@itssimplereally/opencode-kimicode-auth 0.1.0

package/dist/src/plugin/accounts.js

@@ -0,0 +1,843 @@
+import { loadAccounts, saveAccounts } from "./storage";
+import { getHealthTracker, getTokenTracker, selectHybridAccount } from "./rotation";
+import { coerceFingerprint, generateFingerprint, MAX_FINGERPRINT_HISTORY } from "./fingerprint";
+import { debugLogToFile } from "./debug";
+const QUOTA_EXHAUSTED_BACKOFFS = [60_000, 300_000, 1_800_000, 7_200_000];
+const RATE_LIMIT_EXCEEDED_BACKOFF = 30_000;
+// Increased from 15s to 45s base + jitter to reduce retry pressure on capacity errors
+const MODEL_CAPACITY_EXHAUSTED_BASE_BACKOFF = 45_000;
+const MODEL_CAPACITY_EXHAUSTED_JITTER_MAX = 30_000; // ±15s jitter range
+const SERVER_ERROR_BACKOFF = 20_000;
+const UNKNOWN_BACKOFF = 60_000;
+const MIN_BACKOFF_MS = 2_000;
+/**
+ * Generate a random jitter value for backoff timing.
+ * Helps prevent thundering herd problem when multiple clients retry simultaneously.
+ */
+function generateJitter(maxJitterMs) {
+    return Math.random() * maxJitterMs - (maxJitterMs / 2);
+}
+export function parseRateLimitReason(reason, message, status) {
+    // 1. Status Code Checks (Rust parity)
+    // 529 = Site Overloaded, 503 = Service Unavailable -> Capacity issues
+    if (status === 529 || status === 503)
+        return "MODEL_CAPACITY_EXHAUSTED";
+    // 500 = Internal Server Error -> Treat as Server Error (soft wait)
+    if (status === 500)
+        return "SERVER_ERROR";
+    // 2. Explicit Reason String
+    if (reason) {
+        switch (reason.toUpperCase()) {
+            case "QUOTA_EXHAUSTED": return "QUOTA_EXHAUSTED";
+            case "RATE_LIMIT_EXCEEDED": return "RATE_LIMIT_EXCEEDED";
+            case "MODEL_CAPACITY_EXHAUSTED": return "MODEL_CAPACITY_EXHAUSTED";
+        }
+    }
+    // 3. Message Text Scanning (Rust Regex parity)
+    if (message) {
+        const lower = message.toLowerCase();
+        // Capacity / Overloaded (Transient) - Check FIRST before "exhausted"
+        if (lower.includes("capacity") || lower.includes("overloaded") || lower.includes("resource exhausted")) {
+            return "MODEL_CAPACITY_EXHAUSTED";
+        }
+        // RPM / TPM (Short Wait)
+        // "per minute", "rate limit", "too many requests"
+        // "presque" (French: almost) - retained for i18n parity with Rust reference
+        if (lower.includes("per minute") || lower.includes("rate limit") || lower.includes("too many requests") || lower.includes("presque")) {
+            return "RATE_LIMIT_EXCEEDED";
+        }
+        // Quota (Long Wait)
+        if (lower.includes("exhausted") || lower.includes("quota")) {
+            return "QUOTA_EXHAUSTED";
+        }
+    }
+    // Default fallback for 429 without clearer info
+    if (status === 429) {
+        return "UNKNOWN";
+    }
+    return "UNKNOWN";
+}
+export function calculateBackoffMs(reason, consecutiveFailures, retryAfterMs) {
+    // Respect explicit Retry-After header if reasonable
+    if (retryAfterMs && retryAfterMs > 0) {
+        // Rust uses 2s min buffer, we keep 2s
+        return Math.max(retryAfterMs, MIN_BACKOFF_MS);
+    }
+    switch (reason) {
+        case "QUOTA_EXHAUSTED": {
+            const index = Math.min(consecutiveFailures, QUOTA_EXHAUSTED_BACKOFFS.length - 1);
+            return QUOTA_EXHAUSTED_BACKOFFS[index] ?? UNKNOWN_BACKOFF;
+        }
+        case "RATE_LIMIT_EXCEEDED":
+            return RATE_LIMIT_EXCEEDED_BACKOFF; // 30s
+        case "MODEL_CAPACITY_EXHAUSTED":
+            // Apply jitter to prevent thundering herd on capacity errors
+            return MODEL_CAPACITY_EXHAUSTED_BASE_BACKOFF + generateJitter(MODEL_CAPACITY_EXHAUSTED_JITTER_MAX);
+        case "SERVER_ERROR":
