coding-tool-x 3.4.4 → 3.4.6

package/src/server/opencode-proxy-server.js

@@ -22,6 +22,7 @@ const { persistProxyRequestSnapshot, loadClaudeRequestTemplate } = require('./se
 const { probeModelAvailability, fetchModelsFromProvider } = require('./services/model-detector');
 const { publishUsageLog, publishFailureLog } = require('./services/proxy-log-helper');
 const { redirectModel, resolveTargetUrl } = require('./services/base/proxy-utils');
+const { attachServerShutdownHandling, expediteServerShutdown } = require('./services/server-shutdown');
 
 let proxyServer = null;
 let proxyApp = null;
@@ -4650,6 +4651,7 @@ async function startOpenCodeProxyServer(options = {}) {
 
     // 启动服务器
     proxyServer = http.createServer(proxyApp);
+    attachServerShutdownHandling(proxyServer);
 
     return new Promise((resolve, reject) => {
       proxyServer.listen(port, '127.0.0.1', () => {
@@ -4692,8 +4694,13 @@ async function stopOpenCodeProxyServer(options = {}) {
 
   requestMetadata.clear();
 
+  const shutdownTimer = expediteServerShutdown(proxyServer);
+
   return new Promise((resolve) => {
     proxyServer.close(() => {
+      if (shutdownTimer) {
+        clearTimeout(shutdownTimer);
+      }
       console.log('OpenCode proxy server stopped');
 
       // 清除代理启动时间（仅当明确要求时）
@@ -4713,8 +4720,9 @@ async function stopOpenCodeProxyServer(options = {}) {
 // 获取代理服务器状态
 function getOpenCodeProxyStatus() {
   const config = loadConfig();
-  const startTime = getProxyStartTime('opencode');
-  const runtime = getProxyRuntime('opencode');
+  const allowRecovery = !!proxyServer;
+  const startTime = getProxyStartTime('opencode', { allowRecovery });
+  const runtime = getProxyRuntime('opencode', { allowRecovery });
 
   return {
     running: !!proxyServer,

package/src/server/proxy-server.js

@@ -20,6 +20,7 @@ const { getEffectiveApiKey } = require('./services/channels');
 const { persistProxyRequestSnapshot, persistClaudeRequestTemplate } = require('./services/request-logger');
 const { publishUsageLog, publishFailureLog } = require('./services/proxy-log-helper');
 const { redirectModel } = require('./services/base/proxy-utils');
+const { attachServerShutdownHandling, expediteServerShutdown } = require('./services/server-shutdown');
 
 let proxyServer = null;
 let proxyApp = null;
@@ -541,6 +542,7 @@ async function startProxyServer(options = {}) {
     });
 
     proxyServer = http.createServer(proxyApp);
+    attachServerShutdownHandling(proxyServer);
 
     return new Promise((resolve, reject) => {
       proxyServer.listen(port, '127.0.0.1', () => {
@@ -580,8 +582,13 @@ async function stopProxyServer(options = {}) {
 
   requestMetadata.clear();
 
+  const shutdownTimer = expediteServerShutdown(proxyServer);
+
   return new Promise((resolve) => {
     proxyServer.close(() => {
+      if (shutdownTimer) {
+        clearTimeout(shutdownTimer);
+      }
       console.log('[OK] Proxy server stopped');
       if (clearStartTime) {
         clearProxyStartTime('claude');
@@ -599,8 +606,9 @@ async function stopProxyServer(options = {}) {
 // 获取代理服务器状态
 function getProxyStatus() {
   const config = loadConfig();
-  const startTime = getProxyStartTime('claude');
-  const runtime = getProxyRuntime('claude');
+  const allowRecovery = !!proxyServer;
+  const startTime = getProxyStartTime('claude', { allowRecovery });
+  const runtime = getProxyRuntime('claude', { allowRecovery });
 
   return {
     running: !!proxyServer,

package/src/server/services/codex-channels.js

@@ -5,27 +5,46 @@ const toml = require('toml');
 const tomlStringify = require('@iarna/toml').stringify;
 const { PATHS } = require('../../config/paths');
 const { getCodexDir } = require('./codex-config');
-const { isProxyConfig } = require('./codex-settings-manager');
+const { isProxyConfig, readConfig } = require('./codex-settings-manager');
 const { clearNativeOAuth } = require('./native-oauth-adapters');
 const { syncCodexUserEnvironment } = require('./codex-env-manager');
 const BaseChannelService = require('./base/base-channel-service');
 
