@zhafron/opencode-kiro-auth 1.4.11 → 1.5.0

package/dist/constants.d.ts

@@ -2,7 +2,6 @@ import type { KiroRegion } from './plugin/types';
 export declare function isValidRegion(region: string): region is KiroRegion;
 export declare function normalizeRegion(region: string | undefined): KiroRegion;
 export declare function buildUrl(template: string, region: KiroRegion): string;
-export declare function validateUrl(url: string): boolean;
 export declare const KIRO_CONSTANTS: {
     REFRESH_URL: string;
     REFRESH_IDC_URL: string;

package/dist/constants.js

@@ -18,15 +18,6 @@ export function buildUrl(template, region) {
         throw new Error(`Invalid URL generated: ${url}`);
     }
 }
-export function validateUrl(url) {
-    try {
-        new URL(url);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
 export const KIRO_CONSTANTS = {
     REFRESH_URL: 'https://prod.{{region}}.auth.desktop.kiro.dev/refreshToken',
     REFRESH_IDC_URL: 'https://oidc.{{region}}.amazonaws.com/token',

package/dist/core/account/account-selector.d.ts

@@ -0,0 +1,21 @@
+import type { AccountRepository } from '../../infrastructure/database/account-repository';
+import type { AccountManager } from '../../plugin/accounts';
+import type { ManagedAccount } from '../../plugin/types';
+type ToastFunction = (message: string, variant: 'info' | 'warning' | 'success' | 'error') => void;
+interface AccountSelectorConfig {
+    auto_sync_kiro_cli: boolean;
+    account_selection_strategy: 'sticky' | 'round-robin' | 'lowest-usage';
+}
+export declare class AccountSelector {
+    private accountManager;
+    private config;
+    private syncFromKiroCli;
+    private repository;
+    private triedEmptySync;
+    constructor(accountManager: AccountManager, config: AccountSelectorConfig, syncFromKiroCli: () => Promise<void>, repository: AccountRepository);
+    selectHealthyAccount(showToast: ToastFunction): Promise<ManagedAccount | null>;
+    private handleEmptyAccounts;
+    private formatUsageMessage;
+    private sleep;
+}
+export {};

package/dist/core/account/account-selector.js

@@ -0,0 +1,64 @@
+export class AccountSelector {
+    accountManager;
+    config;
+    syncFromKiroCli;
+    repository;
+    triedEmptySync = false;
+    constructor(accountManager, config, syncFromKiroCli, repository) {
+        this.accountManager = accountManager;
+        this.config = config;
+        this.syncFromKiroCli = syncFromKiroCli;
+        this.repository = repository;
+    }
+    async selectHealthyAccount(showToast) {
+        let count = this.accountManager.getAccountCount();
+        if (count === 0 && this.config.auto_sync_kiro_cli && !this.triedEmptySync) {
+            this.triedEmptySync = true;
+            await this.handleEmptyAccounts();
+            count = this.accountManager.getAccountCount();
+        }
+        if (count === 0) {
+            throw new Error('No accounts');
+        }
+        let acc = this.accountManager.getCurrentOrNext();
+        if (!acc) {
+            const wait = this.accountManager.getMinWaitTime();
+            if (wait > 0 && wait < 30000) {
+                if (this.accountManager.shouldShowToast()) {
+                    showToast(`All accounts rate-limited. Waiting ${Math.ceil(wait / 1000)}s...`, 'warning');
+                }
+                await this.sleep(wait);
+                return null;
+            }
+            throw new Error('All accounts are unhealthy or rate-limited');
+        }
+        if (this.accountManager.shouldShowToast()) {
+            showToast(`Using ${acc.email} (${this.accountManager.getAccounts().indexOf(acc) + 1}/${count})`, 'info');
+        }
+        if (this.accountManager.shouldShowUsageToast() &&
+            acc.usedCount !== undefined &&
+            acc.limitCount !== undefined) {
+            const p = acc.limitCount > 0 ? (acc.usedCount / acc.limitCount) * 100 : 0;
+            showToast(this.formatUsageMessage(acc.usedCount, acc.limitCount, acc.email), p >= 80 ? 'warning' : 'info');
+        }
+        return acc;
+    }
+    async handleEmptyAccounts() {
+        await this.syncFromKiroCli();
+        this.repository.invalidateCache();
+        const accounts = await this.repository.findAll();
+        for (const a of accounts) {
+            this.accountManager.addAccount(a);
+        }
+    }
+    formatUsageMessage(usedCount, limitCount, email) {
+        if (limitCount > 0) {
+            const percentage = Math.round((usedCount / limitCount) * 100);
+            return `Usage (${email}): ${usedCount}/${limitCount} (${percentage}%)`;
+        }
+        return `Usage (${email}): ${usedCount}`;
+    }
+    sleep(ms) {
+        return new Promise((r) => setTimeout(r, ms));
+    }
+}