+            return SERVER_ERROR_BACKOFF; // 20s
+        case "UNKNOWN":
+        default:
+            return UNKNOWN_BACKOFF; // 60s
+    }
+}
+function nowMs() {
+    return Date.now();
+}
+function clampNonNegativeInt(value, fallback) {
+    if (typeof value !== "number" || !Number.isFinite(value)) {
+        return fallback;
+    }
+    return value < 0 ? 0 : Math.floor(value);
+}
+function getQuotaKey(_family, _headerStyle, model) {
+    if (model) {
+        return `kimi:${model}`;
+    }
+    return "kimi";
+}
+function isRateLimitedForQuotaKey(account, key) {
+    const resetTime = account.rateLimitResetTimes[key];
+    return resetTime !== undefined && nowMs() < resetTime;
+}
+function isRateLimitedForFamily(account, _family, model) {
+    clearExpiredRateLimits(account);
+    // Check model-specific quota first
+    if (model) {
+        if (isRateLimitedForQuotaKey(account, `kimi:${model}`)) {
+            return true;
+        }
+    }
+    // Then check base quota
+    return isRateLimitedForQuotaKey(account, "kimi");
+}
+function isRateLimitedForHeaderStyle(account, family, _headerStyle, model) {
+    return isRateLimitedForFamily(account, family, model);
+}
+function clearExpiredRateLimits(account) {
+    const now = nowMs();
+    const keys = Object.keys(account.rateLimitResetTimes);
+    for (const key of keys) {
+        const resetTime = account.rateLimitResetTimes[key];
+        if (resetTime !== undefined && now >= resetTime) {
+            delete account.rateLimitResetTimes[key];
+        }
+    }
+}
+/**
+ * Resolve the quota group for soft quota checks.
+ *
+ * When a model string is available, we use it directly as the quota group.
+ * When model is null/undefined, we fall back to "kimi" as the default group.
+ *
+ * @param _family - The model family ("kimi")
+ * @param model - Optional model string for precise resolution
+ * @returns The QuotaGroup to use for soft quota checks
+ */
+export function resolveQuotaGroup(_family, model) {
+    if (model) {
+        return model;
+    }
+    return "kimi";
+}
+function isOverSoftQuotaThreshold(account, family, thresholdPercent, cacheTtlMs, model) {
+    if (thresholdPercent >= 100)
+        return false;
+    if (!account.cachedQuota)
+        return false;
+    if (account.cachedQuotaUpdatedAt == null)
+        return false;
+    const age = nowMs() - account.cachedQuotaUpdatedAt;
+    if (age > cacheTtlMs)
+        return false;
+    const quotaGroup = resolveQuotaGroup(family, model);
+    const groupData = account.cachedQuota[quotaGroup];
+    if (groupData?.remainingFraction == null)
+        return false;
+    const remainingFraction = Math.max(0, Math.min(1, groupData.remainingFraction));
+    const usedPercent = (1 - remainingFraction) * 100;
+    const isOverThreshold = usedPercent >= thresholdPercent;
+    if (isOverThreshold) {
+        const accountLabel = account.email || `Account ${account.index + 1}`;
+        debugLogToFile(`[SoftQuota] Skipping ${accountLabel}: ${quotaGroup} usage ${usedPercent.toFixed(1)}% >= threshold ${thresholdPercent}%` +
+            (groupData.resetTime ? ` (resets: ${groupData.resetTime})` : ''));
+    }
+    return isOverThreshold;
+}
+export function computeSoftQuotaCacheTtlMs(ttlConfig, refreshIntervalMinutes) {
+    if (ttlConfig === "auto") {
+        return Math.max(2 * refreshIntervalMinutes, 10) * 60 * 1000;
+    }
+    return ttlConfig * 60 * 1000;
+}
+/**
+ * In-memory multi-account manager with sticky account selection.
+ *
+ * Uses the same account until it hits a rate limit (429), then switches.
+ * Rate limits are tracked per quota key ("kimi" base or "kimi:<model>").
+ *
+ * Source of truth for the pool is `kimicode-accounts.json`.
