copillm 0.2.9 → 0.3.0-beta.1

package/dist/models/discovery.js

@@ -1,7 +1,8 @@
 import fs from "node:fs";
 import { setTimeout as defaultSleep } from "node:timers/promises";
 import { z } from "zod";
-import { modelsCachePath, modelsCacheReadPath } from "../config/home.js";
+import { accountModelsCachePath, accountModelsCacheReadPath, modelsCachePath, modelsCacheReadPath } from "../config/home.js";
+import { assertValidAccountId } from "../config/accountId.js";
 import { writeFileSecureAtomic } from "../config/fsSecurity.js";
 import { copilotBaseUrl } from "../config/upstream.js";
 const ModelSchema = z
@@ -50,7 +51,7 @@ const RETRYABLE_DISCOVERY_STATUSES = new Set([408, 409, 425, 429, 500, 502, 503,
 export function accountBaseUrl(accountType) {
     return copilotBaseUrl(accountType);
 }
-export async function listModels(accountType, bearerToken, deps) {
+export async function listModels(accountType, bearerToken, deps, accountId) {
     const fetchImpl = deps?.fetchImpl ?? ((input, init) => fetch(input, init));
     const timeoutMs = deps?.timeoutMs ?? DEFAULT_FETCH_TIMEOUT_MS;
     try {
@@ -72,7 +73,7 @@ export async function listModels(accountType, bearerToken, deps) {
         if (!parsed.success) {
             throw new ModelDiscoverySchemaError("Model discovery response is invalid.");
         }
-        saveModelCache(accountType, parsed.data);
+        saveModelCache(accountType, parsed.data, accountId);
         return {
             models: parsed.data,
             source: "live",
@@ -85,7 +86,7 @@ export async function listModels(accountType, bearerToken, deps) {
         if (!canUseCacheFallback(error)) {
             throw error;
         }
-        const cached = readModelCache(accountType);
+        const cached = readModelCache(accountType, accountId);
         if (!cached) {
             const detail = error instanceof Error ? error.message : "unknown error";
             throw new Error(`Model discovery failed and no cache snapshot is available: ${detail}`);
@@ -119,7 +120,7 @@ export async function listModels(accountType, bearerToken, deps) {
  * specify. Each attempt's own retry budget lives inside `listModels`'s
  * cache-fallback path; this loop runs once per upstream call.
  */
-export async function listModelsUnion(accountType, bearerToken, attempts = 3, deps) {
+export async function listModelsUnion(accountType, bearerToken, attempts = 3, deps, accountId) {
     const sleepImpl = deps?.sleepImpl ?? ((ms) => defaultSleep(ms));
     const seen = new Map();
     let lastResult = null;
@@ -127,7 +128,7 @@ export async function listModelsUnion(accountType, bearerToken, attempts = 3, de
     let consecutiveFailures = 0;
     for (let i = 0; i < attempts; i += 1) {
         try {
-            const result = await listModels(accountType, bearerToken, deps);
+            const result = await listModels(accountType, bearerToken, deps, accountId);
             lastResult = result;
             consecutiveFailures = 0;
             for (const model of result.models) {
@@ -274,17 +275,38 @@ function canUseCacheFallback(error) {
     return true;
 }
 const CACHE_FALLBACK_STATUSES = new Set([401, 403, 408, 409, 425, 429]);
-function saveModelCache(accountType, models) {
+/**
+ * Resolve the model-cache file for an account. `undefined` → the shared
+ * `models.cache.json` used by the primary/legacy account and single-account
+ * installs; a string → the per-account `models.cache.<id>.json`. The caller
+ * (the daemon) decides which based on the account's storage scheme, so a
+ * default-account switch never makes two accounts share a catalog file.
+ */
+function modelsCacheWriteFile(accountId) {
+    if (accountId === undefined) {
+        return modelsCachePath();
+    }
+    assertValidAccountId(accountId);
+    return accountModelsCachePath(accountId);
+}
+function modelsCacheReadFile(accountId) {
+    if (accountId === undefined) {
+        return modelsCacheReadPath();
+    }
+    assertValidAccountId(accountId);
+    return accountModelsCacheReadPath(accountId);
+}
+function saveModelCache(accountType, models, accountId) {
     const payload = {
         version: 1,
         accountType,
         savedAtIso: new Date().toISOString(),
         models
     };
-    writeFileSecureAtomic(modelsCachePath(), JSON.stringify(payload, null, 2), 0o600);
+    writeFileSecureAtomic(modelsCacheWriteFile(accountId), JSON.stringify(payload, null, 2), 0o600);
 }
-function readModelCache(accountType) {
-    const filePath = modelsCacheReadPath();
+function readModelCache(accountType, accountId) {
+    const filePath = modelsCacheReadFile(accountId);
     if (!fs.existsSync(filePath)) {
         return null;
     }

