axauth 2.1.0 → 3.0.0

package/dist/auth/agents/codex-storage.js

@@ -65,17 +65,16 @@ function buildAuthContent(type, data) {
     if (type === "api-key") {
         return { OPENAI_API_KEY: data.apiKey };
     }
-    const { _source: _unused, ...rest } = data;
-    void _unused;
-    if ("tokens" in rest) {
-        const auth = rest;
+    // source is now at top-level, so data is clean
+    if ("tokens" in data) {
+        const auth = data;
         if (!auth.last_refresh) {
             auth.last_refresh = new Date().toISOString();
         }
         return auth;
     }
     return {
-        tokens: rest,
+        tokens: data,
         last_refresh: new Date().toISOString(),
     };
 }

package/dist/auth/agents/codex.js

@@ -5,7 +5,7 @@
  */
 import { existsSync, readFileSync } from "node:fs";
 import path from "node:path";
-import { checkAuth, extractEnvironmentCredentials, extractRawCredentials, } from "./codex-auth-check.js";
+import { checkAuth, findStoredCredentials, getEnvironmentCredentials, } from "./codex-auth-check.js";
 import { CREDS_FILE_NAME, installCodexCredentials, removeCodexCredentials, } from "./codex-install.js";
 const AGENT_ID = "codex";
 /** Codex authentication adapter */
@@ -18,9 +18,9 @@ const codexAdapter = {
         installApiKey: true,
     },
     checkAuth,
-    extractFromEnvironment: extractEnvironmentCredentials,
-    extractRawCredentials,
-    extractRawCredentialsFromDirectory(options) {
+    getEnvironmentCredentials,
+    findStoredCredentials,
+    loadCredentialsFromDirectory(options) {
         // Codex doesn't separate config/data - use either directory
         const directory = options.dataDir ?? options.configDir;
         if (!directory)

package/dist/auth/agents/copilot-install.js

@@ -40,9 +40,8 @@ function installCopilotCredentials(creds, resolved, options) {
             message: `Failed to install credentials to ${targetPath}`,
         };
     }
-    // Default location: use storage option or _source marker
-    const sourceMarker = creds.data._source;
-    const targetStorage = options?.storage ?? (sourceMarker === "keychain" ? "keychain" : "file");
+    // Default location: use storage option or default to file
+    const targetStorage = options?.storage ?? "file";
     if (targetStorage === "keychain") {
         if (!isMacOS()) {
             return {

package/dist/auth/agents/copilot.js

@@ -37,7 +37,7 @@ const copilotAdapter = {
             method: methodMap[result.source],
         };
     },
-    extractFromEnvironment() {
+    getEnvironmentCredentials() {
         const token = getEnvironmentToken();
         if (!token)
             return undefined;
@@ -47,17 +47,22 @@ const copilotAdapter = {
             data: { accessToken: token },
         };
     },
-    extractRawCredentials() {
+    findStoredCredentials() {
         const result = findFirstAvailableToken();
         if (!result)
             return undefined;
+        // Map TokenSource to CredentialSource (environment/gh-cli -> file)
+        const source = result.source === "keychain" ? "keychain" : "file";
         return {
-            agent: AGENT_ID,
-            type: "oauth-token",
-            data: { accessToken: result.token, _source: result.source },
+            credentials: {
+                agent: AGENT_ID,
+                type: "oauth-token",
+                data: { accessToken: result.token },
+            },
+            source,
         };
     },
-    extractRawCredentialsFromDirectory(options) {
+    loadCredentialsFromDirectory(options) {
         // Copilot doesn't separate config/data - use either directory
         const directory = options.dataDir ?? options.configDir;
         if (!directory)

package/dist/auth/agents/gemini-install.d.ts

@@ -5,7 +5,7 @@
  */
 import type { InstallOptions, OperationResult, RemoveOptions } from "../adapter.js";
 /** Install OAuth credentials to storage */
-declare function installOAuthCredentials(oauthData: Record<string, unknown>, source: string | undefined, options?: InstallOptions): OperationResult;
+declare function installOAuthCredentials(oauthData: Record<string, unknown>, options?: InstallOptions): OperationResult;
 /** Remove credentials from storage */
 declare function removeGeminiCredentials(options?: RemoveOptions): OperationResult;
 export { installOAuthCredentials, removeGeminiCredentials };