-const CODEX_PROXY_ENV_KEY = 'CC_PROXY_KEY';
+const CODEX_MANAGED_ENV_KEY = 'CC_PROXY_KEY';
 const CODEX_PROXY_ENV_VALUE = 'PROXY_KEY';
 
 // ── Codex 特有工具函数 ──
 
-function buildManagedCodexEnvMap(channels = [], { includeProxyKey = false } = {}) {
-  if (includeProxyKey) {
-    return { [CODEX_PROXY_ENV_KEY]: CODEX_PROXY_ENV_VALUE };
+function resolveCurrentManagedChannel(channels = []) {
+  const allChannels = Array.isArray(channels) ? channels : [];
+  let currentProvider = '';
+
+  try {
+    currentProvider = String(readConfig()?.model_provider || '').trim();
+  } catch (err) {
+    currentProvider = '';
   }
-  const envMap = {};
-  for (const ch of channels) {
-    if (ch.enabled !== false && ch.envKey && ch.apiKey) {
-      envMap[ch.envKey] = ch.apiKey;
+
+  if (currentProvider && currentProvider !== 'cc-proxy') {
+    const matched = allChannels.find(ch => ch.providerKey === currentProvider);
+    if (matched) {
+      return matched;
     }
   }
-  return envMap;
+
+  return allChannels.find(ch => ch.enabled !== false) || null;
+}
+
+function buildManagedCodexEnvMap(channels = [], { includeProxyKey = false, activeChannel = null } = {}) {
+  if (includeProxyKey) {
+    return { [CODEX_MANAGED_ENV_KEY]: CODEX_PROXY_ENV_VALUE };
+  }
+
+  const targetChannel = activeChannel || resolveCurrentManagedChannel(channels);
+  if (targetChannel?.apiKey) {
+    return { [CODEX_MANAGED_ENV_KEY]: targetChannel.apiKey };
+  }
+  return {};
 }
 
 function syncAllChannelEnvVars() {
@@ -34,7 +53,8 @@ function syncAllChannelEnvVars() {
     const data = svc.loadChannels();
     const proxyRunning = isProxyConfig();
     const envMap = buildManagedCodexEnvMap(data.channels, {
-      includeProxyKey: proxyRunning
+      includeProxyKey: proxyRunning,
+      activeChannel: proxyRunning ? null : resolveCurrentManagedChannel(data.channels)
     });
     syncCodexUserEnvironment(envMap, { replace: true });
   } catch (err) {
@@ -87,7 +107,7 @@ function writeCodexConfigForMultiChannel(channels) {
         name: ch.name,
         base_url: ch.baseUrl,
         wire_api: ch.wireApi || 'responses',
-        env_key: ch.envKey,
+        env_key: CODEX_MANAGED_ENV_KEY,
         requires_openai_auth: ch.requiresOpenaiAuth !== false
       };
       if (ch.queryParams && Object.keys(ch.queryParams).length > 0) {
@@ -121,7 +141,7 @@ class CodexChannelService extends BaseChannelService {
   _applyDefaults(channel) {
     const ch = super._applyDefaults(channel);
     ch.providerKey = ch.providerKey || '';
-    ch.envKey = ch.envKey || '';
+    ch.envKey = CODEX_MANAGED_ENV_KEY;
     ch.wireApi = ch.wireApi || 'responses';
     ch.model = ch.model || '';
     ch.speedTestModel = ch.speedTestModel || null;
@@ -143,19 +163,38 @@ class CodexChannelService extends BaseChannelService {
   }
 
   _onAfterCreate(_channel, _allChannels) {
+    if (_channel.enabled !== false && !isProxyConfig()) {
+      this._applyToNativeSettings(_channel);
+      return;
+    }
     syncAllChannelEnvVars();
-    // 注意：不再自动写入 config.toml，只在开启代理控制时才同步
   }
 
