npm - opencode-anthropic-multi-account - Versions diffs - 0.1.0 - Mend

opencode-anthropic-multi-account 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,2811 @@
+// src/index.ts
+import { AnthropicAuthPlugin as AnthropicAuthPlugin2 } from "opencode-anthropic-auth";
+import { tool } from "@opencode-ai/plugin";
+// ../multi-account-core/src/account-manager.ts
+import { randomUUID } from "node:crypto";
+// ../multi-account-core/src/claims.ts
+import { promises as fs2 } from "node:fs";
+import { randomBytes as randomBytes2 } from "node:crypto";
+import { dirname as dirname2, join as join3 } from "node:path";
+// ../multi-account-core/src/utils.ts
+import { join as join2 } from "node:path";
+import { homedir as homedir2 } from "node:os";
+// ../multi-account-core/src/config.ts
+import { promises as fs } from "node:fs";
+import { randomBytes } from "node:crypto";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+import * as v2 from "valibot";
+// ../multi-account-core/src/types.ts
+import * as v from "valibot";
+var OAuthCredentialsSchema = v.object({
+  type: v.literal("oauth"),
+  refresh: v.string(),
+  access: v.string(),
+  expires: v.number()
+});
+var UsageLimitEntrySchema = v.object({
+  utilization: v.number(),
+  resets_at: v.nullable(v.string())
+});
+var UsageLimitsSchema = v.object({
+  five_hour: v.optional(v.nullable(UsageLimitEntrySchema), null),
+  seven_day: v.optional(v.nullable(UsageLimitEntrySchema), null),
+  seven_day_sonnet: v.optional(v.nullable(UsageLimitEntrySchema), null)
+});
+var CredentialRefreshPatchSchema = v.object({
+  accessToken: v.string(),
+  expiresAt: v.number(),
+  refreshToken: v.optional(v.string()),
+  uuid: v.optional(v.string()),
+  accountId: v.optional(v.string()),
+  email: v.optional(v.string())
+});
+var StoredAccountSchema = v.object({
+  uuid: v.optional(v.string()),
+  accountId: v.optional(v.string()),
+  label: v.optional(v.string()),
+  email: v.optional(v.string()),
+  planTier: v.optional(v.string(), ""),
+  refreshToken: v.string(),
+  accessToken: v.optional(v.string()),
+  expiresAt: v.optional(v.number()),
+  addedAt: v.number(),
+  lastUsed: v.number(),
+  enabled: v.optional(v.boolean(), true),
+  rateLimitResetAt: v.optional(v.number()),
+  cachedUsage: v.optional(UsageLimitsSchema),
+  cachedUsageAt: v.optional(v.number()),
+  consecutiveAuthFailures: v.optional(v.number(), 0),
+  isAuthDisabled: v.optional(v.boolean(), false),
+  authDisabledReason: v.optional(v.string())
+});
+var AccountStorageSchema = v.object({
+  version: v.literal(1),
+  accounts: v.optional(v.array(StoredAccountSchema), []),
+  activeAccountUuid: v.optional(v.string())
+});
+var AccountSelectionStrategySchema = v.picklist(["sticky", "round-robin", "hybrid"]);
+var PluginConfigSchema = v.object({
+  account_selection_strategy: v.optional(AccountSelectionStrategySchema, "sticky"),
+  cross_process_claims: v.optional(v.boolean(), true),
+  soft_quota_threshold_percent: v.optional(v.pipe(v.number(), v.minValue(0), v.maxValue(100)), 100),
+  rate_limit_min_backoff_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 3e4),
+  default_retry_after_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 6e4),
+  max_consecutive_auth_failures: v.optional(v.pipe(v.number(), v.integer(), v.minValue(1)), 3),
+  token_failure_backoff_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 3e4),
+  proactive_refresh: v.optional(v.boolean(), true),
+  proactive_refresh_buffer_seconds: v.optional(v.pipe(v.number(), v.minValue(60)), 1800),
+  proactive_refresh_interval_seconds: v.optional(v.pipe(v.number(), v.minValue(30)), 300),
+  quiet_mode: v.optional(v.boolean(), false),
+  debug: v.optional(v.boolean(), false)
+});
+// ../multi-account-core/src/config.ts
+var DEFAULT_CONFIG_FILENAME = "multiauth-config.json";
+var DEFAULT_CONFIG = v2.parse(PluginConfigSchema, {});
+var configFilename = DEFAULT_CONFIG_FILENAME;
+var cachedConfig = null;
+var externalConfigGetter = null;
+function getConfigDir() {
+  return process.env.OPENCODE_CONFIG_DIR || join(process.env.XDG_CONFIG_HOME || join(homedir(), ".config"), "opencode");
+}
+function getConfigPath() {
+  return join(getConfigDir(), configFilename);
+}
+function parseConfig(raw) {
+  const result = v2.safeParse(PluginConfigSchema, raw);
+  return result.success ? result.output : DEFAULT_CONFIG;
+}
+function initCoreConfig(filename) {
+  configFilename = filename || DEFAULT_CONFIG_FILENAME;
+  cachedConfig = null;
+}
+async function loadConfig() {
+  if (cachedConfig) return cachedConfig;
+  const path = getConfigPath();
+  try {
+    const content = await fs.readFile(path, "utf-8");
+    cachedConfig = parseConfig(JSON.parse(content));
+  } catch {
+    cachedConfig = DEFAULT_CONFIG;
+  }
+  return cachedConfig;
+}
+function getConfig() {
+  if (cachedConfig) return cachedConfig;
+  if (externalConfigGetter && externalConfigGetter !== getConfig) {
+    try {
+      return parseConfig(externalConfigGetter());
+    } catch {
+      return DEFAULT_CONFIG;
+    }
+  }
+  return DEFAULT_CONFIG;
+}
+function setConfigGetter(getter) {
+  if (getter === getConfig) {
+    return;
+  }
+  externalConfigGetter = getter;
+}
+async function updateConfigField(key, value) {
+  const path = getConfigPath();
+  let existing = {};
+  try {
+    const content2 = await fs.readFile(path, "utf-8");
+    existing = JSON.parse(content2);
+  } catch {
+  }
+  existing[key] = value;
+  await fs.mkdir(dirname(path), { recursive: true });
+  const content = `${JSON.stringify(existing, null, 2)}
+`;
+  const tempPath = `${path}.${randomBytes(8).toString("hex")}.tmp`;
+  try {
+    await fs.writeFile(tempPath, content, "utf-8");
+    await fs.rename(tempPath, path);
+  } catch (error) {
+    try {
+      await fs.unlink(tempPath);
+    } catch {
+    }
+    throw error;
+  }
+  cachedConfig = null;
+  await loadConfig();
+}
+// ../multi-account-core/src/utils.ts
+function getConfigDir2() {
+  return process.env.OPENCODE_CONFIG_DIR || join2(process.env.XDG_CONFIG_HOME || join2(homedir2(), ".config"), "opencode");
+}
+function getErrorCode(error) {
+  if (typeof error !== "object" || error === null || !("code" in error)) {
+    return void 0;
+  }
+  const code = error.code;
+  return typeof code === "string" ? code : void 0;
+}
+function formatWaitTime(ms) {
+  const totalSeconds = Math.ceil(ms / 1e3);
+  if (totalSeconds < 60) return `${totalSeconds}s`;
+  const days = Math.floor(totalSeconds / 86400);
+  const hours = Math.floor(totalSeconds % 86400 / 3600);
+  const minutes = Math.floor(totalSeconds % 3600 / 60);
+  const seconds = totalSeconds % 60;
+  const parts = [];
+  if (days > 0) parts.push(`${days}d`);
+  if (hours > 0) parts.push(`${hours}h`);
+  if (minutes > 0) parts.push(`${minutes}m`);
+  if (seconds > 0 && days === 0) parts.push(`${seconds}s`);
+  return parts.join(" ") || "0s";
+}
+function getAccountLabel(account) {
+  if (account.label) return account.label;
+  if (account.email) return account.email;
+  if (account.uuid) return `Account (${account.uuid.slice(0, 8)})`;
+  return `Account ${account.index + 1}`;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function showToast(client, message, variant) {
+  if (getConfig().quiet_mode) return;
+  try {
+    await client.tui.showToast({ body: { message, variant } });
+  } catch {
+  }
+}
+function debugLog(client, message, extra) {
+  if (!getConfig().debug) return;
+  client.app.log({
+    body: { service: "claude-multiauth", level: "debug", message, extra }
+  }).catch(() => {
+  });
+}
+function createMinimalClient() {
+  return {
+    auth: {
+      set: async () => {
+      }
+    },
+    tui: {
+      showToast: async () => {
+      }
+    },
+    app: {
+      log: async () => {
+      }
+    }
+  };
+}
+// ../multi-account-core/src/claims.ts
+var CLAIMS_FILENAME = "multiauth-claims.json";
+var CLAIM_EXPIRY_MS = 6e4;
+function getClaimsPath() {
+  return join3(getConfigDir2(), CLAIMS_FILENAME);
+}
+function isClaimShape(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return false;
+  const claim = value;
+  return typeof claim.pid === "number" && Number.isInteger(claim.pid) && claim.pid > 0 && typeof claim.at === "number" && Number.isFinite(claim.at);
+}
+function parseClaims(raw) {
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return {};
+  }
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    return {};
+  }
+  const claims = {};
+  for (const [accountId, claim] of Object.entries(parsed)) {
+    if (isClaimShape(claim)) {