package/dist/auth/agents/gemini-install.js

@@ -11,7 +11,7 @@ import { clearAuthTypeFromSettings, deleteKeychainCreds, deleteOAuthCreds, getDe
 const AGENT_ID = "gemini";
 const CREDS_FILE_NAME = "oauth_creds.json";
 /** Install OAuth credentials to storage */
-function installOAuthCredentials(oauthData, source, options) {
+function installOAuthCredentials(oauthData, options) {
     // Resolve custom directory with validation
     const resolved = resolveCustomDirectory(AGENT_ID, options?.configDir, options?.dataDir);
     if (!resolved.ok)
@@ -20,8 +20,8 @@ function installOAuthCredentials(oauthData, source, options) {
     if (resolved.customDir) {
         return installToCustomDirectory(oauthData, resolved.customDir);
     }
-    // Default location: use storage option or _source marker
-    const targetStorage = options?.storage ?? (source === "keychain" ? "keychain" : "file");
+    // Default location: use storage option, default to file
+    const targetStorage = options?.storage ?? "file";
     if (targetStorage === "keychain") {
         return installToKeychain(oauthData);
     }

package/dist/auth/agents/gemini.js

@@ -29,9 +29,9 @@ const geminiAdapter = {
             method: result.method,
         };
     },
-    extractFromEnvironment() {
+    getEnvironmentCredentials() {
         const result = checkEnvironmentAuth();
-        if (!result || !result.data)
+        if (!result?.data)
             return undefined;
         return {
             agent: AGENT_ID,
@@ -39,29 +39,32 @@ const geminiAdapter = {
             data: result.data,
         };
     },
-    extractRawCredentials() {
+    findStoredCredentials() {
         const result = findCredentials();
-        if (!result || !result.data)
+        if (!result?.data)
             return undefined;
-        // Env-sourced credentials (api-key, vertex-ai) are read-only, no _source marker
+        // Env-sourced credentials (api-key, vertex-ai) are read-only, treat as file
         if (result.source === "api-key" || result.source === "vertex-ai") {
             return {
-                agent: AGENT_ID,
-                type: "api-key",
-                data: result.data,
+                credentials: {
+                    agent: AGENT_ID,
+                    type: "api-key",
+                    data: result.data,
+                },
+                source: "file",
             };
         }
-        // OAuth credentials from keychain or file include _source for round-tripping
+        // OAuth credentials from keychain or file - return source separately
         return {
-            agent: AGENT_ID,
-            type: "oauth-credentials",
-            data: {
-                ...result.data,
-                _source: result.source === "keychain" ? "keychain" : "file",
+            credentials: {
+                agent: AGENT_ID,
+                type: "oauth-credentials",
+                data: result.data,
             },
+            source: result.source === "keychain" ? "keychain" : "file",
         };
     },
-    extractRawCredentialsFromDirectory(options) {
+    loadCredentialsFromDirectory(options) {
         // Gemini doesn't separate config/data - use either directory
         const directory = options.dataDir ?? options.configDir;
         if (!directory)
@@ -75,8 +78,7 @@ const geminiAdapter = {
                 message: "API key credentials cannot be installed (use GEMINI_API_KEY env var)",
             };
         }
-        const { _source, ...oauthData } = creds.data;
-        return installOAuthCredentials(oauthData, _source, options);
+        return installOAuthCredentials(creds.data, options);
     },
     removeCredentials(options) {
         return removeGeminiCredentials(options);

