@kaitranntt/ccs 7.37.0 → 7.37.1-dev.1

package/dist/cliproxy/account-manager.js

@@ -2,6 +2,9 @@
 /**
  * Account Manager for CLIProxyAPI Multi-Account Support
  *
+ * DEPRECATED: This file is now a re-export shim for backwards compatibility.
+ * New code should import directly from './accounts/' module.
+ *
  * Manages multiple OAuth accounts per provider (Gemini, Codex, etc.).
  * Each provider can have multiple accounts, with one designated as default.
  *
@@ -9,800 +12,37 @@
  * Token storage: ~/.ccs/cliproxy/auth/ (flat structure, CLIProxyAPI discovers by type field)
  * Paused tokens: ~/.ccs/cliproxy/auth-paused/ (sibling dir, outside CLIProxyAPI scan path)
  */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAllAccountsSummary = exports.soloAccount = exports.bulkResumeAccounts = exports.bulkPauseAccounts = exports.discoverExistingAccounts = exports.getAccountTokenPath = exports.touchAccount = exports.renameAccount = exports.removeAccount = exports.getActiveAccounts = exports.setAccountTier = exports.isAccountPaused = exports.resumeAccount = exports.pauseAccount = exports.setDefaultAccount = exports.registerAccount = exports.findAccountByQuery = exports.getAccount = exports.getDefaultAccount = exports.getProviderAccounts = exports.saveAccountsRegistry = exports.loadAccountsRegistry = exports.getPausedDir = exports.getAccountsRegistryPath = exports.validateNickname = exports.generateNickname = exports.extractAccountIdFromTokenFile = exports.PROVIDERS_WITHOUT_EMAIL = void 0;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const profile_detector_1 = require("../auth/profile-detector");
-const config_generator_1 = require("./config-generator");
-const auth_types_1 = require("./auth/auth-types");
-/**
- * Providers that typically have empty email in OAuth token files.
- * For these providers, nickname is used as accountId instead of email.
- */
-exports.PROVIDERS_WITHOUT_EMAIL = ['kiro', 'ghcp'];
-/** Default registry structure */
-const DEFAULT_REGISTRY = {
-    version: 1,
-    providers: {},
-};
-/**
- * Extract unique account ID from token filename when email is unavailable
- * For Kiro/GHCP OAuth, filenames are: <provider>-<oauth>-<profile_id>.json
- * Extracts: <oauth>-<profile_id> as unique identifier
- * @example kiro-github-ABC123.json → github-ABC123
- * @example ghcp-amazon-XYZ789.json → amazon-XYZ789
- * @example kiro-nomail.json → default (no OAuth structure)
- */
-function extractAccountIdFromTokenFile(filename, email) {
-    if (email)
-        return email;
-    // Pattern: <provider>-<oauth>-<profile_id>.json → extract <oauth>-<profile_id>
-    // Requires at least 2 hyphens to distinguish from simple filenames like "kiro-nomail.json"
-    const match = filename.match(/^[^-]+-([^-]+-[^.]+)\.json$/);
-    if (match)
-        return match[1];
-    return 'default';
-}
-exports.extractAccountIdFromTokenFile = extractAccountIdFromTokenFile;
-/**
- * Generate nickname from email
- * Takes prefix before @ symbol, sanitizes whitespace
- * Validation: 1-50 chars, any non-whitespace (permissive per user preference)
- */
-function generateNickname(email) {
-    if (!email)
-        return 'default';
-    const prefix = email.split('@')[0];
-    // Sanitize: remove whitespace, limit to 50 chars
-    return prefix.replace(/\s+/g, '').slice(0, 50) || 'default';
-}
-exports.generateNickname = generateNickname;
-/**
- * Validate nickname
- * Rules: 1-50 chars, no whitespace, URL-safe, no reserved patterns
- * @returns null if valid, error message if invalid
- */
-function validateNickname(nickname) {
-    if (!nickname || nickname.length === 0) {
-        return 'Nickname is required';
-    }
-    if (nickname.length > 50) {
-        return 'Nickname must be 50 characters or less';
-    }
-    if (/\s/.test(nickname)) {
-        return 'Nickname cannot contain whitespace';
-    }
-    // Block URL-unsafe chars that break routing
-    if (/[%\/&?#]/.test(nickname)) {
-        return 'Nickname cannot contain special URL characters (%, /, &, ?, #)';
-    }
-    // Block reserved patterns used by auto-discovery (kiro-1, ghcp-2, etc.)
