@nick3/copilot-api 1.5.6 → 1.5.9

package/dist/accounts-manager-BKG9aZEL.js

@@ -0,0 +1,2899 @@
+import { O as accountFromState, _ as HTTPError, g as getCopilotUsage, m as getGitHubUser, x as copilotModelsHeaders, y as copilotBaseUrl } from "./poll-access-token-DiwBJNtK.js";
+import { b as getCurrentIdentityEnvironment, c as isAccountEnabled, f as readLegacyToken, h as saveAccountToken, i as ensureAccountClientIdentity, l as listAccountsFromRegistry, o as hasLegacyToken, r as addAccountToRegistry, s as hasRegistry, u as loadAccountToken, v as buildIdentityKey, y as createAccountSessionId } from "./account-CbYMFuS4.js";
+import { t as PATHS } from "./paths-DGlr310R.js";
+import { t as getCopilotToken } from "./get-copilot-token-MAZsr5Vu.js";
+import consola, { consola as consola$1 } from "consola";
+import fs from "node:fs/promises";
+import path from "node:path";
+import fs$1 from "node:fs";
+import { Database } from "bun:sqlite";
+
+//#region src/lib/config.ts
+const PROVIDER_TYPE_ANTHROPIC = "anthropic";
+const gpt5ExplorationPrompt = `## Exploration and reading files
+- **Think first.** Before any tool call, decide ALL files/resources you will need.
+- **Batch everything.** If you need multiple files (even from different places), read them together.
+- **multi_tool_use.parallel** Use multi_tool_use.parallel to parallelize tool calls and only this.
+- **Only make sequential calls if you truly cannot know the next file without seeing a result first.**
+- **Workflow:** (a) plan all needed reads → (b) issue one parallel batch → (c) analyze results → (d) repeat if new, unpredictable reads arise.`;
+const gpt5CommentaryPrompt = `# Working with the user
+
+You interact with the user through a terminal. You have 2 ways of communicating with the users:  
+- Share intermediary updates in \`commentary\` channel.  
+- After you have completed all your work, send a message to the \`final\` channel.  
+
+## Intermediary updates
+
+- Intermediary updates go to the \`commentary\` channel.
+- User updates are short updates while you are working, they are NOT final answers.
+- You use 1-2 sentence user updates to communicate progress and new information to the user as you are doing work.
+- Do not begin responses with conversational interjections or meta commentary. Avoid openers such as acknowledgements (“Done —”, “Got it”, “Great question, ”) or framing phrases.
+- You provide user updates frequently, every 20s.
+- Before exploring or doing substantial work, you start with a user update acknowledging the request and explaining your first step. You should include your understanding of the user request and explain what you will do. Avoid commenting on the request or using starters such as "Got it -" or "Understood -" etc.
+- When exploring, e.g. searching, reading files, you provide user updates as you go, every 20s, explaining what context you are gathering and what you've learned. Vary your sentence structure when providing these updates to avoid sounding repetitive - in particular, don't start each sentence the same way.
+- After you have sufficient context, and the work is substantial, you provide a longer plan (this is the only user update that may be longer than 2 sentences and can contain formatting).
+- Before performing file edits of any kind, you provide updates explaining what edits you are making.
+- As you are thinking, you very frequently provide updates even if not taking any actions, informing the user of your progress. You interrupt your thinking and send multiple updates in a row if thinking for more than 100 words.
+- Tone of your updates MUST match your personality.`;
+const defaultConfig = {
+	auth: { apiKeys: [] },
+	providers: {},
+	extraPrompts: {
+		"gpt-5-mini": gpt5ExplorationPrompt,
+		"gpt-5.3-codex": gpt5CommentaryPrompt,
+		"gpt-5.4-mini": gpt5CommentaryPrompt,
+		"gpt-5.4": gpt5CommentaryPrompt
+	},
+	smallModel: "gpt-5-mini",
+	accountAffinity: true,
+	responsesApiContextManagementModels: [],
+	modelReasoningEfforts: {
+		"gpt-5-mini": "low",
+		"gpt-5.3-codex": "xhigh",
+		"gpt-5.4-mini": "xhigh",
+		"gpt-5.4": "xhigh"
+	},
+	allowOriginalModelNamesForAliases: false,
+	useFunctionApplyPatch: true,
+	forceAgent: false,
+	compactUseSmallModel: true,
+	messageStartInputTokensFallback: false,
+	modelRefreshIntervalHours: 24,
+	sessionAffinityRetentionDays: 7,
+	useMessagesApi: true,
+	useResponsesApiWebSearch: true,
+	logLevel: "info"
+};
+let cachedConfig = null;
+function isPlainObject(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function normalizeAuthApiKeys(value) {
+	if (!Array.isArray(value)) return [];
+	return [...new Set(value.filter((item) => typeof item === "string").map((item) => item.trim()).filter((item) => item.length > 0))];
+}
+function normalizeNonNegativeNumber(value) {
+	if (typeof value !== "number") return void 0;
+	if (!Number.isFinite(value)) return void 0;
+	if (value < 0) return void 0;
+	return value;
+}
+const LOG_LEVELS = new Set([
+	"error",
+	"warn",
+	"info",
+	"debug"
+]);
+function normalizeLogLevel(value) {
+	if (typeof value !== "string") return void 0;
+	return LOG_LEVELS.has(value) ? value : void 0;
+}
+function ensureConfigFile() {
+	try {
+		fs$1.accessSync(PATHS.CONFIG_PATH, fs$1.constants.R_OK);
+		return;
+	} catch {}
+	try {
+		fs$1.mkdirSync(PATHS.APP_DIR, { recursive: true });
+		fs$1.writeFileSync(PATHS.CONFIG_PATH, `${JSON.stringify(defaultConfig, null, 2)}\n`, "utf8");
+		try {
+			fs$1.chmodSync(PATHS.CONFIG_PATH, 384);
+		} catch {}
+	} catch {}
+}
+function readConfigFromDisk() {
+	ensureConfigFile();
+	try {
+		const raw = fs$1.readFileSync(PATHS.CONFIG_PATH, "utf8");
+		if (!raw.trim()) {
+			fs$1.writeFileSync(PATHS.CONFIG_PATH, `${JSON.stringify(defaultConfig, null, 2)}\n`, "utf8");
+			return defaultConfig;
+		}
+		return JSON.parse(raw);
+	} catch (error) {
+		consola.error("Failed to read config file, using default config", error);
+		return defaultConfig;
+	}
+}
+function mergeDefaultConfig(config) {
+	const extraPrompts = config.extraPrompts ?? {};
+	const defaultExtraPrompts = defaultConfig.extraPrompts ?? {};
+	const modelReasoningEfforts = config.modelReasoningEfforts ?? {};
+	const defaultModelReasoningEfforts = defaultConfig.modelReasoningEfforts ?? {};
+	const hasForceAgent = typeof config.forceAgent === "boolean";
+	const defaultForceAgent = defaultConfig.forceAgent ?? false;
+	const missingExtraPromptModels = Object.keys(defaultExtraPrompts).filter((model) => !Object.hasOwn(extraPrompts, model));
+	const missingReasoningEffortModels = Object.keys(defaultModelReasoningEfforts).filter((model) => !Object.hasOwn(modelReasoningEfforts, model));
+	const hasExtraPromptChanges = missingExtraPromptModels.length > 0;
+	const hasReasoningEffortChanges = missingReasoningEffortModels.length > 0;
+	if (!hasExtraPromptChanges && !hasReasoningEffortChanges && !!hasForceAgent) return {
+		mergedConfig: config,
+		changed: false
+	};
+	return {
+		mergedConfig: {
+			...config,
+			extraPrompts: {
+				...defaultExtraPrompts,
+				...extraPrompts
+			},
+			modelReasoningEfforts: {
+				...defaultModelReasoningEfforts,
+				...modelReasoningEfforts
+			},
+			forceAgent: hasForceAgent ? config.forceAgent : defaultForceAgent
+		},
+		changed: true
+	};
+}
+function mergeDefaultAuth(config) {
+	const authConfig = isPlainObject(config.auth) ? config.auth : void 0;
+	const nextAuth = { apiKeys: normalizeAuthApiKeys(Array.isArray(authConfig?.apiKeys) ? authConfig.apiKeys : void 0) };
+	if (authConfig && JSON.stringify(authConfig) === JSON.stringify(nextAuth)) return {
+		mergedConfig: config,
+		changed: false
+	};
+	return {
+		mergedConfig: {
+			...config,
+			auth: nextAuth
+		},
+		changed: true
+	};
+}
+function mergeDefaultAccountAffinity(config) {
+	const raw = config;
+	const hasOld = typeof raw.freeModelLoadBalancing === "boolean";
+	const hasNew = typeof config.accountAffinity === "boolean";
+	if (hasOld) {
+		const next = { ...config };
+		if (!hasNew) next.accountAffinity = raw.freeModelLoadBalancing;
+		delete next.freeModelLoadBalancing;
+		return {
+			mergedConfig: next,
+			changed: true
+		};
+	}
+	if (hasNew) return {
+		mergedConfig: config,
+		changed: false
+	};
+	return {
+		mergedConfig: {
+			...config,
+			accountAffinity: defaultConfig.accountAffinity ?? true
+		},
+		changed: true
+	};
+}
+function mergeDefaultModelRefreshInterval(config) {
+	if (normalizeNonNegativeNumber(config.modelRefreshIntervalHours) !== void 0) return {
+		mergedConfig: config,
+		changed: false
+	};
+	return {
+		mergedConfig: {
+			...config,
+			modelRefreshIntervalHours: defaultConfig.modelRefreshIntervalHours ?? 24
+		},
+		changed: true
+	};
+}
+function mergeDefaultSessionAffinityRetention(config) {
+	if (normalizeNonNegativeNumber(config.sessionAffinityRetentionDays) !== void 0) return {
+		mergedConfig: config,
+		changed: false
+	};
+	return {
+		mergedConfig: {
+			...config,
+			sessionAffinityRetentionDays: defaultConfig.sessionAffinityRetentionDays ?? 7
+		},
+		changed: true
+	};
+}
+function mergeDefaultLogLevel(config) {
+	if (normalizeLogLevel(config.logLevel) !== void 0) return {
+		mergedConfig: config,
+		changed: false
+	};
+	return {
+		mergedConfig: {
+			...config,
+			logLevel: defaultConfig.logLevel ?? "info"
+		},
+		changed: true
+	};
+}
+function applyConfigMerges(config, mergeFns) {
+	return mergeFns.reduce((acc, mergeFn) => {
+		const result = mergeFn(acc.mergedConfig);
+		return {
+			mergedConfig: result.mergedConfig,
+			changed: acc.changed || result.changed
+		};
+	}, {
+		mergedConfig: config,
+		changed: false
+	});
+}
+function mergeConfigWithDefaults() {
+	const { mergedConfig, changed } = applyConfigMerges(readConfigFromDisk(), [
+		mergeDefaultAuth,
+		mergeDefaultConfig,
+		mergeDefaultAccountAffinity,
+		mergeDefaultModelRefreshInterval,
+		mergeDefaultSessionAffinityRetention,
+		mergeDefaultLogLevel
+	]);
+	if (changed) try {
+		fs$1.writeFileSync(PATHS.CONFIG_PATH, `${JSON.stringify(mergedConfig, null, 2)}\n`, "utf8");
+	} catch (writeError) {
+		consola.warn("Failed to write merged config defaults", writeError);
+	}
+	cachedConfig = mergedConfig;
+	return mergedConfig;
+}
+function getConfig() {
+	cachedConfig ??= readConfigFromDisk();
+	return cachedConfig;
+}
+function normalizeAliasKey(value) {
+	const trimmed = value.trim().toLowerCase();
+	return trimmed.length > 0 ? trimmed : null;
+}
+function normalizeAliasTarget(value) {
+	const trimmed = value.trim();
+	return trimmed.length > 0 ? trimmed : null;
+}
+function normalizeAliasSpec(value) {
+	if (typeof value === "string") {
+		const normalizedTarget$1 = normalizeAliasTarget(value);
+		return normalizedTarget$1 ? { target: normalizedTarget$1 } : null;
+	}
+	if (!value || typeof value !== "object") return null;
+	const targetValue = value.target;
+	if (typeof targetValue !== "string") return null;
+	const normalizedTarget = normalizeAliasTarget(targetValue);
+	if (!normalizedTarget) return null;
+	const allowOriginalValue = value.allowOriginal;
+	return {
+		target: normalizedTarget,
+		allowOriginal: typeof allowOriginalValue === "boolean" ? allowOriginalValue : void 0
+	};
+}
+function getModelAliasesInfo() {
+	const raw = getConfig().modelAliases ?? {};
+	const normalized = {};
+	for (const [alias, rawSpec] of Object.entries(raw)) {
+		const normalizedAlias = normalizeAliasKey(alias);
+		const normalizedSpec = normalizeAliasSpec(rawSpec);
+		if (!normalizedAlias || !normalizedSpec) continue;
+		if (!Object.hasOwn(normalized, normalizedAlias)) normalized[normalizedAlias] = normalizedSpec;
+	}
+	return normalized;
+}
+function getModelAliases() {
+	const info = getModelAliasesInfo();
+	const normalized = {};
+	for (const [alias, spec] of Object.entries(info)) normalized[alias] = spec.target;
+	return normalized;
+}
+function resolveModelAlias(modelId) {
+	const normalized = normalizeAliasKey(modelId);
+	if (!normalized) return modelId;
+	return getModelAliases()[normalized] ?? modelId;
+}
+function isOriginalModelNameAllowedForAliases() {
+	return getConfig().allowOriginalModelNamesForAliases ?? false;
+}
+function getAliasTargetSet() {
+	const aliases = getModelAliasesInfo();
+	const allowOriginalDefault = isOriginalModelNameAllowedForAliases();
+	const targetAllowMap = /* @__PURE__ */ new Map();
+	for (const { target, allowOriginal } of Object.values(aliases)) {
+		const normalizedTarget = target.toLowerCase();
+		const effectiveAllow = allowOriginal ?? allowOriginalDefault;
+		const currentAllow = targetAllowMap.get(normalizedTarget);
+		if (currentAllow === true) continue;
+		if (effectiveAllow) targetAllowMap.set(normalizedTarget, true);
+		else if (currentAllow === void 0) targetAllowMap.set(normalizedTarget, false);
+	}
+	const blockedTargets = /* @__PURE__ */ new Set();
+	for (const [target, allowed] of targetAllowMap.entries()) if (!allowed) blockedTargets.add(target);
+	return blockedTargets;
+}
+function isOriginalModelNameAllowedForTarget(modelId) {
+	const normalized = normalizeAliasKey(modelId);
+	if (!normalized) return true;
+	return !getAliasTargetSet().has(normalized);
+}
+function getPreferredAliasForTarget(modelId) {
+	return getAliasKeysForTarget(modelId, getModelAliases())[0] ?? null;
+}
+function getAliasKeysForTarget(target, aliases) {
+	const normalizedTarget = target.toLowerCase();
+	return Object.entries(aliases).filter(([, model]) => model.toLowerCase() === normalizedTarget).map(([alias]) => alias).sort();
