@zhangferry-dev/tokendash 1.6.1 → 1.7.0

package/dist/server/quota/adapter.d.ts

@@ -0,0 +1,49 @@
+import type { QuotaCredentialInput, QuotaProviderId, QuotaSnapshot, QuotaProviderStatus } from './types.js';
+/**
+ * Structured quota error. Adapters throw this (not generic Error) so the
+ * service can classify the status without inspecting message strings.
+ * Messages must never contain secrets — they reach the API response.
+ */
+export declare class QuotaError extends Error {
+    readonly status: QuotaProviderStatus;
+    constructor(status: QuotaProviderStatus);
+}
+/**
+ * One provider adapter. Responsible only for:
+ *   1. detecting whether the provider is configured (credentials present)
+ *   2. invoking the upstream interface
+ *   3. validating the response
+ *   4. converting to a normalized snapshot
+ *
+ * It does NOT cache, deduplicate, or time out — the service owns those.
+ * Detecting a provider as configured means it appears in the dashboard;
+ * fetch() may still fail with an auth/error status.
+ */
+export interface QuotaAdapter {
+    readonly provider: QuotaProviderId;
+    readonly displayName: string;
+    /** True when credentials/config exist for this provider locally. Cheap, no network. */
+    isConfigured(): Promise<boolean>;
+    /**
+     * Fetch a fresh normalized snapshot. Throws QuotaError on any failure.
+     * Must NOT include secrets in any field of the returned snapshot.
+     */
+    fetch(options?: {
+        credential?: QuotaCredentialInput;
+    }): Promise<QuotaSnapshot>;
+}
+/**
+ * Registry of all known adapters, keyed by provider id.
+ * Adding a quota provider = ship one adapter + register it here.
+ */
+export declare class QuotaAdapterRegistry {
+    private readonly adapters;
+    register(adapter: QuotaAdapter): void;
+    get(provider: QuotaProviderId): QuotaAdapter | undefined;
+    list(): QuotaAdapter[];
+}
+/** Build a baseline snapshot with shared fields filled in. */
+export declare function baseSnapshot(provider: QuotaProviderId, displayName: string, opts?: {
+    planName?: string;
+    windows?: QuotaSnapshot['windows'];
+}): Pick<QuotaSnapshot, 'provider' | 'displayName' | 'planName' | 'fetchedAt' | 'freshness' | 'windows'>;

package/dist/server/quota/adapter.js

@@ -0,0 +1,41 @@
+/**
+ * Structured quota error. Adapters throw this (not generic Error) so the
+ * service can classify the status without inspecting message strings.
+ * Messages must never contain secrets — they reach the API response.
+ */
+export class QuotaError extends Error {
+    status;
+    constructor(status) {
+        const msg = 'message' in status && status.message ? status.message : '';
+        super(msg ? `${status.state}: ${msg}` : status.state);
+        this.name = 'QuotaError';
+        this.status = status;
+    }
+}
+/**
+ * Registry of all known adapters, keyed by provider id.
+ * Adding a quota provider = ship one adapter + register it here.
+ */
+export class QuotaAdapterRegistry {
+    adapters = new Map();
+    register(adapter) {
+        this.adapters.set(adapter.provider, adapter);
+    }
+    get(provider) {
+        return this.adapters.get(provider);
+    }
+    list() {
+        return Array.from(this.adapters.values());
+    }
+}
+/** Build a baseline snapshot with shared fields filled in. */
+export function baseSnapshot(provider, displayName, opts = {}) {
+    return {
+        provider,
+        displayName,
+        planName: opts.planName,
+        fetchedAt: new Date().toISOString(),
+        freshness: 'live',
+        windows: opts.windows ?? [],
+    };
+}

package/dist/server/quota/adapters/claude.d.ts

@@ -0,0 +1,4 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const claudeAdapter: QuotaAdapter;
+export declare function claudeKeychainServiceNames(configDir?: string): string[];
+export declare function extractClaudeAccessToken(value: unknown): string | null;