+ */
+export class AccountManager {
+    accounts = [];
+    cursor = 0;
+    currentAccountIndexByFamily = {
+        kimi: -1,
+    };
+    sessionOffsetApplied = {
+        kimi: false,
+    };
+    lastToastAccountIndex = -1;
+    lastToastTime = 0;
+    savePending = false;
+    saveTimeout = null;
+    savePromiseResolvers = [];
+    static async loadFromDisk(authFallback) {
+        const stored = await loadAccounts();
+        return new AccountManager(authFallback, stored);
+    }
+    constructor(authFallback, stored) {
+        const authParts = authFallback ? { refreshToken: authFallback.refresh } : null;
+        if (stored && stored.accounts.length === 0) {
+            this.accounts = [];
+            this.cursor = 0;
+            return;
+        }
+        if (stored && stored.accounts.length > 0) {
+            const baseNow = nowMs();
+            this.accounts = stored.accounts
+                .map((acc, index) => {
+                if (!acc.refreshToken || typeof acc.refreshToken !== "string") {
+                    return null;
+                }
+                const matchesFallback = !!(authFallback &&
+                    authParts &&
+                    authParts.refreshToken &&
+                    acc.refreshToken === authParts.refreshToken);
+                return {
+                    index,
+                    email: acc.email,
+                    addedAt: clampNonNegativeInt(acc.addedAt, baseNow),
+                    lastUsed: clampNonNegativeInt(acc.lastUsed, 0),
+                    parts: {
+                        refreshToken: acc.refreshToken,
+                    },
+                    access: matchesFallback ? authFallback?.access : undefined,
+                    expires: matchesFallback ? authFallback?.expires : undefined,
+                    enabled: acc.enabled !== false,
+                    rateLimitResetTimes: acc.rateLimitResetTimes ?? {},
+                    lastSwitchReason: acc.lastSwitchReason,
+                    coolingDownUntil: acc.coolingDownUntil,
+                    cooldownReason: acc.cooldownReason,
+                    touchedForQuota: {},
+                    fingerprint: coerceFingerprint(acc.fingerprint),
+                    fingerprintHistory: acc.fingerprintHistory ?? [],
+                    cachedQuota: acc.cachedQuota,
+                    cachedQuotaUpdatedAt: acc.cachedQuotaUpdatedAt,
+                };
+            })
+                .filter((a) => a !== null);
+            this.cursor = clampNonNegativeInt(stored.activeIndex, 0);
+            if (this.accounts.length > 0) {
+                this.cursor = this.cursor % this.accounts.length;
+                const defaultIndex = this.cursor;
+                this.currentAccountIndexByFamily.kimi = clampNonNegativeInt(stored.activeIndexByFamily?.kimi, defaultIndex) % this.accounts.length;
+            }
+            return;
+        }
+        // If we have stored accounts, check if we need to add the current auth
+        if (authFallback && this.accounts.length > 0) {
+            const authParts = { refreshToken: authFallback.refresh };
+            const hasMatching = this.accounts.some(acc => acc.parts.refreshToken === authParts.refreshToken);
+            if (!hasMatching && authParts.refreshToken) {
+                const now = nowMs();
+                const newAccount = {
+                    index: this.accounts.length,
+                    email: undefined,
+                    addedAt: now,
+                    lastUsed: 0,
+                    parts: authParts,
+                    access: authFallback.access,
+                    expires: authFallback.expires,
+                    enabled: true,
+                    rateLimitResetTimes: {},
+                    touchedForQuota: {},
+                };
+                this.accounts.push(newAccount);
+                // Update indices to include the new account
+                this.currentAccountIndexByFamily.kimi = Math.min(this.currentAccountIndexByFamily.kimi, this.accounts.length - 1);
+            }
+        }
+        if (authFallback) {
+            const parts = { refreshToken: authFallback.refresh };
+            if (parts.refreshToken) {
+                const now = nowMs();
+                this.accounts = [
+                    {
+                        index: 0,
+                        email: undefined,
+                        addedAt: now,
+                        lastUsed: 0,
+                        parts,
+                        access: authFallback.access,
+                        expires: authFallback.expires,
+                        enabled: true,
+                        rateLimitResetTimes: {},
+                        touchedForQuota: {},
+                    },
+                ];
+                this.cursor = 0;
+                this.currentAccountIndexByFamily.kimi = 0;
+            }
+        }
+    }
+    getAccountCount() {
+        return this.getEnabledAccounts().length;
+    }
+    getTotalAccountCount() {
+        return this.accounts.length;
+    }
+    getEnabledAccounts() {
+        return this.accounts.filter((account) => account.enabled !== false);
+    }
+    getAccountsSnapshot() {
+        return this.accounts.map((a) => ({ ...a, parts: { ...a.parts }, rateLimitResetTimes: { ...a.rateLimitResetTimes } }));
+    }
+    getCurrentAccountForFamily(family) {
+        const currentIndex = this.currentAccountIndexByFamily[family];
+        if (currentIndex >= 0 && currentIndex < this.accounts.length) {
+            const account = this.accounts[currentIndex] ?? null;
+            // Only return account if it's enabled - disabled accounts should not be selected
+            if (account && account.enabled !== false) {
+                return account;
+            }
+        }
+        return null;
+    }
+    markSwitched(account, reason, family) {
+        account.lastSwitchReason = reason;
+        this.currentAccountIndexByFamily[family] = account.index;
+    }
+    /**
+     * Check if we should show an account switch toast.