-    if (/^(kiro|ghcp)-\d+$/i.test(nickname)) {
-        return 'Nickname cannot match reserved pattern (kiro-N, ghcp-N)';
-    }
-    return null;
-}
-exports.validateNickname = validateNickname;
-/**
- * Get path to accounts registry file
- */
-function getAccountsRegistryPath() {
-    return path.join((0, config_generator_1.getCliproxyDir)(), 'accounts.json');
-}
-exports.getAccountsRegistryPath = getAccountsRegistryPath;
-/**
- * Get path to paused tokens directory
- * Paused tokens are moved here so CLIProxyAPI won't discover them
- *
- * Uses sibling directory (auth-paused/) instead of subdirectory (auth/paused/)
- * because CLIProxyAPI's watcher uses filepath.Walk() which recursively scans
- * all subdirectories of auth/. A sibling directory is completely outside
- * CLIProxyAPI's scan path, preventing token refresh loops.
- */
-function getPausedDir() {
-    return path.join((0, config_generator_1.getCliproxyDir)(), 'auth-paused');
-}
-exports.getPausedDir = getPausedDir;
-/**
- * Load accounts registry
- */
-function loadAccountsRegistry() {
-    const registryPath = getAccountsRegistryPath();
-    if (!fs.existsSync(registryPath)) {
-        return { ...DEFAULT_REGISTRY };
-    }
-    try {
-        const content = fs.readFileSync(registryPath, 'utf-8');
-        const data = JSON.parse(content);
-        return {
-            version: data.version || 1,
-            providers: data.providers || {},
-        };
-    }
-    catch {
-        return { ...DEFAULT_REGISTRY };
-    }
-}
-exports.loadAccountsRegistry = loadAccountsRegistry;
-/**
- * Save accounts registry
- */
-function saveAccountsRegistry(registry) {
-    const registryPath = getAccountsRegistryPath();
-    const dir = path.dirname(registryPath);
-    if (!fs.existsSync(dir)) {
-        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
-    }
-    fs.writeFileSync(registryPath, JSON.stringify(registry, null, 2) + '\n', {
-        mode: 0o600,
-    });
-}
-exports.saveAccountsRegistry = saveAccountsRegistry;
-/**
- * Sync registry with actual token files
- * Removes stale entries where token file no longer exists
- * For paused accounts, checks both auth/ and paused/ directories
- * Called automatically when loading accounts
- */
-function syncRegistryWithTokenFiles(registry) {
-    const authDir = (0, config_generator_1.getAuthDir)();
-    const pausedDir = getPausedDir();
-    let modified = false;
-    for (const [_providerName, providerAccounts] of Object.entries(registry.providers)) {
-        if (!providerAccounts)
-            continue;
-        const staleIds = [];
-        for (const [accountId, meta] of Object.entries(providerAccounts.accounts)) {
-            const tokenPath = path.join(authDir, meta.tokenFile);
-            const pausedPath = path.join(pausedDir, meta.tokenFile);
-            // For paused accounts, check paused dir; for active accounts, check auth dir
-            const expectedPath = meta.paused ? pausedPath : tokenPath;
-            // Also accept if file exists in either location (handles edge cases)
-            const existsAnywhere = fs.existsSync(tokenPath) || fs.existsSync(pausedPath);
-            if (!fs.existsSync(expectedPath) && !existsAnywhere) {
-                staleIds.push(accountId);
-            }
-        }
-        // Remove stale accounts
-        for (const id of staleIds) {
-            delete providerAccounts.accounts[id];
-            modified = true;
-            // Update default if deleted
-            if (providerAccounts.default === id) {
-                const remainingIds = Object.keys(providerAccounts.accounts);
-                providerAccounts.default = remainingIds[0] || 'default';
-            }
-        }
-    }
-    return modified;
-}
-/**
- * Get all accounts for a provider
- */
-function getProviderAccounts(provider) {
-    const registry = loadAccountsRegistry();
-    // Sync with actual token files (removes stale entries)
-    if (syncRegistryWithTokenFiles(registry)) {
-        saveAccountsRegistry(registry);
-    }
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts) {
-        return [];
-    }
-    return Object.entries(providerAccounts.accounts).map(([id, meta]) => ({
-        id,
-        provider,
-        isDefault: id === providerAccounts.default,
-        ...meta,
-    }));
-}
-exports.getProviderAccounts = getProviderAccounts;
-/**
- * Get default account for a provider
- */
-function getDefaultAccount(provider) {
-    const accounts = getProviderAccounts(provider);
-    return accounts.find((a) => a.isDefault) || accounts[0] || null;
