npm - @junctionpanel/server - Versions diffs - 0.1.49 → 0.1.51 - Mend

@junctionpanel/server 0.1.49 → 0.1.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/server/server/daemon-provider-rate-limits.js ADDED Viewed

@@ -0,0 +1,1174 @@
+import { spawn } from "node:child_process";
+import { existsSync } from "node:fs";
+import { readFile, readdir, stat } from "node:fs/promises";
+import { homedir } from "node:os";
+import path from "node:path";
+import { applyProviderEnv, resolveProviderCommandPrefix, } from "./agent/provider-launch-config.js";
+import { readCodexAppServerRateLimits, } from "./agent/providers/codex-app-server-agent.js";
+import { loadPersistedConfig } from "./persisted-config.js";
+const RATE_LIMIT_COMMAND_TIMEOUT_MS = 5000;
+const RATE_LIMIT_COMMAND_MAX_BUFFER_BYTES = 256 * 1024;
+const RATE_LIMIT_READER_TIMEOUT_MS = 5000;
+const KEYCHAIN_COMMAND_MAX_BUFFER_BYTES = 2 * 1024 * 1024;
+const CLAUDE_ENV_SOURCE_LABEL = "daemon environment";
+const CLAUDE_WEB_SOURCE_LABEL = "claude.ai usage endpoint";
+const CLAUDE_OAUTH_SOURCE_LABEL = "claude oauth rate-limit headers";
+const CLAUDE_KEYCHAIN_SERVICE_NAME = "Claude Code-credentials";
+const CODEX_AUTH_SOURCE_LABEL = ".codex/auth.json";
+const GEMINI_ACCOUNTS_SOURCE_LABEL = ".gemini/google_accounts.json";
+const GEMINI_SETTINGS_SOURCE_LABEL = ".gemini/settings.json";
+const GEMINI_ENV_SOURCE_LABEL = "daemon environment";
+async function runBufferedCommand(command, args, options) {
+    return await new Promise((resolve) => {
+        let stdout = "";
+        let stderr = "";
+        let resolved = false;
+        let timedOut = false;
+        let exceededMaxBuffer = false;
+        const child = spawn(command, args, {
+            env: options.env,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        const timer = setTimeout(() => {
+            timedOut = true;
+            child.kill("SIGKILL");
+        }, options.timeoutMs);
+        const finalize = (input) => {
+            if (resolved) {
+                return;
+            }
+            resolved = true;
+            clearTimeout(timer);
+            const finalStderr = input.stderr ?? stderr;
+            resolve({
+                status: input.status,
+                stdout,
+                stderr: finalStderr,
+                signal: input.signal,
+                pid: child.pid,
+                output: [stdout, finalStderr],
+            });
+        };
+        const appendChunk = (current, chunk) => {
+            const next = current + chunk;
+            if (Buffer.byteLength(next, "utf8") <= options.maxBufferBytes) {
+                return next;
+            }
+            exceededMaxBuffer = true;
+            child.kill("SIGKILL");
+            return current;
+        };
+        child.stdout?.setEncoding("utf8");
+        child.stderr?.setEncoding("utf8");
+        child.stdout?.on("data", (chunk) => {
+            stdout = appendChunk(stdout, chunk);
+        });
+        child.stderr?.on("data", (chunk) => {
+            stderr = appendChunk(stderr, chunk);
+        });
+        child.on("error", (error) => {
+            finalize({
+                status: 1,
+                signal: null,
+                stderr: error.message || `Failed to launch ${command}.`,
+            });
+        });
+        child.on("close", (status, signal) => {
+            if (timedOut) {
+                finalize({
+                    status: 124,
+                    signal,
+                    stderr: stderr || `${command} timed out after ${options.timeoutMs}ms.`,
+                });
+                return;
+            }
+            if (exceededMaxBuffer) {
+                finalize({
+                    status: 1,
+                    signal,
+                    stderr: stderr ||
+                        `${command} output exceeded ${options.maxBufferBytes} bytes while loading provider rate limits.`,
+                });
+                return;
+            }
+            finalize({
+                status,
+                signal,
+            });
+        });
+    });
+}
+async function defaultCommandRunner(command, args, options) {
+    return await runBufferedCommand(command, args, {
+        env: options.env,
+        maxBufferBytes: RATE_LIMIT_COMMAND_MAX_BUFFER_BYTES,
+        timeoutMs: RATE_LIMIT_COMMAND_TIMEOUT_MS,
+    });
+}
+function createUnavailableWindow(input) {
+    return {
+        ...input,
+        unitLabel: null,
+        limit: null,
+        used: null,
+        remaining: null,
+    };
+}
+function titleCase(value) {
+    if (!value) {
+        return null;
+    }
+    return value
+        .split(/[\s_-]+/)
+        .filter((part) => part.length > 0)
+        .map((part) => part.charAt(0).toUpperCase() + part.slice(1))
+        .join(" ");
+}
+function toObject(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    return value;
+}
+function toNumber(value) {
+    if (typeof value === "number" && Number.isFinite(value)) {
+        return value;
+    }
+    if (typeof value === "string") {
+        const parsed = Number(value);
+        return Number.isFinite(parsed) ? parsed : null;
+    }
+    return null;
+}
+function toIsoString(value) {
+    if (typeof value === "string") {
+        const parsed = new Date(value);
+        return Number.isNaN(parsed.getTime()) ? null : parsed.toISOString();
+    }
+    if (typeof value === "number" && Number.isFinite(value)) {
+        const normalized = value > 10000000000 ? value : value * 1000;
+        const parsed = new Date(normalized);
+        return Number.isNaN(parsed.getTime()) ? null : parsed.toISOString();
+    }
+    return null;
+}
+function formatDurationLabel(minutes) {
+    if (minutes === 300) {
+        return "5 hour window";
+    }
+    if (minutes === 1440) {
+        return "24 hour window";
+    }
+    if (minutes === 10080) {
+        return "7 day window";
+    }
+    if (minutes !== null && minutes > 0) {
+        if (minutes % 1440 === 0) {
+            const days = minutes / 1440;
+            return `${days} day window`;
+        }
+        if (minutes % 60 === 0) {
+            const hours = minutes / 60;
+            return `${hours} hour window`;
+        }
+        return `${minutes} minute window`;
+    }
+    return "Usage window";
+}
+function formatBucketLabel(limitId, limitName) {
+    if (limitName && limitName.trim()) {
+        return limitName.trim();
+    }
+    if (!limitId || !limitId.trim()) {
+        return "Codex";
+    }
+    if (limitId === "codex") {
+        return "Codex";
+    }
+    return titleCase(limitId) ?? "Codex";
+}
+function parseCodexRateLimitWindow(value) {
+    const object = toObject(value);
+    if (!object) {
+        return null;
+    }
+    return {
+        usedPercent: toNumber(object.usedPercent ?? object.used_percent),
+        windowDurationMins: toNumber(object.windowDurationMins ??
