byterover-cli 2.1.5 → 2.3.0

package/dist/agent/infra/llm/providers/openai.d.ts

@@ -2,6 +2,18 @@
  * OpenAI Provider Module
  *
  * Direct access to GPT models via @ai-sdk/openai.
+ * Supports both standard OpenAI API and ChatGPT OAuth (Codex) endpoint.
  */
 import type { ProviderModule } from './types.js';
+/**
+ * Custom fetch wrapper for the ChatGPT OAuth endpoint.
+ *
+ * The ChatGPT OAuth Responses API has stricter requirements than the standard
+ * OpenAI API — certain fields are required and others are rejected:
+ * - `instructions` is required (system prompt — defaults to empty)
+ * - `store` must be false
+ * - `max_output_tokens` is not supported (must be omitted)
+ * - `id` fields on input items are rejected
+ */
+export declare function createChatGptOAuthFetch(): typeof globalThis.fetch;
 export declare const openaiProvider: ProviderModule;

package/dist/agent/infra/llm/providers/openai.js

@@ -2,16 +2,67 @@
  * OpenAI Provider Module
  *
  * Direct access to GPT models via @ai-sdk/openai.
+ * Supports both standard OpenAI API and ChatGPT OAuth (Codex) endpoint.
  */
 import { createOpenAI } from '@ai-sdk/openai';
+import { CHATGPT_OAUTH_BASE_URL } from '../../../../shared/constants/oauth.js';
 import { AiSdkContentGenerator } from '../generators/ai-sdk-content-generator.js';
+/**
+ * Custom fetch wrapper for the ChatGPT OAuth endpoint.
+ *
+ * The ChatGPT OAuth Responses API has stricter requirements than the standard
+ * OpenAI API — certain fields are required and others are rejected:
+ * - `instructions` is required (system prompt — defaults to empty)
+ * - `store` must be false
+ * - `max_output_tokens` is not supported (must be omitted)
+ * - `id` fields on input items are rejected
+ */
+/* eslint-disable n/no-unsupported-features/node-builtins */
+export function createChatGptOAuthFetch() {
+    return async (input, init) => {
+        if (init?.method === 'POST' && init.body) {
+            if (typeof init.body !== 'string') {
+                return globalThis.fetch(input, init);
+            }
+            let body;
+            try {
+                body = JSON.parse(init.body);
+            }
+            catch {
+                return globalThis.fetch(input, init);
+            }
+            if (!body.instructions) {
+                body.instructions = '';
+            }
+            body.store = false;
+            delete body.max_output_tokens;
+            if (Array.isArray(body.input)) {
+                for (const item of body.input) {
+                    if (typeof item === 'object' && item !== null && 'id' in item) {
+                        const record = item;
+                        delete record.id;
+                    }
+                }
+            }
+            init = { ...init, body: JSON.stringify(body) };
+        }
+        return globalThis.fetch(input, init);
+    };
+}
+/* eslint-enable n/no-unsupported-features/node-builtins */
 export const openaiProvider = {
     apiKeyUrl: 'https://platform.openai.com/api-keys',
     authType: 'api-key',
     baseUrl: 'https://api.openai.com/v1',
     category: 'popular',
     createGenerator(config) {
-        const provider = createOpenAI({ apiKey: config.apiKey });
+        const useChatGptOAuth = config.baseUrl === CHATGPT_OAUTH_BASE_URL;
+        const provider = createOpenAI({
+            apiKey: config.apiKey ?? '',
+            baseURL: config.baseUrl,
+            fetch: useChatGptOAuth ? createChatGptOAuthFetch() : undefined,
+            headers: config.headers,
+        });
         return new AiSdkContentGenerator({
             model: provider.responses(config.model),
         });

