axusage 3.6.0 → 3.7.0

package/README.md

@@ -112,12 +112,31 @@ Credential source config is read from:
 - Config file path shown in `axusage --help`
 - `AXUSAGE_SOURCES` environment variable (JSON), which overrides file config
 
+### Multi-Instance Configuration
+
+To monitor multiple accounts for the same service, use an array of instance configs:
+
+```json
+{
+  "claude": [
+    { "source": "vault", "name": "work", "displayName": "Claude (Work)" },
+    {
+      "source": "vault",
+      "name": "personal",
+      "displayName": "Claude (Personal)"
+    }
+  ]
+}
+```
+
+Each instance resolves credentials independently. Named credentials require vault to be configured (`AXVAULT` env). Single-instance configs can use string shorthand (`"auto"`, `"local"`, `"vault"`) or object form.
+
 ## Examples
 
 ### Extract service and utilization (TSV + awk)
 
 ```bash
-axusage --format tsv | tail -n +2 | awk -F'\t' '{print $1, $4"%"}'
+axusage --format tsv | tail -n +2 | awk -F'\t' '{print $1, $5"%"}'
 ```
 
 ### Count windows by service (TSV + cut/sort/uniq)
@@ -129,7 +148,7 @@ axusage --format tsv | tail -n +2 | cut -f1 | sort | uniq -c
 ### Filter by utilization threshold (TSV + awk)
 
 ```bash
-axusage --format tsv | tail -n +2 | awk -F'\t' '$4 > 50 {print $1, $3, $4"%"}'
+axusage --format tsv | tail -n +2 | awk -F'\t' '$5 > 50 {print $1, $4, $5"%"}'
 ```
 
 ### Extract utilization as JSON (JSON + jq)
@@ -180,7 +199,7 @@ AXUSAGE_PORT=9090 AXUSAGE_INTERVAL=60 axusage serve
 ### Endpoints
 
 - `GET /metrics` — Prometheus text exposition (`text/plain; version=0.0.4`). Serves cached data immediately; triggers a background refresh when stale. Returns 503 when all services are currently failing.
-- `GET /usage` — JSON array of usage objects (one per service). Waits for a fresh snapshot when stale. Returns 503 if no data is available. Date fields (e.g. `resetsAt`) are serialized as ISO 8601 strings.
+- `GET /usage` — JSON array of usage objects (one per service instance; multi-instance configs produce multiple entries per service type). Waits for a fresh snapshot when stale. Returns 503 if no data is available. Date fields (e.g. `resetsAt`) are serialized as ISO 8601 strings.
 - `GET /health` — JSON health status with version, last refresh time, tracked services, and errors. Always responds immediately from cached state without triggering a refresh.
 
 ### Container Deployment

package/dist/adapters/claude.d.ts

@@ -1,9 +1,2 @@
-import type { ServiceAdapter } from "../types/domain.js";
-/**
- * Claude service adapter using direct API access.
- *
- * This adapter uses the OAuth token from Claude Code's credential store
- * (Keychain on macOS, credentials file elsewhere) to make direct API calls
- * to the Anthropic usage endpoint.
- */
-export declare const claudeAdapter: ServiceAdapter;
+import type { ServiceUsageFetcher } from "../types/domain.js";
+export declare const claudeUsageFetcher: ServiceUsageFetcher;

package/dist/adapters/claude.js

@@ -1,6 +1,5 @@
 import { z } from "zod";
 import { ApiError } from "../types/domain.js";
-import { getServiceAccessToken } from "../services/get-service-access-token.js";
 import { UsageResponse as UsageResponseSchema } from "../types/usage.js";
 import { coalesceClaudeUsageResponse } from "./coalesce-claude-usage-response.js";
 import { toServiceUsageData } from "./parse-claude-usage.js";
@@ -33,64 +32,52 @@ async function fetchPlanType(accessToken) {
         return undefined;
     }
 }
-/**
- * Claude service adapter using direct API access.
- *
- * This adapter uses the OAuth token from Claude Code's credential store
- * (Keychain on macOS, credentials file elsewhere) to make direct API calls
- * to the Anthropic usage endpoint.
- */
-export const claudeAdapter = {
-    name: "Claude",
-    async fetchUsage() {
-        const accessToken = await getServiceAccessToken("claude");
-        if (!accessToken) {
+/** Fetch Claude usage data using a pre-resolved access token */
+async function fetchClaudeUsageWithToken(accessToken) {
+    try {
+        const [response, planType] = await Promise.all([
+            fetch(USAGE_API_URL, {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    "anthropic-beta": ANTHROPIC_BETA_HEADER,
+                },
+            }),
+            fetchPlanType(accessToken),
+        ]);
+        if (!response.ok) {
+            const errorText = await response.text().catch(() => "");
             return {
                 ok: false,
-                error: new ApiError("No Claude credentials found. Run 'claude' to authenticate."),
-            };
-        }
-        try {
-            const [response, planType] = await Promise.all([
-                fetch(USAGE_API_URL, {
-                    headers: {
-                        Authorization: `Bearer ${accessToken}`,
-                        "anthropic-beta": ANTHROPIC_BETA_HEADER,
-                    },
-                }),
-                fetchPlanType(accessToken),
-            ]);
-            if (!response.ok) {
-                const errorText = await response.text().catch(() => "");
-                return {
-                    ok: false,
-                    error: new ApiError(`Claude API request failed: ${String(response.status)} ${response.statusText}${errorText ? ` - ${errorText}` : ""}`, response.status),
-                };
-            }
-            const data = await response.json();
-            const parseResult = UsageResponseSchema.safeParse(coalesceClaudeUsageResponse(data) ?? data);
-            if (!parseResult.success) {
-                /* eslint-disable unicorn/no-null -- JSON.stringify requires null for no replacer */
-                console.error("Raw API response:", JSON.stringify(data, null, 2));
-                console.error("Validation errors:", JSON.stringify(z.treeifyError(parseResult.error), null, 2));
-                /* eslint-enable unicorn/no-null */
-                return {
-                    ok: false,
-                    error: new ApiError(`Invalid response format: ${parseResult.error.message}`, undefined, data),
-                };
-            }
-            const usageData = toServiceUsageData(parseResult.data);
-            return {
-                ok: true,
-                value: planType ? { ...usageData, planType } : usageData,
+                error: new ApiError(`Claude API request failed: ${String(response.status)} ${response.statusText}${errorText ? ` - ${errorText}` : ""}`, response.status),
             };
         }
-        catch (error) {
-            const message = error instanceof Error ? error.message : String(error);
+        const data = await response.json();
+        const parseResult = UsageResponseSchema.safeParse(coalesceClaudeUsageResponse(data) ?? data);
+        if (!parseResult.success) {
+            /* eslint-disable unicorn/no-null -- JSON.stringify requires null for no replacer */
+            console.error("Raw API response:", JSON.stringify(data, null, 2));
+            console.error("Validation errors:", JSON.stringify(z.treeifyError(parseResult.error), null, 2));
+            /* eslint-enable unicorn/no-null */
             return {
                 ok: false,
-                error: new ApiError(`Failed to fetch Claude usage: ${message}`),
+                error: new ApiError(`Invalid response format: ${parseResult.error.message}`, undefined, data),
             };
         }
-    },
+        const usageData = toServiceUsageData(parseResult.data);
+        return {
+            ok: true,
+            value: planType ? { ...usageData, planType } : usageData,
+        };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            ok: false,
+            error: new ApiError(`Failed to fetch Claude usage: ${message}`),
+        };
+    }
+}
+export const claudeUsageFetcher = {
+    name: "Claude",
+    fetchUsageWithToken: fetchClaudeUsageWithToken,
 };