package/dist/server/quota/adapters/claude.js

@@ -0,0 +1,152 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir, userInfo } from 'node:os';
+import { execFileSync } from 'node:child_process';
+import { createHash } from 'node:crypto';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { fetchJsonWithTimeout, HttpError, classifyHttpError, windowFromPercent } from '../helpers.js';
+export const claudeAdapter = {
+    provider: 'claude',
+    displayName: 'Claude Code',
+    async isConfigured() {
+        const token = readClaudeToken();
+        return !!token;
+    },
+    async fetch() {
+        const token = readClaudeToken();
+        if (!token) {
+            throw new QuotaError({ state: 'not_configured', message: 'no Claude Code OAuth credential found' });
+        }
+        let data;
+        try {
+            data = (await fetchJsonWithTimeout('https://api.anthropic.com/api/oauth/usage', {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                    'anthropic-beta': 'oauth-2025-04-20',
+                    'Content-Type': 'application/json',
+                },
+            }));
+        }
+        catch (err) {
+            throw classifyFetchError(err);
+        }
+        const windows = [];
+        if (data.five_hour) {
+            windows.push(windowFromPercent('five_hour', '5-Hour Window', data.five_hour.utilization ?? 0, {
+                durationMins: 300,
+                resetsAt: normalizeIso(data.five_hour.resets_at),
+            }));
+        }
+        if (data.seven_day) {
+            windows.push(windowFromPercent('seven_day', 'Weekly', data.seven_day.utilization ?? 0, {
+                durationMins: 10080,
+                resetsAt: normalizeIso(data.seven_day.resets_at),
+            }));
+        }
+        if (data.seven_day_opus?.utilization !== undefined && data.seven_day_opus?.utilization !== null) {
+            windows.push(windowFromPercent('seven_day_opus', 'Weekly · Opus', data.seven_day_opus.utilization, {
+                durationMins: 10080,
+                resetsAt: normalizeIso(data.seven_day_opus.resets_at),
+            }));
+        }
+        const snap = baseSnapshot('claude', 'Claude Code', { windows });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function classifyFetchError(err) {
+    if (err instanceof HttpError) {
+        const c = classifyHttpError(err);
+        return new QuotaError(c);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+/** The OAuth response returns ISO strings; pass through (normalize Z suffix). */
+function normalizeIso(s) {
+    return s ? new Date(s).toISOString() : undefined;
+}
+/** Read the Claude Code OAuth access token from keychain (macOS) or file. */
+function readClaudeToken() {
+    if (process.platform === 'darwin') {
+        const token = readFromKeychain();
+        if (token)
+            return token;
+        // Fall through to file for headless/SSH sessions where keychain is locked.
+    }
+    const configDir = process.env.CLAUDE_CONFIG_DIR || join(homedir(), '.claude');
+    const credPath = join(configDir, '.credentials.json');
+    if (existsSync(credPath)) {
+        try {
+            const parsed = JSON.parse(readFileSync(credPath, 'utf8'));
+            return extractClaudeAccessToken(parsed);
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
+function readFromKeychain() {
+    const candidates = claudeKeychainServiceNames(process.env.CLAUDE_CONFIG_DIR);
+    try {
+        const list = execFileSync('security', ['dump-keychain'], { stdio: ['ignore', 'pipe', 'ignore'], encoding: 'utf8' });
+        for (const m of list.matchAll(/"svce"<blob>="([^"]*Claude Code-credentials[^"]*)"/g)) {
+            if (m[1] && !candidates.includes(m[1]))
+                candidates.push(m[1]);
+        }
+    }
+    catch {
+        // dump-keychain may fail; deterministic service names are still tried.
+    }
+    const accounts = [safeUsername(), undefined];
+    for (const name of candidates) {
+        for (const account of accounts) {
+            try {
+                const args = ['find-generic-password', '-s', name];
+                if (account)
+                    args.push('-a', account);
+                args.push('-w');
+                const raw = execFileSync('/usr/bin/security', args, {
+                    stdio: ['ignore', 'pipe', 'ignore'],
+                    encoding: 'utf8',
+                    timeout: 2_000,
+                }).trim();
+                if (!raw)
+                    continue;
+                const token = extractClaudeAccessToken(JSON.parse(raw));
+                if (token)
+                    return token;
+            }
+            catch {
+                continue;
+            }
+        }
+    }
+    return null;
+}
+export function claudeKeychainServiceNames(configDir) {
+    if (!configDir)
+        return ['Claude Code-credentials'];
+    const hash = createHash('sha256').update(configDir).digest('hex').slice(0, 8);
+    return [`Claude Code-credentials-${hash}`, 'Claude Code-credentials'];
+}
+export function extractClaudeAccessToken(value) {
+    if (!value || typeof value !== 'object')
+        return null;
+    const root = value;
+    const nested = root.claudeAiOauth;
+    const credentials = nested && typeof nested === 'object'
+        ? nested
+        : root;
+    return typeof credentials.accessToken === 'string' && credentials.accessToken
+        ? credentials.accessToken
+        : null;
+}
+function safeUsername() {
+    try {
+        return userInfo().username?.trim() || undefined;
+    }
+    catch {
+        return undefined;
+    }
+}