package/dist/server/accountResolver.js

@@ -0,0 +1,85 @@
+import { CopilotTokenManager } from "../auth/copilotToken.js";
+import { loadStoredCredentialForAccount } from "../auth/credentials.js";
+import { findAccount } from "../auth/accounts.js";
+/**
+ * A resolver that knows only the default account. Used to preserve the exact
+ * single-account behaviour when the proxy is started without a multi-account
+ * resolver (e.g. test harnesses). A prefixed request for any other account
+ * resolves to `null` → the proxy returns `account_not_found`.
+ */
+export function singleAccountResolver(input) {
+    const def = {
+        accountId: input.accountId ?? null,
+        githubToken: input.githubToken,
+        tokenManager: input.tokenManager,
+        accountType: input.accountType,
+        cacheId: input.cacheId
+    };
+    return {
+        default: def,
+        async resolveById(accountId) {
+            if (def.accountId !== null && accountId === def.accountId) {
+                return def;
+            }
+            return null;
+        },
+        describe() {
+            return { defaultAccountId: def.accountId, activeAccountIds: [] };
+        },
+        clearAll() {
+            def.tokenManager.clear();
+        }
+    };
+}
+/**
+ * The production resolver. Wraps the eagerly-built default account and lazily
+ * builds a bearer manager per named account the first time a request for it
+ * arrives. Bearer managers are cached for the daemon's lifetime so repeated
+ * requests reuse the same (refresh-coalescing) manager.
+ */
+export class DaemonAccountResolver {
+    default;
+    cache = new Map();
+    createTokenManager;
+    constructor(input) {
+        this.default = input.default;
+        this.createTokenManager = input.createTokenManager ?? ((githubToken) => new CopilotTokenManager(githubToken));
+    }
+    async resolveById(accountId) {
+        if (this.default.accountId !== null && accountId === this.default.accountId) {
+            return this.default;
+        }
+        const cached = this.cache.get(accountId);
+        if (cached) {
+            return cached;
+        }
+        const credential = await loadStoredCredentialForAccount(accountId);
+        if (!credential) {
+            return null;
+        }
+        const record = findAccount(accountId);
+        // The cache file follows the account's storage scheme, mirroring the
+        // credential store: a legacy-storage account shares `models.cache.json`,
+        // a namespaced account gets its own `models.cache.<id>.json`.
+        const cacheId = record && record.storage === "legacy" ? undefined : accountId;
+        const resolved = {
+            accountId,
+            githubToken: credential.token,
+            tokenManager: this.createTokenManager(credential.token),
+            accountType: credential.accountType,
+            cacheId
+        };
+        this.cache.set(accountId, resolved);
+        return resolved;
+    }
+    describe() {
+        return { defaultAccountId: this.default.accountId, activeAccountIds: [...this.cache.keys()] };
+    }
+    clearAll() {
+        this.default.tokenManager.clear();
+        for (const resolved of this.cache.values()) {
+            resolved.tokenManager.clear();
+        }
+        this.cache.clear();
+    }
+}