package/dist/adapters/codex.d.ts

@@ -1,8 +1,2 @@
-import type { ServiceAdapter } from "../types/domain.js";
-/**
- * ChatGPT service adapter using direct API access.
- *
- * Uses the OAuth token from Codex CLI's credential store (~/.codex/auth.json)
- * to make direct API calls to ChatGPT's usage endpoint.
- */
-export declare const codexAdapter: ServiceAdapter;
+import type { ServiceUsageFetcher } from "../types/domain.js";
+export declare const codexUsageFetcher: ServiceUsageFetcher;

package/dist/adapters/codex.js

@@ -1,55 +1,43 @@
 import { ApiError } from "../types/domain.js";
-import { getServiceAccessToken } from "../services/get-service-access-token.js";
 import { CodexUsageResponse as CodexUsageResponseSchema } from "../types/codex.js";
 import { toServiceUsageData } from "./parse-codex-usage.js";
 const API_URL = "https://chatgpt.com/backend-api/wham/usage";
-/**
- * ChatGPT service adapter using direct API access.
- *
- * Uses the OAuth token from Codex CLI's credential store (~/.codex/auth.json)
- * to make direct API calls to ChatGPT's usage endpoint.
- */
-export const codexAdapter = {
-    name: "ChatGPT",
-    async fetchUsage() {
-        const accessToken = await getServiceAccessToken("codex");
-        if (!accessToken) {
+/** Fetch ChatGPT usage data using a pre-resolved access token */
+async function fetchCodexUsageWithToken(accessToken) {
+    try {
+        const response = await fetch(API_URL, {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+            },
+        });
+        if (!response.ok) {
+            const errorText = await response.text().catch(() => "");
             return {
                 ok: false,
-                error: new ApiError("No Codex credentials found. Run 'codex' to authenticate."),
+                error: new ApiError(`ChatGPT API request failed: ${String(response.status)} ${response.statusText}${errorText ? ` - ${errorText}` : ""}`, response.status),
             };
         }
-        try {
-            const response = await fetch(API_URL, {
-                headers: {
-                    Authorization: `Bearer ${accessToken}`,
-                },
-            });
-            if (!response.ok) {
-                const errorText = await response.text().catch(() => "");
-                return {
-                    ok: false,
-                    error: new ApiError(`ChatGPT API request failed: ${String(response.status)} ${response.statusText}${errorText ? ` - ${errorText}` : ""}`, response.status),
-                };
-            }
-            const data = await response.json();
-            const parseResult = CodexUsageResponseSchema.safeParse(data);
-            if (!parseResult.success) {
-                return {
-                    ok: false,
-                    error: new ApiError(`Invalid response format: ${parseResult.error.message}`, undefined, data),
-                };
-            }
-            return {
-                ok: true,
-                value: toServiceUsageData(parseResult.data),
-            };
-        }
-        catch (error) {
+        const data = await response.json();
+        const parseResult = CodexUsageResponseSchema.safeParse(data);
+        if (!parseResult.success) {
             return {
                 ok: false,
-                error: new ApiError(`Failed to fetch ChatGPT usage: ${error instanceof Error ? error.message : String(error)}`),
+                error: new ApiError(`Invalid response format: ${parseResult.error.message}`, undefined, data),
             };
         }
-    },
+        return {
+            ok: true,
+            value: toServiceUsageData(parseResult.data),
+        };
+    }
+    catch (error) {
+        return {
+            ok: false,
+            error: new ApiError(`Failed to fetch ChatGPT usage: ${error instanceof Error ? error.message : String(error)}`),
+        };
+    }
+}
+export const codexUsageFetcher = {
+    name: "ChatGPT",
+    fetchUsageWithToken: fetchCodexUsageWithToken,
 };

package/dist/adapters/copilot.d.ts

@@ -1,7 +1,2 @@
-import type { ServiceAdapter } from "../types/domain.js";
-/**
- * GitHub Copilot service adapter using token-based API access.
- *
- * Credentials resolved via getServiceAccessToken (vault, local axauth, gh CLI).
- */
-export declare const copilotAdapter: ServiceAdapter;
+import type { ServiceUsageFetcher } from "../types/domain.js";
+export declare const copilotUsageFetcher: ServiceUsageFetcher;