+}
+function getAliasFallbackValue(record, modelId, aliases) {
+	if (!record) return void 0;
+	const aliasKeys = getAliasKeysForTarget(modelId, aliases);
+	if (aliasKeys.length === 0) return void 0;
+	const recordByAlias = /* @__PURE__ */ new Map();
+	for (const [key, value] of Object.entries(record)) {
+		const normalized = normalizeAliasKey(key);
+		if (normalized) recordByAlias.set(normalized, value);
+	}
+	for (const alias of aliasKeys) {
+		const value = recordByAlias.get(alias);
+		if (value !== void 0) return value;
+	}
+}
+function getExtraPromptForModel(model) {
+	const config = getConfig();
+	const direct = config.extraPrompts?.[model];
+	if (direct !== void 0) return direct;
+	const aliases = getModelAliases();
+	return getAliasFallbackValue(config.extraPrompts, model, aliases) ?? "";
+}
+function getSmallModel() {
+	const model = getConfig().smallModel ?? "gpt-5-mini";
+	if (isOriginalModelNameAllowedForTarget(model)) return model;
+	return getPreferredAliasForTarget(model) ?? model;
+}
+function getLogLevel() {
+	return normalizeLogLevel(getConfig().logLevel) ?? defaultConfig.logLevel ?? "info";
+}
+function isAccountAffinityEnabled() {
+	return getConfig().accountAffinity ?? true;
+}
+function getModelRefreshIntervalHours() {
+	return normalizeNonNegativeNumber(getConfig().modelRefreshIntervalHours) ?? defaultConfig.modelRefreshIntervalHours ?? 24;
+}
+function getModelRefreshIntervalMs() {
+	const hours = getModelRefreshIntervalHours();
+	if (!Number.isFinite(hours) || hours <= 0) return 0;
+	return hours * 60 * 60 * 1e3;
+}
+function getSessionAffinityRetentionDays() {
+	return normalizeNonNegativeNumber(getConfig().sessionAffinityRetentionDays) ?? defaultConfig.sessionAffinityRetentionDays ?? 7;
+}
+function getSessionAffinityRetentionMs() {
+	const days = getSessionAffinityRetentionDays();
+	if (!Number.isFinite(days) || days <= 0) return 0;
+	return days * 24 * 60 * 60 * 1e3;
+}
+function isMessageStartInputTokensFallbackEnabled() {
+	return getConfig().messageStartInputTokensFallback ?? false;
+}
+function shouldCompactUseSmallModel() {
+	return getConfig().compactUseSmallModel ?? true;
+}
+function getResponsesApiContextManagementModels() {
+	return getConfig().responsesApiContextManagementModels ?? defaultConfig.responsesApiContextManagementModels ?? [];
+}
+function isResponsesApiContextManagementModel(model) {
+	return getResponsesApiContextManagementModels().includes(model);
+}
+function getReasoningEffortForModel(model) {
+	const config = getConfig();
+	const direct = config.modelReasoningEfforts?.[model];
+	if (direct !== void 0) return direct;
+	const aliases = getModelAliases();
+	return getAliasFallbackValue(config.modelReasoningEfforts, model, aliases) ?? "high";
+}
+function isForceAgentEnabled() {
+	return getConfig().forceAgent ?? false;
+}
+function normalizeProviderBaseUrl(url) {
+	return url.trim().replace(/\/+$/u, "");
+}
+function resolveProviderAuthType(providerName, authType) {
+	if (authType === void 0 || authType === "x-api-key") return "x-api-key";
+	if (authType === "authorization") return authType;
+	consola.warn(`Provider ${providerName} has invalid authType '${authType}', ignoring provider`);
+	return null;
+}
+function getProviderConfig(name) {
+	const providerName = name.trim();
+	if (!providerName) return null;
+	const provider = getConfig().providers?.[providerName];
+	if (!provider) return null;
+	if (provider.enabled === false) return null;
+	if ((provider.type ?? PROVIDER_TYPE_ANTHROPIC) !== PROVIDER_TYPE_ANTHROPIC) {
+		consola.warn(`Provider ${providerName} is ignored because only anthropic type is supported`);
+		return null;
+	}
+	const baseUrl = normalizeProviderBaseUrl(provider.baseUrl ?? "");
+	const apiKey = (provider.apiKey ?? "").trim();
+	const authType = resolveProviderAuthType(providerName, provider.authType);
+	if (!authType) return null;
+	if (!baseUrl || !apiKey) {
+		consola.warn(`Provider ${providerName} is enabled but missing baseUrl or apiKey`);
+		return null;
+	}
+	return {
+		name: providerName,
+		type: PROVIDER_TYPE_ANTHROPIC,
+		baseUrl,
+		apiKey,
+		authType,
+		models: provider.models,
+		adjustInputTokens: provider.adjustInputTokens
+	};
+}
+function isMessagesApiEnabled() {
+	return getConfig().useMessagesApi ?? true;
+}
+function getAnthropicApiKey() {
+	return getConfig().anthropicApiKey ?? process.env.ANTHROPIC_API_KEY ?? void 0;
+}
+function isResponsesApiWebSearchEnabled() {
+	return getConfig().useResponsesApiWebSearch ?? true;
+}
+function getClaudeTokenMultiplier() {
+	return getConfig().claudeTokenMultiplier ?? 1.15;
+}
+
+//#endregion
+//#region src/lib/account-affinity.ts
+const DEFAULT_MAX_ENTRIES$1 = 1e4;
+const DEFAULT_TTL_MS$1 = 3600 * 1e3;
+/**
+* In-memory LRU cache with TTL for account affinity mappings.
+*
+* Uses Map insertion order for LRU eviction: updated or rehydrated entries are
+* deleted and re-inserted so they move to the "newest" end.
+*/
+var AccountAffinityCache = class {
+	cache = /* @__PURE__ */ new Map();
+	maxEntries;
+	ttlMs;
+	persistentStore;
+	persistentStoreProvider;
+	constructor(maxEntries = DEFAULT_MAX_ENTRIES$1, ttlMs = DEFAULT_TTL_MS$1, persistentStore) {
+		this.maxEntries = maxEntries;
+		this.ttlMs = ttlMs;
+		if (typeof persistentStore === "function") this.persistentStoreProvider = persistentStore;
+		else this.persistentStore = persistentStore;
+	}
+	/** Look up the preferred account ID for a cache key. Returns undefined if not found or expired. */
+	get(key) {
+		const entry = this.cache.get(key);
+		if (entry) if (Date.now() >= entry.expiresAt) this.cache.delete(key);
+		else return entry.accountId;
+		const accountId = this.readPersistentEntry(key);
+		if (!accountId) return;
+		this.setMemory(key, accountId);
+		return accountId;
+	}
+	/** Record a successful account mapping. Refreshes TTL and moves the entry to the newest position. */
+	set(key, accountId) {
+		this.setMemory(key, accountId);
+		this.writePersistentEntry(key, accountId);
+	}
+	/** Remove a specific entry. */
+	delete(key) {
+		const deleted = this.cache.delete(key);
+		this.deletePersistentEntry(key);
+		return deleted;
+	}
+	/** Remove all in-memory entries. */
+	clearMemory() {
+		this.cache.clear();
+	}
+	/** Remove all entries. */
+	clear() {
+		this.clearMemory();
+		this.clearPersistentEntries();
+	}
+	/** Current number of entries (including potentially expired ones). */
+	get size() {
+		return this.cache.size;
+	}
+	getPersistentStore() {
+		if (this.persistentStore) return this.persistentStore;
+		if (!this.persistentStoreProvider) return;
+		try {
+			const store = this.persistentStoreProvider();
+			if (store) this.persistentStore = store;
+			return store;
+		} catch (error) {
+			this.persistentStoreProvider = void 0;
+			consola.warn("Failed to resolve affinity persistence store:", error);
+			return;
+		}
+	}
+	readPersistentEntry(key) {
+		const store = this.getPersistentStore();
+		if (!store) return;
+		try {
+			return store.get(key);
+		} catch (error) {
+			consola.warn("Failed to read affinity mapping from persistent store:", error);
+			return;
+		}
+	}
+	writePersistentEntry(key, accountId) {
+		const store = this.getPersistentStore();
+		if (!store) return;
+		try {
+			store.set(key, accountId);
+		} catch (error) {
+			consola.warn("Failed to persist affinity mapping:", error);
+		}
+	}
+	deletePersistentEntry(key) {
+		const store = this.getPersistentStore();
+		if (!store) return;
+		try {
+			store.delete(key);
+		} catch (error) {
+			consola.warn("Failed to delete affinity mapping:", error);
+		}
+	}
+	clearPersistentEntries() {
+		const store = this.getPersistentStore();
+		if (!store) return;
+		try {
+			store.clear();
+		} catch (error) {
+			consola.warn("Failed to clear persistent affinity mappings:", error);
+		}
+	}
+	setMemory(key, accountId) {
+		this.cache.delete(key);
+		while (this.cache.size >= this.maxEntries) {
+			const oldest = this.cache.keys().next();
+			if (oldest.done) break;
+			this.cache.delete(oldest.value);
+		}
+		this.cache.set(key, {
+			accountId,
+			expiresAt: Date.now() + this.ttlMs
+		});
+	}
+};
+/**
+* Extract the affinity key from the request context.
+* Uses the upstream request ID which is deterministic for the same user message.
+*/
+function extractAffinityKey(context) {
+	return context.requestId?.trim() || void 0;
+}
+/**
+* Build the full cache key by combining the affinity key with the model ID.
+* This prevents cross-model pollution (same session requesting different models
+* can be routed to different accounts).
+*/
+function buildAffinityCacheKey(affinityKey, modelId) {
+	return `${affinityKey}:${modelId}`;
+}
+/**
+* Check whether an account is a valid affinity candidate.
+* An account is valid if it is not failed and is present in the provided
+* runtime list.
+*/
+function isAffinityAccountUsable(accountId, accounts) {
+	const account = accounts.find((a) => a.id === accountId);
+	if (!account) return void 0;
+	if (account.failed) return void 0;
+	return account;
+}
+
+//#endregion
+//#region src/services/copilot/get-models.ts
+const getModels = async (account) => {
+	const ctx = account ?? accountFromState();
+	const response = await fetch(`${copilotBaseUrl(ctx)}/models`, { headers: copilotModelsHeaders(ctx) });
+	if (!response.ok) {
+		const errorText = await response.clone().text();
+		consola.error("Failed to get models response body", errorText);
+		throw new HTTPError("Failed to get models", response);
+	}
+	const models = await response.json();
+	try {
+		await fs.mkdir(PATHS.APP_DIR, { recursive: true });
+		await fs.writeFile(PATHS.MODELS_PATH, `${JSON.stringify(models, null, 2)}\n`, {
+			encoding: "utf8",
+			mode: 384
+		});
+	} catch {}
+	return models;
+};
+
+//#endregion
+//#region src/lib/accounts-manager-auth.ts
+const takeAuthSnapshot = (account) => ({
+	githubToken: account.githubToken,
+	accountType: account.accountType
+});
+const isAuthSnapshotCurrent = (account, snapshot) => account.githubToken === snapshot.githubToken && account.accountType === snapshot.accountType;
+const isSameAuthSnapshot = (a, b) => {
+	if (!a) return false;
+	return a.githubToken === b.githubToken && a.accountType === b.accountType;
+};
+const toAccountContextFromSnapshot = (account, snapshot, copilotToken) => ({
+	accountLogin: account.accountLogin,
+	githubToken: snapshot.githubToken,
+	copilotToken,
+	...account.copilotApiUrl !== void 0 ? { copilotApiUrl: account.copilotApiUrl } : {},
+	accountType: snapshot.accountType,
+	vsCodeVersion: account.vsCodeVersion,
+	clientDeviceId: account.clientDeviceId,
+	clientMachineId: account.clientMachineId,
+	clientSessionId: account.clientSessionId
+});
+const applyCopilotTokenIfCurrent = (account, snapshot, copilotToken) => {
+	if (!isAuthSnapshotCurrent(account, snapshot)) return false;
+	account.copilotToken = copilotToken;
+	return true;
+};
+const applyModelsIfCurrent = (account, snapshot, models) => {
+	if (!isAuthSnapshotCurrent(account, snapshot)) return false;
+	account.models = models;
+	return true;
+};
+const applyTokenRefreshSuccessIfCurrent = (account, snapshot, token) => {
+	if (!isAuthSnapshotCurrent(account, snapshot)) return false;
+	account.copilotToken = token;
+	account.failed = false;
+	account.failureReason = void 0;
+	return true;
+};
+const applyTokenRefreshFailureIfCurrent = (account, snapshot, error) => {
+	if (!isAuthSnapshotCurrent(account, snapshot)) return false;
+	account.failed = true;
+	account.failureReason = String(error);
+	return true;
+};
+const applyQuotaRefreshSuccessIfCurrent = (account, snapshot, result) => {
+	if (!isAuthSnapshotCurrent(account, snapshot)) return false;
+	const { premium, copilotApiUrl } = result;
+	account.premiumEntitlement = premium.entitlement;
+	account.premiumRemaining = premium.remaining;
+	account.unlimited = premium.unlimited;
+	account.overagePermitted = premium.overage_permitted;
+	if (copilotApiUrl) account.copilotApiUrl = copilotApiUrl;
+	account.lastQuotaFetch = Date.now();
+	account.failed = false;
+	account.failureReason = void 0;
+	return true;
+};
+const setAccountFailedState = (account, reason) => {
+	account.failed = true;
+	account.failureReason = reason;
+	consola.warn(`Account ${account.id} marked as failed: ${reason}`);
+};
+const applyUnauthorizedIfCurrent = (account, snapshot, reason) => {
+	if (!isAuthSnapshotCurrent(account, snapshot)) return false;
+	setAccountFailedState(account, reason);
+	return true;
+};
+
+//#endregion
+//#region src/lib/accounts-manager-quota.ts
+const getCostUnits = (model) => {
+	const billing = model.billing;
+	if (!billing) return 0;
+	if (billing.is_premium !== true) return 0;
+	const multiplier = billing.multiplier;
+	if (typeof multiplier !== "number" || !Number.isFinite(multiplier) || multiplier <= 0) return 1;
+	return multiplier;
+};
+const getEffectivePremiumRemaining = (account) => {
+	if (account.premiumRemaining === void 0) return;
+	const reserved = account.premiumReserved ?? 0;
+	return account.premiumRemaining - reserved;
+};
+const reservePremiumUnits = (account, units) => {
+	if (units <= 0) return;
+	const id = Symbol("quotaReservation");
+	if (!account.premiumReservations) account.premiumReservations = /* @__PURE__ */ new Map();
+	account.premiumReservations.set(id, units);
+	account.premiumReserved = (account.premiumReserved ?? 0) + units;
+	return { id };
+};
