copillm 0.2.9 → 0.3.0-beta.2

package/dist/cli/auth/runAuth.js

@@ -1,26 +1,132 @@
-import { clearStoredCredential, saveStoredCredential } from "../../auth/credentials.js";
+import { clearStoredCredential, loadStoredCredential, loadStoredCredentialForAccount, registerExistingCredentialAsDefault, saveStoredCredential } from "../../auth/credentials.js";
+import { readAccountsIndex, findAccount, assertValidAccountId, InvalidAccountIdError, UnknownAccountError } from "../../auth/accounts.js";
+import { addAccount, listAccountsDetailed, removeAccountAndCredential, removeAllAccounts, switchDefaultAccount } from "../../auth/accountManager.js";
 import { loginViaDeviceFlow } from "../../auth/deviceFlow.js";
+import { inspectGithubIdentity } from "../../auth/githubIdentity.js";
 import { loadConfig } from "../../config/config.js";
 import { inspectLock, releaseLock } from "../../server/lock.js";
 import { stopByPid } from "../daemon/lifecycle.js";
-import { describeBackend } from "../shared/backends.js";
+import { describeBackend, formatHumanAuthStatusLine } from "../shared/backends.js";
 import { writeCommandOutput } from "../shared/output.js";
+/**
+ * Derive a friendly, path-safe account id from the GitHub login behind a token.
+ * Returns null when the lookup fails or the login isn't a valid id.
+ */
+async function deriveAccountId(token) {
+    let identity;
+    try {
+        identity = await inspectGithubIdentity({ token });
+    }
+    catch {
+        return null;
+    }
+    const login = identity?.login;
+    if (!login) {
+        return null;
+    }
+    try {
+        assertValidAccountId(login);
+        return login;
+    }
+    catch {
+        return null;
+    }
+}
 export async function runAuthLogin(opts, options) {
     if (options.forceSession) {
         process.env.COPILLM_FORCE_SESSION_BACKEND = "1";
     }
     const config = loadConfig();
+    const accountType = opts.accountType ?? config.accountType;
+    const namedRequested = typeof opts.as === "string" && opts.as.trim().length > 0;
+    if (namedRequested) {
+        try {
+            assertValidAccountId(opts.as.trim());
+        }
+        catch (error) {
+            const message = error instanceof InvalidAccountIdError ? error.message : "invalid account id";
+            writeCommandOutput(opts, `Login failed: ${message}`, { status: "error", action: "login", error: message });
+            process.exitCode = 1;
+            return;
+        }
+    }
     const token = await loginViaDeviceFlow();
     const saveMode = options.forceSession ? "session" : "auto";
-    const backend = await saveStoredCredential(token, config.accountType, { mode: saveMode });
+    const index = readAccountsIndex();
+    // ---- Explicit name (`--as`) -------------------------------------------
+    if (namedRequested) {
+        const accountId = opts.as.trim();
+        // First time we materialize the index via an explicit name: preserve any
+        // pre-existing single account as the default so its token isn't clobbered.
+        if (!index) {
+            const existing = await loadStoredCredential();
+            if (existing) {
+                const existingId = (await deriveAccountId(existing.token)) ?? "default";
+                if (existingId !== accountId) {
+                    registerExistingCredentialAsDefault(existingId, existing.accountType);
+                }
+            }
+        }
+        const result = await addAccount({ id: accountId, accountType, token, mode: saveMode });
+        emitLoginResult(opts, result, false);
+        return;
+    }
+    // ---- No name: auto-manage by the token's GitHub login -----------------
+    // Deriving the login lets `copillm auth login` recognise when a *different*
+    // GitHub account is signing in and keep both, instead of silently
+    // overwriting the previous one. A same-account re-login refreshes in place.
+    const newLogin = await deriveAccountId(token);
+    if (index) {
+        // Add the new login as its own account (or refresh it if already known);
+        // when the login can't be determined, refresh the default account.
+        const targetId = newLogin ?? index.defaultAccount;
+        const wasKnown = findAccount(targetId) !== null;
+        const result = await addAccount({ id: targetId, accountType, token, mode: saveMode });
