);
+  }
+
+  private buildGroupedAccountSelectItems(
+    accounts: AccountConfig[],
+    includeActiveMarker: boolean,
+  ): {
+    labels: string[];
+    values: Array<AccountConfig | null>;
+  } {
     const items = buildGroupedItems(accounts, this.runtime.getProviders(), this.runtime.getActiveAccount()?.id);
 
     const labels: string[] = [];
@@ -79,10 +104,16 @@ export abstract class AccountCommand extends BaseCommand {
         values.push(null);
         continue;
       }
-      labels.push(formatAccountItem(item));
+      labels.push(includeActiveMarker ? formatAccountItem(item) : this.formatMultiAccountItem(item));
       values.push(item.account);
     }
 
-    return this.pickGrouped(ctx, label, labels, values);
+    return { labels, values };
+  }
+
+  private formatMultiAccountItem(
+    item: Extract<ReturnType<typeof buildGroupedItems>[number], { type: "account" }>,
+  ): string {
+    return item.active ? `${item.account.label} (active)` : item.account.label;
   }
 }

package/src/commands/accounts/shared/prompts.ts

@@ -1,4 +1,4 @@
-import type { ExtensionUIContext } from "@mariozechner/pi-coding-agent";
+import type { ExtensionUIContext } from "@earendil-works/pi-coding-agent";
 import type { AccountConfig, ProviderConfig, SecretSource } from "@/types";
 import { commonUtil, providerUtil, uiUtil } from "@/utils";
 import { ACCOUNTS_PATH } from "@/constants";
@@ -37,12 +37,14 @@ export class AccountConfigBuilder {
   }
 
   async withProvider(): Promise<this> {
-    const choice = await uiUtil.filteredSelect(this.ui, "Provider", providerUtil.providerChoices(this.customProviders));
+    const choices = providerUtil.providerChoices(this.customProviders);
+    const choice = await uiUtil.filteredSelect(this.ui, "Provider", choices);
     if (!choice) return this;
 
     const raw = choice === "custom" ? await this.prompt("Custom provider", "provider-id").asText() : choice;
     const provider = providerUtil.normalizeProvider(raw ?? "");
-    if (!provider) throw new Error("Provider is required");
+    // If provider is empty (user cancelled), return early. collect() will detect missing provider and return undefined.
+    if (!provider) return this;
 
     this.config.provider = provider;
     this.customProvider = providerUtil.findProvider(provider, this.customProviders);
@@ -101,21 +103,32 @@ export class AccountConfigBuilder {
     const { provider } = this.config;
     if (!provider) return this;
 
+    const hasExistingCredentials =
+      !!this.config.env || !!this.config.providerApiKey || !!this.config.usesProviderApiKey || !!this.config.piAuth;
+
     if (this.customProvider) {
       const apiKey = await this.promptForCustomProviderApiKey(this.customProvider);
-      if (apiKey || this.customProvider.apiKey) {
-        if (apiKey) {
-          this.config.providerApiKey = apiKey;
-        } else {
+      if (apiKey) {
+        this.config.providerApiKey = apiKey;
+        return this;
+      }
+      if (!hasExistingCredentials) {
+        if (this.customProvider.apiKey) {
           this.config.usesProviderApiKey = true;
+          return this;
         }
-        return this;
+      } else {
+        // Has existing credentials — fall through to let user choose "keep current" or update
       }
     }
 
     const envKeys = providerUtil.requiredEnvKeysForProvider(provider, this.customProviders);
-    const envChoice = await this.ui.select("Credential env var", [...envKeys, "custom"]);
-    if (!envChoice) return this;
+    const envChoice = await this.ui.select("Credential env var", [
+      ...envKeys,
+      "custom",
+      ...(hasExistingCredentials ? ["keep current"] : []),
+    ]);
+    if (!envChoice || envChoice === "keep current") return this;
 
     const envName = envChoice === "custom" ? await this.prompt("Env var name", "PROVIDER_API_KEY").asText() : envChoice;
     if (!envName) throw new Error("Env var name is required");
@@ -150,7 +163,12 @@ export class AccountConfigBuilder {
     };
   }
 
-  async collect(): Promise<AccountConfig | undefined> {
+  /**
+   * Collect account configuration interactively.
+   * @param isEdit - When true, allows keeping existing credentials without re-entering them.
+   *                 Empty input for most fields will preserve the current value.
+   */
+  async collect(isEdit = false): Promise<AccountConfig | undefined> {
     await this.withProvider();
     if (!this.config.provider) return undefined;
 