-}
-exports.getDefaultAccount = getDefaultAccount;
-/**
- * Get specific account by ID
- */
-function getAccount(provider, accountId) {
-    const accounts = getProviderAccounts(provider);
-    return accounts.find((a) => a.id === accountId) || null;
-}
-exports.getAccount = getAccount;
-/**
- * Find account by query (nickname, email, or id)
- * Supports partial matching for convenience
- */
-function findAccountByQuery(provider, query) {
-    const accounts = getProviderAccounts(provider);
-    const lowerQuery = query.toLowerCase();
-    // Exact match first (id, email, nickname)
-    const exactMatch = accounts.find((a) => a.id === query ||
-        a.email?.toLowerCase() === lowerQuery ||
-        a.nickname?.toLowerCase() === lowerQuery);
-    if (exactMatch)
-        return exactMatch;
-    // Partial match on nickname or email prefix
-    const partialMatch = accounts.find((a) => a.nickname?.toLowerCase().startsWith(lowerQuery) ||
-        a.email?.toLowerCase().startsWith(lowerQuery));
-    return partialMatch || null;
-}
-exports.findAccountByQuery = findAccountByQuery;
-/**
- * Register a new account
- * Called after successful OAuth to record the account
- *
- * For providers without email (kiro, ghcp):
- * - nickname is REQUIRED and used as accountId
- * - Uniqueness is enforced to prevent overwriting
- *
- * For providers with email:
- * - email is used as accountId
- * - nickname is auto-generated from email if not provided
- */
-function registerAccount(provider, tokenFile, email, nickname, projectId) {
-    const registry = loadAccountsRegistry();
-    // Initialize provider section if needed
-    if (!registry.providers[provider]) {
-        registry.providers[provider] = {
-            default: 'default',
-            accounts: {},
-        };
-    }
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts) {
-        throw new Error('Failed to initialize provider accounts');
-    }
-    // Determine account ID based on provider type
-    let accountId;
-    let accountNickname;
-    if (exports.PROVIDERS_WITHOUT_EMAIL.includes(provider)) {
-        // For kiro/ghcp: nickname is REQUIRED and used as accountId
-        if (!nickname || nickname === 'default') {
-            throw new Error(`Nickname is required when adding ${provider} accounts. ` +
-                `Use --nickname <name> or provide a nickname in the UI.`);
-        }
-        // Validate nickname format
-        const validationError = validateNickname(nickname);
-        if (validationError) {
-            throw new Error(validationError);
-        }
-        // Check uniqueness
-        for (const [existingId, _account] of Object.entries(providerAccounts.accounts)) {
-            if (existingId.toLowerCase() === nickname.toLowerCase()) {
-                throw new Error(`An account with nickname "${nickname}" already exists for ${provider}. ` +
-                    `Choose a different nickname.`);
-            }
-        }
-        accountId = nickname;
-        accountNickname = nickname;
-    }
-    else {
-        // For other providers: use email as accountId, fallback to filename extraction
-        accountId = extractAccountIdFromTokenFile(tokenFile, email);
-        accountNickname = nickname || generateNickname(email);
-    }
-    const isFirstAccount = Object.keys(providerAccounts.accounts).length === 0;
-    // Create or update account
-    const accountMeta = {
-        email,
-        nickname: accountNickname,
-        tokenFile,
-        createdAt: new Date().toISOString(),
-        lastUsedAt: new Date().toISOString(),
-    };
-    // Include projectId for Antigravity accounts
-    if (provider === 'agy' && projectId) {
-        accountMeta.projectId = projectId;
-    }
-    providerAccounts.accounts[accountId] = accountMeta;
-    // Set as default if first account
-    if (isFirstAccount) {
-        providerAccounts.default = accountId;
-    }
-    saveAccountsRegistry(registry);
-    return {
-        id: accountId,
-        provider,
-        isDefault: accountId === providerAccounts.default,
-        email,
-        nickname: accountNickname,
-        tokenFile,
-        createdAt: providerAccounts.accounts[accountId].createdAt,
-        lastUsedAt: providerAccounts.accounts[accountId].lastUsedAt,
-        projectId: providerAccounts.accounts[accountId].projectId,
-    };
-}
-exports.registerAccount = registerAccount;
-/**
- * Set default account for a provider
- */
-function setDefaultAccount(provider, accountId) {
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts || !providerAccounts.accounts[accountId]) {
