@karpeleslab/teamclaude 1.0.5 → 1.0.7

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 KarpelesLab
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,18 +1,27 @@
 # TeamClaude
 
+[![CI](https://github.com/KarpelesLab/teamclaude/actions/workflows/ci.yml/badge.svg)](https://github.com/KarpelesLab/teamclaude/actions/workflows/ci.yml)
+[![npm version](https://img.shields.io/npm/v/@karpeleslab/teamclaude.svg)](https://www.npmjs.com/package/@karpeleslab/teamclaude)
+[![node](https://img.shields.io/node/v/@karpeleslab/teamclaude.svg)](https://nodejs.org)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+
 Multi-account Claude proxy with automatic quota-based rotation for [Claude Code](https://claude.ai/claude-code).
 
-Sits transparently between Claude Code and the Anthropic API, managing multiple Claude Max accounts and automatically switching when one approaches its session or weekly quota limit.
+Sits transparently between Claude Code and the Anthropic API, managing multiple Claude Max (or API key) accounts and automatically switching when one approaches its session or weekly quota limit.
 
 ![TeamClaude TUI](screenshots/teamclaude.png)
 
 ## Features
 
 - **Automatic account rotation** — switches to the next account when session (5h) or weekly (7d) quota reaches the configured threshold (default 98%)
-- **Auto-retry on 429** — if an account is rate-limited, transparently retries with the next one
-- **Interactive TUI** — real-time dashboard with color-coded quota bars showing reset countdowns, activity log, and keyboard controls
-- **OAuth token refresh** — proactively refreshes expiring tokens, intercepts client token renewals, and persists them to config
+- **Auto-retry on 429** — waits the `retry-after` duration and retries the same account; switches to the next on persistent errors
+- **Interactive TUI** — real-time dashboard with color-coded quota bars, reset countdowns, activity log, and keyboard controls
+- **OAuth token management** — automatically refreshes tokens nearing expiry and persists them to config; client token refreshes pass through untouched
 - **Hot-reload accounts** — add accounts via `import` or `login` while the server is running, press **R** to pick them up
+- **Org-aware accounts** — one email can hold multiple accounts across different organizations (e.g. corp + personal); dedup is keyed on account + org, and names disambiguate as `email (Org)`
+- **Rotation priority** — pin a preferred account order with `teamclaude priority`
+- **Enable/disable accounts** — temporarily pause an account without removing it (`teamclaude disable`/`enable`, or `d` in the TUI); re-enabling also clears a stuck error state
+- **Quota persistence** — observed quota survives restarts (saved to a sibling state file), so rotation state isn't lost on restart; stale windows are discarded automatically
 - **Request logging** — optional full request/response logging for debugging
 - **Zero dependencies** — uses only Node.js built-in modules
 
@@ -67,7 +76,11 @@ claude /login           # Log into an account in Claude Code
 teamclaude import       # Import its credentials
 ```
 
-Re-importing the same account updates its credentials.
+Re-importing the same account updates its credentials. You can also import from a custom path:
+
+```bash
+teamclaude import --from /path/to/credentials.json
+```
 
 ### API Key
 
@@ -86,18 +99,33 @@ teamclaude server
 ```
 
 When running from a TTY, shows an interactive TUI with:
-- Account table with session/weekly quota progress bars
+- Account table with session/weekly quota progress bars and reset countdowns
 - Real-time activity log with request tracking
-- Keyboard shortcuts: **s**witch, **a**dd, **r**emove, **R**eload, **q**uit
+- Keyboard shortcuts (see below)
 
 Falls back to plain log output when not a TTY (e.g. running as a service).
 
