axusage 3.1.0 → 3.3.0

package/dist/cli.js

@@ -1,15 +1,13 @@
 #!/usr/bin/env node
 import { Command, Option } from "@commander-js/extra-typings";
 import packageJson from "../package.json" with { type: "json" };
-import { authClearCommand } from "./commands/auth-clear-command.js";
 import { authSetupCommand } from "./commands/auth-setup-command.js";
 import { authStatusCommand } from "./commands/auth-status-command.js";
 import { usageCommand } from "./commands/usage-command.js";
 import { getCredentialSourcesPath } from "./config/credential-sources.js";
-import { getBrowserContextsDirectory } from "./services/app-paths.js";
 import { getAvailableServices } from "./services/service-adapter-registry.js";
-import { installAuthManagerCleanup } from "./services/shared-browser-auth-manager.js";
 import { configureColor } from "./utils/color.js";
+import { formatRequiresHelpText } from "./utils/format-requires-help-text.js";
 import { getRootOptionsError, } from "./utils/validate-root-options.js";
 // Parse --no-color early so help/error output is consistently uncolored.
 const shouldDisableColor = process.argv.includes("--no-color");
@@ -23,15 +21,12 @@ const program = new Command()
     .helpCommand(false)
     .option("--no-color", "disable color output")
     .option("-s, --service <service>", `Service to query (${getAvailableServices().join(", ")}, all) - defaults to all`)
-    .option("-i, --interactive", "allow interactive authentication prompts (usage reauth, --auth-setup/--auth-clear; ignored with --auth-status)")
     .addOption(new Option("-o, --format <format>", "Output format")
     .choices(["text", "tsv", "json", "prometheus"])
     .default("text"))
-    .option("--auth-setup <service>", "set up authentication for a service (CLI or browser-based)")
+    .option("--auth-setup <service>", "set up authentication for a service (directs to appropriate CLI)")
     .option("--auth-status [service]", "check authentication status for services")
-    .option("--auth-clear <service>", "clear saved browser authentication for a service (moves files to system Trash)")
-    .option("-f, --force", "skip confirmation for destructive actions")
-    .addHelpText("after", () => `\nExamples:\n  # Fetch usage for all services\n  ${packageJson.name}\n\n  # JSON output for a single service\n  ${packageJson.name} --service claude --format=json\n\n  # TSV output for piping to cut, awk, sort\n  ${packageJson.name} --format=tsv | tail -n +2 | awk -F'\\t' '{print $1, $4"%"}'\n\n  # Filter Prometheus metrics with standard tools\n  ${packageJson.name} --format=prometheus | grep axusage_utilization_percent\n\n  # Check authentication status for all services\n  ${packageJson.name} --auth-status\n\nStorage: ${getBrowserContextsDirectory()}\n(respects XDG_DATA_HOME and platform defaults)\nSources config file: ${getCredentialSourcesPath()}\n(or set AXUSAGE_SOURCES to JSON to bypass file)\n\nRequires: claude, codex (ChatGPT), gemini (CLI auth); Playwright Chromium (GitHub Copilot auth)\nOverride CLI paths: AXUSAGE_CLAUDE_PATH, AXUSAGE_CODEX_PATH, AXUSAGE_GEMINI_PATH\nPlaywright: PLAYWRIGHT_BROWSERS_PATH\n`);
+    .addHelpText("after", () => `\nExamples:\n  # Fetch usage for all services\n  ${packageJson.name}\n\n  # JSON output for a single service\n  ${packageJson.name} --service claude --format json\n\n  # TSV output for piping to cut, awk, sort\n  ${packageJson.name} --format tsv | tail -n +2 | awk -F'\\t' '{print $1, $4"%"}'\n\n  # Filter Prometheus metrics with standard tools\n  ${packageJson.name} --format prometheus | grep axusage_utilization_percent\n\n  # Check authentication status for all services\n  ${packageJson.name} --auth-status\n\nSources config file: ${getCredentialSourcesPath()}\n(or set AXUSAGE_SOURCES to JSON to bypass file)\n\n${formatRequiresHelpText()}\nOverride CLI paths: AXUSAGE_CLAUDE_PATH, AXUSAGE_CODEX_PATH, AXUSAGE_GEMINI_PATH, AXUSAGE_GH_PATH\n`);
 function fail(message) {
     console.error(`Error: ${message}`);
     console.error("Try 'axusage --help' for details.");
@@ -45,9 +40,8 @@ program.action(async (options, command) => {
         return;
     }
     if (options.authSetup) {
-        await authSetupCommand({
+        authSetupCommand({
             service: options.authSetup,
-            interactive: options.interactive,
         });
         return;
     }
@@ -58,23 +52,12 @@ program.action(async (options, command) => {
         authStatusCommand({ service });
         return;
     }
-    if (options.authClear) {
-        await authClearCommand({
-            service: options.authClear,
-            interactive: options.interactive,
-            force: options.force,
-        });
-        return;
-    }
     const usageOptions = {
         service: options.service,
         format: options.format,
-        interactive: options.interactive,
     };
     await usageCommand(usageOptions);
 });
-// Ensure browser resources are cleaned when process exits
-installAuthManagerCleanup();
 try {
     await program.parseAsync();
 }