-        return false;
-    }
-    providerAccounts.default = accountId;
-    saveAccountsRegistry(registry);
-    return true;
-}
-exports.setDefaultAccount = setDefaultAccount;
-/**
- * Pause an account (skip in quota rotation)
- * Moves token file to paused/ subdir so CLIProxyAPI won't discover it
- */
-function pauseAccount(provider, accountId) {
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts?.accounts[accountId]) {
-        return false;
-    }
-    const accountMeta = providerAccounts.accounts[accountId];
-    // Skip if already paused (idempotent)
-    if (accountMeta.paused) {
-        return true;
-    }
-    const authDir = (0, config_generator_1.getAuthDir)();
-    const pausedDir = getPausedDir();
-    const tokenPath = path.join(authDir, accountMeta.tokenFile);
-    const pausedPath = path.join(pausedDir, accountMeta.tokenFile);
-    // Move token file to paused directory (if it exists in auth dir)
-    if (fs.existsSync(tokenPath)) {
-        try {
-            // Create paused directory if it doesn't exist
-            if (!fs.existsSync(pausedDir)) {
-                fs.mkdirSync(pausedDir, { recursive: true, mode: 0o700 });
-            }
-            fs.renameSync(tokenPath, pausedPath);
-        }
-        catch {
-            // File operation failed, but continue with registry update
-            // syncRegistryWithTokenFiles() will handle recovery on next load
-        }
-    }
-    providerAccounts.accounts[accountId].paused = true;
-    providerAccounts.accounts[accountId].pausedAt = new Date().toISOString();
-    saveAccountsRegistry(registry);
-    return true;
-}
-exports.pauseAccount = pauseAccount;
-/**
- * Resume a paused account
- * Moves token file back from paused/ to auth/ so CLIProxyAPI can discover it
- */
-function resumeAccount(provider, accountId) {
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts?.accounts[accountId]) {
-        return false;
-    }
-    const accountMeta = providerAccounts.accounts[accountId];
-    // Skip if already active (idempotent)
-    if (!accountMeta.paused) {
-        return true;
-    }
-    const authDir = (0, config_generator_1.getAuthDir)();
-    const pausedDir = getPausedDir();
-    const tokenPath = path.join(authDir, accountMeta.tokenFile);
-    const pausedPath = path.join(pausedDir, accountMeta.tokenFile);
-    // Move token file back from paused directory (if it exists in paused dir)
-    if (fs.existsSync(pausedPath)) {
-        try {
-            fs.renameSync(pausedPath, tokenPath);
-        }
-        catch {
-            // File operation failed, but continue with registry update
-            // syncRegistryWithTokenFiles() will handle recovery on next load
-        }
-    }
-    providerAccounts.accounts[accountId].paused = false;
-    providerAccounts.accounts[accountId].pausedAt = undefined;
-    saveAccountsRegistry(registry);
-    return true;
-}
-exports.resumeAccount = resumeAccount;
-/**
- * Check if an account is paused
- */
-function isAccountPaused(provider, accountId) {
-    const accounts = getProviderAccounts(provider);
-    const account = accounts.find((a) => a.id === accountId);
-    return account?.paused ?? false;
-}
-exports.isAccountPaused = isAccountPaused;
-/**
- * Update account tier
- */
-function setAccountTier(provider, accountId, tier) {
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts?.accounts[accountId]) {
-        return false;
-    }
-    providerAccounts.accounts[accountId].tier = tier;
-    saveAccountsRegistry(registry);
-    return true;
-}
-exports.setAccountTier = setAccountTier;
-/**
- * Get non-paused accounts for a provider
- */
-function getActiveAccounts(provider) {
-    return getProviderAccounts(provider).filter((a) => !a.paused);
-}
-exports.getActiveAccounts = getActiveAccounts;
-/**
- * Remove an account
- */
-function removeAccount(provider, accountId) {
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts || !providerAccounts.accounts[accountId]) {
-        return false;
-    }
-    // Get token file to delete (check both auth and paused directories)
-    const tokenFile = providerAccounts.accounts[accountId].tokenFile;
-    const tokenPath = path.join((0, config_generator_1.getAuthDir)(), tokenFile);
-    const pausedPath = path.join(getPausedDir(), tokenFile);
-    // Delete token file from auth directory
-    if (fs.existsSync(tokenPath)) {
-        try {
-            fs.unlinkSync(tokenPath);
-        }
-        catch {
-            // Ignore deletion errors
-        }
-    }
