@vacbo/opencode-anthropic-fix 0.1.7 → 0.1.9

package/dist/opencode-anthropic-auth-cli.mjs

@@ -83,9 +83,113 @@ var require_src = __commonJS({
 
 // src/cli.ts
 import { AsyncLocalStorage } from "node:async_hooks";
-import { exec as exec2 } from "node:child_process";
 import { pathToFileURL } from "node:url";
 
+// src/cli/formatting.ts
+var USE_COLOR = !process.env.NO_COLOR && process.stdout.isTTY !== false;
+function setUseColor(value) {
+  USE_COLOR = value;
+}
+function ansi(code, text) {
+  return USE_COLOR ? `\x1B[${code}m${text}\x1B[0m` : text;
+}
+var c = {
+  bold: (t2) => ansi("1", t2),
+  dim: (t2) => ansi("2", t2),
+  green: (t2) => ansi("32", t2),
+  yellow: (t2) => ansi("33", t2),
+  cyan: (t2) => ansi("36", t2),
+  red: (t2) => ansi("31", t2),
+  gray: (t2) => ansi("90", t2)
+};
+function stripAnsi(str) {
+  return str.replace(new RegExp("\x1B\\[[0-9;]*m", "g"), "");
+}
+function formatDuration(ms) {
+  if (ms <= 0) return "now";
+  const seconds = Math.floor(ms / 1e3);
+  if (seconds < 60) return `${seconds}s`;
+  const minutes = Math.floor(seconds / 60);
+  const remainSec = seconds % 60;
+  if (minutes < 60) return remainSec > 0 ? `${minutes}m ${remainSec}s` : `${minutes}m`;
+  const hours = Math.floor(minutes / 60);
+  const remainMin = minutes % 60;
+  if (hours < 24) return remainMin > 0 ? `${hours}h ${remainMin}m` : `${hours}h`;
+  const days = Math.floor(hours / 24);
+  const remainHours = hours % 24;
+  return remainHours > 0 ? `${days}d ${remainHours}h` : `${days}d`;
+}
+function formatTimeAgo(timestamp) {
+  if (!timestamp || timestamp === 0) return "never";
+  const ms = Date.now() - timestamp;
+  if (ms < 0) return "just now";
+  return `${formatDuration(ms)} ago`;
+}
+function formatResetTime(isoString) {
+  const resetMs = new Date(isoString).getTime();
+  const remaining = resetMs - Date.now();
+  if (remaining <= 0) return "now";
+  return formatDuration(remaining);
+}
+function shortPath(p2) {
+  const home = process.env.HOME || process.env.USERPROFILE || "";
+  if (home && p2.startsWith(home)) return "~" + p2.slice(home.length);
+  return p2;
+}
+function pad(str, width) {
+  const diff = width - stripAnsi(str).length;
+  return diff > 0 ? str + " ".repeat(diff) : str;
+}
+function rpad(str, width) {
+  const diff = width - stripAnsi(str).length;
+  return diff > 0 ? " ".repeat(diff) + str : str;
+}
+function renderBar(utilization, width = 10) {
+  const pct = Math.max(0, Math.min(100, utilization));
+  const filled = Math.round(pct / 100 * width);
+  const empty = width - filled;
+  let bar;
+  if (pct >= 90) {
+    bar = c.red("\u2588".repeat(filled)) + c.dim("\u2591".repeat(empty));
+  } else if (pct >= 70) {
+    bar = c.yellow("\u2588".repeat(filled)) + c.dim("\u2591".repeat(empty));
+  } else {
+    bar = c.green("\u2588".repeat(filled)) + c.dim("\u2591".repeat(empty));
+  }
+  return bar;
+}
+var QUOTA_BUCKETS = [
+  { key: "five_hour", label: "5h" },
+  { key: "seven_day", label: "7d" },
+  { key: "seven_day_sonnet", label: "Sonnet 7d" },
+  { key: "seven_day_opus", label: "Opus 7d" },
+  { key: "seven_day_oauth_apps", label: "OAuth Apps 7d" },
+  { key: "seven_day_cowork", label: "Cowork 7d" }
+];
+var USAGE_INDENT = "       ";
+var USAGE_LABEL_WIDTH = 13;
+function renderUsageLines(usage) {
+  const lines = [];
+  for (const { key, label } of QUOTA_BUCKETS) {
+    const bucket = usage[key];
+    if (!bucket || bucket.utilization == null) continue;
+    const pct = bucket.utilization;
+    const bar = renderBar(pct);
+    const pctStr = pad(String(Math.round(pct)) + "%", 4);
+    const reset = bucket.resets_at ? c.dim(`resets in ${formatResetTime(bucket.resets_at)}`) : "";
+    lines.push(`${USAGE_INDENT}${pad(label, USAGE_LABEL_WIDTH)} ${bar} ${pctStr}${reset ? ` ${reset}` : ""}`);
+  }
+  return lines;
+}
+function fmtTokens(n) {
+  if (n >= 1e6) return (n / 1e6).toFixed(1) + "M";
+  if (n >= 1e3) return (n / 1e3).toFixed(1) + "K";
+  return String(n);
+}
+
+// src/cli/commands/auth.ts
+import { exec as exec2 } from "node:child_process";
+
 // src/account-identity.ts
 function isCCAccountSource(source) {
   return source === "cc-keychain" || source === "cc-file";
@@ -270,7 +374,12 @@ function validateConfig(raw) {
     config.health_score = {
       initial: clampNumber(hs.initial, 0, 100, DEFAULT_CONFIG.health_score.initial),
       success_reward: clampNumber(hs.success_reward, 0, 10, DEFAULT_CONFIG.health_score.success_reward),
-      rate_limit_penalty: clampNumber(hs.rate_limit_penalty, -50, 0, DEFAULT_CONFIG.health_score.rate_limit_penalty),
+      rate_limit_penalty: clampNumber(
+        hs.rate_limit_penalty,
+        -50,
+        0,
+        DEFAULT_CONFIG.health_score.rate_limit_penalty
+      ),
       failure_penalty: clampNumber(hs.failure_penalty, -100, 0, DEFAULT_CONFIG.health_score.failure_penalty),
       recovery_rate_per_hour: clampNumber(
         hs.recovery_rate_per_hour,
@@ -754,7 +863,7 @@ function mergeAccountWithFresherAuth(account, diskMatch) {
     token_updated_at: diskTokenUpdatedAt
   };
 }
-function unionAccountsWithDisk(storage, disk) {
+function unionAccountsWithDisk(storage, disk, options = {}) {
   if (!disk || storage.accounts.length === 0) {
     return {
       ...storage,
@@ -770,7 +879,10 @@ function unionAccountsWithDisk(storage, disk) {
     }
     return mergeAccountWithFresherAuth(account, diskMatch);
   });
-  const diskOnlyAccounts = disk.accounts.filter((account) => !matchedDiskAccounts.has(account));
+  const droppedIds = options.droppedIds;
+  const diskOnlyAccounts = disk.accounts.filter(
+    (account) => !matchedDiskAccounts.has(account) && !(droppedIds && droppedIds.has(account.id))
+  );
   const accounts = [...mergedAccounts, ...diskOnlyAccounts];
   const activeIndex = activeAccountId ? accounts.findIndex((account) => account.id === activeAccountId) : -1;
   return {
@@ -812,7 +924,7 @@ async function loadAccounts() {
     return null;
   }
 }
-async function saveAccounts(storage) {
+async function saveAccounts(storage, options = {}) {
   const storagePath = getStoragePath();
   const configDir = dirname2(storagePath);
   await fs.mkdir(configDir, { recursive: true });
@@ -823,7 +935,7 @@ async function saveAccounts(storage) {
   };
   try {
     const disk = await loadAccounts();
-    storageToWrite = unionAccountsWithDisk(storageToWrite, disk);
+    storageToWrite = unionAccountsWithDisk(storageToWrite, disk, { droppedIds: options.droppedIds });
   } catch {
   }
   const tempPath = `${storagePath}.${randomBytes2(6).toString("hex")}.tmp`;
@@ -840,6 +952,250 @@ async function saveAccounts(storage) {
   }
 }
 