package/dist/oclif/commands/curate/index.js

@@ -3,7 +3,7 @@ import { randomUUID } from 'node:crypto';
 import { TransportStateEventNames } from '../../../server/core/domain/transport/index.js';
 import { extractCurateOperations } from '../../../server/utils/curate-result-parser.js';
 import { TaskEvents } from '../../../shared/transport/events/index.js';
-import { formatConnectionError, hasLeakedHandles, withDaemonRetry, } from '../../lib/daemon-client.js';
+import { formatConnectionError, hasLeakedHandles, providerMissingMessage, withDaemonRetry, } from '../../lib/daemon-client.js';
 import { writeJsonResponse } from '../../lib/json-response.js';
 import { waitForTaskCompletion } from '../../lib/task-client.js';
 export default class Curate extends Command {
@@ -91,7 +91,7 @@ Bad examples:
                     throw new Error('No provider connected. Run "brv providers connect byterover" to use the free built-in provider, or connect another provider.');
                 }
                 if (active.providerKeyMissing) {
-                    throw new Error(`${active.activeProvider} API key is missing from storage.\nPlease reconnect: brv providers connect ${active.activeProvider} --api-key <your-key>`);
+                    throw new Error(providerMissingMessage(active.activeProvider, active.authMethod));
                 }
                 await this.submitTask({ client, content: resolvedContent, flags, format, projectRoot, taskType });
             }, {

package/dist/oclif/commands/locations.d.ts

@@ -0,0 +1,14 @@
+import { Command } from '@oclif/core';
+import type { ProjectLocationDTO } from '../../shared/transport/types/dto.js';
+import { type DaemonClientOptions } from '../lib/daemon-client.js';
+export default class Locations extends Command {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        format: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    protected fetchLocations(options?: DaemonClientOptions): Promise<ProjectLocationDTO[]>;
+    run(): Promise<void>;
+    private formatLocationEntry;
+    private formatTextOutput;
+}

package/dist/oclif/commands/locations.js

@@ -0,0 +1,68 @@
+import { Command, Flags } from '@oclif/core';
+import chalk from 'chalk';
+import { LocationsEvents } from '../../shared/transport/events/locations-events.js';
+import { formatConnectionError, withDaemonRetry } from '../lib/daemon-client.js';
+import { writeJsonResponse } from '../lib/json-response.js';
+export default class Locations extends Command {
+    static description = 'List all registered projects and their context tree status';
+    static examples = ['<%= config.bin %> <%= command.id %>', '<%= config.bin %> <%= command.id %> --format json'];
+    static flags = {
+        format: Flags.string({
+            char: 'f',
+            default: 'text',
+            description: 'Output format',
+            options: ['text', 'json'],
+        }),
+    };
+    async fetchLocations(options) {
+        return withDaemonRetry(async (client) => {
+            const response = await client.requestWithAck(LocationsEvents.GET);
+            return response.locations;
+        }, options);
+    }
+    async run() {
+        const { flags } = await this.parse(Locations);
+        const isJson = flags.format === 'json';
+        try {
+            const locations = await this.fetchLocations();
+            if (isJson) {
+                writeJsonResponse({ command: 'locations', data: { locations }, success: true });
+            }
+            else {
+                this.formatTextOutput(locations);
+            }
+        }
+        catch (error) {
+            if (isJson) {
+                writeJsonResponse({ command: 'locations', data: { error: formatConnectionError(error) }, success: false });
+            }
+            else {
+                this.log(formatConnectionError(error));
+            }
+        }
+    }
+    formatLocationEntry(loc) {
+        const label = loc.isCurrent ? '  ' + chalk.green('[current]') : loc.isActive ? '  ' + chalk.yellow('[active]') : '';
+        const path = loc.isCurrent || loc.isActive ? chalk.bold(loc.projectPath) : loc.projectPath;
+        this.log(`  ${path}${label}`);
+        if (loc.isInitialized) {
+            this.log(chalk.dim('  └─ .brv/context-tree/'));
+        }
+        else {
+            this.log(chalk.dim('  └─ .brv/context-tree/    (not initialized)'));
+        }
+    }
+    formatTextOutput(locations) {
+        if (locations.length > 0) {
+            this.log(`Registered Projects — ${locations.length} found`);
+            this.log(chalk.dim('──────────────────────────────────────────'));
+            for (const loc of locations) {
+                this.formatLocationEntry(loc);
+                this.log('');
+            }
+        }
+        else {
+            this.log('Registered Projects — none found');
+        }
+    }
+}