package/dist/commands/auth-setup-command.d.ts

@@ -3,10 +3,9 @@
  */
 type AuthSetupOptions = {
     readonly service?: string;
-    readonly interactive?: boolean;
 };
 /**
  * Set up authentication for a service
  */
-export declare function authSetupCommand(options: AuthSetupOptions): Promise<void>;
+export declare function authSetupCommand(options: AuthSetupOptions): void;
 export {};

package/dist/commands/auth-setup-command.js

@@ -1,76 +1,53 @@
-import { BrowserAuthManager } from "../services/browser-auth-manager.js";
 import { validateService } from "../services/supported-service.js";
 import { resolveAuthCliDependencyOrReport } from "../utils/check-cli-dependency.js";
 import { chalk } from "../utils/color.js";
-import { resolvePromptCapability } from "../utils/resolve-prompt-capability.js";
+function assertNever(value) {
+    throw new Error(`Unhandled service: ${String(value)}`);
+}
+function printCliAuthInstructions(service, cliPath) {
+    switch (service) {
+        case "gemini": {
+            console.error(chalk.yellow("\nGemini uses CLI-based authentication managed by the Gemini CLI."));
+            console.error(chalk.gray("\nTo authenticate, run:"));
+            console.error(chalk.cyan(`  ${cliPath}`));
+            console.error(chalk.gray("\nThe Gemini CLI will guide you through the OAuth login process.\n"));
+            break;
+        }
+        case "claude": {
+            console.error(chalk.yellow("\nClaude uses CLI-based authentication managed by Claude Code."));
+            console.error(chalk.gray("\nTo authenticate, run:"));
+            console.error(chalk.cyan(`  ${cliPath}`));
+            console.error(chalk.gray("\nClaude Code will guide you through authentication.\n"));
+            break;
+        }
+        case "codex": {
+            console.error(chalk.yellow("\nChatGPT uses CLI-based authentication managed by Codex."));
+            console.error(chalk.gray("\nTo authenticate, run:"));
+            console.error(chalk.cyan(`  ${cliPath}`));
+            console.error(chalk.gray("\nCodex will guide you through authentication.\n"));
+            break;
+        }
+        case "copilot": {
+            console.error(chalk.yellow("\nGitHub Copilot uses CLI-based authentication managed by the GitHub CLI."));
+            console.error(chalk.gray("\nTo authenticate, run:"));
+            console.error(chalk.cyan(`  ${cliPath} auth login`));
+            console.error(chalk.gray("\nThe GitHub CLI will guide you through the OAuth login process.\n"));
+            break;
+        }
+        default: {
+            assertNever(service);
+        }
+    }
+}
 /**
  * Set up authentication for a service
  */
-export async function authSetupCommand(options) {
+export function authSetupCommand(options) {
     const service = validateService(options.service);
-    // CLI-based auth - users should run the native CLI directly
-    if (service === "gemini") {
-        const cliPath = resolveAuthCliDependencyOrReport("gemini", {