+const releasePremiumReservation = (account, reservation) => {
+	if (!reservation) return;
+	const reservations = account.premiumReservations;
+	if (!reservations) return;
+	const reservedUnits = reservations.get(reservation.id);
+	if (reservedUnits === void 0) return;
+	reservations.delete(reservation.id);
+	const nextReserved = (account.premiumReserved ?? 0) - reservedUnits;
+	account.premiumReserved = Math.max(0, nextReserved);
+	if (reservations.size === 0) account.premiumReservations = void 0;
+};
+
+//#endregion
+//#region src/lib/admin-db.ts
+const DEFAULT_DB_PATH = path.join(PATHS.APP_DIR, "admin.sqlite");
+let sharedDb = null;
+let initialized = false;
+const INIT_WARN_THROTTLE_MS = 3e4;
+let lastInitWarnAtMs = 0;
+let suppressedInitWarnCount = 0;
+function warnAdminDbInitFailure(error) {
+	const now = Date.now();
+	if (now - lastInitWarnAtMs < INIT_WARN_THROTTLE_MS) {
+		suppressedInitWarnCount++;
+		return;
+	}
+	const suppressed = suppressedInitWarnCount;
+	suppressedInitWarnCount = 0;
+	lastInitWarnAtMs = now;
+	const suffix = suppressed > 0 ? ` (suppressed ${suppressed} similar errors)` : "";
+	consola.warn(`Failed to initialize admin DB; admin features disabled${suffix}`, error);
+}
+function getAdminDbPath() {
+	return DEFAULT_DB_PATH;
+}
+function openAdminDb(filePath = DEFAULT_DB_PATH) {
+	return new Database(filePath);
+}
+function initAdminDb(db) {
+	db.run("PRAGMA journal_mode = WAL;");
+	db.run("PRAGMA synchronous = NORMAL;");
+	db.run("PRAGMA busy_timeout = 3000;");
+	db.run("PRAGMA foreign_keys = ON;");
+	migrateAdminDb(db);
+}
+function getAdminDb() {
+	if (!sharedDb) sharedDb = openAdminDb();
+	if (!initialized) try {
+		initAdminDb(sharedDb);
+		initialized = true;
+	} catch (error) {
+		warnAdminDbInitFailure(error);
+	}
+	return sharedDb;
+}
+function getAdminDbUserVersion(db = getAdminDb()) {
+	try {
+		return db.query("PRAGMA user_version;").get()?.user_version ?? 0;
+	} catch {
+		return 0;
+	}
+}
+function hasRequestLogColumn(db, columnName) {
+	return db.query("PRAGMA table_info(request_log);").all().some((row) => row.name === columnName);
+}
+function migrateV1(db) {
+	db.run(`
+    CREATE TABLE IF NOT EXISTS request_log (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      request_id TEXT NOT NULL UNIQUE,
+
+      started_at_ms INTEGER NOT NULL,
+      finished_at_ms INTEGER,
+      duration_ms INTEGER,
+      ttfb_ms INTEGER,
+
+      method TEXT NOT NULL,
+      path TEXT NOT NULL,
+      upstream_endpoint TEXT,
+      stream INTEGER NOT NULL DEFAULT 0,
+
+      account_id TEXT,
+      account_type TEXT,
+      cost_units REAL,
+      client_model TEXT,
+      upstream_model TEXT,
+
+      client_ip TEXT,
+      client_ip_source TEXT,
+      user_agent TEXT,
+
+      tokens_input INTEGER,
+      tokens_output INTEGER,
+      tokens_total INTEGER,
+      tokens_cached_input INTEGER,
+      usage_json TEXT,
+
+      premium_remaining_before REAL,
+      premium_remaining_after REAL,
+      premium_remaining_diff REAL,
+      premium_unlimited_before INTEGER,
+      premium_unlimited_after INTEGER,
+
+      http_status INTEGER,
+      error_name TEXT,
+      error_status INTEGER,
+      error_message TEXT,
+      selection_failure_reason TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_request_log_started_at
+      ON request_log(started_at_ms DESC);
+    CREATE INDEX IF NOT EXISTS idx_request_log_account_started_at
+      ON request_log(account_id, started_at_ms DESC);
+    CREATE INDEX IF NOT EXISTS idx_request_log_model_started_at
+      ON request_log(upstream_model, started_at_ms DESC);
+    CREATE INDEX IF NOT EXISTS idx_request_log_endpoint_started_at
+      ON request_log(upstream_endpoint, started_at_ms DESC);
+    CREATE INDEX IF NOT EXISTS idx_request_log_status_started_at
+      ON request_log(http_status, started_at_ms DESC);
+
+    PRAGMA user_version = 1;
+  `);
+}
+function migrateV9(db) {
+	db.run(`
+    CREATE TABLE IF NOT EXISTS daily_premium_stats (
+      date            TEXT    NOT NULL,
+      account_id      TEXT    NOT NULL,
+      request_count   INTEGER NOT NULL DEFAULT 0,
+      cost_units_sum  REAL    NOT NULL DEFAULT 0,
+      tokens_total    INTEGER NOT NULL DEFAULT 0,
+      error_count     INTEGER NOT NULL DEFAULT 0,
+      updated_at_ms   INTEGER NOT NULL,
+      PRIMARY KEY (date, account_id)
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_daily_premium_stats_date
+      ON daily_premium_stats(date);
+  `);
+	if (db.query("SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'request_log' LIMIT 1;").get()) {
+		const nowMs = Date.now();
+		db.run(`INSERT INTO daily_premium_stats
+         (date, account_id, request_count, cost_units_sum, tokens_total, error_count, updated_at_ms)
+       SELECT
+         date(started_at_ms / 1000, 'unixepoch', 'localtime') AS date,
+         account_id,
+         COUNT(*)                                              AS request_count,
+         SUM(cost_units)                                       AS cost_units_sum,
+         COALESCE(SUM(tokens_total), 0)                        AS tokens_total,
+         SUM(CASE WHEN error_name IS NOT NULL THEN 1 ELSE 0 END) AS error_count,
+         ?                                                     AS updated_at_ms
+       FROM request_log
+       WHERE cost_units > 0
+         AND account_id IS NOT NULL
+       GROUP BY 1, 2
+       ON CONFLICT(date, account_id) DO UPDATE SET
+         request_count   = excluded.request_count,
+         cost_units_sum  = excluded.cost_units_sum,
+         tokens_total    = excluded.tokens_total,
+         error_count     = excluded.error_count,
+         updated_at_ms   = excluded.updated_at_ms;`, [nowMs]);
+	}
+	db.run("PRAGMA user_version = 9;");
+}
+function migrateV8(db) {
+	db.run(`
+    CREATE TABLE IF NOT EXISTS session_affinity (
+      cache_key TEXT PRIMARY KEY,
+      account_id TEXT NOT NULL,
+      created_at_ms INTEGER NOT NULL,
+      last_confirmed_at_ms INTEGER NOT NULL,
+      last_used_at_ms INTEGER NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_session_affinity_last_used
+      ON session_affinity(last_used_at_ms);
+
+    CREATE INDEX IF NOT EXISTS idx_session_affinity_account
+      ON session_affinity(account_id);
+
+    PRAGMA user_version = 8;
+  `);
+}
+function migrateV10(db) {
+	db.run(`
+    CREATE TABLE IF NOT EXISTS quota_snapshots (
+      id              INTEGER PRIMARY KEY AUTOINCREMENT,
+      account_id      TEXT    NOT NULL,
+      snapshot_at_ms  INTEGER NOT NULL,
+      remaining       INTEGER NOT NULL,
+      entitlement     INTEGER NOT NULL,
+      unlimited       INTEGER NOT NULL DEFAULT 0,
+      source          TEXT    NOT NULL DEFAULT 'refresh'
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_quota_snapshots_account_time
+      ON quota_snapshots(account_id, snapshot_at_ms);
+
+    CREATE INDEX IF NOT EXISTS idx_quota_snapshots_time
+      ON quota_snapshots(snapshot_at_ms);
+  `);
+	if (db.query("SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'request_log' LIMIT 1;").get()) db.run(`
+      INSERT INTO quota_snapshots
+        (account_id, snapshot_at_ms, remaining, entitlement, unlimited, source)
+      SELECT
+        account_id,
+        finished_at_ms,
+        CAST(premium_remaining_after AS INTEGER),
+        0,
+        COALESCE(premium_unlimited_after, 0),
+        'backfill'
+      FROM request_log
+      WHERE premium_remaining_after IS NOT NULL
+        AND account_id IS NOT NULL
+        AND finished_at_ms IS NOT NULL
+      ORDER BY finished_at_ms;
+    `);
+	db.run("PRAGMA user_version = 10;");
+}
+function migrateAdminDb(db) {
+	const current = db.query("PRAGMA user_version;").get()?.user_version ?? 0;
+	if (current >= 10) return;
+	if (current < 1) migrateV1(db);
+	if (current < 2) db.run(`
+      ALTER TABLE request_log ADD COLUMN user_id TEXT;
+      ALTER TABLE request_log ADD COLUMN safety_identifier TEXT;
+      ALTER TABLE request_log ADD COLUMN prompt_cache_key TEXT;
+      ALTER TABLE request_log ADD COLUMN initiator TEXT;
+      ALTER TABLE request_log ADD COLUMN upstream_request_id TEXT;
+
+      PRAGMA user_version = 2;
+    `);
+	if (current < 3) db.run(`
+      CREATE INDEX IF NOT EXISTS idx_request_log_session_finished
+        ON request_log(
+          prompt_cache_key,
+          safety_identifier,
+          finished_at_ms DESC
+        )
+        WHERE finished_at_ms IS NOT NULL
+          AND tokens_input IS NOT NULL;
+
+      PRAGMA user_version = 3;
+    `);
+	if (current < 4) db.run(`
+      CREATE INDEX IF NOT EXISTS idx_request_log_session_finished_by_client_model
+        ON request_log(
+          prompt_cache_key,
+          safety_identifier,
+          client_model,
+          finished_at_ms DESC
+        )
+        WHERE finished_at_ms IS NOT NULL
+          AND tokens_input IS NOT NULL;
+
+      PRAGMA user_version = 4;
+    `);
+	if (current < 5) db.run(`
+      ALTER TABLE request_log ADD COLUMN affinity_hit INTEGER;
+      ALTER TABLE request_log ADD COLUMN affinity_cache_key TEXT;
+
+      PRAGMA user_version = 5;
+    `);
+	if (current < 6) {
+		if (!hasRequestLogColumn(db, "is_subagent")) db.run("ALTER TABLE request_log ADD COLUMN is_subagent INTEGER;");
+		db.run("PRAGMA user_version = 6;");
+	}
+	if (current < 7) {
+		if (!hasRequestLogColumn(db, "affinity_key_used")) db.run("ALTER TABLE request_log ADD COLUMN affinity_key_used TEXT;");
+		if (!hasRequestLogColumn(db, "affinity_key_source")) db.run("ALTER TABLE request_log ADD COLUMN affinity_key_source TEXT;");
+		if (!hasRequestLogColumn(db, "selection_reason")) db.run("ALTER TABLE request_log ADD COLUMN selection_reason TEXT;");
+		if (!hasRequestLogColumn(db, "upstream_error_message_raw")) db.run("ALTER TABLE request_log ADD COLUMN upstream_error_message_raw TEXT;");
+		db.run("PRAGMA user_version = 7;");
+	}
+	migrateV8(db);
+	migrateV9(db);
+	migrateV10(db);
+}
+
+//#endregion
+//#region src/lib/stats-store.ts
+const DEFAULT_STATS_RETENTION_DAYS = 180;
+function toLocalDateString(ms) {
+	const d = new Date(ms);
+	return `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")}`;
+}
+var StatsStore = class {
+	db;
+	upsertStmt;
+	insertSnapshotStmt;
+	constructor(db) {
+		this.db = db;
+		this.upsertStmt = db.query(`
+      INSERT INTO daily_premium_stats
+        (date, account_id, request_count, cost_units_sum, tokens_total, error_count, updated_at_ms)
+      VALUES (?, ?, 1, ?, ?, ?, ?)
+      ON CONFLICT(date, account_id) DO UPDATE SET
+        request_count   = request_count  + 1,
+        cost_units_sum  = cost_units_sum + excluded.cost_units_sum,
+        tokens_total    = tokens_total   + excluded.tokens_total,
+        error_count     = error_count    + excluded.error_count,
+        updated_at_ms   = excluded.updated_at_ms
+    `);
+		this.insertSnapshotStmt = db.query(`
+      INSERT INTO quota_snapshots
+        (account_id, snapshot_at_ms, remaining, entitlement, unlimited, source)
+      VALUES (?, ?, ?, ?, ?, ?)
+    `);
+	}
+	upsertDailyStats(record) {
+		const date = toLocalDateString(record.startedAtMs);
+		this.upsertStmt.run(date, record.accountId, record.costUnits, record.tokensTotal, record.hasError ? 1 : 0, Date.now());
+	}
+	insertQuotaSnapshot(record) {
+		this.insertSnapshotStmt.run(record.accountId, record.snapshotAtMs, record.remaining, record.entitlement, record.unlimited ? 1 : 0, record.source);
+	}
+	getConsumptionFromSnapshots(params) {
+		const dateExpr = params.granularity === "hour" ? "strftime('%Y-%m-%d %H:00', snapshot_at_ms / 1000, 'unixepoch', 'localtime')" : "date(snapshot_at_ms / 1000, 'unixepoch', 'localtime')";
+		const accountFilter = params.accountId ? " AND account_id = ?" : "";
+		const args = [];
+		args.push(params.fromMs);
+		if (params.accountId) args.push(params.accountId);
+		args.push(params.fromMs, params.toMs);
+		if (params.accountId) args.push(params.accountId);
+		args.push(params.fromMs);
+		return this.db.query(`WITH baseline AS (
+          SELECT qs.account_id, qs.snapshot_at_ms, qs.remaining, qs.id
+          FROM quota_snapshots qs
+          INNER JOIN (
+            SELECT account_id, MAX(snapshot_at_ms) AS max_ts
+            FROM quota_snapshots
+            WHERE snapshot_at_ms < ?
+              AND unlimited = 0${accountFilter}
+            GROUP BY account_id
+          ) latest ON qs.account_id = latest.account_id
+                  AND qs.snapshot_at_ms = latest.max_ts
+        ),
+        all_snaps AS (
+          SELECT account_id, snapshot_at_ms, remaining, id
+          FROM baseline
+          UNION ALL
+          SELECT account_id, snapshot_at_ms, remaining, id
+          FROM quota_snapshots
+          WHERE snapshot_at_ms >= ? AND snapshot_at_ms <= ?
+            AND unlimited = 0${accountFilter}
+        ),
+        with_prev AS (
+          SELECT
+            account_id,
+            snapshot_at_ms,
+            remaining,
+            LAG(remaining) OVER (
+              PARTITION BY account_id ORDER BY snapshot_at_ms, id
+            ) AS prev_remaining
+          FROM all_snaps
+        )
+        SELECT
+          ${dateExpr} AS date,
+          account_id,
+          SUM(
+            CASE WHEN prev_remaining IS NOT NULL AND prev_remaining > remaining
+                 THEN prev_remaining - remaining
+                 ELSE 0
+            END
+          ) AS premium_consumed
+        FROM with_prev
+        WHERE snapshot_at_ms >= ?