package/dist/oclif/commands/model/switch.js

@@ -1,5 +1,5 @@
 import { Args, Command, Flags } from '@oclif/core';
-import { ModelEvents, } from '../../../shared/transport/events/model-events.js';
+import { ModelEvents } from '../../../shared/transport/events/model-events.js';
 import { ProviderEvents, } from '../../../shared/transport/events/provider-events.js';
 import { withDaemonRetry } from '../../lib/daemon-client.js';
 import { writeJsonResponse } from '../../lib/json-response.js';
@@ -42,7 +42,9 @@ export default class ModelSwitch extends Command {
             }
         }
         catch (error) {
-            const errorMessage = error instanceof Error ? error.message : 'An unexpected error occurred while switching the model. Please try again.';
+            const errorMessage = error instanceof Error
+                ? error.message
+                : 'An unexpected error occurred while switching the model. Please try again.';
             if (format === 'json') {
                 writeJsonResponse({ command: 'model switch', data: { error: errorMessage }, success: false });
             }
@@ -68,13 +70,22 @@ export default class ModelSwitch extends Command {
             }
             else {
                 const active = await client.requestWithAck(ProviderEvents.GET_ACTIVE);
+                if (!active.activeProviderId) {
+                    throw new Error('No active provider configured. Run "brv providers connect <provider>" first.');
+                }
                 providerId = active.activeProviderId;
             }
             if (providerId === 'byterover') {
                 throw new Error('ByteRover provider uses its own internal LLM and does not support model switching. Run "brv providers switch <provider>" to switch to a different provider first.');
             }
             // 2. Switch active model
-            await client.requestWithAck(ModelEvents.SET_ACTIVE, { modelId, providerId });
+            const response = await client.requestWithAck(ModelEvents.SET_ACTIVE, {
+                modelId,
+                providerId,
+            });
+            if (!response.success) {
+                throw new Error(response.error ?? 'Failed to switch model');
+            }
             return { modelId, providerId };
         }, options);
     }

package/dist/oclif/commands/providers/connect.d.ts

@@ -9,8 +9,10 @@ export default class ProviderConnect extends Command {
     static flags: {
         'api-key': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         'base-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        code: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         format: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
         model: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        oauth: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     protected connectProvider({ apiKey, baseUrl, model, providerId }: {
         apiKey?: string;
@@ -22,5 +24,12 @@ export default class ProviderConnect extends Command {
         providerId: string;
         providerName: string;
     }>;
+    protected connectProviderOAuth({ code, providerId }: {
+        code?: string;
+        providerId: string;
+    }, options?: DaemonClientOptions, onProgress?: (msg: string) => void): Promise<{
+        providerName: string;
+        showInstructions: boolean;
+    }>;
     run(): Promise<void>;
 }