+#### TUI Keyboard Shortcuts
+
+| Key | Action |
+|-----|--------|
+| `s` | Switch active account |
+| `a` | Add account (import or API key) |
+| `r` | Remove an account |
+| `d` | Enable/disable an account |
+| `R` | Reload accounts from config |
+| `q` | Quit |
+
+In selection mode, use `j`/`k` or arrow keys to navigate, `Enter` to confirm, `Esc` to cancel.
+
 ### Run Claude Code through the proxy
 
 ```bash
 teamclaude run
 ```
 
+`run` probes the proxy first: if it's up, Claude Code is routed through it; if it's **not** running, `claude` is launched directly so nothing breaks.
+
 Or manually set the environment:
 
 ```bash
@@ -105,16 +133,38 @@ eval $(teamclaude env)
 claude
 ```
 
+### Routing plain `claude` automatically (alias)
+
+So you don't have to type `teamclaude run` every time, add a shell alias that makes plain `claude` go through the proxy (and fall back to direct when it's down):
+
+```bash
+teamclaude alias              # print the alias for your shell
+teamclaude alias --install    # or write it to your shell rc (--uninstall to remove)
+```
+
+This is an interactive-shell alias — it affects `claude` typed at a prompt, not `claude` spawned by editors or scripts. It's a thin passthrough to `teamclaude run`, which holds the proxy-up/down logic.
+
 ### Other commands
 
 ```bash
-teamclaude accounts          # List accounts with live profile info
+teamclaude accounts          # List accounts with subscription tier and token status
+teamclaude accounts -v       # Also show token expiry times
 teamclaude status            # Show live proxy status (requires running server)
-teamclaude remove <name>     # Remove an account
+teamclaude remove <name>     # Remove an account (by name or email)
+teamclaude disable <name>    # Temporarily exclude an account from rotation
+teamclaude enable <name>     # Re-enable it (also clears a stuck error state)
+teamclaude priority <name> 1 # Set rotation priority (lower = preferred)
+teamclaude alias             # Print/install a `claude` alias that routes via the proxy
 teamclaude api <path>        # Call an API endpoint with account credentials
 teamclaude help              # Show all commands
 ```
 
+When the same email belongs to multiple organizations, accounts are named
+`email (Org)` to keep them distinct. Pass `--org <name|uuid>` to disambiguate a
+bare email, e.g. `teamclaude remove user@example.com --org Acme`. Use
+`teamclaude priority <name> --first` / `--last` to move an account to the front
+or back of the rotation order.
+
 ### Request logging
 
 Log full request/response details to a directory (one file per request):
@@ -127,6 +177,8 @@ teamclaude server --log-to /tmp/requests
 
 Config is stored at `~/.config/teamclaude.json` (or `$XDG_CONFIG_HOME/teamclaude.json`). A random proxy API key is generated on first use.
 
+Volatile runtime state (observed quota) is written separately to `teamclaude.state.json` alongside the config, so the config file stays clean and hand-editable. The state file is safe to delete — quota is simply re-learned from traffic.
+
 Override the config path with `TEAMCLAUDE_CONFIG`:
 
 ```bash
@@ -145,9 +197,12 @@ TEAMCLAUDE_CONFIG=./my-config.json teamclaude server
   "switchThreshold": 0.98,
   "accounts": [
     {
-      "name": "user@example.com",
+      "name": "user@example.com (Acme)",
       "type": "oauth",
       "accountUuid": "...",
+      "orgUuid": "...",
+      "orgName": "Acme",
+      "priority": 0,
       "accessToken": "sk-ant-oat01-...",
       "refreshToken": "sk-ant-ort01-...",
       "expiresAt": 1774384968427
@@ -156,14 +211,38 @@ TEAMCLAUDE_CONFIG=./my-config.json teamclaude server
 }
 ```
 
+| Field | Description |
+|-------|-------------|
+| `proxy.port` | Local port the proxy listens on |
+| `proxy.apiKey` | API key clients use to authenticate with the proxy |
+| `upstream` | Upstream API base URL |
+| `switchThreshold` | Quota utilization (0–1) at which to switch accounts |
+| `accounts[].accountUuid` | Anthropic account (person) id; set automatically from the OAuth profile |
+| `accounts[].orgUuid` / `orgName` | Organization the account is scoped to — lets one email hold multiple org accounts |
+| `accounts[].priority` | Rotation preference, lower = preferred (default 0) |
+| `accounts[].disabled` | If `true`, the account is excluded from rotation until re-enabled |
+
 ## How It Works
 
