@vacbo/opencode-anthropic-fix 0.0.44 → 0.1.1

package/dist/opencode-anthropic-auth-cli.mjs

@@ -86,6 +86,72 @@ import { AsyncLocalStorage } from "node:async_hooks";
 import { exec as exec2 } from "node:child_process";
 import { pathToFileURL } from "node:url";
 
+// src/account-identity.ts
+function isCCAccountSource(source) {
+  return source === "cc-keychain" || source === "cc-file";
+}
+function isAccountIdentity(value) {
+  if (!value || typeof value !== "object") return false;
+  const candidate = value;
+  switch (candidate.kind) {
+    case "oauth":
+      return typeof candidate.email === "string" && candidate.email.length > 0;
+    case "cc":
+      return isCCAccountSource(candidate.source) && typeof candidate.label === "string";
+    case "legacy":
+      return typeof candidate.refreshToken === "string" && candidate.refreshToken.length > 0;
+    default:
+      return false;
+  }
+}
+function resolveIdentity(account) {
+  if (isAccountIdentity(account.identity)) {
+    return account.identity;
+  }
+  if (account.source === "oauth" && account.email) {
+    return { kind: "oauth", email: account.email };
+  }
+  if (isCCAccountSource(account.source) && account.label) {
+    return { kind: "cc", source: account.source, label: account.label };
+  }
+  return { kind: "legacy", refreshToken: account.refreshToken };
+}
+function resolveIdentityFromOAuthExchange(result) {
+  if (result.email) {
+    return {
+      kind: "oauth",
+      email: result.email
+    };
+  }
+  return {
+    kind: "legacy",
+    refreshToken: result.refresh
+  };
+}
+function identitiesMatch(a, b) {
+  if (a.kind !== b.kind) return false;
+  switch (a.kind) {
+    case "oauth": {
+      return a.email === b.email;
+    }
+    case "cc": {
+      const ccIdentity = b;
+      return a.source === ccIdentity.source && a.label === ccIdentity.label;
+    }
+    case "legacy": {
+      return a.refreshToken === b.refreshToken;
+    }
+  }
+}
+function findByIdentity(accounts, id) {
+  for (const account of accounts) {
+    if (identitiesMatch(resolveIdentity(account), id)) {
+      return account;
+    }
+  }
+  return null;
+}
+
 // src/config.ts
 import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
 import { homedir } from "node:os";
@@ -585,6 +651,8 @@ function validateAccount(raw, now) {
   return {
     id,
     email: typeof acc.email === "string" ? acc.email : void 0,
+    identity: isAccountIdentity2(acc.identity) ? acc.identity : void 0,
+    label: typeof acc.label === "string" ? acc.label : void 0,
     refreshToken: acc.refreshToken,
     access: typeof acc.access === "string" ? acc.access : void 0,
     expires: typeof acc.expires === "number" && Number.isFinite(acc.expires) ? acc.expires : void 0,
@@ -600,6 +668,106 @@ function validateAccount(raw, now) {
     source: acc.source === "cc-keychain" || acc.source === "cc-file" || acc.source === "oauth" ? acc.source : void 0
   };
 }
+function isAccountIdentity2(value) {
+  if (!value || typeof value !== "object") return false;
+  const candidate = value;
+  switch (candidate.kind) {
+    case "oauth":
+      return typeof candidate.email === "string" && candidate.email.length > 0;
+    case "cc":
+      return (candidate.source === "cc-keychain" || candidate.source === "cc-file") && typeof candidate.label === "string";
+    case "legacy":
+      return typeof candidate.refreshToken === "string" && candidate.refreshToken.length > 0;
+    default:
+      return false;
+  }
+}
+function resolveStoredIdentity(candidate) {
+  if (isAccountIdentity2(candidate.identity)) {
+    return candidate.identity;
+  }
+  if (candidate.source === "oauth" && candidate.email) {
+    return { kind: "oauth", email: candidate.email };
+  }
+  if ((candidate.source === "cc-keychain" || candidate.source === "cc-file") && candidate.label) {
+    return {
+      kind: "cc",
+      source: candidate.source,
+      label: candidate.label
+    };
+  }
+  return { kind: "legacy", refreshToken: candidate.refreshToken };
+}
+function resolveTokenUpdatedAt(account) {