package/dist/oclif/commands/providers/connect.js

@@ -1,5 +1,6 @@
 import { Args, Command, Flags } from '@oclif/core';
-import { ModelEvents, } from '../../../shared/transport/events/model-events.js';
+import { OAUTH_CALLBACK_TIMEOUT_MS } from '../../../shared/constants/oauth.js';
+import { ModelEvents } from '../../../shared/transport/events/model-events.js';
 import { ProviderEvents, } from '../../../shared/transport/events/provider-events.js';
 import { withDaemonRetry } from '../../lib/daemon-client.js';
 import { writeJsonResponse } from '../../lib/json-response.js';
@@ -14,6 +15,7 @@ export default class ProviderConnect extends Command {
     static examples = [
         '<%= config.bin %> providers connect anthropic --api-key sk-xxx',
         '<%= config.bin %> providers connect openai --api-key sk-xxx --model gpt-4.1',
+        '<%= config.bin %> providers connect openai --oauth',
         '<%= config.bin %> providers connect byterover',
         '<%= config.bin %> providers connect openai-compatible --base-url http://localhost:11434/v1',
         '<%= config.bin %> providers connect openai-compatible --base-url http://localhost:11434/v1 --api-key sk-xxx --model llama3',
@@ -27,6 +29,12 @@ export default class ProviderConnect extends Command {
             char: 'b',
             description: 'Base URL for OpenAI-compatible providers (e.g., http://localhost:11434/v1)',
         }),
+        code: Flags.string({
+            char: 'c',
+            description: 'Authorization code for code-paste OAuth providers (e.g., Anthropic). ' +
+                'Not applicable to browser-callback providers like OpenAI — use --oauth without --code instead.',
+            hidden: true,
+        }),
         format: Flags.string({
             default: 'text',
             description: 'Output format (text or json)',
@@ -36,6 +44,10 @@ export default class ProviderConnect extends Command {
             char: 'm',
             description: 'Model to set as active after connecting',
         }),
+        oauth: Flags.boolean({
+            default: false,
+            description: 'Connect via OAuth (browser-based)',
+        }),
     };
     async connectProvider({ apiKey, baseUrl, model, providerId }, options) {
         return withDaemonRetry(async (client) => {
@@ -48,8 +60,8 @@ export default class ProviderConnect extends Command {
             // 2. Validate base URL for openai-compatible
             if (providerId === 'openai-compatible') {
                 if (!baseUrl && !provider.isConnected) {
-                    throw new Error('Provider "openai-compatible" requires a base URL. Use the --base-url flag to provide one.'
-                        + '\nExample: brv providers connect openai-compatible --base-url http://localhost:11434/v1');
+                    throw new Error('Provider "openai-compatible" requires a base URL. Use the --base-url flag to provide one.' +
+                        '\nExample: brv providers connect openai-compatible --base-url http://localhost:11434/v1');
                 }
                 if (baseUrl) {
                     let parsed;
@@ -72,8 +84,8 @@ export default class ProviderConnect extends Command {
                 }
             }
             else if (!apiKey && provider.requiresApiKey && !provider.isConnected) {
-                throw new Error(`Provider "${providerId}" requires an API key. Use the --api-key flag to provide one.`
-                    + (provider.apiKeyUrl ? `\nDon't have one? Get your API key at: ${provider.apiKeyUrl}` : ''));
+                throw new Error(`Provider "${providerId}" requires an API key. Use the --api-key flag to provide one.` +
+                    (provider.apiKeyUrl ? `\nDon't have one? Get your API key at: ${provider.apiKeyUrl}` : ''));
             }
             // 4. Connect or switch active provider
             const hasNewConfig = apiKey || baseUrl;
@@ -87,27 +99,111 @@ export default class ProviderConnect extends Command {
             return { model, providerId, providerName: provider.name };
         }, options);
     }
+    async connectProviderOAuth({ code, providerId }, options, onProgress) {
+        return withDaemonRetry(async (client) => {
+            // 1. Verify provider exists and supports OAuth
+            const { providers } = await client.requestWithAck(ProviderEvents.LIST);
+            const provider = providers.find((p) => p.id === providerId);
+            if (!provider) {
+                throw new Error(`Unknown provider "${providerId}". Run "brv providers list" to see available providers.`);
+            }
+            if (!provider.supportsOAuth) {
+                throw new Error(`Provider "${providerId}" does not support OAuth. Use --api-key instead.`);
+            }
+            // --code is only valid for code-paste providers (e.g., Anthropic).
+            // Browser-callback providers like OpenAI handle the code exchange automatically.
+            if (code && provider.oauthCallbackMode !== 'code-paste') {
+                throw new Error(`Provider "${providerId}" uses browser-based OAuth and does not accept --code.\n` +
+                    `Run: brv providers connect ${providerId} --oauth`);