package/dist/auth/agents/opencode-credentials.d.ts

@@ -1,36 +1,42 @@
 /**
  * OpenCode per-provider credential handling.
  *
- * Handles splitting, extracting, and removing individual provider credentials
- * from OpenCode's bundled auth.json format.
+ * Handles extracting and removing individual provider credentials
+ * from OpenCode's auth.json file.
  */
+import type { CredentialType } from "axshared";
 import type { Credentials } from "../types.js";
+import { OpenCodeAuth } from "./opencode-schema.js";
 declare const AGENT_ID: "opencode";
 declare const CREDS_FILE_NAME = "auth.json";
 /** Gets the default auth file path for OpenCode. */
 declare function getDefaultAuthFilePath(): string;
 /**
- * Split bundled OpenCode credentials into per-provider credentials.
+ * Maps OpenCode auth entry type to axauth credential type.
  *
- * Takes a bundled credential (all providers in `data`) and returns an array
- * of individual credentials, one per provider, with correct credential types.
+ * - `oauth` -> `oauth-credentials` (refreshable)
+ * - `api` -> `api-key` (static)
+ * - `wellknown` -> `api-key` (static, treated as API key for simplicity)
+ */
+declare function mapToCredentialType(entry: OpenCodeAuth): CredentialType;
+interface StoredCredentialsOptions {
+    /** Custom data directory (overrides default) */
+    dataDir?: string;
+}
+/**
+ * Get all stored credentials as per-provider entries.
  *
- * @example
- * // Input: { agent: "opencode", type: "oauth-credentials", data: { anthropic: {...}, cerebras: {...} } }
- * // Output: [
- * //   { agent: "opencode", provider: "anthropic", type: "oauth-credentials", data: {...} },
- * //   { agent: "opencode", provider: "cerebras", type: "api-key", data: {...} }
- * // ]
+ * Reads auth.json from disk and returns an array of per-provider credentials.
+ * Used by CLI commands that need to export or list all providers.
  */
-declare function splitToPerProviderCredentials(creds: Credentials): Credentials[];
+declare function getAllStoredCredentials(options?: StoredCredentialsOptions): Credentials[];
 /**
- * Extract a single provider's credentials from bundled OpenCode credentials.
+ * Get stored credentials for a specific provider.
  *
- * @param creds - Bundled credentials with all providers
- * @param provider - The provider to extract (e.g., "anthropic", "openai")
- * @returns Per-provider credential or undefined if provider not found
+ * Reads auth.json from disk and returns credentials for the specified provider.
+ * Used by CLI commands that need a specific provider's credentials.
  */
-declare function extractProviderCredentials(creds: Credentials, provider: string): Credentials | undefined;
+declare function getStoredCredentialsForProvider(provider: string, options?: StoredCredentialsOptions): Credentials | undefined;
 type ReadAuthResult = {
     ok: true;
     data: Record<string, unknown> | undefined;
@@ -46,23 +52,5 @@ type ReadAuthResult = {
  * Returns { ok: false, error: "..." } if file exists but cannot be read/parsed.
  */
 declare function readAuthFile(authFile: string): ReadAuthResult;
-interface RemoveProviderOptions {
-    provider: string;
-    configDir?: string;
-    dataDir?: string;
-}
-interface RemoveProviderResult {
-    ok: boolean;
-    message: string;
-}
-/**
- * Remove a single provider from OpenCode's auth.json.
- *
- * Unlike removeCredentials which deletes the entire auth.json,
- * this function removes only the specified provider while preserving others.
- *
- * @param options - Options including the provider to remove
- * @returns Operation result with success/failure message
- */
-declare function removeProviderCredentials(options: RemoveProviderOptions): RemoveProviderResult;
-export { AGENT_ID, CREDS_FILE_NAME, extractProviderCredentials, getDefaultAuthFilePath, readAuthFile, removeProviderCredentials, splitToPerProviderCredentials, };
+export { AGENT_ID, CREDS_FILE_NAME, getAllStoredCredentials, getDefaultAuthFilePath, getStoredCredentialsForProvider, mapToCredentialType, readAuthFile, };
+export { removeProviderCredentials } from "./opencode-remove-provider.js";