package/dist/adapters/copilot.js

@@ -1,58 +1,47 @@
 import { ApiError } from "../types/domain.js";
 import { CopilotUsageResponse as CopilotUsageResponseSchema } from "../types/copilot.js";
 import { toServiceUsageData } from "./parse-copilot-usage.js";
-import { getServiceAccessToken } from "../services/get-service-access-token.js";
 // Internal/undocumented GitHub API used by VS Code, JetBrains, and other
 // first-party Copilot integrations. May change without notice.
 const API_URL = "https://api.github.com/copilot_internal/user";
-/**
- * GitHub Copilot service adapter using token-based API access.
- *
- * Credentials resolved via getServiceAccessToken (vault, local axauth, gh CLI).
- */
-export const copilotAdapter = {
-    name: "GitHub Copilot",
-    async fetchUsage() {
-        const accessToken = await getServiceAccessToken("copilot");
-        if (!accessToken) {
+/** Fetch GitHub Copilot usage data using a pre-resolved access token */
+async function fetchCopilotUsageWithToken(accessToken) {
+    try {
+        const response = await fetch(API_URL, {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+                Accept: "application/json",
+            },
+        });
+        if (!response.ok) {
+            const errorText = await response.text().catch(() => "");
             return {
                 ok: false,
-                error: new ApiError("No GitHub Copilot credentials found. Run 'gh auth login' to authenticate."),
+                error: new ApiError(`GitHub Copilot API request failed: ${String(response.status)} ${response.statusText}${errorText ? ` - ${errorText}` : ""}`, response.status),
             };
         }
-        try {
-            const response = await fetch(API_URL, {
-                headers: {
-                    Authorization: `Bearer ${accessToken}`,
-                    Accept: "application/json",
-                },
-            });
-            if (!response.ok) {
-                const errorText = await response.text().catch(() => "");
-                return {
-                    ok: false,
-                    error: new ApiError(`GitHub Copilot API request failed: ${String(response.status)} ${response.statusText}${errorText ? ` - ${errorText}` : ""}`, response.status),
-                };
-            }
-            const data = await response.json();
-            const parseResult = CopilotUsageResponseSchema.safeParse(data);
-            if (!parseResult.success) {
-                return {
-                    ok: false,
-                    error: new ApiError(`Invalid response format: ${parseResult.error.message}`, undefined, data),
-                };
-            }
-            return {
-                ok: true,
-                value: toServiceUsageData(parseResult.data),
-            };
-        }
-        catch (error) {
-            const message = error instanceof Error ? error.message : String(error);
+        const data = await response.json();
+        const parseResult = CopilotUsageResponseSchema.safeParse(data);
+        if (!parseResult.success) {
             return {
                 ok: false,
-                error: new ApiError(`Failed to fetch GitHub Copilot usage: ${message}`),
+                error: new ApiError(`Invalid response format: ${parseResult.error.message}`, undefined, data),
             };
         }
-    },
+        return {
+            ok: true,
+            value: toServiceUsageData(parseResult.data),
+        };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            ok: false,
+            error: new ApiError(`Failed to fetch GitHub Copilot usage: ${message}`),
+        };
+    }
+}
+export const copilotUsageFetcher = {
+    name: "GitHub Copilot",
+    fetchUsageWithToken: fetchCopilotUsageWithToken,
 };

package/dist/adapters/gemini.d.ts

@@ -1,8 +1,2 @@
-import type { ServiceAdapter } from "../types/domain.js";
-/**
- * Gemini service adapter using direct API access.
- *
- * Uses the OAuth token from Gemini CLI's credential store (~/.gemini/oauth_creds.json)
- * to make direct API calls to Google's quota endpoint.
- */
-export declare const geminiAdapter: ServiceAdapter;
+import type { ServiceUsageFetcher } from "../types/domain.js";
+export declare const geminiUsageFetcher: ServiceUsageFetcher;

package/dist/adapters/gemini.js

@@ -1,43 +1,31 @@
 import { ApiError } from "../types/domain.js";
 import { fetchGeminiQuota, fetchGeminiProject, } from "../services/gemini-api.js";
-import { getServiceAccessToken } from "../services/get-service-access-token.js";
 import { toServiceUsageData } from "./parse-gemini-usage.js";
-/**
- * Gemini service adapter using direct API access.
- *
- * Uses the OAuth token from Gemini CLI's credential store (~/.gemini/oauth_creds.json)
- * to make direct API calls to Google's quota endpoint.
- */
-export const geminiAdapter = {
-    name: "Gemini",
-    async fetchUsage() {
-        const accessToken = await getServiceAccessToken("gemini");
-        if (!accessToken) {
-            return {
-                ok: false,
-                error: new ApiError("No Gemini credentials found. Run 'gemini' to authenticate."),
-            };
-        }
-        try {
-            // Discover project ID for more accurate quotas (best effort)
-            const projectId = await fetchGeminiProject(accessToken);
-            // Fetch quota data
-            const quotaResult = await fetchGeminiQuota(accessToken, projectId);
-            if (!quotaResult.ok) {
-                return quotaResult;
-            }
-            return {
-                ok: true,
-                value: toServiceUsageData(quotaResult.value),
-            };
+/** Fetch Gemini usage data using a pre-resolved access token */
+async function fetchGeminiUsageWithToken(accessToken) {
+    try {
+        // Discover project ID for more accurate quotas (best effort)
+        const projectId = await fetchGeminiProject(accessToken);
+        // Fetch quota data
+        const quotaResult = await fetchGeminiQuota(accessToken, projectId);
+        if (!quotaResult.ok) {
+            return quotaResult;
         }
-        catch (error) {
-            return {
-                ok: false,
-                error: error instanceof ApiError
-                    ? error
-                    : new ApiError(`Failed to fetch Gemini usage: ${error instanceof Error ? error.message : String(error)}`),
-            };
-        }
-    },
+        return {
+            ok: true,
+            value: toServiceUsageData(quotaResult.value),
+        };
+    }
+    catch (error) {
+        return {
+            ok: false,
+            error: error instanceof ApiError
+                ? error
+                : new ApiError(`Failed to fetch Gemini usage: ${error instanceof Error ? error.message : String(error)}`),
+        };
+    }
+}
+export const geminiUsageFetcher = {
+    name: "Gemini",
+    fetchUsageWithToken: fetchGeminiUsageWithToken,
 };

package/dist/adapters/parse-claude-usage.js

@@ -27,6 +27,7 @@ const parseResetTimestamp = (timestamp) => {
 export function toServiceUsageData(response) {
     return {
         service: "Claude",
+        serviceType: "claude",
         windows: [
             {
                 name: "5-Hour Usage",

package/dist/adapters/parse-codex-usage.js

@@ -15,6 +15,7 @@ export function toUsageWindow(name, window) {
 export function toServiceUsageData(response) {
     return {
         service: "ChatGPT",
+        serviceType: "codex",
         planType: response.plan_type,
         windows: [
             toUsageWindow("Primary Window (~5 hours)", response.rate_limit.primary_window),