+        emitLoginResult(opts, result, !wasKnown && !result.isDefault);
+        return;
+    }
+    // No accounts index yet. If a *different* GitHub account is signing in, move
+    // to multi-account instead of overwriting the existing single credential.
+    if (newLogin) {
+        const existing = await loadStoredCredential();
+        if (existing) {
+            const existingLogin = await deriveAccountId(existing.token);
+            if (existingLogin !== newLogin) {
+                // Different (or undeterminable) account → preserve the prior login as
+                // the default and add the new one alongside it.
+                registerExistingCredentialAsDefault(existingLogin ?? "default", existing.accountType);
+                const result = await addAccount({ id: newLogin, accountType, token, mode: saveMode });
+                emitLoginResult(opts, result, !result.isDefault);
+                return;
+            }
+            // Same account → fall through to an in-place single-account refresh.
+        }
+    }
+    // Single-account login: no prior credential, the same account re-logging in,
+    // or an undeterminable login. Preserve the historical behaviour exactly —
+    // legacy storage, no accounts index created.
+    const backend = await saveStoredCredential(token, accountType, { mode: saveMode });
     writeCommandOutput(opts, `Login succeeded. Credentials stored via ${describeBackend(backend)}.`, {
         status: "ok",
         action: "login",
         credential_backend: backend
     });
 }
-export async function runAuthLogout(opts) {
-    const result = await clearStoredCredential();
+function emitLoginResult(opts, result, hintSwitch) {
+    const defaultSuffix = result.isDefault ? " (default)" : "";
+    const switchHint = hintSwitch
+        ? ` It is not the default — run \`copillm auth switch ${result.id}\` to make it so.`
+        : "";
+    writeCommandOutput(opts, `Login succeeded for account "${result.id}"${defaultSuffix}. Credentials stored via ${describeBackend(result.backend)}.${switchHint}`, {
+        status: "ok",
+        action: "login",
+        account: result.id,
+        account_type: result.accountType,
+        is_default: result.isDefault,
+        credential_backend: result.backend
+    });
+}
+async function stopRunningDaemon() {
     const lockState = inspectLock();
     if (lockState.state === "running") {
         await stopByPid(lockState.lock.pid);
@@ -28,11 +134,141 @@ export async function runAuthLogout(opts) {
     else if (lockState.state === "stale") {
         releaseLock();
     }
+}
+export async function runAuthLogout(opts) {
+    // Stopping the daemon is always part of logout — its in-memory bearers are
+    // derived from the credentials we're clearing.
+    if (opts.all) {
+        const result = await removeAllAccounts();
+        await stopRunningDaemon();
+        writeCommandOutput(opts, `Logged out of all accounts (${result.clearedCount} credential(s) cleared).`, {
+            status: "ok",
+            action: "logout",
+            scope: "all",
+            cleared_count: result.clearedCount,
+            removed_accounts: result.removedAccountIds
+        });
+        return;
+    }
+    const index = readAccountsIndex();
+    // Single-account install (no index) and no explicit target: preserve the
+    // historical single-account logout behaviour.
+    if (!index && !opts.account) {
+        const result = await clearStoredCredential();
+        await stopRunningDaemon();
+        const credentialStatus = result.removed ? "removed" : "not present";
+        writeCommandOutput(opts, `Logged out. Credentials ${credentialStatus} from ${describeBackend(result.backend)}.`, {
+            status: "ok",
+            action: "logout",
+            credential_backend: result.backend,
+            credential_removed: result.removed
+        });
+        return;
+    }
+    if (opts.account) {
+        try {
+            assertValidAccountId(opts.account);
+        }
+        catch (error) {
+            const message = error instanceof InvalidAccountIdError ? error.message : "invalid account id";
+            writeCommandOutput(opts, `Logout failed: ${message}`, { status: "error", action: "logout", error: message });
+            process.exitCode = 1;