+      claims[accountId] = claim;
+    }
+  }
+  return claims;
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function cleanClaims(claims, now) {
+  const cleaned = {};
+  let changed = false;
+  for (const [accountId, claim] of Object.entries(claims)) {
+    const expiredByTime = now - claim.at > CLAIM_EXPIRY_MS;
+    const zombieClaim = !isProcessAlive(claim.pid);
+    if (expiredByTime || zombieClaim) {
+      changed = true;
+      continue;
+    }
+    cleaned[accountId] = claim;
+  }
+  return { cleaned, changed };
+}
+async function writeClaimsFile(claims) {
+  const path = getClaimsPath();
+  const tempPath = `${path}.${randomBytes2(6).toString("hex")}.tmp`;
+  await fs2.mkdir(dirname2(path), { recursive: true });
+  try {
+    await fs2.writeFile(tempPath, JSON.stringify(claims, null, 2), { encoding: "utf-8", mode: 384 });
+    await fs2.rename(tempPath, path);
+  } catch (error) {
+    try {
+      await fs2.unlink(tempPath);
+    } catch {
+    }
+    throw error;
+  }
+}
+async function readClaims() {
+  try {
+    const data = await fs2.readFile(getClaimsPath(), "utf-8");
+    const parsed = parseClaims(data);
+    const now = Date.now();
+    const { cleaned, changed } = cleanClaims(parsed, now);
+    if (changed) {
+      try {
+        await writeClaimsFile(cleaned);
+      } catch {
+      }
+    }
+    return cleaned;
+  } catch {
+    return {};
+  }
+}
+async function writeClaim(accountId) {
+  const now = Date.now();
+  const claims = await readClaims();
+  const { cleaned } = cleanClaims(claims, now);
+  cleaned[accountId] = { pid: process.pid, at: now };
+  try {
+    await writeClaimsFile(cleaned);
+  } catch {
+  }
+}
+function isClaimedByOther(claims, accountId) {
+  if (!accountId) return false;
+  const claim = claims[accountId];
+  if (!claim) return false;
+  if (Date.now() - claim.at > CLAIM_EXPIRY_MS) return false;
+  if (!isProcessAlive(claim.pid)) return false;
+  return claim.pid !== process.pid;
+}
+// ../multi-account-core/src/account-manager.ts
+var STARTUP_REFRESH_CONCURRENCY = 3;
+var RECENT_429_COOLDOWN_MS = 3e4;
+var HYBRID_SWITCH_MARGIN = 40;
+function createAccountManagerForProvider(dependencies) {
+  const {
+    providerAuthId,
+    isTokenExpired: isTokenExpired2,
+    refreshToken: refreshToken2
+  } = dependencies;
+  return class AccountManager2 {
+    constructor(store) {
+      this.store = store;
+    }
+    cached = [];
+    activeAccountUuid;
+    client = null;
+    runtimeFactory = null;
+    roundRobinCursor = 0;
+    last429Map = /* @__PURE__ */ new Map();
+    static async create(store, currentAuth, client) {
+      const manager = new AccountManager2(store);
+      await manager.initialize(currentAuth, client);
+      return manager;
+    }
+    async initialize(currentAuth, client) {
+      if (client) this.client = client;
+      const storage = await this.store.load();
+      if (storage.accounts.length > 0) {
+        this.cached = storage.accounts.map((account, index) => this.toManagedAccount(account, index));
+        this.activeAccountUuid = storage.activeAccountUuid;
+        if (!this.getActiveAccount() && this.cached.length > 0) {
+          this.activeAccountUuid = this.cached[0].uuid;
+        }
+        return;
+      }
+      if (currentAuth.refresh) {
+        const newAccount = this.createNewAccount(currentAuth, Date.now());
+        await this.store.addAccount(newAccount);
+        await this.store.setActiveUuid(newAccount.uuid);
+        this.cached = [this.toManagedAccount(newAccount, 0)];
+        this.activeAccountUuid = newAccount.uuid;
+      }
+    }
+    async refresh() {
+      const storage = await this.store.load();
+      this.cached = storage.accounts.map((account, index) => this.toManagedAccount(account, index));
+      if (storage.activeAccountUuid) {
+        this.activeAccountUuid = storage.activeAccountUuid;
+      }
+    }
+    toManagedAccount(storedAccount, index) {
+      return {
+        index,
+        uuid: storedAccount.uuid,
+        accountId: storedAccount.accountId,
+        label: storedAccount.label,
+        email: storedAccount.email,
+        planTier: storedAccount.planTier,
+        refreshToken: storedAccount.refreshToken,
+        accessToken: storedAccount.accessToken,
+        expiresAt: storedAccount.expiresAt,
+        addedAt: storedAccount.addedAt,
+        lastUsed: storedAccount.lastUsed,
+        enabled: storedAccount.enabled,
+        rateLimitResetAt: storedAccount.rateLimitResetAt,
+        cachedUsage: storedAccount.cachedUsage,
+        cachedUsageAt: storedAccount.cachedUsageAt,
+        consecutiveAuthFailures: storedAccount.consecutiveAuthFailures,
+        isAuthDisabled: storedAccount.isAuthDisabled,
+        authDisabledReason: storedAccount.authDisabledReason,
+        last429At: storedAccount.uuid ? this.last429Map.get(storedAccount.uuid) : void 0
+      };
+    }
+    createNewAccount(auth, now) {
+      return {
+        uuid: randomUUID(),
+        refreshToken: auth.refresh,
+        accessToken: auth.access,
+        expiresAt: auth.expires,
+        addedAt: now,
+        lastUsed: now,
+        enabled: true,
+        planTier: "",
+        consecutiveAuthFailures: 0,
+        isAuthDisabled: false
+      };
+    }
+    getAccountCount() {
+      return this.getEligibleAccounts().length;
+    }
+    getAccounts() {
+      return [...this.cached];
+    }
+    getActiveAccount() {
+      if (this.activeAccountUuid) {
+        return this.cached.find((account) => account.uuid === this.activeAccountUuid) ?? null;
+      }
+      return this.cached[0] ?? null;
+    }
+    setClient(client) {
+      this.client = client;
+    }
+    setRuntimeFactory(factory) {
+      this.runtimeFactory = factory;
+    }
+    getEligibleAccounts() {
+      return this.cached.filter((account) => account.uuid && account.enabled && !account.isAuthDisabled);
+    }
+    exceedsSoftQuota(account) {
+      const threshold = getConfig().soft_quota_threshold_percent;
+      if (threshold >= 100) return false;
+      const usage = account.cachedUsage;
+      if (!usage) return false;
+      const tiers = [usage.five_hour, usage.seven_day];
+      return tiers.some((tier) => tier != null && tier.utilization >= threshold);
+    }
+    hasAnyUsableAccount() {
+      return this.getEligibleAccounts().length > 0;
+    }
+    isRateLimited(account) {
+      if (account.rateLimitResetAt && Date.now() < account.rateLimitResetAt) {
+        return true;
+      }
+      return this.isUsageExhausted(account);
+    }
+    isUsageExhausted(account) {
+      const usage = account.cachedUsage;
+      if (!usage) return false;
+      const now = Date.now();
+      const tiers = [usage.five_hour, usage.seven_day];
+      return tiers.some(
+        (tier) => tier != null && tier.utilization >= 100 && tier.resets_at != null && Date.parse(tier.resets_at) > now
+      );
+    }
+    clearExpiredRateLimits() {
+      const now = Date.now();
+      for (const account of this.cached) {
+        if (account.rateLimitResetAt && now >= account.rateLimitResetAt) {
+          account.rateLimitResetAt = void 0;
+        }
+      }
+    }
+    getMinWaitTime() {
+      const eligible = this.getEligibleAccounts();
+      const available = eligible.filter((account) => !this.isRateLimited(account));
+      if (available.length > 0) return 0;
+      const now = Date.now();
+      const waits = [];
+      for (const account of eligible) {
+        if (account.rateLimitResetAt) {
+          const ms = account.rateLimitResetAt - now;
+          if (ms > 0) waits.push(ms);
+        }
+        const usageResetMs = this.getUsageResetMs(account);
+        if (usageResetMs !== null && usageResetMs > 0) {
+          waits.push(usageResetMs);
+        }
+      }
+      return waits.length > 0 ? Math.min(...waits) : 0;
+    }
+    getUsageResetMs(account) {
+      const usage = account.cachedUsage;
+      if (!usage) return null;
+      const now = Date.now();
+      const candidates = [];
+      const tiers = [usage.five_hour, usage.seven_day];
+      for (const tier of tiers) {
+        if (tier != null && tier.utilization >= 100 && tier.resets_at != null) {
+          const ms = Date.parse(tier.resets_at) - now;
+          if (ms > 0) candidates.push(ms);
+        }
+      }
+      return candidates.length > 0 ? Math.min(...candidates) : null;
+    }
+    async selectAccount() {
+      await this.refresh();
+      this.clearExpiredRateLimits();
+      const eligible = this.getEligibleAccounts();