+     * Debounces repeated toasts for the same account.
+     */
+    shouldShowAccountToast(accountIndex, debounceMs = 30000) {
+        const now = nowMs();
+        if (accountIndex !== this.lastToastAccountIndex) {
+            return true;
+        }
+        return now - this.lastToastTime >= debounceMs;
+    }
+    markToastShown(accountIndex) {
+        this.lastToastAccountIndex = accountIndex;
+        this.lastToastTime = nowMs();
+    }
+    getCurrentOrNextForFamily(family, model, strategy = 'sticky', headerStyle = 'kimi-cli', pidOffsetEnabled = false, softQuotaThresholdPercent = 100, softQuotaCacheTtlMs = 10 * 60 * 1000) {
+        const quotaKey = getQuotaKey(family, headerStyle, model);
+        if (strategy === 'round-robin') {
+            const next = this.getNextForFamily(family, model, headerStyle, softQuotaThresholdPercent, softQuotaCacheTtlMs);
+            if (next) {
+                this.markTouchedForQuota(next, quotaKey);
+                this.currentAccountIndexByFamily[family] = next.index;
+            }
+            return next;
+        }
+        if (strategy === 'hybrid') {
+            const healthTracker = getHealthTracker();
+            const tokenTracker = getTokenTracker();
+            const accountsWithMetrics = this.accounts
+                .filter(acc => acc.enabled !== false)
+                .map(acc => {
+                clearExpiredRateLimits(acc);
+                return {
+                    index: acc.index,
+                    lastUsed: acc.lastUsed,
+                    healthScore: healthTracker.getScore(acc.index),
+                    isRateLimited: isRateLimitedForFamily(acc, family, model) ||
+                        isOverSoftQuotaThreshold(acc, family, softQuotaThresholdPercent, softQuotaCacheTtlMs, model),
+                    isCoolingDown: this.isAccountCoolingDown(acc),
+                };
+            });
+            // Get current account index for stickiness
+            const currentIndex = this.currentAccountIndexByFamily[family] ?? null;
+            const selectedIndex = selectHybridAccount(accountsWithMetrics, tokenTracker, currentIndex);
+            if (selectedIndex !== null) {
+                const selected = this.accounts[selectedIndex];
+                if (selected) {
+                    selected.lastUsed = nowMs();
+                    this.markTouchedForQuota(selected, quotaKey);
+                    this.currentAccountIndexByFamily[family] = selected.index;
+                    return selected;
+                }
+            }
+        }
+        // Fallback: sticky selection (used when hybrid finds no candidates)
+        // PID-based offset for multi-session distribution (opt-in)
+        // Different sessions (PIDs) will prefer different starting accounts
+        if (pidOffsetEnabled && !this.sessionOffsetApplied[family] && this.accounts.length > 1) {
+            const pidOffset = process.pid % this.accounts.length;
+            const baseIndex = this.currentAccountIndexByFamily[family] ?? 0;
+            const newIndex = (baseIndex + pidOffset) % this.accounts.length;
+            debugLogToFile(`[Account] Applying PID offset: pid=${process.pid} offset=${pidOffset} family=${family} index=${baseIndex}->${newIndex}`);
+            this.currentAccountIndexByFamily[family] = newIndex;
+            this.sessionOffsetApplied[family] = true;
+        }
+        const current = this.getCurrentAccountForFamily(family);
+        if (current) {
+            clearExpiredRateLimits(current);
+            const isLimitedForRequestedStyle = isRateLimitedForHeaderStyle(current, family, headerStyle, model);
+            const isOverThreshold = isOverSoftQuotaThreshold(current, family, softQuotaThresholdPercent, softQuotaCacheTtlMs, model);
+            if (!isLimitedForRequestedStyle && !isOverThreshold && !this.isAccountCoolingDown(current)) {
+                this.markTouchedForQuota(current, quotaKey);
+                return current;
+            }
+        }
+        const next = this.getNextForFamily(family, model, headerStyle, softQuotaThresholdPercent, softQuotaCacheTtlMs);
+        if (next) {
+            this.markTouchedForQuota(next, quotaKey);
+            this.currentAccountIndexByFamily[family] = next.index;
+        }
+        return next;
+    }
+    getNextForFamily(family, model, headerStyle = "kimi-cli", softQuotaThresholdPercent = 100, softQuotaCacheTtlMs = 10 * 60 * 1000) {
+        const available = this.accounts.filter((a) => {
+            clearExpiredRateLimits(a);
+            return a.enabled !== false &&
+                !isRateLimitedForHeaderStyle(a, family, headerStyle, model) &&