+  return typeof account.token_updated_at === "number" && Number.isFinite(account.token_updated_at) ? account.token_updated_at : account.addedAt;
+}
+function clampActiveIndex(accounts, activeIndex) {
+  if (accounts.length === 0) {
+    return 0;
+  }
+  return Math.max(0, Math.min(activeIndex, accounts.length - 1));
+}
+function findStoredAccountMatch(accounts, candidate) {
+  const byId = accounts.find((account) => account.id === candidate.id);
+  if (byId) {
+    return byId;
+  }
+  const byIdentity = findByIdentity(accounts, resolveStoredIdentity(candidate));
+  if (byIdentity) {
+    return byIdentity;
+  }
+  const byAddedAt = accounts.filter((account) => account.addedAt === candidate.addedAt);
+  if (byAddedAt.length === 1) {
+    return byAddedAt[0];
+  }
+  const byRefreshToken = accounts.find((account) => account.refreshToken === candidate.refreshToken);
+  if (byRefreshToken) {
+    return byRefreshToken;
+  }
+  return byAddedAt[0] ?? null;
+}
+function mergeAccountWithFresherAuth(account, diskMatch) {
+  const memoryTokenUpdatedAt = resolveTokenUpdatedAt(account);
+  const diskTokenUpdatedAt = diskMatch ? resolveTokenUpdatedAt(diskMatch) : 0;
+  if (!diskMatch || diskTokenUpdatedAt <= memoryTokenUpdatedAt) {
+    return {
+      ...account,
+      token_updated_at: memoryTokenUpdatedAt
+    };
+  }
+  return {
+    ...account,
+    refreshToken: diskMatch.refreshToken,
+    access: diskMatch.access,
+    expires: diskMatch.expires,
+    token_updated_at: diskTokenUpdatedAt
+  };
+}
+function unionAccountsWithDisk(storage, disk) {
+  if (!disk || storage.accounts.length === 0) {
+    return {
+      ...storage,
+      activeIndex: clampActiveIndex(storage.accounts, storage.activeIndex)
+    };
+  }
+  const activeAccountId = storage.accounts[storage.activeIndex]?.id ?? null;
+  const matchedDiskAccounts = /* @__PURE__ */ new Set();
+  const mergedAccounts = storage.accounts.map((account) => {
+    const diskMatch = findStoredAccountMatch(disk.accounts, account);
+    if (diskMatch) {
+      matchedDiskAccounts.add(diskMatch);
+    }
+    return mergeAccountWithFresherAuth(account, diskMatch);
+  });
+  const diskOnlyAccounts = disk.accounts.filter((account) => !matchedDiskAccounts.has(account));
+  const accounts = [...mergedAccounts, ...diskOnlyAccounts];
+  const activeIndex = activeAccountId ? accounts.findIndex((account) => account.id === activeAccountId) : -1;
+  return {
+    ...storage,
+    accounts,
+    activeIndex: activeIndex >= 0 ? activeIndex : clampActiveIndex(accounts, storage.activeIndex)
+  };
+}
 async function loadAccounts() {
   const storagePath = getStoragePath();
   try {
@@ -609,7 +777,9 @@ async function loadAccounts() {
       return null;
     }
     if (data.version !== CURRENT_VERSION) {
-      return null;
+      console.warn(
+        `Storage version mismatch: ${String(data.version)} vs ${CURRENT_VERSION}. Attempting best-effort migration.`
+      );
     }
     const now = Date.now();
     const accounts = data.accounts.map((raw) => validateAccount(raw, now)).filter((acc) => acc !== null);
@@ -636,53 +806,13 @@ async function saveAccounts(storage) {
   const configDir = dirname2(storagePath);
   await fs.mkdir(configDir, { recursive: true });
   ensureGitignore(configDir);
-  let storageToWrite = storage;
+  let storageToWrite = {
+    ...storage,
+    activeIndex: clampActiveIndex(storage.accounts, storage.activeIndex)
+  };
   try {
     const disk = await loadAccounts();
-    if (disk && storage.accounts.length > 0) {
-      const diskById = new Map(disk.accounts.map((a) => [a.id, a]));
-      const diskByAddedAt = /* @__PURE__ */ new Map();
-      const diskByToken = new Map(disk.accounts.map((a) => [a.refreshToken, a]));
-      for (const d3 of disk.accounts) {
-        const bucket = diskByAddedAt.get(d3.addedAt) || [];
-        bucket.push(d3);
-        diskByAddedAt.set(d3.addedAt, bucket);
-      }
-      const findDiskMatch = (acc) => {
-        const byId = diskById.get(acc.id);
-        if (byId) return byId;