+            return;
+        }
+    }
+    const targetId = opts.account ?? index.defaultAccount;
+    const result = await removeAccountAndCredential(targetId);
+    await stopRunningDaemon();
     const credentialStatus = result.removed ? "removed" : "not present";
-    writeCommandOutput(opts, `Logged out. Credentials ${credentialStatus} from ${describeBackend(result.backend)}.`, {
+    const tail = result.indexDeleted
+        ? " No accounts remain."
+        : result.newDefault
+            ? ` Default is now "${result.newDefault}".`
+            : "";
+    writeCommandOutput(opts, `Logged out of account "${result.id}". Credentials ${credentialStatus} from ${describeBackend(result.backend)}.${tail}`, {
         status: "ok",
         action: "logout",
+        account: result.id,
         credential_backend: result.backend,
-        credential_removed: result.removed
+        credential_removed: result.removed,
+        new_default: result.newDefault,
+        index_deleted: result.indexDeleted
     });
 }
+export async function runAuthSwitch(opts, accountId) {
+    try {
+        assertValidAccountId(accountId);
+        const index = switchDefaultAccount(accountId);
+        writeCommandOutput(opts, `Default account is now "${index.defaultAccount}".`, {
+            status: "ok",
+            action: "switch",
+            default_account: index.defaultAccount
+        });
+    }
+    catch (error) {
+        const message = error instanceof UnknownAccountError
+            ? `Unknown account "${accountId}". Run \`copillm auth status\` to list accounts.`
+            : error instanceof InvalidAccountIdError
+                ? error.message
+                : error instanceof Error
+                    ? error.message
+                    : "switch failed";
+        writeCommandOutput(opts, `Switch failed: ${message}`, { status: "error", action: "switch", error: message });
+        process.exitCode = 1;
+    }
+}
+/**
+ * Multi-account `auth status` listing (used when an accounts index exists).
+ * Returns whether any account has a stored credential so the caller can pick
+ * the process exit code. Never prints a token.
+ */
+export async function runAuthStatusList(opts) {
+    const wantUser = opts.user !== false;
+    const listing = await listAccountsDetailed();
+    const anyStored = listing.accounts.some((account) => account.stored);
+    const enriched = await Promise.all(listing.accounts.map(async (account) => {
+        let login = null;
+        let name = null;
+        if (wantUser && account.stored) {
+            try {
+                const credential = await loadStoredCredentialForAccount(account.id);
+                if (credential) {
+                    const identity = await inspectGithubIdentity({ token: credential.token });
+                    login = identity?.login ?? null;
+                    name = identity?.name ?? null;
+                }
+            }
+            catch {
+                login = null;
+                name = null;
+            }
+        }
+        return { ...account, login, name };
+    }));
+    if (opts.json) {
+        process.stdout.write(JSON.stringify({
+            status: anyStored ? "logged_in" : "logged_out",
+            default: listing.defaultAccount,
+            accounts: enriched.map((account) => ({
+                id: account.id,
+                account_type: account.accountType,
+                storage: account.storage,
+                default: account.isDefault,
+                stored: account.stored,
+                backend: account.backend,
+                user: account.login ? { login: account.login, name: account.name } : null
+            }))
+        }, null, 2) + "\n");
+        return { anyStored };
+    }
+    process.stdout.write(`copillm — ${enriched.length} account(s)\n`);
+    for (const account of enriched) {
+        const marker = account.isDefault ? "*" : " ";
+        const who = account.login ? ` @${account.login}` : "";
+        const state = account.stored
+            ? formatHumanAuthStatusLine(account.backend, account.login ? { login: account.login, name: account.name } : null)
+            : "no credential";
+        process.stdout.write(`${marker} ${account.id}  [${account.accountType}]${who}  — ${state}\n`);
+    }
+    return { anyStored };
+}