+            object.window_duration_mins ??
+            object.windowMinutes ??
+            object.window_minutes),
+        resetsAt: (typeof object.resetsAt === "string" || typeof object.resetsAt === "number"
+            ? object.resetsAt
+            : null) ??
+            (typeof object.resets_at === "string" || typeof object.resets_at === "number"
+                ? object.resets_at
+                : null) ??
+            (typeof object.resetAt === "string" || typeof object.resetAt === "number"
+                ? object.resetAt
+                : null) ??
+            (typeof object.reset_at === "string" || typeof object.reset_at === "number"
+                ? object.reset_at
+                : null),
+    };
+}
+function parseCodexRateLimitBucket(limitId, value) {
+    const object = toObject(value);
+    if (!object) {
+        return null;
+    }
+    const primary = parseCodexRateLimitWindow(object.primary ?? object.primary_window);
+    const secondary = parseCodexRateLimitWindow(object.secondary ?? object.secondary_window);
+    if (!primary && !secondary) {
+        return null;
+    }
+    return {
+        limitId: (typeof object.limitId === "string" && object.limitId.trim()) ||
+            (typeof object.limit_id === "string" && object.limit_id.trim()) ||
+            limitId ||
+            null,
+        limitName: (typeof object.limitName === "string" && object.limitName.trim()) ||
+            (typeof object.limit_name === "string" && object.limit_name.trim()) ||
+            null,
+        primary,
+        secondary,
+        planType: (typeof object.planType === "string" && object.planType.trim()) ||
+            (typeof object.plan_type === "string" && object.plan_type.trim()) ||
+            null,
+    };
+}
+function parseCodexRateLimitBuckets(result) {
+    if (!result) {
+        return [];
+    }
+    const keyedBuckets = toObject(result.rateLimitsByLimitId);
+    if (keyedBuckets) {
+        const buckets = Object.entries(keyedBuckets)
+            .map(([limitId, bucket]) => parseCodexRateLimitBucket(limitId, bucket))
+            .filter((bucket) => bucket !== null);
+        if (buckets.length > 0) {
+            return buckets;
+        }
+    }
+    const directBucket = parseCodexRateLimitBucket("codex", result.rateLimits);
+    return directBucket ? [directBucket] : [];
+}
+function buildCodexWindow(bucket, kind, payload) {
+    const usedPercent = Math.max(0, Math.min(100, Math.round(payload.usedPercent ?? 0)));
+    const duration = payload.windowDurationMins ?? null;
+    const bucketLabel = formatBucketLabel(bucket.limitId, bucket.limitName);
+    const durationLabel = formatDurationLabel(duration);
+    return {
+        id: `${bucket.limitId ?? bucketLabel}:${kind}`,
+        label: `${bucketLabel} ${durationLabel}`,
+        windowLabel: kind === "secondary"
+            ? `${durationLabel} long-window cap reported by Codex app-server.`
+            : `${durationLabel} short-window cap reported by Codex app-server.`,
+        unitLabel: "%",
+        limit: 100,
+        used: usedPercent,
+        remaining: 100 - usedPercent,
+        resetsAt: toIsoString(payload.resetsAt),
+        message: "Codex reports live usage as percentages, so Junction shows percent used and remaining rather than raw request counts.",
+    };
+}
+async function readJsonFile(filePath, sourceLabel) {
+    if (!existsSync(filePath)) {
+        return null;
+    }
+    try {
+        return JSON.parse(await readFile(filePath, "utf8"));
+    }
+    catch (error) {
+        const detail = error instanceof Error ? error.message : "Unknown read error";
+        throw new Error(`Failed to read ${sourceLabel}: ${detail}`);
+    }
+}
+function decodeJwtPayload(token) {
+    if (!token) {
+        return null;
+    }
+    const segments = token.split(".");
+    if (segments.length < 2 || !segments[1]) {
+        return null;
+    }
+    try {
+        const json = Buffer.from(segments[1], "base64url").toString("utf8");
+        return JSON.parse(json);
+    }
+    catch {
+        return null;
+    }
+}
+function parseClaudeAuthStatus(stdout) {
+    try {
+        return JSON.parse(stdout.trim());
+    }
+    catch {
+        return null;
+    }
+}
+function parseClaudeOAuthCredentials(value) {
+    const root = toObject(value);
+    const oauth = toObject(root?.claudeAiOauth);
+    const accessToken = typeof oauth?.accessToken === "string" ? oauth.accessToken.trim() : "";
+    if (!accessToken) {
+        return null;
+    }
+    return {
+        accessToken,
+        expiresAt: toNumber(oauth?.expiresAt),
+        rateLimitTier: typeof oauth?.rateLimitTier === "string" && oauth.rateLimitTier.trim()
+            ? oauth.rateLimitTier.trim()
+            : null,
+        subscriptionType: typeof oauth?.subscriptionType === "string" && oauth.subscriptionType.trim()
+            ? oauth.subscriptionType.trim()
+            : null,
+    };
+}
+function isClaudeOAuthCredentialExpired(credentials) {
+    if (credentials.expiresAt === null) {
+        return false;
+    }
+    return credentials.expiresAt <= Date.now();
+}
+async function resolveClaudeKeychainServiceName() {
+    if (process.platform !== "darwin") {
+        return null;
+    }
+    const account = process.env.USER?.trim();
+    if (!account) {
+        return null;
+    }
+    const legacyLookup = await runBufferedCommand("security", ["find-generic-password", "-a", account, "-s", CLAUDE_KEYCHAIN_SERVICE_NAME], {
+        env: process.env,
+        maxBufferBytes: RATE_LIMIT_COMMAND_MAX_BUFFER_BYTES,
+        timeoutMs: RATE_LIMIT_COMMAND_TIMEOUT_MS,
+    });
+    if (legacyLookup.status === 0) {
+        return CLAUDE_KEYCHAIN_SERVICE_NAME;
+    }
+    const dumpResult = await runBufferedCommand("security", ["dump-keychain"], {
+        env: process.env,
+        maxBufferBytes: KEYCHAIN_COMMAND_MAX_BUFFER_BYTES,
+        timeoutMs: RATE_LIMIT_COMMAND_TIMEOUT_MS,
+    });
+    if (dumpResult.status !== 0) {
+        return null;
+    }
+    const match = dumpResult.stdout.match(new RegExp(`"svce"<blob>="(${CLAUDE_KEYCHAIN_SERVICE_NAME.replace(/[-/\\^$*+?.()|[\]{}]/g, "\\$&")}-[^"]+)"`));