package/dist/adapters/parse-copilot-usage.js

@@ -29,6 +29,7 @@ export function toServiceUsageData(response) {
     if (premium_interactions.unlimited) {
         return {
             service: "GitHub Copilot",
+            serviceType: "copilot",
             planType: response.copilot_plan,
             windows: [
                 {
@@ -48,6 +49,7 @@ export function toServiceUsageData(response) {
         : (used / premium_interactions.entitlement) * 100;
     return {
         service: "GitHub Copilot",
+        serviceType: "copilot",
         planType: response.copilot_plan,
         windows: [
             {

package/dist/adapters/parse-gemini-usage.js

@@ -145,6 +145,7 @@ export function toServiceUsageData(response, planType) {
     const windows = quotaPools.map((pool) => poolToUsageWindow(pool));
     return {
         service: "Gemini",
+        serviceType: "gemini",
         planType,
         windows,
     };

package/dist/cli.js

@@ -28,7 +28,7 @@ const program = new Command()
     .default("text"))
     .option("--auth-setup <service>", "set up authentication for a service (directs to appropriate CLI)")
     .option("--auth-status [service]", "check authentication status for services")
-    .addHelpText("after", () => `\nExamples:\n  # Fetch usage for all services\n  ${packageJson.name}\n\n  # JSON output for a single service\n  ${packageJson.name} --service claude --format json\n\n  # TSV output for piping to cut, awk, sort\n  ${packageJson.name} --format tsv | tail -n +2 | awk -F'\\t' '{print $1, $4"%"}'\n\n  # Filter Prometheus metrics with standard tools\n  ${packageJson.name} --format prometheus | grep axusage_utilization_percent\n\n  # Check authentication status for all services\n  ${packageJson.name} --auth-status\n\nSources config file: ${getCredentialSourcesPath()}\n(or set AXUSAGE_SOURCES to JSON to bypass file)\n\n${formatRequiresHelpText()}\nOverride CLI paths: AXUSAGE_CLAUDE_PATH, AXUSAGE_CODEX_PATH, AXUSAGE_GEMINI_PATH, AXUSAGE_GH_PATH\n`);
+    .addHelpText("after", () => `\nExamples:\n  # Fetch usage for all services\n  ${packageJson.name}\n\n  # JSON output for a single service\n  ${packageJson.name} --service claude --format json\n\n  # TSV output for piping to cut, awk, sort\n  ${packageJson.name} --format tsv | tail -n +2 | awk -F'\\t' '{print $1, $5"%"}'\n\n  # Filter Prometheus metrics with standard tools\n  ${packageJson.name} --format prometheus | grep axusage_utilization_percent\n\n  # Check authentication status for all services\n  ${packageJson.name} --auth-status\n\nSources config file: ${getCredentialSourcesPath()}\n(or set AXUSAGE_SOURCES to JSON to bypass file)\n\n${formatRequiresHelpText()}\nOverride CLI paths: AXUSAGE_CLAUDE_PATH, AXUSAGE_CODEX_PATH, AXUSAGE_GEMINI_PATH, AXUSAGE_GH_PATH\n`);
 program
     .command("serve")
     .description("Start HTTP server exposing Prometheus metrics at /metrics and usage JSON at /usage")

package/dist/commands/fetch-service-usage.d.ts

@@ -1,7 +1,13 @@
-import type { ApiError, Result, ServiceUsageData } from "../types/domain.js";
+import type { ServiceResult } from "../types/domain.js";
 export type UsageCommandOptions = {
     readonly service?: string;
     readonly format?: "text" | "tsv" | "json" | "prometheus";
 };
 export declare function selectServicesToQuery(service?: string): string[];
-export declare function fetchServiceUsage(serviceName: string): Promise<Result<ServiceUsageData, ApiError>>;
+/**
+ * Fetch usage for all instances of a service type.
+ *
+ * Resolves tokens and fetches usage for each configured instance in parallel.
+ * Produces N results with resolved display names and stable instance IDs.
+ */
+export declare function fetchServiceInstanceUsage(serviceType: string): Promise<ServiceResult[]>;

package/dist/commands/fetch-service-usage.js

@@ -1,20 +1,87 @@
 import { ApiError as ApiErrorClass } from "../types/domain.js";
-import { getAvailableServices, getServiceAdapter, } from "../services/service-adapter-registry.js";
+import { getAvailableServices, getServiceUsageFetcher, } from "../services/service-adapter-registry.js";
+import { getServiceInstanceConfigs } from "../config/credential-sources.js";
+import { getInstanceAccessToken } from "../services/get-instance-access-token.js";
+import { resolveInstanceDisplayName } from "../services/resolve-service-instances.js";
 export function selectServicesToQuery(service) {
     const normalized = service?.toLowerCase();
     if (!service || normalized === "all")
         return getAvailableServices();
     return [service];
 }
-export async function fetchServiceUsage(serviceName) {
-    const adapter = getServiceAdapter(serviceName);
-    if (!adapter) {
+/**
+ * Derive a stable instance identifier for metrics labeling.
+ * Uses credential name when available, otherwise falls back to service type.
+ */
+function deriveInstanceId(serviceType, credentialName, index, total) {
+    if (credentialName)
+        return credentialName;
+    if (total === 1)
+        return serviceType;
+    return `${serviceType}-${String(index + 1)}`;
+}
+/**
+ * Fetch usage for all instances of a service type.
+ *
+ * Resolves tokens and fetches usage for each configured instance in parallel.
+ * Produces N results with resolved display names and stable instance IDs.
+ */
+export async function fetchServiceInstanceUsage(serviceType) {
+    const normalized = serviceType.toLowerCase();
+    const fetcher = getServiceUsageFetcher(normalized);
+    if (!fetcher) {
         const available = getAvailableServices().join(", ");
+        return [
+            {
+                service: serviceType,
+                result: {
+                    ok: false,
+                    error: new ApiErrorClass(`Unknown service "${serviceType}". Supported services: ${available}. ` +
+                        "Run 'axusage --help' for usage."),
+                },
+            },
+        ];
+    }
+    const instanceConfigs = getServiceInstanceConfigs(normalized);
+    const results = await Promise.all(instanceConfigs.map(async (config, index) => {
+        const tokenResult = await getInstanceAccessToken(normalized, config);
+        if (!tokenResult.token) {
+            const label = config.name ?? normalized;
+            const isVaultPath = config.source === "vault" ||
+                (config.source === "auto" && config.name !== undefined);
+            return {
+                service: normalized,
+                result: {
+                    ok: false,
+                    error: new ApiErrorClass(`No credentials found for ${label}. ` +
+                        (isVaultPath
+                            ? config.name
+                                ? `Check that vault is configured and credential "${config.name}" exists.`
+                                : `Check that vault is configured. Set a credential name in config.`
+                            : `Run the agent CLI to authenticate.`)),
+                },
+            };
+        }
+        const usageResult = await fetcher.fetchUsageWithToken(tokenResult.token);
+        if (usageResult.ok) {
+            const displayName = resolveInstanceDisplayName(config.displayName, tokenResult.vaultDisplayName, fetcher.name, index, instanceConfigs.length);
+            const instanceId = deriveInstanceId(normalized, config.name, index, instanceConfigs.length);
+            return {
+                service: normalized,
+                result: {
+                    ok: true,
+                    value: {
+                        ...usageResult.value,
+                        service: displayName,
+                        instanceId,
+                    },
+                },
+            };
+        }
         return {
-            ok: false,
-            error: new ApiErrorClass(`Unknown service "${serviceName}". Supported services: ${available}. ` +
-                "Run 'axusage --help' for usage."),
+            service: normalized,
+            result: usageResult,
         };
-    }
-    return await adapter.fetchUsage();
+    }));
+    return results;
 }