package/dist/server/proxy.js

@@ -1,5 +1,6 @@
 import { createServer } from "node:http";
 import { randomUUID } from "node:crypto";
+import { singleAccountResolver } from "./accountResolver.js";
 import { attachRequestLifecycle, isBenignSocketError, safeEnd, safeSendJson } from "./requestLifecycle.js";
 import { InvalidRequestShapeError, JsonRequestParseError } from "./errors.js";
 import { ProtocolTranslationError } from "../translation/openaiAnthropic.js";
@@ -10,6 +11,22 @@ import { handleProxyForward } from "./routes/proxyForward.js";
 import { isLocalRequest, resolveRoute, safePathname } from "./routes/shared.js";
 export async function startProxyServer(input) {
     const debugEnabled = input.debug === true;
+    const resolver = input.accountResolver ??
+        singleAccountResolver({
+            tokenManager: input.tokenManager,
+            githubToken: input.githubToken ?? "",
+            accountType: input.config.accountType
+        });
+    // Resolve the account a request targets. Returns the default account for an
+    // unprefixed request; for an `/<account>` prefix, looks up the named account
+    // and answers 404 `account_not_found` when no credential is stored for it.
+    const resolveAccountForRoute = async (route) => {
+        if (route.accountId === null) {
+            return resolver.default;
+        }
+        const account = await resolver.resolveById(route.accountId);
+        return account;
+    };
     const server = createServer(async (req, res) => {
         const requestId = randomUUID();
         const startedAt = Date.now();
@@ -43,13 +60,21 @@ export async function startProxyServer(input) {
                     handleLivez(res);
                     return;
                 case "healthz":
-                    await handleHealthz(res, input.tokenManager);
+                    await handleHealthz(res, resolver.default.tokenManager);
                     return;
                 case "models":
+                    await handleModels(res, route.kind, resolver.default);
+                    return;
                 case "codex_models":
-                case "anthropic_models":
-                    await handleModels(res, route.kind, input.config, input.tokenManager, input.githubToken);
+                case "anthropic_models": {
+                    const account = await resolveAccountForRoute(route);
+                    if (!account) {
+                        safeSendJson(res, 404, { error: "account_not_found", detail: `No stored credential for account "${route.accountId}".` });
+                        return;
+                    }
+                    await handleModels(res, route.kind, account);
                     return;
+                }
                 case "debug":
                     if (!debugEnabled) {
                         safeSendJson(res, 404, { error: "not_found" });
@@ -58,9 +83,10 @@ export async function startProxyServer(input) {
                     await handleDebug(res, {
                         config: input.config,
                         logger: input.logger,
-                        tokenManager: input.tokenManager,
-                        githubToken: input.githubToken,
-                        port: input.port
+                        tokenManager: resolver.default.tokenManager,
+                        githubToken: resolver.default.githubToken,
+                        port: input.port,
+                        accounts: resolver.describe()
                     });
                     return;
                 case "not_found":
@@ -68,18 +94,24 @@ export async function startProxyServer(input) {
                     return;
                 case "openai":
                 case "anthropic":
-                case "codex_responses":
+                case "codex_responses": {
+                    const account = await resolveAccountForRoute(route);
+                    if (!account) {
+                        safeSendJson(res, 404, { error: "account_not_found", detail: `No stored credential for account "${route.accountId}".` });
+                        return;
+                    }
                     await handleProxyForward({
                         req,
                         res,
                         route,
                         config: input.config,
-                        tokenManager: input.tokenManager,
+                        account,
                         logger: input.logger,
                         requestId,
                         signal: lifecycle.signal
                     });
                     return;
+                }
             }
         }
         catch (error) {

package/dist/server/routes/debug.js

@@ -48,6 +48,13 @@ export async function handleDebug(res, input) {
             bearer_present: input.tokenManager.current !== null,
             bearer_expires_at_unix: input.tokenManager.current?.expiresAtUnix ?? null
         },
+        accounts: {
+            // Token is never included. Reports the default account id (null for a
+            // single-account install) and the named accounts that have served at
+            // least one request this daemon lifetime.
+            default: input.accounts?.defaultAccountId ?? null,
+            active: input.accounts?.activeAccountIds ?? []
+        },
         user,
         user_error: userError,
         routes: [

package/dist/server/routes/models.js

@@ -4,16 +4,16 @@ import { buildCodexCatalog } from "../codexSchema.js";
 import { buildAnthropicModelsResponse } from "../anthropicModelsResponse.js";
 import { tokenErrorToHttpResponse } from "../errors.js";
 import { safeSendJson } from "../requestLifecycle.js";
-export async function handleModels(res, routeKind, config, tokenManager, githubToken) {
+export async function handleModels(res, routeKind, account) {
     try {
-        await tokenManager.ensureToken(false);
-        if (!githubToken) {
+        await account.tokenManager.ensureToken(false);
+        if (!account.githubToken) {
             safeSendJson(res, 503, { error: "github_token_unavailable" });
             return;
         }
         const result = routeKind === "codex_models" || routeKind === "anthropic_models"
-            ? await listModelsUnion(config.accountType, githubToken, 3)
-            : await listModels(config.accountType, githubToken);
+            ? await listModelsUnion(account.accountType, account.githubToken, 3, undefined, account.cacheId)
+            : await listModels(account.accountType, account.githubToken, undefined, account.cacheId);
         if (routeKind === "codex_models") {
             safeSendJson(res, 200, buildCodexCatalog(result.models));
             return;

package/dist/server/routes/proxyForward.js

@@ -22,7 +22,7 @@ function translateRequestBody(routeKind, body) {
     }
 }
 export async function handleProxyForward(input) {
-    const { req, res, route, config, tokenManager, logger, requestId, signal } = input;
+    const { req, res, route, config, account, logger, requestId, signal } = input;
     const requestBody = await readJson(req);
     const translatedBody = translateRequestBody(route.kind, requestBody);
     const requestedModel = readRequestedModel(translatedBody);
@@ -70,8 +70,8 @@ export async function handleProxyForward(input) {
     }, "prepared upstream request");
     try {
         const upstream = await postToCopilot({
-            tokenManager,
-            accountType: config.accountType,
+            tokenManager: account.tokenManager,
+            accountType: account.accountType,
             body: upstreamBody,
             requestId,
             logger,