+                !isOverSoftQuotaThreshold(a, family, softQuotaThresholdPercent, softQuotaCacheTtlMs, model) &&
+                !this.isAccountCoolingDown(a);
+        });
+        if (available.length === 0) {
+            return null;
+        }
+        const account = available[this.cursor % available.length];
+        if (!account) {
+            return null;
+        }
+        this.cursor++;
+        // Note: lastUsed is now updated after successful request via markAccountUsed()
+        return account;
+    }
+    markRateLimited(account, retryAfterMs, family, headerStyle = "kimi-cli", model) {
+        const key = getQuotaKey(family, headerStyle, model);
+        account.rateLimitResetTimes[key] = nowMs() + retryAfterMs;
+    }
+    /**
+     * Mark an account as used after a successful API request.
+     * This updates the lastUsed timestamp for freshness calculations.
+     * Should be called AFTER request completion, not during account selection.
+     */
+    markAccountUsed(accountIndex) {
+        const account = this.accounts.find(a => a.index === accountIndex);
+        if (account) {
+            account.lastUsed = nowMs();
+        }
+    }
+    markRateLimitedWithReason(account, family, headerStyle, model, reason, retryAfterMs, failureTtlMs = 3600_000) {
+        const now = nowMs();
+        // TTL-based reset: if last failure was more than failureTtlMs ago, reset count
+        if (account.lastFailureTime !== undefined && (now - account.lastFailureTime) > failureTtlMs) {
+            account.consecutiveFailures = 0;
+        }
+        const failures = (account.consecutiveFailures ?? 0) + 1;
+        account.consecutiveFailures = failures;
+        account.lastFailureTime = now;
+        const backoffMs = calculateBackoffMs(reason, failures - 1, retryAfterMs);
+        const key = getQuotaKey(family, headerStyle, model);
+        account.rateLimitResetTimes[key] = now + backoffMs;
+        return backoffMs;
+    }
+    markRequestSuccess(account) {
+        if (account.consecutiveFailures) {
+            account.consecutiveFailures = 0;
+        }
+    }
+    clearAllRateLimitsForFamily(family, model) {
+        for (const account of this.accounts) {
+            const key = getQuotaKey(family, "kimi-cli", model);
+            delete account.rateLimitResetTimes[key];
+            account.consecutiveFailures = 0;
+        }
+    }
+    shouldTryOptimisticReset(family, model) {
+        const minWaitMs = this.getMinWaitTimeForFamily(family, model);
+        return minWaitMs > 0 && minWaitMs <= 2_000;
+    }
+    markAccountCoolingDown(account, cooldownMs, reason) {
+        account.coolingDownUntil = nowMs() + cooldownMs;
+        account.cooldownReason = reason;
+    }
+    isAccountCoolingDown(account) {
+        if (account.coolingDownUntil === undefined) {
+            return false;
+        }
+        if (nowMs() >= account.coolingDownUntil) {
+            this.clearAccountCooldown(account);
+            return false;
+        }
+        return true;
+    }
+    clearAccountCooldown(account) {
+        delete account.coolingDownUntil;
+        delete account.cooldownReason;
+    }
+    getAccountCooldownReason(account) {
+        return this.isAccountCoolingDown(account) ? account.cooldownReason : undefined;
+    }
+    markTouchedForQuota(account, quotaKey) {
+        account.touchedForQuota[quotaKey] = nowMs();
+    }
+    isFreshForQuota(account, quotaKey) {
+        const touchedAt = account.touchedForQuota[quotaKey];
+        if (!touchedAt)
+            return true;
+        const resetTime = account.rateLimitResetTimes[quotaKey];
+        if (resetTime && touchedAt < resetTime)
+            return true;
+        return false;
+    }
+    getFreshAccountsForQuota(quotaKey, family, model) {
+        return this.accounts.filter(acc => {
+            clearExpiredRateLimits(acc);
+            return acc.enabled !== false &&
+                this.isFreshForQuota(acc, quotaKey) &&
+                !isRateLimitedForFamily(acc, family, model) &&
+                !this.isAccountCoolingDown(acc);
+        });
+    }
+    isRateLimitedForHeaderStyle(account, family, headerStyle, model) {
+        return isRateLimitedForHeaderStyle(account, family, headerStyle, model);
+    }
+    getAvailableHeaderStyle(account, family, model) {
+        clearExpiredRateLimits(account);
+        if (!isRateLimitedForFamily(account, family, model)) {
+            return "kimi-cli";
+        }
+        return null;
+    }
+    /**
+     * Check if any OTHER account has quota available for the given family/model.
