@zhangferry-dev/tokendash 1.6.0 → 1.6.2

package/dist/server/quota/adapters/claude.js

@@ -0,0 +1,124 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { execFileSync } from 'node:child_process';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { fetchJsonWithTimeout, HttpError, classifyHttpError, windowFromPercent } from '../helpers.js';
+export const claudeAdapter = {
+    provider: 'claude',
+    displayName: 'Claude Code',
+    async isConfigured() {
+        const token = readClaudeToken();
+        return !!token;
+    },
+    async fetch() {
+        const token = readClaudeToken();
+        if (!token) {
+            throw new QuotaError({ state: 'not_configured', message: 'no Claude Code OAuth credential found' });
+        }
+        let data;
+        try {
+            data = (await fetchJsonWithTimeout('https://api.anthropic.com/api/oauth/usage', {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                    'anthropic-beta': 'oauth-2025-04-20',
+                    'Content-Type': 'application/json',
+                },
+            }));
+        }
+        catch (err) {
+            throw classifyFetchError(err);
+        }
+        const windows = [];
+        if (data.five_hour) {
+            windows.push(windowFromPercent('five_hour', '5-Hour Window', data.five_hour.utilization ?? 0, {
+                durationMins: 300,
+                resetsAt: normalizeIso(data.five_hour.resets_at),
+            }));
+        }
+        if (data.seven_day) {
+            windows.push(windowFromPercent('seven_day', 'Weekly', data.seven_day.utilization ?? 0, {
+                durationMins: 10080,
+                resetsAt: normalizeIso(data.seven_day.resets_at),
+            }));
+        }
+        if (data.seven_day_opus?.utilization !== undefined && data.seven_day_opus?.utilization !== null) {
+            windows.push(windowFromPercent('seven_day_opus', 'Weekly · Opus', data.seven_day_opus.utilization, {
+                durationMins: 10080,
+                resetsAt: normalizeIso(data.seven_day_opus.resets_at),
+            }));
+        }
+        const snap = baseSnapshot('claude', 'Claude Code', { windows });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function classifyFetchError(err) {
+    if (err instanceof HttpError) {
+        const c = classifyHttpError(err);
+        return new QuotaError(c);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+/** The OAuth response returns ISO strings; pass through (normalize Z suffix). */
+function normalizeIso(s) {
+    return s ? new Date(s).toISOString() : undefined;
+}
+/** Read the Claude Code OAuth access token from keychain (macOS) or file. */
+function readClaudeToken() {
+    if (process.platform === 'darwin') {
+        const token = readFromKeychain();
+        if (token)
+            return token;
+        // Fall through to file for headless/SSH sessions where keychain is locked.
+    }
+    const configDir = process.env.CLAUDE_CONFIG_DIR || join(homedir(), '.claude');
+    const credPath = join(configDir, '.credentials.json');
+    if (existsSync(credPath)) {
+        try {
+            const parsed = JSON.parse(readFileSync(credPath, 'utf8'));
+            return parsed?.claudeAiOauth?.accessToken ?? null;
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
+function readFromKeychain() {
+    // Keychain entries may carry a per-installation GUID suffix; try the base
+    // name first, then any matching suffix.
+    const candidates = ['Claude Code-credentials'];
+    try {
+        const list = execFileSync('security', ['dump-keychain'], { stdio: ['ignore', 'pipe', 'ignore'], encoding: 'utf8' });
+        for (const m of list.matchAll(/"srvname"<blob>="([^"]*Claude Code-credentials[^"]*)"/g)) {
+            if (m[1] && !candidates.includes(m[1]))
+                candidates.push(m[1]);
+        }
+    }
+    catch {
+        // dump-keychain may prompt or fail; base name is the common case.
+    }
+    for (const name of candidates) {
+        try {
+            const raw = execFileSync('security', ['find-generic-password', '-s', name, '-w'], {
+                stdio: ['ignore', 'pipe', 'ignore'],
+                encoding: 'utf8',
+            }).trim();
+            if (!raw)
+                continue;
+            // The stored value is itself a JSON blob holding the OAuth tokens.
+            try {
+                const parsed = JSON.parse(raw);
+                return parsed?.claudeAiOauth?.accessToken ?? null;
+            }
+            catch {
+                return raw; // already a bare token in some setups
+            }
+        }
+        catch {
+            continue;
+        }
+    }
+    return null;
+}