package/dist/core/account/usage-tracker.d.ts

@@ -0,0 +1,17 @@
+import type { AccountRepository } from '../../infrastructure/database/account-repository';
+import type { AccountManager } from '../../plugin/accounts';
+import type { KiroAuthDetails, ManagedAccount } from '../../plugin/types';
+interface UsageTrackerConfig {
+    usage_tracking_enabled: boolean;
+    usage_sync_max_retries: number;
+}
+export declare class UsageTracker {
+    private config;
+    private accountManager;
+    private repository;
+    constructor(config: UsageTrackerConfig, accountManager: AccountManager, repository: AccountRepository);
+    syncUsage(account: ManagedAccount, auth: KiroAuthDetails): Promise<void>;
+    private syncWithRetry;
+    private sleep;
+}
+export {};

package/dist/core/account/usage-tracker.js

@@ -0,0 +1,39 @@
+import { fetchUsageLimits, updateAccountQuota } from '../../plugin/usage';
+export class UsageTracker {
+    config;
+    accountManager;
+    repository;
+    constructor(config, accountManager, repository) {
+        this.config = config;
+        this.accountManager = accountManager;
+        this.repository = repository;
+    }
+    async syncUsage(account, auth) {
+        if (!this.config.usage_tracking_enabled) {
+            return;
+        }
+        this.syncWithRetry(account, auth, 0).catch(() => { });
+    }
+    async syncWithRetry(account, auth, attempt) {
+        try {
+            const u = await fetchUsageLimits(auth);
+            updateAccountQuota(account, u, this.accountManager);
+            await this.repository.batchSave(this.accountManager.getAccounts());
+        }
+        catch (e) {
+            if (attempt < this.config.usage_sync_max_retries) {
+                await this.sleep(1000 * Math.pow(2, attempt));
+                return this.syncWithRetry(account, auth, attempt + 1);
+            }
+            if (e.message?.includes('403') ||
+                e.message?.includes('invalid') ||
+                e.message?.includes('bearer token')) {
+                this.accountManager.markUnhealthy(account, e.message);
+                this.repository.save(account).catch(() => { });
+            }
+        }
+    }
+    sleep(ms) {
+        return new Promise((r) => setTimeout(r, ms));
+    }
+}

package/dist/core/auth/auth-handler.d.ts

@@ -0,0 +1,15 @@
+import type { AccountRepository } from '../../infrastructure/database/account-repository.js';
+export declare class AuthHandler {
+    private config;
+    private repository;
+    private accountManager?;
+    constructor(config: any, repository: AccountRepository);
+    initialize(): Promise<void>;
+    setAccountManager(am: any): void;
+    getMethods(): Array<{
+        id: string;
+        label: string;
+        type: 'oauth';
+        authorize: (inputs?: any) => Promise<any>;
+    }>;
+}

package/dist/core/auth/auth-handler.js

@@ -0,0 +1,33 @@
+import { IdcAuthMethod } from './idc-auth-method.js';
+export class AuthHandler {
+    config;
+    repository;
+    accountManager;
+    constructor(config, repository) {
+        this.config = config;
+        this.repository = repository;
+    }
+    async initialize() {
+        const { syncFromKiroCli } = await import('../../plugin/sync/kiro-cli.js');
+        if (this.config.auto_sync_kiro_cli) {
+            await syncFromKiroCli();
+        }
+    }
+    setAccountManager(am) {
+        this.accountManager = am;
+    }
+    getMethods() {
+        if (!this.accountManager) {
+            return [];
+        }
+        const idcMethod = new IdcAuthMethod(this.config, this.repository);
+        return [
+            {
+                id: 'idc',
+                label: 'AWS Builder ID (IDC)',
+                type: 'oauth',
+                authorize: (inputs) => idcMethod.authorize(inputs)
+            }
+        ];
+    }
+}