+        GROUP BY 1, 2
+        ORDER BY 1, 2`).all(...args);
+	}
+	getDailyPremiumStats(params) {
+		const accountFilter = params.accountId ? " AND account_id = ?" : "";
+		const args = [params.from, params.to];
+		if (params.accountId) args.push(params.accountId);
+		const dailyMetrics = this.db.query(`SELECT date,
+                SUM(request_count)  AS request_count,
+                SUM(tokens_total)   AS tokens_total,
+                SUM(error_count)    AS error_count
+         FROM daily_premium_stats
+         WHERE date >= ? AND date <= ?${accountFilter}
+         GROUP BY date
+         ORDER BY date`).all(...args);
+		const byAccountMetrics = this.db.query(`SELECT date, account_id, request_count, tokens_total, error_count
+         FROM daily_premium_stats
+         WHERE date >= ? AND date <= ?${accountFilter}
+         ORDER BY date, account_id`).all(...args);
+		const fromMs = this.localDateToMs(params.from);
+		const toMs = this.localDateEndMs(params.to);
+		const consumption = this.getConsumptionFromSnapshots({
+			fromMs,
+			toMs,
+			granularity: "day",
+			accountId: params.accountId
+		});
+		return this.mergeMetricsAndConsumption(dailyMetrics, byAccountMetrics, consumption);
+	}
+	getHourlyPremiumStats(params) {
+		const accountFilter = params.accountId ? " AND account_id = ?" : "";
+		const dailyArgs = [params.fromMs, params.toMs];
+		if (params.accountId) dailyArgs.push(params.accountId);
+		const dailyMetrics = this.db.query(`SELECT strftime('%Y-%m-%d %H:00', started_at_ms / 1000, 'unixepoch', 'localtime') AS date,
+                COUNT(*)                                                   AS request_count,
+                COALESCE(SUM(tokens_total), 0)                             AS tokens_total,
+                SUM(CASE WHEN error_name IS NOT NULL THEN 1 ELSE 0 END)    AS error_count
+         FROM request_log
+         WHERE cost_units > 0
+           AND started_at_ms >= ? AND started_at_ms <= ?${accountFilter}
+         GROUP BY 1
+         ORDER BY 1`).all(...dailyArgs);
+		const byAccountFilter = params.accountId ? " AND account_id = ?" : " AND account_id IS NOT NULL";
+		const byAccountArgs = [params.fromMs, params.toMs];
+		if (params.accountId) byAccountArgs.push(params.accountId);
+		const byAccountMetrics = this.db.query(`SELECT strftime('%Y-%m-%d %H:00', started_at_ms / 1000, 'unixepoch', 'localtime') AS date,
+                account_id,
+                COUNT(*)                                                   AS request_count,
+                COALESCE(SUM(tokens_total), 0)                             AS tokens_total,
+                SUM(CASE WHEN error_name IS NOT NULL THEN 1 ELSE 0 END)    AS error_count
+         FROM request_log
+         WHERE cost_units > 0
+           AND started_at_ms >= ? AND started_at_ms <= ?${byAccountFilter}
+         GROUP BY 1, 2
+         ORDER BY 1, 2`).all(...byAccountArgs);
+		const consumption = this.getConsumptionFromSnapshots({
+			fromMs: params.fromMs,
+			toMs: params.toMs,
+			granularity: "hour",
+			accountId: params.accountId
+		});
+		return this.mergeMetricsAndConsumption(dailyMetrics, byAccountMetrics, consumption);
+	}
+	cleanupStatsRetention(retentionDays = DEFAULT_STATS_RETENTION_DAYS) {
+		try {
+			const cutoffMs = Date.now() - retentionDays * 24 * 60 * 60 * 1e3;
+			const cutoffDate = toLocalDateString(cutoffMs);
+			this.db.query("DELETE FROM daily_premium_stats WHERE date < ?;").run(cutoffDate);
+			this.db.query(`DELETE FROM quota_snapshots
+           WHERE snapshot_at_ms < ?
+             AND id NOT IN (
+               SELECT qs.id
+               FROM quota_snapshots qs
+               INNER JOIN (
+                 SELECT account_id, MAX(snapshot_at_ms) AS max_ts
+                 FROM quota_snapshots
+                 WHERE snapshot_at_ms < ?
+                 GROUP BY account_id
+               ) latest ON qs.account_id = latest.account_id
+                        AND qs.snapshot_at_ms = latest.max_ts
+             );`).run(cutoffMs, cutoffMs);
+		} catch (error) {
+			consola$1.debug("Failed to cleanup stats retention", error);
+		}
+	}
+	localDateToMs(dateStr) {
+		const [y, m, d] = dateStr.split("-").map(Number);
+		return new Date(y, m - 1, d).getTime();
+	}
+	/** End-of-day ms (next local midnight - 1ms), DST-safe. */
+	localDateEndMs(dateStr) {
+		const [y, m, d] = dateStr.split("-").map(Number);
+		return new Date(y, m - 1, d + 1).getTime() - 1;
+	}
+	mergeMetricsAndConsumption(dailyMetrics, byAccountMetrics, consumption) {
+		const consumptionMap = /* @__PURE__ */ new Map();
+		const dateConsumptionMap = /* @__PURE__ */ new Map();
+		for (const c of consumption) {
+			consumptionMap.set(`${c.date}|${c.account_id}`, c.premium_consumed);
+			dateConsumptionMap.set(c.date, (dateConsumptionMap.get(c.date) ?? 0) + c.premium_consumed);
+		}
+		const allDates = new Set([...dailyMetrics.map((m) => m.date), ...consumption.map((c) => c.date)]);
+		const metricsMap = new Map(dailyMetrics.map((m) => [m.date, m]));
+		const daily = [...allDates].sort().map((date) => {
+			const m = metricsMap.get(date);
+			return {
+				date,
+				request_count: m?.request_count ?? 0,
+				premium_consumed: dateConsumptionMap.get(date) ?? 0,
+				tokens_total: m?.tokens_total ?? 0,
+				error_count: m?.error_count ?? 0
+			};
+		});
+		const allAccountDateKeys = new Set([...byAccountMetrics.map((m) => `${m.date}|${m.account_id}`), ...consumption.map((c) => `${c.date}|${c.account_id}`)]);
+		const byAccountMetricsMap = new Map(byAccountMetrics.map((m) => [`${m.date}|${m.account_id}`, m]));
+		return {
+			daily,
+			byAccount: [...allAccountDateKeys].sort().map((key) => {
+				const [date, account_id] = key.split("|");
+				const m = byAccountMetricsMap.get(key);
+				return {
+					date,
+					account_id,
+					request_count: m?.request_count ?? 0,
+					premium_consumed: consumptionMap.get(key) ?? 0,
+					tokens_total: m?.tokens_total ?? 0,
+					error_count: m?.error_count ?? 0
+				};
+			})
+		};
+	}
+};
+
+//#endregion
+//#region src/lib/request-history.ts
+const DEFAULT_RETENTION_DAYS = 14;
+const DEFAULT_MAX_ROWS = 2e5;
+const INSERT_WARN_THROTTLE_MS = 3e4;
+let lastInsertWarnAtMs = 0;
+let suppressedInsertWarnCount = 0;
+function warnInsertFailure(error) {
+	const now = Date.now();
+	if (now - lastInsertWarnAtMs < INSERT_WARN_THROTTLE_MS) {
+		suppressedInsertWarnCount++;
+		return;
+	}
+	const suppressed = suppressedInsertWarnCount;
+	suppressedInsertWarnCount = 0;
+	lastInsertWarnAtMs = now;
+	const suffix = suppressed > 0 ? ` (suppressed ${suppressed} similar errors)` : "";
+	consola.warn(`Failed to insert request log${suffix}`, error);
+}
+function toDbNull(value) {
+	return value === void 0 ? null : value;
+}
+function toDbBool(value) {
+	if (value === true) return 1;
+	if (value === false) return 0;
+	return null;
+}
+function getClientIpInfo(c) {
+	const cf = c.req.header("cf-connecting-ip");
+	if (cf) return {
+		ip: cf.trim(),
+		source: "cf-connecting-ip"
+	};
+	const xff = c.req.header("x-forwarded-for");
+	if (xff) {
+		const first = xff.split(",")[0]?.trim();
+		if (first) return {
+			ip: first,
+			source: "x-forwarded-for"
+		};
+	}
+	const xri = c.req.header("x-real-ip");
+	if (xri) return {
+		ip: xri.trim(),
+		source: "x-real-ip"
+	};
+	return {};
+}
+function normalizeChatCompletionsUsage(usage) {
+	if (!usage) return {};
+	const cached = usage.prompt_tokens_details?.cached_tokens ?? 0;
+	const prompt = usage.prompt_tokens;
+	const completion = usage.completion_tokens;
+	const total = usage.total_tokens;
+	return {
+		tokensCachedInput: cached,
+		tokensInput: Math.max(0, prompt - cached),
+		tokensOutput: completion,
+		tokensTotal: total,
+		usageJson: JSON.stringify(usage)
+	};
+}
+function normalizeResponsesUsage(usage) {
+	if (!usage) return {};
+	const cached = usage.input_tokens_details?.cached_tokens ?? 0;
+	const input = usage.input_tokens;
+	const output = usage.output_tokens ?? 0;
+	const total = usage.total_tokens;
+	return {
+		tokensCachedInput: cached,
+		tokensInput: Math.max(0, input - cached),
+		tokensOutput: output,
+		tokensTotal: total,
+		usageJson: JSON.stringify(usage)
+	};
+}
+function normalizeMessagesUsage(usage) {
+	if (!usage) return {};
+	const cached = usage.cache_read_input_tokens ?? 0;
+	const input = usage.input_tokens;
+	const output = usage.output_tokens;
+	const hasInput = typeof input === "number";
+	const hasOutput = typeof output === "number";
+	return {
+		tokensCachedInput: cached,
+		tokensInput: hasInput ? Math.max(0, input - cached) : void 0,
+		tokensOutput: hasOutput ? output : void 0,
+		tokensTotal: hasInput || hasOutput ? (input ?? 0) + (output ?? 0) : void 0,
+		usageJson: JSON.stringify(usage)
+	};
+}
+function normalizeEmbeddingsUsage(usage) {
+	if (!usage) return {};
+	return {
+		tokensCachedInput: 0,
+		tokensInput: usage.prompt_tokens,
+		tokensOutput: 0,
+		tokensTotal: usage.total_tokens,
+		usageJson: JSON.stringify(usage)
+	};
+}
+var RequestHistoryStore = class {
+	db;
+	insertStmt;
+	getByRequestIdStmt;
+	getLastCompletedUsageBySessionStmt;
+	constructor(db) {
+		this.db = db;
+		this.insertStmt = db.query(`
+      INSERT INTO request_log (
+        request_id,
+        started_at_ms,
+        finished_at_ms,
+        duration_ms,
+        ttfb_ms,
+        method,
+        path,
+        upstream_endpoint,
+        stream,
+        account_id,
+        account_type,
+        cost_units,
+        client_model,
+        upstream_model,
+        client_ip,
+        client_ip_source,
+        user_agent,
+        user_id,
+        safety_identifier,
+        prompt_cache_key,
+        initiator,
+        is_subagent,
+        upstream_request_id,
+        affinity_key_used,
+        affinity_key_source,
+        selection_reason,
+        tokens_input,
+        tokens_output,
+        tokens_total,
+        tokens_cached_input,
+        usage_json,
+        premium_remaining_before,
+        premium_remaining_after,
+        premium_remaining_diff,
+        premium_unlimited_before,
+        premium_unlimited_after,
+        http_status,
+        error_name,
+        error_status,
+        error_message,
+        upstream_error_message_raw,
+        selection_failure_reason,
+        affinity_hit,
+        affinity_cache_key
+      ) VALUES (
+        ?,?,?,?,?,?,?,?,
+        ?,?,?,?,?,?,?,?,
+        ?,?,?,?,?,?,?,?,
+        ?,?,?,?,?,?,?,?,
+        ?,?,?,?,?,?,?,?,
+        ?,?,?,?
+      );
+    `);
+		this.getByRequestIdStmt = db.query("SELECT * FROM request_log WHERE request_id = ? LIMIT 1;");
+		this.getLastCompletedUsageBySessionStmt = db.query(`
+      SELECT
+        tokens_input,
+        tokens_output,
+        tokens_total,
+        tokens_cached_input
+      FROM request_log
+      WHERE prompt_cache_key = ?
+        AND safety_identifier = ?
+        AND client_model = ?