-    // Also delete from paused directory if it exists there
-    if (fs.existsSync(pausedPath)) {
-        try {
-            fs.unlinkSync(pausedPath);
-        }
-        catch {
-            // Ignore deletion errors
-        }
-    }
-    // Remove from registry
-    delete providerAccounts.accounts[accountId];
-    // Update default if needed
-    const remainingAccounts = Object.keys(providerAccounts.accounts);
-    if (providerAccounts.default === accountId && remainingAccounts.length > 0) {
-        providerAccounts.default = remainingAccounts[0];
-    }
-    saveAccountsRegistry(registry);
-    return true;
-}
-exports.removeAccount = removeAccount;
-/**
- * Rename an account's nickname
- */
-function renameAccount(provider, accountId, newNickname) {
-    const validationError = validateNickname(newNickname);
-    if (validationError) {
-        throw new Error(validationError);
-    }
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (!providerAccounts?.accounts[accountId]) {
-        return false;
-    }
-    // Check if nickname is already used by another account
-    for (const [id, account] of Object.entries(providerAccounts.accounts)) {
-        if (id !== accountId && account.nickname?.toLowerCase() === newNickname.toLowerCase()) {
-            throw new Error(`Nickname "${newNickname}" is already used by another account`);
-        }
-    }
-    providerAccounts.accounts[accountId].nickname = newNickname;
-    saveAccountsRegistry(registry);
-    return true;
-}
-exports.renameAccount = renameAccount;
-/**
- * Update last used timestamp for an account
- */
-function touchAccount(provider, accountId) {
-    const registry = loadAccountsRegistry();
-    const providerAccounts = registry.providers[provider];
-    if (providerAccounts?.accounts[accountId]) {
-        providerAccounts.accounts[accountId].lastUsedAt = new Date().toISOString();
-        saveAccountsRegistry(registry);
-    }
-}
-exports.touchAccount = touchAccount;
-/**
- * Get token file path for an account
- * Returns path in paused/ dir if account is paused, otherwise auth/
- */
-function getAccountTokenPath(provider, accountId) {
-    const account = accountId ? getAccount(provider, accountId) : getDefaultAccount(provider);
-    if (!account) {
-        return null;
-    }
-    // Return path from paused directory if account is paused
-    const baseDir = account.paused ? getPausedDir() : (0, config_generator_1.getAuthDir)();
-    return path.join(baseDir, account.tokenFile);
-}
-exports.getAccountTokenPath = getAccountTokenPath;
-/**
- * Auto-discover accounts from existing token files
- * Called during migration or first run to populate accounts registry
- *
- * For kiro/ghcp providers without email, generates unique accountId from:
- * 1. OAuth provider + profile ID from filename (e.g., github-ABC123)
- * 2. Fallback: provider + index (e.g., kiro-1, kiro-2)
- */
-function discoverExistingAccounts() {
-    const authDir = (0, config_generator_1.getAuthDir)();
-    if (!fs.existsSync(authDir)) {
-        return;
-    }
-    const registry = loadAccountsRegistry();
-    const files = fs.readdirSync(authDir);
-    for (const file of files) {
-        if (!file.endsWith('.json'))
-            continue;
-        const filePath = path.join(authDir, file);
-        try {
-            const content = fs.readFileSync(filePath, 'utf-8');
-            const data = JSON.parse(content);
-            // Skip if no type field
-            if (!data.type)
-                continue;
-            // Build reverse mapping from PROVIDER_TYPE_VALUES (type value -> provider)
-            // e.g., "antigravity" -> "agy", "kiro" -> "kiro", "codewhisperer" -> "kiro"
-            const typeValue = data.type.toLowerCase();
-            let provider;
-            for (const [prov, typeValues] of Object.entries(auth_types_1.PROVIDER_TYPE_VALUES)) {
-                if (typeValues.includes(typeValue)) {
-                    provider = prov;
-                    break;
-                }
-            }
-            // Skip if unknown provider type
-            if (!provider) {
-                continue;
-            }
-            // Extract email if available, fallback to filename-based ID
-            let email = data.email || undefined;
-            // Fallback: extract email from filename (e.g., "kiro-google-user@example.com.json")
-            if (!email && file.includes('@')) {
-                const match = file.match(/([^-]+@[^.]+\.[^.]+)(?=\.json$)/);
-                if (match) {
-                    email = match[1];