package/dist/server/quota/adapters/codex.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const codexAdapter: QuotaAdapter;

package/dist/server/quota/adapters/codex.js

@@ -0,0 +1,188 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { spawn } from 'node:child_process';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { unixToIso, windowFromPercent } from '../helpers.js';
+function codexHome() {
+    return process.env.CODEX_HOME || join(homedir(), '.codex');
+}
+export const codexAdapter = {
+    provider: 'codex',
+    displayName: 'OpenAI Codex',
+    async isConfigured() {
+        // auth.json present signals the user has logged in (file credential store).
+        // Keyring-stored creds won't show a file, but the app-server itself is the
+        // authority there — so also treat the codex binary being runnable as configured.
+        if (existsSync(join(codexHome(), 'auth.json')))
+            return true;
+        return await codexBinaryAvailable();
+    },
+    async fetch() {
+        const result = await queryRateLimits();
+        const buckets = result.rateLimitsByLimitId ?? (result.rateLimits ? { primary: result.rateLimits } : {});
+        const windows = [];
+        for (const [key, bucket] of Object.entries(buckets)) {
+            if (bucket.primary) {
+                windows.push(windowFromPercent(`codex_${key}_primary`, labelForBucket(key, 'primary', bucket), bucket.primary.usedPercent ?? 0, {
+                    durationMins: bucket.primary.windowDurationMins,
+                    resetsAt: unixToIso(bucket.primary.resetsAt),
+                }));
+            }
+            if (bucket.secondary) {
+                windows.push(windowFromPercent(`codex_${key}_secondary`, labelForBucket(key, 'secondary', bucket), bucket.secondary.usedPercent ?? 0, {
+                    durationMins: bucket.secondary.windowDurationMins,
+                    resetsAt: unixToIso(bucket.secondary.resetsAt),
+                }));
+            }
+        }
+        const snap = baseSnapshot('codex', 'OpenAI Codex', {
+            planName: result.planType ? capitalize(result.planType) : undefined,
+            windows,
+        });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function labelForBucket(key, tier, bucket) {
+    const dur = tier === 'primary' ? bucket.primary?.windowDurationMins : bucket.secondary?.windowDurationMins;
+    const durLabel = dur ? durationLabel(dur) : capitalize(tier);
+    // Prefer an explicit limit name; fall back to the bucket key, then the tier.
+    const who = bucket.limitName || (key && key !== 'primary' ? key : '');
+    return who ? `${capitalize(who)} · ${durLabel}` : durLabel;
+}
+function durationLabel(mins) {
+    if (mins >= 10080)
+        return 'Weekly';
+    if (mins >= 1440)
+        return `${Math.round(mins / 1440)}-Day`;
+    if (mins >= 60)
+        return `${Math.round(mins / 60)}-Hour`;
+    return `${mins}m`;
+}
+function capitalize(s) {
+    return s.charAt(0).toUpperCase() + s.slice(1);
+}
+// --- JSON-RPC over the codex app-server ---
+async function queryRateLimits() {
+    if (!(await codexBinaryAvailable())) {
+        throw new QuotaError({ state: 'not_configured', message: 'codex CLI not found on PATH' });
+    }
+    const proc = spawn('codex', ['app-server'], { stdio: ['pipe', 'pipe', 'pipe'] });
+    const client = new JsonRpcClient(proc);
+    try {
+        await client.request('initialize', {
+            protocolVersion: '2025-03-26',
+            clientInfo: { name: 'tokendash', version: '1.0.0' },
+        });
+        client.notify('initialized', {});
+        const res = await client.request('account/rateLimits/read', {});
+        return res;
+    }
+    catch (err) {