-  _onAfterUpdate(_old, _next, _allChannels) {
+  _onAfterUpdate(_old, _next, allChannels) {
+    if (!isProxyConfig()) {
+      if (_old.enabled === false && _next.enabled !== false) {
+        this._applyToNativeSettings(_next);
+        return;
+      }
+      const activeChannel = resolveCurrentManagedChannel(allChannels);
+      if (_next.enabled !== false && activeChannel?.id === _next.id) {
+        this._applyToNativeSettings(_next);
+        return;
+      }
+    }
     syncAllChannelEnvVars();
-    // 注意：不再自动写入 config.toml，只在开启代理控制时才同步
   }
 
-  _onAfterDelete(_channel, _allChannels) {
+  _onAfterDelete(_channel, allChannels) {
+    if (!isProxyConfig()) {
+      const activeChannel = resolveCurrentManagedChannel(allChannels);
+      if (activeChannel && activeChannel.enabled !== false) {
+        this._applyToNativeSettings(activeChannel);
+        return;
+      }
+    }
     clearNativeOAuth('codex');
     syncAllChannelEnvVars();
-    // 注意：不再自动写入 config.toml，只在开启代理控制时才同步
   }
 
   _applyToNativeSettings(channel) {
@@ -184,7 +223,7 @@ class CodexChannelService extends BaseChannelService {
       name: channel.name,
       base_url: channel.baseUrl,
       wire_api: channel.wireApi || 'responses',
-      env_key: channel.envKey,
+      env_key: CODEX_MANAGED_ENV_KEY,
       requires_openai_auth: channel.requiresOpenaiAuth !== false
     };
 
@@ -215,10 +254,9 @@ const service = getServiceInstance();
 function getChannels() { return service.getChannels(); }
 function getEnabledChannels() { return service.getEnabledChannels(); }
 function createChannel(name, providerKey, baseUrl, apiKey, wireApi, extraConfig = {}) {
-  const envKey = extraConfig.envKey || `${providerKey.toUpperCase()}_API_KEY`;
   return service.createChannel({
     name, providerKey, baseUrl, apiKey, wireApi,
-    envKey,
+    envKey: CODEX_MANAGED_ENV_KEY,
     ...extraConfig,
   });
 }
@@ -251,4 +289,9 @@ module.exports = {
   applyChannelToSettings,
   getEffectiveApiKey,
   disableAllChannels,
+  _test: {
+    buildManagedCodexEnvMap,
+    CODEX_MANAGED_ENV_KEY,
+    resolveCurrentManagedChannel
+  }
 };

package/src/server/services/codex-env-manager.js

@@ -32,6 +32,40 @@ function powershellQuote(value) {
   return `'${String(value).replace(/'/g, "''")}'`;
 }
 
+function buildWindowsSettingChangeScript() {
+  return [
+    'Add-Type -Namespace Win32 -Name NativeMethods -MemberDefinition @"',
+    '[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]',
+    'public static extern IntPtr SendMessageTimeout(',
+    '    IntPtr hWnd, uint Msg, UIntPtr wParam, string lParam,',
+    '    uint fuFlags, uint uTimeout, out UIntPtr lpdwResult);',
+    '"@',
+    '$HWND_BROADCAST = [IntPtr]0xffff',
+    '$WM_SETTINGCHANGE = 0x1a',
+    '$SMTO_ABORTIFHUNG = 0x0002',
+    '$result = [UIntPtr]::Zero',
+    '[Win32.NativeMethods]::SendMessageTimeout($HWND_BROADCAST, $WM_SETTINGCHANGE,',
+    '    [UIntPtr]::Zero, "Environment", $SMTO_ABORTIFHUNG, 5000, [ref]$result) | Out-Null'
+  ].join('\n');
+}
+
+function buildWindowsEnvBatchScript(operations = [], { includeSettingChangeBroadcast = true } = {}) {
+  const normalizedOperations = Array.isArray(operations) ? operations.filter(Boolean) : [];
+  const lines = normalizedOperations.map((operation) => {
+    const key = powershellQuote(operation.key || '');
+    if (operation.remove) {
+      return `[Environment]::SetEnvironmentVariable(${key}, $null, 'User')`;
+    }
+    return `[Environment]::SetEnvironmentVariable(${key}, ${powershellQuote(operation.value || '')}, 'User')`;
+  });
+
+  if (includeSettingChangeBroadcast && lines.length > 0) {
+    lines.push(buildWindowsSettingChangeScript());
+  }
+
+  return lines.join('\n');
+}
+
 function buildHomeRelativeShellPath(filePath, homeDir) {
   const normalizedHome = path.resolve(homeDir);
   const normalizedFilePath = path.resolve(filePath);
@@ -341,48 +375,28 @@ function runLaunchctlCommand(args, execSync) {
 }
 
