@vacbo/opencode-anthropic-fix 0.1.7 → 0.1.9

package/src/account-identity.test.ts

@@ -2,212 +2,217 @@ import { describe, expect, it } from "vitest";
 import type { CCCredential } from "./cc-credentials.js";
 import type { ManagedAccount } from "./accounts.js";
 import {
-  findByIdentity,
-  identitiesMatch,
-  resolveIdentity,
-  resolveIdentityFromCCCredential,
-  resolveIdentityFromOAuthExchange,
-  serializeIdentity,
-  type AccountIdentity,
+    findByIdentity,
+    identitiesMatch,
+    resolveIdentity,
+    resolveIdentityFromCCCredential,
+    resolveIdentityFromOAuthExchange,
+    serializeIdentity,
+    type AccountIdentity,
 } from "./account-identity.js";
 
 describe("account-identity", () => {
-  const oauthAccount: ManagedAccount = {
-    id: "oauth-1",
-    index: 0,
-    email: "alice@example.com",
-    refreshToken: "rt_oauth_123",
-    access: "at_oauth_123",
-    expires: Date.now() + 3600000,
-    tokenUpdatedAt: Date.now(),
-    addedAt: Date.now(),
-    lastUsed: 0,
-    enabled: true,
-    rateLimitResetTimes: {},
-    consecutiveFailures: 0,
-    lastFailureTime: null,
-    stats: {
-      requests: 0,
-      inputTokens: 0,
-      outputTokens: 0,
-      cacheReadTokens: 0,
-      cacheWriteTokens: 0,
-      lastReset: Date.now(),
-    },
-    source: "oauth",
-  };
-
-  const ccAccount: ManagedAccount = {
-    id: "cc-1",
-    index: 1,
-    email: undefined,
-    label: "Claude Code-credentials:alice@example.com",
-    refreshToken: "rt_cc_456",
-    access: "at_cc_456",
-    expires: Date.now() + 3600000,
-    tokenUpdatedAt: Date.now(),
-    addedAt: Date.now(),
-    lastUsed: 0,
-    enabled: true,
-    rateLimitResetTimes: {},
-    consecutiveFailures: 0,
-    lastFailureTime: null,
-    stats: {
-      requests: 0,
-      inputTokens: 0,
-      outputTokens: 0,
-      cacheReadTokens: 0,
-      cacheWriteTokens: 0,
-      lastReset: Date.now(),
-    },
-    source: "cc-keychain",
-  };
-
-  const legacyAccount: ManagedAccount = {
-    id: "legacy-1",
-    index: 2,
-    email: undefined,
-    refreshToken: "rt_legacy_789",
-    access: "at_legacy_789",
-    expires: Date.now() + 3600000,
-    tokenUpdatedAt: Date.now(),
-    addedAt: Date.now(),
-    lastUsed: 0,
-    enabled: true,
-    rateLimitResetTimes: {},
-    consecutiveFailures: 0,
-    lastFailureTime: null,
-    stats: {
-      requests: 0,
-      inputTokens: 0,
-      outputTokens: 0,
-      cacheReadTokens: 0,
-      cacheWriteTokens: 0,
-      lastReset: Date.now(),
-    },
-    source: undefined,
-  };
-
-  const ccCredential: CCCredential = {
-    accessToken: "at_cc_456",
-    refreshToken: "rt_cc_456",
-    expiresAt: Date.now() + 3600000,
-    source: "cc-keychain",
-    label: "Claude Code-credentials:alice@example.com",
-  };
-
-  describe("resolveIdentity", () => {
-    it("should resolve OAuth account identity from email", () => {
-      const identity = resolveIdentity(oauthAccount);
-
-      expect(identity).toEqual({
-        kind: "oauth",
+    const oauthAccount: ManagedAccount = {
+        id: "oauth-1",
+        index: 0,
         email: "alice@example.com",
-      });
-    });
-
-    it("should resolve CC account identity from source+label", () => {
-      const identity = resolveIdentity(ccAccount);
-
-      expect(identity).toEqual({
-        kind: "cc",
-        source: "cc-keychain",
+        refreshToken: "rt_oauth_123",
+        access: "at_oauth_123",
+        expires: Date.now() + 3600000,
+        tokenUpdatedAt: Date.now(),
+        addedAt: Date.now(),
+        lastUsed: 0,
+        enabled: true,
+        rateLimitResetTimes: {},
+        consecutiveFailures: 0,
+        lastFailureTime: null,
+        stats: {
+            requests: 0,
+            inputTokens: 0,
+            outputTokens: 0,
+            cacheReadTokens: 0,
+            cacheWriteTokens: 0,
+            lastReset: Date.now(),
+        },
+        source: "oauth",
+    };
+
+    const ccAccount: ManagedAccount = {
+        id: "cc-1",
+        index: 1,
+        email: undefined,
         label: "Claude Code-credentials:alice@example.com",
-      });
-    });
-
-    it("should resolve legacy identity from refreshToken when no email or source", () => {
-      const identity = resolveIdentity(legacyAccount);
+        refreshToken: "rt_cc_456",
+        access: "at_cc_456",
+        expires: Date.now() + 3600000,
+        tokenUpdatedAt: Date.now(),
+        addedAt: Date.now(),
+        lastUsed: 0,
+        enabled: true,
+        rateLimitResetTimes: {},
+        consecutiveFailures: 0,
+        lastFailureTime: null,
+        stats: {
+            requests: 0,
+            inputTokens: 0,
+            outputTokens: 0,
+            cacheReadTokens: 0,
+            cacheWriteTokens: 0,
+            lastReset: Date.now(),
+        },
+        source: "cc-keychain",
+    };
 