+// src/cc-credentials.ts
+import { execSync } from "node:child_process";
+import { readFileSync as readFileSync3 } from "node:fs";
+import { homedir as homedir2 } from "node:os";
+import { join as join3 } from "node:path";
+var SECURITY_TIMEOUT_MS = 5e3;
+var SECURITY_HANDLED_EXIT_CODES = /* @__PURE__ */ new Set([36, 44, 128]);
+var CLAUDE_CODE_SERVICE_PATTERN = /"svce"<blob>="(Claude Code-credentials[^"]*)"/g;
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isValidCredentialShape(value) {
+  if (!isRecord(value)) return false;
+  if (typeof value.accessToken !== "string" || value.accessToken.length === 0) return false;
+  if (typeof value.refreshToken !== "string" || value.refreshToken.length === 0) return false;
+  if (typeof value.expiresAt !== "number" || !Number.isFinite(value.expiresAt)) return false;
+  if (value.subscriptionType !== void 0 && typeof value.subscriptionType !== "string") return false;
+  return true;
+}
+function parseCCCredentialWithMeta(raw, meta) {
+  try {
+    const parsed = JSON.parse(raw);
+    if (!isRecord(parsed)) return null;
+    const wrapped = parsed.claudeAiOauth;
+    const candidate = isValidCredentialShape(wrapped) ? wrapped : isValidCredentialShape(parsed) ? parsed : parsed.mcpOAuth !== void 0 && parsed.accessToken === void 0 ? null : null;
+    if (!candidate) return null;
+    return {
+      accessToken: candidate.accessToken,
+      refreshToken: candidate.refreshToken,
+      expiresAt: candidate.expiresAt,
+      subscriptionType: candidate.subscriptionType,
+      source: meta.source,
+      label: meta.label
+    };
+  } catch {
+    return null;
+  }
+}
+function extractClaudeCodeServices(raw) {
+  const services = /* @__PURE__ */ new Set();
+  for (const match of raw.matchAll(CLAUDE_CODE_SERVICE_PATTERN)) {
+    const service = match[1]?.trim();
+    if (service) services.add(service);
+  }
+  return Array.from(services);
+}
+function shellQuote(value) {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+function runSecurityCommand(command) {
+  try {
+    return execSync(command, {
+      encoding: "utf-8",
+      timeout: SECURITY_TIMEOUT_MS
+    });
+  } catch (error) {
+    const securityError = error;
+    if (typeof securityError.status === "number" && SECURITY_HANDLED_EXIT_CODES.has(securityError.status)) {
+      return null;
+    }
+    if (securityError.code === "ETIMEDOUT" || securityError.signal === "SIGTERM") {
+      return null;
+    }
+    return null;
+  }
+}
+function readCCCredentialsFromKeychain() {
+  if (process.platform !== "darwin") return null;
+  const dumpOutput = runSecurityCommand("security dump-keychain");
+  if (!dumpOutput) return null;
+  const services = extractClaudeCodeServices(dumpOutput);
+  if (services.length === 0) return null;
+  const credentials = [];
+  for (const service of services) {
+    const rawCredential = runSecurityCommand(`security find-generic-password -s ${shellQuote(service)} -w`);
+    if (!rawCredential) return null;
+    const credential = parseCCCredentialWithMeta(rawCredential, {
+      source: "cc-keychain",
+      label: service
+    });
+    if (credential) credentials.push(credential);
+  }
+  return credentials.length > 0 ? credentials : null;
+}
+function readCCCredentialsFromFile() {
+  const credentialsPath = join3(homedir2(), ".claude", ".credentials.json");
+  try {
+    const raw = readFileSync3(credentialsPath, "utf-8");
+    return parseCCCredentialWithMeta(raw, {
+      source: "cc-file",
+      label: credentialsPath
+    });
+  } catch {
+    return null;
+  }
+}
+function readCCCredentials() {
+  const credentials = [];
+  if (process.platform === "darwin") {
+    const keychainCredentials = readCCCredentialsFromKeychain();
+    if (keychainCredentials) credentials.push(...keychainCredentials);
+  }
+  const fileCredential = readCCCredentialsFromFile();
+  if (fileCredential) credentials.push(fileCredential);
+  return credentials;
+}
+
+// src/accounts/repair.ts
+var CC_ID_PATTERN = /^cc-(cc-keychain|cc-file)-\d+:/;
+function inferCCSourceFromId(id) {
+  const match = CC_ID_PATTERN.exec(id);
+  if (!match) return null;
+  const source = match[1];
+  return source === "cc-keychain" || source === "cc-file" ? source : null;
+}
+function isCCIdentity(identity) {
+  return identity?.kind === "cc";
+}
+function looksCorruptedStored(account, inferredSource) {
+  if (account.source !== inferredSource) return true;
+  if (!isCCIdentity(account.identity)) return true;
+  if (!account.label) return true;
+  return false;
+}
+function findMatchingCredentialStored(account, inferredSource, ccCredentials) {
+  const sameSource = ccCredentials.filter((credential) => credential.source === inferredSource);
+  if (sameSource.length === 0) return null;
+  const byRefresh = sameSource.find((credential) => credential.refreshToken === account.refreshToken);
+  if (byRefresh) return byRefresh;
+  if (account.access) {
+    const byAccess = sameSource.find((credential) => credential.accessToken === account.access);
+    if (byAccess) return byAccess;
+  }
+  if (sameSource.length === 1) return sameSource[0];
+  return null;
+}
+function repairStoredAccount(account, inferredSource, ccCredentials) {
+  const matched = findMatchingCredentialStored(account, inferredSource, ccCredentials);
+  if (matched) {
+    account.source = matched.source;
+    account.label = matched.label;
+    account.identity = {
+      kind: "cc",
+      source: matched.source,
+      label: matched.label
+    };
+    return true;
+  }
+  let mutated = false;
+  if (account.source !== inferredSource) {
+    account.source = inferredSource;
+    mutated = true;
+  }
+  if (account.identity?.kind === "legacy") {
+    account.identity = void 0;
+    mutated = true;
+  }
+  return mutated;
+}
+function mergeStoredDuplicate(keep, loser) {
+  const keepTokenTs = keep.token_updated_at ?? 0;
+  const loserTokenTs = loser.token_updated_at ?? 0;
+  if (loserTokenTs > keepTokenTs) {
+    keep.refreshToken = loser.refreshToken;
+    keep.access = loser.access;
+    keep.expires = loser.expires;
+    keep.token_updated_at = loserTokenTs;
+  }
+  keep.lastUsed = Math.max(keep.lastUsed, loser.lastUsed);
+  keep.enabled = keep.enabled || loser.enabled;
+  keep.addedAt = Math.min(keep.addedAt, loser.addedAt);
+  const keepIsLegacy = keep.identity?.kind === "legacy" || keep.identity === void 0;
+  const loserIsRicher = loser.identity !== void 0 && loser.identity.kind !== "legacy";
+  if (keepIsLegacy && loserIsRicher) {
+    keep.identity = loser.identity;
+    if (loser.source) keep.source = loser.source;
+    if (loser.label !== void 0) keep.label = loser.label;
+    if (loser.email !== void 0) keep.email = loser.email;
+  }
+}
+function collapseStoredDuplicates(accounts) {
+  const kept = [];
+  const droppedIds = [];
+  let collapsed = 0;
+  for (const account of accounts) {
+    const identity = resolveIdentity(account);
+    if (identity.kind === "legacy") {
+      kept.push(account);
+      continue;
+    }
+    const duplicate = kept.find((existing) => identitiesMatch(resolveIdentity(existing), identity));
+    if (duplicate) {
+      mergeStoredDuplicate(duplicate, account);
+      droppedIds.push(account.id);
+      collapsed += 1;
+      continue;
+    }
+    kept.push(account);
+  }
+  return { kept, collapsed, droppedIds };
+}
+function repairStoredCCAccounts(accounts, ccCredentials) {
+  let repaired = 0;
+  for (const account of accounts) {
+    const inferredSource = inferCCSourceFromId(account.id);
+    if (!inferredSource) continue;
+    if (!looksCorruptedStored(account, inferredSource)) continue;
+    if (repairStoredAccount(account, inferredSource, ccCredentials)) {
+      repaired += 1;
+    }
+  }
+  const { kept, collapsed, droppedIds } = collapseStoredDuplicates(accounts);
+  return {
+    accounts: kept,
+    result: { repaired, collapsed },
+    droppedIds
+  };
+}
+async function loadAccountsWithRepair() {
+  const stored = await loadAccounts();
+  if (!stored) return stored;
+  let ccCredentials;
+  try {
+    ccCredentials = readCCCredentials();
+  } catch {
+    ccCredentials = [];
+  }
+  const { accounts, result, droppedIds } = repairStoredCCAccounts(stored.accounts, ccCredentials);
+  if (result.repaired === 0 && result.collapsed === 0) {
+    return stored;
+  }
+  const healed = {
+    ...stored,
+    accounts,
+    activeIndex: accounts.length === 0 ? 0 : Math.max(0, Math.min(stored.activeIndex, accounts.length - 1))
+  };
+  try {
+    await saveAccounts(healed, { droppedIds: new Set(droppedIds) });
+  } catch (err) {
+    console.error("[opencode-anthropic-auth] loadAccountsWithRepair: save failed:", err.message);
+  }
+  return healed;
+}
+
 // node_modules/@clack/core/dist/index.mjs
 import { styleText as y } from "node:util";
 import { stdout as S, stdin as $ } from "node:process";
@@ -1775,54 +2131,7 @@ ${c3}
   }
 } }).prompt();
 