-            setExitCode: true,
-        });
-        if (!cliPath)
-            return;
-        console.error(chalk.yellow("\nGemini uses CLI-based authentication managed by the Gemini CLI."));
-        console.error(chalk.gray("\nTo authenticate, run:"));
-        console.error(chalk.cyan(`  ${cliPath}`));
-        console.error(chalk.gray("\nThe Gemini CLI will guide you through the OAuth login process.\n"));
-        return;
-    }
-    if (service === "claude") {
-        const cliPath = resolveAuthCliDependencyOrReport("claude", {
-            setExitCode: true,
-        });
-        if (!cliPath)
-            return;
-        console.error(chalk.yellow("\nClaude uses CLI-based authentication managed by Claude Code."));
-        console.error(chalk.gray("\nTo authenticate, run:"));
-        console.error(chalk.cyan(`  ${cliPath}`));
-        console.error(chalk.gray("\nClaude Code will guide you through authentication.\n"));
-        return;
-    }
-    if (service === "chatgpt") {
-        const cliPath = resolveAuthCliDependencyOrReport("chatgpt", {
-            setExitCode: true,
-        });
-        if (!cliPath)
-            return;
-        console.error(chalk.yellow("\nChatGPT uses CLI-based authentication managed by Codex."));
-        console.error(chalk.gray("\nTo authenticate, run:"));
-        console.error(chalk.cyan(`  ${cliPath}`));
-        console.error(chalk.gray("\nCodex will guide you through authentication.\n"));
+    const cliPath = resolveAuthCliDependencyOrReport(service, {
+        setExitCode: true,
+    });
+    if (!cliPath)
         return;
-    }
-    if (!options.interactive) {
-        console.error(chalk.red("Error: Authentication setup requires --interactive."));
-        console.error(chalk.gray("Re-run with --interactive in a TTY-enabled terminal to continue."));
-        console.error(chalk.gray("Try 'axusage --help' for details."));
-        process.exitCode = 1;
-        return;
-    }
-    if (!resolvePromptCapability()) {
-        console.error(chalk.red("Error: --interactive requires a TTY-enabled terminal."));
-        console.error(chalk.gray("Re-run in a terminal session to complete authentication."));
-        console.error(chalk.gray("Try 'axusage --help' for details."));
-        process.exitCode = 1;
-        return;
-    }
-    const manager = new BrowserAuthManager({ headless: false });
-    try {
-        console.error(chalk.blue(`\nSetting up authentication for ${service}...\n`));
-        await manager.setupAuth(service);
-        console.error(chalk.green(`\n✓ Authentication for ${service} is complete!`));
-        console.error(chalk.gray(`\nYou can now run: ${chalk.cyan(`axusage --service ${service}`)}`));
-    }
-    catch (error) {
-        console.error(chalk.red(`\n✗ Failed to set up authentication for ${service}: ${error instanceof Error ? error.message : String(error)}`));
-        process.exitCode = 1;
-    }
-    finally {
-        await manager.close();
-    }
+    printCliAuthInstructions(service, cliPath);
 }