+        AND finished_at_ms IS NOT NULL
+        AND tokens_input IS NOT NULL
+      ORDER BY finished_at_ms DESC
+      LIMIT 1;
+    `);
+	}
+	insert(record) {
+		try {
+			const args = [
+				record.requestId,
+				record.startedAtMs,
+				toDbNull(record.finishedAtMs),
+				toDbNull(record.durationMs),
+				toDbNull(record.ttfbMs),
+				record.method,
+				record.path,
+				toDbNull(record.upstreamEndpoint),
+				record.stream ? 1 : 0,
+				toDbNull(record.accountId),
+				toDbNull(record.accountType),
+				toDbNull(record.costUnits),
+				toDbNull(record.clientModel),
+				toDbNull(record.upstreamModel),
+				toDbNull(record.clientIp),
+				toDbNull(record.clientIpSource),
+				toDbNull(record.userAgent),
+				toDbNull(record.userId),
+				toDbNull(record.safetyIdentifier),
+				toDbNull(record.promptCacheKey),
+				toDbNull(record.initiator),
+				toDbBool(record.isSubagent),
+				toDbNull(record.upstreamRequestId),
+				toDbNull(record.affinityKeyUsed),
+				toDbNull(record.affinityKeySource),
+				toDbNull(record.selectionReason),
+				toDbNull(record.tokensInput),
+				toDbNull(record.tokensOutput),
+				toDbNull(record.tokensTotal),
+				toDbNull(record.tokensCachedInput),
+				toDbNull(record.usageJson),
+				toDbNull(record.premiumRemainingBefore),
+				toDbNull(record.premiumRemainingAfter),
+				toDbNull(record.premiumRemainingDiff),
+				toDbBool(record.premiumUnlimitedBefore),
+				toDbBool(record.premiumUnlimitedAfter),
+				toDbNull(record.httpStatus),
+				toDbNull(record.errorName),
+				toDbNull(record.errorStatus),
+				toDbNull(record.errorMessage),
+				toDbNull(record.upstreamErrorMessageRaw),
+				toDbNull(record.selectionFailureReason),
+				toDbBool(record.affinityHit),
+				toDbNull(record.affinityCacheKey)
+			];
+			this.insertStmt.run(...args);
+			if (record.costUnits !== void 0 && record.costUnits > 0 && record.accountId) try {
+				getStatsStoreInstance()?.upsertDailyStats({
+					startedAtMs: record.startedAtMs,
+					accountId: record.accountId,
+					costUnits: record.costUnits,
+					tokensTotal: record.tokensTotal ?? 0,
+					hasError: record.errorName !== void 0
+				});
+			} catch {}
+		} catch (error) {
+			warnInsertFailure(error);
+		}
+	}
+	getByRequestId(requestId) {
+		try {
+			return this.getByRequestIdStmt.get(requestId) ?? null;
+		} catch (error) {
+			consola.debug("Failed to fetch request log by request_id", error);
+			return null;
+		}
+	}
+	getLastCompletedUsageBySession(session) {
+		if (!session.promptCacheKey || !session.safetyIdentifier || !session.clientModel) return null;
+		try {
+			const row = this.getLastCompletedUsageBySessionStmt.get(session.promptCacheKey, session.safetyIdentifier, session.clientModel);
+			if (!row || row.tokens_input === null) return null;
+			const tokensOutput = row.tokens_output === null ? void 0 : row.tokens_output;
+			const tokensTotal = row.tokens_total === null ? void 0 : row.tokens_total;
+			const tokensCachedInput = row.tokens_cached_input === null ? void 0 : row.tokens_cached_input;
+			return {
+				tokensInput: row.tokens_input,
+				tokensOutput,
+				tokensTotal,
+				tokensCachedInput
+			};
+		} catch (error) {
+			consola.debug("Failed to fetch last completed usage by session", error);
+			return null;
+		}
+	}
+	query(params) {
+		const limit = Math.max(1, Math.min(params.limit, 200));
+		const where = [];
+		const values = [];
+		if (params.cursorId !== void 0) {
+			where.push("id < ?");
+			values.push(params.cursorId);
+		}
+		if (params.accountId) {
+			where.push("account_id = ?");
+			values.push(params.accountId);
+		}
+		if (params.upstreamModel) {
+			where.push("upstream_model = ?");
+			values.push(params.upstreamModel);
+		}
+		if (params.clientModel) {
+			where.push("client_model = ?");
+			values.push(params.clientModel);
+		}
+		if (params.upstreamEndpoint) {
+			where.push("upstream_endpoint = ?");
+			values.push(params.upstreamEndpoint);
+		}
+		if (params.path) {
+			where.push("path = ?");
+			values.push(params.path);
+		}
+		if (params.status !== void 0) {
+			where.push("http_status = ?");
+			values.push(params.status);
+		}
+		if (params.hasError === true) where.push("http_status >= 400");
+		if (params.hasError === false) where.push("http_status < 400");
+		if (params.fromMs !== void 0) {
+			where.push("started_at_ms >= ?");
+			values.push(params.fromMs);
+		}
+		if (params.toMs !== void 0) {
+			where.push("started_at_ms <= ?");
+			values.push(params.toMs);
+		}
+		const sql = `
+      SELECT *
+      FROM request_log
+      ${where.length > 0 ? `WHERE ${where.join(" AND ")}` : ""}
+      ORDER BY id DESC
+      LIMIT ?;
+    `;
+		const rows = this.db.query(sql).all(...values, limit + 1);
+		const items = rows.slice(0, limit);
+		const hasMore = rows.length > limit;
+		return {
+			items,
+			nextCursorId: hasMore ? items.at(-1)?.id : void 0,
+			hasMore
+		};
+	}
+	getAccountStatsSince(sinceMs) {
+		try {
+			const rows = this.db.query(`
+        SELECT
+          account_id,
+          COUNT(*) AS request_count,
+          SUM(CASE WHEN http_status >= 400 THEN 1 ELSE 0 END) AS error_count,
+          COALESCE(SUM(tokens_total), 0) AS tokens_total,
+          COALESCE(AVG(duration_ms), 0) AS avg_duration_ms,
+          COALESCE(MAX(started_at_ms), 0) AS last_request_at_ms
+        FROM request_log
+        WHERE started_at_ms >= ? AND account_id IS NOT NULL
+        GROUP BY account_id;
+      `).all(sinceMs);
+			const map = {};
+			for (const row of rows) map[row.account_id] = row;
+			return map;
+		} catch (error) {
+			consola.debug("Failed to fetch account stats", error);
+			return {};
+		}
+	}
+	cleanupRetention(retentionDays = DEFAULT_RETENTION_DAYS, maxRows = DEFAULT_MAX_ROWS) {
+		try {
+			const cutoffMs = Date.now() - retentionDays * 24 * 60 * 60 * 1e3;
+			this.db.query("DELETE FROM request_log WHERE started_at_ms < ?;").run(cutoffMs);
+			if (this.db.query("SELECT COUNT(*) AS c FROM request_log;").get().c <= maxRows) return;
+			const offset = maxRows - 1;
+			const thresholdId = this.db.query("SELECT id FROM request_log ORDER BY id DESC LIMIT 1 OFFSET ?;").get(offset)?.id;
+			if (!thresholdId) return;
+			this.db.query("DELETE FROM request_log WHERE id < ?;").run(thresholdId);
+		} catch (error) {
+			consola.debug("Failed to cleanup request_log retention", error);
+		}
+	}
+	meta() {
+		return {
+			dbPath: getAdminDbPath(),
+			userVersion: getAdminDbUserVersion(this.db),
+			retentionDays: DEFAULT_RETENTION_DAYS,
+			maxRows: DEFAULT_MAX_ROWS
+		};
+	}
+};
+const STORE_INIT_WARN_THROTTLE_MS = 3e4;
+const STORE_INIT_RETRY_DELAY_MS = 3e4;
+let lastStoreInitWarnAtMs = 0;
+let suppressedStoreInitWarnCount = 0;
+let nextStoreRetryAtMs = 0;
+function warnStoreInitFailure(error) {
+	const now = Date.now();
+	if (now - lastStoreInitWarnAtMs < STORE_INIT_WARN_THROTTLE_MS) {
+		suppressedStoreInitWarnCount++;
+		return;
+	}
+	const suppressed = suppressedStoreInitWarnCount;
+	suppressedStoreInitWarnCount = 0;
+	lastStoreInitWarnAtMs = now;
+	const suffix = suppressed > 0 ? ` (suppressed ${suppressed} similar errors)` : "";
+	consola.warn(`Request history store is disabled${suffix}`, error);
+}
+const disabledStore = {
+	insert: () => {},
+	getByRequestId: () => null,
+	getLastCompletedUsageBySession: () => null,
+	query: () => ({
+		items: [],
+		hasMore: false
+	}),
+	getAccountStatsSince: () => ({}),
+	cleanupRetention: () => {},
+	meta: () => ({
+		dbPath: getAdminDbPath(),
+		userVersion: 0,
+		retentionDays: DEFAULT_RETENTION_DAYS,
+		maxRows: DEFAULT_MAX_ROWS
+	})
+};
+let sharedStore = null;
+let maintenanceStarted = false;
+let sharedStatsStore = null;
+function getStatsStoreInstance() {
+	if (sharedStatsStore) return sharedStatsStore;
+	try {
+		sharedStatsStore = new StatsStore(getAdminDb());
+		return sharedStatsStore;
+	} catch {
+		return null;
+	}
+}
+function getRequestHistoryStore() {
+	if (sharedStore) return sharedStore;
+	const now = Date.now();
+	if (now < nextStoreRetryAtMs) return disabledStore;
+	try {
+		sharedStore = new RequestHistoryStore(getAdminDb());
+		if (!maintenanceStarted) {
+			maintenanceStarted = true;
+			sharedStore.cleanupRetention();
+			getStatsStoreInstance()?.cleanupStatsRetention();
+			setInterval(() => {
+				sharedStore?.cleanupRetention();
+				try {
+					getStatsStoreInstance()?.cleanupStatsRetention();
+				} catch {}
+			}, 1440 * 60 * 1e3);
+		}
+		return sharedStore;
+	} catch (error) {
+		nextStoreRetryAtMs = now + STORE_INIT_RETRY_DELAY_MS;
+		warnStoreInitFailure(error);
+		return disabledStore;
+	}
+}
+function extractResponsesUsageFromStreamEvent(event) {
+	if (event.type === "response.completed" || event.type === "response.incomplete") return normalizeResponsesUsage(event.response.usage);
+	if (event.type === "response.failed") return normalizeResponsesUsage(event.response.usage);
+	return {};
+}
+function extractResponsesUsageFromResult(result) {
+	return normalizeResponsesUsage(result.usage);
+}
+function getStatsStore() {
+	return getStatsStoreInstance();
+}
+
+//#endregion
+//#region src/lib/session-affinity-store.ts
+const DAY_MS = 1440 * 60 * 1e3;
+const DEFAULT_MAX_AGE_MS = 7 * DAY_MS;
+const CLEANUP_INTERVAL_MS = DAY_MS;
+const maybeUnref = (timer) => {
+	timer.unref();
+};
+var SessionAffinityStore = class {
+	db;
+	constructor(db) {
+		this.db = db;
+	}
+	get(cacheKey) {
+		let row;
+		try {
+			row = this.db.query("SELECT account_id FROM session_affinity WHERE cache_key = ? LIMIT 1;").get(cacheKey);
+		} catch (error) {
+			consola.warn("Failed to read session affinity mapping:", error);
+			return;
+		}
+		if (!row?.account_id) return;
+		try {
+			this.db.query("UPDATE session_affinity SET last_used_at_ms = ? WHERE cache_key = ?;").run(Date.now(), cacheKey);
+		} catch (error) {
+			consola.warn("Failed to update session affinity last_used_at_ms:", error);
+		}
+		return row.account_id;
+	}
+	set(cacheKey, accountId) {
+		const now = Date.now();
+		try {
+			this.db.query(`
+          INSERT INTO session_affinity (
+            cache_key,
+            account_id,
+            created_at_ms,
+            last_confirmed_at_ms,
+            last_used_at_ms
+          ) VALUES (?, ?, ?, ?, ?)
+          ON CONFLICT(cache_key) DO UPDATE SET
+            account_id = excluded.account_id,
+            last_confirmed_at_ms = excluded.last_confirmed_at_ms,
+            last_used_at_ms = excluded.last_used_at_ms;
+        `).run(cacheKey, accountId, now, now, now);
+		} catch (error) {
+			consola.warn("Failed to persist session affinity mapping:", error);
+		}
+	}
+	delete(cacheKey) {
+		try {
+			this.db.query("DELETE FROM session_affinity WHERE cache_key = ?;").run(cacheKey);
+		} catch (error) {
+			consola.warn("Failed to delete session affinity mapping:", error);
+		}
+	}
+	clear() {
+		try {
+			this.db.query("DELETE FROM session_affinity;").run();
+		} catch (error) {
+			consola.warn("Failed to clear session affinity mappings:", error);
+		}
+	}
+	cleanup(maxAgeMs = DEFAULT_MAX_AGE_MS) {
+		try {
+			this.db.query("DELETE FROM session_affinity WHERE last_used_at_ms < ?;").run(Date.now() - maxAgeMs);
+		} catch (error) {
+			consola.warn("Failed to cleanup session affinity mappings:", error);
+		}
+	}
+};
+let sharedSessionAffinityStore = null;
+let sharedCleanupInterval;
+function clearSharedSessionAffinityCleanup() {
+	if (!sharedCleanupInterval) return;
+	clearInterval(sharedCleanupInterval);
+	sharedCleanupInterval = void 0;
+}
+function getSharedSessionAffinityStore() {
+	if (!sharedSessionAffinityStore) sharedSessionAffinityStore = new SessionAffinityStore(getAdminDb());
+	return sharedSessionAffinityStore;
+}
+function applySharedSessionAffinityRetention(retentionMs = getSessionAffinityRetentionMs()) {
+	clearSharedSessionAffinityCleanup();
+	if (!Number.isFinite(retentionMs) || retentionMs <= 0) return;
+	try {
+		const store = getSharedSessionAffinityStore();
+		store.cleanup(retentionMs);
+		sharedCleanupInterval = setInterval(() => {
+			store.cleanup(retentionMs);
+		}, CLEANUP_INTERVAL_MS);
+		maybeUnref(sharedCleanupInterval);
+	} catch (error) {
+		consola.warn("Failed to apply session affinity retention:", error);
+	}
+}
+
+//#endregion
+//#region src/lib/session-ownership.ts
+const DEFAULT_MAX_ENTRIES = 1e4;
+const DEFAULT_TTL_MS = 3600 * 1e3;
+/**
+* In-memory TTL/LRU cache for root-session ownership.
+*
+* Uses Map insertion order for eviction: read/write hits move an entry to the
+* newest position, and writes refresh TTL.