-// src/cli.ts
-var USE_COLOR = !process.env.NO_COLOR && process.stdout.isTTY !== false;
-var ansi = (code, text) => USE_COLOR ? `\x1B[${code}m${text}\x1B[0m` : text;
-var c2 = {
-  bold: (t2) => ansi("1", t2),
-  dim: (t2) => ansi("2", t2),
-  green: (t2) => ansi("32", t2),
-  yellow: (t2) => ansi("33", t2),
-  cyan: (t2) => ansi("36", t2),
-  red: (t2) => ansi("31", t2),
-  gray: (t2) => ansi("90", t2)
-};
-function formatDuration(ms) {
-  if (ms <= 0) return "now";
-  const seconds = Math.floor(ms / 1e3);
-  if (seconds < 60) return `${seconds}s`;
-  const minutes = Math.floor(seconds / 60);
-  const remainSec = seconds % 60;
-  if (minutes < 60) return remainSec > 0 ? `${minutes}m ${remainSec}s` : `${minutes}m`;
-  const hours = Math.floor(minutes / 60);
-  const remainMin = minutes % 60;
-  if (hours < 24) return remainMin > 0 ? `${hours}h ${remainMin}m` : `${hours}h`;
-  const days = Math.floor(hours / 24);
-  const remainHours = hours % 24;
-  return remainHours > 0 ? `${days}d ${remainHours}h` : `${days}d`;
-}
-function formatTimeAgo(timestamp) {
-  if (!timestamp || timestamp === 0) return "never";
-  const ms = Date.now() - timestamp;
-  if (ms < 0) return "just now";
-  return `${formatDuration(ms)} ago`;
-}
-function shortPath(p2) {
-  const home = process.env.HOME || process.env.USERPROFILE || "";
-  if (home && p2.startsWith(home)) return "~" + p2.slice(home.length);
-  return p2;
-}
-function stripAnsi(str) {
-  return str.replace(new RegExp("\x1B\\[[0-9;]*m", "g"), "");
-}
-function pad(str, width) {
-  const diff = width - stripAnsi(str).length;
-  return diff > 0 ? str + " ".repeat(diff) : str;
-}
-function rpad(str, width) {
-  const diff = width - stripAnsi(str).length;
-  return diff > 0 ? " ".repeat(diff) + str : str;
-}
+// src/cli/commands/auth.ts
 async function refreshAccessToken(account) {
   try {
     const resp = await fetch("https://platform.claude.com/v1/oauth/token", {
@@ -1867,56 +2176,14 @@ async function ensureTokenAndFetchUsage(account) {
   let token = account.access;
   let tokenRefreshed = false;
   if (!token || !account.expires || account.expires < Date.now()) {
-    token = await refreshAccessToken(account);
-    tokenRefreshed = !!token;
-    if (!token) return { usage: null, tokenRefreshed: false };
+    const refreshedToken = await refreshAccessToken(account);
+    tokenRefreshed = !!refreshedToken;
+    if (!refreshedToken) return { usage: null, tokenRefreshed: false };
+    token = refreshedToken;
   }
   const usage = await fetchUsage(token);
   return { usage, tokenRefreshed };
 }
-function renderBar(utilization, width = 10) {
-  const pct = Math.max(0, Math.min(100, utilization));
-  const filled = Math.round(pct / 100 * width);
-  const empty = width - filled;
-  let bar;
-  if (pct >= 90) {
-    bar = c2.red("\u2588".repeat(filled)) + c2.dim("\u2591".repeat(empty));
-  } else if (pct >= 70) {
-    bar = c2.yellow("\u2588".repeat(filled)) + c2.dim("\u2591".repeat(empty));
-  } else {
-    bar = c2.green("\u2588".repeat(filled)) + c2.dim("\u2591".repeat(empty));
-  }
-  return bar;
-}
-function formatResetTime(isoString) {
-  const resetMs = new Date(isoString).getTime();
-  const remaining = resetMs - Date.now();
-  if (remaining <= 0) return "now";
-  return formatDuration(remaining);
-}
-var QUOTA_BUCKETS = [
-  { key: "five_hour", label: "5h" },
-  { key: "seven_day", label: "7d" },
-  { key: "seven_day_sonnet", label: "Sonnet 7d" },
-  { key: "seven_day_opus", label: "Opus 7d" },
-  { key: "seven_day_oauth_apps", label: "OAuth Apps 7d" },
-  { key: "seven_day_cowork", label: "Cowork 7d" }
-];
-var USAGE_INDENT = "       ";
-var USAGE_LABEL_WIDTH = 13;
-function renderUsageLines(usage) {
-  const lines = [];
-  for (const { key, label } of QUOTA_BUCKETS) {
-    const bucket = usage[key];
-    if (!bucket || bucket.utilization == null) continue;
-    const pct = bucket.utilization;
-    const bar = renderBar(pct);
-    const pctStr = pad(String(Math.round(pct)) + "%", 4);
-    const reset = bucket.resets_at ? c2.dim(`resets in ${formatResetTime(bucket.resets_at)}`) : "";
-    lines.push(`${USAGE_INDENT}${pad(label, USAGE_LABEL_WIDTH)} ${bar} ${pctStr}${reset ? ` ${reset}` : ""}`);
-  }
-  return lines;
-}
 function openBrowser(url) {
   if (process.platform === "win32") {
     exec2(`cmd /c start "" ${JSON.stringify(url)}`);
@@ -1979,17 +2246,20 @@ async function cmdLogin() {
   if (!credentials) return 1;
   const storage = stored || { version: 1, accounts: [], activeIndex: 0 };
   const identity = resolveIdentityFromOAuthExchange(credentials);
-  const existing = findByIdentity(storage.accounts, identity) || storage.accounts.find((acc) => acc.refreshToken === credentials.refresh);
+  const existing = findByIdentity(storage.accounts, identity) || storage.accounts.find((account) => account.refreshToken === credentials.refresh);
   if (existing) {
     const existingIdx = storage.accounts.indexOf(existing);
+    const existingIsCC = existing.source === "cc-keychain" || existing.source === "cc-file";
     existing.refreshToken = credentials.refresh;
     existing.access = credentials.access;
     existing.expires = credentials.expires;
     existing.token_updated_at = Date.now();
-    if (credentials.email) existing.email = credentials.email;
-    existing.identity = identity;
-    existing.source = existing.source ?? "oauth";
     existing.enabled = true;
+    if (!existingIsCC) {
+      if (credentials.email) existing.email = credentials.email;
+      existing.identity = identity;
+      existing.source = existing.source ?? "oauth";
+    }
     await saveAccounts(storage);
     const label2 = credentials.email || existing.email || `Account ${existingIdx + 1}`;
     O2.success(`Updated existing account #${existingIdx + 1} (${label2}).`);
@@ -2099,8 +2369,8 @@ async function cmdLogoutAll(opts = {}) {
       return 0;
     }
   }
-  const results = await Promise.allSettled(stored.accounts.map((acc) => revoke(acc.refreshToken)));
-  const revokedCount = results.filter((r) => r.status === "fulfilled" && r.value === true).length;
+  const results = await Promise.allSettled(stored.accounts.map((account) => revoke(account.refreshToken)));
+  const revokedCount = results.filter((result) => result.status === "fulfilled" && result.value === true).length;
   if (revokedCount > 0) {
     O2.info(`Revoked ${revokedCount} of ${count} token(s) server-side.`);
   }
@@ -2129,6 +2399,7 @@ async function cmdReauth(arg) {
     return 1;
   }
   const existing = stored.accounts[idx];
+  const existingIsCC = existing.source === "cc-keychain" || existing.source === "cc-file";
   const wasDisabled = !existing.enabled;
   const oldLabel = existing.email || `Account ${n}`;
   O2.info(`Re-authenticating account #${n} (${oldLabel})...`);
@@ -2137,11 +2408,16 @@ async function cmdReauth(arg) {
   existing.refreshToken = credentials.refresh;
   existing.access = credentials.access;
   existing.expires = credentials.expires;
-  if (credentials.email) existing.email = credentials.email;
+  existing.token_updated_at = Date.now();
   existing.enabled = true;
   existing.consecutiveFailures = 0;
   existing.lastFailureTime = null;
   existing.rateLimitResetTimes = {};
+  if (!existingIsCC) {
+    if (credentials.email) existing.email = credentials.email;
+    existing.identity = resolveIdentityFromOAuthExchange(credentials);
+    existing.source = existing.source ?? "oauth";
+  }
   await saveAccounts(stored);
   const newLabel = credentials.email || `Account ${n}`;
   O2.success(`Re-authenticated account #${n} (${newLabel}).`);
@@ -2193,7 +2469,7 @@ async function cmdRefresh(arg) {
   return 0;
 }
 async function cmdList() {
-  const stored = await loadAccounts();
+  const stored = await loadAccountsWithRepair();
   if (!stored || stored.accounts.length === 0) {
     O2.warn("No accounts configured.");
     O2.info(`Storage: ${shortPath(getStoragePath())}`);
@@ -2204,7 +2480,7 @@ async function cmdList() {
   const now = Date.now();
   const s = fe();
   s.start("Fetching usage quotas...");
-  const usageResults = await Promise.allSettled(stored.accounts.map((acc) => ensureTokenAndFetchUsage(acc)));
+  const usageResults = await Promise.allSettled(stored.accounts.map((account) => ensureTokenAndFetchUsage(account)));
   s.stop("Usage quotas fetched.");
   let anyRefreshed = false;
   for (const result of usageResults) {
@@ -2213,50 +2489,32 @@ async function cmdList() {
     }
   }
   if (anyRefreshed) {
-    await saveAccounts(stored).catch((err) => {
-      console.error("[opencode-anthropic-auth] failed to persist refreshed tokens:", err);
+    await saveAccounts(stored).catch((error) => {
+      console.error("[opencode-anthropic-auth] failed to persist refreshed tokens:", error);
     });
   }
-  O2.message(c2.bold("Anthropic Multi-Account Status"));
+  O2.message(c.bold("Anthropic Multi-Account Status"));
   O2.message(
-    "  " + pad(c2.dim("#"), 5) + pad(c2.dim("Account"), 22) + pad(c2.dim("Status"), 14) + pad(c2.dim("Failures"), 11) + c2.dim("Rate Limit")
+    "  " + pad(c.dim("#"), 5) + pad(c.dim("Account"), 22) + pad(c.dim("Status"), 14) + pad(c.dim("Failures"), 11) + c.dim("Rate Limit")
   );
-  O2.message(c2.dim("  " + "\u2500".repeat(62)));
+  O2.message(c.dim("  " + "\u2500".repeat(62)));
   for (let i = 0; i < stored.accounts.length; i++) {
-    const acc = stored.accounts[i];
+    const account = stored.accounts[i];
     const isActive = i === stored.activeIndex;
-    const num = String(i + 1);
-    const label = acc.email || `Account ${i + 1}`;
-    let status;
-    if (!acc.enabled) {
-      status = c2.gray("\u25CB disabled");
-    } else if (isActive) {
-      status = c2.green("\u25CF active");
+    const label = account.email || `Account ${i + 1}`;
+    const status = !account.enabled ? c.gray("\u25CB disabled") : isActive ? c.green("\u25CF active") : c.cyan("\u25CF ready");
+    const failures = !account.enabled ? c.dim("\u2014") : account.consecutiveFailures > 0 ? c.yellow(String(account.consecutiveFailures)) : c.dim("0");
+    let rateLimit;
+    if (!account.enabled) {
+      rateLimit = c.dim("\u2014");
     } else {
-      status = c2.cyan("\u25CF ready");
+      const maxReset = Math.max(0, ...Object.values(account.rateLimitResetTimes || {}));
+      rateLimit = maxReset > now ? c.yellow(`\u26A0 ${formatDuration(maxReset - now)}`) : c.dim("\u2014");
     }
-    let failures;
-    if (!acc.enabled) {
-      failures = c2.dim("\u2014");
-    } else if (acc.consecutiveFailures > 0) {
-      failures = c2.yellow(String(acc.consecutiveFailures));
-    } else {
-      failures = c2.dim("0");
-    }
-    let rateLimit;
-    if (!acc.enabled) {
-      rateLimit = c2.dim("\u2014");
-    } else {
-      const resetTimes = acc.rateLimitResetTimes || {};
-      const maxReset = Math.max(0, ...Object.values(resetTimes));
-      if (maxReset > now) {
-        rateLimit = c2.yellow(`\u26A0 ${formatDuration(maxReset - now)}`);
-      } else {
-        rateLimit = c2.dim("\u2014");
-      }
-    }
-    O2.message("  " + pad(c2.bold(num), 5) + pad(label, 22) + pad(status, 14) + pad(failures, 11) + rateLimit);
-    if (acc.enabled) {
+    O2.message(
+      "  " + pad(c.bold(String(i + 1)), 5) + pad(label, 22) + pad(status, 14) + pad(failures, 11) + rateLimit
+    );
+    if (account.enabled) {
       const result = usageResults[i];
       const usage = result.status === "fulfilled" ? result.value.usage : null;
       if (usage) {
@@ -2265,7 +2523,7 @@ async function cmdList() {
           O2.message(line);
         }
       } else {
-        O2.message(c2.dim(`${USAGE_INDENT}quotas: unavailable`));
+        O2.message(c.dim(`${USAGE_INDENT}quotas: unavailable`));
       }
     }
     if (i < stored.accounts.length - 1) {
@@ -2273,34 +2531,33 @@ async function cmdList() {
     }
   }
   O2.message("");
-  const enabled = stored.accounts.filter((a) => a.enabled).length;
+  const enabled = stored.accounts.filter((account) => account.enabled).length;
   const disabled = stored.accounts.length - enabled;
   const parts = [
-    `Strategy: ${c2.cyan(config.account_selection_strategy)}`,
-    `${c2.bold(String(enabled))} of ${stored.accounts.length} enabled`
+    `Strategy: ${c.cyan(config.account_selection_strategy)}`,
+    `${c.bold(String(enabled))} of ${stored.accounts.length} enabled`
   ];
   if (disabled > 0) {