package/dist/commands/auth-status-command.js

@@ -1,55 +1,24 @@
-import { existsSync } from "node:fs";
+import { getServiceDiagnostic } from "../services/service-diagnostics.js";
 import { SUPPORTED_SERVICES, validateService, } from "../services/supported-service.js";
-import { getStorageStatePathFor } from "../services/auth-storage-path.js";
-import { getBrowserContextsDirectory } from "../services/app-paths.js";
-import { AUTH_CLI_SERVICES, checkCliDependency, getAuthCliDependency, } from "../utils/check-cli-dependency.js";
 import { chalk } from "../utils/color.js";
 export function authStatusCommand(options) {
     const servicesToCheck = options.service
         ? [validateService(options.service)]
         : SUPPORTED_SERVICES;
-    const cliAuthServices = new Set(AUTH_CLI_SERVICES);
-    const dataDirectory = getBrowserContextsDirectory();
     let hasFailures = false;
     console.log(chalk.blue("\nAuthentication Status:\n"));
     for (const service of servicesToCheck) {
-        if (cliAuthServices.has(service)) {
-            const dependency = getAuthCliDependency(service);
-            const result = checkCliDependency(dependency);
-            const status = result.ok
-                ? chalk.green("↪ CLI-managed")
-                : chalk.red("✗ CLI missing");
-            if (!result.ok) {
-                hasFailures = true;
-            }
-            console.log(`${chalk.bold(service)}: ${status}`);
-            console.log(`  ${chalk.dim("CLI:")} ${chalk.dim(result.path)}`);
-            if (result.ok) {
-                console.log(`  ${chalk.dim("Auth:")} ${chalk.dim(`run ${result.path} to check/login`)}`);
-            }
-            else {
-                console.log(`  ${chalk.dim("Install:")} ${chalk.dim(dependency.installHint)}`);
-                console.log(`  ${chalk.dim("Override:")} ${chalk.dim(`${dependency.envVar}=/path/to/${dependency.command}`)}`);
-            }
-            continue;
-        }
-        const storagePath = getStorageStatePathFor(dataDirectory, service);
-        const hasAuth = existsSync(storagePath);
-        const status = hasAuth
-            ? chalk.green("✓ Authenticated")
-            : chalk.gray("✗ Not authenticated");
-        if (!hasAuth) {
+        const diagnostic = getServiceDiagnostic(service);
+        const status = diagnostic.authenticated
+            ? chalk.green("✓ authenticated")
+            : chalk.red("✗ not authenticated");
+        if (!diagnostic.authenticated) {
             hasFailures = true;
         }
         console.log(`${chalk.bold(service)}: ${status}`);
-        console.log(`  ${chalk.dim("Storage:")} ${chalk.dim(storagePath)}`);
-    }
-    const browserServices = servicesToCheck.filter((service) => !cliAuthServices.has(service));
-    const copilotService = "github-copilot";
-    const needsCopilotSetup = browserServices.includes(copilotService) &&
-        !existsSync(getStorageStatePathFor(dataDirectory, copilotService));
-    if (needsCopilotSetup) {
-        console.error(chalk.gray(`\nTo set up authentication, run: ${chalk.cyan("axusage --auth-setup github-copilot --interactive")}`));
+        if (diagnostic.authMethod) {
+            console.log(`  ${chalk.dim("Method:")} ${chalk.dim(diagnostic.authMethod)}`);
+        }
     }
     if (hasFailures) {
         process.exitCode = 1;

package/dist/commands/fetch-service-usage.d.ts

@@ -2,7 +2,6 @@ import type { ApiError, Result, ServiceUsageData } from "../types/domain.js";
 export type UsageCommandOptions = {
     readonly service?: string;
     readonly format?: "text" | "tsv" | "json" | "prometheus";
-    readonly interactive?: boolean;
 };
 export declare function selectServicesToQuery(service?: string): string[];
 export declare function fetchServiceUsage(serviceName: string): Promise<Result<ServiceUsageData, ApiError>>;

package/dist/commands/fetch-service-usage.js

@@ -1,10 +1,9 @@
 import { ApiError as ApiErrorClass } from "../types/domain.js";
 import { getAvailableServices, getServiceAdapter, } from "../services/service-adapter-registry.js";
-const ALL_SERVICES = ["claude", "chatgpt", "github-copilot", "gemini"];
 export function selectServicesToQuery(service) {
     const normalized = service?.toLowerCase();
     if (!service || normalized === "all")
-        return [...ALL_SERVICES];
+        return getAvailableServices();
     return [service];
 }
 export async function fetchServiceUsage(serviceName) {