 function broadcastWindowsSettingChange(execSync) {
-  const script = [
-    'Add-Type -Namespace Win32 -Name NativeMethods -MemberDefinition @"',
-    '[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]',
-    'public static extern IntPtr SendMessageTimeout(',
-    '    IntPtr hWnd, uint Msg, UIntPtr wParam, string lParam,',
-    '    uint fuFlags, uint uTimeout, out UIntPtr lpdwResult);',
-    '"@',
-    '$HWND_BROADCAST = [IntPtr]0xffff',
-    '$WM_SETTINGCHANGE = 0x1a',
-    '$SMTO_ABORTIFHUNG = 0x0002',
-    '$result = [UIntPtr]::Zero',
-    '[Win32.NativeMethods]::SendMessageTimeout($HWND_BROADCAST, $WM_SETTINGCHANGE,',
-    '    [UIntPtr]::Zero, "Environment", $SMTO_ABORTIFHUNG, 5000, [ref]$result) | Out-Null'
-  ].join('\n');
-  runWindowsEnvCommand(script, execSync);
+  runWindowsEnvCommand(buildWindowsSettingChangeScript(), execSync);
 }
 
 function syncWindowsEnvironment(nextValues, previousState, options) {
   const { stateFilePath, execSync } = options;
   const nextKeys = Object.keys(nextValues).sort();
   const previousValues = previousState.values || {};
-  let changed = false;
+  const operations = [];
 
   for (const [key, value] of Object.entries(nextValues)) {
     if (previousValues[key] === value) continue;
-    setWindowsUserEnv(key, value, execSync);
-    changed = true;
+    operations.push({ key, value });
   }
 
   for (const key of Object.keys(previousValues)) {
     if (Object.prototype.hasOwnProperty.call(nextValues, key)) continue;
-    removeWindowsUserEnv(key, execSync);
-    changed = true;
+    operations.push({ key, remove: true });
   }
 
-  // 广播 WM_SETTINGCHANGE，通知已打开的应用（如 VSCode）刷新环境变量
+  const changed = operations.length > 0;
   if (changed) {
-    try {
-      broadcastWindowsSettingChange(execSync);
-    } catch {
-      // 广播失败不影响主流程，环境变量已写入注册表
-    }
+    runWindowsEnvCommand(buildWindowsEnvBatchScript(operations), execSync);
   }
 
   if (nextKeys.length > 0) {
@@ -427,14 +441,14 @@ function runWindowsEnvCommand(script, execSync) {
 
 function setWindowsUserEnv(key, value, execSync) {
   runWindowsEnvCommand(
-    `[Environment]::SetEnvironmentVariable(${powershellQuote(key)}, ${powershellQuote(value)}, 'User')`,
+    buildWindowsEnvBatchScript([{ key, value }], { includeSettingChangeBroadcast: false }),
     execSync
   );
 }
 
 function removeWindowsUserEnv(key, execSync) {
   runWindowsEnvCommand(
-    `[Environment]::SetEnvironmentVariable(${powershellQuote(key)}, $null, 'User')`,
+    buildWindowsEnvBatchScript([{ key, remove: true }], { includeSettingChangeBroadcast: false }),
     execSync
   );
 }
@@ -473,8 +487,10 @@ module.exports = {
   syncCodexUserEnvironment,
   _test: {
     broadcastWindowsSettingChange,
+    buildWindowsEnvBatchScript,
     buildHomeRelativeShellPath,
     buildNextEnvValues,
+    buildWindowsSettingChangeScript,
     buildSourceSnippet,
     getPosixProfileCandidates,
     readState,

package/src/server/services/native-oauth-adapters.js

@@ -219,7 +219,7 @@ function inspectClaudeState() {
 
   return {
     tool: 'claude',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running ? 'proxy' : (channelConfigured ? 'channel' : (nativeOAuth ? 'oauth' : 'idle')),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -395,7 +395,7 @@ function inspectCodexState() {
 
   return {
     tool: 'codex',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running ? 'proxy' : (channelConfigured ? 'channel' : (nativeOAuth ? 'oauth' : 'idle')),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -619,7 +619,7 @@ function inspectGeminiState() {
 
   return {
     tool: 'gemini',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running ? 'proxy' : (channelConfigured ? 'channel' : (nativeOAuth ? 'oauth' : 'idle')),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -737,10 +737,67 @@ function clearOpenCodeOAuth() {
   writeJsonFile(NATIVE_PATHS.opencode.auth, payload);
 }
 