-      expect(identity).toEqual({
-        kind: "legacy",
+    const legacyAccount: ManagedAccount = {
+        id: "legacy-1",
+        index: 2,
+        email: undefined,
         refreshToken: "rt_legacy_789",
-      });
-    });
-  });
-
-  describe("exchange helpers", () => {
-    it("should resolve CC identity from a Claude Code credential", () => {
-      expect(resolveIdentityFromCCCredential(ccCredential)).toEqual({
-        kind: "cc",
+        access: "at_legacy_789",
+        expires: Date.now() + 3600000,
+        tokenUpdatedAt: Date.now(),
+        addedAt: Date.now(),
+        lastUsed: 0,
+        enabled: true,
+        rateLimitResetTimes: {},
+        consecutiveFailures: 0,
+        lastFailureTime: null,
+        stats: {
+            requests: 0,
+            inputTokens: 0,
+            outputTokens: 0,
+            cacheReadTokens: 0,
+            cacheWriteTokens: 0,
+            lastReset: Date.now(),
+        },
+        source: undefined,
+    };
+
+    const ccCredential: CCCredential = {
+        accessToken: "at_cc_456",
+        refreshToken: "rt_cc_456",
+        expiresAt: Date.now() + 3600000,
         source: "cc-keychain",
         label: "Claude Code-credentials:alice@example.com",
-      });
+    };
+
+    describe("resolveIdentity", () => {
+        it("should resolve OAuth account identity from email", () => {
+            const identity = resolveIdentity(oauthAccount);
+
+            expect(identity).toEqual({
+                kind: "oauth",
+                email: "alice@example.com",
+            });
+        });
+
+        it("should resolve CC account identity from source+label", () => {
+            const identity = resolveIdentity(ccAccount);
+
+            expect(identity).toEqual({
+                kind: "cc",
+                source: "cc-keychain",
+                label: "Claude Code-credentials:alice@example.com",
+            });
+        });
+
+        it("should resolve legacy identity from refreshToken when no email or source", () => {
+            const identity = resolveIdentity(legacyAccount);
+
+            expect(identity).toEqual({
+                kind: "legacy",
+                refreshToken: "rt_legacy_789",
+            });
+        });
     });
 
-    it("should resolve OAuth exchange results with email as OAuth identity", () => {
-      expect(resolveIdentityFromOAuthExchange({ email: "alice@example.com", refresh: "rt_oauth_123" })).toEqual({
-        kind: "oauth",
-        email: "alice@example.com",
-      });
+    describe("exchange helpers", () => {
+        it("should resolve CC identity from a Claude Code credential", () => {
+            expect(resolveIdentityFromCCCredential(ccCredential)).toEqual({
+                kind: "cc",
+                source: "cc-keychain",
+                label: "Claude Code-credentials:alice@example.com",
+            });
+        });
+
+        it("should resolve OAuth exchange results with email as OAuth identity", () => {
+            expect(resolveIdentityFromOAuthExchange({ email: "alice@example.com", refresh: "rt_oauth_123" })).toEqual({
+                kind: "oauth",
+                email: "alice@example.com",
+            });
+        });
+
+        it("should resolve OAuth exchange results without email as legacy identity", () => {
+            expect(resolveIdentityFromOAuthExchange({ refresh: "rt_legacy_789" })).toEqual({
+                kind: "legacy",
+                refreshToken: "rt_legacy_789",
+            });
+        });
     });
 