+    return match?.[1] ?? null;
+}
+async function readClaudeOAuthCredentialsFromKeychain() {
+    const account = process.env.USER?.trim();
+    if (process.platform !== "darwin" || !account) {
+        return null;
+    }
+    const serviceName = await resolveClaudeKeychainServiceName();
+    if (!serviceName) {
+        return null;
+    }
+    const result = await runBufferedCommand("security", ["find-generic-password", "-a", account, "-w", "-s", serviceName], {
+        env: process.env,
+        maxBufferBytes: KEYCHAIN_COMMAND_MAX_BUFFER_BYTES,
+        timeoutMs: RATE_LIMIT_COMMAND_TIMEOUT_MS,
+    });
+    if (result.status !== 0 || !result.stdout.trim()) {
+        return null;
+    }
+    return parseClaudeOAuthCredentials(JSON.parse(result.stdout.trim()));
+}
+async function readClaudeOAuthCredentials(claudeConfigDir, options) {
+    const dotCredentialsPath = path.join(claudeConfigDir, ".credentials.json");
+    const dotCredentials = await readJsonFile(dotCredentialsPath, ".claude/.credentials.json");
+    const dotCredentialsParsed = parseClaudeOAuthCredentials(dotCredentials);
+    if (dotCredentialsParsed) {
+        return dotCredentialsParsed;
+    }
+    const credentialsPath = path.join(claudeConfigDir, "credentials.json");
+    const credentials = await readJsonFile(credentialsPath, ".claude/credentials.json");
+    const credentialsParsed = parseClaudeOAuthCredentials(credentials);
+    if (credentialsParsed) {
+        return credentialsParsed;
+    }
+    if (!options.allowKeychain) {
+        return null;
+    }
+    return await readClaudeOAuthCredentialsFromKeychain();
+}
+async function readClaudeSessionKey(homeDir, env) {
+    const envSessionKey = env.CLAUDE_SESSION_KEY?.trim();
+    if (envSessionKey) {
+        return envSessionKey;
+    }
+    const sessionKeyPath = path.join(resolveProviderHomeDir(homeDir, env), ".claude-session-key");
+    if (!existsSync(sessionKeyPath)) {
+        return null;
+    }
+    const sessionKey = (await readFile(sessionKeyPath, "utf8")).trim();
+    return sessionKey || null;
+}
+function parseClaudeOAuthUtilizationPercent(value) {
+    const raw = toNumber(value);
+    if (raw === null) {
+        return null;
+    }
+    if (raw >= 0 && raw <= 1) {
+        return Math.max(0, Math.min(100, raw * 100));
+    }
+    return Math.max(0, Math.min(100, raw));
+}
+async function readClaudeOAuthRateLimits(input) {
+    const response = await fetch("https://api.anthropic.com/v1/messages", {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${input.accessToken}`,
+            "anthropic-beta": "oauth-2025-04-20",
+            "anthropic-version": "2023-06-01",
+            "content-type": "application/json",
+            "user-agent": "claude-code/2.1.5",
+        },
+        body: JSON.stringify({
+            model: "claude-haiku-4-5-20251001",
+            max_tokens: 1,
+            messages: [{ role: "user", content: "hi" }],
+        }),
+        signal: AbortSignal.timeout(input.timeoutMs ?? RATE_LIMIT_READER_TIMEOUT_MS),
+    });
+    const snapshot = {
+        fiveHourUtilization: parseClaudeOAuthUtilizationPercent(response.headers.get("anthropic-ratelimit-unified-5h-utilization")),
+        fiveHourResetsAt: toIsoString(response.headers.get("anthropic-ratelimit-unified-5h-reset")),
+        sevenDayUtilization: parseClaudeOAuthUtilizationPercent(response.headers.get("anthropic-ratelimit-unified-7d-utilization")),
+        sevenDayResetsAt: toIsoString(response.headers.get("anthropic-ratelimit-unified-7d-reset")),
+    };
+    if (snapshot.fiveHourUtilization === null &&
+        snapshot.sevenDayUtilization === null &&
+        snapshot.fiveHourResetsAt === null &&
+        snapshot.sevenDayResetsAt === null) {
+        if (!response.ok) {
+            throw new Error(`Claude OAuth rate-limit request failed with status ${response.status}.`);
+        }
+        throw new Error("Claude OAuth response did not include live rate-limit headers.");
+    }
+    return snapshot;
+}
+function parseClaudeLiveRateLimitWindow(value) {
+    const object = toObject(value);
+    if (!object) {
+        return {
+            fiveHourResetsAt: null,
+            fiveHourUtilization: null,
+        };
+    }
+    return {
+        fiveHourUtilization: parseClaudeOAuthUtilizationPercent(typeof object.utilization === "string" || typeof object.utilization === "number"
+            ? String(object.utilization)
+            : typeof object.utilization_pct === "string" || typeof object.utilization_pct === "number"
+                ? String(object.utilization_pct)
+                : null),
+        fiveHourResetsAt: toIsoString(typeof object.resets_at === "string" || typeof object.resets_at === "number"
+            ? object.resets_at
+            : typeof object.reset_at === "string" || typeof object.reset_at === "number"
+                ? object.reset_at
+                : typeof object.resetsAt === "string" || typeof object.resetsAt === "number"
+                    ? object.resetsAt
+                    : null),
+    };
+}
+async function readClaudeWebRateLimits(input) {
+    const response = await fetch(`https://claude.ai/api/organizations/${input.organizationId}/usage`, {
+        method: "GET",
+        headers: {
+            Accept: "application/json",
+            Cookie: `sessionKey=${input.sessionKey}`,
+        },
+        signal: AbortSignal.timeout(input.timeoutMs ?? RATE_LIMIT_READER_TIMEOUT_MS),
+    });
+    if (!response.ok) {
+        throw new Error(`Claude web usage request failed with status ${response.status}.`);
+    }
+    const json = toObject(await response.json());
+    if (!json) {
+        throw new Error("Claude web usage response was not an object.");
+    }
+    const fiveHour = parseClaudeLiveRateLimitWindow(json.five_hour);
+    const sevenDay = parseClaudeLiveRateLimitWindow(json.seven_day);
+    const snapshot = {
+        fiveHourUtilization: fiveHour.fiveHourUtilization,
+        fiveHourResetsAt: fiveHour.fiveHourResetsAt,
+        sevenDayUtilization: sevenDay.fiveHourUtilization,
+        sevenDayResetsAt: sevenDay.fiveHourResetsAt,