+        throw toQuotaError(err);
+    }
+    finally {
+        client.dispose();
+        try {
+            proc.kill('SIGKILL');
+        }
+        catch { /* already gone */ }
+    }
+}
+function toQuotaError(err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/not found|ENOENT|spawn/i.test(msg)) {
+        return new QuotaError({ state: 'not_configured', message: 'codex app-server unavailable' });
+    }
+    if (/401|403|unauthor|auth/i.test(msg)) {
+        return new QuotaError({ state: 'auth_failed', message: 'codex session not authenticated' });
+    }
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+/** Minimal line-delimited JSON-RPC 2.0 client over a child process stdio. */
+class JsonRpcClient {
+    proc;
+    id = 0;
+    buffer = '';
+    pending = new Map();
+    disposed = false;
+    constructor(proc) {
+        this.proc = proc;
+        proc.stdout.setEncoding('utf8');
+        proc.stdout.on('data', (chunk) => this.onData(chunk));
+        proc.on('error', (err) => this.failAll(err));
+        proc.on('close', () => this.failAll(new Error('codex app-server closed unexpectedly')));
+    }
+    request(method, params) {
+        if (this.disposed)
+            return Promise.reject(new Error('client disposed'));
+        const id = ++this.id;
+        const msg = JSON.stringify({ jsonrpc: '2.0', id, method, params }) + '\n';
+        return new Promise((resolve, reject) => {
+            this.pending.set(id, { resolve: resolve, reject });
+            this.proc.stdin.write(msg, (err) => {
+                if (err)
+                    reject(err instanceof Error ? err : new Error(String(err)));
+            });
+        });
+    }
+    notify(method, params) {
+        if (this.disposed)
+            return;
+        const msg = JSON.stringify({ jsonrpc: '2.0', method, params }) + '\n';
+        this.proc.stdin.write(msg, () => { });
+    }
+    dispose() {
+        this.disposed = true;
+        this.failAll(new Error('disposed'));
+    }
+    onData(chunk) {
+        this.buffer += chunk;
+        let idx;
+        while ((idx = this.buffer.indexOf('\n')) >= 0) {
+            const line = this.buffer.slice(0, idx).trim();
+            this.buffer = this.buffer.slice(idx + 1);
+            if (!line)
+                continue;
+            let msg;
+            try {
+                msg = JSON.parse(line);
+            }
+            catch {
+                continue; // skip non-JSON framing lines
+            }
+            if (msg.id === undefined)
+                continue; // notifications
+            const entry = this.pending.get(msg.id);
+            if (!entry)
+                continue;
+            this.pending.delete(msg.id);
+            if (msg.error)
+                entry.reject(new Error(msg.error.message || 'codex JSON-RPC error'));
+            else
+                entry.resolve(msg.result);
+        }
+    }
+    failAll(err) {
+        for (const [, entry] of this.pending)
+            entry.reject(err);
+        this.pending.clear();
+    }
+}
+let cachedCodexPath;
+async function codexBinaryAvailable() {
+    if (cachedCodexPath !== undefined)
+        return cachedCodexPath !== null;
+    return new Promise((resolve) => {
+        const proc = spawn('which', ['codex'], { stdio: ['ignore', 'pipe', 'ignore'] });
+        let out = '';
+        proc.stdout.on('data', (c) => { out += c; });
+        proc.on('close', () => {
+            cachedCodexPath = out.trim() || null;
+            resolve(cachedCodexPath !== null);
+        });
+        proc.on('error', () => { cachedCodexPath = null; resolve(false); });
+    });
+}
+// Keep readFileSync referenced for potential future auth.json inspection without network.
+void readFileSync;

