copillm 0.2.9 → 0.3.0-beta.1

package/dist/cli/commands/agents/claude.js

@@ -5,7 +5,7 @@ import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
 import { launchAgent } from "../../launchAgent.js";
 import { buildClaudeExportCommand } from "../../integrations/claudeExport.js";
 import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("claude")
@@ -16,9 +16,29 @@ export function register(program) {
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
         const debug = resolveCopillmDebug(opts.copillmDebug);
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
         enableRuntimeDebug(debug);
         const lock = await ensureDaemonRunningForLauncher({ debug });
-        const claude = buildClaudeExportCommand(lock.port, null);
+        const claude = buildClaudeExportCommand(lock.port, null, {
+            pathPrefix: launchAccount?.pathPrefix,
+            cacheId: launchAccount?.cacheId
+        });
         const pinnedSpec = opts.copillmUse ?? process.env.COPILLM_CLAUDE_VERSION ?? undefined;
         const conflicts = detectClaudeSettingsConflicts(claude.bundle.env);
         for (const line of formatSettingsConflictWarning(conflicts)) {

package/dist/cli/commands/agents/codex.js

@@ -5,7 +5,7 @@ import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
 import { launchAgent } from "../../launchAgent.js";
 import { refreshCodexHome } from "../../integrations/refreshCodex.js";
 import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("codex")
@@ -16,9 +16,29 @@ export function register(program) {
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
         const debug = resolveCopillmDebug(opts.copillmDebug);
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
         enableRuntimeDebug(debug);
         const lock = await ensureDaemonRunningForLauncher({ debug });
-        const codex = await refreshCodexHome(lock.port, null);
+        const codex = await refreshCodexHome(lock.port, null, undefined, {
+            pathPrefix: launchAccount?.pathPrefix,
+            account: launchAccount?.account
+        });
         if (!codex) {
             throw new Error("Failed to prepare Codex home (see warning above).");
         }

package/dist/cli/commands/agents/copilot.js

@@ -2,7 +2,7 @@ import { applyAgentConfig, formatApplyNotes } from "../../../agentconfig/apply.j
 import { loadStoredCredential } from "../../../auth/credentials.js";
 import { processCopillmArgs } from "../../copillmFlags.js";
 import { launchAgent } from "../../launchAgent.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("copilot")
@@ -12,8 +12,29 @@ export function register(program) {
         .argument("[args...]", "Args forwarded to copilot")
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
-        const credential = await loadStoredCredential();
-        if (!credential) {
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
+        // Copilot CLI talks to GitHub directly with the account's OAuth token,
+        // so account selection picks which token to inject (not a URL prefix).
+        const githubToken = launchAccount
+            ? launchAccount.account.githubToken
+            : (await loadStoredCredential())?.token ?? null;
+        if (!githubToken) {
             process.stderr.write("copillm: no stored GitHub credential — run `copillm auth login` first.\n");
             process.exit(1);
             return;
@@ -34,7 +55,7 @@ export function register(program) {
         // short-circuits its device-flow login when copillm already has a token.
         const env = {
             ...applyResult.envOverlay,
-            COPILOT_GITHUB_TOKEN: credential.token
+            COPILOT_GITHUB_TOKEN: githubToken
         };
         const baseArgs = [...forwarded, ...applyResult.cliArgs];
         const args = applyYoloForLaunch({ agent: "copilot", flag: opts.yolo, applyResult, baseArgs });

package/dist/cli/commands/agents/pi.js

@@ -5,7 +5,7 @@ import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
 import { launchAgent } from "../../launchAgent.js";
 import { refreshPiHome } from "../../integrations/refreshPi.js";
 import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("pi")
@@ -16,9 +16,29 @@ export function register(program) {
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
         const debug = resolveCopillmDebug(opts.copillmDebug);
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
         enableRuntimeDebug(debug);
         const lock = await ensureDaemonRunningForLauncher({ debug });
-        const pi = await refreshPiHome(lock.port);
+        const pi = await refreshPiHome(lock.port, undefined, {
+            pathPrefix: launchAccount?.pathPrefix,
+            account: launchAccount?.account
+        });
         if (!pi) {
             throw new Error("Failed to prepare pi models.json (see warning above).");
         }