package/dist/commands/usage-command.d.ts

@@ -2,6 +2,7 @@ import type { ServiceResult } from "../types/domain.js";
 import type { UsageCommandOptions } from "./fetch-service-usage.js";
 /**
  * Fetches usage for all requested services in parallel.
+ * Each service type may produce multiple results (multi-instance support).
  */
 export declare function fetchServicesInParallel(servicesToQuery: string[]): Promise<ServiceResult[]>;
 /**

package/dist/commands/usage-command.js

@@ -1,16 +1,15 @@
 import { formatServiceUsageData, formatServiceUsageDataAsJson, formatServiceUsageAsTsv, toJsonObject, } from "../utils/format-service-usage.js";
 import { formatPrometheusMetrics } from "../utils/format-prometheus-metrics.js";
-import { fetchServiceUsage, selectServicesToQuery, } from "./fetch-service-usage.js";
+import { fetchServiceInstanceUsage, selectServicesToQuery, } from "./fetch-service-usage.js";
 import { isAuthFailure } from "./run-auth-setup.js";
 import { chalk } from "../utils/color.js";
 /**
  * Fetches usage for all requested services in parallel.
+ * Each service type may produce multiple results (multi-instance support).
  */
 export async function fetchServicesInParallel(servicesToQuery) {
-    return await Promise.all(servicesToQuery.map(async (serviceName) => {
-        const result = await fetchServiceUsage(serviceName);
-        return { service: serviceName, result };
-    }));
+    const nestedResults = await Promise.all(servicesToQuery.map((serviceName) => fetchServiceInstanceUsage(serviceName)));
+    return nestedResults.flat();
 }
 /**
  * Executes the usage command

package/dist/config/credential-sources.d.ts

@@ -4,7 +4,9 @@
  * Supports three modes:
  * - "local": Use local credentials from axauth (default behavior)
  * - "vault": Fetch credentials from axvault server
- * - "auto": Try vault first if configured and credential name provided, fallback to local
+ * - "auto": Without a credential name, uses local credentials. With a named
+ *   credential, requires vault (no local fallback) to prevent returning the same
+ *   local token for multiple instances. Vault must be configured for named credentials.
  */
 import { z } from "zod";
 import type { SupportedService } from "../services/supported-service.js";
@@ -15,18 +17,12 @@ declare const CredentialSourceType: z.ZodEnum<{
     vault: "vault";
 }>;
 type CredentialSourceType = z.infer<typeof CredentialSourceType>;
-/** Resolved source config with normalized fields */
-interface ResolvedSourceConfig {
+/** Resolved instance config with display name */
+interface ResolvedInstanceConfig {
     source: CredentialSourceType;
     name: string | undefined;
+    displayName: string | undefined;
 }
-/**
- * Get the resolved source config for a specific service.
- *
- * @param service - Service ID (e.g., "claude", "codex", "gemini")
- * @returns Resolved config with source type and optional credential name
- */
-declare function getServiceSourceConfig(service: SupportedService): ResolvedSourceConfig;
 /**
  * Get the credential sources config file path.
  *
@@ -35,4 +31,13 @@ declare function getServiceSourceConfig(service: SupportedService): ResolvedSour
  * directory during construction).
  */
 declare function getCredentialSourcesPath(): string;
-export { getServiceSourceConfig, getCredentialSourcesPath };
+/**
+ * Get all instance configs for a service, normalizing all config forms to an array.
+ *
+ * - String shorthand → single instance with that source
+ * - Object → single instance
+ * - Array → multiple instances
+ */
+declare function getServiceInstanceConfigs(service: SupportedService): ResolvedInstanceConfig[];
+export { getServiceInstanceConfigs, getCredentialSourcesPath };
+export type { ResolvedInstanceConfig };