-    parts.push(`${c2.yellow(String(disabled))} disabled`);
+    parts.push(`${c.yellow(String(disabled))} disabled`);
   }
-  O2.info(parts.join(c2.dim(" | ")));
+  O2.info(parts.join(c.dim(" | ")));
   O2.info(`Storage: ${shortPath(getStoragePath())}`);
   return 0;
 }
 async function cmdStatus() {
-  const stored = await loadAccounts();
+  const stored = await loadAccountsWithRepair();
   if (!stored || stored.accounts.length === 0) {
     console.log("anthropic: no accounts configured");
     return 1;
   }
   const config = loadConfig();
   const total = stored.accounts.length;
-  const enabled = stored.accounts.filter((a) => a.enabled).length;
+  const enabled = stored.accounts.filter((account) => account.enabled).length;
   const now = Date.now();
   let rateLimited = 0;
-  for (const acc of stored.accounts) {
-    if (!acc.enabled) continue;
-    const resetTimes = acc.rateLimitResetTimes || {};
-    const maxReset = Math.max(0, ...Object.values(resetTimes));
+  for (const account of stored.accounts) {
+    if (!account.enabled) continue;
+    const maxReset = Math.max(0, ...Object.values(account.rateLimitResetTimes || {}));
     if (maxReset > now) rateLimited++;
   }
   let line = `anthropic: ${total} account${total !== 1 ? "s" : ""} (${enabled} active)`;
@@ -2384,7 +2641,7 @@ async function cmdDisable(arg) {
     O2.info(`Account ${n} is already disabled.`);
     return 0;
   }
-  const enabledCount = stored.accounts.filter((a) => a.enabled).length;
+  const enabledCount = stored.accounts.filter((account) => account.enabled).length;
   if (enabledCount <= 1) {
     O2.error("Error: cannot disable the last enabled account.");
     return 1;
@@ -2393,7 +2650,7 @@ async function cmdDisable(arg) {
   const label = stored.accounts[idx].email || `Account ${n}`;
   let switchedTo = null;
   if (idx === stored.activeIndex) {
-    const nextEnabled = stored.accounts.findIndex((a) => a.enabled);
+    const nextEnabled = stored.accounts.findIndex((account) => account.enabled);
     if (nextEnabled >= 0) {
       stored.activeIndex = nextEnabled;
       switchedTo = nextEnabled;
@@ -2407,6 +2664,94 @@ async function cmdDisable(arg) {
   }
   return 0;
 }
+async function cmdReset(arg) {
+  if (!arg) {
+    O2.error("Error: provide an account number or 'all' (e.g., 'reset 1' or 'reset all')");
+    return 1;
+  }
+  const stored = await loadAccounts();
+  if (!stored || stored.accounts.length === 0) {
+    O2.error("Error: no accounts configured.");
+    return 1;
+  }
+  if (arg.toLowerCase() === "all") {
+    let count = 0;
+    for (const account of stored.accounts) {
+      account.rateLimitResetTimes = {};
+      account.consecutiveFailures = 0;
+      account.lastFailureTime = null;
+      count++;
+    }
+    await saveAccounts(stored);
+    O2.success(`Reset tracking for all ${count} account(s).`);
+    return 0;
+  }
+  const n = parseInt(arg, 10);
+  if (isNaN(n) || n < 1) {
+    O2.error("Error: provide a valid account number or 'all'.");
+    return 1;
+  }
+  const idx = n - 1;
+  if (idx >= stored.accounts.length) {
+    O2.error(`Error: account ${n} does not exist.`);
+    return 1;
+  }
+  stored.accounts[idx].rateLimitResetTimes = {};
+  stored.accounts[idx].consecutiveFailures = 0;
+  stored.accounts[idx].lastFailureTime = null;
+  await saveAccounts(stored);
+  const label = stored.accounts[idx].email || `Account ${n}`;
+  O2.success(`Reset tracking for account #${n} (${label}).`);
+  return 0;
+}
+async function cmdStats() {
+  const stored = await loadAccounts();
+  if (!stored || stored.accounts.length === 0) {
+    O2.warn("No accounts configured.");
+    return 1;
+  }
+  const widths = { num: 4, name: 22, val: 10 };
+  const rule = c.dim("  " + "\u2500".repeat(74));
+  O2.message(c.bold("Anthropic Account Usage"));
+  O2.message(
+    "  " + pad(c.dim("#"), widths.num) + pad(c.dim("Account"), widths.name) + rpad(c.dim("Requests"), widths.val) + rpad(c.dim("Input"), widths.val) + rpad(c.dim("Output"), widths.val) + rpad(c.dim("Cache R"), widths.val) + rpad(c.dim("Cache W"), widths.val)
+  );
+  O2.message(rule);
+  let totalRequests = 0;
+  let totalInput = 0;
+  let totalOutput = 0;
+  let totalCacheRead = 0;
+  let totalCacheWrite = 0;
+  let oldestReset = Infinity;
+  for (let i = 0; i < stored.accounts.length; i++) {
+    const account = stored.accounts[i];
+    const stats = account.stats || createDefaultStats();
+    const marker = i === stored.activeIndex ? c.green("\u25CF") : " ";
+    const number = `${marker} ${i + 1}`;
+    const name = account.email || `Account ${i + 1}`;
+    O2.message(
+      "  " + pad(number, widths.num) + pad(name, widths.name) + rpad(String(stats.requests), widths.val) + rpad(fmtTokens(stats.inputTokens), widths.val) + rpad(fmtTokens(stats.outputTokens), widths.val) + rpad(fmtTokens(stats.cacheReadTokens), widths.val) + rpad(fmtTokens(stats.cacheWriteTokens), widths.val)
+    );
+    totalRequests += stats.requests;
+    totalInput += stats.inputTokens;
+    totalOutput += stats.outputTokens;
+    totalCacheRead += stats.cacheReadTokens;
+    totalCacheWrite += stats.cacheWriteTokens;
+    if (stats.lastReset < oldestReset) oldestReset = stats.lastReset;
+  }
+  if (stored.accounts.length > 1) {
+    O2.message(rule);
+    O2.message(
+      c.bold(
+        "  " + pad("", widths.num) + pad("Total", widths.name) + rpad(String(totalRequests), widths.val) + rpad(fmtTokens(totalInput), widths.val) + rpad(fmtTokens(totalOutput), widths.val) + rpad(fmtTokens(totalCacheRead), widths.val) + rpad(fmtTokens(totalCacheWrite), widths.val)
+      )
+    );
+  }
+  if (oldestReset < Infinity) {
+    O2.message(c.dim(`Tracking since: ${new Date(oldestReset).toLocaleString()} (${formatTimeAgo(oldestReset)})`));
+  }
+  return 0;
+}
 async function cmdRemove(arg, opts = {}) {
   const n = parseInt(arg || "", 10);
   if (isNaN(n) || n < 1) {
@@ -2454,54 +2799,126 @@ async function cmdRemove(arg, opts = {}) {
   }
   return 0;
 }
-async function cmdReset(arg) {
-  if (!arg) {
-    O2.error("Error: provide an account number or 'all' (e.g., 'reset 1' or 'reset all')");
-    return 1;
-  }
-  const stored = await loadAccounts();
-  if (!stored || stored.accounts.length === 0) {
-    O2.error("Error: no accounts configured.");
-    return 1;
-  }
-  if (arg.toLowerCase() === "all") {
-    let count = 0;
-    for (const acc of stored.accounts) {
-      acc.rateLimitResetTimes = {};
-      acc.consecutiveFailures = 0;
-      acc.lastFailureTime = null;
-      count++;
-    }
-    await saveAccounts(stored);
-    O2.success(`Reset tracking for all ${count} account(s).`);
-    return 0;
-  }
-  const n = parseInt(arg, 10);
-  if (isNaN(n) || n < 1) {
-    O2.error("Error: provide a valid account number or 'all'.");
-    return 1;
+function cmdAuthGroupHelp(group) {
+  const bin = "opencode-anthropic-auth";
+  switch (group) {
+    case "auth":
+      console.log(`
+${c.bold("Auth Commands")}
+
+  ${pad(c.cyan("login"), 20)}Add a new account via browser OAuth flow (alias: ln)
+  ${pad(c.cyan("logout") + " <N>", 20)}Revoke tokens and remove account N (alias: lo)
+  ${pad(c.cyan("logout") + " --all", 20)}Revoke all tokens and clear all accounts
+  ${pad(c.cyan("reauth") + " <N>", 20)}Re-authenticate account N with fresh tokens (alias: ra)
+  ${pad(c.cyan("refresh") + " <N>", 20)}Attempt token refresh without browser (alias: rf)
+
+${c.dim("Examples:")}
+  ${bin} auth login
+  ${bin} auth logout 2
+  ${bin} auth reauth 1
+`);
+      return 0;
+    case "account":
+      console.log(`
+${c.bold("Account Commands")}
+
+  ${pad(c.cyan("list"), 20)}Show all accounts with status (alias: ls)
+  ${pad(c.cyan("switch") + " <N>", 20)}Set account N as active (alias: sw)
+  ${pad(c.cyan("enable") + " <N>", 20)}Enable a disabled account (alias: en)
+  ${pad(c.cyan("disable") + " <N>", 20)}Disable an account (alias: dis)
+  ${pad(c.cyan("remove") + " <N>", 20)}Remove an account permanently (alias: rm)
+  ${pad(c.cyan("reset"), 20)}Clear rate-limit / failure tracking
+
+${c.dim("Examples:")}
+  ${bin} account list
+  ${bin} account switch 2
+  ${bin} account disable 3
+`);
+      return 0;
   }
-  const idx = n - 1;
-  if (idx >= stored.accounts.length) {
-    O2.error(`Error: account ${n} does not exist.`);
-    return 1;
+}
+
+// src/cli/commands/config.ts
+var STRATEGY_DESCRIPTIONS = {
+  sticky: "Stay on one account until it fails or is rate-limited",
+  "round-robin": "Rotate through accounts on every request",
+  hybrid: "Prefer healthy accounts, rotate when degraded"
+};
+function cmdGroupHelp(group) {
+  const bin = "opencode-anthropic-auth";
+  switch (group) {
+    case "usage":
+      console.log(`
+${c.bold("Usage Commands")}
+
+  ${pad(c.cyan("stats"), 20)}Show per-account usage statistics
+  ${pad(c.cyan("reset-stats") + " [N|all]", 20)}Reset usage statistics
+  ${pad(c.cyan("status"), 20)}Compact one-liner for scripts/prompts (alias: st)
+
+${c.dim("Examples:")}
+  ${bin} usage stats
+  ${bin} usage status
+`);
+      return 0;
+    case "config":
+      console.log(`
+${c.bold("Config Commands")}
+
+  ${pad(c.cyan("show"), 20)}Show current configuration and file paths (alias: cfg)
+  ${pad(c.cyan("strategy") + " [name]", 20)}Show or change selection strategy (alias: strat)
+
+${c.dim("Examples:")}
+  ${bin} config show
+  ${bin} config strategy round-robin
+`);
+      return 0;
+    case "manage":
+      console.log(`
+${c.bold("Manage Command")}
+
+  ${pad(c.cyan("manage"), 20)}Interactive account management menu (alias: mg)
+
+${c.dim("Examples:")}
+  ${bin} manage
+`);
+      return 0;
   }
-  stored.accounts[idx].rateLimitResetTimes = {};
-  stored.accounts[idx].consecutiveFailures = 0;
-  stored.accounts[idx].lastFailureTime = null;
-  await saveAccounts(stored);
-  const label = stored.accounts[idx].email || `Account ${n}`;
-  O2.success(`Reset tracking for account #${n} (${label}).`);
-  return 0;
+}
+function renderManageAccounts(accounts, activeIndex, currentStrategy) {
+  console.log("");
+  console.log(c.bold(`${accounts.length} account(s):`));
+  for (let i = 0; i < accounts.length; i++) {
+    const num = i + 1;
+    const label = accounts[i].email || `Account ${num}`;
+    const active = i === activeIndex ? c.green(" (active)") : "";
+    const disabled = !accounts[i].enabled ? c.yellow(" [disabled]") : "";
+    console.log(`  ${c.bold(String(num))}. ${label}${active}${disabled}`);
+  }
+  console.log("");
+  console.log(c.dim(`Strategy: ${currentStrategy}`));
+}
+function buildManageTargetOptions(accounts, activeIndex) {
+  return accounts.map((account, index) => {
+    const num = index + 1;
+    const label = account.email || `Account ${num}`;
+    const statuses = [index === activeIndex ? "active" : null, !account.enabled ? "disabled" : null].filter(
+      Boolean
+    );
+    return {
+      value: String(index),
+      label: `#${num} ${label}`,
+      hint: statuses.length > 0 ? statuses.join(", ") : void 0
+    };
+  });
 }
 async function cmdConfig() {
   const config = loadConfig();
   const stored = await loadAccounts();
-  O2.info(c2.bold("Anthropic Auth Configuration"));
+  O2.info(c.bold("Anthropic Auth Configuration"));
   const generalLines = [
-    `Strategy:          ${c2.cyan(config.account_selection_strategy)}`,
+    `Strategy:          ${c.cyan(config.account_selection_strategy)}`,
     `Failure TTL:       ${config.failure_ttl_seconds}s`,
-    `Debug:             ${config.debug ? c2.yellow("on") : "off"}`
+    `Debug:             ${config.debug ? c.yellow("on") : "off"}`
   ];
   wt(generalLines.join("\n"), "General");
   const healthLines = [
@@ -2524,10 +2941,10 @@ async function cmdConfig() {
     `Accounts:        ${shortPath(getStoragePath())}`
   ];
   if (stored) {
-    const enabled = stored.accounts.filter((a) => a.enabled).length;
+    const enabled = stored.accounts.filter((account) => account.enabled).length;
     fileLines.push(`Accounts total:  ${stored.accounts.length} (${enabled} enabled)`);
   } else {
-    fileLines.push(`Accounts total:  none`);
+    fileLines.push("Accounts total:  none");
   }
   wt(fileLines.join("\n"), "Files");
   const envOverrides = [];
@@ -2538,28 +2955,23 @@ async function cmdConfig() {
     envOverrides.push(`OPENCODE_ANTHROPIC_DEBUG=${process.env.OPENCODE_ANTHROPIC_DEBUG}`);
   }
   if (envOverrides.length > 0) {