@@ -159,7 +177,13 @@ export class AccountConfigBuilder {
     await this.withModel();
     await this.withCredentials();
 
-    if (!this.config.env && !this.config.providerApiKey && !this.config.usesProviderApiKey && !this.config.piAuth) {
+    if (
+      !isEdit &&
+      !this.config.env &&
+      !this.config.providerApiKey &&
+      !this.config.usesProviderApiKey &&
+      !this.config.piAuth
+    ) {
       this.ui.notify("No credentials configured. Account not saved.", "info");
       return undefined;
     }

package/src/commands/accounts/switch.ts

@@ -1,8 +1,8 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import type { AccountSwitcher } from "@/runtime";
 import type { AccountSwitcherContext } from "@/types";
 import { COMMANDS } from "@/constants";
-import { errorUtil, providerUtil } from "@/utils";
+import { commandUtil, errorUtil, providerUtil } from "@/utils";
 import { AccountCommand } from "./shared";
 
 export const useSwitchAccountCommand = (pi: ExtensionAPI, runtime: AccountSwitcher) => {
@@ -20,7 +20,10 @@ class SwitchAccountCommand extends AccountCommand {
 
       const active = this.runtime.getActiveAccount();
       if (!active) {
-        ctx.ui.notify("No active account. Use accounts:list to activate one first.", "info");
+        ctx.ui.notify(
+          `No active account. Use ${commandUtil.name(COMMANDS.accounts.list.name)} to activate one first.`,
+          "info",
+        );
         return;
       }
 