+            }
+            // If --code is provided, submit it directly (code-paste providers)
+            if (code) {
+                const response = await client.requestWithAck(ProviderEvents.SUBMIT_OAUTH_CODE, { code, providerId });
+                if (!response.success) {
+                    throw new Error(response.error ?? 'OAuth code submission failed');
+                }
+                return { providerName: provider.name, showInstructions: false };
+            }
+            // 2. Start OAuth flow — returns immediately with auth URL
+            const startResponse = await client.requestWithAck(ProviderEvents.START_OAUTH, {
+                providerId,
+            });
+            if (!startResponse.success) {
+                throw new Error(startResponse.error ?? 'Failed to start OAuth flow');
+            }
+            // Always print auth URL (user's machine may not support browser launch)
+            onProgress?.(`\nOpen this URL to authenticate:\n  ${startResponse.authUrl}\n`);
+            // 3. Handle based on callback mode
+            if (startResponse.callbackMode === 'auto') {
+                onProgress?.('Waiting for authentication in browser...');
+                const awaitResponse = await client.requestWithAck(ProviderEvents.AWAIT_OAUTH_CALLBACK, { providerId }, { timeout: OAUTH_CALLBACK_TIMEOUT_MS });
+                if (!awaitResponse.success) {
+                    throw new Error(awaitResponse.error ?? 'OAuth authentication failed');
+                }
+                return { providerName: provider.name, showInstructions: false };
+            }
+            // code-paste mode: print instructions and exit
+            onProgress?.('Copy the authorization code from the browser and run:');
+            onProgress?.(`  brv providers connect ${providerId} --oauth --code <code>`);
+            return { providerName: provider.name, showInstructions: true };
+        }, options);
+    }
     async run() {
         const { args, flags } = await this.parse(ProviderConnect);
         const providerId = args.provider;
         const apiKey = flags['api-key'];
         const baseUrl = flags['base-url'];
-        const { model } = flags;
-        const format = flags.format;
-        try {
-            const result = await this.connectProvider({ apiKey, baseUrl, model, providerId });
+        const { code, model, oauth } = flags;
+        const format = flags.format === 'json' ? 'json' : 'text';
+        // Validate flag combinations
+        if (oauth && apiKey) {
+            const msg = 'Cannot use --oauth and --api-key together';
+            if (format === 'json') {
+                writeJsonResponse({ command: 'providers connect', data: { error: msg }, success: false });
+            }
+            else {
+                this.log(msg);
+            }
+            return;
+        }
+        if (code && !oauth) {
+            const msg = '--code requires the --oauth flag';
             if (format === 'json') {
-                writeJsonResponse({ command: 'providers connect', data: result, success: true });
+                writeJsonResponse({ command: 'providers connect', data: { error: msg }, success: false });
+            }
+            else {
+                this.log(msg);
+            }
+            return;
+        }
+        try {
+            if (oauth) {
+                const onProgress = format === 'text' ? (msg) => this.log(msg) : undefined;
+                const result = await this.connectProviderOAuth({ code, providerId }, undefined, onProgress);
+                if (format === 'json') {
+                    writeJsonResponse({ command: 'providers connect', data: { providerId }, success: true });
+                }
+                else if (!result.showInstructions) {
+                    this.log(`Connected to ${result.providerName} via OAuth`);
+                }
             }
             else {
-                this.log(`Connected to ${result.providerName} (${result.providerId})`);
-                if (result.model) {
-                    this.log(`Model set to: ${result.model}`);
+                const result = await this.connectProvider({ apiKey, baseUrl, model, providerId });
+                if (format === 'json') {
+                    writeJsonResponse({ command: 'providers connect', data: result, success: true });
+                }
+                else {
+                    this.log(`Connected to ${result.providerName} (${result.providerId})`);
+                    if (result.model) {
+                        this.log(`Model set to: ${result.model}`);
+                    }
                 }
             }
         }
         catch (error) {
-            const errorMessage = error instanceof Error ? error.message : 'An unexpected error occurred while connecting the provider. Please try again.';
+            const errorMessage = error instanceof Error
+                ? error.message
+                : 'An unexpected error occurred while connecting the provider. Please try again.';
             if (format === 'json') {
                 writeJsonResponse({ command: 'providers connect', data: { error: errorMessage }, success: false });
             }