-    O2.warn("Environment overrides:\n" + envOverrides.map((ov) => `  ${c2.yellow(ov)}`).join("\n"));
+    O2.warn("Environment overrides:\n" + envOverrides.map((override) => `  ${c.yellow(override)}`).join("\n"));
   }
   return 0;
 }
 async function cmdStrategy(arg) {
   const config = loadConfig();
   if (!arg) {
-    O2.info(c2.bold("Account Selection Strategy"));
-    const descriptions = {
-      sticky: "Stay on one account until it fails or is rate-limited",
-      "round-robin": "Rotate through accounts on every request",
-      hybrid: "Prefer healthy accounts, rotate when degraded"
-    };
-    const lines = VALID_STRATEGIES.map((s) => {
-      const current = s === config.account_selection_strategy;
-      const marker = current ? c2.green("\u25B8 ") : "  ";
-      const name = current ? c2.bold(c2.cyan(s)) : c2.dim(s);
-      const desc = current ? descriptions[s] : c2.dim(descriptions[s]);
-      return `${marker}${pad(name, 16)}${desc}`;
+    O2.info(c.bold("Account Selection Strategy"));
+    const lines = VALID_STRATEGIES.map((strategy) => {
+      const current = strategy === config.account_selection_strategy;
+      const marker = current ? c.green("\u25B8 ") : "  ";
+      const name = current ? c.bold(c.cyan(strategy)) : c.dim(strategy);
+      const description = current ? STRATEGY_DESCRIPTIONS[strategy] : c.dim(STRATEGY_DESCRIPTIONS[strategy]);
+      return `${marker}${pad(name, 16)}${description}`;
     });
     O2.message(lines.join("\n"));
-    O2.message(c2.dim(`Change with: opencode-anthropic-auth strategy <${VALID_STRATEGIES.join("|")}>`));
+    O2.message(c.dim(`Change with: opencode-anthropic-auth strategy <${VALID_STRATEGIES.join("|")}>`));
     if (process.env.OPENCODE_ANTHROPIC_STRATEGY) {
       O2.warn(
         `OPENCODE_ANTHROPIC_STRATEGY=${process.env.OPENCODE_ANTHROPIC_STRATEGY} overrides config file at runtime.`
@@ -2573,64 +2985,42 @@ async function cmdStrategy(arg) {
     return 1;
   }
   if (normalized === config.account_selection_strategy && !process.env.OPENCODE_ANTHROPIC_STRATEGY) {
-    O2.message(c2.dim(`Strategy is already '${normalized}'.`));
+    O2.message(c.dim(`Strategy is already '${normalized}'.`));
     return 0;
   }
   saveConfig({ account_selection_strategy: normalized });
   O2.success(`Strategy changed to '${normalized}'.`);
   if (process.env.OPENCODE_ANTHROPIC_STRATEGY) {
-    O2.warn(`OPENCODE_ANTHROPIC_STRATEGY=${process.env.OPENCODE_ANTHROPIC_STRATEGY} will override this at runtime.`);
+    O2.warn(
+      `OPENCODE_ANTHROPIC_STRATEGY=${process.env.OPENCODE_ANTHROPIC_STRATEGY} will override this at runtime.`
+    );
   }
   return 0;
 }
-function fmtTokens(n) {
-  if (n >= 1e6) return (n / 1e6).toFixed(1) + "M";
-  if (n >= 1e3) return (n / 1e3).toFixed(1) + "K";
-  return String(n);
-}
-async function cmdStats() {
+async function cmdStatus2() {
   const stored = await loadAccounts();
   if (!stored || stored.accounts.length === 0) {
-    O2.warn("No accounts configured.");
+    console.log("anthropic: no accounts configured");
     return 1;
   }
-  const W = { num: 4, name: 22, val: 10 };
-  const RULE = c2.dim("  " + "\u2500".repeat(74));
-  O2.message(c2.bold("Anthropic Account Usage"));
-  O2.message(
-    "  " + pad(c2.dim("#"), W.num) + pad(c2.dim("Account"), W.name) + rpad(c2.dim("Requests"), W.val) + rpad(c2.dim("Input"), W.val) + rpad(c2.dim("Output"), W.val) + rpad(c2.dim("Cache R"), W.val) + rpad(c2.dim("Cache W"), W.val)
-  );
-  O2.message(RULE);
-  let totReq = 0, totIn = 0, totOut = 0, totCR = 0, totCW = 0;
-  let oldestReset = Infinity;
-  for (let i = 0; i < stored.accounts.length; i++) {
-    const acc = stored.accounts[i];
-    const s = acc.stats || createDefaultStats();
-    const isActive = i === stored.activeIndex;
-    const marker = isActive ? c2.green("\u25CF") : " ";
-    const num = `${marker} ${i + 1}`;
-    const name = acc.email || `Account ${i + 1}`;
-    O2.message(
-      "  " + pad(num, W.num) + pad(name, W.name) + rpad(String(s.requests), W.val) + rpad(fmtTokens(s.inputTokens), W.val) + rpad(fmtTokens(s.outputTokens), W.val) + rpad(fmtTokens(s.cacheReadTokens), W.val) + rpad(fmtTokens(s.cacheWriteTokens), W.val)
-    );
-    totReq += s.requests;
-    totIn += s.inputTokens;
-    totOut += s.outputTokens;
-    totCR += s.cacheReadTokens;
-    totCW += s.cacheWriteTokens;
-    if (s.lastReset < oldestReset) oldestReset = s.lastReset;
-  }
-  if (stored.accounts.length > 1) {
-    O2.message(RULE);
-    O2.message(
-      c2.bold(
-        "  " + pad("", W.num) + pad("Total", W.name) + rpad(String(totReq), W.val) + rpad(fmtTokens(totIn), W.val) + rpad(fmtTokens(totOut), W.val) + rpad(fmtTokens(totCR), W.val) + rpad(fmtTokens(totCW), W.val)
-      )
-    );
+  const config = loadConfig();
+  const total = stored.accounts.length;
+  const enabled = stored.accounts.filter((account) => account.enabled).length;
+  const now = Date.now();
+  let rateLimited = 0;
+  for (const account of stored.accounts) {
+    if (!account.enabled) continue;
+    const resetTimes = account.rateLimitResetTimes || {};
+    const maxReset = Math.max(0, ...Object.values(resetTimes));
+    if (maxReset > now) rateLimited++;
   }
-  if (oldestReset < Infinity) {
-    O2.message(c2.dim(`Tracking since: ${new Date(oldestReset).toLocaleString()} (${formatTimeAgo(oldestReset)})`));
+  let line = `anthropic: ${total} account${total !== 1 ? "s" : ""} (${enabled} active)`;
+  line += `, strategy: ${config.account_selection_strategy}`;
+  line += `, next: #${stored.activeIndex + 1}`;
+  if (rateLimited > 0) {
+    line += `, ${rateLimited} rate-limited`;
   }
+  console.log(line);
   return 0;
 }
 async function cmdResetStats(arg) {
@@ -2641,8 +3031,8 @@ async function cmdResetStats(arg) {
   }
   const now = Date.now();
   if (!arg || arg === "all") {
-    for (const acc of stored.accounts) {
-      acc.stats = createDefaultStats(now);
+    for (const account of stored.accounts) {
+      account.stats = createDefaultStats(now);
     }
     await saveAccounts(stored);
     O2.success("Reset usage statistics for all accounts.");
@@ -2662,35 +3052,25 @@ async function cmdResetStats(arg) {
 async function cmdManage() {
   let stored = await loadAccounts();
   if (!stored || stored.accounts.length === 0) {
-    console.log(c2.yellow("No accounts configured."));
-    console.log(c2.dim("Run 'opencode auth login' and select 'Claude Pro/Max' to add accounts."));
+    console.log(c.yellow("No accounts configured."));
+    console.log(c.dim("Run 'opencode auth login' and select 'Claude Pro/Max' to add accounts."));
     return 1;
   }
   if (!process.stdin.isTTY) {
-    console.error(c2.red("Error: 'manage' requires an interactive terminal."));
-    console.error(c2.dim("Use 'enable', 'disable', 'remove', 'switch' for non-interactive use."));
+    console.error(c.red("Error: 'manage' requires an interactive terminal."));
+    console.error(c.dim("Use 'enable', 'disable', 'remove', 'switch' for non-interactive use."));
     return 1;
   }
   while (true) {
     stored = await loadAccounts();
     if (!stored || stored.accounts.length === 0) {
-      console.log(c2.dim("No accounts remaining."));
+      console.log(c.dim("No accounts remaining."));
       break;
     }
     const accounts = stored.accounts;
     const activeIndex = stored.activeIndex;
     const currentStrategy = loadConfig().account_selection_strategy;
-    console.log("");
-    console.log(c2.bold(`${accounts.length} account(s):`));
-    for (let i = 0; i < accounts.length; i++) {
-      const num2 = i + 1;
-      const label = accounts[i].email || `Account ${num2}`;
-      const active = i === stored.activeIndex ? c2.green(" (active)") : "";
-      const disabled = !accounts[i].enabled ? c2.yellow(" [disabled]") : "";
-      console.log(`  ${c2.bold(String(num2))}. ${label}${active}${disabled}`);
-    }
-    console.log("");
-    console.log(c2.dim(`Strategy: ${currentStrategy}`));
+    renderManageAccounts(accounts, activeIndex, currentStrategy);
     const action = await _t({
       message: "Choose an action.",
       options: [
@@ -2716,24 +3096,13 @@ async function cmdManage() {
       });
       if (q(strategy)) break;
       saveConfig({ account_selection_strategy: strategy });
-      console.log(c2.green(`Strategy changed to '${strategy}'.`));
+      console.log(c.green(`Strategy changed to '${strategy}'.`));
       continue;
     }
     const target = await _t({
       message: "Choose an account.",
       initialValue: String(activeIndex),
-      options: accounts.map((account, index) => {
-        const num2 = index + 1;
-        const label = account.email || `Account ${num2}`;
-        const statuses = [index === activeIndex ? "active" : null, !account.enabled ? "disabled" : null].filter(
-          Boolean
-        );
-        return {
-          value: String(index),
-          label: `#${num2} ${label}`,
-          hint: statuses.length > 0 ? statuses.join(", ") : void 0
-        };
-      })
+      options: buildManageTargetOptions(accounts, activeIndex)
     });
     if (q(target)) break;
     const idx = Number.parseInt(target, 10);
@@ -2741,42 +3110,44 @@ async function cmdManage() {
     switch (action) {
       case "switch": {
         if (!accounts[idx].enabled) {
-          console.log(c2.yellow(`Account ${num} is disabled. Enable it first.`));
+          console.log(c.yellow(`Account ${num} is disabled. Enable it first.`));
           break;
         }
         stored.activeIndex = idx;
         await saveAccounts(stored);
         const switchLabel = accounts[idx].email || `Account ${num}`;
-        console.log(c2.green(`Switched to #${num} (${switchLabel}).`));
+        console.log(c.green(`Switched to #${num} (${switchLabel}).`));
         break;
       }
       case "enable": {
         if (accounts[idx].enabled) {
-          console.log(c2.dim(`Account ${num} is already enabled.`));
+          console.log(c.dim(`Account ${num} is already enabled.`));
           break;
         }
         stored.accounts[idx].enabled = true;
         await saveAccounts(stored);
-        console.log(c2.green(`Enabled account #${num}.`));
+        console.log(c.green(`Enabled account #${num}.`));
         break;
       }
       case "disable": {
         if (!accounts[idx].enabled) {
-          console.log(c2.dim(`Account ${num} is already disabled.`));
+          console.log(c.dim(`Account ${num} is already disabled.`));
           break;
         }
         const enabledCount = accounts.filter((account) => account.enabled).length;
         if (enabledCount <= 1) {
-          console.log(c2.red("Cannot disable the last enabled account."));
+          console.log(c.red("Cannot disable the last enabled account."));
           break;
         }
         stored.accounts[idx].enabled = false;
         if (idx === stored.activeIndex) {
-          const nextEnabled = accounts.findIndex((account, accountIndex) => accountIndex !== idx && account.enabled);
+          const nextEnabled = accounts.findIndex(
+            (account, accountIndex) => accountIndex !== idx && account.enabled
+          );
           if (nextEnabled >= 0) stored.activeIndex = nextEnabled;
         }
         await saveAccounts(stored);
-        console.log(c2.yellow(`Disabled account #${num}.`));
+        console.log(c.yellow(`Disabled account #${num}.`));
         break;
       }
       case "remove": {
@@ -2795,9 +3166,9 @@ async function cmdManage() {
             stored.activeIndex--;
           }
           await saveAccounts(stored);
-          console.log(c2.green(`Removed account #${num}.`));
+          console.log(c.green(`Removed account #${num}.`));
         } else {
-          console.log(c2.dim("Cancelled."));
+          console.log(c.dim("Cancelled."));
         }
         break;
       }
@@ -2806,7 +3177,7 @@ async function cmdManage() {
         stored.accounts[idx].consecutiveFailures = 0;
         stored.accounts[idx].lastFailureTime = null;
         await saveAccounts(stored);
-        console.log(c2.green(`Reset tracking for account #${num}.`));
+        console.log(c.green(`Reset tracking for account #${num}.`));
         break;
       }
     }
@@ -2816,78 +3187,137 @@ async function cmdManage() {
 function cmdHelp() {
   const bin = "opencode-anthropic-auth";
   console.log(`
-${c2.bold("Anthropic Multi-Account Auth CLI")}
+${c.bold("Anthropic Multi-Account Auth CLI")}
 