 1. Claude Code connects to the local proxy instead of `api.anthropic.com`
 2. The proxy selects the active account and forwards requests with that account's credentials
-3. Rate limit headers from the API (`anthropic-ratelimit-unified-*`) track session and weekly quota
-4. When usage reaches the threshold, the proxy switches to the next available account
-5. If all accounts are exhausted, returns 429 with the soonest reset time
+3. OAuth tokens expiring within 5 minutes are automatically refreshed and persisted to config
+4. Rate limit headers from the API (`anthropic-ratelimit-unified-*`) track session (5h) and weekly (7d) quota utilization
+5. When usage reaches the threshold, the proxy switches to the next available account via round-robin
+6. On 429 responses, the proxy waits the `retry-after` duration and retries; on persistent errors, it switches accounts
+7. Transient network errors (connection reset, timeout) drop the connection so the client can retry
+8. If all accounts are exhausted, returns 429 with the soonest reset time
+9. Client token refresh requests (`/v1/oauth/token`) are relayed to upstream untouched — the proxy and client manage their own token lifecycles independently
+
+## Security
+
+The only canonical sources for TeamClaude are this repository
+(https://github.com/KarpelesLab/teamclaude) and the
+[`@karpeleslab/teamclaude`](https://www.npmjs.com/package/@karpeleslab/teamclaude)
+npm package. TeamClaude is **never** distributed as a downloadable binary
+archive — be wary of soft-forks that bundle a `.zip` and tell you to extract and
+run it. See [SECURITY.md](SECURITY.md) for details and how to report issues.
 
 ## License
 
-MIT
+MIT — see [LICENSE](LICENSE).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@karpeleslab/teamclaude",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "Multi-account Claude proxy with automatic quota-based rotation",
   "type": "module",
   "main": "src/index.js",
@@ -11,7 +11,9 @@
     "src/"
   ],
   "scripts": {
-    "start": "node src/index.js"
+    "start": "node src/index.js",
+    "test": "node --test",
+    "lint": "eslint ."
   },
   "keywords": [
     "claude",
@@ -23,5 +25,8 @@
   "license": "MIT",
   "engines": {
     "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "eslint": "^9.0.0"
   }
 }

package/src/account-manager.js

@@ -1,4 +1,13 @@
 import { refreshAccessToken, isTokenExpiringSoon } from './oauth.js';
+import { sameIdentity } from './identity.js';
+
+// Quota fields that survive a restart: utilization levels and their reset
+// windows, learned passively from upstream responses. Transient/derived state
+// (probing, requalify, rateLimitedUntil) is intentionally excluded.
+const PERSISTED_QUOTA_FIELDS = [
+  'unified5h', 'unified7d', 'unified5hReset', 'unified7dReset', 'unifiedStatus',
+  'tokensLimit', 'tokensRemaining', 'requestsLimit', 'requestsRemaining', 'resetsAt',
+];
 
 function emptyQuota() {
   return {
@@ -24,10 +33,17 @@ export class AccountManager {
       name: acct.name,
       type: acct.type,
       accountUuid: acct.accountUuid || null,
+      orgUuid: acct.orgUuid || null,
+      orgName: acct.orgName || null,
+      priority: acct.priority || 0,
+      disabled: acct.disabled || false,
       credential: acct.accessToken || acct.apiKey,
       refreshToken: acct.refreshToken || null,
       expiresAt: acct.expiresAt || null,
       status: 'active',
+      // No quota is known at startup, so start probing: the first response for
+      // an account reveals its weekly limit and triggers re-evaluation.
+      probing: true,
       quota: emptyQuota(),
       usage: {
         totalInputTokens: 0,
@@ -46,9 +62,26 @@ export class AccountManager {
    * Returns null if all accounts are exhausted.
    */
   getActiveAccount() {
+    // Clear expired quotas across all accounts and switch proactively if a
+    // session reset made a sooner-expiring account the better choice. This runs
+    // on every request so the behaviour holds without the TUI render loop.
+    this.refreshExpiredQuotas();
     const current = this.accounts[this.currentIndex];
+    // We just learned a probed account's weekly quota — re-evaluate which
+    // account is best now that its limit is known.
+    if (current && current.requalify) {
+      current.requalify = false;
+      const next = this._selectNext();
+      if (next) return next;
+    }
     if (this._isAvailable(current)) {
-      return current;
+      // A strictly higher-priority (lower value) available account preempts a
+      // healthy current one. Within the same priority tier we stay put, so the
+      // common case (all accounts at the default priority 0) is unchanged and
+      // never thrashes — preemption only triggers when priorities differ.
+      const betterExists = this.accounts.some(a =>
+        this._isAvailable(a) && (a.priority || 0) < (current.priority || 0));
+      return betterExists ? this._selectNext() : current;
     }
     return this._selectNext();
   }
@@ -56,6 +89,9 @@ export class AccountManager {
   _isAvailable(account) {
     if (!account) return false;
 