package/dist/config/credential-sources.js

@@ -4,7 +4,9 @@
  * Supports three modes:
  * - "local": Use local credentials from axauth (default behavior)
  * - "vault": Fetch credentials from axvault server
- * - "auto": Try vault first if configured and credential name provided, fallback to local
+ * - "auto": Without a credential name, uses local credentials. With a named
+ *   credential, requires vault (no local fallback) to prevent returning the same
+ *   local token for multiple instances. Vault must be configured for named credentials.
  */
 import Conf from "conf";
 import envPaths from "env-paths";
@@ -12,13 +14,17 @@ import path from "node:path";
 import { z } from "zod";
 /** Credential source type */
 const CredentialSourceType = z.enum(["auto", "local", "vault"]);
-/** Service source config - either a string shorthand or object with name */
+/** Instance source config - object form with optional name and displayName */
+const InstanceSourceConfig = z.object({
+    source: CredentialSourceType,
+    name: z.string().min(1).optional(),
+    displayName: z.string().min(1).optional(),
+});
+/** Service source config - string shorthand, object, or array of objects */
 const ServiceSourceConfig = z.union([
     CredentialSourceType,
-    z.object({
-        source: CredentialSourceType,
-        name: z.string().optional(),
-    }),
+    InstanceSourceConfig,
+    z.array(InstanceSourceConfig).min(1),
 ]);
 /** Full sources config - map of service ID to source config */
 const SourcesConfig = z.record(z.string(), ServiceSourceConfig);
@@ -96,26 +102,6 @@ function getCredentialSourceConfig() {
     // Priority 3: Empty (defaults apply)
     return {};
 }
-/**
- * Get the resolved source config for a specific service.
- *
- * @param service - Service ID (e.g., "claude", "codex", "gemini")
- * @returns Resolved config with source type and optional credential name
- */
-function getServiceSourceConfig(service) {
-    const config = getCredentialSourceConfig();
-    const serviceConfig = config[service];
-    // Default: auto mode with no credential name
-    if (serviceConfig === undefined) {
-        return { source: "auto", name: undefined };
-    }
-    // String shorthand: just the source type
-    if (typeof serviceConfig === "string") {
-        return { source: serviceConfig, name: undefined };
-    }
-    // Object: source and name
-    return { source: serviceConfig.source, name: serviceConfig.name };
-}
 /**
  * Get the credential sources config file path.
  *
@@ -127,4 +113,39 @@ function getCredentialSourcesPath() {
     const configDirectory = envPaths("axusage", { suffix: "" }).config;
     return path.resolve(configDirectory, "config.json");
 }
-export { getServiceSourceConfig, getCredentialSourcesPath };
+/**
+ * Get all instance configs for a service, normalizing all config forms to an array.
+ *
+ * - String shorthand → single instance with that source
+ * - Object → single instance
+ * - Array → multiple instances
+ */
+function getServiceInstanceConfigs(service) {
+    const config = getCredentialSourceConfig();
+    const serviceConfig = config[service];
+    // Default: single auto instance
+    if (serviceConfig === undefined) {
+        return [{ source: "auto", name: undefined, displayName: undefined }];
+    }
+    // String shorthand: single instance with that source
+    if (typeof serviceConfig === "string") {
+        return [{ source: serviceConfig, name: undefined, displayName: undefined }];
+    }
+    // Array: multiple instances
+    if (Array.isArray(serviceConfig)) {
+        return serviceConfig.map((instance) => ({
+            source: instance.source,
+            name: instance.name,
+            displayName: instance.displayName,
+        }));
+    }
+    // Object: single instance
+    return [
+        {
+            source: serviceConfig.source,
+            name: serviceConfig.name,
+            displayName: serviceConfig.displayName,
+        },
+    ];
+}
+export { getServiceInstanceConfigs, getCredentialSourcesPath };

package/dist/services/get-instance-access-token.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Instance-aware credential fetcher.
+ *
+ * Resolves an access token for a specific service instance config,
+ * returning vault metadata (displayName) alongside the token.
+ */
+import type { ResolvedInstanceConfig } from "../config/credential-sources.js";
+/** Result of resolving an instance token */
+interface InstanceTokenResult {
+    token: string | undefined;
+    vaultDisplayName: string | undefined;
+}
+/**
+ * Get access token for a specific service instance.
+ *
+ * Returns vault metadata (displayName) alongside the token
+ * for multi-instance identification.
+ */
+declare function getInstanceAccessToken(service: string, config: ResolvedInstanceConfig): Promise<InstanceTokenResult>;
+export { getInstanceAccessToken };

package/dist/services/{get-service-access-token.js → get-instance-access-token.js}

@@ -1,13 +1,10 @@
 /**
- * Unified credential fetcher for services.
+ * Instance-aware credential fetcher.
  *
- * Fetches access tokens based on per-service configuration:
- * - "local": From local axauth credential store
- * - "vault": From axvault server
- * - "auto": Try vault first if configured, fallback to local
+ * Resolves an access token for a specific service instance config,
+ * returning vault metadata (displayName) alongside the token.
  */
 import { fetchVaultCredentials, getAgentAccessToken, isVaultConfigured, } from "axauth";
-import { getServiceSourceConfig } from "../config/credential-sources.js";
 import { getCopilotTokenFromCustomGhPath } from "../utils/copilot-gh-token.js";
 /**
  * Extract access token from vault credentials.
@@ -42,41 +39,32 @@ function extractAccessToken(credentials) {
     }
     return undefined;
 }
-/**
- * Fetch access token from vault.
- *
- * @returns Access token string or undefined if not available
- */
-async function fetchFromVault(agentId, credentialName) {
+/** Fetch access token from vault, returning metadata alongside the token */
+async function fetchFromVaultWithMetadata(agentId, credentialName) {
     try {
         const result = await fetchVaultCredentials({
             agentId,
             name: credentialName,
         });
         if (!result.ok) {
-            // Log warning for debugging, but don't fail hard
             if (result.reason !== "not-configured" && result.reason !== "not-found") {
                 console.error(`[axusage] Vault fetch failed for ${agentId}/${credentialName}: ${result.reason}`);
             }
-            return undefined;
+            return { token: undefined, vaultDisplayName: undefined };
         }
         const token = extractAccessToken(result.credentials);
         if (!token) {
             console.error(`[axusage] Vault credentials for ${agentId}/${credentialName} missing access token. ` +
                 `Credential type: ${result.credentials.type}`);
         }
-        return token;
+        return { token, vaultDisplayName: result.displayName };
     }
     catch (error) {
         console.error(`[axusage] Vault fetch error for ${agentId}/${credentialName}: ${error instanceof Error ? error.message : String(error)}`);
-        return undefined;
+        return { token: undefined, vaultDisplayName: undefined };
     }
 }
-/**
- * Fetch access token from local credential store.
- *
- * @returns Access token string or undefined if not available
- */
+/** Fetch access token from local credential store */
 async function fetchFromLocal(agentId) {
     try {
         const token = await getAgentAccessToken(agentId);
@@ -92,55 +80,46 @@ async function fetchFromLocal(agentId) {
     return undefined;
 }
 /**
- * Get access token for a service.
- *
- * Uses the configured credential source for the service:
- * - "local": Fetch from local axauth credential store
- * - "vault": Fetch from axvault server (requires credential name)
- * - "auto": Try vault if configured and name provided, fallback to local
+ * Get access token for a specific service instance.
  *
- * @param service - Service ID (e.g., "claude", "codex", "gemini")
- * @returns Access token string or undefined if not available
- *
- * @example
- * const token = await getServiceAccessToken("claude");
- * if (!token) {
- *   console.error("No credentials found for Claude");
- * }
+ * Returns vault metadata (displayName) alongside the token
+ * for multi-instance identification.
  */
-async function getServiceAccessToken(service) {
-    const config = getServiceSourceConfig(service);
+async function getInstanceAccessToken(service, config) {
     const agentId = service;
     switch (config.source) {
         case "local": {
-            return fetchFromLocal(agentId);
+            const token = await fetchFromLocal(agentId);
+            return { token, vaultDisplayName: undefined };
         }
         case "vault": {
             if (!config.name) {
                 console.error(`[axusage] Vault source requires credential name for ${service}. ` +
                     `Set {"${service}": {"source": "vault", "name": "your-name"}} in config.`);
-                return undefined;
+                return { token: undefined, vaultDisplayName: undefined };
             }
-            const token = await fetchFromVault(agentId, config.name);
-            if (!token) {
-                // User explicitly selected vault but it failed - provide clear feedback
+            const result = await fetchFromVaultWithMetadata(agentId, config.name);
+            if (!result.token) {
                 console.error(`[axusage] Vault credential fetch failed for ${service}. ` +
                     `Check that vault is configured (AXVAULT env) and credential "${config.name}" exists.`);
             }
-            return token;
+            return result;
         }
         case "auto": {
-            // Auto mode: try vault first if configured and name provided
-            if (config.name && isVaultConfigured()) {
-                const vaultToken = await fetchFromVault(agentId, config.name);
-                if (vaultToken) {
-                    return vaultToken;
+            if (config.name) {
+                // Named credential: vault-only to avoid silently returning
+                // the same local token for multiple instances
+                if (!isVaultConfigured()) {
+                    console.error(`[axusage] Named credential "${config.name}" for ${service} requires vault, ` +
+                        `but vault is not configured. Set AXVAULT env or use source "local" instead.`);
+                    return { token: undefined, vaultDisplayName: undefined };
                 }
-                // Fallback to local if vault failed
+                return fetchFromVaultWithMetadata(agentId, config.name);
             }
-            // No credential name or vault not configured: use local only
-            return fetchFromLocal(agentId);
+            // No credential name: use local
+            const token = await fetchFromLocal(agentId);
+            return { token, vaultDisplayName: undefined };
         }
     }
 }
-export { getServiceAccessToken };
+export { getInstanceAccessToken };