-    it("should resolve OAuth exchange results without email as legacy identity", () => {
-      expect(resolveIdentityFromOAuthExchange({ refresh: "rt_legacy_789" })).toEqual({
-        kind: "legacy",
-        refreshToken: "rt_legacy_789",
-      });
-    });
-  });
-
-  describe("identitiesMatch", () => {
-    it("should match OAuth accounts with same email", () => {
-      const identity1: AccountIdentity = { kind: "oauth", email: "alice@example.com" };
-      const identity2: AccountIdentity = { kind: "oauth", email: "alice@example.com" };
-
-      expect(identitiesMatch(identity1, identity2)).toBe(true);
-    });
-
-    it("should match CC accounts with same source+label", () => {
-      const identity1: AccountIdentity = { kind: "cc", source: "cc-keychain", label: "label1" };
-      const identity2: AccountIdentity = { kind: "cc", source: "cc-keychain", label: "label1" };
-
-      expect(identitiesMatch(identity1, identity2)).toBe(true);
-    });
-
-    it("should not match different identity types", () => {
-      const oauthIdentity: AccountIdentity = { kind: "oauth", email: "alice@example.com" };
-      const ccIdentity: AccountIdentity = { kind: "cc", source: "cc-keychain", label: "label" };
-      const legacyIdentity: AccountIdentity = { kind: "legacy", refreshToken: "rt" };
-
-      expect(identitiesMatch(oauthIdentity, ccIdentity)).toBe(false);
-      expect(identitiesMatch(oauthIdentity, legacyIdentity)).toBe(false);
-      expect(identitiesMatch(ccIdentity, legacyIdentity)).toBe(false);
-    });
-
-    it("should not match different stable key fields", () => {
-      expect(
-        identitiesMatch({ kind: "oauth", email: "alice@example.com" }, { kind: "oauth", email: "bob@example.com" }),
-      ).toBe(false);
-      expect(
-        identitiesMatch(
-          { kind: "cc", source: "cc-keychain", label: "label1" },
-          { kind: "cc", source: "cc-keychain", label: "label2" },
-        ),
-      ).toBe(false);
-    });
-  });
-
-  describe("findByIdentity", () => {
-    const accounts: ManagedAccount[] = [oauthAccount, ccAccount, legacyAccount];
-
-    it("should find matching accounts by stable identity", () => {
-      expect(findByIdentity(accounts, { kind: "oauth", email: "alice@example.com" })).toBe(oauthAccount);
-      expect(
-        findByIdentity(accounts, {
-          kind: "cc",
-          source: "cc-keychain",
-          label: "Claude Code-credentials:alice@example.com",
-        }),
-      ).toBe(ccAccount);
-      expect(findByIdentity(accounts, { kind: "legacy", refreshToken: "rt_legacy_789" })).toBe(legacyAccount);
-      expect(findByIdentity(accounts, { kind: "oauth", email: "unknown@example.com" })).toBeNull();
+    describe("identitiesMatch", () => {
+        it("should match OAuth accounts with same email", () => {
+            const identity1: AccountIdentity = { kind: "oauth", email: "alice@example.com" };
+            const identity2: AccountIdentity = { kind: "oauth", email: "alice@example.com" };
+
+            expect(identitiesMatch(identity1, identity2)).toBe(true);
+        });
+
+        it("should match CC accounts with same source+label", () => {
+            const identity1: AccountIdentity = { kind: "cc", source: "cc-keychain", label: "label1" };
+            const identity2: AccountIdentity = { kind: "cc", source: "cc-keychain", label: "label1" };
+
+            expect(identitiesMatch(identity1, identity2)).toBe(true);
+        });
+
+        it("should not match different identity types", () => {
+            const oauthIdentity: AccountIdentity = { kind: "oauth", email: "alice@example.com" };
+            const ccIdentity: AccountIdentity = { kind: "cc", source: "cc-keychain", label: "label" };
+            const legacyIdentity: AccountIdentity = { kind: "legacy", refreshToken: "rt" };
+
+            expect(identitiesMatch(oauthIdentity, ccIdentity)).toBe(false);
+            expect(identitiesMatch(oauthIdentity, legacyIdentity)).toBe(false);
+            expect(identitiesMatch(ccIdentity, legacyIdentity)).toBe(false);
+        });
+
+        it("should not match different stable key fields", () => {
+            expect(
+                identitiesMatch(
+                    { kind: "oauth", email: "alice@example.com" },
+                    { kind: "oauth", email: "bob@example.com" },
+                ),
+            ).toBe(false);
+            expect(
+                identitiesMatch(
+                    { kind: "cc", source: "cc-keychain", label: "label1" },
+                    { kind: "cc", source: "cc-keychain", label: "label2" },
+                ),
+            ).toBe(false);
+        });
     });
 