package/dist/server/routes/shared.js

@@ -1,4 +1,5 @@
 import { stripOneMillionAlias } from "../../translation/openaiAnthropic.js";
+import { isValidAccountId } from "../../config/accountId.js";
 import { JsonRequestParseError } from "../errors.js";
 export async function readJson(req) {
     const chunks = [];
@@ -119,43 +120,87 @@ export function safePathname(rawUrl) {
         return "/";
     }
 }
-export function resolveRoute(method, rawUrl) {
-    if (!method || !rawUrl) {
-        return { kind: "not_found", anthroShape: false };
-    }
-    let pathname;
-    try {
-        pathname = new URL(rawUrl, "http://127.0.0.1").pathname;
-    }
-    catch {
-        return { kind: "not_found", anthroShape: false };
-    }
+// First path segments that belong to real routes and must never be mistaken
+// for an account prefix. (Direct matching already wins for these, so this is
+// belt-and-suspenders against contrived nested paths.)
+const RESERVED_FIRST_SEGMENTS = new Set([
+    "livez",
+    "healthz",
+    "models",
+    "v1",
+    "codex",
+    "anthropic",
+    "_debug"
+]);
+// Only these routes may be addressed with an `/<account>` prefix. The generic
+// `/models` discovery route and all health/debug routes stay global.
+const PREFIXABLE_KINDS = new Set([
+    "codex_models",
+    "anthropic_models",
+    "codex_responses",
+    "openai",
+    "anthropic"
+]);
+function matchRoute(method, pathname) {
     if (method === "GET" && pathname === "/livez") {
-        return { kind: "livez", anthroShape: false };
+        return { kind: "livez", anthroShape: false, accountId: null };
     }
     if (method === "GET" && pathname === "/healthz") {
-        return { kind: "healthz", anthroShape: false };
+        return { kind: "healthz", anthroShape: false, accountId: null };
     }
     if (method === "GET" && (pathname === "/models" || pathname === "/v1/models")) {
-        return { kind: "models", anthroShape: false };
+        return { kind: "models", anthroShape: false, accountId: null };
     }
     if (method === "GET" && pathname === "/codex/v1/models") {
-        return { kind: "codex_models", anthroShape: false };
+        return { kind: "codex_models", anthroShape: false, accountId: null };
     }
     if (method === "GET" && pathname === "/anthropic/v1/models") {
-        return { kind: "anthropic_models", anthroShape: false };
+        return { kind: "anthropic_models", anthroShape: false, accountId: null };
     }
     if (method === "POST" && pathname === "/codex/v1/responses") {
-        return { kind: "codex_responses", anthroShape: false };
+        return { kind: "codex_responses", anthroShape: false, accountId: null };
     }
     if (method === "GET" && pathname === "/_debug") {
-        return { kind: "debug", anthroShape: false };
+        return { kind: "debug", anthroShape: false, accountId: null };
     }
     if (method === "POST" && pathname === "/v1/chat/completions") {
-        return { kind: "openai", anthroShape: false };
+        return { kind: "openai", anthroShape: false, accountId: null };
     }
     if (method === "POST" && (pathname === "/anthropic/v1/messages" || pathname === "/v1/messages")) {
-        return { kind: "anthropic", anthroShape: true };
+        return { kind: "anthropic", anthroShape: true, accountId: null };
+    }
+    return null;
+}
+export function resolveRoute(method, rawUrl) {
+    if (!method || !rawUrl) {
+        return { kind: "not_found", anthroShape: false, accountId: null };
+    }
+    let pathname;
+    try {
+        pathname = new URL(rawUrl, "http://127.0.0.1").pathname;
+    }
+    catch {
+        return { kind: "not_found", anthroShape: false, accountId: null };
+    }
+    // Try the path as-is first. This keeps every existing (unprefixed) route
+    // working unchanged and ensures a reserved first segment like `/codex/...`
+    // is always interpreted as a route, never as an account named "codex".
+    const direct = matchRoute(method, pathname);
+    if (direct) {
+        return direct;
+    }
+    // Otherwise, peel an optional leading `/<account>` segment and re-match the
+    // remainder against the prefixable routes.
+    const prefixMatch = pathname.match(/^\/([^/]+)(\/.*)$/);
+    if (prefixMatch) {
+        const candidate = prefixMatch[1];
+        const rest = prefixMatch[2];
+        if (isValidAccountId(candidate) && !RESERVED_FIRST_SEGMENTS.has(candidate)) {
+            const sub = matchRoute(method, rest);
+            if (sub && PREFIXABLE_KINDS.has(sub.kind)) {
+                return { ...sub, accountId: candidate };
+            }
+        }
     }
-    return { kind: "not_found", anthroShape: false };
+    return { kind: "not_found", anthroShape: false, accountId: null };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "copillm",
-  "version": "0.2.9",
+  "version": "0.3.0-beta.1",
   "description": "Local Copilot proxy CLI (OpenAI/Anthropic-compatible)",
   "license": "MIT",
   "type": "module",