package/dist/core/auth/idc-auth-method.d.ts

@@ -0,0 +1,17 @@
+import type { AccountRepository } from '../../infrastructure/database/account-repository.js';
+export declare class IdcAuthMethod {
+    private config;
+    private repository;
+    constructor(config: any, repository: AccountRepository);
+    authorize(inputs?: any): Promise<{
+        url: string;
+        instructions: string;
+        method: 'auto';
+        callback: () => Promise<{
+            type: 'success' | 'failed';
+            key?: string;
+        }>;
+    }>;
+    private handleMultipleLogin;
+    private handleSingleLogin;
+}

package/dist/core/auth/idc-auth-method.js

@@ -0,0 +1,194 @@
+import { exec } from 'node:child_process';
+import { authorizeKiroIDC } from '../../kiro/oauth-idc.js';
+import { createDeterministicAccountId } from '../../plugin/accounts.js';
+import { promptAddAnotherAccount, promptDeleteAccount, promptLoginMode } from '../../plugin/cli.js';
+import * as logger from '../../plugin/logger.js';
+import { startIDCAuthServer } from '../../plugin/server.js';
+import { fetchUsageLimits } from '../../plugin/usage.js';
+const openBrowser = (url) => {
+    const escapedUrl = url.replace(/"/g, '\\"');
+    const platform = process.platform;
+    const cmd = platform === 'win32'
+        ? `cmd /c start "" "${escapedUrl}"`
+        : platform === 'darwin'
+            ? `open "${escapedUrl}"`
+            : `xdg-open "${escapedUrl}"`;
+    exec(cmd, (error) => {
+        if (error)
+            logger.warn(`Browser error: ${error.message}`);
+    });
+};
+export class IdcAuthMethod {
+    config;
+    repository;
+    constructor(config, repository) {
+        this.config = config;
+        this.repository = repository;
+    }
+    async authorize(inputs) {
+        return new Promise(async (resolve) => {
+            const region = this.config.default_region;
+            if (inputs) {
+                await this.handleMultipleLogin(region, resolve);
+            }
+            else {
+                await this.handleSingleLogin(region, resolve);
+            }
+        });
+    }
+    async handleMultipleLogin(region, resolve) {
+        const accounts = [];
+        let startFresh = true;
+        const existingAccounts = await this.repository.findAll();
+        const idcAccs = existingAccounts.filter((a) => a.authMethod === 'idc');
+        if (idcAccs.length > 0) {
+            const existingAccountsList = idcAccs.map((acc, idx) => ({
+                email: acc.email,
+                index: idx
+            }));
+            const mode = await promptLoginMode(existingAccountsList);
+            if (mode === 'delete') {
+                const deleteIndex = await promptDeleteAccount(existingAccountsList);
+                if (deleteIndex !== null && idcAccs[deleteIndex]) {
+                    const accToDelete = idcAccs[deleteIndex];
+                    await this.repository.delete(accToDelete.id);
+                    console.log(`\n[Success] Deleted: ${accToDelete.email}\n`);
+                }
+                const finalAccounts = await this.repository.findAll();
+                return resolve({
+                    url: '',
+                    instructions: `Complete (${finalAccounts.length} accounts).`,
+                    method: 'auto',
+                    callback: async () => ({
+                        type: 'success',
+                        key: finalAccounts[0]?.accessToken || ''
+                    })
+                });
+            }
+            startFresh = mode === 'fresh';
+        }
+        while (true) {
+            try {
+                const authData = await authorizeKiroIDC(region);
+                const { url, waitForAuth } = await startIDCAuthServer(authData, this.config.auth_server_port_start, this.config.auth_server_port_range);
+                openBrowser(url);
+                const res = await waitForAuth();
+                const u = await fetchUsageLimits({
+                    refresh: '',
+                    access: res.accessToken,
+                    expires: res.expiresAt,
+                    authMethod: 'idc',
+                    region,
+                    clientId: res.clientId,
+                    clientSecret: res.clientSecret
+                });
+                if (!u.email) {
+                    console.log('\n[Error] Failed to fetch account email. Skipping...\n');
+                    continue;
+                }
+                accounts.push(res);