package/dist/services/resolve-service-instances.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Pure functions for resolving display names for service instances.
+ *
+ * Priority: config displayName > vault displayName > auto-number (multi) / adapter default (single)
+ */
+/**
+ * Resolve the display name for a service instance.
+ *
+ * For single-instance configs: config displayName > vault displayName > adapter default name
+ * For multi-instance without displayName: "Claude #1", "Claude #2"
+ */
+declare function resolveInstanceDisplayName(configDisplayName: string | undefined, vaultDisplayName: string | undefined, defaultName: string, index: number, total: number): string;
+export { resolveInstanceDisplayName };

package/dist/services/resolve-service-instances.js

@@ -0,0 +1,24 @@
+/**
+ * Pure functions for resolving display names for service instances.
+ *
+ * Priority: config displayName > vault displayName > auto-number (multi) / adapter default (single)
+ */
+/**
+ * Resolve the display name for a service instance.
+ *
+ * For single-instance configs: config displayName > vault displayName > adapter default name
+ * For multi-instance without displayName: "Claude #1", "Claude #2"
+ */
+function resolveInstanceDisplayName(configDisplayName, vaultDisplayName, defaultName, index, total) {
+    // Explicit displayName always wins
+    if (configDisplayName)
+        return configDisplayName;
+    if (vaultDisplayName)
+        return vaultDisplayName;
+    // Single instance: use adapter default
+    if (total === 1)
+        return defaultName;
+    // Multi-instance without displayName: auto-number
+    return `${defaultName} #${String(index + 1)}`;
+}
+export { resolveInstanceDisplayName };

package/dist/services/service-adapter-registry.d.ts

@@ -1,17 +1,8 @@
-import type { ServiceAdapter } from "../types/domain.js";
+import type { ServiceUsageFetcher } from "../types/domain.js";
 /**
- * Registry of available service adapters
+ * Get a token-based usage fetcher by service type
  */
-export declare const SERVICE_ADAPTERS: {
-    readonly claude: ServiceAdapter;
-    readonly codex: ServiceAdapter;
-    readonly copilot: ServiceAdapter;
-    readonly gemini: ServiceAdapter;
-};
-/**
- * Get a service adapter by name
- */
-export declare function getServiceAdapter(name: string): ServiceAdapter | undefined;
+export declare function getServiceUsageFetcher(name: string): ServiceUsageFetcher | undefined;
 /**
  * Get all available service names
  */

package/dist/services/service-adapter-registry.js

@@ -1,26 +1,26 @@
-import { codexAdapter } from "../adapters/codex.js";
-import { claudeAdapter } from "../adapters/claude.js";
-import { geminiAdapter } from "../adapters/gemini.js";
-import { copilotAdapter } from "../adapters/copilot.js";
+import { codexUsageFetcher } from "../adapters/codex.js";
+import { claudeUsageFetcher } from "../adapters/claude.js";
+import { geminiUsageFetcher } from "../adapters/gemini.js";
+import { copilotUsageFetcher } from "../adapters/copilot.js";
 /**
- * Registry of available service adapters
+ * Registry of token-based usage fetchers
  */
-export const SERVICE_ADAPTERS = {
-    claude: claudeAdapter,
-    codex: codexAdapter,
-    copilot: copilotAdapter,
-    gemini: geminiAdapter,
+const SERVICE_USAGE_FETCHERS = {
+    claude: claudeUsageFetcher,
+    codex: codexUsageFetcher,
+    copilot: copilotUsageFetcher,
+    gemini: geminiUsageFetcher,
 };
 /**
- * Get a service adapter by name
+ * Get a token-based usage fetcher by service type
  */
-export function getServiceAdapter(name) {
+export function getServiceUsageFetcher(name) {
     const key = name.toLowerCase();
-    return SERVICE_ADAPTERS[key];
+    return SERVICE_USAGE_FETCHERS[key];
 }
 /**
  * Get all available service names
  */
 export function getAvailableServices() {
-    return Object.keys(SERVICE_ADAPTERS);
+    return Object.keys(SERVICE_USAGE_FETCHERS);
 }