-                }
-            }
-            // Initialize provider section if needed
-            if (!registry.providers[provider]) {
-                registry.providers[provider] = {
-                    default: 'default',
-                    accounts: {},
-                };
-            }
-            const providerAccounts = registry.providers[provider];
-            if (!providerAccounts)
-                continue;
-            // Skip if token file already registered (under any accountId)
-            const existingTokenFiles = Object.values(providerAccounts.accounts).map((a) => a.tokenFile);
-            if (existingTokenFiles.includes(file)) {
-                // Token file exists - check if we need to update projectId for agy accounts
-                const projectIdValue = typeof data.project_id === 'string' && data.project_id.trim()
-                    ? data.project_id.trim()
-                    : null;
-                if (provider === 'agy' && projectIdValue) {
-                    const existingEntry = Object.entries(providerAccounts.accounts).find(([, meta]) => meta.tokenFile === file);
-                    // Update if missing or changed
-                    if (existingEntry && existingEntry[1].projectId !== projectIdValue) {
-                        existingEntry[1].projectId = projectIdValue;
-                    }
-                }
-                continue;
-            }
-            // Determine accountId based on provider type
-            let accountId;
-            if (exports.PROVIDERS_WITHOUT_EMAIL.includes(provider) && !email) {
-                // For kiro/ghcp without email: extract from filename or generate unique
-                // Pattern: kiro-github-ABC123.json -> github-ABC123
-                const filenameId = extractAccountIdFromTokenFile(file, undefined);
-                if (filenameId !== 'default') {
-                    accountId = filenameId;
-                }
-                else {
-                    // Generate unique ID: provider + incrementing index
-                    let index = 1;
-                    while (providerAccounts.accounts[`${provider}-${index}`]) {
-                        index++;
-                    }
-                    accountId = `${provider}-${index}`;
-                }
-            }
-            else {
-                // For providers with email: use email or filename extraction
-                accountId = extractAccountIdFromTokenFile(file, email);
-            }
-            // Skip if account already registered
-            if (providerAccounts.accounts[accountId]) {
-                continue;
-            }
-            // Set as default if first account
-            if (Object.keys(providerAccounts.accounts).length === 0) {
-                providerAccounts.default = accountId;
-            }
-            // Get file stats for creation time
-            const stats = fs.statSync(filePath);
-            // Register account with auto-generated nickname
-            // Use mtime as lastUsedAt (when token was last modified = last auth/refresh)
-            const lastModified = stats.mtime || stats.birthtime || new Date();
-            const accountMeta = {
-                email,
-                nickname: generateNickname(email),
-                tokenFile: file,
-                createdAt: stats.birthtime?.toISOString() || new Date().toISOString(),
-                lastUsedAt: lastModified.toISOString(),
-            };
-            // Read project_id for Antigravity accounts (read-only field from auth token)
-            const discoveredProjectId = typeof data.project_id === 'string' && data.project_id.trim()
-                ? data.project_id.trim()
-                : null;
-            if (provider === 'agy' && discoveredProjectId) {
-                accountMeta.projectId = discoveredProjectId;
-            }
-            providerAccounts.accounts[accountId] = accountMeta;
-        }
-        catch {
-            // Skip invalid files
-            continue;
-        }
-    }
-    // Reload-merge pattern: reduce race condition with concurrent OAuth registration
-    // Reload fresh registry and merge discovered accounts (fresh registry wins on conflicts)
-    const freshRegistry = loadAccountsRegistry();
-    for (const [providerName, discovered] of Object.entries(registry.providers)) {
-        if (!discovered)
-            continue;
-        const prov = providerName;
-        if (!freshRegistry.providers[prov]) {
-            freshRegistry.providers[prov] = discovered;
-        }