+                if (accounts.length === 1 && startFresh) {
+                    const allAccounts = await this.repository.findAll();
+                    const idcAccountsToRemove = allAccounts.filter((a) => a.authMethod === 'idc');
+                    for (const acc of idcAccountsToRemove) {
+                        await this.repository.delete(acc.id);
+                    }
+                }
+                const id = createDeterministicAccountId(u.email, 'idc', res.clientId);
+                const acc = {
+                    id,
+                    email: u.email,
+                    authMethod: 'idc',
+                    region,
+                    clientId: res.clientId,
+                    clientSecret: res.clientSecret,
+                    refreshToken: res.refreshToken,
+                    accessToken: res.accessToken,
+                    expiresAt: res.expiresAt,
+                    rateLimitResetTime: 0,
+                    isHealthy: true,
+                    failCount: 0,
+                    usedCount: u.usedCount,
+                    limitCount: u.limitCount
+                };
+                await this.repository.save(acc);
+                const currentCount = (await this.repository.findAll()).length;
+                console.log(`\n[Success] Added: ${u.email} (Quota: ${u.usedCount}/${u.limitCount})\n`);
+                if (!(await promptAddAnotherAccount(currentCount)))
+                    break;
+            }
+            catch (e) {
+                console.log(`\n[Error] Login failed: ${e.message}\n`);
+                break;
+            }
+        }
+        const finalAccounts = await this.repository.findAll();
+        return resolve({
+            url: '',
+            instructions: `Complete (${finalAccounts.length} accounts).`,
+            method: 'auto',
+            callback: async () => ({
+                type: 'success',
+                key: finalAccounts[0]?.accessToken || ''
+            })
+        });
+    }
+    async handleSingleLogin(region, resolve) {
+        try {
+            const authData = await authorizeKiroIDC(region);
+            const { url, waitForAuth } = await startIDCAuthServer(authData, this.config.auth_server_port_start, this.config.auth_server_port_range);
+            openBrowser(url);
+            resolve({
+                url,
+                instructions: `Open: ${url}`,
+                method: 'auto',
+                callback: async () => {
+                    try {
+                        const res = await waitForAuth();
+                        const u = await fetchUsageLimits({
+                            refresh: '',
+                            access: res.accessToken,
+                            expires: res.expiresAt,
+                            authMethod: 'idc',
+                            region,
+                            clientId: res.clientId,
+                            clientSecret: res.clientSecret
+                        });
+                        if (!u.email)
+                            throw new Error('No email');
+                        const id = createDeterministicAccountId(u.email, 'idc', res.clientId);
+                        const acc = {
+                            id,
+                            email: u.email,
+                            authMethod: 'idc',
+                            region,
+                            clientId: res.clientId,
+                            clientSecret: res.clientSecret,
+                            refreshToken: res.refreshToken,
+                            accessToken: res.accessToken,
+                            expiresAt: res.expiresAt,
+                            rateLimitResetTime: 0,
+                            isHealthy: true,
+                            failCount: 0,
+                            usedCount: u.usedCount,
+                            limitCount: u.limitCount
+                        };
+                        await this.repository.save(acc);
+                        return { type: 'success', key: res.accessToken };
+                    }
+                    catch (e) {
+                        return { type: 'failed' };
+                    }
+                }
+            });
+        }
+        catch (e) {
+            resolve({
+                url: '',
+                instructions: 'Failed',
+                method: 'auto',
+                callback: async () => ({ type: 'failed' })
+            });
+        }
+    }
+}