package/dist/auth/agents/opencode-credentials.js

@@ -1,13 +1,12 @@
 /**
  * OpenCode per-provider credential handling.
  *
- * Handles splitting, extracting, and removing individual provider credentials
- * from OpenCode's bundled auth.json format.
+ * Handles extracting and removing individual provider credentials
+ * from OpenCode's auth.json file.
  */
-import { readFileSync, renameSync, unlinkSync, writeFileSync } from "node:fs";
+import { readFileSync } from "node:fs";
 import path from "node:path";
 import { resolveAgentDataDirectory } from "axshared";
-import { resolveCustomDirectory } from "../validate-directories.js";
 import { OpenCodeAuth } from "./opencode-schema.js";
 const AGENT_ID = "opencode";
 const CREDS_FILE_NAME = "auth.json";
@@ -33,61 +32,62 @@ function mapToCredentialType(entry) {
         }
     }
 }
+/** Build auth file path from options */
+function resolveAuthPath(options) {
+    return options?.dataDir
+        ? path.join(options.dataDir, CREDS_FILE_NAME)
+        : getDefaultAuthFilePath();
+}
+/** Build credentials object from provider entry */
+function buildCredentials(provider, entry) {
+    const parsed = OpenCodeAuth.safeParse(entry);
+    if (!parsed.success)
+        return undefined;
+    return {
+        agent: AGENT_ID,
+        provider,
+        type: mapToCredentialType(parsed.data),
+        data: entry,
+    };
+}
 /**
- * Split bundled OpenCode credentials into per-provider credentials.
- *
- * Takes a bundled credential (all providers in `data`) and returns an array
- * of individual credentials, one per provider, with correct credential types.
+ * Get all stored credentials as per-provider entries.
  *
- * @example
- * // Input: { agent: "opencode", type: "oauth-credentials", data: { anthropic: {...}, cerebras: {...} } }
- * // Output: [
- * //   { agent: "opencode", provider: "anthropic", type: "oauth-credentials", data: {...} },
- * //   { agent: "opencode", provider: "cerebras", type: "api-key", data: {...} }
- * // ]
+ * Reads auth.json from disk and returns an array of per-provider credentials.
+ * Used by CLI commands that need to export or list all providers.
  */
-function splitToPerProviderCredentials(creds) {
+function getAllStoredCredentials(options) {
+    const authResult = readAuthFile(resolveAuthPath(options));
+    if (!authResult.ok || !authResult.data)
+        return [];
     const result = [];
-    for (const [provider, entry] of Object.entries(creds.data)) {
-        // Skip empty provider keys (could come from malformed auth.json)
-        const normalizedProvider = provider.trim();
-        if (normalizedProvider.length === 0)
-            continue;
-        const parsed = OpenCodeAuth.safeParse(entry);
-        if (!parsed.success)
+    for (const [provider, entry] of Object.entries(authResult.data)) {
+        const normalized = provider.trim();
+        if (normalized.length === 0)
             continue;
-        result.push({
-            agent: AGENT_ID,
-            provider: normalizedProvider,
-            type: mapToCredentialType(parsed.data),
-            data: entry,
-        });
+        const creds = buildCredentials(normalized, entry);
+        if (creds)
+            result.push(creds);
     }
     return result;
 }
 /**
- * Extract a single provider's credentials from bundled OpenCode credentials.
+ * Get stored credentials for a specific provider.
  *
- * @param creds - Bundled credentials with all providers
- * @param provider - The provider to extract (e.g., "anthropic", "openai")
- * @returns Per-provider credential or undefined if provider not found
+ * Reads auth.json from disk and returns credentials for the specified provider.
+ * Used by CLI commands that need a specific provider's credentials.
  */
-function extractProviderCredentials(creds, provider) {
-    const normalizedProvider = provider.trim();
-    if (normalizedProvider.length === 0)
+function getStoredCredentialsForProvider(provider, options) {