-    it("should serialize identities without leaking secrets", () => {
-      expect(serializeIdentity({ kind: "oauth", email: "alice@example.com" })).toBe("oauth:alice@example.com");
-      expect(serializeIdentity({ kind: "cc", source: "cc-keychain", label: "label1" })).toBe("cc:cc-keychain:label1");
-      expect(serializeIdentity({ kind: "legacy", refreshToken: "secret-refresh-token" })).toBe("legacy:redacted");
+    describe("findByIdentity", () => {
+        const accounts: ManagedAccount[] = [oauthAccount, ccAccount, legacyAccount];
+
+        it("should find matching accounts by stable identity", () => {
+            expect(findByIdentity(accounts, { kind: "oauth", email: "alice@example.com" })).toBe(oauthAccount);
+            expect(
+                findByIdentity(accounts, {
+                    kind: "cc",
+                    source: "cc-keychain",
+                    label: "Claude Code-credentials:alice@example.com",
+                }),
+            ).toBe(ccAccount);
+            expect(findByIdentity(accounts, { kind: "legacy", refreshToken: "rt_legacy_789" })).toBe(legacyAccount);
+            expect(findByIdentity(accounts, { kind: "oauth", email: "unknown@example.com" })).toBeNull();
+        });
+
+        it("should serialize identities without leaking secrets", () => {
+            expect(serializeIdentity({ kind: "oauth", email: "alice@example.com" })).toBe("oauth:alice@example.com");
+            expect(serializeIdentity({ kind: "cc", source: "cc-keychain", label: "label1" })).toBe(
+                "cc:cc-keychain:label1",
+            );
+            expect(serializeIdentity({ kind: "legacy", refreshToken: "secret-refresh-token" })).toBe("legacy:redacted");
+        });
     });
-  });
 });

package/src/account-identity.ts

@@ -5,104 +5,106 @@ import type { AccountMetadata } from "./storage.js";
 type CCAccountSource = "cc-keychain" | "cc-file";
 
 export type AccountIdentity =
-  | { kind: "oauth"; email: string }
-  | { kind: "cc"; source: CCAccountSource; label: string }
-  | { kind: "legacy"; refreshToken: string };
+    | { kind: "oauth"; email: string }
+    | { kind: "cc"; source: CCAccountSource; label: string }
+    | { kind: "legacy"; refreshToken: string };
 
 type IdentityAccount = ManagedAccount | AccountMetadata;
 
 function isCCAccountSource(source: IdentityAccount["source"]): source is CCAccountSource {
-  return source === "cc-keychain" || source === "cc-file";
+    return source === "cc-keychain" || source === "cc-file";
 }
 
 function isAccountIdentity(value: unknown): value is AccountIdentity {
-  if (!value || typeof value !== "object") return false;
-
-  const candidate = value as Record<string, unknown>;
-  switch (candidate.kind) {
-    case "oauth":
-      return typeof candidate.email === "string" && candidate.email.length > 0;
-    case "cc":
-      return isCCAccountSource(candidate.source as IdentityAccount["source"]) && typeof candidate.label === "string";
-    case "legacy":
-      return typeof candidate.refreshToken === "string" && candidate.refreshToken.length > 0;
-    default:
-      return false;
-  }
+    if (!value || typeof value !== "object") return false;
+
+    const candidate = value as Record<string, unknown>;
+    switch (candidate.kind) {
+        case "oauth":
+            return typeof candidate.email === "string" && candidate.email.length > 0;
+        case "cc":
+            return (
+                isCCAccountSource(candidate.source as IdentityAccount["source"]) && typeof candidate.label === "string"
+            );
+        case "legacy":
+            return typeof candidate.refreshToken === "string" && candidate.refreshToken.length > 0;
+        default:
+            return false;
+    }
 }
 