package/dist/core/auth/token-refresher.d.ts

@@ -0,0 +1,22 @@
+import type { AccountRepository } from '../../infrastructure/database/account-repository';
+import type { AccountManager } from '../../plugin/accounts';
+import type { KiroAuthDetails, ManagedAccount } from '../../plugin/types';
+type ToastFunction = (message: string, variant: 'info' | 'warning' | 'success' | 'error') => void;
+interface TokenRefresherConfig {
+    token_expiry_buffer_ms: number;
+    auto_sync_kiro_cli: boolean;
+    account_selection_strategy: 'sticky' | 'round-robin' | 'lowest-usage';
+}
+export declare class TokenRefresher {
+    private config;
+    private accountManager;
+    private syncFromKiroCli;
+    private repository;
+    constructor(config: TokenRefresherConfig, accountManager: AccountManager, syncFromKiroCli: () => Promise<void>, repository: AccountRepository);
+    refreshIfNeeded(account: ManagedAccount, auth: KiroAuthDetails, showToast: ToastFunction): Promise<{
+        account: ManagedAccount;
+        shouldContinue: boolean;
+    }>;
+    private handleRefreshError;
+}
+export {};

package/dist/core/auth/token-refresher.js

@@ -0,0 +1,53 @@
+import { accessTokenExpired } from '../../kiro/auth';
+import { KiroTokenRefreshError } from '../../plugin/errors';
+import { refreshAccessToken } from '../../plugin/token';
+export class TokenRefresher {
+    config;
+    accountManager;
+    syncFromKiroCli;
+    repository;
+    constructor(config, accountManager, syncFromKiroCli, repository) {
+        this.config = config;
+        this.accountManager = accountManager;
+        this.syncFromKiroCli = syncFromKiroCli;
+        this.repository = repository;
+    }
+    async refreshIfNeeded(account, auth, showToast) {
+        if (!accessTokenExpired(auth, this.config.token_expiry_buffer_ms)) {
+            return { account, shouldContinue: false };
+        }
+        try {
+            const newAuth = await refreshAccessToken(auth);
+            this.accountManager.updateFromAuth(account, newAuth);
+            await this.repository.batchSave(this.accountManager.getAccounts());
+            return { account, shouldContinue: false };
+        }
+        catch (e) {
+            return await this.handleRefreshError(e, account, showToast);
+        }
+    }
+    async handleRefreshError(error, account, showToast) {
+        if (this.config.auto_sync_kiro_cli) {
+            await this.syncFromKiroCli();
+        }
+        this.repository.invalidateCache();
+        const accounts = await this.repository.findAll();
+        const stillAcc = accounts.find((a) => a.id === account.id);
+        if (stillAcc &&
+            !accessTokenExpired(this.accountManager.toAuthDetails(stillAcc), this.config.token_expiry_buffer_ms)) {
+            showToast('Credentials recovered from Kiro CLI sync.', 'info');
+            return { account: stillAcc, shouldContinue: true };
+        }
+        if (error instanceof KiroTokenRefreshError &&
+            (error.code === 'ExpiredTokenException' ||
+                error.code === 'InvalidTokenException' ||
+                error.code === 'HTTP_401' ||
+                error.code === 'HTTP_403' ||
+                error.message.includes('Invalid refresh token provided'))) {
+            this.accountManager.markUnhealthy(account, error.message);
+            await this.repository.batchSave(this.accountManager.getAccounts());
+            return { account, shouldContinue: true };
+        }
+        throw error;
+    }
+}

package/dist/core/index.d.ts

@@ -0,0 +1,9 @@
+export * from './account/account-selector.js';
+export * from './account/usage-tracker.js';
+export * from './auth/auth-handler.js';
+export * from './auth/idc-auth-method.js';
+export * from './auth/token-refresher.js';
+export * from './request/error-handler.js';
+export * from './request/request-handler.js';
+export * from './request/response-handler.js';
+export * from './request/retry-strategy.js';

package/dist/core/index.js

@@ -0,0 +1,9 @@
+export * from './account/account-selector.js';
+export * from './account/usage-tracker.js';
+export * from './auth/auth-handler.js';
+export * from './auth/idc-auth-method.js';
+export * from './auth/token-refresher.js';
+export * from './request/error-handler.js';
+export * from './request/request-handler.js';
+export * from './request/response-handler.js';
+export * from './request/retry-strategy.js';

package/dist/core/request/error-handler.d.ts

@@ -0,0 +1,29 @@
+import type { AccountRepository } from '../../infrastructure/database/account-repository';
+import type { AccountManager } from '../../plugin/accounts';
+import type { ManagedAccount } from '../../plugin/types';
+type ToastFunction = (message: string, variant: 'info' | 'warning' | 'success' | 'error') => void;
+interface RequestContext {
+    reductionFactor: number;
+    retry: number;
+}
+interface ErrorHandlerConfig {
+    rate_limit_max_retries: number;
+}
+export declare class ErrorHandler {
+    private config;
+    private accountManager;
+    private repository;
+    constructor(config: ErrorHandlerConfig, accountManager: AccountManager, repository: AccountRepository);
+    handle(error: any, response: Response, account: ManagedAccount, context: RequestContext, showToast: ToastFunction): Promise<{
+        shouldRetry: boolean;
+        newContext?: RequestContext;
+        switchAccount?: boolean;
+    }>;
+    handleNetworkError(error: any, context: RequestContext, showToast: ToastFunction): Promise<{
+        shouldRetry: boolean;
+        newContext?: RequestContext;
+    }>;
+    private isNetworkError;
+    private sleep;
+}
+export {};