+    // Manually disabled accounts are skipped entirely until re-enabled.
+    if (account.disabled) return false;
+
     // Check rate limit expiry
     if (account.status === 'throttled' && account.rateLimitedUntil) {
       if (Date.now() < account.rateLimitedUntil) return false;
@@ -70,21 +106,33 @@ export class AccountManager {
     return true;
   }
 
-  _isNearQuota(account) {
+  /**
+   * Clear any quota counters whose reset time has passed. Cheap and safe to
+   * call frequently (e.g. from the TUI render loop) — once a counter is cleared
+   * it stays null until the next upstream response repopulates it, so the
+   * "reset" log fires at most once per window.
+   * @returns {{changed: boolean, session: boolean}} what was cleared.
+   */
+  _clearExpiredQuotas(account) {
     const q = account.quota;
     const now = Date.now();
+    let changed = false;
+    let session = false;
 
     // Clear expired unified quotas
     if (q.unified5h != null && q.unified5hReset && now >= q.unified5hReset) {
       console.log(`[TeamClaude] Account "${account.name}" session quota reset`);
       q.unified5h = null;
       q.unified5hReset = null;
+      changed = true;
+      session = true;
     }
     if (q.unified7d != null && q.unified7dReset && now >= q.unified7dReset) {
       console.log(`[TeamClaude] Account "${account.name}" weekly quota reset`);
       q.unified7d = null;
       q.unified7dReset = null;
       q.unifiedStatus = null;
+      changed = true;
     }
 
     // Clear expired standard quotas
@@ -94,7 +142,69 @@ export class AccountManager {
       q.requestsRemaining = null;
       q.requestsLimit = null;
       q.resetsAt = null;
+      changed = true;
+    }
+
+    return { changed, session };
+  }
+
+  /**
+   * Clear expired quotas across all accounts. Called from the display loop and
+   * the request path so a window expiry (e.g. the 5-hour session quota) resets
+   * the view instantly rather than waiting for the next request.
+   *
+   * When an account's session quota resets, it may have become the better
+   * choice — switch to it if its weekly limit expires sooner than the current
+   * account's (and it still has weekly quota), so we spend the quota closest to
+   * refreshing first.
+   */
+  refreshExpiredQuotas() {
+    let changed = false;
+    const sessionReset = [];
+    for (const account of this.accounts) {
+      const r = this._clearExpiredQuotas(account);
+      if (r.changed) changed = true;
+      if (r.session) sessionReset.push(account);
     }
+    if (sessionReset.length) this._switchOnSessionReset(sessionReset);
+    return changed;
+  }
+
+  /**
+   * Given accounts whose session quota just reset, switch to the one whose
+   * weekly limit expires soonest — but only if that is sooner than the current
+   * account's weekly limit and the account still has weekly quota to spend.
+   */
+  _switchOnSessionReset(candidates) {
+    const current = this.accounts[this.currentIndex];
+    // Need a known weekly reset on the current account to compare against;
+    // if it is unknown we are still probing it, so leave it alone.
+    if (!current || current.quota.unified7dReset == null) return;
+
+    let best = null;
+    let bestWeekly = current.quota.unified7dReset;
+    for (const acc of candidates) {
+      if (acc.index === this.currentIndex) continue;
+      if (!this._isAvailable(acc)) continue; // enough session & weekly quota left
+      // Don't demote to a lower-priority (higher value) account on a reset.
+      if ((acc.priority || 0) > (current.priority || 0)) continue;
+      const weekly = acc.quota.unified7dReset;
+      if (weekly == null) continue; // need a known weekly to compare
+      if (weekly < bestWeekly) {
+        bestWeekly = weekly;
+        best = acc;
+      }
+    }
+
+    if (best) {
+      this.currentIndex = best.index;
+      console.log(`[TeamClaude] Account "${best.name}" session quota reset and weekly expires sooner — switching to it`);
+    }
+  }
+
+  _isNearQuota(account) {
+    const q = account.quota;
+    this._clearExpiredQuotas(account);
 