package/dist/cli/commands/agents/claude.js

@@ -5,7 +5,7 @@ import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
 import { launchAgent } from "../../launchAgent.js";
 import { buildClaudeExportCommand } from "../../integrations/claudeExport.js";
 import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("claude")
@@ -16,9 +16,29 @@ export function register(program) {
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
         const debug = resolveCopillmDebug(opts.copillmDebug);
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
         enableRuntimeDebug(debug);
         const lock = await ensureDaemonRunningForLauncher({ debug });
-        const claude = buildClaudeExportCommand(lock.port, null);
+        const claude = buildClaudeExportCommand(lock.port, null, {
+            pathPrefix: launchAccount?.pathPrefix,
+            cacheId: launchAccount?.cacheId
+        });
         const pinnedSpec = opts.copillmUse ?? process.env.COPILLM_CLAUDE_VERSION ?? undefined;
         const conflicts = detectClaudeSettingsConflicts(claude.bundle.env);
         for (const line of formatSettingsConflictWarning(conflicts)) {

package/dist/cli/commands/agents/codex.js

@@ -5,7 +5,7 @@ import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
 import { launchAgent } from "../../launchAgent.js";
 import { refreshCodexHome } from "../../integrations/refreshCodex.js";
 import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("codex")
@@ -16,9 +16,29 @@ export function register(program) {
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
         const debug = resolveCopillmDebug(opts.copillmDebug);
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
         enableRuntimeDebug(debug);
         const lock = await ensureDaemonRunningForLauncher({ debug });
-        const codex = await refreshCodexHome(lock.port, null);
+        const codex = await refreshCodexHome(lock.port, null, undefined, {
+            pathPrefix: launchAccount?.pathPrefix,
+            account: launchAccount?.account
+        });
         if (!codex) {
             throw new Error("Failed to prepare Codex home (see warning above).");
         }

package/dist/cli/commands/agents/copilot.js

@@ -2,7 +2,7 @@ import { applyAgentConfig, formatApplyNotes } from "../../../agentconfig/apply.j
 import { loadStoredCredential } from "../../../auth/credentials.js";
 import { processCopillmArgs } from "../../copillmFlags.js";
 import { launchAgent } from "../../launchAgent.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("copilot")
@@ -12,8 +12,29 @@ export function register(program) {
         .argument("[args...]", "Args forwarded to copilot")
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
-        const credential = await loadStoredCredential();
-        if (!credential) {
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
+        // Copilot CLI talks to GitHub directly with the account's OAuth token,
+        // so account selection picks which token to inject (not a URL prefix).
+        const githubToken = launchAccount
+            ? launchAccount.account.githubToken
+            : (await loadStoredCredential())?.token ?? null;
+        if (!githubToken) {
             process.stderr.write("copillm: no stored GitHub credential — run `copillm auth login` first.\n");
             process.exit(1);
             return;
@@ -34,7 +55,7 @@ export function register(program) {
         // short-circuits its device-flow login when copillm already has a token.
         const env = {
             ...applyResult.envOverlay,
-            COPILOT_GITHUB_TOKEN: credential.token
+            COPILOT_GITHUB_TOKEN: githubToken
         };
         const baseArgs = [...forwarded, ...applyResult.cliArgs];
         const args = applyYoloForLaunch({ agent: "copilot", flag: opts.yolo, applyResult, baseArgs });

package/dist/cli/commands/agents/pi.js

@@ -5,7 +5,7 @@ import { ensureDaemonRunningForLauncher } from "../../daemon/ensureRunning.js";
 import { launchAgent } from "../../launchAgent.js";
 import { refreshPiHome } from "../../integrations/refreshPi.js";
 import { enableRuntimeDebug, resolveCopillmDebug } from "../../shared/debug.js";
-import { applyYoloForLaunch } from "./shared.js";
+import { applyYoloForLaunch, formatLaunchAccountNotice, resolveLaunchAccount } from "./shared.js";
 export function register(program) {
     program
         .command("pi")
@@ -16,9 +16,29 @@ export function register(program) {
         .action(async (forwardedArgs) => {
         const { opts, forwarded } = processCopillmArgs(forwardedArgs ?? []);
         const debug = resolveCopillmDebug(opts.copillmDebug);
+        let launchAccount;
+        try {
+            launchAccount = await resolveLaunchAccount({
+                flag: opts.copillmAccount,
+                envValue: process.env.COPILLM_ACCOUNT,
+                cwd: process.cwd(),
+                profileOverride: opts.copillmProfile ?? process.env.COPILLM_PROFILE ?? null
+            });
+        }
+        catch (error) {
+            process.stderr.write(`copillm: ${error instanceof Error ? error.message : String(error)}\n`);
+            process.exit(1);
+            return;
+        }
+        if (launchAccount) {
+            process.stderr.write(`${formatLaunchAccountNotice(launchAccount)}\n`);
+        }
         enableRuntimeDebug(debug);
         const lock = await ensureDaemonRunningForLauncher({ debug });
-        const pi = await refreshPiHome(lock.port);
+        const pi = await refreshPiHome(lock.port, undefined, {
+            pathPrefix: launchAccount?.pathPrefix,
+            account: launchAccount?.account
+        });
         if (!pi) {
             throw new Error("Failed to prepare pi models.json (see warning above).");
         }