+      if (eligible.length === 0) return null;
+      const config = getConfig();
+      const claims = config.cross_process_claims ? await readClaims() : {};
+      const strategy = config.account_selection_strategy;
+      let selected;
+      switch (strategy) {
+        case "round-robin":
+          selected = this.selectRoundRobin(eligible, claims);
+          break;
+        case "hybrid":
+          selected = this.selectHybrid(eligible, claims);
+          break;
+        case "sticky":
+        default:
+          selected = this.selectSticky(eligible, claims);
+          break;
+      }
+      if (selected?.uuid) {
+        this.activeAccountUuid = selected.uuid;
+        this.store.setActiveUuid(selected.uuid).catch(() => {
+        });
+      }
+      if (config.cross_process_claims && selected?.uuid) {
+        writeClaim(selected.uuid).catch(() => {
+        });
+      }
+      return selected;
+    }
+    isUsable(account) {
+      return !this.isRateLimited(account) && !this.isInRecentCooldown(account) && !this.exceedsSoftQuota(account);
+    }
+    isInRecentCooldown(account) {
+      if (!account.last429At) return false;
+      return Date.now() - account.last429At < RECENT_429_COOLDOWN_MS;
+    }
+    fallbackNotRateLimited(eligible) {
+      const account = eligible.find((candidate) => !this.isRateLimited(candidate));
+      if (account) {
+        this.activateAccount(account);
+        return account;
+      }
+      return null;
+    }
+    selectSticky(eligible, claims) {
+      const current = this.getActiveAccount();
+      if (current?.enabled && !current.isAuthDisabled && this.isUsable(current)) {
+        this.activateAccount(current);
+        return current;
+      }
+      const unclaimed = eligible.find(
+        (account) => this.isUsable(account) && !isClaimedByOther(claims, account.uuid)
+      );
+      if (unclaimed) {
+        this.activateAccount(unclaimed);
+        return unclaimed;
+      }
+      const available = eligible.find((account) => this.isUsable(account));
+      if (available) {
+        this.activateAccount(available);
+        return available;
+      }
+      return this.fallbackNotRateLimited(eligible);
+    }
+    selectRoundRobin(eligible, claims) {
+      for (let i = 0; i < eligible.length; i++) {
+        const index = (this.roundRobinCursor + i) % eligible.length;
+        const account = eligible[index];
+        if (this.isUsable(account) && !isClaimedByOther(claims, account.uuid)) {
+          this.roundRobinCursor = (index + 1) % eligible.length;
+          this.activateAccount(account);
+          return account;
+        }
+      }
+      for (let i = 0; i < eligible.length; i++) {
+        const index = (this.roundRobinCursor + i) % eligible.length;
+        const account = eligible[index];
+        if (this.isUsable(account)) {
+          this.roundRobinCursor = (index + 1) % eligible.length;
+          this.activateAccount(account);
+          return account;
+        }
+      }
+      return this.fallbackNotRateLimited(eligible);
+    }
+    selectHybrid(eligible, claims) {
+      const usable = eligible.filter((account) => this.isUsable(account));
+      const pool = usable.length > 0 ? usable : eligible.filter((account) => !this.isRateLimited(account));
+      if (pool.length === 0) return null;
+      const activeUuid = this.activeAccountUuid;
+      let best = pool[0];
+      let bestScore = this.calculateHybridScore(best, best.uuid === activeUuid, claims);
+      for (let i = 1; i < pool.length; i++) {
+        const account = pool[i];
+        const score = this.calculateHybridScore(account, account.uuid === activeUuid, claims);
+        if (score > bestScore) {
+          best = account;
+          bestScore = score;
+        }
+      }
+      const current = pool.find((account) => account.uuid === activeUuid);
+      if (current && current !== best) {
+        const currentScore = this.calculateHybridScore(current, true, claims);
+        const bestWithoutStickiness = this.calculateHybridScore(best, false, claims);
+        if (bestWithoutStickiness <= currentScore + HYBRID_SWITCH_MARGIN) {
+          this.activateAccount(current);
+          return current;
+        }
+      }
+      this.activateAccount(best);
+      return best;
+    }
+    calculateHybridScore(account, isActive, claims) {
+      const maxUtilization = Math.min(100, Math.max(0, this.getMaxUtilization(account)));
+      const usageScore = (100 - maxUtilization) / 100 * 450;
+      const maxFailures = Math.max(1, getConfig().max_consecutive_auth_failures);
+      const healthScore = Math.max(0, (maxFailures - account.consecutiveAuthFailures) / maxFailures * 250);
+      const secondsSinceUsed = (Date.now() - account.lastUsed) / 1e3;
+      const freshnessScore = Math.min(secondsSinceUsed, 900) / 900 * 60;
+      const stickinessBonus = isActive ? 120 : 0;
+      const claimPenalty = isClaimedByOther(claims, account.uuid) ? -200 : 0;
+      return usageScore + healthScore + freshnessScore + stickinessBonus + claimPenalty;
+    }
+    getMaxUtilization(account) {
+      const usage = account.cachedUsage;
+      if (!usage) return 65;
+      const tiers = [usage.five_hour, usage.seven_day];
+      const utilizations = tiers.filter((tier) => tier != null).map((tier) => tier.utilization);
+      return utilizations.length > 0 ? Math.max(...utilizations) : 65;
+    }
+    activateAccount(account) {
+      this.activeAccountUuid = account.uuid;
+      account.lastUsed = Date.now();
+    }
+    async markRateLimited(uuid, backoffMs) {
+      const effectiveBackoff = backoffMs ?? getConfig().rate_limit_min_backoff_ms;
+      this.last429Map.set(uuid, Date.now());
+      await this.store.mutateAccount(uuid, (account) => {
+        account.rateLimitResetAt = Date.now() + effectiveBackoff;
+      });
+    }
+    async markRevoked(uuid) {
+      await this.store.mutateAccount(uuid, (account) => {
+        account.isAuthDisabled = true;
+        account.authDisabledReason = "OAuth token revoked (403)";
+        account.accessToken = void 0;
+        account.expiresAt = void 0;
+      });
+      this.runtimeFactory?.invalidate(uuid);
+    }
+    async markSuccess(uuid) {
+      this.last429Map.delete(uuid);
+      await this.store.mutateAccount(uuid, (account) => {
+        account.rateLimitResetAt = void 0;
+        account.consecutiveAuthFailures = 0;
+        account.lastUsed = Date.now();
+      });
+    }
+    syncToOpenCode(account) {
+      if (!this.client || !account.accessToken || !account.expiresAt) return;
+      this.client.auth.set({
+        path: { id: providerAuthId },
+        body: {
+          type: "oauth",
+          refresh: account.refreshToken,
+          access: account.accessToken,
+          expires: account.expiresAt
+        }
+      }).catch(() => {
+      });
+    }
+    async markAuthFailure(uuid, result) {
+      await this.store.mutateStorage((storage) => {
+        const account = storage.accounts.find((entry) => entry.uuid === uuid);
+        if (!account) return;
+        if (!result.ok && result.permanent) {
+          account.isAuthDisabled = true;
+          account.authDisabledReason = "Token permanently rejected (400/401/403)";
+          return;
+        }
+        account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
+        const maxFailures = getConfig().max_consecutive_auth_failures;
+        const usableCount = storage.accounts.filter(
+          (entry) => entry.enabled && !entry.isAuthDisabled && entry.uuid !== uuid
+        ).length;
+        if (account.consecutiveAuthFailures >= maxFailures && usableCount > 0) {
+          account.isAuthDisabled = true;
+          account.authDisabledReason = `${maxFailures} consecutive auth failures`;
+        }
+      });
+    }
+    async applyUsageCache(uuid, usage) {
+      await this.store.mutateAccount(uuid, (account) => {
+        account.cachedUsage = usage;
+        account.cachedUsageAt = Date.now();
+      });
+    }
+    async applyProfileCache(uuid, profile) {
+      await this.store.mutateAccount(uuid, (account) => {
+        account.email = profile.email ?? account.email;
+        account.planTier = profile.planTier;
+      });
+    }
+    async ensureValidToken(uuid, client) {
+      const credentials = await this.store.readCredentials(uuid);
+      if (!credentials) return { ok: false, permanent: true };
+      if (credentials.accessToken && credentials.expiresAt && !isTokenExpired2(credentials)) {
+        return {
+          ok: true,