package/dist/cli/commands/agents/shared.js

@@ -1,4 +1,61 @@
 import { applyYolo, resolveYoloWithSource } from "../../../agents/registry.js";
+import { loadAgentConfig } from "../../../agentconfig/load.js";
+import { findAccount } from "../../../auth/accounts.js";
+import { assertValidAccountId } from "../../../config/accountId.js";
+import { loadStoredCredentialForAccount } from "../../../auth/credentials.js";
+/**
+ * Resolve which account a launch targets, applying precedence
+ * `--account` > `COPILLM_ACCOUNT` > the active profile's `account` > default.
+ * Returns null for the default account (no prefix — today's behaviour).
+ *
+ * Throws a user-facing Error when a requested account is malformed, not
+ * registered, or has no stored credential, so the launcher can fail fast
+ * before starting the daemon or the agent.
+ */
+export async function resolveLaunchAccount(input) {
+    let requested;
+    let source;
+    if (input.flag && input.flag.trim().length > 0) {
+        requested = input.flag.trim();
+        source = "flag";
+    }
+    else if (input.envValue && input.envValue.trim().length > 0) {
+        requested = input.envValue.trim();
+        source = "env";
+    }
+    else {
+        const config = loadAgentConfig({ cwd: input.cwd, profileOverride: input.profileOverride });
+        const pinned = config?.resolved.account ?? null;
+        if (pinned) {
+            requested = pinned;
+            source = "profile";
+        }
+    }
+    if (!requested) {
+        return null;
+    }
+    assertValidAccountId(requested);
+    const record = findAccount(requested);
+    if (!record) {
+        throw new Error(`Unknown account "${requested}". Run \`copillm auth status\` to list accounts.`);
+    }
+    const credential = await loadStoredCredentialForAccount(requested);
+    if (!credential) {
+        throw new Error(`No stored credential for account "${requested}". Run \`copillm auth login --as ${requested}\`.`);
+    }
+    const cacheId = record.storage === "legacy" ? undefined : requested;
+    return {
+        accountId: requested,
+        pathPrefix: `/${requested}`,
+        cacheId,
+        account: { accountType: credential.accountType, githubToken: credential.token, cacheId },
+        source: source
+    };
+}
+export function formatLaunchAccountNotice(resolved) {
+    const from = resolved.source === "flag" ? "--account" : resolved.source === "env" ? "COPILLM_ACCOUNT" : "profile";
+    return `copillm: using account "${resolved.accountId}" (from ${from})`;
+}
 /**
  * Shared yolo wiring for the four agent subcommands. Resolves precedence
  * (flag > env > profile > defaults > off), runs `applyYolo` with source

package/dist/cli/commands/auth.js

@@ -1,9 +1,17 @@
 import { inspectStoredCredential, loadStoredCredentialForStatus } from "../../auth/credentials.js";
+import { readAccountsIndex } from "../../auth/accounts.js";
 import { inspectGithubIdentity } from "../../auth/githubIdentity.js";
 import { ensureAuthenticatedInteractive } from "../auth/ensure.js";
-import { runAuthLogin, runAuthLogout } from "../auth/runAuth.js";
+import { runAuthLogin, runAuthLogout, runAuthStatusList, runAuthSwitch } from "../auth/runAuth.js";
 import { formatHumanAuthStatusLine } from "../shared/backends.js";
 import { emitDeprecation } from "../shared/deprecation.js";
+const ACCOUNT_TYPES = ["individual", "business", "enterprise"];
+function parseAccountType(value) {
+    if (ACCOUNT_TYPES.includes(value)) {
+        return value;
+    }
+    throw new Error(`Invalid --account-type "${value}". Expected one of: ${ACCOUNT_TYPES.join(", ")}.`);
+}
 // Re-export for callers (e.g. start command) that need the interactive prompt.
 export { ensureAuthenticatedInteractive };
 export function register(program) {
@@ -28,6 +36,8 @@ export function register(program) {
         .command("login")
         .description("Authenticate with GitHub")
         .option("--json", "JSON output")
+        .option("--as <account>", "Name this account (enables multiple accounts)")
+        .option("--account-type <type>", "Account plan type: individual | business | enterprise", parseAccountType)
         // Undocumented test seam: force the session-only backend regardless of
         // whether the OS keychain is available. Equivalent to setting
         // COPILLM_FORCE_SESSION_BACKEND=1 for the duration of this command.
@@ -39,9 +49,19 @@ export function register(program) {
         .command("logout")
         .description("Clear credentials and stop running daemon")
         .option("--json", "JSON output")
+        .option("--account <account>", "Log out a specific account (default: the default account)")
+        .option("--all", "Log out of every account")
         .action(async (opts) => {
         await runAuthLogout(opts);
     });
+    auth
+        .command("switch")
+        .argument("<account>", "Account id to make the default")
+        .description("Set the default account")
+        .option("--json", "JSON output")
+        .action(async (account, opts) => {
+        await runAuthSwitch(opts, account);
+    });
     auth
         .command("status")
         .description("Report whether a credential is stored (token is never printed)")
@@ -51,6 +71,12 @@ export function register(program) {
         // commander's --no-user toggles opts.user to false; when the flag is
         // omitted opts.user is undefined and we treat that as "fetch by default".
         const wantUserLookup = opts.user !== false;
+        // Multi-account installs (an accounts index exists) get the per-account
+        // listing. Single-account installs keep the exact original output below.
+        if (readAccountsIndex()) {
+            const { anyStored } = await runAuthStatusList(opts);
+            process.exit(anyStored ? 0 : 2);
+        }
         // Two paths to minimize keychain probes:
         //   - With user lookup (default): `loadStoredCredentialForStatus()`
         //     does ONE keychain read that yields backend + token. Pass the

