copillm 0.2.9 → 0.3.0-beta.2

package/dist/cli/integrations/claudeExport.js

@@ -1,14 +1,16 @@
 import { buildClaudeEnvBundle } from "../agentEnv.js";
 import { buildClaudeExportCommand as buildClaudeExport, computeAnthropicDefaults, readModelIdsFromCache } from "../../models/anthropicDefaults.js";
-export function buildClaudeExportCommand(port, callerSecret) {
-    const modelIds = readModelIdsFromCache();
+export function buildClaudeExportCommand(port, callerSecret, opts) {
+    const pathPrefix = opts?.pathPrefix ?? "";
+    const modelIds = readModelIdsFromCache(opts?.cacheId);
     const defaults = computeAnthropicDefaults(modelIds);
     const command = buildClaudeExport({
         port,
         callerSecret,
         defaults,
-        enableGatewayDiscovery: true
+        enableGatewayDiscovery: true,
+        pathPrefix
     });
-    const bundle = buildClaudeEnvBundle({ port, callerSecret, defaults, enableGatewayDiscovery: true });
+    const bundle = buildClaudeEnvBundle({ port, callerSecret, defaults, enableGatewayDiscovery: true, pathPrefix });
     return { command, defaults, bundle };
 }

package/dist/cli/integrations/refreshCodex.js

@@ -1,6 +1,6 @@
 import { getCopillmHome } from "../../config/home.js";
 import { defaultOutputDir, generateCodexHome } from "../../integrations/codex/init.js";
-export async function refreshCodexHome(port, model, precomputed) {
+export async function refreshCodexHome(port, model, precomputed, opts) {
     try {
         const home = getCopillmHome();
         return await generateCodexHome({
@@ -9,7 +9,9 @@ export async function refreshCodexHome(port, model, precomputed) {
             port,
             providerId: "copillm",
             reasoningEffort: null,
-            precomputed
+            precomputed,
+            pathPrefix: opts?.pathPrefix,
+            account: opts?.account
         });
     }
     catch (error) {

package/dist/cli/integrations/refreshPi.js

@@ -1,13 +1,15 @@
 import { getCopillmHome } from "../../config/home.js";
 import { defaultOutputDir as defaultPiOutputDir, generatePiHome } from "../../integrations/pi/init.js";
-export async function refreshPiHome(port, precomputed) {
+export async function refreshPiHome(port, precomputed, opts) {
     try {
         const home = getCopillmHome();
         return await generatePiHome({
             outDir: defaultPiOutputDir(home),
             port,
             providerId: "copillm",
-            precomputed
+            precomputed,
+            pathPrefix: opts?.pathPrefix,
+            account: opts?.account
         });
     }
     catch (error) {

package/dist/cli/packageInfo.js

@@ -1,7 +1,7 @@
 import { createRequire } from "node:module";
 const FALLBACK_PACKAGE_INFO = {
     name: "copillm",
-    version: "0.2.9"
+    version: "0.3.0-beta.2"
 };
 export function getPackageInfo() {
     const envName = cleanPackageValue(process.env.COPILLM_PACKAGE_NAME);

package/dist/config/accountId.js

@@ -0,0 +1,44 @@
+/**
+ * Account-id validation, shared by the `auth` layer (which writes the accounts
+ * index) and the `models` layer (which embeds the id in a per-account model
+ * cache filename). Lives in `config` so both layers can import it without
+ * crossing a forbidden import boundary.
+ *
+ * An account id is embedded in filenames (`credentials.<id>.json`,
+ * `models.cache.<id>.json`) and in a keychain account string, so it must be a
+ * safe single path segment. GitHub logins are `[A-Za-z0-9-]`; copillm also
+ * permits `.` and `_` for synthetic ids.
+ */
+export const ACCOUNT_ID_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._-]*$/;
+export const MAX_ACCOUNT_ID_LENGTH = 64;
+export class InvalidAccountIdError extends Error {
+    accountId;
+    constructor(accountId, reason) {
+        super(`Invalid account id "${accountId}": ${reason}`);
+        this.accountId = accountId;
+        this.name = "InvalidAccountIdError";
+    }
+}
+/**
+ * Validate an account id before it is used in a filename or keychain key.
+ * Throws `InvalidAccountIdError` on anything that isn't a safe path segment.
+ */
+export function assertValidAccountId(accountId) {
+    if (accountId.length === 0) {
+        throw new InvalidAccountIdError(accountId, "id must not be empty.");
+    }
+    if (accountId.length > MAX_ACCOUNT_ID_LENGTH) {
+        throw new InvalidAccountIdError(accountId, `id must be at most ${MAX_ACCOUNT_ID_LENGTH} characters.`);
+    }
+    if (!ACCOUNT_ID_PATTERN.test(accountId)) {
+        throw new InvalidAccountIdError(accountId, "id may only contain letters, digits, '.', '_' and '-', and must start with a letter or digit.");
+    }
+}
+/**
+ * Non-throwing variant for hot paths (e.g. parsing an optional account prefix
+ * out of a request URL) where an invalid id should just mean "not an account
+ * prefix" rather than an error.
+ */
+export function isValidAccountId(accountId) {
+    return accountId.length > 0 && accountId.length <= MAX_ACCOUNT_ID_LENGTH && ACCOUNT_ID_PATTERN.test(accountId);
+}