package/dist/oclif/commands/providers/list.js

@@ -5,10 +5,7 @@ import { formatConnectionError, withDaemonRetry } from '../../lib/daemon-client.
 import { writeJsonResponse } from '../../lib/json-response.js';
 export default class ProviderList extends Command {
     static description = 'List all available providers and their connection status';
-    static examples = [
-        '<%= config.bin %> providers list',
-        '<%= config.bin %> providers list --format json',
-    ];
+    static examples = ['<%= config.bin %> providers list', '<%= config.bin %> providers list --format json'];
     static flags = {
         format: Flags.string({
             default: 'text',
@@ -30,7 +27,8 @@ export default class ProviderList extends Command {
             }
             for (const p of providers) {
                 const status = p.isCurrent ? chalk.green('(current)') : p.isConnected ? chalk.yellow('(connected)') : '';
-                this.log(`  ${p.name} [${p.id}] ${status}`.trimEnd());
+                const authBadge = p.authMethod === 'oauth' ? chalk.cyan('[OAuth]') : p.authMethod === 'api-key' ? chalk.dim('[API Key]') : '';
+                this.log(`  ${p.name} [${p.id}] ${status} ${authBadge}`.trimEnd());
             }
         }
         catch (error) {

package/dist/oclif/commands/query.js

@@ -2,7 +2,7 @@ import { Args, Command, Flags } from '@oclif/core';
 import { randomUUID } from 'node:crypto';
 import { TransportStateEventNames } from '../../server/core/domain/transport/schemas.js';
 import { TaskEvents } from '../../shared/transport/events/index.js';
-import { formatConnectionError, hasLeakedHandles, withDaemonRetry, } from '../lib/daemon-client.js';
+import { formatConnectionError, hasLeakedHandles, providerMissingMessage, withDaemonRetry, } from '../lib/daemon-client.js';
 import { writeJsonResponse } from '../lib/json-response.js';
 import { waitForTaskCompletion } from '../lib/task-client.js';
 export default class Query extends Command {
@@ -54,7 +54,7 @@ Bad:
                     throw new Error('No provider connected. Run "brv providers connect byterover" to use the free built-in provider, or connect another provider.');
                 }
                 if (active.providerKeyMissing) {
-                    throw new Error(`${active.activeProvider} API key is missing from storage.\nPlease reconnect: brv providers connect ${active.activeProvider} --api-key <your-key>`);
+                    throw new Error(providerMissingMessage(active.activeProvider, active.authMethod));
                 }
                 await this.submitTask({ client, format, projectRoot, query: args.query });
             }, {

package/dist/oclif/commands/status.js

@@ -22,10 +22,10 @@ export default class Status extends Command {
     }
     async run() {
         const { flags } = await this.parse(Status);
-        const format = flags.format;
+        const isJson = flags.format === 'json';
         try {
             const status = await this.fetchStatus();
-            if (format === 'json') {
+            if (isJson) {
                 writeJsonResponse({
                     command: 'status',
                     data: { ...status, cliVersion: this.config.version },
@@ -37,7 +37,7 @@ export default class Status extends Command {
             }
         }
         catch (error) {
-            if (format === 'json') {
+            if (isJson) {
                 writeJsonResponse({
                     command: 'status',
                     data: { error: formatConnectionError(error) },

package/dist/oclif/lib/daemon-client.d.ts

@@ -30,6 +30,10 @@ export declare function isRetryableError(error: unknown): boolean;
  * Checks if an error left leaked Socket.IO handles that prevent Node.js from exiting.
  */
 export declare function hasLeakedHandles(error: unknown): boolean;
+/**
+ * Builds a user-friendly message when provider credentials are missing from storage.
+ */
+export declare function providerMissingMessage(activeProvider: string, authMethod?: 'api-key' | 'oauth'): string;
 export interface ProviderErrorContext {
     activeModel?: string;
     activeProvider?: string;