+    };
+    if (snapshot.fiveHourUtilization === null &&
+        snapshot.sevenDayUtilization === null &&
+        snapshot.fiveHourResetsAt === null &&
+        snapshot.sevenDayResetsAt === null) {
+        throw new Error("Claude web usage endpoint did not include live rate-limit fields.");
+    }
+    return snapshot;
+}
+function getPacificDayKey(date) {
+    const formatter = new Intl.DateTimeFormat("en-CA", {
+        timeZone: "America/Los_Angeles",
+        year: "numeric",
+        month: "2-digit",
+        day: "2-digit",
+    });
+    return formatter.format(date);
+}
+function getNextPacificMidnightIso(now) {
+    const currentKey = getPacificDayKey(now);
+    let low = now.getTime();
+    let high = low + 36 * 60 * 60 * 1000;
+    while (getPacificDayKey(new Date(high)) === currentKey) {
+        high += 12 * 60 * 60 * 1000;
+    }
+    while (high - low > 1000) {
+        const midpoint = low + Math.floor((high - low) / 2);
+        if (getPacificDayKey(new Date(midpoint)) === currentKey) {
+            low = midpoint;
+        }
+        else {
+            high = midpoint;
+        }
+    }
+    return new Date(high).toISOString();
+}
+function resolveProviderHomeDir(fallbackHomeDir, env) {
+    const envHome = env.HOME?.trim();
+    if (envHome && envHome !== process.env.HOME) {
+        return envHome;
+    }
+    const envUserProfile = env.USERPROFILE?.trim();
+    if (envUserProfile && envUserProfile !== process.env.USERPROFILE) {
+        return envUserProfile;
+    }
+    return fallbackHomeDir;
+}
+function getClaudeEnvAuthVariable(env) {
+    if (env.CLAUDE_CODE_OAUTH_TOKEN) {
+        return "CLAUDE_CODE_OAUTH_TOKEN";
+    }
+    if (env.ANTHROPIC_API_KEY) {
+        return "ANTHROPIC_API_KEY";
+    }
+    return null;
+}
+function resolveClaudeConfigDir(fallbackHomeDir, env) {
+    return env.CLAUDE_CONFIG_DIR?.trim() || path.join(resolveProviderHomeDir(fallbackHomeDir, env), ".claude");
+}
+function buildUnavailableProvider(provider, refreshedAt, message, windows, sourceLabel = null) {
+    return {
+        provider,
+        status: "unavailable",
+        sourceLabel,
+        planLabel: null,
+        accountLabel: null,
+        message,
+        refreshedAt,
+        windows,
+    };
+}
+function buildErrorProvider(provider, refreshedAt, message, sourceLabel = null) {
+    return {
+        provider,
+        status: "error",
+        sourceLabel,
+        planLabel: null,
+        accountLabel: null,
+        message,
+        refreshedAt,
+        windows: [],
+    };
+}
+const CLAUDE_SESSION_WINDOW_MS = 5 * 60 * 60 * 1000;
+function buildClaudeUnavailableWindows() {
+    return [
+        createUnavailableWindow({
+            id: "rolling-5h",
+            label: "5 hour token estimate",
+            windowLabel: "Estimated Claude Code usage over the last 5 hours based on local session telemetry.",
+            resetsAt: null,
+            message: "Junction could not derive a local Claude usage estimate yet.",
+        }),
+        createUnavailableWindow({
+            id: "rolling-7d",
+            label: "7 day window",
+            windowLabel: "Long-window Claude caps vary by plan and demand.",
+            resetsAt: null,
+            message: "Junction does not yet have a reliable local source for Claude's long-window remaining quota.",
+        }),
+    ];
+}
+function buildClaudeLiveWindow(input) {
+    if (input.utilizationPercent === null) {
+        return createUnavailableWindow({
+            id: input.id,
+            label: input.label,
+            windowLabel: input.windowLabel,
+            resetsAt: input.resetsAt,
+            message: "Anthropic reported reset timing, but did not include a live utilization percentage for this window.",
+        });
+    }
+    const usedPercent = Math.max(0, Math.min(100, input.utilizationPercent));
+    return {
+        id: input.id,
+        label: input.label,
+        windowLabel: input.windowLabel,
+        unitLabel: "%",
+        limit: 100,
+        used: usedPercent,
+        remaining: Math.max(0, 100 - usedPercent),
+        resetsAt: input.resetsAt,
+        message: "Live utilization reported by Anthropic OAuth rate-limit headers. Claude exposes percentages here, not token counts.",
+    };
+}
+function buildClaudeLiveWindows(snapshot) {
+    return [
+        buildClaudeLiveWindow({
+            id: "rolling-5h",
+            label: "5 hour window",
+            windowLabel: "Rolling short-window Claude usage reported by Anthropic OAuth headers.",
+            resetsAt: snapshot.fiveHourResetsAt,
+            utilizationPercent: snapshot.fiveHourUtilization,
+        }),
+        buildClaudeLiveWindow({
+            id: "rolling-7d",
+            label: "7 day window",
+            windowLabel: "Rolling long-window Claude usage reported by Anthropic OAuth headers.",
+            resetsAt: snapshot.sevenDayResetsAt,
+            utilizationPercent: snapshot.sevenDayUtilization,
+        }),
+    ];
+}
+function parseClaudePlanTokenLimit(subscriptionType) {
+    const normalized = subscriptionType?.trim().toLowerCase() ?? "";
+    if (!normalized) {
+        return null;
+    }
+    if (normalized.includes("max20")) {
+        return 220000;
+    }
+    if (normalized.includes("max5") || normalized === "max") {
+        return 88000;
+    }
+    if (normalized.includes("pro")) {
+        return 19000;
+    }
+    return null;
+}
+function safeParseIsoTimestamp(value) {
+    if (typeof value !== "string" || !value.trim()) {
+        return null;
+    }
+    const parsed = new Date(value);
+    return Number.isNaN(parsed.getTime()) ? null : parsed;
+}
+function extractClaudeUsageTokens(entry) {
+    const message = toObject(entry.message);
+    const usage = toObject(message?.usage);
+    const inputTokens = toNumber(usage?.input_tokens) ?? 0;
+    const outputTokens = toNumber(usage?.output_tokens) ?? 0;
+    return Math.max(0, Math.round(inputTokens + outputTokens));
+}
+function extractClaudeResetSignal(entry, now) {
+    const observedAt = safeParseIsoTimestamp(entry.timestamp);