     // Unified quotas (Claude Max) — utilization is already 0-1
     if (q.unified5h != null && q.unified5h >= this.switchThreshold) return true;
@@ -115,17 +225,47 @@ export class AccountManager {
   }
 
   _selectNext() {
-    const startIndex = this.currentIndex;
-
-    for (let i = 1; i <= this.accounts.length; i++) {
-      const idx = (startIndex + i) % this.accounts.length;
-      const account = this.accounts[idx];
+    // Selection order among available accounts:
+    //   1. lowest `priority` value (operator-controlled; default 0, lower = preferred)
+    //   2. then the account with no known weekly limit — using it lets us
+    //      discover its quota
+    //   3. then the account whose weekly limit expires soonest: that quota is
+    //      closest to refreshing, so spending it first preserves accounts whose
+    //      weekly window resets further out.
+    // With all priorities at the default 0, this reduces to the original
+    // weekly-reset heuristic.
+    let best = null;
+    let bestPriority = Infinity;
+    let bestReset = Infinity;
+
+    for (let i = 0; i < this.accounts.length; i++) {
+      const account = this.accounts[i];
+      // _isAvailable filters out accounts at/above the switch threshold, so the
+      // soonest-expiring pick only ever lands on an account whose 5-hour quota
+      // is still below 98%.
+      if (!this._isAvailable(account)) continue;
+
+      const priority = account.priority || 0;
+      // Unknown weekly reset sorts first so we fill it in.
+      const weeklyReset = account.quota.unified7dReset || -Infinity;
+      if (priority < bestPriority ||
+          (priority === bestPriority && weeklyReset < bestReset)) {
+        bestPriority = priority;
+        bestReset = weeklyReset;
+        best = account;
+      }
+    }
 
-      if (this._isAvailable(account)) {
-        this.currentIndex = idx;
-        console.log(`[TeamClaude] Switched to account "${account.name}"`);
-        return account;
+    if (best) {
+      const switched = best.index !== this.currentIndex;
+      this.currentIndex = best.index;
+      // If we switched to an account whose weekly quota is still unknown, flag
+      // it so we re-evaluate once that quota is learned (see updateQuota).
+      best.probing = best.quota.unified7dReset == null;
+      if (switched) {
+        console.log(`[TeamClaude] Switched to account "${best.name}"`);
       }
+      return best;
     }
 
     // All accounts unavailable — find the one that resets soonest
@@ -173,6 +313,14 @@ export class AccountManager {
     if (r5h) account.quota.unified5hReset = parseInt(r5h, 10) * 1000;
     if (r7d) account.quota.unified7dReset = parseInt(r7d, 10) * 1000;
 
+    // We switched to this account to discover its weekly quota; now that we
+    // know it, flag for re-evaluation so selection can pick the best account.
+    if (account.probing && account.quota.unified7dReset != null) {
+      account.probing = false;
+      account.requalify = true;
+      console.log(`[TeamClaude] Learned weekly quota for "${account.name}", re-evaluating selection`);
+    }
+
     const uStatus = headers['anthropic-ratelimit-unified-status'];
     if (uStatus) account.quota.unifiedStatus = uStatus;
 