-${c2.dim("Usage:")}
+${c.dim("Usage:")}
   ${bin} [group] [command] [args]
-  ${bin} [command] [args] ${c2.dim("(legacy format, still supported)")}
-  oaa [group] [command] [args] ${c2.dim("(short alias)")}
+  ${bin} [command] [args] ${c.dim("(legacy format, still supported)")}
+  oaa [group] [command] [args] ${c.dim("(short alias)")}
 
-${c2.dim("Command Groups:")}
-  ${pad(c2.cyan("auth"), 22)}Authentication: login, logout, reauth, refresh
-  ${pad(c2.cyan("account"), 22)}Account management: list, switch, enable, disable, remove, reset
-  ${pad(c2.cyan("usage"), 22)}Usage statistics: stats, reset-stats, status
-  ${pad(c2.cyan("config"), 22)}Configuration: show, strategy
-  ${pad(c2.cyan("manage"), 22)}Interactive account management menu
+${c.dim("Command Groups:")}
+  ${pad(c.cyan("auth"), 22)}Authentication: login, logout, reauth, refresh
+  ${pad(c.cyan("account"), 22)}Account management: list, switch, enable, disable, remove, reset
+  ${pad(c.cyan("usage"), 22)}Usage statistics: stats, reset-stats, status
+  ${pad(c.cyan("config"), 22)}Configuration: show, strategy
+  ${pad(c.cyan("manage"), 22)}Interactive account management menu
 