+     *
+     * @param currentAccountIndex - Index of the current account (will be excluded from check)
+     * @param family - Model family ("kimi")
+     * @param model - Optional model name for model-specific rate limits
+     * @returns true if any other enabled, non-cooling-down account has quota available
+     */
+    hasOtherAccountWithQuotaAvailable(currentAccountIndex, family, model) {
+        return this.accounts.some(acc => {
+            if (acc.index === currentAccountIndex)
+                return false;
+            if (acc.enabled === false)
+                return false;
+            if (this.isAccountCoolingDown(acc))
+                return false;
+            clearExpiredRateLimits(acc);
+            return !isRateLimitedForFamily(acc, family, model);
+        });
+    }
+    setAccountEnabled(accountIndex, enabled) {
+        const account = this.accounts[accountIndex];
+        if (!account) {
+            return false;
+        }
+        account.enabled = enabled;
+        if (!enabled) {
+            for (const family of Object.keys(this.currentAccountIndexByFamily)) {
+                if (this.currentAccountIndexByFamily[family] === accountIndex) {
+                    const next = this.accounts.find((a, i) => i !== accountIndex && a.enabled !== false);
+                    this.currentAccountIndexByFamily[family] = next?.index ?? -1;
+                }
+            }
+        }
+        this.requestSaveToDisk();
+        return true;
+    }
+    removeAccountByIndex(accountIndex) {
+        if (accountIndex < 0 || accountIndex >= this.accounts.length) {
+            return false;
+        }
+        const account = this.accounts[accountIndex];
+        if (!account) {
+            return false;
+        }
+        return this.removeAccount(account);
+    }
+    removeAccount(account) {
+        const idx = this.accounts.indexOf(account);
+        if (idx < 0) {
+            return false;
+        }
+        this.accounts.splice(idx, 1);
+        this.accounts.forEach((acc, index) => {
+            acc.index = index;
+        });
+        if (this.accounts.length === 0) {
+            this.cursor = 0;
+            this.currentAccountIndexByFamily.kimi = -1;
+            return true;
+        }
+        if (this.cursor > idx) {
+            this.cursor -= 1;
+        }
+        this.cursor = this.cursor % this.accounts.length;
+        for (const family of ["kimi"]) {
+            if (this.currentAccountIndexByFamily[family] > idx) {
+                this.currentAccountIndexByFamily[family] -= 1;
+            }
+            if (this.currentAccountIndexByFamily[family] >= this.accounts.length) {
+                this.currentAccountIndexByFamily[family] = -1;
+            }
+        }
+        return true;
+    }
+    updateFromAuth(account, auth) {
+        account.parts = { refreshToken: auth.refresh };
+        account.access = auth.access;
+        account.expires = auth.expires;
+    }
+    toAuthDetails(account) {
+        return {
+            type: "oauth",
+            refresh: account.parts.refreshToken,
+            access: account.access,
+            expires: account.expires,
+        };
+    }
+    getMinWaitTimeForFamily(family, model, _headerStyle, _strict) {
+        const available = this.accounts.filter((a) => {
+            clearExpiredRateLimits(a);
+            return a.enabled !== false && !isRateLimitedForFamily(a, family, model);
+        });
+        if (available.length > 0) {
+            return 0;
+        }
+        const waitTimes = [];
+        for (const a of this.accounts) {
+            const key = getQuotaKey(family, "kimi-cli", model);
+            const t = a.rateLimitResetTimes[key];
+            if (t !== undefined)
+                waitTimes.push(Math.max(0, t - nowMs()));