@@ -216,6 +364,22 @@ export class AccountManager {
     if (outputTokens) account.usage.totalOutputTokens += outputTokens;
   }
 
+  /**
+   * Enable or disable an account. A disabled account is skipped by rotation
+   * until re-enabled. Re-enabling also clears a stuck 'error' state (and any
+   * lingering rate-limit hold) so the account is retried immediately.
+   */
+  setDisabled(accountIndex, disabled) {
+    const account = this.accounts[accountIndex];
+    if (!account) return;
+    account.disabled = disabled;
+    if (!disabled && account.status === 'error') {
+      account.status = 'active';
+      account.rateLimitedUntil = null;
+      console.log(`[TeamClaude] Account "${account.name}" re-enabled — clearing error state`);
+    }
+  }
+
   /**
    * Mark an account as rate-limited for a given duration.
    */
@@ -252,7 +416,11 @@ export class AccountManager {
         this._onTokenRefresh?.(accountIndex, newTokens);
       } catch (err) {
         console.error(`[TeamClaude] Token refresh failed for "${account.name}": ${err.message}`);
-        account.status = 'error';
+        // Only mark as error if the access token is actually expired;
+        // a failed proactive refresh shouldn't kill a still-valid token
+        if (!account.expiresAt || Date.now() >= account.expiresAt) {
+          account.status = 'error';
+        }
       } finally {
         account._refreshPromise = null;
       }
@@ -297,10 +465,16 @@ export class AccountManager {
       name: acctData.name,
       type: acctData.type,
       accountUuid: acctData.accountUuid || null,
+      orgUuid: acctData.orgUuid || null,
+      orgName: acctData.orgName || null,
+      priority: acctData.priority || 0,
+      disabled: acctData.disabled || false,
       credential: acctData.accessToken || acctData.apiKey,
       refreshToken: acctData.refreshToken || null,
       expiresAt: acctData.expiresAt || null,
       status: 'active',
+      // Unknown quota until the first response — probe it like startup accounts.
+      probing: true,
       quota: emptyQuota(),
       usage: { totalInputTokens: 0, totalOutputTokens: 0, totalRequests: 0, lastUsed: null },
       rateLimitedUntil: null,
@@ -322,6 +496,36 @@ export class AccountManager {
     }
   }
 
+  /**
+   * Serialize persistable quota state for all accounts (no credentials), keyed
+   * by account identity so it can be matched back after a restart.
+   */
+  exportQuotaState() {
+    return this.accounts.map(a => {
+      const quota = {};
+      for (const f of PERSISTED_QUOTA_FIELDS) quota[f] = a.quota[f];
+      return { accountUuid: a.accountUuid, orgUuid: a.orgUuid, orgName: a.orgName, name: a.name, quota };
+    });
+  }
+
+  /**
+   * Restore quota learned in a previous run. Matches saved entries to accounts
+   * by identity. Stale windows are not special-cased here — _clearExpiredQuotas
+   * wipes any restored window whose reset time has already passed on first use.
+   */
+  restoreQuotaState(saved) {
+    if (!Array.isArray(saved)) return;
+    for (const account of this.accounts) {
+      const match = saved.find(s => sameIdentity(s, account));
+      if (!match || !match.quota) continue;
+      for (const f of PERSISTED_QUOTA_FIELDS) {
+        if (match.quota[f] != null) account.quota[f] = match.quota[f];
+      }
+      // We already know this account's weekly window, so it isn't "probing".
+      if (account.quota.unified7dReset != null) account.probing = false;
+    }
+  }
+
   /**
    * Return a status summary of all accounts (safe to expose, no credentials).
    */
@@ -332,6 +536,9 @@ export class AccountManager {
       accounts: this.accounts.map(a => ({
         name: a.name,
         type: a.type,
+        orgName: a.orgName || null,
+        priority: a.priority || 0,
+        disabled: a.disabled || false,
         status: a.status,
         quota: { ...a.quota },
         usage: { ...a.usage },