package/dist/config/home.js

@@ -20,6 +20,29 @@ export function credentialsPath() {
 export function credentialsReadPath() {
     return resolveReadablePath("credentials.json");
 }
+/**
+ * Path to the multi-account index (`accounts.json`). Metadata only — never
+ * holds a token. Absent on single-account installs, which keep using the
+ * legacy `credentials.json` / keychain entry as the implicit default account.
+ */
+export function accountsIndexPath() {
+    return path.join(getCopillmHome(), "accounts.json");
+}
+export function accountsIndexReadPath() {
+    return resolveReadablePath("accounts.json");
+}
+/**
+ * Plaintext-fallback credential file for a *named* (non-default) account. The
+ * default account keeps the legacy `credentials.json` path for backward
+ * compatibility; additional accounts are namespaced by id so their tokens
+ * never collide with — or overwrite — the pre-existing default.
+ */
+export function accountCredentialsPath(accountId) {
+    return path.join(getCopillmHome(), `credentials.${accountId}.json`);
+}
+export function accountCredentialsReadPath(accountId) {
+    return resolveReadablePath(`credentials.${accountId}.json`);
+}
 export function lockPath() {
     return path.join(getCopillmHome(), "copillm.pid");
 }
@@ -32,6 +55,18 @@ export function modelsCachePath() {
 export function modelsCacheReadPath() {
     return resolveReadablePath("models.cache.json");
 }
+/**
+ * Per-account model-discovery cache. Different accounts can be entitled to
+ * different model catalogs, so each named account caches into its own
+ * `models.cache.<id>.json`. The primary/legacy account keeps the shared
+ * `models.cache.json` (above), so single-account installs are unaffected.
+ */
+export function accountModelsCachePath(accountId) {
+    return path.join(getCopillmHome(), `models.cache.${accountId}.json`);
+}
+export function accountModelsCacheReadPath(accountId) {
+    return resolveReadablePath(`models.cache.${accountId}.json`);
+}
 export function debugLogPath() {
     return path.join(getCopillmHome(), "debug.log");
 }

package/dist/integrations/codex/init.js

@@ -7,13 +7,14 @@ import { ensureSecureDirectory, writeFileSecureAtomic } from "../../config/fsSec
 import { buildCodexCatalog } from "../../server/codexSchema.js";
 import { inspectLock } from "../../server/lock.js";
 export async function generateCodexHome(options) {
-    const { discovery } = await resolveStartContext(options.precomputed);
+    const { discovery } = await resolveStartContext(options.precomputed, options.account);
     const catalog = buildCodexCatalog(discovery.models);
     if (catalog.models.length === 0) {
         throw new Error("No Codex-eligible models found in the live catalog.");
     }
     const port = options.port;
-    const proxyUrl = `http://127.0.0.1:${port}/codex/v1`;
+    const prefix = options.pathPrefix ?? "";
+    const proxyUrl = `http://127.0.0.1:${port}${prefix}/codex/v1`;
     const baseUrl = proxyUrl;
     const defaultModel = options.model ?? pickDefaultModel(catalog.models.map((model) => model.slug));
     if (!catalog.models.some((model) => model.slug === defaultModel)) {
@@ -47,11 +48,19 @@ export async function generateCodexHome(options) {
  * Exported so `generatePiHome` (and any future agent init) can use the
  * same loader and the same "if precomputed, reuse it" contract.
  */
-export async function resolveStartContext(precomputed) {
+export async function resolveStartContext(precomputed, account) {
     if (precomputed) {
         return precomputed;
     }
     const config = loadConfig();
+    if (account) {
+        const discovery = await listModelsUnion(account.accountType, account.githubToken, 3, undefined, account.cacheId);
+        return {
+            config,
+            creds: { token: account.githubToken, accountType: account.accountType, source: "session" },
+            discovery
+        };
+    }
     const creds = await loadStoredCredential();
     if (!creds) {
         throw new Error("Not authenticated. Run `copillm login` first.");