+*/
+var SessionOwnershipCache = class {
+	cache = /* @__PURE__ */ new Map();
+	maxEntries;
+	ttlMs;
+	constructor(maxEntries = DEFAULT_MAX_ENTRIES, ttlMs = DEFAULT_TTL_MS) {
+		this.maxEntries = maxEntries;
+		this.ttlMs = ttlMs;
+	}
+	get(rootSessionId) {
+		const entry = this.cache.get(rootSessionId);
+		if (!entry) return;
+		if (Date.now() >= entry.expiresAt) {
+			this.cache.delete(rootSessionId);
+			return;
+		}
+		this.cache.delete(rootSessionId);
+		this.cache.set(rootSessionId, entry);
+		return entry.accountId;
+	}
+	set(rootSessionId, accountId) {
+		this.cache.delete(rootSessionId);
+		while (this.cache.size >= this.maxEntries) {
+			const oldest = this.cache.keys().next();
+			if (oldest.done) break;
+			this.cache.delete(oldest.value);
+		}
+		this.cache.set(rootSessionId, {
+			accountId,
+			expiresAt: Date.now() + this.ttlMs
+		});
+	}
+	clear() {
+		this.cache.clear();
+	}
+};
+
+//#endregion
+//#region src/lib/accounts-manager.ts
+/** Quota cache TTL in milliseconds (45 seconds) for pre-request selection. */
+const QUOTA_CACHE_TTL = 45 * 1e3;
+/** Debounce delay for registry reload in milliseconds */
+const RELOAD_DEBOUNCE_MS = 500;
+/** Registry watcher restart initial delay in milliseconds */
+const WATCHER_RESTART_INITIAL_DELAY_MS = 1e3;
+/** Registry watcher restart max delay in milliseconds */
+const WATCHER_RESTART_MAX_DELAY_MS = 60 * 1e3;
+/** Session refresh base interval in milliseconds. */
+const SESSION_REFRESH_BASE_MS = 3600 * 1e3;
+/** Session refresh jitter window in milliseconds. */
+const SESSION_REFRESH_JITTER_MS = 1200 * 1e3;
+/** Minimum delay between account initializations in milliseconds. */
+const INIT_STAGGER_MIN_MS = 2e3;
+/** Maximum delay between account initializations in milliseconds. */
+const INIT_STAGGER_MAX_MS = 5e3;
+/** Random jitter window added to token refresh delay in milliseconds. */
+const TOKEN_REFRESH_JITTER_MS = 3e4;
+function getInitialSelectionReason(cacheKey, rotationStart) {
+	if (!cacheKey) return "no_session_key";
+	return rotationStart > 0 ? "rotated_after_miss" : "affinity_miss";
+}
+function preserveSubagentSelectionReason(initialSelectionReason, nextSelectionReason) {
+	return initialSelectionReason.startsWith("subagent_") ? initialSelectionReason : nextSelectionReason;
+}
+/** Manages multiple GitHub Copilot accounts at runtime. */
+var AccountsManager = class {
+	accounts = /* @__PURE__ */ new Map();
+	accountOrder = [];
+	temporaryAccount;
+	vsCodeVersion;
+	accountAffinityEnabled = true;
+	affinityCache;
+	sessionOwnership = new SessionOwnershipCache();
+	sessionOwnershipGeneration = 0;
+	loadBalanceCursor = 0;
+	constructor(options = {}) {
+		const { persistentAffinityStore } = options;
+		this.affinityCache = new AccountAffinityCache(void 0, void 0, persistentAffinityStore);
+	}
+	quotaRefreshSnapshotByAccount = /* @__PURE__ */ new WeakMap();
+	modelsRefreshSnapshotByAccount = /* @__PURE__ */ new WeakMap();
+	tokenRefreshEnabledAccounts = /* @__PURE__ */ new WeakSet();
+	modelsRefreshTimer;
+	modelsRefreshIntervalMs = 0;
+	registryWatcher;
+	reloadDebounceTimer;
+	registryWatcherRestartTimer;
+	registryWatcherRestartDelayMs = WATCHER_RESTART_INITIAL_DELAY_MS;
+	isReloading = false;
+	currentReloadPromise;
+	/** Initialize accounts manager (load registry, migrate legacy token). */
+	async initialize(vsCodeVersion) {
+		this.vsCodeVersion = vsCodeVersion;
+		const hasReg = await hasRegistry();
+		const hasLegacy = await hasLegacyToken();
+		if (!hasReg && hasLegacy) await this.migrateLegacyToken();
+		const accountMetas = await listAccountsFromRegistry();
+		for (const meta of accountMetas) {
+			const token = await loadAccountToken(meta.id);
+			if (!token) {
+				consola.warn(`No token found for account ${meta.id}, skipping`);
+				continue;
+			}
+			const runtime = {
+				...meta,
+				accountLogin: meta.id,
+				githubToken: token,
+				vsCodeVersion: this.vsCodeVersion
+			};
+			this.accounts.set(meta.id, runtime);
+			this.accountOrder.push(meta.id);
+		}
+		let isFirstAccount = true;
+		for (const account of this.accounts.values()) {
+			if (!isFirstAccount) {
+				const staggerDelay = INIT_STAGGER_MIN_MS + Math.floor(Math.random() * (INIT_STAGGER_MAX_MS - INIT_STAGGER_MIN_MS));
+				consola.debug(`Staggering initialization of account ${account.id} by ${staggerDelay}ms`);
+				await new Promise((resolve) => setTimeout(resolve, staggerDelay));
+			}
+			isFirstAccount = false;
+			try {
+				await this.initializeAccount(account);
+			} catch (error) {
+				consola.error(`Failed to initialize account ${account.id}:`, error);
+				account.failed = true;
+				account.failureReason = String(error);
+			}
+		}
+		consola.info(`Loaded ${this.accounts.size} account(s)`);
+		this.startRegistryWatcher();
+	}
+	setAccountAffinityEnabled(enabled) {
+		this.accountAffinityEnabled = enabled;
+		if (!enabled) this.affinityCache.clearMemory();
+	}
+	setModelsRefreshIntervalMs(intervalMs) {
+		this.modelsRefreshIntervalMs = Number.isFinite(intervalMs) && intervalMs > 0 ? intervalMs : 0;
+		this.scheduleModelsRefresh();
+	}
+	computeTokenRefreshDelayMs(refreshInSeconds) {
+		const baseDelay = Math.max((refreshInSeconds - 60) * 1e3, 1e3);
+		const jitter = Math.floor(Math.random() * TOKEN_REFRESH_JITTER_MS);
+		const maxSafeDelay = Math.max(refreshInSeconds * 1e3 - 1e3, 1e3);
+		return Math.min(baseDelay + jitter, maxSafeDelay);
+	}
+	computeSessionRefreshDelayMs() {
+		return SESSION_REFRESH_BASE_MS + Math.floor(Math.random() * SESSION_REFRESH_JITTER_MS);
+	}
+	resolveAccountLogin(account) {
+		return account.accountLogin ?? account.id;
+	}
+	commitAccountIdentity(account, { identityKey, login, deviceId, machineId }) {
+		account.accountLogin = login;
+		account.identityKey = identityKey;
+		account.clientDeviceId = deviceId;
+		account.clientMachineId = machineId;
+	}
+	async applyAccountIdentity(account) {
+		const login = this.resolveAccountLogin(account);
+		const { oauthApp, enterpriseDomain } = getCurrentIdentityEnvironment();
+		const identityKey = buildIdentityKey({
+			login,
+			oauthApp,
+			enterpriseDomain
+		});
+		const identity = await ensureAccountClientIdentity({
+			login,
+			oauthApp,
+			enterpriseDomain
+		});
+		this.commitAccountIdentity(account, {
+			identityKey,
+			login,
+			deviceId: identity.deviceId,
+			machineId: identity.machineId
+		});
+		if (!account.clientSessionId) {
+			account.clientSessionId = createAccountSessionId();
+			consola.debug(`Generated VSCode session ID for account ${account.id}: ${account.clientSessionId}`);
+		}
+		this.startSessionRefresh(account);
+	}
+	shouldContinueTokenRefresh(account, snapshot) {
+		return this.tokenRefreshEnabledAccounts.has(account) && isAuthSnapshotCurrent(account, snapshot);
+	}
+	async runTokenRefreshTick(account, snapshot, refreshInSeconds) {
+		if (!this.shouldContinueTokenRefresh(account, snapshot)) return;
+		try {
+			const { token, refresh_in } = await getCopilotToken(toAccountContextFromSnapshot(account, snapshot));
+			if (!this.shouldContinueTokenRefresh(account, snapshot)) return;
+			if (!applyTokenRefreshSuccessIfCurrent(account, snapshot, token)) return;
+			consola.debug(`Refreshed token for account ${account.id}`);
+			if (!this.shouldContinueTokenRefresh(account, snapshot)) return;
+			this.startTokenRefresh(account, refresh_in);
+		} catch (error) {
+			consola.error(`Failed to refresh token for ${account.id}:`, error);
+			if (!this.shouldContinueTokenRefresh(account, snapshot)) return;
+			applyTokenRefreshFailureIfCurrent(account, snapshot, error);
+			if (!this.shouldContinueTokenRefresh(account, snapshot)) return;
+			this.startTokenRefresh(account, refreshInSeconds);
+		}
+	}
+	finalizeQuotaRefreshPromise(account, promise) {
+		if (account.quotaRefreshPromise !== promise) return;
+		account.isRefreshingQuota = false;
+		account.quotaRefreshPromise = void 0;
+		this.quotaRefreshSnapshotByAccount.delete(account);
+	}
+	/** Initialize a single account. */
+	async initializeAccount(account) {
+		await this.applyAccountIdentity(account);
+		const snapshot = takeAuthSnapshot(account);
+		try {
+			const { token, refresh_in } = await getCopilotToken(toAccountContextFromSnapshot(account, snapshot));
+			if (!applyCopilotTokenIfCurrent(account, snapshot, token)) return;
+			await this.refreshQuota(account);
+			this.startTokenRefresh(account, refresh_in);
+			if (!applyModelsIfCurrent(account, snapshot, await getModels(toAccountContextFromSnapshot(account, snapshot, token)))) return;
+			account.lastModelsFetch = Date.now();
+			consola.debug(`Account ${account.id} initialized`);
+		} catch (error) {
+			if (!isAuthSnapshotCurrent(account, snapshot)) return;
+			throw error;
+		}
+	}
+	/** Migrate legacy github_token to the new multi-account system. */
+	async migrateLegacyToken() {
+		const token = await readLegacyToken();
+		if (!token) return;
+		try {
+			const id = (await getGitHubUser({
+				githubToken: token,
+				accountType: "individual"
+			})).login;
+			await saveAccountToken(id, token);
+			await addAccountToRegistry({
+				id,
+				accountType: "individual",
+				addedAt: Date.now()
+			});
+			consola.info(`Migrated legacy token to account: ${id}`);
+		} catch (error) {
+			consola.error("Failed to migrate legacy token:", error);
+		}
+	}
+	/** Start token refresh timer for an account. */
+	startTokenRefresh(account, refreshInSeconds) {
+		this.stopTokenRefresh(account);
+		this.tokenRefreshEnabledAccounts.add(account);
+		const snapshot = takeAuthSnapshot(account);
+		const delayMs = this.computeTokenRefreshDelayMs(refreshInSeconds);
+		account.refreshTimer = setTimeout(() => {
+			this.runTokenRefreshTick(account, snapshot, refreshInSeconds);
+		}, delayMs);
+	}
+	/** Stop token refresh timer for an account. */
+	stopTokenRefresh(account) {
+		this.tokenRefreshEnabledAccounts.delete(account);
+		if (account.refreshTimer) {
+			clearTimeout(account.refreshTimer);
+			account.refreshTimer = void 0;
+		}
+	}
+	/** Stop all token refresh timers. */
+	stopAllTokenRefresh() {
+		for (const account of this.accounts.values()) this.stopTokenRefresh(account);
+		if (this.temporaryAccount) this.stopTokenRefresh(this.temporaryAccount);
+	}
+	startSessionRefresh(account) {
+		this.stopSessionRefresh(account);
+		const delayMs = this.computeSessionRefreshDelayMs();
+		consola.debug(`Scheduling next VSCode session ID refresh for ${account.id} in ${Math.round(delayMs / 1e3)} seconds`);
+		account.sessionRefreshTimer = setTimeout(() => {
+			try {
+				account.clientSessionId = createAccountSessionId();
+				consola.debug(`Refreshed VSCode session ID for account ${account.id}: ${account.clientSessionId}`);
+			} catch (error) {
+				consola.error(`Failed to refresh VSCode session ID for ${account.id}, rescheduling...`, error);
+			} finally {
+				this.startSessionRefresh(account);
+			}
+		}, delayMs);
+	}
+	stopSessionRefresh(account) {
+		if (account.sessionRefreshTimer) {
+			clearTimeout(account.sessionRefreshTimer);
+			account.sessionRefreshTimer = void 0;
+		}
+	}
+	stopAllSessionRefresh() {
+		for (const account of this.accounts.values()) this.stopSessionRefresh(account);
+		if (this.temporaryAccount) this.stopSessionRefresh(this.temporaryAccount);
+	}
+	scheduleModelsRefresh() {
+		this.stopModelsRefresh();
+		if (!this.modelsRefreshIntervalMs || this.modelsRefreshIntervalMs <= 0) return;
+		this.modelsRefreshTimer = setTimeout(() => {
+			this.runModelsRefreshTick();
+		}, this.modelsRefreshIntervalMs);
+	}
+	stopModelsRefresh() {
+		if (this.modelsRefreshTimer) {
+			clearTimeout(this.modelsRefreshTimer);
+			this.modelsRefreshTimer = void 0;
+		}
+	}
+	async runModelsRefreshTick() {
+		try {
+			await this.refreshAllModels();
+		} catch (error) {
+			consola.error("Failed to refresh models:", error);
+		} finally {
+			this.scheduleModelsRefresh();
+		}
+	}
+	finalizeModelsRefreshPromise(account, promise) {
+		if (account.modelsRefreshPromise !== promise) return;
+		account.isRefreshingModels = false;
+		account.modelsRefreshPromise = void 0;
+		this.modelsRefreshSnapshotByAccount.delete(account);
+	}
+	async refreshModels(account) {
+		if (!account.copilotToken) {
+			consola.debug(`Skip model refresh for ${account.id}: missing Copilot token`);
+			return;
+		}
+		const snapshot = takeAuthSnapshot(account);
+		if (account.modelsRefreshPromise) {
+			if (isSameAuthSnapshot(this.modelsRefreshSnapshotByAccount.get(account), snapshot)) {
+				await account.modelsRefreshPromise;
+				return;
+			}
+		}
+		account.isRefreshingModels = true;
+		const ctx = toAccountContextFromSnapshot(account, snapshot, account.copilotToken);
+		const promise = (async () => {
+			try {
+				if (applyModelsIfCurrent(account, snapshot, await getModels(ctx))) account.lastModelsFetch = Date.now();
+			} catch (error) {
+				if (error instanceof HTTPError && error.response.status === 401) {
+					applyUnauthorizedIfCurrent(account, snapshot, "Unauthorized (401)");
+					return;
+				}
+				consola.error(`Failed to refresh models for ${account.id}:`, error);
+			}
+		})();
+		account.modelsRefreshPromise = promise;
+		this.modelsRefreshSnapshotByAccount.set(account, snapshot);
+		promise.finally(() => {
+			this.finalizeModelsRefreshPromise(account, promise);
+		});
+		await promise;
+	}
+	async refreshAllModels() {
+		const accounts = [];
+		if (this.temporaryAccount) accounts.push(this.temporaryAccount);
+		for (const id of this.accountOrder) {
+			const account = this.accounts.get(id);
+			if (account) accounts.push(account);
+		}
+		if (accounts.length === 0) return;
+		await Promise.allSettled(accounts.map((account) => this.refreshModels(account)));
+	}
+	/** Refresh quota information for an account. */
+	async refreshQuota(account) {
+		const snapshot = takeAuthSnapshot(account);
+		if (account.quotaRefreshPromise) {
+			if (isSameAuthSnapshot(this.quotaRefreshSnapshotByAccount.get(account), snapshot)) {
+				await account.quotaRefreshPromise;
+				return;
+			}
+		}
+		account.isRefreshingQuota = true;
+		const ctx = toAccountContextFromSnapshot(account, snapshot);
+		const promise = (async () => {
+			try {
+				const usage = await getCopilotUsage(ctx);
+				const premium = usage.quota_snapshots.premium_interactions;
+				if (applyQuotaRefreshSuccessIfCurrent(account, snapshot, {
+					premium,
+					copilotApiUrl: usage.endpoints.api
+				})) try {
+					getStatsStore()?.insertQuotaSnapshot({
+						accountId: account.id,
+						snapshotAtMs: Date.now(),
+						remaining: premium.remaining,
+						entitlement: premium.entitlement,
+						unlimited: premium.unlimited,
+						source: "refresh"
+					});
+				} catch {}
+			} catch (error) {
+				if (error instanceof HTTPError && error.response.status === 401) {
+					applyUnauthorizedIfCurrent(account, snapshot, "Unauthorized (401)");
+					return;
+				}
+				consola.error(`Failed to refresh quota for ${account.id}:`, error);
+			}
+		})();
+		account.quotaRefreshPromise = promise;
+		this.quotaRefreshSnapshotByAccount.set(account, snapshot);
+		promise.finally(() => {
+			this.finalizeQuotaRefreshPromise(account, promise);
+		});
+		await promise;
+	}
+	/** Check if quota cache is expired. */
+	isQuotaCacheExpired(account) {
+		if (!account.lastQuotaFetch) return true;
+		return Date.now() - account.lastQuotaFetch > QUOTA_CACHE_TTL;
+	}
+	isAccountFailed(account) {
+		return account.failed === true;
+	}
+	useOverageFallback(fallback) {
+		const reservation = reservePremiumUnits(fallback.account, fallback.costUnits);
+		return {
+			ok: true,
+			account: fallback.account,
+			selectedModel: fallback.model,
+			endpoint: fallback.endpoint,
+			costUnits: fallback.costUnits,
+			reservation
+		};
+	}
+	isModelSupportedForEndpoint(model, endpoint) {
+		if (endpoint === "/responses") return model.supported_endpoints?.includes(endpoint) ?? false;
+		const supported = model.supported_endpoints;
+		if (!supported) return true;
+		return supported.includes(endpoint);
+	}
+	pickSupportedCandidate(account, candidates) {
+		const models = account.models?.data;
+		if (!models) return null;
+		for (const candidate of candidates) {
+			const model = models.find((m) => m.id === candidate.modelId);
+			if (!model) continue;
+			if (!this.isModelSupportedForEndpoint(model, candidate.endpoint)) continue;
+			return {
+				candidate,
+				model
+			};
+		}
+		return null;
+	}
+	async selectAccountForCandidates(orderedAccounts, candidates) {
+		if (orderedAccounts.length === 0) return {
+			ok: false,
+			reason: "NO_ACCOUNTS"
+		};
+		let supportedCandidateFound = false;
+		let overageFallback;
+		for (const account of orderedAccounts) {
+			if (this.isAccountFailed(account)) continue;
+			const supported = this.pickSupportedCandidate(account, candidates);
+			if (!supported) continue;
+			supportedCandidateFound = true;
+			const { candidate, model } = supported;
+			const costUnits = getCostUnits(model);
+			if (costUnits <= 0) return {
+				ok: true,
+				account,
+				selectedModel: model,
+				endpoint: candidate.endpoint,
+				costUnits
+			};
+			if (!account.unlimited && this.isQuotaCacheExpired(account)) await this.refreshQuota(account);
+			if (this.isAccountFailed(account)) continue;
+			if (account.unlimited) return {
+				ok: true,
+				account,
+				selectedModel: model,
+				endpoint: candidate.endpoint,
+				costUnits
+			};
+			const effectiveRemaining = getEffectivePremiumRemaining(account);
+			if (effectiveRemaining !== void 0 && effectiveRemaining < costUnits) {
+				if (account.overagePermitted && !overageFallback) overageFallback = {
+					account,
+					model,
+					endpoint: candidate.endpoint,
+					costUnits
+				};
+				continue;
+			}
+			const reservation = reservePremiumUnits(account, costUnits);
+			return {
+				ok: true,
+				account,
+				selectedModel: model,
+				endpoint: candidate.endpoint,
+				costUnits,
+				reservation
+			};
+		}
+		if (!supportedCandidateFound) return {
+			ok: false,
+			reason: "MODEL_NOT_SUPPORTED"
+		};
+		return overageFallback ? this.useOverageFallback(overageFallback) : {
+			ok: false,
+			reason: "NO_QUOTA"
+		};
+	}
+	/**
+	* Try to use a preferred (affinity) account for the request.