-        else {
-            // Merge accounts, preferring fresh registry's existing entries but updating projectId
-            const freshProviderAccounts = freshRegistry.providers[prov];
-            if (!freshProviderAccounts)
-                continue;
-            for (const [id, meta] of Object.entries(discovered.accounts)) {
-                if (!freshProviderAccounts.accounts[id]) {
-                    freshProviderAccounts.accounts[id] = meta;
-                    // Set default if none exists
-                    if (!freshProviderAccounts.default || freshProviderAccounts.default === 'default') {
-                        freshProviderAccounts.default = id;
-                    }
-                }
-                else if (meta.projectId && !freshProviderAccounts.accounts[id].projectId) {
-                    // Update existing account with projectId if discovered from auth file
-                    freshProviderAccounts.accounts[id].projectId = meta.projectId;
-                }
-            }
-        }
-    }
-    saveAccountsRegistry(freshRegistry);
-}
-exports.discoverExistingAccounts = discoverExistingAccounts;
-/** Provider-level locks for preventing race conditions in solo mode */
-const providerLocks = new Map();
-/**
- * Bulk pause multiple accounts
- * Pauses each account, collecting successes and failures (no fail-fast)
- */
-function bulkPauseAccounts(provider, accountIds) {
-    const result = { succeeded: [], failed: [] };
-    for (const id of accountIds) {
-        const success = pauseAccount(provider, id);
-        if (success) {
-            result.succeeded.push(id);
-        }
-        else {
-            result.failed.push({ id, reason: 'Account not found' });
-        }
-    }
-    return result;
-}
-exports.bulkPauseAccounts = bulkPauseAccounts;
-/**
- * Bulk resume multiple accounts
- * Resumes each account, collecting successes and failures (no fail-fast)
- */
-function bulkResumeAccounts(provider, accountIds) {
-    const result = { succeeded: [], failed: [] };
-    for (const id of accountIds) {
-        const success = resumeAccount(provider, id);
-        if (success) {
-            result.succeeded.push(id);
-        }
-        else {
-            result.failed.push({ id, reason: 'Account not found' });
-        }
-    }
-    return result;
-}
-exports.bulkResumeAccounts = bulkResumeAccounts;
-/**
- * Solo mode: activate one account, pause all others in same provider
- * Per validation: auto-resumes target if paused, keeps default unchanged
- */
-async function soloAccount(provider, accountId) {
-    // Wait for any pending operation on this provider
-    const pending = providerLocks.get(provider);
-    if (pending)
-        await pending;
-    const operation = (async () => {
-        const accounts = getProviderAccounts(provider);
-        const targetAccount = accounts.find((a) => a.id === accountId);
-        if (!targetAccount) {
-            return null;
-        }
-        const result = { activated: accountId, paused: [] };
-        // Resume target account if paused (per validation decision)
-        if (targetAccount.paused) {
-            resumeAccount(provider, accountId);
-        }
-        // Pause all other accounts
-        for (const account of accounts) {
-            if (account.id !== accountId && !account.paused) {
-                const success = pauseAccount(provider, account.id);
-                if (success) {
-                    result.paused.push(account.id);
-                }
-            }
-        }
-        return result;
-    })();
-    providerLocks.set(provider, operation);
-    try {
-        return await operation;
-    }
-    finally {
-        providerLocks.delete(provider);
-    }
-}
-exports.soloAccount = soloAccount;
-/**
- * Get summary of all accounts across providers
- */
-function getAllAccountsSummary() {
-    const providers = [...profile_detector_1.CLIPROXY_PROFILES];
-    const summary = {};
-    for (const provider of providers) {
-        summary[provider] = getProviderAccounts(provider);
-    }
-    return summary;
-}
-exports.getAllAccountsSummary = getAllAccountsSummary;
+exports.soloAccount = exports.bulkResumeAccounts = exports.bulkPauseAccounts = exports.getAllAccountsSummary = exports.isAccountPaused = exports.getActiveAccounts = exports.findAccountByQuery = exports.getAccount = exports.getDefaultAccount = exports.getProviderAccounts = exports.discoverExistingAccounts = exports.setAccountTier = exports.touchAccount = exports.renameAccount = exports.removeAccount = exports.resumeAccount = exports.pauseAccount = exports.setDefaultAccount = exports.registerAccount = exports.syncRegistryWithTokenFiles = exports.saveAccountsRegistry = exports.loadAccountsRegistry = exports.tokenFileExists = exports.validateNickname = exports.generateNickname = exports.extractAccountIdFromTokenFile = exports.getAccountTokenPath = exports.getPausedDir = exports.getAccountsRegistryPath = exports.PROVIDERS_WITHOUT_EMAIL = void 0;