package/dist/integrations/pi/init.js

@@ -4,7 +4,7 @@ import { ensureSecureDirectory, writeFileSecureAtomic } from "../../config/fsSec
 import { piAgentDir } from "../../config/home.js";
 import { resolveStartContext } from "../codex/init.js";
 export async function generatePiHome(options) {
-    const { discovery } = await resolveStartContext(options.precomputed);
+    const { discovery } = await resolveStartContext(options.precomputed, options.account);
     const eligible = discovery.models.filter(isPickerEligible);
     // Split the catalog by which upstream endpoint each model supports. Models
     // that advertise `/chat/completions` flow through copillm's Anthropic surface
@@ -20,9 +20,10 @@ export async function generatePiHome(options) {
     if (anthropicEligible.length === 0 && responsesEligible.length === 0) {
         throw new Error("No models discovered for pi config.");
     }
-    const proxyUrl = `http://127.0.0.1:${options.port}/anthropic`;
+    const prefix = options.pathPrefix ?? "";
+    const proxyUrl = `http://127.0.0.1:${options.port}${prefix}/anthropic`;
     // OpenAI SDK posts to `<baseUrl>/responses`, so the baseUrl must include `/v1`.
-    const responsesProxyUrl = `http://127.0.0.1:${options.port}/codex/v1`;
+    const responsesProxyUrl = `http://127.0.0.1:${options.port}${prefix}/codex/v1`;
     const providerId = options.providerId.trim().length > 0 ? options.providerId : "copillm";
     const responsesProviderId = `${providerId}-responses`;
     const providers = {};

package/dist/models/anthropicDefaults.js

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import { z } from "zod";
-import { modelsCacheReadPath } from "../config/home.js";
+import { accountModelsCacheReadPath, modelsCacheReadPath } from "../config/home.js";
+import { assertValidAccountId } from "../config/accountId.js";
 export const ANTHROPIC_FAMILIES = ["opus", "sonnet", "haiku"];
 const SUFFIX_BLOCKLIST = [
     "-high",
@@ -32,8 +33,15 @@ export function computeAnthropicDefaults(modelIds) {
         haiku: pickPlainLatest(byFamily.haiku)
     };
 }
-export function readModelIdsFromCache() {
-    const file = modelsCacheReadPath();
+export function readModelIdsFromCache(accountId) {
+    let file;
+    if (accountId === undefined) {
+        file = modelsCacheReadPath();
+    }
+    else {
+        assertValidAccountId(accountId);
+        file = accountModelsCacheReadPath(accountId);
+    }
     if (!fs.existsSync(file)) {
         return [];
     }
@@ -51,8 +59,9 @@ export function readModelIdsFromCache() {
 }
 export function buildClaudeExportCommand(input) {
     const token = input.callerSecret ?? "copillm-local";
+    const prefix = input.pathPrefix ?? "";
     const parts = [
-        `ANTHROPIC_BASE_URL=http://127.0.0.1:${input.port}/anthropic`,
+        `ANTHROPIC_BASE_URL=http://127.0.0.1:${input.port}${prefix}/anthropic`,
         `ANTHROPIC_AUTH_TOKEN=${token}`
     ];
     if (input.defaults.opus) {