+          patch: { accessToken: credentials.accessToken, expiresAt: credentials.expiresAt }
+        };
+      }
+      const result = await refreshToken2(credentials.refreshToken, uuid, client);
+      if (!result.ok) return result;
+      const updated = await this.store.mutateAccount(uuid, (account) => {
+        account.accessToken = result.patch.accessToken;
+        account.expiresAt = result.patch.expiresAt;
+        if (result.patch.refreshToken) account.refreshToken = result.patch.refreshToken;
+        if (result.patch.uuid && result.patch.uuid !== uuid) account.uuid = result.patch.uuid;
+        if (result.patch.accountId) account.accountId = result.patch.accountId;
+        if (result.patch.email) account.email = result.patch.email;
+        account.consecutiveAuthFailures = 0;
+        account.isAuthDisabled = false;
+        account.authDisabledReason = void 0;
+      });
+      if (result.patch.uuid && result.patch.uuid !== uuid && this.activeAccountUuid === uuid) {
+        this.activeAccountUuid = result.patch.uuid;
+        this.store.setActiveUuid(result.patch.uuid).catch(() => {
+        });
+      }
+      if (updated && (uuid === this.activeAccountUuid || updated.uuid === this.activeAccountUuid)) {
+        this.syncToOpenCode(updated);
+      }
+      return result;
+    }
+    async validateNonActiveTokens(client) {
+      await this.refresh();
+      const activeUuid = this.activeAccountUuid;
+      const eligible = this.cached.filter(
+        (account) => account.enabled && !account.isAuthDisabled && account.uuid && account.uuid !== activeUuid
+      );
+      for (let i = 0; i < eligible.length; i += STARTUP_REFRESH_CONCURRENCY) {
+        const batch = eligible.slice(i, i + STARTUP_REFRESH_CONCURRENCY);
+        await Promise.all(
+          batch.map(async (account) => {
+            if (!account.uuid || !isTokenExpired2(account)) return;
+            const result = await this.ensureValidToken(account.uuid, client);
+            if (!result.ok) {
+              await this.markAuthFailure(account.uuid, result);
+            }
+          })
+        );
+      }
+    }
+    async removeAccount(index) {
+      const account = this.cached[index];
+      if (!account?.uuid) return false;
+      const removed = await this.store.removeAccount(account.uuid);
+      if (removed) {
+        await this.refresh();
+      }
+      return removed;
+    }
+    async clearAllAccounts() {
+      await this.store.clear();
+      this.cached = [];
+      this.activeAccountUuid = void 0;
+    }
+    async addAccount(auth) {
+      if (!auth.refresh) return;
+      const existing = this.cached.find((account) => account.refreshToken === auth.refresh);
+      if (existing) return;
+      const newAccount = this.createNewAccount(auth, Date.now());
+      await this.store.addAccount(newAccount);
+      this.activeAccountUuid = newAccount.uuid;
+      await this.store.setActiveUuid(newAccount.uuid);
+      await this.refresh();
+    }
+    async toggleEnabled(uuid) {
+      await this.store.mutateAccount(uuid, (account) => {
+        account.enabled = !(account.enabled ?? true);
+        if (account.enabled) {
+          account.isAuthDisabled = false;
+          account.authDisabledReason = void 0;
+          account.consecutiveAuthFailures = 0;
+        }
+      });
+    }
+    async replaceAccountCredentials(uuid, auth) {
+      const updated = await this.store.mutateAccount(uuid, (account) => {
+        account.refreshToken = auth.refresh;
+        account.accessToken = auth.access;
+        account.expiresAt = auth.expires;
+        account.lastUsed = Date.now();
+        account.enabled = true;
+        account.isAuthDisabled = false;
+        account.authDisabledReason = void 0;
+        account.consecutiveAuthFailures = 0;
+        account.rateLimitResetAt = void 0;
+      });
+      this.runtimeFactory?.invalidate(uuid);
+      if (updated && uuid === this.activeAccountUuid) {
+        this.syncToOpenCode(updated);
+      }
+    }
+    async retryAuth(uuid, client) {
+      await this.store.mutateAccount(uuid, (account) => {
+        account.consecutiveAuthFailures = 0;
+        account.isAuthDisabled = false;
+        account.authDisabledReason = void 0;
+      });
+      this.runtimeFactory?.invalidate(uuid);
+      const credentials = await this.store.readCredentials(uuid);
+      if (!credentials) return { ok: false, permanent: true };
+      const result = await refreshToken2(credentials.refreshToken, uuid, client);
+      if (result.ok) {
+        const updated = await this.store.mutateAccount(uuid, (account) => {
+          account.accessToken = result.patch.accessToken;
+          account.expiresAt = result.patch.expiresAt;
+          if (result.patch.refreshToken) account.refreshToken = result.patch.refreshToken;
+          if (result.patch.uuid) account.uuid = result.patch.uuid;
+          if (result.patch.accountId) account.accountId = result.patch.accountId;
+          if (result.patch.email) account.email = result.patch.email;
+          account.enabled = true;
+          account.consecutiveAuthFailures = 0;
+        });
+        this.runtimeFactory?.invalidate(uuid);
+        if (result.patch.uuid) {
+          this.runtimeFactory?.invalidate(result.patch.uuid);
+        }
+        const nextUuid = result.patch.uuid ?? uuid;
+        if (this.activeAccountUuid === uuid && result.patch.uuid && result.patch.uuid !== uuid) {
+          this.activeAccountUuid = result.patch.uuid;
+          await this.store.setActiveUuid(result.patch.uuid);
+        }
+        if (updated && (uuid === this.activeAccountUuid || nextUuid === this.activeAccountUuid)) {
+          const freshCredentials = await this.store.readCredentials(nextUuid);
+          if (freshCredentials) {
+            this.syncToOpenCode({
+              refreshToken: freshCredentials.refreshToken,
+              accessToken: freshCredentials.accessToken,
+              expiresAt: freshCredentials.expiresAt
+            });
+          }
+        }
+      } else {
+        await this.markAuthFailure(uuid, result);
+        this.runtimeFactory?.invalidate(uuid);
+      }
+      return result;
+    }
+  };
+}
+// ../multi-account-core/src/account-store.ts
+import { promises as fs4 } from "node:fs";
+import { randomBytes as randomBytes3 } from "node:crypto";
+import { dirname as dirname4, join as join5 } from "node:path";
+import lockfile from "proper-lockfile";
+import * as v4 from "valibot";
+// ../multi-account-core/src/storage.ts
+import { promises as fs3 } from "node:fs";
+import { dirname as dirname3, join as join4 } from "node:path";
+import * as v3 from "valibot";
+// ../multi-account-core/src/constants.ts
+var DEFAULT_ACCOUNTS_FILENAME = "multiauth-accounts.json";
+var ACCOUNTS_FILENAME = DEFAULT_ACCOUNTS_FILENAME;
+function setAccountsFilename(filename) {
+  if (!filename) {
+    ACCOUNTS_FILENAME = DEFAULT_ACCOUNTS_FILENAME;
+    return;
+  }
+  ACCOUNTS_FILENAME = filename;
+}
+// ../multi-account-core/src/storage.ts
+function getStoragePath() {
+  return join4(getConfigDir2(), ACCOUNTS_FILENAME);
+}
+async function backupCorruptFile(targetPath, content) {
+  const backupPath = `${targetPath}.corrupt.${Date.now()}.bak`;
+  await fs3.mkdir(dirname3(backupPath), { recursive: true });
+  await fs3.writeFile(backupPath, content, "utf-8");
+}
+async function readStorageFromDisk(targetPath, backupOnCorrupt) {
+  let content;
+  try {
+    content = await fs3.readFile(targetPath, "utf-8");
+  } catch (error) {
+    if (getErrorCode(error) === "ENOENT") {
+      return null;
+    }
+    throw error;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch {
+    if (backupOnCorrupt) {
+      try {
+        await backupCorruptFile(targetPath, content);
+      } catch {
+      }
+    }
+    return null;
+  }
+  const validation = v3.safeParse(AccountStorageSchema, parsed);
+  if (!validation.success) {
+    if (backupOnCorrupt) {
+      try {
+        await backupCorruptFile(targetPath, content);
+      } catch {
+      }
+    }
+    return null;
+  }
+  return validation.output;
+}
+function deduplicateAccounts(accounts) {
+  const deduplicated = [];
+  const indexByUuid = /* @__PURE__ */ new Map();
+  for (const account of accounts) {
+    if (!account.uuid) {
+      deduplicated.push(account);
+      continue;
+    }
+    const existingIndex = indexByUuid.get(account.uuid);
+    if (existingIndex === void 0) {
+      indexByUuid.set(account.uuid, deduplicated.length);
+      deduplicated.push(account);