-${c2.dim("Auth Commands:")}
-  ${pad(c2.cyan("login"), 22)}Add a new account via browser OAuth (alias: ln)
-  ${pad(c2.cyan("logout") + " <N>", 22)}Revoke tokens and remove account N (alias: lo)
-  ${pad(c2.cyan("logout") + " --all", 22)}Revoke all tokens and clear all accounts
-  ${pad(c2.cyan("reauth") + " <N>", 22)}Re-authenticate account N (alias: ra)
-  ${pad(c2.cyan("refresh") + " <N>", 22)}Attempt token refresh (alias: rf)
+${c.dim("Auth Commands:")}
+  ${pad(c.cyan("login"), 22)}Add a new account via browser OAuth (alias: ln)
+  ${pad(c.cyan("logout") + " <N>", 22)}Revoke tokens and remove account N (alias: lo)
+  ${pad(c.cyan("logout") + " --all", 22)}Revoke all tokens and clear all accounts
+  ${pad(c.cyan("reauth") + " <N>", 22)}Re-authenticate account N (alias: ra)
+  ${pad(c.cyan("refresh") + " <N>", 22)}Attempt token refresh (alias: rf)
 
-${c2.dim("Account Commands:")}
-  ${pad(c2.cyan("list"), 22)}Show all accounts with status ${c2.dim("(default, alias: ls)")}
-  ${pad(c2.cyan("switch") + " <N>", 22)}Set account N as active (alias: sw)
-  ${pad(c2.cyan("enable") + " <N>", 22)}Enable a disabled account (alias: en)
-  ${pad(c2.cyan("disable") + " <N>", 22)}Disable an account (alias: dis)
-  ${pad(c2.cyan("remove") + " <N>", 22)}Remove an account permanently (alias: rm)
-  ${pad(c2.cyan("reset") + " <N|all>", 22)}Clear rate-limit / failure tracking
+${c.dim("Account Commands:")}
+  ${pad(c.cyan("list"), 22)}Show all accounts with status ${c.dim("(default, alias: ls)")}
+  ${pad(c.cyan("switch") + " <N>", 22)}Set account N as active (alias: sw)
+  ${pad(c.cyan("enable") + " <N>", 22)}Enable a disabled account (alias: en)
+  ${pad(c.cyan("disable") + " <N>", 22)}Disable an account (alias: dis)
+  ${pad(c.cyan("remove") + " <N>", 22)}Remove an account permanently (alias: rm)
+  ${pad(c.cyan("reset") + " <N|all>", 22)}Clear rate-limit / failure tracking
 
-${c2.dim("Usage Commands:")}
-  ${pad(c2.cyan("stats"), 22)}Show per-account usage statistics
-  ${pad(c2.cyan("reset-stats") + " [N|all]", 22)}Reset usage statistics
-  ${pad(c2.cyan("status"), 22)}Compact one-liner for scripts/prompts (alias: st)
+${c.dim("Usage Commands:")}
+  ${pad(c.cyan("stats"), 22)}Show per-account usage statistics
+  ${pad(c.cyan("reset-stats") + " [N|all]", 22)}Reset usage statistics
+  ${pad(c.cyan("status"), 22)}Compact one-liner for scripts/prompts (alias: st)
 
-${c2.dim("Config Commands:")}
-  ${pad(c2.cyan("config"), 22)}Show configuration and file paths (alias: cfg)
-  ${pad(c2.cyan("strategy") + " [name]", 22)}Show or change selection strategy (alias: strat)
+${c.dim("Config Commands:")}
+  ${pad(c.cyan("config"), 22)}Show configuration and file paths (alias: cfg)
+  ${pad(c.cyan("strategy") + " [name]", 22)}Show or change selection strategy (alias: strat)
 
-${c2.dim("Manage Commands:")}
-  ${pad(c2.cyan("manage"), 22)}Interactive account management menu (alias: mg)
-  ${pad(c2.cyan("help"), 22)}Show this help message
+${c.dim("Manage Commands:")}
+  ${pad(c.cyan("manage"), 22)}Interactive account management menu (alias: mg)
+  ${pad(c.cyan("help"), 22)}Show this help message
 
-${c2.dim("Group Help:")}
-  ${bin} auth help         ${c2.dim("# Show auth commands")}
-  ${bin} account help      ${c2.dim("# Show account commands")}
-  ${bin} usage help        ${c2.dim("# Show usage commands")}
-  ${bin} config help       ${c2.dim("# Show config commands")}
+${c.dim("Group Help:")}
+  ${bin} auth help         ${c.dim("# Show auth commands")}
+  ${bin} account help      ${c.dim("# Show account commands")}
+  ${bin} usage help        ${c.dim("# Show usage commands")}
+  ${bin} config help       ${c.dim("# Show config commands")}
 
-${c2.dim("Options:")}
+${c.dim("Options:")}
   --force           Skip confirmation prompts
   --all             Target all accounts (for logout)
   --no-color        Disable colored output
 
-${c2.dim("Examples:")}
-  ${bin} login             ${c2.dim("# Add a new account via browser")}
-  ${bin} auth login        ${c2.dim("# Same as above (group format)")}
-  oaa login             ${c2.dim("# Same as above (short alias)")}
-  ${bin} logout 2          ${c2.dim("# Revoke tokens & remove account 2")}
-  ${bin} auth logout 2     ${c2.dim("# Same as above (group format)")}
-  ${bin} list              ${c2.dim("# Show all accounts (default)")}
-  ${bin} account list      ${c2.dim("# Same as above (group format)")}
-  ${bin} switch 2          ${c2.dim("# Make account 2 active")}
-  ${bin} account switch 2  ${c2.dim("# Same as above (group format)")}
-  ${bin} stats             ${c2.dim("# Show token usage per account")}
-  ${bin} usage stats       ${c2.dim("# Same as above (group format)")}
+${c.dim("Examples:")}
+  ${bin} login             ${c.dim("# Add a new account via browser")}
+  ${bin} auth login        ${c.dim("# Same as above (group format)")}
+  oaa login             ${c.dim("# Same as above (short alias)")}
+  ${bin} logout 2          ${c.dim("# Revoke tokens & remove account 2")}
+  ${bin} auth logout 2     ${c.dim("# Same as above (group format)")}
+  ${bin} list              ${c.dim("# Show all accounts (default)")}
+  ${bin} account list      ${c.dim("# Same as above (group format)")}
+  ${bin} switch 2          ${c.dim("# Make account 2 active")}
+  ${bin} account switch 2  ${c.dim("# Same as above (group format)")}
+  ${bin} stats             ${c.dim("# Show token usage per account")}
+  ${bin} usage stats       ${c.dim("# Same as above (group format)")}
 