+    const rootContent = typeof entry.content === "string" ? entry.content : null;
+    if (rootContent && observedAt) {
+        const waitMatch = rootContent.toLowerCase().match(/wait\s+(\d+)\s+minutes?/);
+        if (waitMatch?.[1]) {
+            const waitMinutes = Number(waitMatch[1]);
+            if (Number.isFinite(waitMinutes) && waitMinutes > 0) {
+                const resetAt = new Date(observedAt.getTime() + waitMinutes * 60 * 1000);
+                if (resetAt.getTime() > now.getTime()) {
+                    return resetAt.toISOString();
+                }
+            }
+        }
+    }
+    const message = toObject(entry.message);
+    const content = Array.isArray(message?.content) ? message.content : [];
+    for (const item of content) {
+        const block = toObject(item);
+        const toolResultText = typeof block?.content === "string" ? block.content : null;
+        if (!toolResultText) {
+            continue;
+        }
+        const resetMatch = toolResultText.match(/limit reached\|(\d+)/i);
+        if (!resetMatch?.[1]) {
+            continue;
+        }
+        const rawTimestamp = Number(resetMatch[1]);
+        if (!Number.isFinite(rawTimestamp)) {
+            continue;
+        }
+        const resetAt = rawTimestamp > 10000000000 ? rawTimestamp : rawTimestamp * 1000;
+        const parsed = new Date(resetAt);
+        if (!Number.isNaN(parsed.getTime()) && parsed.getTime() > now.getTime()) {
+            return parsed.toISOString();
+        }
+    }
+    return null;
+}
+async function collectRecentClaudeUsage(projectsDir, now) {
+    const windowStartMs = now.getTime() - CLAUDE_SESSION_WINDOW_MS;
+    const eligibleFileMtimeFloor = windowStartMs - 60 * 60 * 1000;
+    const pendingDirs = [projectsDir];
+    let usedTokens = 0;
+    let latestEntryAtMs = null;
+    let limitResetAtMs = null;
+    let entryCount = 0;
+    while (pendingDirs.length > 0) {
+        const currentDir = pendingDirs.pop();
+        if (!currentDir) {
+            continue;
+        }
+        let entries;
+        try {
+            entries = await readdir(currentDir, { withFileTypes: true });
+        }
+        catch {
+            continue;
+        }
+        for (const entry of entries) {
+            const fullPath = path.join(currentDir, entry.name);
+            if (entry.isDirectory()) {
+                pendingDirs.push(fullPath);
+                continue;
+            }
+            if (!entry.isFile() || !entry.name.endsWith(".jsonl")) {
+                continue;
+            }
+            let stats;
+            try {
+                stats = await stat(fullPath);
+            }
+            catch {
+                continue;
+            }
+            if (stats.mtimeMs < eligibleFileMtimeFloor) {
+                continue;
+            }
+            let content;
+            try {
+                content = await readFile(fullPath, "utf8");
+            }
+            catch {
+                continue;
+            }
+            for (const line of content.split(/\r?\n/)) {
+                const trimmed = line.trim();
+                if (!trimmed) {
+                    continue;
+                }
+                let parsed;
+                try {
+                    parsed = JSON.parse(trimmed);
+                }
+                catch {
+                    continue;
+                }
+                const record = toObject(parsed);
+                if (!record) {
+                    continue;
+                }
+                const timestamp = safeParseIsoTimestamp(record.timestamp);
+                if (!timestamp) {
+                    continue;
+                }
+                const resetSignal = extractClaudeResetSignal(record, now);
+                if (resetSignal) {
+                    const resetMs = new Date(resetSignal).getTime();
+                    if (!Number.isNaN(resetMs)) {
+                        limitResetAtMs =
+                            limitResetAtMs === null ? resetMs : Math.min(limitResetAtMs, resetMs);
+                    }
+                }
+                if (timestamp.getTime() < windowStartMs) {
+                    continue;
+                }
+                if (record.type !== "assistant") {
+                    continue;
+                }
+                const tokens = extractClaudeUsageTokens(record);
+                if (tokens <= 0) {
+                    continue;
+                }
+                usedTokens += tokens;
+                entryCount += 1;
+                latestEntryAtMs =
+                    latestEntryAtMs === null ? timestamp.getTime() : Math.max(latestEntryAtMs, timestamp.getTime());
+            }
+        }
+    }
+    return {
+        usedTokens,
+        latestEntryAt: latestEntryAtMs === null ? null : new Date(latestEntryAtMs).toISOString(),
+        limitResetAt: limitResetAtMs === null ? null : new Date(limitResetAtMs).toISOString(),
+        entryCount,
+    };
+}
+function buildCodexWindows(subscriptionUntil) {
+    return [
+        createUnavailableWindow({
+            id: "rolling-5h",
+            label: "5 hour window",
+            windowLabel: "Rolling window for short-term Codex usage.",
+            resetsAt: null,
+            message: "Codex does not currently publish live remaining request counts through the local CLI.",
+        }),
+        createUnavailableWindow({
+            id: "rolling-7d",
+            label: "7 day window",
+            windowLabel: "Long-window cap associated with your ChatGPT-linked Codex access.",
+            resetsAt: null,
+            message: subscriptionUntil
+                ? `Weekly remaining usage is not exposed locally. ChatGPT subscription metadata is active until ${subscriptionUntil}.`
+                : "Weekly remaining usage is not exposed locally.",
+        }),
+    ];
+}
+function buildGeminiWindows(now) {
+    return [
+        createUnavailableWindow({
+            id: "daily",
+            label: "24 hour reset window",
+            windowLabel: "Daily Gemini reset timing. Google resets requests-per-day at midnight Pacific time.",
+            resetsAt: getNextPacificMidnightIso(now),