+      continue;
+    }
+    const existingAccount = deduplicated[existingIndex];
+    if (!existingAccount || account.lastUsed >= existingAccount.lastUsed) {
+      deduplicated[existingIndex] = account;
+    }
+  }
+  return deduplicated;
+}
+async function loadAccounts() {
+  const storagePath = getStoragePath();
+  const storage = await readStorageFromDisk(storagePath, true);
+  if (!storage) {
+    return null;
+  }
+  return {
+    ...storage,
+    accounts: deduplicateAccounts(storage.accounts || [])
+  };
+}
+// ../multi-account-core/src/account-store.ts
+var FILE_MODE = 384;
+var LOCK_OPTIONS = {
+  stale: 1e4,
+  retries: { retries: 10, minTimeout: 50, maxTimeout: 2e3, factor: 2 }
+};
+function getStoragePath2() {
+  return join5(getConfigDir2(), ACCOUNTS_FILENAME);
+}
+function createEmptyStorage() {
+  return { version: 1, accounts: [] };
+}
+function buildTempPath(targetPath) {
+  return `${targetPath}.${randomBytes3(8).toString("hex")}.tmp`;
+}
+async function writeAtomicText(targetPath, content) {
+  await fs4.mkdir(dirname4(targetPath), { recursive: true });
+  const tempPath = buildTempPath(targetPath);
+  try {
+    await fs4.writeFile(tempPath, content, { encoding: "utf-8", mode: FILE_MODE });
+    await fs4.chmod(tempPath, FILE_MODE);
+    await fs4.rename(tempPath, targetPath);
+    await fs4.chmod(targetPath, FILE_MODE);
+  } catch (error) {
+    try {
+      await fs4.unlink(tempPath);
+    } catch {
+    }
+    throw error;
+  }
+}
+async function writeStorageAtomic(targetPath, storage) {
+  const validation = v4.safeParse(AccountStorageSchema, storage);
+  if (!validation.success) {
+    throw new Error("Invalid account storage payload");
+  }
+  await writeAtomicText(targetPath, `${JSON.stringify(validation.output, null, 2)}
+`);
+}
+async function ensureStorageFileExists(targetPath) {
+  await fs4.mkdir(dirname4(targetPath), { recursive: true });
+  const emptyContent = `${JSON.stringify(createEmptyStorage(), null, 2)}
+`;
+  try {
+    await fs4.writeFile(targetPath, emptyContent, { flag: "wx", mode: FILE_MODE });
+  } catch (error) {
+    if (getErrorCode(error) !== "EEXIST") throw error;
+  }
+}
+async function withFileLock(fn) {
+  const storagePath = getStoragePath2();
+  await ensureStorageFileExists(storagePath);
+  let release = null;
+  try {
+    release = await lockfile.lock(storagePath, LOCK_OPTIONS);
+    return await fn(storagePath);
+  } finally {
+    if (release) {
+      try {
+        await release();
+      } catch {
+      }
+    }
+  }
+}
+var AccountStore = class {
+  async load() {
+    const storage = await loadAccounts();
+    return storage ?? createEmptyStorage();
+  }
+  async readCredentials(uuid) {
+    const storagePath = getStoragePath2();
+    const storage = await readStorageFromDisk(storagePath, false);
+    if (!storage) return null;
+    const account = storage.accounts.find((a) => a.uuid === uuid);
+    if (!account) return null;
+    return {
+      refreshToken: account.refreshToken,
+      accessToken: account.accessToken,
+      expiresAt: account.expiresAt,
+      accountId: account.accountId
+    };
+  }
+  async mutateAccount(uuid, fn) {
+    return await withFileLock(async (storagePath) => {
+      const current = await readStorageFromDisk(storagePath, false);
+      if (!current) return null;
+      const account = current.accounts.find((a) => a.uuid === uuid);
+      if (!account) return null;
+      fn(account);
+      await writeStorageAtomic(storagePath, current);
+      return { ...account };
+    });
+  }
+  async mutateStorage(fn) {
+    await withFileLock(async (storagePath) => {
+      const current = await readStorageFromDisk(storagePath, false) ?? createEmptyStorage();
+      fn(current);
+      await writeStorageAtomic(storagePath, current);
+    });
+  }
+  async addAccount(account) {
+    await withFileLock(async (storagePath) => {
+      const current = await readStorageFromDisk(storagePath, false) ?? createEmptyStorage();
+      const exists = current.accounts.some(
+        (a) => a.uuid === account.uuid || a.refreshToken === account.refreshToken
+      );
+      if (exists) return;
+      current.accounts.push(account);
+      await writeStorageAtomic(storagePath, current);
+    });
+  }
+  async removeAccount(uuid) {
+    return await withFileLock(async (storagePath) => {
+      const current = await readStorageFromDisk(storagePath, false);
+      if (!current) return false;
+      const initialLength = current.accounts.length;
+      current.accounts = current.accounts.filter((a) => a.uuid !== uuid);
+      if (current.accounts.length === initialLength) return false;
+      if (current.activeAccountUuid === uuid) {
+        current.activeAccountUuid = current.accounts[0]?.uuid;
+      }
+      await writeStorageAtomic(storagePath, current);
+      return true;
+    });
+  }
+  async setActiveUuid(uuid) {
+    await this.mutateStorage((storage) => {
+      storage.activeAccountUuid = uuid;
+    });
+  }
+  async clear() {
+    await withFileLock(async (storagePath) => {
+      await writeStorageAtomic(storagePath, createEmptyStorage());
+    });
+  }
+};
+// ../multi-account-core/src/executor.ts
+var MIN_MAX_RETRIES = 6;
+var RETRIES_PER_ACCOUNT = 3;
+var MAX_SERVER_RETRIES_PER_ATTEMPT = 2;
+var MAX_RESOLVE_ATTEMPTS = 10;
+var SERVER_RETRY_BASE_MS = 1e3;
+var SERVER_RETRY_MAX_MS = 4e3;
+var PERMANENT_AUTH_FAILURE_STATUSES = /* @__PURE__ */ new Set([400, 401, 403]);
+function createExecutorForProvider(providerName, dependencies) {
+  const {
+    handleRateLimitResponse: handleRateLimitResponse2,
+    formatWaitTime: formatWaitTime2,
+    sleep: sleep2,
+    showToast: showToast2,
+    getAccountLabel: getAccountLabel2
+  } = dependencies;
+  async function executeWithAccountRotation2(manager, runtimeFactory, client, input, init) {
+    const maxRetries = Math.max(MIN_MAX_RETRIES, manager.getAccountCount() * RETRIES_PER_ACCOUNT);
+    let retries = 0;
+    let previousAccountUuid;
+    while (true) {
+      if (++retries > maxRetries) {
+        throw new Error(
+          `Exhausted ${maxRetries} retries across all accounts. All attempts failed due to auth errors, rate limits, or token issues.`
+        );
+      }
+      await manager.refresh();
+      const account = await resolveAccount(manager, client);
+      const accountUuid = account.uuid;
+      if (!accountUuid) continue;
+      if (previousAccountUuid && accountUuid !== previousAccountUuid && manager.getAccountCount() > 1) {
+        void showToast2(client, `Switched to ${getAccountLabel2(account)}`, "info");
+      }
+      previousAccountUuid = accountUuid;
+      let runtime;
+      let response;
+      try {
+        runtime = await runtimeFactory.getRuntime(accountUuid);
+        response = await runtime.fetch(input, init);
+      } catch (error) {
+        if (await handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error)) {
+          continue;
+        }
+        void showToast2(client, `${getAccountLabel2(account)} network error \u2014 switching`, "warning");
+        continue;
+      }
+      if (response.status >= 500) {
+        let serverResponse = response;
+        let networkErrorDuringServerRetry = false;
+        let authFailureDuringServerRetry = false;
+        for (let attempt = 0; attempt < MAX_SERVER_RETRIES_PER_ATTEMPT; attempt++) {
+          const backoff = Math.min(SERVER_RETRY_BASE_MS * 2 ** attempt, SERVER_RETRY_MAX_MS);
+          const jitteredBackoff = backoff * (0.5 + Math.random() * 0.5);
+          await sleep2(jitteredBackoff);
+          try {
+            serverResponse = await runtime.fetch(input, init);
+          } catch (error) {
+            if (await handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error)) {
+              authFailureDuringServerRetry = true;
+              break;
+            }
+            networkErrorDuringServerRetry = true;
+            void showToast2(client, `${getAccountLabel2(account)} network error \u2014 switching`, "warning");
+            break;
+          }
+          if (serverResponse.status < 500) break;
+        }
+        if (authFailureDuringServerRetry) {
+          continue;
+        }
+        if (networkErrorDuringServerRetry || serverResponse.status >= 500) {
+          continue;
+        }
+        response = serverResponse;
+      }
+      if (response.status === 401) {
+        runtimeFactory.invalidate(accountUuid);
+        try {
+          const retryRuntime = await runtimeFactory.getRuntime(accountUuid);