package/dist/server/quota/adapters/glm.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const glmAdapter: QuotaAdapter;

package/dist/server/quota/adapters/glm.js

@@ -0,0 +1,133 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { fetchJsonWithTimeout, HttpError, classifyHttpError, windowFromPercent, windowFromCounts, unixToIso } from '../helpers.js';
+import { readStoredCredential } from '../credentialsFile.js';
+export const glmAdapter = {
+    provider: 'glm',
+    displayName: 'GLM Coding Plan',
+    async isConfigured() {
+        return !!resolveCredential();
+    },
+    async fetch() {
+        const cred = resolveCredential();
+        if (!cred) {
+            throw new QuotaError({ state: 'not_configured', message: 'set ZAI_API_KEY or ZHIPU_API_KEY' });
+        }
+        let data;
+        try {
+            data = (await fetchJsonWithTimeout(`${cred.base}/api/monitor/usage/quota/limit`, {
+                headers: {
+                    // GLM wants the raw key, NOT "Bearer <key>".
+                    Authorization: cred.key,
+                    'Accept-Language': 'en-US,en',
+                    'Content-Type': 'application/json',
+                },
+            }));
+        }
+        catch (err) {
+            throw classifyFetchError(err);
+        }
+        if (!data?.success && data?.code !== 200) {
+            throw new QuotaError({ state: 'upstream_unavailable', message: data?.msg || 'GLM quota request failed' });
+        }
+        const limits = data.data?.limits ?? [];
+        const windows = [];
+        // TOKENS_LIMIT: two entries (5h + weekly). Sort by reset time so the
+        // shorter window is labeled first.
+        const tokenLimits = limits
+            .filter((l) => l.type === 'TOKENS_LIMIT' && typeof l.percentage === 'number')
+            .sort((a, b) => (a.nextResetTime ?? 0) - (b.nextResetTime ?? 0));
+        tokenLimits.forEach((l, i) => {
+            const isShort = i === 0; // first after sort = nearer reset = 5h
+            windows.push(windowFromPercent(isShort ? 'glm_5h' : 'glm_weekly', isShort ? '5-Hour Window' : 'Weekly', l.percentage ?? 0, { durationMins: isShort ? 300 : 10080, resetsAt: unixToIso(l.nextResetTime) }));
+        });
+        // TIME_LIMIT: monthly MCP usage, reported with absolute counts.
+        const timeLimit = limits.find((l) => l.type === 'TIME_LIMIT');
+        if (timeLimit && typeof timeLimit.usage === 'number') {
+            windows.push(windowFromCounts('glm_mcp_monthly', 'MCP · Monthly', timeLimit.currentValue ?? 0, timeLimit.usage));
+        }
+        const snap = baseSnapshot('glm', 'GLM Coding Plan', {
+            planName: data.data?.level ? capitalize(data.data.level) : undefined,
+            windows,
+        });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function classifyFetchError(err) {
+    if (err instanceof HttpError) {
+        const c = classifyHttpError(err);
+        return new QuotaError(c);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+function resolveCredential() {
+    // 0. Key entered in-app (via the credential sheet) — highest priority.
+    const stored = readStoredCredential('glm');
+    if (stored)
+        return { key: stored.apiKey, base: stored.baseUrl || 'https://open.bigmodel.cn' };
+    // 1. Explicit GLM Coding Plan API keys.
+    const zai = envOrConfig('ZAI_API_KEY');
+    if (zai)
+        return { key: zai, base: envOrConfig('ZAI_BASE_URL') || 'https://api.z.ai' };
+    const zhipu = envOrConfig('ZHIPU_API_KEY');
+    if (zhipu)
+        return { key: zhipu, base: envOrConfig('ZHIPU_BASE_URL') || 'https://open.bigmodel.cn' };
+    // 2. cc-switch / Claude Code scenario: ANTHROPIC_BASE_URL is pointed at a
+    // GLM domain (open.bigmodel.cn or api.z.ai) and the plan token lives in
+    // ANTHROPIC_AUTH_TOKEN / ANTHROPIC_API_KEY. The monitor endpoint shares the
+    // same token; we just swap the path from /api/anthropic to /api/monitor/...
+    const anthropicBase = envOrConfig('ANTHROPIC_BASE_URL');
+    if (anthropicBase && isGlmHost(anthropicBase)) {
+        const origin = originOf(anthropicBase);
+        const token = envOrConfig('ANTHROPIC_AUTH_TOKEN') || envOrConfig('ANTHROPIC_API_KEY');
+        if (origin && token)
+            return { key: token, base: origin };
+    }
+    return null;
+}
+function isGlmHost(url) {
+    const h = url.toLowerCase();
+    return h.includes('bigmodel.cn') || h.includes('z.ai');
+}
+function originOf(url) {
+    try {
+        const u = new URL(url);
+        return `${u.protocol}//${u.host}`;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Read an env var, falling back to the Claude Code settings.json `env` block.
+ * Needed because the Swift app launches the daemon from Finder, where the
+ * ANTHROPIC_* vars Claude Code injects into its own process are absent — but
+ * they're persisted in ~/.claude/settings.json (how cc-switch writes them).
+ */
+let claudeSettingsEnv;
+function envOrConfig(key) {
+    if (process.env[key])
+        return process.env[key];
+    if (claudeSettingsEnv === undefined)
+        claudeSettingsEnv = loadClaudeSettingsEnv();
+    return claudeSettingsEnv?.[key];
+}
+function loadClaudeSettingsEnv() {
+    const configDir = process.env.CLAUDE_CONFIG_DIR || join(homedir(), '.claude');
+    try {
+        const path = join(configDir, 'settings.json');
+        if (!existsSync(path))
+            return null;
+        const parsed = JSON.parse(readFileSync(path, 'utf8'));
+        return parsed?.env && typeof parsed.env === 'object' ? parsed.env : null;
+    }
+    catch {
+        return null;
+    }
+}
+function capitalize(s) {
+    return s.charAt(0).toUpperCase() + s.slice(1);
+}