+            message: "Junction can show the next Gemini reset time, but Gemini does not expose live remaining usage locally.",
+        }),
+    ];
+}
+async function loadClaudeRateLimits(refreshedAt, homeDir, now, options) {
+    const commandPrefix = resolveProviderCommandPrefix(options.runtimeSettings?.command, () => "claude");
+    const claudeConfigDir = resolveClaudeConfigDir(homeDir, options.env);
+    const envAuthVariable = getClaudeEnvAuthVariable(options.env);
+    const result = await options.commandRunner(commandPrefix.command, [...commandPrefix.args, "auth", "status"], {
+        env: options.env,
+    });
+    const parsed = result.status === 0 ? parseClaudeAuthStatus(result.stdout ?? "") : null;
+    const sessionKey = parsed?.orgId && parsed.authMethod === "claude.ai"
+        ? await readClaudeSessionKey(homeDir, options.env)
+        : null;
+    let oauthCredentials = null;
+    try {
+        oauthCredentials = await readClaudeOAuthCredentials(claudeConfigDir, {
+            allowKeychain: !envAuthVariable,
+        });
+    }
+    catch (error) {
+        if (!envAuthVariable && !parsed?.loggedIn) {
+            throw error;
+        }
+    }
+    if (parsed?.orgId && sessionKey) {
+        try {
+            const liveSnapshot = await readClaudeWebRateLimits({
+                organizationId: parsed.orgId,
+                sessionKey,
+                timeoutMs: options.timeoutMs,
+            });
+            return {
+                provider: "claude",
+                status: "available",
+                sourceLabel: CLAUDE_WEB_SOURCE_LABEL,
+                planLabel: titleCase(parsed.subscriptionType) ?? "Claude account",
+                accountLabel: parsed.email ?? "Signed in",
+                message: "Live usage windows loaded from Claude's web usage endpoint.",
+                refreshedAt,
+                windows: buildClaudeLiveWindows(liveSnapshot),
+            };
+        }
+        catch {
+            // Fall back to Claude OAuth headers or local telemetry.
+        }
+    }
+    if (options.allowClaudeOAuthProbe &&
+        oauthCredentials &&
+        !isClaudeOAuthCredentialExpired(oauthCredentials)) {
+        try {
+            const liveSnapshot = await options.claudeRateLimitReader({
+                accessToken: oauthCredentials.accessToken,
+                timeoutMs: options.timeoutMs,
+            });
+            return {
+                provider: "claude",
+                status: "available",
+                sourceLabel: CLAUDE_OAUTH_SOURCE_LABEL,
+                planLabel: titleCase(parsed?.subscriptionType) ??
+                    titleCase(oauthCredentials.subscriptionType) ??
+                    "Claude account",
+                accountLabel: parsed?.email ??
+                    (envAuthVariable ? `Configured via ${envAuthVariable}` : "Signed in via Claude Code"),
+                message: "Live usage windows loaded from Claude OAuth rate-limit headers.",
+                refreshedAt,
+                windows: buildClaudeLiveWindows(liveSnapshot),
+            };
+        }
+        catch {
+            // Fall back to local telemetry when live OAuth headers are unavailable.
+        }
+    }
+    if (result.status !== 0) {
+        if (envAuthVariable) {
+            const usageSnapshot = await collectRecentClaudeUsage(path.join(claudeConfigDir, "projects"), now);
+            const rollingResetAt = usageSnapshot.limitResetAt ??
+                (usageSnapshot.latestEntryAt
+                    ? new Date(new Date(usageSnapshot.latestEntryAt).getTime() + CLAUDE_SESSION_WINDOW_MS).toISOString()
+                    : null);
+            return {
+                provider: "claude",
+                status: "available",
+                sourceLabel: CLAUDE_ENV_SOURCE_LABEL,
+                planLabel: "Environment auth",
+                accountLabel: `Configured via ${envAuthVariable}`,
+                message: "Claude auth was detected from the daemon environment. Plan details are unavailable until `claude auth status` succeeds.",
+                refreshedAt,
+                windows: [
+                    {
+                        id: "rolling-5h",
+                        label: "5 hour token estimate",
+                        windowLabel: "Estimated Claude Code usage over the last 5 hours based on local session telemetry.",
+                        unitLabel: null,
+                        limit: null,
+                        used: usageSnapshot.usedTokens,
+                        remaining: null,
+                        resetsAt: rollingResetAt,
+                        message: "Anthropic does not expose an official local remaining counter. Junction is showing recent usage only.",
+                    },
+                    createUnavailableWindow({
+                        id: "rolling-7d",
+                        label: "7 day window",
+                        windowLabel: "Long-window Claude caps vary by plan and demand.",
+                        resetsAt: null,
+                        message: "Junction does not yet have a reliable local source for Claude's long-window remaining quota.",
+                    }),
+                ],
+            };
+        }
+        const message = result.stderr?.trim() || result.stdout?.trim() || "Claude auth status is unavailable.";
+        return buildUnavailableProvider("claude", refreshedAt, message, buildClaudeUnavailableWindows(), "claude auth status");
+    }
+    if (!parsed) {
+        return buildUnavailableProvider("claude", refreshedAt, "Claude auth status returned an unreadable response.", buildClaudeUnavailableWindows(), "claude auth status");
+    }
+    if (!parsed.loggedIn) {
+        return buildUnavailableProvider("claude", refreshedAt, "Claude is not logged in on this daemon.", buildClaudeUnavailableWindows(), "claude auth status");
+    }
+    const estimatedLimit = parseClaudePlanTokenLimit(parsed.subscriptionType ?? null);
+    const usageSnapshot = await collectRecentClaudeUsage(path.join(claudeConfigDir, "projects"), now);
+    const rollingResetAt = usageSnapshot.limitResetAt ??