+	* Returns a successful selection if the account is usable; null otherwise.
+	*/
+	async tryAffinityAccount(preferredAccountId, orderedAccounts, candidates) {
+		const account = isAffinityAccountUsable(preferredAccountId, orderedAccounts);
+		if (!account) return null;
+		const supported = this.pickSupportedCandidate(account, candidates) ?? this.pickAliasFallbackCandidate(account, candidates);
+		if (!supported) return null;
+		return this.validateAffinityQuota(account, supported);
+	}
+	/**
+	* Resolve model aliases and try to pick a supported candidate.
+	* Returns null if no alias differs or the account doesn't support the alias.
+	*/
+	pickAliasFallbackCandidate(account, candidates) {
+		const aliasCandidates = candidates.map((candidate) => {
+			const modelId = resolveModelAlias(candidate.modelId);
+			if (modelId === candidate.modelId) return candidate;
+			return {
+				...candidate,
+				modelId
+			};
+		});
+		if (!aliasCandidates.some((candidate, index) => candidate.modelId !== candidates[index].modelId)) return null;
+		return this.pickSupportedCandidate(account, aliasCandidates);
+	}
+	/**
+	* Validate quota for an affinity candidate. Free models pass immediately;
+	* premium models go through quota refresh / reservation.
+	*/
+	async validateAffinityQuota(account, supported) {
+		const { candidate, model } = supported;
+		const costUnits = getCostUnits(model);
+		if (costUnits <= 0) return {
+			ok: true,
+			account,
+			selectedModel: model,
+			endpoint: candidate.endpoint,
+			costUnits
+		};
+		if (!account.unlimited && this.isQuotaCacheExpired(account)) await this.refreshQuota(account);
+		if (this.isAccountFailed(account)) return null;
+		if (account.unlimited) return {
+			ok: true,
+			account,
+			selectedModel: model,
+			endpoint: candidate.endpoint,
+			costUnits
+		};
+		const effectiveRemaining = getEffectivePremiumRemaining(account);
+		if (effectiveRemaining !== void 0 && effectiveRemaining < costUnits) return null;
+		const reservation = reservePremiumUnits(account, costUnits);
+		return {
+			ok: true,
+			account,
+			selectedModel: model,
+			endpoint: candidate.endpoint,
+			costUnits,
+			reservation
+		};
+	}
+	/**
+	* Select an available account for a specific request (model + endpoint).
+	* When account affinity is enabled, routes to the previously successful account
+	* for the same affinity key + model combination.
+	* Uses reservation to avoid oversubscribing premium quota under concurrency.
+	*/
+	async selectAccountForRequest(candidates, context) {
+		if (candidates.length === 0) throw new Error("selectAccountForRequest requires at least one candidate");
+		const orderedAccounts = this.getOrderedEnabledAccounts();
+		const ownerSelection = await this.selectPreferredSessionOwner({
+			lookupSessionId: context?.ownershipLookupSessionId,
+			orderedAccounts,
+			candidates
+		});
+		if (ownerSelection.result) {
+			this.attachConfirmOwnership(ownerSelection.result, context?.ownershipWriteSessionId);
+			return ownerSelection.result;
+		}
+		const affinityPlan = this.buildAffinitySelectionPlan({
+			orderedAccounts,
+			candidates,
+			context,
+			ownerSelectionReason: ownerSelection.selectionReason
+		});
+		const preferredSelection = await this.selectPreferredAffinityAccount({
+			cacheKey: affinityPlan.cacheKey,
+			orderedAccounts,
+			candidates,
+			initialSelectionReason: affinityPlan.initialSelectionReason
+		});
+		if (preferredSelection.result) {
+			this.attachConfirmOwnership(preferredSelection.result, context?.ownershipWriteSessionId);
+			return preferredSelection.result;
+		}
+		let accountsForSelection = affinityPlan.defaultAccountsForSelection;
+		let premiumRemainingOrderedAccountIds = /* @__PURE__ */ new Set();
+		let selectionReason = preferredSelection.selectionReason;
+		if (affinityPlan.canReorderOnAffinityCacheMiss && preferredSelection.affinityCacheMiss) {
+			const affinityMissOrder = this.orderAccountsForAffinityCacheMiss(orderedAccounts);
+			accountsForSelection = affinityMissOrder.accounts;
+			premiumRemainingOrderedAccountIds = affinityMissOrder.premiumRemainingOrderedAccountIds;
+		}
+		const result = await this.selectWithAliasFallback(accountsForSelection, candidates);
+		if (result.ok && premiumRemainingOrderedAccountIds.has(result.account.id)) selectionReason = "affinity_miss";
+		return this.finalizeSelectedAccount({
+			result,
+			cacheKey: affinityPlan.cacheKey,
+			selectionReason,
+			ownershipWriteSessionId: context?.ownershipWriteSessionId
+		});
+	}
+	getOrderedEnabledAccounts() {
+		return [...this.temporaryAccount ? [this.temporaryAccount] : [], ...this.accountOrder.map((id) => this.accounts.get(id)).filter((account) => account !== void 0)].filter((account) => isAccountEnabled(account));
+	}
+	buildAffinitySelectionPlan(params) {
+		const { orderedAccounts, candidates, context, ownerSelectionReason } = params;
+		const affinityKey = this.accountAffinityEnabled && context ? extractAffinityKey(context) : void 0;
+		const modelKey = context?.affinityModelId ?? candidates[0].modelId;
+		const cacheKey = affinityKey ? buildAffinityCacheKey(affinityKey, modelKey) : void 0;
+		const shouldRotate = this.accountAffinityEnabled && orderedAccounts.length > 1;
+		const rotationStart = shouldRotate ? this.loadBalanceCursor % orderedAccounts.length : 0;
+		return {
+			cacheKey,
+			defaultAccountsForSelection: shouldRotate ? this.rotateAccounts(orderedAccounts) : orderedAccounts,
+			initialSelectionReason: ownerSelectionReason ?? getInitialSelectionReason(cacheKey, rotationStart),
+			canReorderOnAffinityCacheMiss: ownerSelectionReason === void 0 && cacheKey !== void 0
+		};
+	}
+	finalizeSelectedAccount(params) {
+		const { result, cacheKey, selectionReason, ownershipWriteSessionId } = params;
+		if (!result.ok) return {
+			...result,
+			selectionReason
+		};
+		this.loadBalanceCursor++;
+		result.selectionReason = selectionReason;
+		result.affinityCacheKey = cacheKey;
+		if (cacheKey) result.confirmAffinity = () => {
+			if (!this.accountAffinityEnabled) return;
+			this.affinityCache.set(cacheKey, result.account.id);
+		};
+		this.attachConfirmOwnership(result, ownershipWriteSessionId);
+		return result;
+	}
+	attachConfirmOwnership(result, ownershipWriteSessionId) {
+		const rootSessionId = ownershipWriteSessionId?.trim();
+		if (!rootSessionId) return;
+		const generation = this.sessionOwnershipGeneration;
+		result.confirmOwnership = () => {
+			if (generation !== this.sessionOwnershipGeneration) return;
+			this.sessionOwnership.set(rootSessionId, result.account.id);
+		};
+	}
+	async selectPreferredSessionOwner(params) {
+		const { lookupSessionId, orderedAccounts, candidates } = params;
+		if (lookupSessionId === void 0) return {};
+		const rootSessionId = lookupSessionId.trim();
+		if (!rootSessionId) return { selectionReason: "subagent_marker_invalid_fallback" };
+		const preferredAccountId = this.sessionOwnership.get(rootSessionId);
+		if (!preferredAccountId) return { selectionReason: "subagent_owner_miss" };
+		const ownerResult = await this.tryAffinityAccount(preferredAccountId, orderedAccounts, candidates);
+		if (!ownerResult) return { selectionReason: "subagent_owner_unusable_fallback" };
+		ownerResult.selectionReason = "subagent_owner_hit";
+		return { result: ownerResult };
+	}
+	/**
+	* Try the preferred account from the affinity cache before normal selection.
+	*/
+	async selectPreferredAffinityAccount(params) {
+		const { cacheKey, orderedAccounts, candidates, initialSelectionReason } = params;
+		if (!cacheKey) return {
+			selectionReason: initialSelectionReason,
+			affinityCacheMiss: false
+		};
+		const preferredId = this.affinityCache.get(cacheKey);
+		if (!preferredId) return {
+			selectionReason: initialSelectionReason,
+			affinityCacheMiss: true
+		};
+		const affinityResult = await this.tryAffinityAccount(preferredId, orderedAccounts, candidates);
+		if (!affinityResult) {
+			this.affinityCache.delete(cacheKey);
+			return {
+				selectionReason: preserveSubagentSelectionReason(initialSelectionReason, "preferred_account_unavailable"),
+				affinityCacheMiss: false
+			};
+		}
+		const selectionReason = preserveSubagentSelectionReason(initialSelectionReason, "affinity_hit");
+		affinityResult.affinityHit = true;
+		affinityResult.affinityCacheKey = cacheKey;
+		affinityResult.selectionReason = selectionReason;
+		affinityResult.confirmAffinity = () => {
+			if (!this.accountAffinityEnabled) return;
+			this.affinityCache.set(cacheKey, affinityResult.account.id);
+		};
+		return {
+			result: affinityResult,
+			selectionReason,
+			affinityCacheMiss: false
+		};
+	}
+	/**
+	* Rotate the accounts array by the current load-balance cursor for round-robin distribution.
+	* This ensures cache-miss requests are spread across accounts instead of always hitting the first.
+	*/
+	rotateAccounts(accounts) {
+		const start = this.loadBalanceCursor % accounts.length;
+		if (start === 0) return accounts;
+		return [...accounts.slice(start), ...accounts.slice(0, start)];
+	}
+	orderAccountsForAffinityCacheMiss(orderedAccounts) {
+		const scoredAccounts = orderedAccounts.map((account) => ({
+			account,
+			effectiveRemaining: getEffectivePremiumRemaining(account)
+		})).filter((entry) => entry.effectiveRemaining !== void 0).sort((left, right) => right.effectiveRemaining - left.effectiveRemaining);
+		if (scoredAccounts.length > 0) {
+			const scoredAccountsInSelectionOrder = this.shuffleWithinEqualRemainingBuckets(scoredAccounts).map(({ account }) => account);
+			const scoredAccountSet = new Set(scoredAccountsInSelectionOrder);
+			const unknownQuotaAccounts$1 = orderedAccounts.filter((account) => !scoredAccountSet.has(account) && !account.unlimited);
+			const unlimitedAccounts$1 = orderedAccounts.filter((account) => !scoredAccountSet.has(account) && account.unlimited);
+			return {
+				accounts: [
+					...scoredAccountsInSelectionOrder,
+					...unknownQuotaAccounts$1,
+					...unlimitedAccounts$1
+				],
+				premiumRemainingOrderedAccountIds: new Set(scoredAccountsInSelectionOrder.map((account) => account.id))
+			};
+		}
+		const premiumRemainingOrderedAccountIds = /* @__PURE__ */ new Set();
+		const unlimitedAccounts = orderedAccounts.filter((account) => account.unlimited);
+		if (unlimitedAccounts.length === 0) return {
+			accounts: orderedAccounts,
+			premiumRemainingOrderedAccountIds
+		};
+		const unknownQuotaAccounts = orderedAccounts.filter((account) => !account.unlimited);
+		return {
+			accounts: [...this.shuffleArray(unlimitedAccounts), ...unknownQuotaAccounts],
+			premiumRemainingOrderedAccountIds
+		};
+	}
+	shuffleWithinEqualRemainingBuckets(scoredAccounts) {
+		const shuffled = [];
+		let index = 0;
+		while (index < scoredAccounts.length) {
+			const currentRemaining = scoredAccounts[index].effectiveRemaining;
+			let bucketEnd = index + 1;
+			while (bucketEnd < scoredAccounts.length && scoredAccounts[bucketEnd].effectiveRemaining === currentRemaining) bucketEnd++;
+			shuffled.push(...this.shuffleArray(scoredAccounts.slice(index, bucketEnd)));
+			index = bucketEnd;
+		}
+		return shuffled;
+	}
+	shuffleArray(items) {
+		if (items.length <= 1) return items;
+		const shuffled = [...items];
+		for (let index = shuffled.length - 1; index > 0; index--) {
+			const randomIndex = Math.floor(Math.random() * (index + 1));
+			[shuffled[index], shuffled[randomIndex]] = [shuffled[randomIndex], shuffled[index]];
+		}
+		return shuffled;
+	}
+	/**
+	* Normal account selection with alias fallback.