package/dist/models/discovery.js

@@ -1,7 +1,8 @@
 import fs from "node:fs";
 import { setTimeout as defaultSleep } from "node:timers/promises";
 import { z } from "zod";
-import { modelsCachePath, modelsCacheReadPath } from "../config/home.js";
+import { accountModelsCachePath, accountModelsCacheReadPath, modelsCachePath, modelsCacheReadPath } from "../config/home.js";
+import { assertValidAccountId } from "../config/accountId.js";
 import { writeFileSecureAtomic } from "../config/fsSecurity.js";
 import { copilotBaseUrl } from "../config/upstream.js";
 const ModelSchema = z
@@ -50,7 +51,7 @@ const RETRYABLE_DISCOVERY_STATUSES = new Set([408, 409, 425, 429, 500, 502, 503,
 export function accountBaseUrl(accountType) {
     return copilotBaseUrl(accountType);
 }
-export async function listModels(accountType, bearerToken, deps) {
+export async function listModels(accountType, bearerToken, deps, accountId) {
     const fetchImpl = deps?.fetchImpl ?? ((input, init) => fetch(input, init));
     const timeoutMs = deps?.timeoutMs ?? DEFAULT_FETCH_TIMEOUT_MS;
     try {
@@ -72,7 +73,7 @@ export async function listModels(accountType, bearerToken, deps) {
         if (!parsed.success) {
             throw new ModelDiscoverySchemaError("Model discovery response is invalid.");
         }
-        saveModelCache(accountType, parsed.data);
+        saveModelCache(accountType, parsed.data, accountId);
         return {
             models: parsed.data,
             source: "live",
@@ -85,7 +86,7 @@ export async function listModels(accountType, bearerToken, deps) {
         if (!canUseCacheFallback(error)) {
             throw error;
         }
-        const cached = readModelCache(accountType);
+        const cached = readModelCache(accountType, accountId);
         if (!cached) {
             const detail = error instanceof Error ? error.message : "unknown error";
             throw new Error(`Model discovery failed and no cache snapshot is available: ${detail}`);
@@ -119,7 +120,7 @@ export async function listModels(accountType, bearerToken, deps) {
  * specify. Each attempt's own retry budget lives inside `listModels`'s
  * cache-fallback path; this loop runs once per upstream call.
  */
-export async function listModelsUnion(accountType, bearerToken, attempts = 3, deps) {
+export async function listModelsUnion(accountType, bearerToken, attempts = 3, deps, accountId) {
     const sleepImpl = deps?.sleepImpl ?? ((ms) => defaultSleep(ms));
     const seen = new Map();
     let lastResult = null;
@@ -127,7 +128,7 @@ export async function listModelsUnion(accountType, bearerToken, attempts = 3, de
     let consecutiveFailures = 0;
     for (let i = 0; i < attempts; i += 1) {
         try {
-            const result = await listModels(accountType, bearerToken, deps);
+            const result = await listModels(accountType, bearerToken, deps, accountId);
             lastResult = result;
             consecutiveFailures = 0;
             for (const model of result.models) {
@@ -274,17 +275,38 @@ function canUseCacheFallback(error) {
     return true;
 }
 const CACHE_FALLBACK_STATUSES = new Set([401, 403, 408, 409, 425, 429]);
-function saveModelCache(accountType, models) {
+/**
+ * Resolve the model-cache file for an account. `undefined` → the shared
+ * `models.cache.json` used by the primary/legacy account and single-account
+ * installs; a string → the per-account `models.cache.<id>.json`. The caller
+ * (the daemon) decides which based on the account's storage scheme, so a
+ * default-account switch never makes two accounts share a catalog file.
+ */
+function modelsCacheWriteFile(accountId) {
+    if (accountId === undefined) {
+        return modelsCachePath();
+    }
+    assertValidAccountId(accountId);
+    return accountModelsCachePath(accountId);
+}
+function modelsCacheReadFile(accountId) {
+    if (accountId === undefined) {
+        return modelsCacheReadPath();
+    }
+    assertValidAccountId(accountId);
+    return accountModelsCacheReadPath(accountId);
+}
+function saveModelCache(accountType, models, accountId) {
     const payload = {
         version: 1,
         accountType,
         savedAtIso: new Date().toISOString(),
         models
     };
-    writeFileSecureAtomic(modelsCachePath(), JSON.stringify(payload, null, 2), 0o600);
+    writeFileSecureAtomic(modelsCacheWriteFile(accountId), JSON.stringify(payload, null, 2), 0o600);
 }
-function readModelCache(accountType) {
-    const filePath = modelsCacheReadPath();
+function readModelCache(accountType, accountId) {
+    const filePath = modelsCacheReadFile(accountId);
     if (!fs.existsSync(filePath)) {
         return null;
     }