package/src/commands/accounts/verify.ts

@@ -0,0 +1,298 @@
+import { completeSimple, type Api, type Model } from "@earendil-works/pi-ai";
+import type { AuthCredential, ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import type { AccountSwitcher } from "@/runtime";
+import type { AccountConfig, AccountSwitcherContext, ProviderConfig, SecretSource } from "@/types";
+import { COMMANDS } from "@/constants";
+import { accountUtil, commonUtil, errorUtil, providerUtil, uiUtil } from "@/utils";
+import { AccountCommand } from "./shared";
+
+export const useVerifyAccountsCommand = (pi: ExtensionAPI, runtime: AccountSwitcher) => {
+  new VerifyAccountsCommand(pi, runtime).register();
+};
+
+type VerifyTestPlan = {
+  secrets: boolean;
+  ping: boolean;
+};
+
+type CheckResult = {
+  ok: boolean;
+  line: string;
+};
+
+type AccountVerifyReport = {
+  account: AccountConfig;
+  ok: boolean;
+  lines: string[];
+};
+
+const TEST_OPTIONS = {
+  secrets: "Verify secrets",
+  ping: "Send ping",
+} as const;
+
+const MAX_PARALLEL_VERIFY = 3;
+
+class VerifyAccountsCommand extends AccountCommand {
+  constructor(pi: ExtensionAPI, runtime: AccountSwitcher) {
+    super(pi, runtime, COMMANDS.accounts.verify);
+  }
+
+  async handler(ctx: AccountSwitcherContext, args?: string): Promise<void> {
+    try {
+      const accounts = await this.loadAccounts(ctx);
+      if (!accounts) return;
+
+      const parts = (args ?? "").trim().toLowerCase().split(/\s+/).filter(Boolean);
+      const verifyAll = parts.includes("all");
+      const pingArg = parts.includes("ping") || parts.includes("probe") || parts.includes("connect");
+      const targets = verifyAll
+        ? accounts
+        : await this.pickGroupedAccounts(ctx, accounts, pingArg ? "Verify and ping accounts" : "Verify accounts");
+
+      if (!targets || targets.length === 0) return;
+
+      const plan = pingArg ? { secrets: true, ping: true } : await this.pickTestPlan(ctx);
+      if (!plan) return;
+
+      const selectedTests = this.formatSelectedTests(plan);
+      ctx.ui.notify(
+        `Testing ${targets.length} account${targets.length === 1 ? "" : "s"} (${selectedTests})...`,
+        "info",
+      );
+
+      const concurrency = plan.ping ? 1 : MAX_PARALLEL_VERIFY;
+      const reports = await commonUtil.runWithConcurrency(targets, concurrency, (account) =>
+        this.verifyAccount(ctx, account, plan),
+      );
+      const failed = reports.filter((report) => !report.ok).length;
+
+      ctx.ui.setEditorText(this.formatReport(plan, reports));
+      ctx.ui.notify(
+        `Finished testing ${targets.length} account${targets.length === 1 ? "" : "s"}${
+          failed ? ` — ${failed} failed` : " — all checks passed"
+        }.`,
+        failed ? "warning" : "info",
+      );
+    } catch (error) {
+      ctx.ui.notify(`accounts:verify failed: ${errorUtil.format(error)}`, "error");
+    }
+  }
+
+  private async pickTestPlan(ctx: AccountSwitcherContext): Promise<VerifyTestPlan | undefined> {
+    const selected = await uiUtil.multiSelect(
+      ctx.ui,
+      "What should be tested?",
+      [TEST_OPTIONS.secrets, TEST_OPTIONS.ping],
+      [true, false],
+    );
+
+    if (!selected) return undefined;
+
+    const plan = {
+      secrets: selected.includes(TEST_OPTIONS.secrets),
+      ping: selected.includes(TEST_OPTIONS.ping),
+    };
+
+    if (!plan.secrets && !plan.ping) {
+      ctx.ui.notify("No tests selected.", "info");
+      return undefined;
+    }
+
+    return plan;
+  }
+
+  private async verifyAccount(
+    ctx: AccountSwitcherContext,
+    account: AccountConfig,
+    plan: VerifyTestPlan,
+  ): Promise<AccountVerifyReport> {
+    const lines: string[] = [];
+    let ok = true;
+
+    if (plan.secrets) {
+      let anyChecked = false;
+
+      if (account.piAuth) {
+        lines.push("✓ secrets: using stored OAuth/piAuth credentials");
+      }
+
+      if (account.usesProviderApiKey && !account.providerApiKey) {
+        lines.push("✓ secrets: using provider config apiKey");
+      }
+
+      const secretChecks: Array<[string, SecretSource]> = [];
+      if (account.providerApiKey) secretChecks.push(["providerApiKey", account.providerApiKey]);
+      if (!account.piAuth && account.env) {
+        for (const [envName, source] of Object.entries(account.env)) secretChecks.push([envName, source]);
+      }
+
+      if (secretChecks.length > 0) {
+        const results = await Promise.all(secretChecks.map(([key, source]) => this.verifySecret(key, source)));
+        for (const result of results) {
+          lines.push(result.line);
+          ok &&= result.ok;
+        }
+      } else if (!account.piAuth && !account.usesProviderApiKey) {
+        lines.push("ℹ secrets: no secrets configured");
+      }
+    }
+
+    if (plan.ping) {
+      const result = await this.pingAccount(ctx, account);
+      lines.push(result.line);
+      ok &&= result.ok;
+    }
+
+    return { account, ok, lines };
+  }
+
+  private async pingAccount(ctx: AccountSwitcherContext, account: AccountConfig): Promise<CheckResult> {
+    const prefix = `[${account.label}]`;
+    const authProvider = this.resolveAuthProvider(account);
+    const model = this.resolveProbeModel(ctx, account, authProvider);
+    if (!model) {
+      return { ok: false, line: `✗ ping: skipped — no model found for provider ${authProvider}` };
+    }
+
+    const envBackup = new Map<string, string | undefined>();
+    let authBackup: AuthCredential | undefined;