package/dist/cli/copillmFlags.js

@@ -40,6 +40,14 @@ export const COPILLM_FLAGS = [
         kind: "swallow",
         description: "Override active profile for this launch"
     },
+    {
+        flag: "--copillm-account",
+        aliases: ["--account"],
+        takesValue: true,
+        dest: "copillmAccount",
+        kind: "swallow",
+        description: "Route this launch at a specific copillm account"
+    },
     {
         flag: "--copillm-no-config",
         aliases: ["--no-config"],

package/dist/cli/daemon/runDaemon.js

@@ -1,9 +1,11 @@
 import { randomUUID } from "node:crypto";
 import { loadStoredCredential } from "../../auth/credentials.js";
+import { readAccountsIndex } from "../../auth/accounts.js";
 import { CopilotTokenManager } from "../../auth/copilotToken.js";
 import { loadConfig } from "../../config/config.js";
 import { acquireLock, LockAlreadyRunningError, releaseLock } from "../../server/lock.js";
 import { startProxyServer } from "../../server/proxy.js";
+import { DaemonAccountResolver } from "../../server/accountResolver.js";
 import { installProcessSafetyNet } from "../processSafetyNet.js";
 import { getRootLogger } from "../shared/debug.js";
 import { withTimeout } from "./lifecycle.js";
@@ -30,6 +32,22 @@ export async function runDaemon(options) {
     }
     const tokenManager = new CopilotTokenManager(creds.token);
     await tokenManager.ensureToken(false);
+    // Build the default account's resolved identity. With no accounts index this
+    // is the legacy single account (accountId null, legacy model cache). With an
+    // index, it reflects the configured default account's id, plan type, and
+    // storage scheme — so model discovery and the cache key stay correct.
+    const accountsIndex = readAccountsIndex();
+    const defaultRecord = accountsIndex
+        ? accountsIndex.accounts.find((account) => account.id === accountsIndex.defaultAccount) ?? null
+        : null;
+    const defaultAccount = {
+        accountId: defaultRecord?.id ?? null,
+        githubToken: creds.token,
+        tokenManager,
+        accountType: defaultRecord?.accountType ?? config.accountType,
+        cacheId: defaultRecord && defaultRecord.storage === "namespaced" ? defaultRecord.id : undefined
+    };
+    const accountResolver = new DaemonAccountResolver({ default: defaultAccount });
     const callerSecret = config.requireCallerSecret ? randomUUID() : null;
     if (callerSecret) {
         process.stdout.write(`Caller secret: ${callerSecret}\n`);
@@ -53,6 +71,7 @@ export async function runDaemon(options) {
                 port,
                 config,
                 tokenManager,
+                accountResolver,
                 callerSecret,
                 logger,
                 debug: Boolean(options?.debug),
@@ -70,7 +89,7 @@ export async function runDaemon(options) {
         }
     }
     if (!server || selectedPort === null) {
-        tokenManager.clear();
+        accountResolver.clearAll();
         throw new Error(`No available port in configured range (${ports[0]}-${ports[ports.length - 1]}).`);
     }
     installProcessSafetyNet(logger);
@@ -87,7 +106,7 @@ export async function runDaemon(options) {
             logger.warn({ err: error }, "graceful shutdown timed out");
         }
         finally {
-            tokenManager.clear();
+            accountResolver.clearAll();
             releaseLock();
             process.exit(0);
         }