+    const normalized = provider.trim();
+    if (normalized.length === 0)
         return undefined;
-    const entry = creds.data[normalizedProvider];
-    if (!entry)
+    const authResult = readAuthFile(resolveAuthPath(options));
+    if (!authResult.ok || !authResult.data)
         return undefined;
-    const parsed = OpenCodeAuth.safeParse(entry);
-    if (!parsed.success)
+    const entry = authResult.data[normalized];
+    if (!entry)
         return undefined;
-    return {
-        agent: AGENT_ID,
-        provider: normalizedProvider,
-        type: mapToCredentialType(parsed.data),
-        data: entry,
-    };
+    return buildCredentials(normalized, entry);
 }
 /**
  * Read and parse the auth file.
@@ -123,80 +123,6 @@ function readAuthFile(authFile) {
         return { ok: false, error: `Failed to parse auth file: ${message}` };
     }
 }
-/**
- * Remove a single provider from OpenCode's auth.json.
- *
- * Unlike removeCredentials which deletes the entire auth.json,
- * this function removes only the specified provider while preserving others.
- *
- * @param options - Options including the provider to remove
- * @returns Operation result with success/failure message
- */
-function removeProviderCredentials(options) {
-    // Normalize and validate provider name
-    const provider = options.provider.trim();
-    if (provider.length === 0) {
-        return { ok: false, message: "Provider name cannot be empty" };
-    }
-    const resolved = resolveCustomDirectory(AGENT_ID, options.configDir, options.dataDir);
-    if (!resolved.ok)
-        return resolved.error;
-    const targetPath = resolved.customDir
-        ? path.join(resolved.customDir, CREDS_FILE_NAME)
-        : getDefaultAuthFilePath();
-    const authResult = readAuthFile(targetPath);
-    if (!authResult.ok) {
-        return { ok: false, message: authResult.error };
-    }
-    if (!authResult.data) {
-        return { ok: true, message: "No credentials file found" };
-    }
-    if (!Object.hasOwn(authResult.data, provider)) {
-        return {
-            ok: true,
-            message: `No credentials found for provider '${provider}'`,
-        };
-    }
-    // Remove the provider by filtering entries
-    const remaining = Object.fromEntries(Object.entries(authResult.data).filter(([key]) => key !== provider));
-    try {
-        if (Object.keys(remaining).length === 0) {
-            // No providers left, delete the file
-            unlinkSync(targetPath);
-            return {
-                ok: true,
-                message: `Removed provider '${provider}' (file deleted, no remaining providers)`,
-            };
-        }
-        // Write back without the removed provider
-        const temporaryFile = `${targetPath}.tmp.${Date.now()}`;
-        try {
-            writeFileSync(temporaryFile, JSON.stringify(remaining, undefined, 2), {
-                mode: 0o600,
-            });
-            renameSync(temporaryFile, targetPath);
-        }
-        catch (error) {
-            // Clean up temp file on failure
-            try {
-                unlinkSync(temporaryFile);
-            }
-            catch {
-                // Ignore cleanup errors
-            }
-            throw error;
-        }
-        return {
-            ok: true,
-            message: `Removed provider '${provider}' from ${targetPath}`,
-        };
-    }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        return {
-            ok: false,
-            message: `Failed to remove provider credentials: ${message}`,
-        };
-    }
-}
-export { AGENT_ID, CREDS_FILE_NAME, extractProviderCredentials, getDefaultAuthFilePath, readAuthFile, removeProviderCredentials, splitToPerProviderCredentials, };
+export { AGENT_ID, CREDS_FILE_NAME, getAllStoredCredentials, getDefaultAuthFilePath, getStoredCredentialsForProvider, mapToCredentialType, readAuthFile, };
+// Re-export from extracted module
+export { removeProviderCredentials } from "./opencode-remove-provider.js";