+        (usageSnapshot.latestEntryAt
+            ? new Date(new Date(usageSnapshot.latestEntryAt).getTime() + CLAUDE_SESSION_WINDOW_MS).toISOString()
+            : null);
+    const rollingWindow = {
+        id: "rolling-5h",
+        label: "5 hour token estimate",
+        windowLabel: "Estimated Claude Code usage over the last 5 hours based on local session telemetry.",
+        unitLabel: null,
+        limit: estimatedLimit,
+        used: usageSnapshot.usedTokens,
+        remaining: estimatedLimit === null
+            ? null
+            : Math.max(0, estimatedLimit - usageSnapshot.usedTokens),
+        resetsAt: rollingResetAt,
+        message: estimatedLimit === null
+            ? "Anthropic does not expose an official local remaining counter. Junction is showing recent usage only."
+            : "Estimated from Claude Code JSONL usage plus plan-default token ceilings; Anthropic does not expose an official local remaining counter.",
+    };
+    return {
+        provider: "claude",
+        status: "available",
+        sourceLabel: "claude auth status + local session telemetry",
+        planLabel: titleCase(parsed.subscriptionType) ?? "Unknown",
+        accountLabel: parsed.email ?? "Signed in",
+        message: usageSnapshot.entryCount > 0
+            ? "Local Claude usage estimate loaded from recent session JSONL data."
+            : "Claude is signed in. No recent local session usage was detected in the last 5 hours.",
+        refreshedAt,
+        windows: [
+            rollingWindow,
+            createUnavailableWindow({
+                id: "rolling-7d",
+                label: "7 day window",
+                windowLabel: "Long-window Claude caps vary by plan and demand.",
+                resetsAt: null,
+                message: "Junction does not yet have a reliable local source for Claude's long-window remaining quota.",
+            }),
+        ],
+    };
+}
+async function loadCodexRateLimits(refreshedAt, homeDir, options) {
+    const providerHomeDir = resolveProviderHomeDir(homeDir, options.env);
+    const authPath = path.join(providerHomeDir, ".codex", "auth.json");
+    const parsed = await readJsonFile(authPath, CODEX_AUTH_SOURCE_LABEL);
+    const payload = decodeJwtPayload(parsed?.tokens?.id_token) ?? decodeJwtPayload(parsed?.tokens?.access_token);
+    const planType = payload?.["https://api.openai.com/auth"]?.chatgpt_plan_type ?? null;
+    const subscriptionUntil = payload?.["https://api.openai.com/auth"]?.chatgpt_subscription_active_until ?? null;
+    const accountEmail = payload?.["https://api.openai.com/profile"]?.email ?? payload?.email ?? null;
+    const commandPrefix = resolveProviderCommandPrefix(options.runtimeSettings?.command, () => "codex");
+    try {
+        const liveRateLimits = await options.codexRateLimitReader({
+            runtimeSettings: options.runtimeSettings,
+            timeoutMs: options.timeoutMs,
+        });
+        const buckets = parseCodexRateLimitBuckets(liveRateLimits);
+        const windows = buckets.flatMap((bucket) => {
+            const nextWindows = [];
+            if (bucket.primary) {
+                nextWindows.push(buildCodexWindow(bucket, "primary", bucket.primary));
+            }
+            if (bucket.secondary) {
+                nextWindows.push(buildCodexWindow(bucket, "secondary", bucket.secondary));
+            }
+            return nextWindows;
+        });
+        if (windows.length > 0) {
+            const livePlanType = buckets.find((bucket) => typeof bucket.planType === "string" && bucket.planType.trim())?.planType ??
+                planType;
+            const includesNamedBuckets = buckets.some((bucket) => {
+                const bucketLabel = formatBucketLabel(bucket.limitId, bucket.limitName);
+                return bucketLabel !== "Codex";
+            });
+            return {
+                provider: "codex",
+                status: "available",
+                sourceLabel: "codex app-server",
+                planLabel: titleCase(livePlanType) ?? titleCase(planType) ?? "ChatGPT account",
+                accountLabel: accountEmail ?? "Signed in",
+                message: includesNamedBuckets
+                    ? "Live usage windows loaded from Codex, including model-specific buckets when available."
+                    : "Live usage windows loaded from Codex.",
+                refreshedAt,
+                windows,
+            };
+        }
+    }
+    catch {
+        // Fall back to auth metadata when live rate-limit polling is unavailable.