package/dist/cli/integrations/claudeExport.js

@@ -1,14 +1,16 @@
 import { buildClaudeEnvBundle } from "../agentEnv.js";
 import { buildClaudeExportCommand as buildClaudeExport, computeAnthropicDefaults, readModelIdsFromCache } from "../../models/anthropicDefaults.js";
-export function buildClaudeExportCommand(port, callerSecret) {
-    const modelIds = readModelIdsFromCache();
+export function buildClaudeExportCommand(port, callerSecret, opts) {
+    const pathPrefix = opts?.pathPrefix ?? "";
+    const modelIds = readModelIdsFromCache(opts?.cacheId);
     const defaults = computeAnthropicDefaults(modelIds);
     const command = buildClaudeExport({
         port,
         callerSecret,
         defaults,
-        enableGatewayDiscovery: true
+        enableGatewayDiscovery: true,
+        pathPrefix
     });
-    const bundle = buildClaudeEnvBundle({ port, callerSecret, defaults, enableGatewayDiscovery: true });
+    const bundle = buildClaudeEnvBundle({ port, callerSecret, defaults, enableGatewayDiscovery: true, pathPrefix });
     return { command, defaults, bundle };
 }

package/dist/cli/integrations/refreshCodex.js

@@ -1,6 +1,6 @@
 import { getCopillmHome } from "../../config/home.js";
 import { defaultOutputDir, generateCodexHome } from "../../integrations/codex/init.js";
-export async function refreshCodexHome(port, model, precomputed) {
+export async function refreshCodexHome(port, model, precomputed, opts) {
     try {
         const home = getCopillmHome();
         return await generateCodexHome({
@@ -9,7 +9,9 @@ export async function refreshCodexHome(port, model, precomputed) {
             port,
             providerId: "copillm",
             reasoningEffort: null,
-            precomputed
+            precomputed,
+            pathPrefix: opts?.pathPrefix,
+            account: opts?.account
         });
     }
     catch (error) {

package/dist/cli/integrations/refreshPi.js

@@ -1,13 +1,15 @@
 import { getCopillmHome } from "../../config/home.js";
 import { defaultOutputDir as defaultPiOutputDir, generatePiHome } from "../../integrations/pi/init.js";
-export async function refreshPiHome(port, precomputed) {
+export async function refreshPiHome(port, precomputed, opts) {
     try {
         const home = getCopillmHome();
         return await generatePiHome({
             outDir: defaultPiOutputDir(home),
             port,
             providerId: "copillm",
-            precomputed
+            precomputed,
+            pathPrefix: opts?.pathPrefix,
+            account: opts?.account
         });
     }
     catch (error) {

package/dist/cli/packageInfo.js

@@ -1,7 +1,7 @@
 import { createRequire } from "node:module";
 const FALLBACK_PACKAGE_INFO = {
     name: "copillm",
-    version: "0.2.9"
+    version: "0.3.0-beta.1"
 };
 export function getPackageInfo() {
     const envName = cleanPackageValue(process.env.COPILLM_PACKAGE_NAME);