package/dist/auth/agents/opencode-remove-provider.d.ts

@@ -0,0 +1,25 @@
+/**
+ * OpenCode provider removal.
+ *
+ * Extracted from opencode-credentials.ts for complexity reduction.
+ */
+interface RemoveProviderOptions {
+    provider: string;
+    configDir?: string;
+    dataDir?: string;
+}
+interface RemoveProviderResult {
+    ok: boolean;
+    message: string;
+}
+/**
+ * Remove a single provider from OpenCode's auth.json.
+ *
+ * Unlike removeCredentials which deletes the entire auth.json,
+ * this function removes only the specified provider while preserving others.
+ *
+ * @param options - Options including the provider to remove
+ * @returns Operation result with success/failure message
+ */
+declare function removeProviderCredentials(options: RemoveProviderOptions): RemoveProviderResult;
+export { removeProviderCredentials };

package/dist/auth/agents/opencode-remove-provider.js

@@ -0,0 +1,86 @@
+/**
+ * OpenCode provider removal.
+ *
+ * Extracted from opencode-credentials.ts for complexity reduction.
+ */
+import { renameSync, unlinkSync, writeFileSync } from "node:fs";
+import path from "node:path";
+import { resolveCustomDirectory } from "../validate-directories.js";
+import { AGENT_ID, CREDS_FILE_NAME, getDefaultAuthFilePath, readAuthFile, } from "./opencode-credentials.js";
+/**
+ * Remove a single provider from OpenCode's auth.json.
+ *
+ * Unlike removeCredentials which deletes the entire auth.json,
+ * this function removes only the specified provider while preserving others.
+ *
+ * @param options - Options including the provider to remove
+ * @returns Operation result with success/failure message
+ */
+function removeProviderCredentials(options) {
+    // Normalize and validate provider name
+    const provider = options.provider.trim();
+    if (provider.length === 0) {
+        return { ok: false, message: "Provider name cannot be empty" };
+    }
+    const resolved = resolveCustomDirectory(AGENT_ID, options.configDir, options.dataDir);
+    if (!resolved.ok)
+        return resolved.error;
+    const targetPath = resolved.customDir
+        ? path.join(resolved.customDir, CREDS_FILE_NAME)
+        : getDefaultAuthFilePath();
+    const authResult = readAuthFile(targetPath);
+    if (!authResult.ok) {
+        return { ok: false, message: authResult.error };
+    }
+    if (!authResult.data) {
+        return { ok: true, message: "No credentials file found" };
+    }
+    if (!Object.hasOwn(authResult.data, provider)) {
+        return {
+            ok: true,
+            message: `No credentials found for provider '${provider}'`,
+        };
+    }
+    // Remove the provider by filtering entries
+    const remaining = Object.fromEntries(Object.entries(authResult.data).filter(([key]) => key !== provider));
+    try {
+        if (Object.keys(remaining).length === 0) {
+            // No providers left, delete the file
+            unlinkSync(targetPath);
+            return {
+                ok: true,
+                message: `Removed provider '${provider}' (file deleted, no remaining providers)`,
+            };
+        }
+        // Write back without the removed provider
+        const temporaryFile = `${targetPath}.tmp.${Date.now()}`;
+        try {
+            writeFileSync(temporaryFile, JSON.stringify(remaining, undefined, 2), {
+                mode: 0o600,
+            });
+            renameSync(temporaryFile, targetPath);
+        }
+        catch (error) {
+            // Clean up temp file on failure
+            try {
+                unlinkSync(temporaryFile);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            throw error;
+        }
+        return {
+            ok: true,
+            message: `Removed provider '${provider}' from ${targetPath}`,
+        };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            ok: false,
+            message: `Failed to remove provider credentials: ${message}`,
+        };
+    }
+}
+export { removeProviderCredentials };

package/dist/auth/agents/opencode-storage.js

@@ -21,29 +21,25 @@ function installCredentials(creds, options) {
         if (!existsSync(targetDirectory)) {
             mkdirSync(targetDirectory, { recursive: true, mode: 0o700 });
         }
-        let authData;
-        // Strip internal axauth markers before writing to agent file
-        // _source is used for round-tripping but should not be persisted to OpenCode's auth.json
-        const cleanData = { ...creds.data };
-        delete cleanData._source;
-        if (creds.provider) {
-            // Validate provider key is non-empty (defensive check for programmatic use)
-            const provider = creds.provider.trim();
-            if (provider.length === 0) {
-                return { ok: false, message: "Provider name cannot be empty" };
-            }
-            // Per-provider credential: merge into existing auth.json at provider's slot
-            const authResult = readAuthFile(targetPath);
-            if (!authResult.ok) {
-                return { ok: false, message: authResult.error };
-            }
-            const existingAuth = authResult.data ?? {};
-            authData = { ...existingAuth, [provider]: cleanData };
+        // OpenCode requires per-provider credentials
+        if (creds.agent !== "opencode" || !creds.provider) {
+            return {
+                ok: false,
+                message: "Bundled credential format is no longer supported for OpenCode; please provide per-provider credentials.",
+            };
+        }
+        // Validate provider key is non-empty (defensive check for programmatic use)
+        const provider = creds.provider.trim();
+        if (provider.length === 0) {
+            return { ok: false, message: "Provider name cannot be empty" };
         }
-        else {
-            // Bundled credential: replace entire auth.json (legacy format)
-            authData = cleanData;
+        // Per-provider credential: merge into existing auth.json at provider's slot
+        const authResult = readAuthFile(targetPath);
+        if (!authResult.ok) {
+            return { ok: false, message: authResult.error };
         }
+        const existingAuth = authResult.data ?? {};
+        const authData = { ...existingAuth, [provider]: creds.data };
         // OpenCode stores auth data directly as the file content
         const temporaryFile = `${targetPath}.tmp.${Date.now()}`;
         try {
@@ -62,7 +58,7 @@ function installCredentials(creds, options) {
             }
             throw error;
         }
-        const providerInfo = creds.provider ? ` (${creds.provider.trim()})` : "";
+        const providerInfo = ` (${provider})`;
         return {
             ok: true,
             message: `Installed credentials${providerInfo} to ${targetPath}`,