-        const byAddedAt = diskByAddedAt.get(acc.addedAt);
-        if (byAddedAt?.length === 1) return byAddedAt[0];
-        const byToken = diskByToken.get(acc.refreshToken);
-        if (byToken) return byToken;
-        if (byAddedAt && byAddedAt.length > 0) return byAddedAt[0];
-        return null;
-      };
-      const mergedAccounts = storage.accounts.map((acc) => {
-        const diskAcc = findDiskMatch(acc);
-        const memTs = typeof acc.token_updated_at === "number" && Number.isFinite(acc.token_updated_at) ? acc.token_updated_at : acc.addedAt;
-        const diskTs = diskAcc?.token_updated_at || 0;
-        const useDiskAuth = !!diskAcc && diskTs > memTs;
-        return {
-          ...acc,
-          refreshToken: useDiskAuth ? diskAcc.refreshToken : acc.refreshToken,
-          access: useDiskAuth ? diskAcc.access : acc.access,
-          expires: useDiskAuth ? diskAcc.expires : acc.expires,
-          token_updated_at: useDiskAuth ? diskTs : memTs
-        };
-      });
-      let activeIndex = storage.activeIndex;
-      if (mergedAccounts.length > 0) {
-        activeIndex = Math.max(0, Math.min(activeIndex, mergedAccounts.length - 1));
-      } else {
-        activeIndex = 0;
-      }
-      storageToWrite = {
-        ...storage,
-        accounts: mergedAccounts,
-        activeIndex
-      };
-    }
+    storageToWrite = unionAccountsWithDisk(storageToWrite, disk);
   } catch {
   }
   const tempPath = `${storagePath}.${randomBytes2(6).toString("hex")}.tmp`;
@@ -1837,14 +1967,20 @@ async function cmdLogin() {
   const credentials = await runOAuthFlow();
   if (!credentials) return 1;
   const storage = stored || { version: 1, accounts: [], activeIndex: 0 };
-  const existingIdx = storage.accounts.findIndex((acc) => acc.refreshToken === credentials.refresh);
-  if (existingIdx >= 0) {
-    storage.accounts[existingIdx].access = credentials.access;
-    storage.accounts[existingIdx].expires = credentials.expires;
-    if (credentials.email) storage.accounts[existingIdx].email = credentials.email;
-    storage.accounts[existingIdx].enabled = true;
+  const identity = resolveIdentityFromOAuthExchange(credentials);
+  const existing = findByIdentity(storage.accounts, identity) || storage.accounts.find((acc) => acc.refreshToken === credentials.refresh);
+  if (existing) {
+    const existingIdx = storage.accounts.indexOf(existing);
+    existing.refreshToken = credentials.refresh;
+    existing.access = credentials.access;
+    existing.expires = credentials.expires;
+    existing.token_updated_at = Date.now();
+    if (credentials.email) existing.email = credentials.email;
+    existing.identity = identity;
+    existing.source = existing.source ?? "oauth";
+    existing.enabled = true;
     await saveAccounts(storage);
-    const label2 = credentials.email || `Account ${existingIdx + 1}`;
+    const label2 = credentials.email || existing.email || `Account ${existingIdx + 1}`;
     O2.success(`Updated existing account #${existingIdx + 1} (${label2}).`);
     return 0;
   }
@@ -1856,6 +1992,7 @@ async function cmdLogin() {
   storage.accounts.push({
     id: `${now}:${credentials.refresh.slice(0, 12)}`,
     email: credentials.email,
+    identity,
     refreshToken: credentials.refresh,
     access: credentials.access,
     expires: credentials.expires,
@@ -1866,7 +2003,8 @@ async function cmdLogin() {
     rateLimitResetTimes: {},
     consecutiveFailures: 0,
     lastFailureTime: null,
-    stats: createDefaultStats(now)
+    stats: createDefaultStats(now),
+    source: "oauth"
   });
   await saveAccounts(storage);
   const label = credentials.email || `Account ${storage.accounts.length}`;
@@ -2064,7 +2202,8 @@ async function cmdList() {
     }
   }
   if (anyRefreshed) {
-    await saveAccounts(stored).catch(() => {
+    await saveAccounts(stored).catch((err) => {
+      console.error("[opencode-anthropic-auth] failed to persist refreshed tokens:", err);
     });
   }
   O2.message(c2.bold("Anthropic Multi-Account Status"));