package/dist/config/accountId.js

@@ -0,0 +1,44 @@
+/**
+ * Account-id validation, shared by the `auth` layer (which writes the accounts
+ * index) and the `models` layer (which embeds the id in a per-account model
+ * cache filename). Lives in `config` so both layers can import it without
+ * crossing a forbidden import boundary.
+ *
+ * An account id is embedded in filenames (`credentials.<id>.json`,
+ * `models.cache.<id>.json`) and in a keychain account string, so it must be a
+ * safe single path segment. GitHub logins are `[A-Za-z0-9-]`; copillm also
+ * permits `.` and `_` for synthetic ids.
+ */
+export const ACCOUNT_ID_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._-]*$/;
+export const MAX_ACCOUNT_ID_LENGTH = 64;
+export class InvalidAccountIdError extends Error {
+    accountId;
+    constructor(accountId, reason) {
+        super(`Invalid account id "${accountId}": ${reason}`);
+        this.accountId = accountId;
+        this.name = "InvalidAccountIdError";
+    }
+}
+/**
+ * Validate an account id before it is used in a filename or keychain key.
+ * Throws `InvalidAccountIdError` on anything that isn't a safe path segment.
+ */
+export function assertValidAccountId(accountId) {
+    if (accountId.length === 0) {
+        throw new InvalidAccountIdError(accountId, "id must not be empty.");
+    }
+    if (accountId.length > MAX_ACCOUNT_ID_LENGTH) {
+        throw new InvalidAccountIdError(accountId, `id must be at most ${MAX_ACCOUNT_ID_LENGTH} characters.`);
+    }
+    if (!ACCOUNT_ID_PATTERN.test(accountId)) {
+        throw new InvalidAccountIdError(accountId, "id may only contain letters, digits, '.', '_' and '-', and must start with a letter or digit.");
+    }
+}
+/**
+ * Non-throwing variant for hot paths (e.g. parsing an optional account prefix
+ * out of a request URL) where an invalid id should just mean "not an account
+ * prefix" rather than an error.
+ */
+export function isValidAccountId(accountId) {
+    return accountId.length > 0 && accountId.length <= MAX_ACCOUNT_ID_LENGTH && ACCOUNT_ID_PATTERN.test(accountId);
+}

package/dist/config/home.js

@@ -20,6 +20,29 @@ export function credentialsPath() {
 export function credentialsReadPath() {
     return resolveReadablePath("credentials.json");
 }
+/**
+ * Path to the multi-account index (`accounts.json`). Metadata only — never
+ * holds a token. Absent on single-account installs, which keep using the
+ * legacy `credentials.json` / keychain entry as the implicit default account.
+ */
+export function accountsIndexPath() {
+    return path.join(getCopillmHome(), "accounts.json");
+}
+export function accountsIndexReadPath() {
+    return resolveReadablePath("accounts.json");
+}
+/**
+ * Plaintext-fallback credential file for a *named* (non-default) account. The
+ * default account keeps the legacy `credentials.json` path for backward
+ * compatibility; additional accounts are namespaced by id so their tokens
+ * never collide with — or overwrite — the pre-existing default.
+ */
+export function accountCredentialsPath(accountId) {
+    return path.join(getCopillmHome(), `credentials.${accountId}.json`);
+}
+export function accountCredentialsReadPath(accountId) {
+    return resolveReadablePath(`credentials.${accountId}.json`);
+}
 export function lockPath() {
     return path.join(getCopillmHome(), "copillm.pid");
 }
@@ -32,6 +55,18 @@ export function modelsCachePath() {
 export function modelsCacheReadPath() {
     return resolveReadablePath("models.cache.json");
 }
+/**
+ * Per-account model-discovery cache. Different accounts can be entitled to
+ * different model catalogs, so each named account caches into its own
+ * `models.cache.<id>.json`. The primary/legacy account keeps the shared
+ * `models.cache.json` (above), so single-account installs are unaffected.
+ */
+export function accountModelsCachePath(accountId) {
+    return path.join(getCopillmHome(), `models.cache.${accountId}.json`);
+}
+export function accountModelsCacheReadPath(accountId) {
+    return resolveReadablePath(`models.cache.${accountId}.json`);
+}
 export function debugLogPath() {
     return path.join(getCopillmHome(), "debug.log");
 }