package/dist/server/quota/adapters/kimi.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const kimiAdapter: QuotaAdapter;

package/dist/server/quota/adapters/kimi.js

@@ -0,0 +1,184 @@
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { readStoredCredential } from '../credentialsFile.js';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { fetchJsonWithTimeout, HttpError, classifyHttpError, windowFromCounts } from '../helpers.js';
+/**
+ * Kimi Code adapter.
+ *
+ * Source: `GET https://api.kimi.com/coding/v1/usages`, Bearer auth with the
+ * OAuth token stored by the Kimi CLI at ~/.kimi/credentials/kimi-code.json.
+ * Returns a primary weekly `usage` block plus an arbitrary-length `limits[]`
+ * array of windows (e.g. a 5-hour rolling window).
+ *
+ * Token lifetime is ~1h, so we refresh it from auth.kimi.com before it
+ * expires and persist the new tokens back to the same file (the Kimi CLI
+ * reads the same file, so both stay in sync).
+ */
+const KIMI_CLIENT_ID = '17e5f671-d194-4dfb-9706-5516cb48c098';
+const KIMI_BASE = 'https://api.kimi.com/coding/v1';
+const KIMI_AUTH = 'https://auth.kimi.com/api/oauth/token';
+export const kimiAdapter = {
+    provider: 'kimi',
+    displayName: 'Kimi Code',
+    async isConfigured() {
+        const cred = readCredentials();
+        return !!cred && !!cred.access_token;
+    },
+    async fetch() {
+        const credPath = credentialsPath();
+        let cred = readCredentials();
+        if (!cred || !cred.access_token) {
+            throw new QuotaError({ state: 'not_configured', message: 'run `kimi` to log in first' });
+        }
+        // Refresh proactively if within 5 min of expiry.
+        const nowSec = Math.floor(Date.now() / 1000);
+        if (cred.expires_at && cred.expires_at - nowSec < 300 && cred.refresh_token) {
+            cred = await refreshToken(credPath, cred.refresh_token).catch(() => cred);
+        }
+        let data;
+        try {
+            data = (await fetchJsonWithTimeout(`${KIMI_BASE}/usages`, {
+                headers: {
+                    Authorization: `Bearer ${cred.access_token}`,
+                    Accept: 'application/json',
+                },
+            }));
+        }
+        catch (err) {
+            throw classifyFetchError(err);
+        }
+        const windows = [];
+        // Primary weekly usage.
+        if (data.usage) {
+            const { used, limit } = toCounts(data.usage);
+            if (limit > 0) {
+                windows.push(windowFromCounts('kimi_weekly', 'Weekly', used, limit, {
+                    durationMins: 10080,
+                    resetsAt: normalizeIso(data.usage.resetTime),
+                }));
+            }
+        }
+        // Arbitrary-length limits[] (e.g. 5-hour rolling window).
+        for (let i = 0; i < (data.limits?.length ?? 0); i++) {
+            const entry = data.limits[i];
+            const detail = entry?.detail;
+            if (!detail)
+                continue;
+            const { used, limit } = toCounts(detail);
+            if (limit <= 0)
+                continue;
+            const mins = minutesForWindow(entry?.window);
+            windows.push(windowFromCounts(`kimi_limit_${i}`, mins ? `${durationLabel(mins)} Window` : `Window ${i + 1}`, used, limit, {
+                durationMins: mins,
+                resetsAt: normalizeIso(detail.resetTime),
+            }));
+        }
+        const snap = baseSnapshot('kimi', 'Kimi Code', {
+            planName: data.user?.membership?.level ? prettifyLevel(data.user.membership.level) : undefined,