package/dist/core/request/error-handler.js

@@ -0,0 +1,113 @@
+export class ErrorHandler {
+    config;
+    accountManager;
+    repository;
+    constructor(config, accountManager, repository) {
+        this.config = config;
+        this.accountManager = accountManager;
+        this.repository = repository;
+    }
+    async handle(error, response, account, context, showToast) {
+        if (response.status === 400 && context.reductionFactor > 0.4) {
+            const newFactor = context.reductionFactor - 0.2;
+            showToast(`Context too long. Retrying with ${Math.round(newFactor * 100)}%...`, 'warning');
+            return {
+                shouldRetry: true,
+                newContext: { ...context, reductionFactor: newFactor }
+            };
+        }
+        if (response.status === 401 && context.retry < this.config.rate_limit_max_retries) {
+            return {
+                shouldRetry: true,
+                newContext: { ...context, retry: context.retry + 1 }
+            };
+        }
+        if (response.status === 500) {
+            account.failCount = (account.failCount || 0) + 1;
+            let errorMessage = 'Internal Server Error';
+            try {
+                const errorBody = await response.text();
+                const errorData = JSON.parse(errorBody);
+                if (errorData.message) {
+                    errorMessage = errorData.message;
+                }
+                else if (errorData.Message) {
+                    errorMessage = errorData.Message;
+                }
+            }
+            catch (e) { }
+            if (account.failCount < 5) {
+                const delay = 1000 * Math.pow(2, account.failCount - 1);
+                showToast(`Server Error (500): ${errorMessage}. Retrying in ${Math.ceil(delay / 1000)}s...`, 'warning');
+                await this.sleep(delay);
+                return { shouldRetry: true };
+            }
+            else {
+                this.accountManager.markUnhealthy(account, `Server Error (500) after 5 attempts: ${errorMessage}`);
+                await this.repository.batchSave(this.accountManager.getAccounts());
+                showToast(`Server Error (500): ${errorMessage}. Marking account as unhealthy and switching...`, 'warning');
+                return { shouldRetry: true, switchAccount: true };
+            }
+        }
+        if (response.status === 429) {
+            const w = parseInt(response.headers.get('retry-after') || '60') * 1000;
+            this.accountManager.markRateLimited(account, w);
+            await this.repository.batchSave(this.accountManager.getAccounts());
+            const count = this.accountManager.getAccountCount();
+            if (count > 1) {
+                showToast(`Rate limited (${account.email}). Switching account...`, 'warning');
+                return { shouldRetry: true, switchAccount: true };
+            }
+            showToast(`Rate limited. Waiting ${Math.ceil(w / 1000)}s...`, 'warning');
+            await this.sleep(w);
+            return { shouldRetry: true };
+        }
+        if ((response.status === 402 || response.status === 403) &&
+            this.accountManager.getAccountCount() > 1) {
+            let errorReason = response.status === 402 ? 'Quota' : 'Forbidden';
+            let isPermanent = false;
+            try {
+                const errorBody = await response.text();
+                const errorData = JSON.parse(errorBody);
+                if (errorData.reason === 'INVALID_MODEL_ID') {
+                    throw new Error(`Invalid model: ${errorData.message}`);
+                }
+                if (errorData.reason === 'TEMPORARILY_SUSPENDED') {
+                    errorReason = 'Account Suspended';
+                    isPermanent = true;
+                }
+            }
+            catch (e) {
+                if (e instanceof Error && e.message.includes('Invalid model')) {
+                    throw e;
+                }
+            }
+            if (isPermanent) {
+                account.failCount = 10;
+            }
+            this.accountManager.markUnhealthy(account, errorReason);
+            await this.repository.batchSave(this.accountManager.getAccounts());
+            showToast(`${errorReason} (${account.email}). Switching account...`, 'warning');
+            return { shouldRetry: true, switchAccount: true };
+        }
+        return { shouldRetry: false };
+    }
+    async handleNetworkError(error, context, showToast) {
+        if (this.isNetworkError(error) && context.retry < this.config.rate_limit_max_retries) {
+            const d = 5000 * Math.pow(2, context.retry);
+            showToast(`Network error. Retrying in ${Math.ceil(d / 1000)}s...`, 'warning');
+            await this.sleep(d);
+            return {
+                shouldRetry: true,
+                newContext: { ...context, retry: context.retry + 1 }
+            };
+        }
+        return { shouldRetry: false };
+    }
+    isNetworkError(e) {
+        return (e instanceof Error && /econnreset|etimedout|enotfound|network|fetch failed/i.test(e.message));
+    }
+    sleep(ms) {
+        return new Promise((r) => setTimeout(r, ms));
+    }
+}