package/dist/types/domain.d.ts

@@ -14,7 +14,12 @@ export type UsageWindow = {
  * Complete usage data for a service
  */
 export type ServiceUsageData = {
+    /** Display name (may be overridden by instance displayName) */
     readonly service: string;
+    /** Stable machine key (e.g., "claude", "codex") for filtering and labeling */
+    readonly serviceType: string;
+    /** Stable per-instance identifier for metrics (derived from credential name or config key) */
+    readonly instanceId?: string;
     readonly planType?: string;
     readonly windows: readonly UsageWindow[];
     readonly metadata?: {
@@ -41,11 +46,12 @@ export declare class ApiError extends Error {
     constructor(message: string, status?: number, body?: unknown);
 }
 /**
- * Service adapter interface
+ * Token-based usage fetcher for a service.
+ * Tokens are resolved externally via credential sources.
  */
-export interface ServiceAdapter {
+export interface ServiceUsageFetcher {
     readonly name: string;
-    fetchUsage(): Promise<Result<ServiceUsageData, ApiError>>;
+    fetchUsageWithToken(accessToken: string): Promise<Result<ServiceUsageData, ApiError>>;
 }
 /**
  * Result of fetching usage for a single service.

package/dist/utils/format-prometheus-metrics.js

@@ -9,18 +9,23 @@ export async function formatPrometheusMetrics(data, now) {
     const utilizationGauge = new Gauge({
         name: "axusage_utilization_percent",
         help: "Current utilization percentage by service/window",
-        labelNames: ["service", "window"],
+        labelNames: ["service", "service_type", "instance_id", "window"],
         registers: [registry],
     });
     const rateGauge = new Gauge({
         name: "axusage_usage_rate",
         help: "Usage rate (utilization / elapsed fraction of period); >1 means over budget",
-        labelNames: ["service", "window"],
+        labelNames: ["service", "service_type", "instance_id", "window"],
         registers: [registry],
     });
     for (const entry of data) {
         for (const w of entry.windows) {
-            const labels = { service: entry.service, window: w.name };
+            const labels = {
+                service: entry.service,
+                service_type: entry.serviceType,
+                instance_id: entry.instanceId ?? entry.serviceType,
+                window: w.name,
+            };
             utilizationGauge.set(labels, w.utilization);
             const rate = calculateUsageRate(w.utilization, w.resetsAt, w.periodDurationMs, now);
             if (rate !== undefined) {

package/dist/utils/format-service-usage.js

@@ -71,6 +71,8 @@ export function formatServiceUsageData(data) {
 export function toJsonObject(data, now) {
     return {
         service: data.service,
+        serviceType: data.serviceType,
+        ...(data.instanceId !== undefined && { instanceId: data.instanceId }),
         planType: data.planType,
         windows: data.windows.map((w) => {
             const rate = calculateUsageRate(w.utilization, w.resetsAt, w.periodDurationMs, now);
@@ -92,7 +94,7 @@ export function formatServiceUsageDataAsJson(data) {
     // eslint-disable-next-line unicorn/no-null -- JSON.stringify requires null for no replacer
     return JSON.stringify(toJsonObject(data, Date.now()), null, 2);
 }
-const TSV_HEADER = "SERVICE\tPLAN\tWINDOW\tUTILIZATION\tRATE\tRESETS_AT";
+const TSV_HEADER = "SERVICE\tSERVICE_TYPE\tPLAN\tWINDOW\tUTILIZATION\tRATE\tRESETS_AT";
 /**
  * Sanitizes a string for TSV output by replacing tabs and newlines with spaces.
  */
@@ -108,6 +110,7 @@ function formatServiceUsageRowsAsTsv(data) {
         const rate = calculateUsageRate(w.utilization, w.resetsAt, w.periodDurationMs, Date.now());
         return [
             sanitizeForTsv(data.service),
+            sanitizeForTsv(data.serviceType),
             sanitizeForTsv(data.planType ?? "-"),
             sanitizeForTsv(w.name),
             w.utilization.toFixed(2),

package/package.json

@@ -2,7 +2,7 @@
   "name": "axusage",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "3.6.0",
+  "version": "3.7.0",
   "description": "Monitor API usage across Claude, ChatGPT, GitHub Copilot, and Gemini from a single CLI",
   "repository": {
     "type": "git",
@@ -47,13 +47,13 @@
     "llm",
     "monitoring"
   ],
-  "packageManager": "pnpm@10.30.1",
+  "packageManager": "pnpm@10.30.2",
   "engines": {
     "node": ">=22.14.0"
   },
   "dependencies": {
     "@commander-js/extra-typings": "^14.0.0",
-    "axauth": "^3.1.6",
+    "axauth": "^3.2.0",
     "chalk": "^5.6.2",
     "commander": "^14.0.3",
     "conf": "^15.1.0",
@@ -65,10 +65,10 @@
   "devDependencies": {
     "@total-typescript/ts-reset": "^0.6.1",
     "@types/express": "^5.0.6",
-    "@types/node": "^25.3.0",
+    "@types/node": "^25.3.1",
     "@vitest/coverage-v8": "^4.0.18",
-    "eslint": "^10.0.1",
-    "eslint-config-axkit": "^1.2.1",
+    "eslint": "^10.0.2",
+    "eslint-config-axkit": "^1.3.0",
     "fta-check": "^1.5.1",
     "fta-cli": "^3.0.0",
     "knip": "^5.85.0",

package/dist/services/get-service-access-token.d.ts

@@ -1,28 +0,0 @@
-/**
- * Unified credential fetcher for services.
- *
- * Fetches access tokens based on per-service configuration:
- * - "local": From local axauth credential store
- * - "vault": From axvault server
- * - "auto": Try vault first if configured, fallback to local
- */
-import type { SupportedService } from "./supported-service.js";
-/**
- * Get access token for a service.
- *
- * Uses the configured credential source for the service:
- * - "local": Fetch from local axauth credential store
- * - "vault": Fetch from axvault server (requires credential name)
- * - "auto": Try vault if configured and name provided, fallback to local
- *
- * @param service - Service ID (e.g., "claude", "codex", "gemini")
- * @returns Access token string or undefined if not available
- *
- * @example
- * const token = await getServiceAccessToken("claude");
- * if (!token) {
- *   console.error("No credentials found for Claude");
- * }
- */
-declare function getServiceAccessToken(service: SupportedService): Promise<string | undefined>;
-export { getServiceAccessToken };