-function applyOpenCodeOAuth(credential) {
-  clearOpenCodeOAuth();
-  opencodeSettingsManager.clearManagedChannelConfig();
+function disableOpenCodeOAuthCredential(credential = {}) {
+  const providerId = String(credential.providerId || '').trim();
+  const accessToken = String(credential.accessToken || credential.primaryToken || '').trim();
+  const payload = readJsonFile(NATIVE_PATHS.opencode.auth, {});
+  if (!payload || typeof payload !== 'object') {
+    return;
+  }
+
+  Object.keys(payload).forEach((key) => {
+    const target = payload[key];
+    if (!target || target.type !== 'oauth') {
+      return;
+    }
+
+    const providerMatched = providerId && key === providerId;
+    const tokenMatched = accessToken && String(target.access || '').trim() === accessToken;
+    if (providerMatched || tokenMatched) {
+      delete payload[key];
+    }
+  });
+
+  if (Object.keys(payload).length === 0) {
+    removeFileIfExists(NATIVE_PATHS.opencode.auth);
+    return;
+  }
+
+  writeJsonFile(NATIVE_PATHS.opencode.auth, payload);
+}
+
+function isManagedOpenCodeProvider(provider) {
+  if (!provider || typeof provider !== 'object') {
+    return false;
+  }
+
+  if (provider.__ctx_managed__ === true) {
+    return true;
+  }
+
+  const apiKey = String(provider?.options?.apiKey || '').trim();
+  const baseUrl = String(provider?.options?.baseURL || '').trim();
+  return apiKey === 'PROXY_KEY' && (baseUrl.includes('127.0.0.1') || baseUrl.includes('localhost'));
+}
+
+function clearOpenCodeManagedModelSelection(config) {
+  const modelRef = String(config?.model || '').trim();
+  if (!modelRef || !modelRef.includes('/')) {
+    return;
+  }
+
+  const providerId = modelRef.split('/')[0].trim();
+  if (!providerId) {
+    return;
+  }
+
+  const provider = config?.provider?.[providerId];
+  if (isManagedOpenCodeProvider(provider)) {
+    delete config.model;
+  }
+}
 
+function applyOpenCodeOAuth(credential) {
   const providerId = String(credential.providerId || 'openai').trim() || 'openai';
   const payload = readJsonFile(NATIVE_PATHS.opencode.auth, {});
   payload[providerId] = {
@@ -758,9 +815,12 @@ function applyOpenCodeOAuth(credential) {
     ? opencodeSettingsManager.readConfig(configPath)
     : {};
   config.provider = config.provider && typeof config.provider === 'object' ? config.provider : {};
-  if (!config.provider[providerId]) {
-    config.provider[providerId] = {};
-  }
+  config.provider[providerId] = config.provider[providerId] && typeof config.provider[providerId] === 'object'
+    ? config.provider[providerId]
+    : {};
+  // Preserve existing ctx-managed API providers for OpenCode coexistence, but
+  // drop the active managed selection so OAuth-backed providers become available.
+  clearOpenCodeManagedModelSelection(config);
   opencodeSettingsManager.writeConfig(configPath, config);
 
   return { storage: 'auth-file' };
@@ -787,7 +847,11 @@ function inspectOpenCodeState() {
 
   return {
     tool: 'opencode',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running
+      ? 'proxy'
+      : (nativeOAuth && channelConfigured
+          ? 'mixed'
+          : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle'))),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -865,6 +929,25 @@ function clearNativeOAuth(tool) {
   }
 }
 