+var accounts_1 = require("./accounts");
+Object.defineProperty(exports, "PROVIDERS_WITHOUT_EMAIL", { enumerable: true, get: function () { return accounts_1.PROVIDERS_WITHOUT_EMAIL; } });
+Object.defineProperty(exports, "getAccountsRegistryPath", { enumerable: true, get: function () { return accounts_1.getAccountsRegistryPath; } });
+Object.defineProperty(exports, "getPausedDir", { enumerable: true, get: function () { return accounts_1.getPausedDir; } });
+Object.defineProperty(exports, "getAccountTokenPath", { enumerable: true, get: function () { return accounts_1.getAccountTokenPath; } });
+Object.defineProperty(exports, "extractAccountIdFromTokenFile", { enumerable: true, get: function () { return accounts_1.extractAccountIdFromTokenFile; } });
+Object.defineProperty(exports, "generateNickname", { enumerable: true, get: function () { return accounts_1.generateNickname; } });
+Object.defineProperty(exports, "validateNickname", { enumerable: true, get: function () { return accounts_1.validateNickname; } });
+Object.defineProperty(exports, "tokenFileExists", { enumerable: true, get: function () { return accounts_1.tokenFileExists; } });
+Object.defineProperty(exports, "loadAccountsRegistry", { enumerable: true, get: function () { return accounts_1.loadAccountsRegistry; } });
+Object.defineProperty(exports, "saveAccountsRegistry", { enumerable: true, get: function () { return accounts_1.saveAccountsRegistry; } });
+Object.defineProperty(exports, "syncRegistryWithTokenFiles", { enumerable: true, get: function () { return accounts_1.syncRegistryWithTokenFiles; } });
+Object.defineProperty(exports, "registerAccount", { enumerable: true, get: function () { return accounts_1.registerAccount; } });
+Object.defineProperty(exports, "setDefaultAccount", { enumerable: true, get: function () { return accounts_1.setDefaultAccount; } });
+Object.defineProperty(exports, "pauseAccount", { enumerable: true, get: function () { return accounts_1.pauseAccount; } });
+Object.defineProperty(exports, "resumeAccount", { enumerable: true, get: function () { return accounts_1.resumeAccount; } });
+Object.defineProperty(exports, "removeAccount", { enumerable: true, get: function () { return accounts_1.removeAccount; } });
+Object.defineProperty(exports, "renameAccount", { enumerable: true, get: function () { return accounts_1.renameAccount; } });
+Object.defineProperty(exports, "touchAccount", { enumerable: true, get: function () { return accounts_1.touchAccount; } });
+Object.defineProperty(exports, "setAccountTier", { enumerable: true, get: function () { return accounts_1.setAccountTier; } });
+Object.defineProperty(exports, "discoverExistingAccounts", { enumerable: true, get: function () { return accounts_1.discoverExistingAccounts; } });
+Object.defineProperty(exports, "getProviderAccounts", { enumerable: true, get: function () { return accounts_1.getProviderAccounts; } });
+Object.defineProperty(exports, "getDefaultAccount", { enumerable: true, get: function () { return accounts_1.getDefaultAccount; } });
+Object.defineProperty(exports, "getAccount", { enumerable: true, get: function () { return accounts_1.getAccount; } });
+Object.defineProperty(exports, "findAccountByQuery", { enumerable: true, get: function () { return accounts_1.findAccountByQuery; } });
+Object.defineProperty(exports, "getActiveAccounts", { enumerable: true, get: function () { return accounts_1.getActiveAccounts; } });
+Object.defineProperty(exports, "isAccountPaused", { enumerable: true, get: function () { return accounts_1.isAccountPaused; } });
+Object.defineProperty(exports, "getAllAccountsSummary", { enumerable: true, get: function () { return accounts_1.getAllAccountsSummary; } });
+Object.defineProperty(exports, "bulkPauseAccounts", { enumerable: true, get: function () { return accounts_1.bulkPauseAccounts; } });
+Object.defineProperty(exports, "bulkResumeAccounts", { enumerable: true, get: function () { return accounts_1.bulkResumeAccounts; } });
+Object.defineProperty(exports, "soloAccount", { enumerable: true, get: function () { return accounts_1.soloAccount; } });
 //# sourceMappingURL=account-manager.js.map