package/dist/server/accountResolver.js

@@ -0,0 +1,85 @@
+import { CopilotTokenManager } from "../auth/copilotToken.js";
+import { loadStoredCredentialForAccount } from "../auth/credentials.js";
+import { findAccount } from "../auth/accounts.js";
+/**
+ * A resolver that knows only the default account. Used to preserve the exact
+ * single-account behaviour when the proxy is started without a multi-account
+ * resolver (e.g. test harnesses). A prefixed request for any other account
+ * resolves to `null` → the proxy returns `account_not_found`.
+ */
+export function singleAccountResolver(input) {
+    const def = {
+        accountId: input.accountId ?? null,
+        githubToken: input.githubToken,
+        tokenManager: input.tokenManager,
+        accountType: input.accountType,
+        cacheId: input.cacheId
+    };
+    return {
+        default: def,
+        async resolveById(accountId) {
+            if (def.accountId !== null && accountId === def.accountId) {
+                return def;
+            }
+            return null;
+        },
+        describe() {
+            return { defaultAccountId: def.accountId, activeAccountIds: [] };
+        },
+        clearAll() {
+            def.tokenManager.clear();
+        }
+    };
+}
+/**
+ * The production resolver. Wraps the eagerly-built default account and lazily
+ * builds a bearer manager per named account the first time a request for it
+ * arrives. Bearer managers are cached for the daemon's lifetime so repeated
+ * requests reuse the same (refresh-coalescing) manager.
+ */
+export class DaemonAccountResolver {
+    default;
+    cache = new Map();
+    createTokenManager;
+    constructor(input) {
+        this.default = input.default;
+        this.createTokenManager = input.createTokenManager ?? ((githubToken) => new CopilotTokenManager(githubToken));
+    }
+    async resolveById(accountId) {
+        if (this.default.accountId !== null && accountId === this.default.accountId) {
+            return this.default;
+        }
+        const cached = this.cache.get(accountId);
+        if (cached) {
+            return cached;
+        }
+        const credential = await loadStoredCredentialForAccount(accountId);
+        if (!credential) {
+            return null;
+        }
+        const record = findAccount(accountId);
+        // The cache file follows the account's storage scheme, mirroring the
+        // credential store: a legacy-storage account shares `models.cache.json`,
+        // a namespaced account gets its own `models.cache.<id>.json`.
+        const cacheId = record && record.storage === "legacy" ? undefined : accountId;
+        const resolved = {
+            accountId,
+            githubToken: credential.token,
+            tokenManager: this.createTokenManager(credential.token),
+            accountType: credential.accountType,
+            cacheId
+        };
+        this.cache.set(accountId, resolved);
+        return resolved;
+    }
+    describe() {
+        return { defaultAccountId: this.default.accountId, activeAccountIds: [...this.cache.keys()] };
+    }
+    clearAll() {
+        this.default.tokenManager.clear();
+        for (const resolved of this.cache.values()) {
+            resolved.tokenManager.clear();
+        }
+        this.cache.clear();
+    }
+}

package/dist/server/proxy.js

@@ -1,5 +1,6 @@
 import { createServer } from "node:http";
 import { randomUUID } from "node:crypto";
+import { singleAccountResolver } from "./accountResolver.js";
 import { attachRequestLifecycle, isBenignSocketError, safeEnd, safeSendJson } from "./requestLifecycle.js";
 import { InvalidRequestShapeError, JsonRequestParseError } from "./errors.js";
 import { ProtocolTranslationError } from "../translation/openaiAnthropic.js";
@@ -10,6 +11,22 @@ import { handleProxyForward } from "./routes/proxyForward.js";
 import { isLocalRequest, resolveRoute, safePathname } from "./routes/shared.js";
 export async function startProxyServer(input) {
     const debugEnabled = input.debug === true;
+    const resolver = input.accountResolver ??
+        singleAccountResolver({
+            tokenManager: input.tokenManager,
+            githubToken: input.githubToken ?? "",
+            accountType: input.config.accountType
+        });
+    // Resolve the account a request targets. Returns the default account for an
+    // unprefixed request; for an `/<account>` prefix, looks up the named account
+    // and answers 404 `account_not_found` when no credential is stored for it.
+    const resolveAccountForRoute = async (route) => {
+        if (route.accountId === null) {
+            return resolver.default;
+        }
+        const account = await resolver.resolveById(route.accountId);
+        return account;
+    };
     const server = createServer(async (req, res) => {
         const requestId = randomUUID();
         const startedAt = Date.now();
@@ -43,13 +60,21 @@ export async function startProxyServer(input) {
                     handleLivez(res);
                     return;
                 case "healthz":
-                    await handleHealthz(res, input.tokenManager);
+                    await handleHealthz(res, resolver.default.tokenManager);
                     return;
                 case "models":
+                    await handleModels(res, route.kind, resolver.default);
+                    return;
                 case "codex_models":
-                case "anthropic_models":
-                    await handleModels(res, route.kind, input.config, input.tokenManager, input.githubToken);
+                case "anthropic_models": {
+                    const account = await resolveAccountForRoute(route);
+                    if (!account) {
+                        safeSendJson(res, 404, { error: "account_not_found", detail: `No stored credential for account "${route.accountId}".` });
+                        return;
+                    }
+                    await handleModels(res, route.kind, account);
                     return;
+                }
                 case "debug":
                     if (!debugEnabled) {
                         safeSendJson(res, 404, { error: "not_found" });
@@ -58,9 +83,10 @@ export async function startProxyServer(input) {
                     await handleDebug(res, {
                         config: input.config,
                         logger: input.logger,
-                        tokenManager: input.tokenManager,
-                        githubToken: input.githubToken,
-                        port: input.port
+                        tokenManager: resolver.default.tokenManager,
+                        githubToken: resolver.default.githubToken,
+                        port: input.port,
+                        accounts: resolver.describe()
                     });
                     return;
                 case "not_found":
@@ -68,18 +94,24 @@ export async function startProxyServer(input) {
                     return;
                 case "openai":
                 case "anthropic":
-                case "codex_responses":
+                case "codex_responses": {
+                    const account = await resolveAccountForRoute(route);
+                    if (!account) {
+                        safeSendJson(res, 404, { error: "account_not_found", detail: `No stored credential for account "${route.accountId}".` });
+                        return;
+                    }
                     await handleProxyForward({
                         req,
                         res,
                         route,
                         config: input.config,
-                        tokenManager: input.tokenManager,
+                        account,
                         logger: input.logger,
                         requestId,
                         signal: lifecycle.signal
                     });
                     return;
+                }
             }
         }
         catch (error) {