package/dist/cli/commands/agents/shared.js

@@ -1,4 +1,61 @@
 import { applyYolo, resolveYoloWithSource } from "../../../agents/registry.js";
+import { loadAgentConfig } from "../../../agentconfig/load.js";
+import { findAccount } from "../../../auth/accounts.js";
+import { assertValidAccountId } from "../../../config/accountId.js";
+import { loadStoredCredentialForAccount } from "../../../auth/credentials.js";
+/**
+ * Resolve which account a launch targets, applying precedence
+ * `--account` > `COPILLM_ACCOUNT` > the active profile's `account` > default.
+ * Returns null for the default account (no prefix — today's behaviour).
+ *
+ * Throws a user-facing Error when a requested account is malformed, not
+ * registered, or has no stored credential, so the launcher can fail fast
+ * before starting the daemon or the agent.
+ */
+export async function resolveLaunchAccount(input) {
+    let requested;
+    let source;
+    if (input.flag && input.flag.trim().length > 0) {
+        requested = input.flag.trim();
+        source = "flag";
+    }
+    else if (input.envValue && input.envValue.trim().length > 0) {
+        requested = input.envValue.trim();
+        source = "env";
+    }
+    else {
+        const config = loadAgentConfig({ cwd: input.cwd, profileOverride: input.profileOverride });
+        const pinned = config?.resolved.account ?? null;
+        if (pinned) {
+            requested = pinned;
+            source = "profile";
+        }
+    }
+    if (!requested) {
+        return null;
+    }
+    assertValidAccountId(requested);
+    const record = findAccount(requested);
+    if (!record) {
+        throw new Error(`Unknown account "${requested}". Run \`copillm auth status\` to list accounts.`);
+    }
+    const credential = await loadStoredCredentialForAccount(requested);
+    if (!credential) {
+        throw new Error(`No stored credential for account "${requested}". Run \`copillm auth login --as ${requested}\`.`);
+    }
+    const cacheId = record.storage === "legacy" ? undefined : requested;
+    return {
+        accountId: requested,
+        pathPrefix: `/${requested}`,
+        cacheId,
+        account: { accountType: credential.accountType, githubToken: credential.token, cacheId },
+        source: source
+    };
+}
+export function formatLaunchAccountNotice(resolved) {
+    const from = resolved.source === "flag" ? "--account" : resolved.source === "env" ? "COPILLM_ACCOUNT" : "profile";
+    return `copillm: using account "${resolved.accountId}" (from ${from})`;
+}
 /**
  * Shared yolo wiring for the four agent subcommands. Resolves precedence
  * (flag > env > profile > defaults > off), runs `applyYolo` with source

package/dist/cli/commands/auth.js

@@ -1,9 +1,17 @@
 import { inspectStoredCredential, loadStoredCredentialForStatus } from "../../auth/credentials.js";
+import { readAccountsIndex } from "../../auth/accounts.js";
 import { inspectGithubIdentity } from "../../auth/githubIdentity.js";
 import { ensureAuthenticatedInteractive } from "../auth/ensure.js";
-import { runAuthLogin, runAuthLogout } from "../auth/runAuth.js";
+import { runAuthLogin, runAuthLogout, runAuthStatusList, runAuthSwitch } from "../auth/runAuth.js";
 import { formatHumanAuthStatusLine } from "../shared/backends.js";
 import { emitDeprecation } from "../shared/deprecation.js";
+const ACCOUNT_TYPES = ["individual", "business", "enterprise"];
+function parseAccountType(value) {
+    if (ACCOUNT_TYPES.includes(value)) {
+        return value;
+    }
+    throw new Error(`Invalid --account-type "${value}". Expected one of: ${ACCOUNT_TYPES.join(", ")}.`);
+}
 // Re-export for callers (e.g. start command) that need the interactive prompt.
 export { ensureAuthenticatedInteractive };
 export function register(program) {
@@ -28,6 +36,8 @@ export function register(program) {
         .command("login")
         .description("Authenticate with GitHub")
         .option("--json", "JSON output")
+        .option("--as <account>", "Name this account (enables multiple accounts)")
+        .option("--account-type <type>", "Account plan type: individual | business | enterprise", parseAccountType)
         // Undocumented test seam: force the session-only backend regardless of
         // whether the OS keychain is available. Equivalent to setting
         // COPILLM_FORCE_SESSION_BACKEND=1 for the duration of this command.
@@ -39,9 +49,19 @@ export function register(program) {
         .command("logout")
         .description("Clear credentials and stop running daemon")
         .option("--json", "JSON output")
+        .option("--account <account>", "Log out a specific account (default: the default account)")
+        .option("--all", "Log out of every account")
         .action(async (opts) => {
         await runAuthLogout(opts);
     });
+    auth
+        .command("switch")
+        .argument("<account>", "Account id to make the default")
+        .description("Set the default account")
+        .option("--json", "JSON output")
+        .action(async (account, opts) => {
+        await runAuthSwitch(opts, account);
+    });
     auth
         .command("status")
         .description("Report whether a credential is stored (token is never printed)")
@@ -51,6 +71,12 @@ export function register(program) {
         // commander's --no-user toggles opts.user to false; when the flag is
         // omitted opts.user is undefined and we treat that as "fetch by default".
         const wantUserLookup = opts.user !== false;
+        // Multi-account installs (an accounts index exists) get the per-account
+        // listing. Single-account installs keep the exact original output below.
+        if (readAccountsIndex()) {
+            const { anyStored } = await runAuthStatusList(opts);
+            process.exit(anyStored ? 0 : 2);
+        }
         // Two paths to minimize keychain probes:
         //   - With user lookup (default): `loadStoredCredentialForStatus()`
         //     does ONE keychain read that yields backend + token. Pass the