package/dist/server/quota/adapters/codex.d.ts

@@ -0,0 +1,16 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const codexAdapter: QuotaAdapter;
+interface CodexBinaryResolutionOptions {
+    home?: string;
+    path?: string;
+    explicitBinary?: string;
+    isExecutable?: (candidate: string) => boolean;
+    nvmVersions?: string[];
+}
+/**
+ * Resolve Codex independently of the launch environment. Finder-launched apps
+ * normally receive only /usr/bin:/bin:/usr/sbin:/sbin, while Codex is commonly
+ * installed in Codex.app, Homebrew, Volta, or an NVM version directory.
+ */
+export declare function resolveCodexBinary(options?: CodexBinaryResolutionOptions): string | null;
+export {};

package/dist/server/quota/adapters/codex.js

@@ -0,0 +1,226 @@
+import { existsSync, readdirSync, accessSync, constants } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+import { spawn } from 'node:child_process';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { unixToIso, windowFromPercent } from '../helpers.js';
+function codexHome() {
+    return process.env.CODEX_HOME || join(homedir(), '.codex');
+}
+export const codexAdapter = {
+    provider: 'codex',
+    displayName: 'OpenAI Codex',
+    async isConfigured() {
+        // Only surface Codex when the official login file and a runnable official
+        // CLI are both present. Finder-launched apps have a minimal PATH, so binary
+        // discovery must not rely on `which codex`.
+        return existsSync(join(codexHome(), 'auth.json')) && resolveCodexBinary() !== null;
+    },
+    async fetch() {
+        const result = await queryRateLimits();
+        const buckets = result.rateLimitsByLimitId ?? (result.rateLimits ? { primary: result.rateLimits } : {});
+        const windows = [];
+        for (const [key, bucket] of Object.entries(buckets)) {
+            if (bucket.primary) {
+                windows.push(windowFromPercent(`codex_${key}_primary`, labelForBucket(key, 'primary', bucket), bucket.primary.usedPercent ?? 0, {
+                    durationMins: bucket.primary.windowDurationMins,
+                    resetsAt: unixToIso(bucket.primary.resetsAt),
+                }));
+            }
+            if (bucket.secondary) {
+                windows.push(windowFromPercent(`codex_${key}_secondary`, labelForBucket(key, 'secondary', bucket), bucket.secondary.usedPercent ?? 0, {
+                    durationMins: bucket.secondary.windowDurationMins,
+                    resetsAt: unixToIso(bucket.secondary.resetsAt),
+                }));
+            }
+        }
+        const snap = baseSnapshot('codex', 'OpenAI Codex', {
+            planName: result.planType ? capitalize(result.planType) : undefined,
+            windows,
+        });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function labelForBucket(key, tier, bucket) {
+    const dur = tier === 'primary' ? bucket.primary?.windowDurationMins : bucket.secondary?.windowDurationMins;
+    const durLabel = dur ? durationLabel(dur) : capitalize(tier);
+    // Prefer an explicit limit name; fall back to the bucket key, then the tier.
+    const who = bucket.limitName || (key && key !== 'primary' ? key : '');
+    return who ? `${capitalize(who)} · ${durLabel}` : durLabel;
+}
+function durationLabel(mins) {
+    if (mins >= 10080)
+        return 'Weekly';
+    if (mins >= 1440)
+        return `${Math.round(mins / 1440)}-Day`;
+    if (mins >= 60)
+        return `${Math.round(mins / 60)}-Hour`;
+    return `${mins}m`;
+}
+function capitalize(s) {
+    return s.charAt(0).toUpperCase() + s.slice(1);
+}
+// --- JSON-RPC over the codex app-server ---
+async function queryRateLimits() {
+    const codexBinary = resolveCodexBinary();
+    if (!codexBinary) {
+        throw new QuotaError({ state: 'not_configured', message: 'official Codex CLI not found' });
+    }
+    const binaryDir = dirname(codexBinary);
+    const childPath = [binaryDir, process.env.PATH].filter(Boolean).join(':');
+    const proc = spawn(codexBinary, ['app-server'], {
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: { ...process.env, PATH: childPath },
+    });
+    const client = new JsonRpcClient(proc);
+    try {
+        await client.request('initialize', {
+            protocolVersion: '2025-03-26',
+            clientInfo: { name: 'tokendash', version: '1.0.0' },
+        });
+        client.notify('initialized', {});
+        const res = await client.request('account/rateLimits/read', {});
+        return res;
+    }
+    catch (err) {
+        throw toQuotaError(err);
+    }
+    finally {
+        client.dispose();
+        try {
+            proc.kill('SIGKILL');
+        }
+        catch { /* already gone */ }
+    }
+}