+    let hadAuth = false;
+    let providerToRestore: ProviderConfig | undefined;
+
+    let requestAuth!: Awaited<ReturnType<typeof ctx.modelRegistry.getApiKeyAndHeaders>>;
+    try {
+      if (!account.piAuth && account.env) {
+        const resolved = await accountUtil.resolveAccountEnv(account);
+        for (const [envName, value] of resolved) {
+          envBackup.set(envName, process.env[envName]);
+          process.env[envName] = value;
+        }
+      }
+
+      if (account.piAuth) {
+        hadAuth = ctx.modelRegistry.authStorage.has(authProvider);
+        authBackup = ctx.modelRegistry.authStorage.get(authProvider);
+        ctx.modelRegistry.authStorage.set(authProvider, account.piAuth.entry);
+        ctx.modelRegistry.authStorage.reload();
+      }
+
+      if (account.providerApiKey) {
+        const provider = providerUtil.findProvider(account.provider, this.runtime.getProviders());
+        if (provider) {
+          providerToRestore = provider;
+          const apiKey = await accountUtil.resolveSecret(account.providerApiKey);
+          if (!apiKey) throw new Error("Resolved empty providerApiKey for ping");
+          this.runtime.registerProvider({ ...provider, apiKey });
+        }
+      }
+
+      requestAuth = await ctx.modelRegistry.getApiKeyAndHeaders(model);
+      if (!requestAuth.ok) throw new Error(requestAuth.error);
+    } catch (err) {
+      return { ok: false, line: `✗ ping: unable to prepare credentials — ${errorUtil.format(err)}` };
+    } finally {
+      for (const [envName, previous] of envBackup) {
+        if (previous === undefined) delete process.env[envName];
+        else process.env[envName] = previous;
+      }
+      if (account.piAuth) {
+        if (hadAuth && authBackup) ctx.modelRegistry.authStorage.set(authProvider, authBackup);
+        else ctx.modelRegistry.authStorage.remove(authProvider);
+        ctx.modelRegistry.authStorage.reload();
+      }
+      if (providerToRestore) {
+        this.runtime.registerProvider(providerToRestore);
+      }
+    }
+
+    try {
+      ctx.ui.notify(`${prefix} ping: sending request via ${model.provider}/${model.id}...`, "info");
+
+      const response = await completeSimple(
+        model,
+        {
+          systemPrompt: "You are a health-check endpoint. Follow the user instruction exactly.",
+          messages: [
+            {
+              role: "user",
+              content: "Health check: reply with exactly OK.",
+              timestamp: Date.now(),
+            },
+          ],
+        },
+        {
+          apiKey: requestAuth.apiKey,
+          headers: requestAuth.headers,
+          maxTokens: 16,
+          timeoutMs: 30_000,
+          maxRetries: 0,
+          reasoning: "minimal",
+        },
+      );
+
+      if (response.stopReason === "error") throw new Error(response.errorMessage ?? "model returned an error");
+      const text = response.content.find((block) => block.type === "text")?.text?.trim();
+      return { ok: true, line: `✓ ping: OK via ${model.provider}/${model.id}${text ? ` — ${text}` : ""}` };
+    } catch (err) {
+      return { ok: false, line: `✗ ping: failed — ${errorUtil.format(err)}` };
+    }
+  }
+
+  private resolveAuthProvider(account: AccountConfig): string {
+    if (account.piAuth?.provider) return account.piAuth.provider;
+    const provider = providerUtil.findProvider(account.provider, this.runtime.getProviders());
+    return provider?.piAuthProvider ?? providerUtil.normalizeProvider(account.provider);
+  }
+
+  private resolveProbeModel(
+    ctx: AccountSwitcherContext,
+    account: AccountConfig,
+    authProvider: string,
+  ): Model<Api> | undefined {
+    const providers = this.runtime.getProviders();
+    const normalized = providerUtil.normalizeProviderWithCustom(authProvider, providers);
+    if (account.model) {
+      const configured = ctx.modelRegistry.find(authProvider, account.model);
+      if (configured) return configured;
+    }
+    if (ctx.model && providerUtil.normalizeProviderWithCustom(ctx.model.provider, providers) === normalized) {
+      return ctx.model;
+    }
+    return ctx.modelRegistry
+      .getAll()
+      .find((model) => providerUtil.normalizeProviderWithCustom(model.provider, providers) === normalized);
+  }
+
+  private async verifySecret(key: string, source: SecretSource): Promise<CheckResult> {
+    try {
+      const value = await accountUtil.resolveSecret(source);
+      if (!value) throw new Error("resolved to empty value");
+      return { ok: true, line: `✓ secrets: ${key} OK` };
+    } catch (err) {
+      return { ok: false, line: `✗ secrets: ${key} failed — ${errorUtil.format(err)}` };
+    }
+  }
+
+  private formatReport(plan: VerifyTestPlan, reports: AccountVerifyReport[]): string {
+    const selectedTests = this.formatSelectedTests(plan);
+    const passed = reports.filter((report) => report.ok).length;
+
+    return [
+      "Account verify results",
+      "",
+      `Tests: ${selectedTests}`,
+      `Accounts: ${reports.length} (${passed} passed, ${reports.length - passed} failed)`,
+      "",
+      ...reports.flatMap((report) => [
+        `${report.ok ? "✓" : "✗"} ${report.account.label}`,
+        ...report.lines.map((line) => `  ${line}`),
+        "",
+      ]),
+    ].join("\n");
+  }
+
+  private formatSelectedTests(plan: VerifyTestPlan): string {
+    return [plan.secrets ? "secrets" : undefined, plan.ping ? "ping" : undefined].filter(Boolean).join(" + ");
+  }
+}