package/dist/cli/copillmFlags.js

@@ -40,6 +40,14 @@ export const COPILLM_FLAGS = [
         kind: "swallow",
         description: "Override active profile for this launch"
     },
+    {
+        flag: "--copillm-account",
+        aliases: ["--account"],
+        takesValue: true,
+        dest: "copillmAccount",
+        kind: "swallow",
+        description: "Route this launch at a specific copillm account"
+    },
     {
         flag: "--copillm-no-config",
         aliases: ["--no-config"],

package/dist/cli/daemon/runDaemon.js

@@ -1,9 +1,11 @@
 import { randomUUID } from "node:crypto";
 import { loadStoredCredential } from "../../auth/credentials.js";
+import { readAccountsIndex } from "../../auth/accounts.js";
 import { CopilotTokenManager } from "../../auth/copilotToken.js";
 import { loadConfig } from "../../config/config.js";
 import { acquireLock, LockAlreadyRunningError, releaseLock } from "../../server/lock.js";
 import { startProxyServer } from "../../server/proxy.js";
+import { DaemonAccountResolver } from "../../server/accountResolver.js";
 import { installProcessSafetyNet } from "../processSafetyNet.js";
 import { getRootLogger } from "../shared/debug.js";
 import { withTimeout } from "./lifecycle.js";
@@ -30,6 +32,22 @@ export async function runDaemon(options) {
     }
     const tokenManager = new CopilotTokenManager(creds.token);
     await tokenManager.ensureToken(false);
+    // Build the default account's resolved identity. With no accounts index this
+    // is the legacy single account (accountId null, legacy model cache). With an
+    // index, it reflects the configured default account's id, plan type, and
+    // storage scheme — so model discovery and the cache key stay correct.
+    const accountsIndex = readAccountsIndex();
+    const defaultRecord = accountsIndex
+        ? accountsIndex.accounts.find((account) => account.id === accountsIndex.defaultAccount) ?? null
+        : null;
+    const defaultAccount = {
+        accountId: defaultRecord?.id ?? null,
+        githubToken: creds.token,
+        tokenManager,
+        accountType: defaultRecord?.accountType ?? config.accountType,
+        cacheId: defaultRecord && defaultRecord.storage === "namespaced" ? defaultRecord.id : undefined
+    };
+    const accountResolver = new DaemonAccountResolver({ default: defaultAccount });
     const callerSecret = config.requireCallerSecret ? randomUUID() : null;
     if (callerSecret) {
         process.stdout.write(`Caller secret: ${callerSecret}\n`);
@@ -53,6 +71,7 @@ export async function runDaemon(options) {
                 port,
                 config,
                 tokenManager,
+                accountResolver,
                 callerSecret,
                 logger,
                 debug: Boolean(options?.debug),
@@ -70,7 +89,7 @@ export async function runDaemon(options) {
         }
     }
     if (!server || selectedPort === null) {
-        tokenManager.clear();
+        accountResolver.clearAll();
         throw new Error(`No available port in configured range (${ports[0]}-${ports[ports.length - 1]}).`);
     }
     installProcessSafetyNet(logger);
@@ -87,7 +106,7 @@ export async function runDaemon(options) {
             logger.warn({ err: error }, "graceful shutdown timed out");
         }
         finally {
-            tokenManager.clear();
+            accountResolver.clearAll();
             releaseLock();
             process.exit(0);
         }