+	* Extracted to keep selectAccountForRequest readable after adding affinity logic.
+	*/
+	async selectWithAliasFallback(orderedAccounts, candidates) {
+		const primary = await this.selectAccountForCandidates(orderedAccounts, candidates);
+		if (primary.ok || primary.reason !== "MODEL_NOT_SUPPORTED") return primary;
+		const aliasCandidates = candidates.map((candidate) => {
+			const modelId = resolveModelAlias(candidate.modelId);
+			if (modelId === candidate.modelId) return candidate;
+			return {
+				...candidate,
+				modelId
+			};
+		});
+		if (!aliasCandidates.some((candidate, index) => candidate.modelId !== candidates[index].modelId)) return primary;
+		return this.selectAccountForCandidates(orderedAccounts, aliasCandidates);
+	}
+	/**
+	* Finalize quota after a request completes.
+	* This releases any in-flight reservation and refreshes the actual quota from the API.
+	*/
+	async finalizeQuota(account, reservation) {
+		releasePremiumReservation(account, reservation);
+		try {
+			await this.refreshQuota(account);
+		} catch (error) {
+			consola.debug(`Failed to finalize quota for ${account.id}:`, error);
+		}
+	}
+	/**
+	* Mark an account as failed.
+	*/
+	markAccountFailed(id, reason) {
+		const account = this.accounts.get(id);
+		if (account) {
+			setAccountFailedState(account, reason);
+			return;
+		}
+		if (this.temporaryAccount && this.temporaryAccount.id === id) setAccountFailedState(this.temporaryAccount, reason);
+	}
+	/**
+	* Get status of all accounts.
+	*/
+	getAccountStatus() {
+		const statuses = [];
+		if (this.temporaryAccount) statuses.push({
+			id: "(temporary)",
+			entitlement: this.temporaryAccount.premiumEntitlement,
+			remaining: this.temporaryAccount.premiumRemaining,
+			unlimited: this.temporaryAccount.unlimited,
+			overagePermitted: this.temporaryAccount.overagePermitted,
+			failed: this.temporaryAccount.failed,
+			failureReason: this.temporaryAccount.failureReason
+		});
+		for (const id of this.accountOrder) {
+			const account = this.accounts.get(id);
+			if (account) statuses.push({
+				id: account.id,
+				entitlement: account.premiumEntitlement,
+				remaining: account.premiumRemaining,
+				unlimited: account.unlimited,
+				overagePermitted: account.overagePermitted,
+				failed: account.failed,
+				failureReason: account.failureReason,
+				enabled: account.enabled
+			});
+		}
+		return statuses;
+	}
+	/**
+	* Set a temporary account from a GitHub token (--github-token).
+	* This account takes priority over registered accounts.
+	*/
+	async setTemporaryAccount(githubToken, accountType) {
+		const user = await getGitHubUser({
+			githubToken,
+			accountType
+		});
+		if (this.temporaryAccount) {
+			this.stopTokenRefresh(this.temporaryAccount);
+			this.stopSessionRefresh(this.temporaryAccount);
+		}
+		const runtime = {
+			id: "(temporary)",
+			accountLogin: user.login,
+			accountType,
+			addedAt: Date.now(),
+			githubToken,
+			vsCodeVersion: this.vsCodeVersion
+		};
+		try {
+			await this.initializeAccount(runtime);
+			this.temporaryAccount = runtime;
+			consola.info("Temporary account initialized");
+		} catch (error) {
+			consola.error("Failed to initialize temporary account:", error);
+			throw error;
+		}
+	}
+	/**
+	* Check if any accounts are available.
+	*/
+	hasAccounts() {
+		return this.accounts.size > 0 || this.temporaryAccount !== void 0;
+	}
+	/**
+	* Get the first available account's models.
+	* Used for caching models in legacy compatibility mode.
+	*/
+	getFirstAccountModels() {
+		if (this.temporaryAccount?.models) return this.temporaryAccount.models;
+		for (const id of this.accountOrder) {
+			const account = this.accounts.get(id);
+			if (account?.models) return account.models;
+		}
+	}
+	/**
+	* Get account context by index.
+	* Index 0 is the temporary account (if exists), otherwise the first registered account.
+	* Returns null if index is out of bounds.
+	*/
+	getAccountContextByIndex(index) {
+		const allAccounts = [];
+		if (this.temporaryAccount) allAccounts.push(this.temporaryAccount);
+		for (const id of this.accountOrder) {
+			const account = this.accounts.get(id);
+			if (account) allAccounts.push(account);
+		}
+		if (index < 0 || index >= allAccounts.length) return null;
+		return this.toAccountContext(allAccounts[index]);
+	}
+	/**
+	* Get the total number of accounts (including temporary).
+	*/
+	getAccountCount() {
+		return (this.temporaryAccount ? 1 : 0) + this.accountOrder.length;
+	}
+	/**
+	* Convert AccountRuntime to AccountContext for service calls.
+	*/
+	toAccountContext(account) {
+		return {
+			accountLogin: account.accountLogin,
+			githubToken: account.githubToken,
+			copilotToken: account.copilotToken,
+			...account.copilotApiUrl !== void 0 ? { copilotApiUrl: account.copilotApiUrl } : {},
+			accountType: account.accountType,
+			vsCodeVersion: account.vsCodeVersion,
+			clientDeviceId: account.clientDeviceId,
+			clientMachineId: account.clientMachineId,
+			clientSessionId: account.clientSessionId
+		};
+	}
+	/**
+	* Start watching the registry file for changes.
+	* Enables hot reload of accounts when the file is modified.
+	*/
+	startRegistryWatcher() {
+		this.stopRegistryWatcher();
+		try {
+			this.registryWatcher = fs$1.watch(PATHS.ACCOUNTS_REGISTRY_PATH, (eventType) => {
+				if (eventType === "change") this.scheduleReload();
+			});
+			this.registryWatcherRestartDelayMs = WATCHER_RESTART_INITIAL_DELAY_MS;
+			if (this.registryWatcherRestartTimer) {
+				clearTimeout(this.registryWatcherRestartTimer);
+				this.registryWatcherRestartTimer = void 0;
+			}
+			this.registryWatcher.on("error", (error) => {
+				consola.debug("Registry watcher error:", error);
+				const delayMs = this.registryWatcherRestartDelayMs;
+				this.registryWatcherRestartDelayMs = Math.min(this.registryWatcherRestartDelayMs * 2, WATCHER_RESTART_MAX_DELAY_MS);
+				this.stopRegistryWatcher();
+				this.registryWatcherRestartTimer = setTimeout(() => {
+					this.registryWatcherRestartTimer = void 0;
+					this.startRegistryWatcher();
+				}, delayMs);
+				consola.debug(`Restarting registry watcher in ${delayMs}ms`);
+			});
+			consola.debug("Started registry file watcher");
+		} catch (error) {
+			consola.warn("Failed to start registry watcher:", error);
+		}
+	}
+	/**
+	* Immediately reload the registry, bypassing the debounce delay.
+	* If a reload is already running, waits for it to complete and then
+	* runs another reload to ensure the latest changes are captured.
+	*/
+	async reloadRegistryNow() {
+		if (this.reloadDebounceTimer) {
+			clearTimeout(this.reloadDebounceTimer);
+			this.reloadDebounceTimer = void 0;
+		}
+		if (this.currentReloadPromise) await this.currentReloadPromise;
+		await this.reloadRegistry();
+	}
+	/**
+	* Schedule a registry reload with debouncing.
+	*/
+	scheduleReload() {
+		if (this.reloadDebounceTimer) clearTimeout(this.reloadDebounceTimer);
+		this.reloadDebounceTimer = setTimeout(() => {
+			this.reloadRegistry();
+		}, RELOAD_DEBOUNCE_MS);
+	}
+	/**
+	* Reload the registry and perform incremental updates.
+	* Adds new accounts, removes deleted ones, and reinitializes existing accounts
+	* when token/accountType changes.
+	*/
+	async reloadRegistry() {
+		if (this.isReloading) return;
+		this.isReloading = true;
+		this.currentReloadPromise = (async () => {
+			try {
+				const newMetas = await listAccountsFromRegistry();
+				const newIds = new Set(newMetas.map((m) => m.id));
+				const currentIds = new Set(this.accountOrder);
+				const added = [];
+				const removed = [];
+				const updated = [];
+				this.removeDeletedAccounts(currentIds, newIds, removed);
+				for (const meta of newMetas) if (!currentIds.has(meta.id)) await this.addNewAccount(meta, added);
+				await this.reinitializeUpdatedAccounts(newMetas, currentIds, updated);
+				this.accountOrder = newMetas.map((m) => m.id).filter((id) => this.accounts.has(id));
+				this.loadBalanceCursor = 0;
+				this.logRegistryReloadChanges(added, removed, updated);
+			} catch (error) {
+				consola.error("Failed to reload registry:", error);
+				this.shutdown();
+				process.exit(1);
+			} finally {
+				this.isReloading = false;
+				this.currentReloadPromise = void 0;
+			}
+		})();
+		await this.currentReloadPromise;
+	}
+	removeDeletedAccounts(currentIds, newIds, removed) {
+		for (const id of currentIds) if (!newIds.has(id)) {
+			const account = this.accounts.get(id);
+			if (!account) continue;
+			this.stopTokenRefresh(account);
+			this.stopSessionRefresh(account);
+			this.accounts.delete(id);
+			removed.push(id);
+		}
+	}
+	async reinitializeUpdatedAccounts(newMetas, currentIds, updated) {
+		for (const meta of newMetas) {
+			if (!currentIds.has(meta.id)) continue;
+			const account = this.accounts.get(meta.id);
+			if (!account) continue;
+			const token = await loadAccountToken(meta.id);
+			if (!token) {
+				consola.warn(`No token found for account ${meta.id}, skipping update`);
+				continue;
+			}
+			const accountTypeChanged = account.accountType !== meta.accountType;
+			const tokenChanged = account.githubToken !== token;
+			const addedAtChanged = account.addedAt !== meta.addedAt;
+			if (accountTypeChanged) account.accountType = meta.accountType;
+			if (addedAtChanged) account.addedAt = meta.addedAt;
+			account.enabled = meta.enabled;
+			account.accountLogin = meta.id;
+			if (tokenChanged) account.githubToken = token;
+			if (!accountTypeChanged && !tokenChanged) continue;
+			try {
+				await this.initializeAccount(account);
+				updated.push(meta.id);
+			} catch (error) {
+				consola.error(`Failed to reinitialize account ${meta.id} after update:`, error);
+				account.failed = true;
+				account.failureReason = String(error);
+				updated.push(`${meta.id} (failed)`);
+			}
+		}
+	}
+	logRegistryReloadChanges(added, removed, updated) {
+		if (added.length === 0 && removed.length === 0 && updated.length === 0) return;
+		const changes = [];
+		if (added.length > 0) changes.push(`added: ${added.join(", ")}`);
+		if (removed.length > 0) changes.push(`removed: ${removed.join(", ")}`);
+		if (updated.length > 0) changes.push(`updated: ${updated.join(", ")}`);
+		consola.info(`Registry reloaded (${changes.join("; ")}). Total: ${this.accounts.size} account(s)`);
+	}
+	/**
+	* Helper to add a new account during reload.
+	*/
+	async addNewAccount(meta, added) {
+		const token = await loadAccountToken(meta.id);
+		if (!token) {
+			consola.warn(`No token found for new account ${meta.id}, skipping`);
+			return;
+		}
+		const runtime = {
+			...meta,
+			accountLogin: meta.id,
+			githubToken: token,
+			vsCodeVersion: this.vsCodeVersion
+		};
+		try {
+			await this.initializeAccount(runtime);
+			this.accounts.set(meta.id, runtime);
+			added.push(meta.id);
+		} catch (error) {
+			consola.error(`Failed to initialize new account ${meta.id}:`, error);
+			runtime.failed = true;
+			runtime.failureReason = String(error);
+			this.accounts.set(meta.id, runtime);
+			added.push(`${meta.id} (failed)`);
+		}
+	}
+	/**
+	* Stop the registry file watcher.
+	*/
+	stopRegistryWatcher() {
+		if (this.reloadDebounceTimer) {
+			clearTimeout(this.reloadDebounceTimer);
+			this.reloadDebounceTimer = void 0;
+		}
+		if (this.registryWatcherRestartTimer) {
+			clearTimeout(this.registryWatcherRestartTimer);
+			this.registryWatcherRestartTimer = void 0;
+		}
+		if (this.registryWatcher) {
+			this.registryWatcher.close();
+			this.registryWatcher = void 0;
+		}
+	}
+	/**
+	* Shutdown the manager and clean up resources.
+	*/
+	shutdown() {
+		this.sessionOwnershipGeneration++;
+		this.stopRegistryWatcher();
+		this.stopAllTokenRefresh();
+		this.stopAllSessionRefresh();
+		this.stopModelsRefresh();
+		this.affinityCache.clearMemory();
+		this.sessionOwnership.clear();
+		this.loadBalanceCursor = 0;
+		this.accounts.clear();
+		this.accountOrder = [];
+		this.temporaryAccount = void 0;
+	}
+};
+/** Singleton instance of AccountsManager */
+const accountsManager = new AccountsManager({ persistentAffinityStore: getSharedSessionAffinityStore });
+
+//#endregion
+export { isResponsesApiWebSearchEnabled as A, getReasoningEffortForModel as C, isMessageStartInputTokensFallbackEnabled as D, isForceAgentEnabled as E, resolveModelAlias as M, shouldCompactUseSmallModel as N, isMessagesApiEnabled as O, getProviderConfig as S, isAccountAffinityEnabled as T, getExtraPromptForModel as _, getClientIpInfo as a, getModelAliasesInfo as b, normalizeChatCompletionsUsage as c, toLocalDateString as d, PROVIDER_TYPE_ANTHROPIC as f, getConfig as g, getClaudeTokenMultiplier as h, extractResponsesUsageFromStreamEvent as i, mergeConfigWithDefaults as j, isResponsesApiContextManagementModel as k, normalizeEmbeddingsUsage as l, getAnthropicApiKey as m, applySharedSessionAffinityRetention as n, getRequestHistoryStore as o, getAliasTargetSet as p, extractResponsesUsageFromResult as r, getStatsStore as s, accountsManager as t, normalizeMessagesUsage as u, getLogLevel as v, getSmallModel as w, getModelRefreshIntervalMs as x, getModelAliases as y };
+//# sourceMappingURL=accounts-manager-BKG9aZEL.js.map