package/dist/integrations/codex/init.js

@@ -7,13 +7,14 @@ import { ensureSecureDirectory, writeFileSecureAtomic } from "../../config/fsSec
 import { buildCodexCatalog } from "../../server/codexSchema.js";
 import { inspectLock } from "../../server/lock.js";
 export async function generateCodexHome(options) {
-    const { discovery } = await resolveStartContext(options.precomputed);
+    const { discovery } = await resolveStartContext(options.precomputed, options.account);
     const catalog = buildCodexCatalog(discovery.models);
     if (catalog.models.length === 0) {
         throw new Error("No Codex-eligible models found in the live catalog.");
     }
     const port = options.port;
-    const proxyUrl = `http://127.0.0.1:${port}/codex/v1`;
+    const prefix = options.pathPrefix ?? "";
+    const proxyUrl = `http://127.0.0.1:${port}${prefix}/codex/v1`;
     const baseUrl = proxyUrl;
     const defaultModel = options.model ?? pickDefaultModel(catalog.models.map((model) => model.slug));
     if (!catalog.models.some((model) => model.slug === defaultModel)) {
@@ -47,11 +48,19 @@ export async function generateCodexHome(options) {
  * Exported so `generatePiHome` (and any future agent init) can use the
  * same loader and the same "if precomputed, reuse it" contract.
  */
-export async function resolveStartContext(precomputed) {
+export async function resolveStartContext(precomputed, account) {
     if (precomputed) {
         return precomputed;
     }
     const config = loadConfig();
+    if (account) {
+        const discovery = await listModelsUnion(account.accountType, account.githubToken, 3, undefined, account.cacheId);
+        return {
+            config,
+            creds: { token: account.githubToken, accountType: account.accountType, source: "session" },
+            discovery
+        };
+    }
     const creds = await loadStoredCredential();
     if (!creds) {
         throw new Error("Not authenticated. Run `copillm login` first.");

package/dist/integrations/pi/init.js

@@ -4,7 +4,7 @@ import { ensureSecureDirectory, writeFileSecureAtomic } from "../../config/fsSec
 import { piAgentDir } from "../../config/home.js";
 import { resolveStartContext } from "../codex/init.js";
 export async function generatePiHome(options) {
-    const { discovery } = await resolveStartContext(options.precomputed);
+    const { discovery } = await resolveStartContext(options.precomputed, options.account);
     const eligible = discovery.models.filter(isPickerEligible);
     // Split the catalog by which upstream endpoint each model supports. Models
     // that advertise `/chat/completions` flow through copillm's Anthropic surface
@@ -20,9 +20,10 @@ export async function generatePiHome(options) {
     if (anthropicEligible.length === 0 && responsesEligible.length === 0) {
         throw new Error("No models discovered for pi config.");
     }
-    const proxyUrl = `http://127.0.0.1:${options.port}/anthropic`;
+    const prefix = options.pathPrefix ?? "";
+    const proxyUrl = `http://127.0.0.1:${options.port}${prefix}/anthropic`;
     // OpenAI SDK posts to `<baseUrl>/responses`, so the baseUrl must include `/v1`.
-    const responsesProxyUrl = `http://127.0.0.1:${options.port}/codex/v1`;
+    const responsesProxyUrl = `http://127.0.0.1:${options.port}${prefix}/codex/v1`;
     const providerId = options.providerId.trim().length > 0 ? options.providerId : "copillm";
     const responsesProviderId = `${providerId}-responses`;
     const providers = {};

package/dist/models/anthropicDefaults.js

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import { z } from "zod";
-import { modelsCacheReadPath } from "../config/home.js";
+import { accountModelsCacheReadPath, modelsCacheReadPath } from "../config/home.js";
+import { assertValidAccountId } from "../config/accountId.js";
 export const ANTHROPIC_FAMILIES = ["opus", "sonnet", "haiku"];
 const SUFFIX_BLOCKLIST = [
     "-high",
@@ -32,8 +33,15 @@ export function computeAnthropicDefaults(modelIds) {
         haiku: pickPlainLatest(byFamily.haiku)
     };
 }
-export function readModelIdsFromCache() {
-    const file = modelsCacheReadPath();
+export function readModelIdsFromCache(accountId) {
+    let file;
+    if (accountId === undefined) {
+        file = modelsCacheReadPath();
+    }
+    else {
+        assertValidAccountId(accountId);
+        file = accountModelsCacheReadPath(accountId);
+    }
     if (!fs.existsSync(file)) {
         return [];
     }
@@ -51,8 +59,9 @@ export function readModelIdsFromCache() {
 }
 export function buildClaudeExportCommand(input) {
     const token = input.callerSecret ?? "copillm-local";
+    const prefix = input.pathPrefix ?? "";
     const parts = [
-        `ANTHROPIC_BASE_URL=http://127.0.0.1:${input.port}/anthropic`,
+        `ANTHROPIC_BASE_URL=http://127.0.0.1:${input.port}${prefix}/anthropic`,
         `ANTHROPIC_AUTH_TOKEN=${token}`
     ];
     if (input.defaults.opus) {