+function toQuotaError(err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (/not found|ENOENT|spawn/i.test(msg)) {
+        return new QuotaError({ state: 'not_configured', message: 'codex app-server unavailable' });
+    }
+    if (/401|403|unauthor|auth/i.test(msg)) {
+        return new QuotaError({ state: 'auth_failed', message: 'codex session not authenticated' });
+    }
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+/** Minimal line-delimited JSON-RPC 2.0 client over a child process stdio. */
+class JsonRpcClient {
+    proc;
+    id = 0;
+    buffer = '';
+    pending = new Map();
+    disposed = false;
+    constructor(proc) {
+        this.proc = proc;
+        proc.stdout.setEncoding('utf8');
+        proc.stdout.on('data', (chunk) => this.onData(chunk));
+        proc.on('error', (err) => this.failAll(err));
+        proc.on('close', () => this.failAll(new Error('codex app-server closed unexpectedly')));
+    }
+    request(method, params) {
+        if (this.disposed)
+            return Promise.reject(new Error('client disposed'));
+        const id = ++this.id;
+        const msg = JSON.stringify({ jsonrpc: '2.0', id, method, params }) + '\n';
+        return new Promise((resolve, reject) => {
+            this.pending.set(id, { resolve: resolve, reject });
+            this.proc.stdin.write(msg, (err) => {
+                if (err)
+                    reject(err instanceof Error ? err : new Error(String(err)));
+            });
+        });
+    }
+    notify(method, params) {
+        if (this.disposed)
+            return;
+        const msg = JSON.stringify({ jsonrpc: '2.0', method, params }) + '\n';
+        this.proc.stdin.write(msg, () => { });
+    }
+    dispose() {
+        this.disposed = true;
+        this.failAll(new Error('disposed'));
+    }
+    onData(chunk) {
+        this.buffer += chunk;
+        let idx;
+        while ((idx = this.buffer.indexOf('\n')) >= 0) {
+            const line = this.buffer.slice(0, idx).trim();
+            this.buffer = this.buffer.slice(idx + 1);
+            if (!line)
+                continue;
+            let msg;
+            try {
+                msg = JSON.parse(line);
+            }
+            catch {
+                continue; // skip non-JSON framing lines
+            }
+            if (msg.id === undefined)
+                continue; // notifications
+            const entry = this.pending.get(msg.id);
+            if (!entry)
+                continue;
+            this.pending.delete(msg.id);
+            if (msg.error)
+                entry.reject(new Error(msg.error.message || 'codex JSON-RPC error'));
+            else
+                entry.resolve(msg.result);
+        }
+    }
+    failAll(err) {
+        for (const [, entry] of this.pending)
+            entry.reject(err);
+        this.pending.clear();
+    }
+}
+/**
+ * Resolve Codex independently of the launch environment. Finder-launched apps
+ * normally receive only /usr/bin:/bin:/usr/sbin:/sbin, while Codex is commonly
+ * installed in Codex.app, Homebrew, Volta, or an NVM version directory.
+ */
+export function resolveCodexBinary(options = {}) {
+    const home = options.home ?? homedir();
+    const path = options.path ?? process.env.PATH ?? '';
+    const explicitBinary = options.explicitBinary ?? process.env.CODEX_BIN;
+    const isExecutable = options.isExecutable ?? defaultIsExecutable;
+    const nvmRoot = join(home, '.nvm', 'versions', 'node');
+    const nvmVersions = options.nvmVersions ?? readDirectoryNames(nvmRoot);
+    const candidates = [
+        explicitBinary,
+        '/Applications/Codex.app/Contents/Resources/codex',
+        join(home, 'Applications', 'Codex.app', 'Contents', 'Resources', 'codex'),
+        '/opt/homebrew/bin/codex',
+        '/usr/local/bin/codex',
+        join(home, '.local', 'bin', 'codex'),
+        join(home, '.volta', 'bin', 'codex'),
+        join(home, '.bun', 'bin', 'codex'),
+        ...nvmVersions
+            .sort((a, b) => b.localeCompare(a, undefined, { numeric: true }))
+            .map((version) => join(nvmRoot, version, 'bin', 'codex')),
+        ...path.split(':').filter(Boolean).map((directory) => join(directory, 'codex')),
+    ];
+    for (const candidate of candidates) {
+        if (candidate && isExecutable(candidate))
+            return candidate;
+    }
+    return null;
+}
+function defaultIsExecutable(candidate) {
+    try {
+        accessSync(candidate, constants.X_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function readDirectoryNames(directory) {
+    try {
+        return readdirSync(directory, { withFileTypes: true })
+            .filter((entry) => entry.isDirectory())
+            .map((entry) => entry.name);
+    }
+    catch {
+        return [];
+    }
+}