package/dist/server/routes/debug.js

@@ -48,6 +48,13 @@ export async function handleDebug(res, input) {
             bearer_present: input.tokenManager.current !== null,
             bearer_expires_at_unix: input.tokenManager.current?.expiresAtUnix ?? null
         },
+        accounts: {
+            // Token is never included. Reports the default account id (null for a
+            // single-account install) and the named accounts that have served at
+            // least one request this daemon lifetime.
+            default: input.accounts?.defaultAccountId ?? null,
+            active: input.accounts?.activeAccountIds ?? []
+        },
         user,
         user_error: userError,
         routes: [

package/dist/server/routes/models.js

@@ -4,16 +4,16 @@ import { buildCodexCatalog } from "../codexSchema.js";
 import { buildAnthropicModelsResponse } from "../anthropicModelsResponse.js";
 import { tokenErrorToHttpResponse } from "../errors.js";
 import { safeSendJson } from "../requestLifecycle.js";
-export async function handleModels(res, routeKind, config, tokenManager, githubToken) {
+export async function handleModels(res, routeKind, account) {
     try {
-        await tokenManager.ensureToken(false);
-        if (!githubToken) {
+        await account.tokenManager.ensureToken(false);
+        if (!account.githubToken) {
             safeSendJson(res, 503, { error: "github_token_unavailable" });
             return;
         }
         const result = routeKind === "codex_models" || routeKind === "anthropic_models"
-            ? await listModelsUnion(config.accountType, githubToken, 3)
-            : await listModels(config.accountType, githubToken);
+            ? await listModelsUnion(account.accountType, account.githubToken, 3, undefined, account.cacheId)
+            : await listModels(account.accountType, account.githubToken, undefined, account.cacheId);
         if (routeKind === "codex_models") {
             safeSendJson(res, 200, buildCodexCatalog(result.models));
             return;

package/dist/server/routes/proxyForward.js

@@ -22,7 +22,7 @@ function translateRequestBody(routeKind, body) {
     }
 }
 export async function handleProxyForward(input) {
-    const { req, res, route, config, tokenManager, logger, requestId, signal } = input;
+    const { req, res, route, config, account, logger, requestId, signal } = input;
     const requestBody = await readJson(req);
     const translatedBody = translateRequestBody(route.kind, requestBody);
     const requestedModel = readRequestedModel(translatedBody);
@@ -70,8 +70,8 @@ export async function handleProxyForward(input) {
     }, "prepared upstream request");
     try {
         const upstream = await postToCopilot({
-            tokenManager,
-            accountType: config.accountType,
+            tokenManager: account.tokenManager,
+            accountType: account.accountType,
             body: upstreamBody,
             requestId,
             logger,