package/dist/commands/run-auth-setup.d.ts

@@ -1,4 +1,3 @@
-import type { SupportedService } from "../services/supported-service.js";
 import type { ApiError, Result, ServiceUsageData } from "../types/domain.js";
 /**
  * Check if an error message indicates an authentication issue.
@@ -18,12 +17,3 @@ export declare function isAuthError(message: string): boolean;
  * Combines the result error check with auth error pattern matching.
  */
 export declare function isAuthFailure(result: Result<ServiceUsageData, ApiError>): boolean;
-/**
- * Run auth setup for a service programmatically.
- * Returns true if auth setup completed successfully.
- * Times out after 5 minutes to prevent indefinite hangs.
- *
- * Note: Gemini uses CLI-based auth and cannot use browser-based re-auth.
- * This function prints instructions and returns false for Gemini.
- */
-export declare function runAuthSetup(service: SupportedService): Promise<boolean>;

package/dist/commands/run-auth-setup.js

@@ -1,9 +1,3 @@
-import { BrowserAuthManager } from "../services/browser-auth-manager.js";
-import { resolveAuthCliDependencyOrReport } from "../utils/check-cli-dependency.js";
-import { chalk } from "../utils/color.js";
-import { resolvePromptCapability } from "../utils/resolve-prompt-capability.js";
-/** Timeout for authentication setup (5 minutes) */
-const AUTH_SETUP_TIMEOUT_MS = 300_000;
 /**
  * Check if an error message indicates an authentication issue.
  * Matches common authentication error patterns like "unauthorized", "401",
@@ -33,80 +27,9 @@ export function isAuthError(message) {
  * Combines the result error check with auth error pattern matching.
  */
 export function isAuthFailure(result) {
-    return (!result.ok &&
-        Boolean(result.error.message) &&
-        isAuthError(result.error.message));
-}
-/**
- * Run auth setup for a service programmatically.
- * Returns true if auth setup completed successfully.
- * Times out after 5 minutes to prevent indefinite hangs.
- *
- * Note: Gemini uses CLI-based auth and cannot use browser-based re-auth.
- * This function prints instructions and returns false for Gemini.
- */
-export async function runAuthSetup(service) {
-    // CLI-based auth cannot use browser auth flow
-    if (service === "gemini") {
-        const cliPath = resolveAuthCliDependencyOrReport("gemini");
-        if (!cliPath)
-            return false;
-        console.error(chalk.yellow("\nGemini uses CLI-based authentication managed by the Gemini CLI."));
-        console.error(chalk.gray("\nTo re-authenticate, run:"));
-        console.error(chalk.cyan(`  ${cliPath}`));
-        console.error(chalk.gray("\nThe Gemini CLI will guide you through the OAuth login process.\n"));
+    if (result.ok)
         return false;
-    }
-    if (service === "claude") {
-        const cliPath = resolveAuthCliDependencyOrReport("claude");
-        if (!cliPath)
-            return false;
-        console.error(chalk.yellow("\nClaude uses CLI-based authentication managed by Claude Code."));
-        console.error(chalk.gray("\nTo re-authenticate, run:"));
-        console.error(chalk.cyan(`  ${cliPath}`));
-        console.error(chalk.gray("\nClaude Code will guide you through authentication.\n"));
-        return false;
-    }
-    if (service === "chatgpt") {
-        const cliPath = resolveAuthCliDependencyOrReport("chatgpt");
-        if (!cliPath)
-            return false;
-        console.error(chalk.yellow("\nChatGPT uses CLI-based authentication managed by Codex."));
-        console.error(chalk.gray("\nTo re-authenticate, run:"));
-        console.error(chalk.cyan(`  ${cliPath}`));
-        console.error(chalk.gray("\nCodex will guide you through authentication.\n"));
-        return false;
-    }
-    if (!resolvePromptCapability()) {
-        console.error(chalk.red("Error: Interactive authentication requires a TTY terminal."));
-        console.error(chalk.gray("Re-run in a TTY terminal (avoid piping stdin/stdout) with --interactive to complete authentication."));
-        return false;
-    }
-    const manager = new BrowserAuthManager({ headless: false });
-    let setupPromise;
-    let timeoutId;
-    try {
-        console.error(chalk.blue(`\nOpening browser for ${service} authentication...\n`));
-        setupPromise = manager.setupAuth(service);
-        const timeoutPromise = new Promise((_, reject) => {
-            timeoutId = setTimeout(() => {
-                reject(new Error("Authentication setup timed out after 5 minutes"));
-            }, AUTH_SETUP_TIMEOUT_MS);
-        });
-        await Promise.race([setupPromise, timeoutPromise]);
-        console.error(chalk.green(`\n✓ Authentication for ${service} is complete!\n`));
+    if (result.error.status === 401)
         return true;
-    }
-    catch (error) {
-        console.error(chalk.red(`\n✗ Failed to set up authentication: ${error instanceof Error ? error.message : String(error)}`));
-        return false;
-    }
-    finally {
-        clearTimeout(timeoutId);
-        if (setupPromise) {
-            // Avoid unhandled rejections if the timeout wins the race.
-            void setupPromise.catch(() => { });
-        }
-        await manager.close();
-    }
+    return Boolean(result.error.message) && isAuthError(result.error.message);
 }