 export function resolveIdentity(account: IdentityAccount): AccountIdentity {
-  if (isAccountIdentity(account.identity)) {
-    return account.identity;
-  }
+    if (isAccountIdentity(account.identity)) {
+        return account.identity;
+    }
 
-  if (account.source === "oauth" && account.email) {
-    return { kind: "oauth", email: account.email };
-  }
+    if (account.source === "oauth" && account.email) {
+        return { kind: "oauth", email: account.email };
+    }
 
-  if (isCCAccountSource(account.source) && account.label) {
-    return { kind: "cc", source: account.source, label: account.label };
-  }
+    if (isCCAccountSource(account.source) && account.label) {
+        return { kind: "cc", source: account.source, label: account.label };
+    }
 
-  return { kind: "legacy", refreshToken: account.refreshToken };
+    return { kind: "legacy", refreshToken: account.refreshToken };
 }
 
 export function resolveIdentityFromCCCredential(cred: CCCredential): AccountIdentity {
-  return {
-    kind: "cc",
-    source: cred.source,
-    label: cred.label,
-  };
+    return {
+        kind: "cc",
+        source: cred.source,
+        label: cred.label,
+    };
 }
 
 export function resolveIdentityFromOAuthExchange(result: { email?: string; refresh: string }): AccountIdentity {
-  if (result.email) {
+    if (result.email) {
+        return {
+            kind: "oauth",
+            email: result.email,
+        };
+    }
+
     return {
-      kind: "oauth",
-      email: result.email,
+        kind: "legacy",
+        refreshToken: result.refresh,
     };
-  }
-
-  return {
-    kind: "legacy",
-    refreshToken: result.refresh,
-  };
 }
 
 export function identitiesMatch(a: AccountIdentity, b: AccountIdentity): boolean {
-  if (a.kind !== b.kind) return false;
-
-  switch (a.kind) {
-    case "oauth": {
-      return a.email === (b as Extract<AccountIdentity, { kind: "oauth" }>).email;
+    if (a.kind !== b.kind) return false;
+
+    switch (a.kind) {
+        case "oauth": {
+            return a.email === (b as Extract<AccountIdentity, { kind: "oauth" }>).email;
+        }
+        case "cc": {
+            const ccIdentity = b as Extract<AccountIdentity, { kind: "cc" }>;
+            return a.source === ccIdentity.source && a.label === ccIdentity.label;
+        }
+        case "legacy": {
+            return a.refreshToken === (b as Extract<AccountIdentity, { kind: "legacy" }>).refreshToken;
+        }
     }
-    case "cc": {
-      const ccIdentity = b as Extract<AccountIdentity, { kind: "cc" }>;
-      return a.source === ccIdentity.source && a.label === ccIdentity.label;
-    }
-    case "legacy": {
-      return a.refreshToken === (b as Extract<AccountIdentity, { kind: "legacy" }>).refreshToken;
-    }
-  }
 }
 
 export function findByIdentity<T extends IdentityAccount>(accounts: T[], id: AccountIdentity): T | null {
-  for (const account of accounts) {
-    if (identitiesMatch(resolveIdentity(account), id)) {
-      return account;
+    for (const account of accounts) {
+        if (identitiesMatch(resolveIdentity(account), id)) {
+            return account;
+        }
     }
-  }
 
-  return null;
+    return null;
 }
 
 export function serializeIdentity(id: AccountIdentity): string {
-  switch (id.kind) {
-    case "oauth":
-      return `oauth:${id.email}`;
-    case "cc":
-      return `cc:${id.source}:${id.label}`;
-    case "legacy":
-      return "legacy:redacted";
-  }
+    switch (id.kind) {
+        case "oauth":
+            return `oauth:${id.email}`;
+        case "cc":
+            return `cc:${id.source}:${id.label}`;
+        case "legacy":
+            return "legacy:redacted";
+    }
 }