+        }
+        return waitTimes.length > 0 ? Math.min(...waitTimes) : 0;
+    }
+    getAccounts() {
+        return [...this.accounts];
+    }
+    async saveToDisk() {
+        const kimiIndex = Math.max(0, this.currentAccountIndexByFamily.kimi);
+        const storage = {
+            version: 1,
+            accounts: this.accounts.map((a) => ({
+                email: a.email,
+                refreshToken: a.parts.refreshToken,
+                addedAt: a.addedAt,
+                lastUsed: a.lastUsed,
+                enabled: a.enabled,
+                lastSwitchReason: a.lastSwitchReason,
+                rateLimitResetTimes: Object.keys(a.rateLimitResetTimes).length > 0 ? a.rateLimitResetTimes : undefined,
+                coolingDownUntil: a.coolingDownUntil,
+                cooldownReason: a.cooldownReason,
+                fingerprint: a.fingerprint,
+                fingerprintHistory: a.fingerprintHistory?.length ? a.fingerprintHistory : undefined,
+                cachedQuota: a.cachedQuota && Object.keys(a.cachedQuota).length > 0 ? a.cachedQuota : undefined,
+                cachedQuotaUpdatedAt: a.cachedQuotaUpdatedAt,
+            })),
+            activeIndex: kimiIndex,
+            activeIndexByFamily: {
+                kimi: kimiIndex,
+            },
+        };
+        await saveAccounts(storage);
+    }
+    requestSaveToDisk() {
+        if (this.savePending) {
+            return;
+        }
+        this.savePending = true;
+        this.saveTimeout = setTimeout(() => {
+            void this.executeSave();
+        }, 1000);
+    }
+    async flushSaveToDisk() {
+        if (!this.savePending) {
+            return;
+        }
+        return new Promise((resolve) => {
+            this.savePromiseResolvers.push(resolve);
+        });
+    }
+    async executeSave() {
+        this.savePending = false;
+        this.saveTimeout = null;
+        try {
+            await this.saveToDisk();
+        }
+        catch {
+            // best-effort persistence; avoid unhandled rejection from timer-driven saves
+        }
+        finally {
+            const resolvers = this.savePromiseResolvers;
+            this.savePromiseResolvers = [];
+            for (const resolve of resolvers) {
+                resolve();
+            }
+        }
+    }
+    // ========== Fingerprint Management ==========
+    /**
+     * Regenerate fingerprint for an account, saving the old one to history.
+     * @param accountIndex - Index of the account to regenerate fingerprint for
+     * @returns The new fingerprint, or null if account not found
+     */
+    regenerateAccountFingerprint(accountIndex) {
+        const account = this.accounts[accountIndex];
+        if (!account)
+            return null;
+        // Save current fingerprint to history if it exists
+        if (account.fingerprint) {
+            const historyEntry = {
+                fingerprint: account.fingerprint,
+                timestamp: nowMs(),
+                reason: 'regenerated',
+            };
+            if (!account.fingerprintHistory) {
+                account.fingerprintHistory = [];
+            }
+            // Add to beginning of history (most recent first)
+            account.fingerprintHistory.unshift(historyEntry);
+            // Trim to max history size
+            if (account.fingerprintHistory.length > MAX_FINGERPRINT_HISTORY) {
+                account.fingerprintHistory = account.fingerprintHistory.slice(0, MAX_FINGERPRINT_HISTORY);
+            }
+        }
+        // Generate and assign new fingerprint
+        account.fingerprint = generateFingerprint();
+        this.requestSaveToDisk();
+        return account.fingerprint;
+    }
+    /**
+     * Restore a fingerprint from history for an account.