+            windows,
+        });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function classifyFetchError(err) {
+    if (err instanceof HttpError) {
+        const c = classifyHttpError(err);
+        return new QuotaError(c);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+/** Kimi returns limit/remaining as STRINGS — coerce and invert to used. */
+function toCounts(detail) {
+    const limit = toNumber(detail.limit);
+    const remaining = toNumber(detail.remaining);
+    if (limit <= 0)
+        return { used: 0, limit: 0 };
+    return { used: Math.max(0, limit - remaining), limit };
+}
+function toNumber(v) {
+    if (v === undefined || v === null)
+        return 0;
+    const n = typeof v === 'string' ? parseFloat(v) : v;
+    return Number.isFinite(n) ? n : 0;
+}
+function minutesForWindow(window) {
+    if (!window?.duration)
+        return undefined;
+    const unit = (window.timeUnit || '').toUpperCase();
+    if (unit.includes('HOUR'))
+        return window.duration * 60;
+    if (unit.includes('DAY'))
+        return window.duration * 1440;
+    return window.duration; // default minutes
+}
+function durationLabel(mins) {
+    if (mins >= 10080)
+        return 'Weekly';
+    if (mins >= 1440)
+        return `${Math.round(mins / 1440)}-Day`;
+    if (mins >= 60)
+        return `${Math.round(mins / 60)}-Hour`;
+    return `${mins}m`;
+}
+function normalizeIso(s) {
+    return s ? new Date(s).toISOString() : undefined;
+}
+function prettifyLevel(level) {
+    // "LEVEL_INTERMEDIATE" -> "Intermediate"
+    return level.replace(/^LEVEL_/, '').toLowerCase().replace(/(^|_)(\w)/g, (_, __, c) => ' ' + c.toUpperCase()).trim();
+}
+function kimiDataDir() {
+    return process.env.KIMI_DATA_DIR || join(homedir(), '.kimi');
+}
+function credentialsPath() {
+    return join(kimiDataDir(), 'credentials', 'kimi-code.json');
+}
+function readCredentials() {
+    // 0. Token entered in-app (via the credential sheet) — highest priority.
+    // Treated as a bare access token; no refresh token, so it's used as-is.
+    const stored = readStoredCredential('kimi');
+    if (stored?.apiKey) {
+        return { access_token: stored.apiKey, token_type: 'Bearer' };
+    }
+    const path = credentialsPath();
+    if (!existsSync(path))
+        return null;
+    try {
+        return JSON.parse(readFileSync(path, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+async function refreshToken(credPath, refreshToken) {
+    const body = new URLSearchParams({
+        client_id: KIMI_CLIENT_ID,
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+    });
+    const res = await fetch(KIMI_AUTH, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body,
+    });
+    if (!res.ok)
+        throw new Error(`token refresh failed: HTTP ${res.status}`);
+    const tokens = (await res.json());
+    const updated = {
+        access_token: tokens.access_token,
+        refresh_token: tokens.refresh_token || refreshToken,
+        expires_at: Math.floor(Date.now() / 1000) + (tokens.expires_in ?? 3600),
+        token_type: tokens.token_type || 'Bearer',
+    };
+    // Persist back so the Kimi CLI and this adapter share the refreshed token.
+    try {
+        writeFileSync(credPath, JSON.stringify(updated, null, 2), 'utf8');
+    }
+    catch {
+        // Best-effort; the in-memory token still works for this request.
+    }
+    return updated;
+}

package/dist/server/quota/adapters/minimax.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const minimaxAdapter: QuotaAdapter;