package/dist/commands/usage-command.d.ts

@@ -1,14 +1,9 @@
 import type { ServiceResult } from "../types/domain.js";
 import type { UsageCommandOptions } from "./fetch-service-usage.js";
 /**
- * Fetches usage for services using hybrid strategy:
- * 1. Try all services in parallel first (fast path for valid credentials)
- * 2. If any service fails with auth error, retry those sequentially with re-auth
- *
- * This maintains ~2s response time when credentials are valid while gracefully
- * handling authentication failures that require interactive prompts.
+ * Fetches usage for all requested services in parallel.
  */
-export declare function fetchServicesWithHybridStrategy(servicesToQuery: string[], interactive: boolean): Promise<ServiceResult[]>;
+export declare function fetchServicesInParallel(servicesToQuery: string[]): Promise<ServiceResult[]>;
 /**
  * Executes the usage command
  */

package/dist/commands/usage-command.js

@@ -1,55 +1,23 @@
 import { formatServiceUsageData, formatServiceUsageDataAsJson, formatServiceUsageAsTsv, toJsonObject, } from "../utils/format-service-usage.js";
 import { formatPrometheusMetrics } from "../utils/format-prometheus-metrics.js";
 import { fetchServiceUsage, selectServicesToQuery, } from "./fetch-service-usage.js";
-import { fetchServiceUsageWithAutoReauth } from "./fetch-service-usage-with-reauth.js";
 import { isAuthFailure } from "./run-auth-setup.js";
 import { chalk } from "../utils/color.js";
 /**
- * Fetches usage for services using hybrid strategy:
- * 1. Try all services in parallel first (fast path for valid credentials)
- * 2. If any service fails with auth error, retry those sequentially with re-auth
- *
- * This maintains ~2s response time when credentials are valid while gracefully
- * handling authentication failures that require interactive prompts.
+ * Fetches usage for all requested services in parallel.
  */
-export async function fetchServicesWithHybridStrategy(servicesToQuery, interactive) {
-    // First attempt: fetch all services in parallel
-    const parallelResults = await Promise.all(servicesToQuery.map(async (serviceName) => {
+export async function fetchServicesInParallel(servicesToQuery) {
+    return await Promise.all(servicesToQuery.map(async (serviceName) => {
         const result = await fetchServiceUsage(serviceName);
         return { service: serviceName, result };
     }));
-    // Check for auth errors
-    const authFailures = parallelResults.filter(({ result }) => isAuthFailure(result));
-    // If no auth failures, return parallel results
-    if (authFailures.length === 0 || !interactive) {
-        return parallelResults;
-    }
-    const shouldShowProgress = process.stderr.isTTY;
-    // Retry auth failures sequentially with re-authentication
-    const retryResults = [];
-    for (const [index, { service }] of authFailures.entries()) {
-        if (shouldShowProgress) {
-            console.error(chalk.dim(`[${String(index + 1)}/${String(authFailures.length)}] Re-authenticating ${service}...`));
-        }
-        const result = await fetchServiceUsageWithAutoReauth(service, interactive);
-        retryResults.push(result);
-    }
-    if (shouldShowProgress) {
-        console.error(chalk.green(`✓ Completed ${String(retryResults.length)} re-authentication${retryResults.length === 1 ? "" : "s"}\n`));
-    }
-    // Merge results: keep successful parallel results, replace auth failures with retries
-    // Build a map for O(1) lookups instead of O(n²) find() calls
-    const retryMap = new Map(retryResults.map((r) => [r.service, r]));
-    return parallelResults.map((parallelResult) => retryMap.get(parallelResult.service) ?? parallelResult);
 }
 /**
  * Executes the usage command
  */
 export async function usageCommand(options) {
     const servicesToQuery = selectServicesToQuery(options.service);
-    const interactive = options.interactive ?? false;
-    // Fetch usage data using hybrid parallel/sequential strategy
-    const results = await fetchServicesWithHybridStrategy(servicesToQuery, interactive);
+    const results = await fetchServicesInParallel(servicesToQuery);
     // Collect successful results and errors
     const successes = [];
     const errors = [];
@@ -77,11 +45,11 @@ export async function usageCommand(options) {
             console.error(); // Empty line for spacing
         }
     }
-    if (!interactive && authFailureServices.size > 0) {
+    if (authFailureServices.size > 0) {
         const list = [...authFailureServices].join(", ");
         console.error(chalk.gray(`Authentication required for: ${list}. ` +
-            "For GitHub Copilot, run 'axusage --auth-setup github-copilot --interactive'. " +
-            "For CLI-auth services, run the provider CLI (claude/codex/gemini), or re-run with '--interactive' to re-authenticate during fetch."));
+            "Run 'axusage --auth-setup <service>' for setup instructions, " +
+            "or authenticate directly with provider CLIs (claude/codex/gemini/gh auth login)."));
         if (successes.length > 0) {
             console.error();
         }