+function disableNativeOAuthCredential(tool, credential = {}) {
+  switch (tool) {
+    case 'claude':
+      clearClaudeOAuth();
+      return;
+    case 'codex':
+      clearCodexOAuth();
+      return;
+    case 'gemini':
+      clearGeminiOAuth();
+      return;
+    case 'opencode':
+      disableOpenCodeOAuthCredential(credential);
+      return;
+    default:
+      throw new Error(`Unsupported OAuth tool: ${tool}`);
+  }
+}
+
 function applyOAuthCredential(tool, credential) {
   switch (tool) {
     case 'claude':
@@ -887,5 +970,6 @@ module.exports = {
   readNativeOAuth,
   readAllNativeOAuth,
   clearNativeOAuth,
+  disableNativeOAuthCredential,
   applyOAuthCredential
 };

package/src/server/services/oauth-credentials-service.js

@@ -12,6 +12,7 @@ const {
   inspectTool,
   readAllNativeOAuth,
   clearNativeOAuth,
+  disableNativeOAuthCredential,
   applyOAuthCredential
 } = require('./native-oauth-adapters');
 const { maskToken, decodeJwtPayload, removeFileIfExists } = require('./oauth-utils');
@@ -300,6 +301,23 @@ function sanitizeCredential(entry, defaultCredentialId) {
   };
 }
 
+function sanitizeNativeCredential(entry = {}) {
+  const primaryToken = entry.primaryToken
+    || entry.accessToken
+    || entry.token
+    || '';
+
+  return {
+    providerId: entry.providerId || '',
+    accountId: entry.accountId || '',
+    accountEmail: entry.accountEmail || '',
+    expiresAt: entry.expiresAt || null,
+    lastRefresh: entry.lastRefresh || null,
+    storage: entry.storage || '',
+    tokenPreview: maskToken(primaryToken)
+  };
+}
+
 function sanitizeToolSummary(tool, toolStore) {
   const credentials = (toolStore.credentials || [])
     .map((entry) => sanitizeCredential(entry, toolStore.defaultCredentialId))
@@ -309,11 +327,16 @@ function sanitizeToolSummary(tool, toolStore) {
       if (aTime !== bTime) return bTime - aTime;
       return (b.createdAt || 0) - (a.createdAt || 0);
     });
+  const nativeState = inspectTool(tool);
+  const nativeCredentials = readAllNativeOAuth(tool).map((entry) => sanitizeNativeCredential(entry));
   return {
     tool,
     defaultCredentialId: toolStore.defaultCredentialId || null,
     credentials,
-    nativeState: inspectTool(tool)
+    nativeState: {
+      ...nativeState,
+      nativeCredentials
+    }
   };
 }
 
@@ -612,7 +635,9 @@ async function applyStoredCredential(tool, credentialId) {
   const entry = findStoredCredential(tool, credentialId);
   const proxyStopped = await stopProxyIfRunning(tool);
   cleanupManagedArtifacts(tool);
-  disableAllChannelsForTool(tool);
+  if (tool !== 'opencode') {
+    disableAllChannelsForTool(tool);
+  }
   applyOAuthCredential(tool, entry.secrets);
 
   // 记录最近使用时间
@@ -631,6 +656,22 @@ async function applyStoredCredential(tool, credentialId) {
   };
 }
 
+function disableStoredCredential(tool, credentialId) {
+  assertSupportedTool(tool);
+  const entry = findStoredCredential(tool, credentialId);
+  disableNativeOAuthCredential(tool, {
+    ...(entry.secrets || {}),
+    providerId: entry.providerId || entry.secrets?.providerId || '',
+    accountId: entry.accountId || entry.secrets?.accountId || ''
+  });
+
+  return {
+    credential: sanitizeCredential(entry, readStore().tools[tool]?.defaultCredentialId || null),
+    toolSummary: getToolSummary(tool),
+    nativeState: inspectTool(tool)
+  };
+}
+
 function clearNativeOAuthState(tool) {
   assertSupportedTool(tool);
   clearNativeOAuth(tool);
@@ -791,6 +832,7 @@ module.exports = {
   setDefaultCredential,
   deleteCredential,
   applyStoredCredential,
+  disableStoredCredential,
   clearNativeOAuthState,
   fetchCredentialUsage
 };

package/src/server/services/opencode-channels.js

@@ -2,7 +2,6 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { PATHS } = require('../../config/paths');
-const { clearNativeOAuth } = require('./native-oauth-adapters');
 const { setChannelConfig } = require('./opencode-settings-manager');
 const { normalizeGatewaySourceType } = require('./base/proxy-utils');
 
@@ -251,7 +250,6 @@ function applyChannelToSettings(channelId) {
   });
   saveChannels(data);
 
-  clearNativeOAuth('opencode');
   setChannelConfig(channel);
 
   return channel;