+          const retryResponse = await retryRuntime.fetch(input, init);
+          if (retryResponse.status !== 401) {
+            await manager.markSuccess(accountUuid);
+            return retryResponse;
+          }
+        } catch (error) {
+          if (await handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error)) {
+            continue;
+          }
+          continue;
+        }
+        await manager.markAuthFailure(accountUuid, { ok: false, permanent: false });
+        await manager.refresh();
+        if (!manager.hasAnyUsableAccount()) {
+          void showToast2(client, "All accounts have auth failures.", "error");
+          throw new Error(
+            `All ${providerName} accounts have authentication failures. Re-authenticate with \`opencode auth login\`.`
+          );
+        }
+        void showToast2(client, `${getAccountLabel2(account)} auth failed \u2014 switching to next account.`, "warning");
+        continue;
+      }
+      if (response.status === 403) {
+        const revoked = await isRevokedTokenResponse(response);
+        if (revoked) {
+          await manager.markRevoked(accountUuid);
+          await manager.refresh();
+          void showToast2(
+            client,
+            `${getAccountLabel2(account)} disabled: OAuth token revoked.`,
+            "error"
+          );
+          if (!manager.hasAnyUsableAccount()) {
+            throw new Error(
+              `All ${providerName} accounts have been revoked or disabled. Re-authenticate with \`opencode auth login\`.`
+            );
+          }
+          continue;
+        }
+      }
+      if (response.status === 429) {
+        await handleRateLimitResponse2(manager, client, account, response);
+        continue;
+      }
+      await manager.markSuccess(accountUuid);
+      return response;
+    }
+  }
+  async function handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error) {
+    const refreshFailureStatus = getRefreshFailureStatus(error);
+    if (refreshFailureStatus === void 0) return false;
+    if (!account.uuid) return false;
+    const accountUuid = account.uuid;
+    runtimeFactory.invalidate(accountUuid);
+    await manager.markAuthFailure(accountUuid, {
+      ok: false,
+      permanent: PERMANENT_AUTH_FAILURE_STATUSES.has(refreshFailureStatus)
+    });
+    await manager.refresh();
+    if (!manager.hasAnyUsableAccount()) {
+      void showToast2(client, "All accounts have auth failures.", "error");
+      throw new Error(
+        `All ${providerName} accounts have authentication failures. Re-authenticate with \`opencode auth login\`.`
+      );
+    }
+    void showToast2(client, `${getAccountLabel2(account)} auth failed \u2014 switching to next account.`, "warning");
+    return true;
+  }
+  async function resolveAccount(manager, client) {
+    let attempts = 0;
+    while (true) {
+      if (++attempts > MAX_RESOLVE_ATTEMPTS) {
+        throw new Error(
+          `Failed to resolve an available account after ${MAX_RESOLVE_ATTEMPTS} attempts. All accounts may be rate-limited or disabled.`
+        );
+      }
+      const account = await manager.selectAccount();
+      if (account) return account;
+      if (!manager.hasAnyUsableAccount()) {
+        throw new Error(
+          `All ${providerName} accounts are disabled. Re-authenticate with \`opencode auth login\`.`
+        );
+      }
+      const waitMs = manager.getMinWaitTime();
+      if (waitMs <= 0) {
+        throw new Error(
+          `All ${providerName} accounts are rate-limited. Add more accounts with \`opencode auth login\` or wait.`
+        );
+      }
+      await showToast2(
+        client,
+        `All ${manager.getAccountCount()} account(s) rate-limited. Waiting ${formatWaitTime2(waitMs)}...`,
+        "warning"
+      );
+      await sleep2(waitMs);
+    }
+  }
+  return {
+    executeWithAccountRotation: executeWithAccountRotation2
+  };
+}
+function getRefreshFailureStatus(error) {
+  if (!(error instanceof Error)) return void 0;
+  const matched = error.message.match(/Token refresh failed:\s*(\d{3})/);
+  if (!matched) return void 0;
+  const status = Number(matched[1]);
+  return Number.isFinite(status) ? status : void 0;
+}
+async function isRevokedTokenResponse(response) {
+  try {
+    const cloned = response.clone();
+    const body = await cloned.text();
+    return body.includes("revoked");
+  } catch {
+    return false;
+  }
+}
+// ../multi-account-core/src/proactive-refresh.ts
+var INITIAL_DELAY_MS = 5e3;
+function createProactiveRefreshQueueForProvider(dependencies) {
+  const {
+    getConfig: getConfig2,
+    refreshToken: refreshToken2,
+    isTokenExpired: isTokenExpired2,
+    debugLog: debugLog2
+  } = dependencies;
+  return class ProactiveRefreshQueue {
+    constructor(client, store, onInvalidate) {
+      this.client = client;
+      this.store = store;
+      this.onInvalidate = onInvalidate;
+    }
+    timeoutHandle = null;
+    runToken = 0;
+    inFlight = null;
+    start() {
+      const config = getConfig2();
+      if (!config.proactive_refresh) return;
+      this.runToken++;
+      this.scheduleNext(this.runToken, INITIAL_DELAY_MS);
+      debugLog2(this.client, "Proactive refresh started", {
+        intervalSeconds: config.proactive_refresh_interval_seconds,
+        bufferSeconds: config.proactive_refresh_buffer_seconds
+      });
+    }
+    async stop() {
+      this.runToken++;
+      if (this.timeoutHandle) {
+        clearTimeout(this.timeoutHandle);
+        this.timeoutHandle = null;
+      }
+      if (this.inFlight) {
+        await this.inFlight;
+        this.inFlight = null;
+      }
+      debugLog2(this.client, "Proactive refresh stopped");
+    }
+    scheduleNext(token, delayMs) {
+      this.timeoutHandle = setTimeout(() => {
+        if (token !== this.runToken) return;
+        this.inFlight = this.runCheck(token).finally(() => {
+          this.inFlight = null;
+        });
+      }, delayMs);
+    }
+    needsProactiveRefresh(account) {
+      if (!account.accessToken || !account.expiresAt) return false;
+      if (isTokenExpired2(account)) return false;
+      const bufferMs = getConfig2().proactive_refresh_buffer_seconds * 1e3;
+      return account.expiresAt <= Date.now() + bufferMs;
+    }
+    async runCheck(token) {
+      try {
+        const stored = await this.store.load();
+        if (token !== this.runToken) return;
+        const candidates = stored.accounts.filter(
+          (a) => a.enabled !== false && !a.isAuthDisabled && a.uuid && this.needsProactiveRefresh(a)
+        );
+        if (candidates.length === 0) return;
+        debugLog2(this.client, `Proactive refresh: ${candidates.length} account(s) approaching expiry`);
+        for (const account of candidates) {
+          if (token !== this.runToken) return;
+          const credentials = await this.store.readCredentials(account.uuid);
+          if (!credentials || !this.needsProactiveRefresh(credentials)) continue;
+          const result = await refreshToken2(credentials.refreshToken, account.uuid, this.client);
+          if (result.ok) {
+            await this.store.mutateAccount(account.uuid, (target) => {
+              target.accessToken = result.patch.accessToken;
+              target.expiresAt = result.patch.expiresAt;
+              if (result.patch.refreshToken) target.refreshToken = result.patch.refreshToken;
+              if (result.patch.uuid) target.uuid = result.patch.uuid;
+              if (result.patch.email) target.email = result.patch.email;
+              if (result.patch.accountId) target.accountId = result.patch.accountId;
+              target.consecutiveAuthFailures = 0;
+              target.isAuthDisabled = false;
+              target.authDisabledReason = void 0;
+            });
+            this.onInvalidate?.(account.uuid);
+          } else {
+            await this.persistFailure(account, result.permanent);
+          }
+        }
+      } catch (error) {
+        debugLog2(this.client, `Proactive refresh check error: ${error}`);
+      } finally {
+        if (token === this.runToken) {
+          const intervalMs = getConfig2().proactive_refresh_interval_seconds * 1e3;
+          this.scheduleNext(token, intervalMs);
+        }
+      }
+    }
+    async persistFailure(account, permanent) {
+      try {
+        await this.store.mutateAccount(account.uuid, (target) => {
+          if (permanent) {
+            target.isAuthDisabled = true;
+            target.authDisabledReason = "Token permanently rejected (proactive refresh)";