package/dist/config/credential-sources.d.ts

@@ -7,6 +7,7 @@
  * - "auto": Try vault first if configured and credential name provided, fallback to local
  */
 import { z } from "zod";
+import type { SupportedService } from "../services/supported-service.js";
 /** Credential source type */
 declare const CredentialSourceType: z.ZodEnum<{
     auto: "auto";
@@ -19,21 +20,13 @@ interface ResolvedSourceConfig {
     source: CredentialSourceType;
     name: string | undefined;
 }
-/** Service IDs that support vault credentials (API-based services) */
-type VaultSupportedServiceId = "claude" | "chatgpt" | "gemini";
-/**
- * All service IDs.
- * Note: github-copilot uses GitHub token auth, not vault credentials,
- * so it's excluded from VaultSupportedServiceId.
- */
-type ServiceId = VaultSupportedServiceId | "github-copilot";
 /**
  * Get the resolved source config for a specific service.
  *
- * @param service - Service ID (e.g., "claude", "chatgpt", "gemini")
+ * @param service - Service ID (e.g., "claude", "codex", "gemini")
  * @returns Resolved config with source type and optional credential name
  */
-declare function getServiceSourceConfig(service: ServiceId): ResolvedSourceConfig;
+declare function getServiceSourceConfig(service: SupportedService): ResolvedSourceConfig;
 /**
  * Get the credential sources config file path.
  *
@@ -42,5 +35,4 @@ declare function getServiceSourceConfig(service: ServiceId): ResolvedSourceConfi
  * directory during construction).
  */
 declare function getCredentialSourcesPath(): string;
-export type { ServiceId, VaultSupportedServiceId };
 export { getServiceSourceConfig, getCredentialSourcesPath };

package/dist/config/credential-sources.js

@@ -99,7 +99,7 @@ function getCredentialSourceConfig() {
 /**
  * Get the resolved source config for a specific service.
  *
- * @param service - Service ID (e.g., "claude", "chatgpt", "gemini")
+ * @param service - Service ID (e.g., "claude", "codex", "gemini")
  * @returns Resolved config with source type and optional credential name
  */
 function getServiceSourceConfig(service) {