+    }
+    const result = await options.commandRunner(commandPrefix.command, [...commandPrefix.args, "login", "status"], {
+        env: options.env,
+    });
+    if (result.status !== 0) {
+        const message = result.stderr?.trim() || result.stdout?.trim() || "Codex login status is unavailable.";
+        return buildUnavailableProvider("codex", refreshedAt, message, buildCodexWindows(null), CODEX_AUTH_SOURCE_LABEL);
+    }
+    return {
+        provider: "codex",
+        status: "available",
+        sourceLabel: CODEX_AUTH_SOURCE_LABEL,
+        planLabel: titleCase(planType) ?? "ChatGPT account",
+        accountLabel: accountEmail ?? "Signed in",
+        message: "Live ChatGPT account metadata is available. Codex does not expose exact remaining request counts locally.",
+        refreshedAt,
+        windows: buildCodexWindows(subscriptionUntil),
+    };
+}
+function getGeminiEnvAuthVariable(env) {
+    if (env.GEMINI_API_KEY) {
+        return "GEMINI_API_KEY";
+    }
+    if (env.GOOGLE_API_KEY) {
+        return "GOOGLE_API_KEY";
+    }
+    if (env.GOOGLE_GENERATIVE_AI_API_KEY) {
+        return "GOOGLE_GENERATIVE_AI_API_KEY";
+    }
+    return null;
+}
+async function loadGeminiRateLimits(refreshedAt, homeDir, now, options) {
+    const providerHomeDir = resolveProviderHomeDir(homeDir, options.env ?? process.env);
+    const envAuthVariable = getGeminiEnvAuthVariable(options.env ?? process.env);
+    if (envAuthVariable) {
+        return {
+            provider: "gemini",
+            status: "available",
+            sourceLabel: GEMINI_ENV_SOURCE_LABEL,
+            planLabel: "API key",
+            accountLabel: `Configured via ${envAuthVariable}`,
+            message: "Gemini auth was detected from the daemon environment. Junction can show reset timing, but Gemini does not expose live usage or remaining quota for API-key auth.",
+            refreshedAt,
+            windows: buildGeminiWindows(now),
+        };
+    }
+    const googleAccountsPath = path.join(providerHomeDir, ".gemini", "google_accounts.json");
+    const settingsPath = path.join(providerHomeDir, ".gemini", "settings.json");
+    const accounts = await readJsonFile(googleAccountsPath, GEMINI_ACCOUNTS_SOURCE_LABEL);
+    const settings = await readJsonFile(settingsPath, GEMINI_SETTINGS_SOURCE_LABEL);
+    const activeAccount = accounts?.active?.trim() ?? "";
+    const authType = settings?.security?.auth?.selectedType ?? settings?.selectedAuthType ?? null;
+    if (!activeAccount) {
+        return buildUnavailableProvider("gemini", refreshedAt, "Gemini is not logged in on this daemon.", buildGeminiWindows(now), GEMINI_ACCOUNTS_SOURCE_LABEL);
+    }
+    return {
+        provider: "gemini",
+        status: "available",
+        sourceLabel: GEMINI_ACCOUNTS_SOURCE_LABEL,
+        planLabel: titleCase(authType) ?? "Google account",
+        accountLabel: activeAccount,
+        message: "Live account status is available. Junction can show the next Gemini reset, but Gemini does not expose live usage or remaining quota locally.",
+        refreshedAt,
+        windows: buildGeminiWindows(now),
+    };
+}
+/**
+ * Loads daemon-scoped rate-limit snapshots for Claude, Codex, and Gemini.
+ *
+ * Each provider is probed independently so a failure in one provider degrades
+ * only that provider's snapshot instead of aborting the whole response.
+ */
+export async function loadDaemonProviderRateLimits(options = {}) {
+    const homeDir = options.homeDir ?? homedir();
+    const junctionHome = options.junctionHome ?? homeDir;
+    const rootDir = path.parse(homeDir).root || (options.platform === "win32" ? "C:\\" : "/");
+    const refreshedAt = (options.now ?? new Date()).toISOString();
+    const persistedConfig = loadPersistedConfig(junctionHome);
+    const claudeRuntimeSettings = persistedConfig.agents?.providers?.claude;
+    const codexRuntimeSettings = persistedConfig.agents?.providers?.codex;
+    const geminiRuntimeSettings = persistedConfig.agents?.providers?.gemini;
+    const env = options.env ?? process.env;
+    const now = options.now ?? new Date();
+    const commandRunner = options.commandRunner ?? defaultCommandRunner;
+    const claudeRateLimitReader = options.claudeRateLimitReader ?? readClaudeOAuthRateLimits;
+    const codexRateLimitReader = options.codexRateLimitReader ?? readCodexAppServerRateLimits;
+    const timeoutMs = options.timeoutMs ?? RATE_LIMIT_READER_TIMEOUT_MS;
+    const allowClaudeOAuthProbe = options.allowClaudeOAuthProbe ?? false;
+    const providers = {
+        claude: buildErrorProvider("claude", refreshedAt, "Not loaded yet."),
+        codex: buildErrorProvider("codex", refreshedAt, "Not loaded yet."),
+        gemini: buildErrorProvider("gemini", refreshedAt, "Not loaded yet."),
+    };
+    const claudePromise = loadClaudeRateLimits(refreshedAt, homeDir, now, {
+        env: applyProviderEnv(env, claudeRuntimeSettings),
+        claudeRateLimitReader,
+        commandRunner,
+        timeoutMs,
+        allowClaudeOAuthProbe,
+        runtimeSettings: claudeRuntimeSettings,
+    }).catch((error) => buildErrorProvider("claude", refreshedAt, error instanceof Error ? error.message : String(error), "claude auth status"));
+    const codexPromise = loadCodexRateLimits(refreshedAt, homeDir, {
+        env: applyProviderEnv(env, codexRuntimeSettings),
+        commandRunner,
+        codexRateLimitReader,
+        timeoutMs,
+        runtimeSettings: codexRuntimeSettings,
+    }).catch((error) => buildErrorProvider("codex", refreshedAt, error instanceof Error ? error.message : String(error), CODEX_AUTH_SOURCE_LABEL));
+    const geminiPromise = loadGeminiRateLimits(refreshedAt, homeDir, now, {
+        env: applyProviderEnv(env, geminiRuntimeSettings),
+    }).catch((error) => buildErrorProvider("gemini", refreshedAt, error instanceof Error ? error.message : String(error), GEMINI_ACCOUNTS_SOURCE_LABEL));
+    const [claude, codex, gemini] = await Promise.all([
+        claudePromise,
+        codexPromise,
+        geminiPromise,
+    ]);
+    providers.claude = claude;
+    providers.codex = codex;
+    providers.gemini = gemini;
+    return {
+        homeDir,
+        rootDir,
+        providers,
+    };
+}
+//# sourceMappingURL=daemon-provider-rate-limits.js.map