+     * @param accountIndex - Index of the account
+     * @param historyIndex - Index in the fingerprint history to restore from (0 = most recent)
+     * @returns The restored fingerprint, or null if account/history not found
+     */
+    restoreAccountFingerprint(accountIndex, historyIndex) {
+        const account = this.accounts[accountIndex];
+        if (!account)
+            return null;
+        const history = account.fingerprintHistory;
+        if (!history || historyIndex < 0 || historyIndex >= history.length) {
+            return null;
+        }
+        // Capture the fingerprint to restore BEFORE modifying history
+        const fingerprintToRestore = history[historyIndex].fingerprint;
+        // Save current fingerprint to history before restoring (if it exists)
+        if (account.fingerprint) {
+            const historyEntry = {
+                fingerprint: account.fingerprint,
+                timestamp: nowMs(),
+                reason: 'restored',
+            };
+            account.fingerprintHistory.unshift(historyEntry);
+            // Trim to max history size
+            if (account.fingerprintHistory.length > MAX_FINGERPRINT_HISTORY) {
+                account.fingerprintHistory = account.fingerprintHistory.slice(0, MAX_FINGERPRINT_HISTORY);
+            }
+        }
+        // Restore the fingerprint
+        account.fingerprint = { ...fingerprintToRestore, createdAt: nowMs() };
+        this.requestSaveToDisk();
+        return account.fingerprint;
+    }
+    /**
+     * Get fingerprint history for an account.
+     * @param accountIndex - Index of the account
+     * @returns Array of fingerprint versions, or empty array if not found
+     */
+    getAccountFingerprintHistory(accountIndex) {
+        const account = this.accounts[accountIndex];
+        if (!account || !account.fingerprintHistory) {
+            return [];
+        }
+        return [...account.fingerprintHistory];
+    }
+    updateQuotaCache(accountIndex, quotaGroups) {
+        const account = this.accounts[accountIndex];
+        if (account) {
+            account.cachedQuota = quotaGroups;
+            account.cachedQuotaUpdatedAt = nowMs();
+        }
+    }
+    isAccountOverSoftQuota(account, family, thresholdPercent, cacheTtlMs, model) {
+        return isOverSoftQuotaThreshold(account, family, thresholdPercent, cacheTtlMs, model);
+    }
+    getAccountsForQuotaCheck() {
+        return this.accounts.map((a) => ({
+            email: a.email,
+            refreshToken: a.parts.refreshToken,
+            addedAt: a.addedAt,
+            lastUsed: a.lastUsed,
+            enabled: a.enabled,
+        }));
+    }
+    getOldestQuotaCacheAge() {
+        let oldest = null;
+        for (const acc of this.accounts) {
+            if (acc.enabled === false)
+                continue;
+            if (acc.cachedQuotaUpdatedAt == null)
+                return null;
+            const age = nowMs() - acc.cachedQuotaUpdatedAt;
+            if (oldest === null || age > oldest)
+                oldest = age;
+        }
+        return oldest;
+    }
+    areAllAccountsOverSoftQuota(family, thresholdPercent, cacheTtlMs, model) {
+        if (thresholdPercent >= 100)
+            return false;
+        const enabled = this.accounts.filter(a => a.enabled !== false);
+        if (enabled.length === 0)
+            return false;
+        return enabled.every(a => isOverSoftQuotaThreshold(a, family, thresholdPercent, cacheTtlMs, model));
+    }
+    /**
+     * Get minimum wait time until any account's soft quota resets.
+     * Returns 0 if any account is available (not over threshold).
+     * Returns the minimum resetTime across all over-threshold accounts.
+     * Returns null if no resetTime data is available.
+     */
+    getMinWaitTimeForSoftQuota(family, thresholdPercent, cacheTtlMs, model) {
+        if (thresholdPercent >= 100)
+            return 0;
+        const enabled = this.accounts.filter(a => a.enabled !== false);
+        if (enabled.length === 0)
+            return null;
+        // If any account is available (not over threshold), no wait needed
+        const available = enabled.filter(a => !isOverSoftQuotaThreshold(a, family, thresholdPercent, cacheTtlMs, model));
+        if (available.length > 0)
+            return 0;
+        // All accounts are over threshold - find earliest reset time
+        // Fail-open (return null = no wait info) if model is missing to avoid blocking on wrong quota.
+        if (!model)
+            return null;
+        const quotaGroup = resolveQuotaGroup(family, model);
+        const now = nowMs();
+        const waitTimes = [];
+        for (const acc of enabled) {
+            const groupData = acc.cachedQuota?.[quotaGroup];
+            if (groupData?.resetTime) {
+                const resetTimestamp = Date.parse(groupData.resetTime);
+                if (Number.isFinite(resetTimestamp)) {
+                    waitTimes.push(Math.max(0, resetTimestamp - now));
+                }
+            }
+        }
+        if (waitTimes.length === 0)
+            return null;
+        const minWait = Math.min(...waitTimes);
+        // Treat 0 as stale cache (resetTime in the past) → fail-open to avoid spin loop
+        return minWait === 0 ? null : minWait;
+    }
+}
+//# sourceMappingURL=accounts.js.map