+          } else {
+            target.consecutiveAuthFailures = (target.consecutiveAuthFailures ?? 0) + 1;
+            const maxFailures = getConfig2().max_consecutive_auth_failures;
+            if (target.consecutiveAuthFailures >= maxFailures) {
+              target.isAuthDisabled = true;
+              target.authDisabledReason = `${maxFailures} consecutive auth failures (proactive refresh)`;
+            }
+          }
+        });
+      } catch {
+        debugLog2(this.client, `Failed to persist auth failure for ${account.uuid}`);
+      }
+    }
+  };
+}
+// ../multi-account-core/src/rate-limit.ts
+var USAGE_FETCH_COOLDOWN_MS = 3e4;
+function createRateLimitHandlers(dependencies) {
+  const {
+    fetchUsage: fetchUsage2,
+    getConfig: getConfig2,
+    formatWaitTime: formatWaitTime2,
+    getAccountLabel: getAccountLabel2,
+    showToast: showToast2
+  } = dependencies;
+  function retryAfterMsFromResponse2(response) {
+    const retryAfterMs = response.headers.get("retry-after-ms");
+    if (retryAfterMs) {
+      const parsed = parseInt(retryAfterMs, 10);
+      if (!isNaN(parsed) && parsed > 0) return parsed;
+    }
+    const retryAfter = response.headers.get("retry-after");
+    if (retryAfter) {
+      const parsed = parseInt(retryAfter, 10);
+      if (!isNaN(parsed) && parsed > 0) return parsed * 1e3;
+    }
+    return getConfig2().default_retry_after_ms;
+  }
+  function getResetMsFromUsage2(account) {
+    const usage = account.cachedUsage;
+    if (!usage) return null;
+    const now = Date.now();
+    const candidates = [];
+    if (usage.five_hour?.resets_at) {
+      const ms = Date.parse(usage.five_hour.resets_at) - now;
+      if (ms > 0) candidates.push(ms);
+    }
+    if (usage.seven_day?.resets_at) {
+      const ms = Date.parse(usage.seven_day.resets_at) - now;
+      if (ms > 0) candidates.push(ms);
+    }
+    return candidates.length > 0 ? Math.min(...candidates) : null;
+  }
+  async function fetchUsageLimits2(accessToken, accountId) {
+    if (!accessToken) return null;
+    try {
+      const result = await fetchUsage2(accessToken, accountId);
+      return result.ok ? result.data : null;
+    } catch {
+      return null;
+    }
+  }
+  async function handleRateLimitResponse2(manager, client, account, response) {
+    if (!account.uuid) return;
+    const resetMs = getResetMsFromUsage2(account) ?? retryAfterMsFromResponse2(response);
+    await manager.markRateLimited(account.uuid, resetMs);
+    const shouldFetchUsage = account.accessToken && (!account.cachedUsageAt || Date.now() - account.cachedUsageAt > USAGE_FETCH_COOLDOWN_MS);
+    if (shouldFetchUsage) {
+      const usage = await fetchUsageLimits2(account.accessToken, account.accountId);
+      if (usage) {
+        await manager.applyUsageCache(account.uuid, usage);
+      }
+    }
+    if (manager.getAccountCount() > 1) {
+      void showToast2(
+        client,
+        `${getAccountLabel2(account)} rate-limited (resets in ${formatWaitTime2(resetMs)}). Switching...`,
+        "warning"
+      );
+    }
+  }
+  return {
+    retryAfterMsFromResponse: retryAfterMsFromResponse2,
+    getResetMsFromUsage: getResetMsFromUsage2,
+    fetchUsageLimits: fetchUsageLimits2,
+    handleRateLimitResponse: handleRateLimitResponse2
+  };
+}
+// ../multi-account-core/src/auth-migration.ts
+import { promises as fs5 } from "node:fs";
+import { join as join6 } from "node:path";
+var AUTH_JSON_FILENAME = "auth.json";
+function isValidOAuthCredential(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const candidate = value;
+  return candidate.type === "oauth" && typeof candidate.refresh === "string" && candidate.refresh.length > 0;
+}
+function resolveAuthJsonPath() {
+  return join6(getConfigDir2(), AUTH_JSON_FILENAME);
+}
+async function readAuthJson() {
+  const authPath = resolveAuthJsonPath();
+  let content;
+  try {
+    content = await fs5.readFile(authPath, "utf-8");
+  } catch {
+    return null;
+  }
+  try {
+    const parsed = JSON.parse(content);
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+      return null;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+async function migrateFromAuthJson(providerKey, store) {
+  const storage = await store.load();
+  const hasExistingAccounts = storage.accounts.length > 0;
+  if (hasExistingAccounts) return false;
+  const authData = await readAuthJson();
+  if (!authData) return false;
+  const providerCredential = authData[providerKey];
+  if (!isValidOAuthCredential(providerCredential)) return false;
+  const now = Date.now();
+  const newAccount = {
+    uuid: crypto.randomUUID(),
+    refreshToken: providerCredential.refresh,
+    accessToken: providerCredential.access,
+    expiresAt: providerCredential.expires,
+    addedAt: now,
+    lastUsed: now,
+    enabled: true,
+    planTier: "",
+    consecutiveAuthFailures: 0,
+    isAuthDisabled: false
+  };
+  await store.addAccount(newAccount);
+  await store.setActiveUuid(newAccount.uuid);
+  return true;
+}
+// ../multi-account-core/src/ui/ansi.ts
+var ANSI = {
+  hide: "\x1B[?25l",
+  show: "\x1B[?25h",
+  up: (n = 1) => `\x1B[${n}A`,
+  down: (n = 1) => `\x1B[${n}B`,
+  clearLine: "\x1B[2K",
+  cyan: "\x1B[36m",
+  green: "\x1B[32m",
+  red: "\x1B[31m",
+  yellow: "\x1B[33m",
+  dim: "\x1B[2m",
+  bold: "\x1B[1m",
+  reset: "\x1B[0m"
+};
+function parseKey(data) {
+  const s = data.toString();
+  if (s === "\x1B[A" || s === "\x1BOA") return "up";
+  if (s === "\x1B[B" || s === "\x1BOB") return "down";
+  if (s === "\r" || s === "\n") return "enter";
+  if (s === "") return "escape";
+  if (s === "\x1B") return "escape-start";
+  return null;
+}
+function isTTY() {
+  return Boolean(process.stdin.isTTY);
+}
+// ../multi-account-core/src/ui/select.ts
+var ESCAPE_TIMEOUT_MS = 50;
+var COLOR_MAP = {
+  red: ANSI.red,
+  green: ANSI.green,
+  yellow: ANSI.yellow,
+  cyan: ANSI.cyan
+};
+async function select(items, options) {
+  if (!isTTY()) {
+    throw new Error("Interactive select requires a TTY terminal");
+  }
+  const enabledItems = items.filter((i) => !i.disabled && !i.separator);
+  if (enabledItems.length === 0) {
+    throw new Error("All items disabled");
+  }
+  if (enabledItems.length === 1) {
+    return enabledItems[0].value;
+  }
+  const { message, subtitle } = options;
+  const { stdin, stdout } = process;
+  let cursor = items.findIndex((i) => !i.disabled && !i.separator);
+  if (cursor === -1) cursor = 0;
+  let escapeTimeout = null;
+  let isCleanedUp = false;
+  let isFirstRender = true;
+  const getTotalLines = () => {
+    const subtitleLines = subtitle ? 3 : 0;
+    return 1 + subtitleLines + items.length + 1 + 1;
+  };
+  const renderItemLabel = (item, isSelected) => {
+    const colorCode = item.color ? COLOR_MAP[item.color] ?? "" : "";
+    if (item.disabled) {
+      return `${ANSI.dim}${item.label} (unavailable)${ANSI.reset}`;
+    }
+    const hintSuffix = item.hint ? ` ${ANSI.dim}${item.hint}${ANSI.reset}` : "";
+    if (isSelected) {
+      const label = colorCode ? `${colorCode}${item.label}${ANSI.reset}` : item.label;
+      return `${label}${hintSuffix}`;
+    }
+    const dimLabel = colorCode ? `${ANSI.dim}${colorCode}${item.label}${ANSI.reset}` : `${ANSI.dim}${item.label}${ANSI.reset}`;
+    return `${dimLabel}${hintSuffix}`;
+  };
+  const render = () => {
+    const totalLines = getTotalLines();
+    if (!isFirstRender) {
+      stdout.write(ANSI.up(totalLines) + "\r");
+    }
+    isFirstRender = false;
+    stdout.write(`${ANSI.clearLine}${ANSI.dim}\u250C  ${ANSI.reset}${message}
+`);
+    if (subtitle) {
+      stdout.write(`${ANSI.clearLine}${ANSI.dim}\u2502${ANSI.reset}
+`);
+      stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u25C6${ANSI.reset}  ${subtitle}
+`);
+      stdout.write(`${ANSI.clearLine}
+`);
+    }
+    for (let i = 0; i < items.length; i++) {
+      const item = items[i];
+      if (!item) continue;
+      if (item.separator) {
+        stdout.write(`${ANSI.clearLine}${ANSI.dim}\u2502${ANSI.reset}
+`);
+        continue;
+      }
+      const isSelected = i === cursor;
+      const labelText = renderItemLabel(item, isSelected);
+      const bullet = isSelected ? `${ANSI.green}\u25CF${ANSI.reset}` : `${ANSI.dim}\u25CB${ANSI.reset}`;
+      stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u2502${ANSI.reset}  ${bullet} ${labelText}
+`);
+    }
+    stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u2502${ANSI.reset}  ${ANSI.dim}\u2191/\u2193 to select \u2022 Enter: confirm${ANSI.reset}