-${c2.dim("Files:")}
+${c.dim("Files:")}
   Config:   ${shortPath(getConfigPath())}
   Accounts: ${shortPath(getStoragePath())}
 `);
   return 0;
 }
+async function dispatchUsageCommands(args) {
+  const subcommand = args[0] || "stats";
+  const arg = args[1];
+  switch (subcommand) {
+    case "stats":
+      return cmdStats();
+    case "reset-stats":
+      return cmdResetStats(arg);
+    case "status":
+    case "st":
+      return cmdStatus2();
+    case "help":
+    case "-h":
+    case "--help":
+      return cmdGroupHelp("usage");
+    default:
+      console.error(c.red(`Unknown usage command: ${subcommand}`));
+      console.error(c.dim("Run 'opencode-anthropic-auth usage help' for usage."));
+      return 1;
+  }
+}
+async function dispatchConfigCommands(args) {
+  const subcommand = args[0] || "show";
+  const arg = args[1];
+  switch (subcommand) {
+    case "show":
+    case "cfg":
+      return cmdConfig();
+    case "strategy":
+    case "strat":
+      return cmdStrategy(arg);
+    case "help":
+    case "-h":
+    case "--help":
+      return cmdGroupHelp("config");
+    default:
+      console.error(c.red(`Unknown config command: ${subcommand}`));
+      console.error(c.dim("Run 'opencode-anthropic-auth config help' for usage."));
+      return 1;
+  }
+}
+async function dispatchManageCommands(args) {
+  const subcommand = args[0] || "manage";
+  switch (subcommand) {
+    case "manage":
+    case "mg":
+      return cmdManage();
+    case "help":
+    case "-h":
+    case "--help":
+      return cmdGroupHelp("manage");
+    default:
+      console.error(c.red(`Unknown manage command: ${subcommand}`));
+      console.error(c.dim("Run 'opencode-anthropic-auth manage help' for usage."));
+      return 1;
+  }
+}
+
+// src/cli.ts
 var ioContext = new AsyncLocalStorage();
 var nativeConsoleLog = console.log.bind(console);
 var nativeConsoleError = console.error.bind(console);
@@ -2922,82 +3352,6 @@ async function runWithIoContext(io, fn) {
     uninstallConsoleRouter();
   }
 }
-function cmdGroupHelp(group) {
-  const bin = "opencode-anthropic-auth";
-  switch (group) {
-    case "auth":
-      console.log(`
-${c2.bold("Auth Commands")}
-
-  ${pad(c2.cyan("login"), 20)}Add a new account via browser OAuth flow (alias: ln)
-  ${pad(c2.cyan("logout") + " <N>", 20)}Revoke tokens and remove account N (alias: lo)
-  ${pad(c2.cyan("logout") + " --all", 20)}Revoke all tokens and clear all accounts
-  ${pad(c2.cyan("reauth") + " <N>", 20)}Re-authenticate account N with fresh tokens (alias: ra)
-  ${pad(c2.cyan("refresh") + " <N>", 20)}Attempt token refresh without browser (alias: rf)
-
-${c2.dim("Examples:")}
-  ${bin} auth login
-  ${bin} auth logout 2
-  ${bin} auth reauth 1
-`);
-      return 0;
-    case "account":
-      console.log(`
-${c2.bold("Account Commands")}
-
-  ${pad(c2.cyan("list"), 20)}Show all accounts with status (alias: ls)
-  ${pad(c2.cyan("switch") + " <N>", 20)}Set account N as active (alias: sw)
-  ${pad(c2.cyan("enable") + " <N>", 20)}Enable a disabled account (alias: en)
-  ${pad(c2.cyan("disable") + " <N>", 20)}Disable an account (alias: dis)
-  ${pad(c2.cyan("remove") + " <N>", 20)}Remove an account permanently (alias: rm)
-  ${pad(c2.cyan("reset"), 20)}Clear rate-limit / failure tracking
-
-${c2.dim("Examples:")}
-  ${bin} account list
-  ${bin} account switch 2
-  ${bin} account disable 3
-`);
-      return 0;
-    case "usage":
-      console.log(`
-${c2.bold("Usage Commands")}
-
-  ${pad(c2.cyan("stats"), 20)}Show per-account usage statistics
-  ${pad(c2.cyan("reset-stats") + " [N|all]", 20)}Reset usage statistics
-  ${pad(c2.cyan("status"), 20)}Compact one-liner for scripts/prompts (alias: st)
-
-${c2.dim("Examples:")}
-  ${bin} usage stats
-  ${bin} usage status
-`);
-      return 0;
-    case "config":
-      console.log(`
-${c2.bold("Config Commands")}
-
-  ${pad(c2.cyan("show"), 20)}Show current configuration and file paths (alias: cfg)
-  ${pad(c2.cyan("strategy") + " [name]", 20)}Show or change selection strategy (alias: strat)
-
-${c2.dim("Examples:")}
-  ${bin} config show
-  ${bin} config strategy round-robin
-`);
-      return 0;
-    case "manage":
-      console.log(`
-${c2.bold("Manage Command")}
-
-  ${pad(c2.cyan("manage"), 20)}Interactive account management menu (alias: mg)
-
-${c2.dim("Examples:")}
-  ${bin} manage
-`);
-      return 0;
-    default:
-      console.error(c2.red(`Unknown command group: ${group}`));
-      return 1;
-  }
-}
 async function dispatchAuth(args, flags) {
   const subcommand = args[0] || "help";
   const arg = args[1];
@@ -3017,10 +3371,10 @@ async function dispatchAuth(args, flags) {
     case "help":
     case "-h":
     case "--help":
-      return cmdGroupHelp("auth");
+      return cmdAuthGroupHelp("auth");
     default:
-      console.error(c2.red(`Unknown auth command: ${subcommand}`));
-      console.error(c2.dim("Run 'opencode-anthropic-auth auth help' for usage."));
+      console.error(c.red(`Unknown auth command: ${subcommand}`));
+      console.error(c.dim("Run 'opencode-anthropic-auth auth help' for usage."));
       return 1;
   }
 }
@@ -3048,93 +3402,36 @@ async function dispatchAccount(args, flags) {
     case "help":
     case "-h":
     case "--help":
-      return cmdGroupHelp("account");
-    default:
-      console.error(c2.red(`Unknown account command: ${subcommand}`));
-      console.error(c2.dim("Run 'opencode-anthropic-auth account help' for usage."));
-      return 1;
-  }
-}
-async function dispatchUsage(args) {
-  const subcommand = args[0] || "stats";
-  const arg = args[1];
-  switch (subcommand) {
-    case "stats":
-      return cmdStats();
-    case "reset-stats":
-      return cmdResetStats(arg);
-    case "status":
-    case "st":
-      return cmdStatus();
-    case "help":
-    case "-h":
-    case "--help":
-      return cmdGroupHelp("usage");
-    default:
-      console.error(c2.red(`Unknown usage command: ${subcommand}`));
-      console.error(c2.dim("Run 'opencode-anthropic-auth usage help' for usage."));
-      return 1;
-  }
-}
-async function dispatchConfig(args) {
-  const subcommand = args[0] || "show";
-  const arg = args[1];
-  switch (subcommand) {
-    case "show":
-    case "cfg":
-      return cmdConfig();
-    case "strategy":
-    case "strat":
-      return cmdStrategy(arg);
-    case "help":
-    case "-h":
-    case "--help":
-      return cmdGroupHelp("config");
-    default:
-      console.error(c2.red(`Unknown config command: ${subcommand}`));
-      console.error(c2.dim("Run 'opencode-anthropic-auth config help' for usage."));
-      return 1;
-  }
-}
-async function dispatchManage(args) {
-  const subcommand = args[0] || "help";
-  switch (subcommand) {
-    case "manage":
-    case "mg":
-      return cmdManage();
-    case "help":
-    case "-h":
-    case "--help":
-      return cmdGroupHelp("manage");
+      return cmdAuthGroupHelp("account");
     default:
-      console.error(c2.red(`Unknown manage command: ${subcommand}`));
-      console.error(c2.dim("Run 'opencode-anthropic-auth manage help' for usage."));
+      console.error(c.red(`Unknown account command: ${subcommand}`));
+      console.error(c.dim("Run 'opencode-anthropic-auth account help' for usage."));
       return 1;
   }
 }
 async function dispatch(argv) {
   const args = argv.filter((a) => !a.startsWith("--"));
   const flags = argv.filter((a) => a.startsWith("--"));
-  if (flags.includes("--no-color")) USE_COLOR = false;
+  if (flags.includes("--no-color")) setUseColor(false);
   if (flags.includes("--help")) return cmdHelp();
   const command = args[0] || "list";
   const remainingArgs = args.slice(1);
   const force = flags.includes("--force");
   const all = flags.includes("--all");
   switch (command) {
-    // Group dispatchers
+    // ── Group dispatchers ──────────────────────────────────────────────
     case "auth":
       return dispatchAuth(remainingArgs, { force, all });
     case "account":
       return dispatchAccount(remainingArgs, { force });
     case "usage":
-      return dispatchUsage(remainingArgs);
+      return dispatchUsageCommands(remainingArgs);
     case "config":
-      return dispatchConfig(remainingArgs);
+      return dispatchConfigCommands(remainingArgs);
     case "manage":
-      return dispatchManage(remainingArgs);
-    // Legacy backward compatibility: direct commands (map to groups)
-    // Auth commands
+      return dispatchManageCommands(remainingArgs);
+    // ── Legacy flat aliases (backward compat) ──────────────────────────
+    // Auth
     case "login":
     case "ln":
       return cmdLogin();
@@ -3147,7 +3444,7 @@ async function dispatch(argv) {
     case "refresh":
     case "rf":
       return cmdRefresh(remainingArgs[0]);
-    // Account commands
+    // Account
     case "list":
     case "ls":
       return cmdList();
@@ -3165,7 +3462,7 @@ async function dispatch(argv) {
       return cmdRemove(remainingArgs[0], { force });
     case "reset":
       return cmdReset(remainingArgs[0]);
-    // Usage commands
+    // Usage
     case "stats":
       return cmdStats();
     case "reset-stats":
@@ -3173,13 +3470,13 @@ async function dispatch(argv) {
     case "status":
     case "st":
       return cmdStatus();
-    // Config commands (strategy only - config/cfg handled by group dispatcher)
+    // Config
     case "strategy":
     case "strat":
       return cmdStrategy(remainingArgs[0]);
     case "cfg":
-      return dispatchConfig(["show"]);
-    // Manage commands
+      return dispatchConfigCommands(["show"]);
+    // Manage
     case "mg":
       return cmdManage();
     // Help
@@ -3188,8 +3485,8 @@ async function dispatch(argv) {
     case "--help":
       return cmdHelp();
     default:
-      console.error(c2.red(`Unknown command: ${command}`));
-      console.error(c2.dim("Run 'opencode-anthropic-auth help' for usage."));
+      console.error(c.red(`Unknown command: ${command}`));
+      console.error(c.dim("Run 'opencode-anthropic-auth help' for usage."));
       return 1;
   }
 }
@@ -3212,7 +3509,7 @@ async function detectMain() {
 }
 if (await detectMain()) {
   main(process.argv.slice(2)).then((code) => process.exit(code)).catch((err) => {
-    console.error(c2.red(`Fatal: ${err.message}`));
+    console.error(c.red(`Fatal: ${err.message}`));
     process.exit(1);
   });
 }