package/dist/services/get-service-access-token.d.ts

@@ -6,7 +6,7 @@
  * - "vault": From axvault server
  * - "auto": Try vault first if configured, fallback to local
  */
-import { type VaultSupportedServiceId } from "../config/credential-sources.js";
+import type { SupportedService } from "./supported-service.js";
 /**
  * Get access token for a service.
  *
@@ -15,7 +15,7 @@ import { type VaultSupportedServiceId } from "../config/credential-sources.js";
  * - "vault": Fetch from axvault server (requires credential name)
  * - "auto": Try vault if configured and name provided, fallback to local
  *
- * @param service - Service ID (e.g., "claude", "chatgpt", "gemini")
+ * @param service - Service ID (e.g., "claude", "codex", "gemini")
  * @returns Access token string or undefined if not available
  *
  * @example
@@ -24,5 +24,5 @@ import { type VaultSupportedServiceId } from "../config/credential-sources.js";
  *   console.error("No credentials found for Claude");
  * }
  */
-declare function getServiceAccessToken(service: VaultSupportedServiceId): Promise<string | undefined>;
+declare function getServiceAccessToken(service: SupportedService): Promise<string | undefined>;
 export { getServiceAccessToken };

package/dist/services/get-service-access-token.js

@@ -7,13 +7,8 @@
  * - "auto": Try vault first if configured, fallback to local
  */
 import { fetchVaultCredentials, getAgentAccessToken, isVaultConfigured, } from "axauth";
-import { getServiceSourceConfig, } from "../config/credential-sources.js";
-/** Map service IDs to agent IDs for axauth/vault */
-const SERVICE_TO_AGENT = {
-    claude: "claude",
-    chatgpt: "codex", // ChatGPT and Codex both use OpenAI API credentials
-    gemini: "gemini",
-};
+import { getServiceSourceConfig } from "../config/credential-sources.js";
+import { getCopilotTokenFromCustomGhPath } from "../utils/copilot-gh-token.js";
 /**
  * Extract access token from vault credentials.
  *
@@ -84,12 +79,17 @@ async function fetchFromVault(agentId, credentialName) {
  */
 async function fetchFromLocal(agentId) {
     try {
-        return await getAgentAccessToken(agentId);
+        const token = await getAgentAccessToken(agentId);
+        if (token)
+            return token;
     }
     catch (error) {
         console.error(`[axusage] Local credential fetch error for ${agentId}: ${error instanceof Error ? error.message : String(error)}`);
-        return undefined;
     }
+    if (agentId === "copilot") {
+        return getCopilotTokenFromCustomGhPath();
+    }
+    return undefined;
 }
 /**
  * Get access token for a service.
@@ -99,7 +99,7 @@ async function fetchFromLocal(agentId) {
  * - "vault": Fetch from axvault server (requires credential name)
  * - "auto": Try vault if configured and name provided, fallback to local
  *
- * @param service - Service ID (e.g., "claude", "chatgpt", "gemini")
+ * @param service - Service ID (e.g., "claude", "codex", "gemini")
  * @returns Access token string or undefined if not available
  *
  * @example
@@ -110,7 +110,7 @@ async function fetchFromLocal(agentId) {
  */
 async function getServiceAccessToken(service) {
     const config = getServiceSourceConfig(service);
-    const agentId = SERVICE_TO_AGENT[service];
+    const agentId = service;
     switch (config.source) {
         case "local": {
             return fetchFromLocal(agentId);

package/dist/services/service-adapter-registry.d.ts

@@ -4,8 +4,8 @@ import type { ServiceAdapter } from "../types/domain.js";
  */
 export declare const SERVICE_ADAPTERS: {
     readonly claude: ServiceAdapter;
-    readonly chatgpt: ServiceAdapter;
-    readonly "github-copilot": ServiceAdapter;
+    readonly codex: ServiceAdapter;
+    readonly copilot: ServiceAdapter;
     readonly gemini: ServiceAdapter;
 };
 /**