package/dist/oclif/lib/daemon-client.js

@@ -12,6 +12,8 @@ const USER_FRIENDLY_MESSAGES = {
     [TaskErrorCode.CONTEXT_TREE_NOT_INITIALIZED]: 'Context tree not initialized.',
     [TaskErrorCode.LOCAL_CHANGES_EXIST]: 'You have local changes. Run "brv push" to save your changes before pulling.',
     [TaskErrorCode.NOT_AUTHENTICATED]: 'Not authenticated. Cloud sync features (push/pull/space) require login — local query and curate work without authentication.',
+    [TaskErrorCode.OAUTH_REFRESH_FAILED]: 'OAuth token refresh failed. Run "brv providers connect <provider> --oauth" to reconnect.',
+    [TaskErrorCode.OAUTH_TOKEN_EXPIRED]: 'OAuth token has expired. Run "brv providers connect <provider> --oauth" to reconnect.',
     [TaskErrorCode.PROJECT_NOT_INIT]: 'Project not initialized. Run "brv restart" to reinitialize.',
     [TaskErrorCode.PROVIDER_NOT_CONFIGURED]: 'No provider connected. Run "brv providers connect byterover" to use the free built-in provider, or connect another provider.',
     [TaskErrorCode.SPACE_NOT_CONFIGURED]: 'No space configured. Run "brv space list" to see available spaces, then "brv space switch --team <team> --name <space>" to select one.',
@@ -83,6 +85,14 @@ export function hasLeakedHandles(error) {
         return false;
     return error.code === TaskErrorCode.AGENT_DISCONNECTED || error.code === TaskErrorCode.AGENT_NOT_AVAILABLE;
 }
+/**
+ * Builds a user-friendly message when provider credentials are missing from storage.
+ */
+export function providerMissingMessage(activeProvider, authMethod) {
+    return authMethod === 'oauth'
+        ? `${activeProvider} authentication has expired.\nPlease reconnect: brv providers connect ${activeProvider} --oauth`
+        : `${activeProvider} API key is missing from storage.\nPlease reconnect: brv providers connect ${activeProvider} --api-key <your-key>`;
+}
 /**
  * Formats a connection error into a user-friendly message.
  */
@@ -131,9 +141,9 @@ export function formatConnectionError(error, providerContext) {
         const provider = providerContext?.activeProvider ?? '<provider>';
         const model = providerContext?.activeModel;
         const currentInfo = model ? `Provider: ${provider}  Model: ${model}\n\n` : `Provider: ${provider}\n\n`;
-        return (`LLM provider API key is missing or invalid.\n${currentInfo}` +
-            '  Reconnect with your API key:\n' +
-            `    brv providers connect ${provider} --api-key <key>\n\n` +
+        return (`LLM provider credentials are missing or invalid.\n${currentInfo}` +
+            '  Reconnect your provider:\n' +
+            `    brv providers connect ${provider}\n\n` +
             '  Switch to a different provider:\n' +
             '    brv providers switch <provider>\n\n' +
             '  See all options:  brv providers --help');

package/dist/server/core/domain/entities/provider-config.d.ts

@@ -12,12 +12,16 @@ export interface ConnectedProviderConfig {
     readonly activeModel?: string;
     /** Context window size of the active model (from provider API, e.g. OpenRouter) */
     readonly activeModelContextLength?: number;
+    /** How this provider was authenticated */
+    readonly authMethod?: 'api-key' | 'oauth';
     /** Custom API base URL (for openai-compatible provider) */
     readonly baseUrl?: string;
     /** When the provider was connected */
     readonly connectedAt: string;
     /** User's favorite models (for quick access) */
     readonly favoriteModels: readonly string[];
+    /** OAuth account ID (e.g. ChatGPT-Account-Id for OpenAI) */
+    readonly oauthAccountId?: string;
     /** Recently used models (last 10) */
     readonly recentModels: readonly string[];
 }
@@ -96,7 +100,9 @@ export declare class ProviderConfig {
      */
     withProviderConnected(providerId: string, options?: {
         activeModel?: string;
+        authMethod?: 'api-key' | 'oauth';
         baseUrl?: string;
+        oauthAccountId?: string;
     }): ProviderConfig;
     /**
      * Create a new config with a provider disconnected.

package/dist/server/core/domain/entities/provider-config.js

@@ -10,10 +10,9 @@
 const isProviderConfigJson = (json) => {
     if (typeof json !== 'object' || json === null)
         return false;
-    const obj = json;
-    if (typeof obj.activeProvider !== 'string')
+    if (!('activeProvider' in json) || typeof json.activeProvider !== 'string')
         return false;
-    if (typeof obj.providers !== 'object' || obj.providers === null)
+    if (!('providers' in json) || typeof json.providers !== 'object' || json.providers === null)
         return false;
     return true;
 };
@@ -164,9 +163,11 @@ export class ProviderConfig {
         const existingConfig = this.providers[providerId];
         const newProviderConfig = {
             activeModel: options?.activeModel ?? existingConfig?.activeModel,
+            authMethod: options?.authMethod ?? existingConfig?.authMethod,
             baseUrl: options?.baseUrl ?? existingConfig?.baseUrl,
             connectedAt: existingConfig?.connectedAt ?? new Date().toISOString(),
             favoriteModels: existingConfig?.favoriteModels ?? [],
+            oauthAccountId: options?.oauthAccountId ?? existingConfig?.oauthAccountId,
             recentModels: existingConfig?.recentModels ?? [],
         };
         return new ProviderConfig({