package/dist/server/quota/adapters/glm.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const glmAdapter: QuotaAdapter;

package/dist/server/quota/adapters/glm.js

@@ -0,0 +1,139 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { QuotaError, baseSnapshot } from '../adapter.js';
+import { fetchJsonWithTimeout, HttpError, classifyHttpError, windowFromPercent, windowFromCounts, unixToIso } from '../helpers.js';
+import { readStoredCredential } from '../credentialsFile.js';
+export const glmAdapter = {
+    provider: 'glm',
+    displayName: 'GLM Coding Plan',
+    async isConfigured() {
+        return !!resolveCredential();
+    },
+    async fetch(options) {
+        const cred = resolveCredential(options?.credential);
+        if (!cred) {
+            throw new QuotaError({ state: 'not_configured', message: 'set ZAI_API_KEY or ZHIPU_API_KEY' });
+        }
+        let data;
+        try {
+            data = (await fetchJsonWithTimeout(`${cred.base}/api/monitor/usage/quota/limit`, {
+                headers: {
+                    // GLM wants the raw key, NOT "Bearer <key>".
+                    Authorization: cred.key,
+                    'Accept-Language': 'en-US,en',
+                    'Content-Type': 'application/json',
+                },
+            }));
+        }
+        catch (err) {
+            throw classifyFetchError(err);
+        }
+        if (!data?.success && data?.code !== 200) {
+            throw new QuotaError({ state: 'upstream_unavailable', message: data?.msg || 'GLM quota request failed' });
+        }
+        const limits = data.data?.limits ?? [];
+        const windows = [];
+        // TOKENS_LIMIT: two entries (5h + weekly). Sort by reset time so the
+        // shorter window is labeled first.
+        const tokenLimits = limits
+            .filter((l) => l.type === 'TOKENS_LIMIT' && typeof l.percentage === 'number')
+            .sort((a, b) => (a.nextResetTime ?? 0) - (b.nextResetTime ?? 0));
+        tokenLimits.forEach((l, i) => {
+            const isShort = i === 0; // first after sort = nearer reset = 5h
+            windows.push(windowFromPercent(isShort ? 'glm_5h' : 'glm_weekly', isShort ? '5-Hour Window' : 'Weekly', l.percentage ?? 0, { durationMins: isShort ? 300 : 10080, resetsAt: unixToIso(l.nextResetTime) }));
+        });
+        // TIME_LIMIT: monthly MCP usage, reported with absolute counts.
+        const timeLimit = limits.find((l) => l.type === 'TIME_LIMIT');
+        if (timeLimit && typeof timeLimit.usage === 'number') {
+            windows.push(windowFromCounts('glm_mcp_monthly', 'MCP · Monthly', timeLimit.currentValue ?? 0, timeLimit.usage));
+        }
+        const snap = baseSnapshot('glm', 'GLM Coding Plan', {
+            planName: data.data?.level ? capitalize(data.data.level) : undefined,
+            windows,
+        });
+        return { ...snap, status: { state: 'ok' } };
+    },
+};
+function classifyFetchError(err) {
+    if (err instanceof HttpError) {
+        const c = classifyHttpError(err);
+        return new QuotaError(c);
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return new QuotaError({ state: 'upstream_unavailable', message: msg.slice(0, 200) });
+}
+function resolveCredential(proposed) {
+    if (proposed?.apiKey) {
+        return {
+            key: proposed.apiKey,
+            base: proposed.baseUrl || 'https://open.bigmodel.cn',
+        };
+    }
+    // 0. Key entered in-app (via the credential sheet) — highest priority.
+    const stored = readStoredCredential('glm');
+    if (stored)
+        return { key: stored.apiKey, base: stored.baseUrl || 'https://open.bigmodel.cn' };
+    // 1. Explicit GLM Coding Plan API keys.
+    const zai = envOrConfig('ZAI_API_KEY');
+    if (zai)
+        return { key: zai, base: envOrConfig('ZAI_BASE_URL') || 'https://api.z.ai' };
+    const zhipu = envOrConfig('ZHIPU_API_KEY');
+    if (zhipu)
+        return { key: zhipu, base: envOrConfig('ZHIPU_BASE_URL') || 'https://open.bigmodel.cn' };
+    // 2. cc-switch / Claude Code scenario: ANTHROPIC_BASE_URL is pointed at a
+    // GLM domain (open.bigmodel.cn or api.z.ai) and the plan token lives in
+    // ANTHROPIC_AUTH_TOKEN / ANTHROPIC_API_KEY. The monitor endpoint shares the
+    // same token; we just swap the path from /api/anthropic to /api/monitor/...
+    const anthropicBase = envOrConfig('ANTHROPIC_BASE_URL');
+    if (anthropicBase && isGlmHost(anthropicBase)) {
+        const origin = originOf(anthropicBase);
+        const token = envOrConfig('ANTHROPIC_AUTH_TOKEN') || envOrConfig('ANTHROPIC_API_KEY');
+        if (origin && token)
+            return { key: token, base: origin };
+    }
+    return null;
+}
+function isGlmHost(url) {
+    const h = url.toLowerCase();
+    return h.includes('bigmodel.cn') || h.includes('z.ai');
+}
+function originOf(url) {
+    try {
+        const u = new URL(url);
+        return `${u.protocol}//${u.host}`;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Read an env var, falling back to the Claude Code settings.json `env` block.
+ * Needed because the Swift app launches the daemon from Finder, where the
+ * ANTHROPIC_* vars Claude Code injects into its own process are absent — but
+ * they're persisted in ~/.claude/settings.json (how cc-switch writes them).
+ */
+let claudeSettingsEnv;
+function envOrConfig(key) {
+    if (process.env[key])
+        return process.env[key];
+    if (claudeSettingsEnv === undefined)
+        claudeSettingsEnv = loadClaudeSettingsEnv();
+    return claudeSettingsEnv?.[key];
+}
+function loadClaudeSettingsEnv() {
+    const configDir = process.env.CLAUDE_CONFIG_DIR || join(homedir(), '.claude');
+    try {
+        const path = join(configDir, 'settings.json');
+        if (!existsSync(path))
+            return null;
+        const parsed = JSON.parse(readFileSync(path, 'utf8'));
+        return parsed?.env && typeof parsed.env === 'object' ? parsed.env : null;
+    }
+    catch {
+        return null;
+    }
+}
+function capitalize(s) {
+    return s.charAt(0).toUpperCase() + s.slice(1);
+}

package/dist/server/quota/adapters/kimi.d.ts

@@ -0,0 +1,2 @@
+import type { QuotaAdapter } from '../adapter.js';
+export declare const kimiAdapter: QuotaAdapter;