+`);
+    stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u2514${ANSI.reset}
+`);
+  };
+  return new Promise((resolve) => {
+    const wasRaw = stdin.isRaw ?? false;
+    const cleanup = () => {
+      if (isCleanedUp) return;
+      isCleanedUp = true;
+      if (escapeTimeout) {
+        clearTimeout(escapeTimeout);
+        escapeTimeout = null;
+      }
+      try {
+        stdin.removeListener("data", onKey);
+        stdin.setRawMode(wasRaw);
+        stdin.pause();
+        stdout.write(ANSI.show);
+      } catch {
+      }
+      process.removeListener("SIGINT", onSignal);
+      process.removeListener("SIGTERM", onSignal);
+    };
+    const onSignal = () => {
+      cleanup();
+      resolve(null);
+    };
+    const finishWithValue = (value) => {
+      cleanup();
+      resolve(value);
+    };
+    const findNextSelectable = (from, direction) => {
+      if (items.length === 0) return from;
+      let next = from;
+      do {
+        next = (next + direction + items.length) % items.length;
+      } while (items[next]?.disabled || items[next]?.separator);
+      return next;
+    };
+    const onKey = (data) => {
+      if (escapeTimeout) {
+        clearTimeout(escapeTimeout);
+        escapeTimeout = null;
+      }
+      const action = parseKey(data);
+      switch (action) {
+        case "up":
+          cursor = findNextSelectable(cursor, -1);
+          render();
+          return;
+        case "down":
+          cursor = findNextSelectable(cursor, 1);
+          render();
+          return;
+        case "enter":
+          finishWithValue(items[cursor]?.value ?? null);
+          return;
+        case "escape":
+          finishWithValue(null);
+          return;
+        case "escape-start":
+          escapeTimeout = setTimeout(() => {
+            finishWithValue(null);
+          }, ESCAPE_TIMEOUT_MS);
+          return;
+        default:
+          return;
+      }
+    };
+    process.once("SIGINT", onSignal);
+    process.once("SIGTERM", onSignal);
+    try {
+      stdin.setRawMode(true);
+    } catch {
+      cleanup();
+      resolve(null);
+      return;
+    }
+    stdin.resume();
+    stdout.write(ANSI.hide);
+    render();
+    stdin.on("data", onKey);
+  });
+}
+// ../multi-account-core/src/ui/confirm.ts
+async function confirm(message, defaultYes = false) {
+  const items = defaultYes ? [
+    { label: "Yes", value: true },
+    { label: "No", value: false }
+  ] : [
+    { label: "No", value: false },
+    { label: "Yes", value: true }
+  ];
+  const result = await select(items, { message });
+  return result ?? false;
+}
+// ../oauth-adapters/src/anthropic.ts
+var anthropicOAuthAdapter = {
+  id: "anthropic",
+  authProviderId: "anthropic",
+  modelDisplayName: "Claude",
+  statusToolName: "claude_multiauth_status",
+  authMethodLabel: "Claude Pro/Max (Multi-Auth)",
+  serviceLogName: "claude-multiauth",
+  oauthClientId: "9d1c250a-e61b-44d9-88ed-5944d1962f5e",
+  tokenEndpoint: "https://console.anthropic.com/v1/oauth/token",
+  usageEndpoint: "https://api.anthropic.com/api/oauth/usage",
+  profileEndpoint: "https://api.anthropic.com/api/oauth/profile",
+  oauthBetaHeader: "oauth-2025-04-20",
+  requestBetaHeader: "oauth-2025-04-20,interleaved-thinking-2025-05-14",
+  cliUserAgent: "claude-cli/2.1.2 (external, cli)",
+  toolPrefix: "mcp_",
+  accountStorageFilename: "anthropic-multi-account-accounts.json",
+  transform: {
+    rewriteOpenCodeBranding: true,
+    addToolPrefix: true,
+    stripToolPrefixInResponse: true,
+    enableMessagesBetaQuery: true
+  },
+  planLabels: {
+    max: "Claude Max",
+    pro: "Claude Pro",
+    free: "Free"
+  },
+  supported: true
+};
+// src/constants.ts
+var ANTHROPIC_OAUTH_ADAPTER = anthropicOAuthAdapter;
+var ANTHROPIC_CLIENT_ID = ANTHROPIC_OAUTH_ADAPTER.oauthClientId;
+var ANTHROPIC_TOKEN_ENDPOINT = ANTHROPIC_OAUTH_ADAPTER.tokenEndpoint;
+var ANTHROPIC_USAGE_ENDPOINT = ANTHROPIC_OAUTH_ADAPTER.usageEndpoint;
+var ANTHROPIC_PROFILE_ENDPOINT = ANTHROPIC_OAUTH_ADAPTER.profileEndpoint;
+var ANTHROPIC_BETA_HEADER = ANTHROPIC_OAUTH_ADAPTER.requestBetaHeader;
+var CLAUDE_CLI_USER_AGENT = ANTHROPIC_OAUTH_ADAPTER.cliUserAgent;
+var TOOL_PREFIX = ANTHROPIC_OAUTH_ADAPTER.toolPrefix;
+var ACCOUNTS_FILENAME2 = ANTHROPIC_OAUTH_ADAPTER.accountStorageFilename;
+var PLAN_LABELS = ANTHROPIC_OAUTH_ADAPTER.planLabels;
+var TOKEN_EXPIRY_BUFFER_MS = 6e4;
+var TOKEN_REFRESH_TIMEOUT_MS = 3e4;
+// src/token.ts
+import * as v6 from "valibot";
+// src/types.ts
+import * as v5 from "valibot";
+var OAuthCredentialsSchema2 = v5.object({
+  type: v5.literal("oauth"),
+  refresh: v5.string(),
+  access: v5.string(),
+  expires: v5.number()
+});
+var UsageLimitEntrySchema2 = v5.object({
+  utilization: v5.number(),
+  resets_at: v5.nullable(v5.string())
+});
+var UsageLimitsSchema2 = v5.object({
+  five_hour: v5.optional(v5.nullable(UsageLimitEntrySchema2), null),
+  seven_day: v5.optional(v5.nullable(UsageLimitEntrySchema2), null),
+  seven_day_sonnet: v5.optional(v5.nullable(UsageLimitEntrySchema2), null)
+});
+var CredentialRefreshPatchSchema2 = v5.object({
+  accessToken: v5.string(),
+  expiresAt: v5.number(),
+  refreshToken: v5.optional(v5.string()),
+  uuid: v5.optional(v5.string()),
+  email: v5.optional(v5.string())
+});
+var StoredAccountSchema2 = v5.object({
+  uuid: v5.optional(v5.string()),
+  label: v5.optional(v5.string()),
+  email: v5.optional(v5.string()),
+  planTier: v5.optional(v5.string(), ""),
+  refreshToken: v5.string(),
+  accessToken: v5.optional(v5.string()),
+  expiresAt: v5.optional(v5.number()),
+  addedAt: v5.number(),
+  lastUsed: v5.number(),
+  enabled: v5.optional(v5.boolean(), true),
+  rateLimitResetAt: v5.optional(v5.number()),
+  cachedUsage: v5.optional(UsageLimitsSchema2),
+  cachedUsageAt: v5.optional(v5.number()),
+  consecutiveAuthFailures: v5.optional(v5.number(), 0),
+  isAuthDisabled: v5.optional(v5.boolean(), false),
+  authDisabledReason: v5.optional(v5.string())
+});
+var AccountStorageSchema2 = v5.object({
+  version: v5.literal(1),
+  accounts: v5.optional(v5.array(StoredAccountSchema2), []),
+  activeAccountUuid: v5.optional(v5.string())
+});
+var TokenResponseSchema = v5.object({
+  access_token: v5.string(),
+  refresh_token: v5.optional(v5.string()),
+  expires_in: v5.number(),
+  account: v5.optional(v5.object({
+    uuid: v5.optional(v5.string()),
+    email_address: v5.optional(v5.string())
+  }))
+});
+var AccountSelectionStrategySchema2 = v5.picklist(["sticky", "round-robin", "hybrid"]);
+var PluginConfigSchema2 = v5.object({
+  /** sticky: same account until failure, round-robin: rotate every request, hybrid: health+usage scoring */
+  account_selection_strategy: v5.optional(AccountSelectionStrategySchema2, "sticky"),
+  /** Use cross-process claim file to distribute parallel sessions across accounts */
+  cross_process_claims: v5.optional(v5.boolean(), true),
+  /** Skip account when any usage tier utilization >= this % (100 = disabled) */
+  soft_quota_threshold_percent: v5.optional(v5.pipe(v5.number(), v5.minValue(0), v5.maxValue(100)), 100),
+  /** Minimum backoff after rate limit (ms) */
+  rate_limit_min_backoff_ms: v5.optional(v5.pipe(v5.number(), v5.minValue(0)), 3e4),
+  /** Default retry-after when header is missing (ms) */
+  default_retry_after_ms: v5.optional(v5.pipe(v5.number(), v5.minValue(0)), 6e4),
+  /** Consecutive auth failures before disabling account */
+  max_consecutive_auth_failures: v5.optional(v5.pipe(v5.number(), v5.integer(), v5.minValue(1)), 3),
+  /** Backoff after token refresh failure (ms) */
+  token_failure_backoff_ms: v5.optional(v5.pipe(v5.number(), v5.minValue(0)), 3e4),
+  /** Enable proactive background token refresh */
+  proactive_refresh: v5.optional(v5.boolean(), true),
+  /** Seconds before expiry to trigger proactive refresh (default 30 min) */
+  proactive_refresh_buffer_seconds: v5.optional(v5.pipe(v5.number(), v5.minValue(60)), 1800),
+  /** Interval between background refresh checks in seconds (default 5 min) */
+  proactive_refresh_interval_seconds: v5.optional(v5.pipe(v5.number(), v5.minValue(30)), 300),
+  /** Suppress toast notifications */
+  quiet_mode: v5.optional(v5.boolean(), false),
+  /** Enable debug logging */
+  debug: v5.optional(v5.boolean(), false)
+});
+// src/token.ts
+var PERMANENT_FAILURE_STATUSES = /* @__PURE__ */ new Set([400, 401, 403]);
+var refreshMutexByAccountId = /* @__PURE__ */ new Map();
+function isTokenExpired(account) {
+  if (!account.accessToken || !account.expiresAt) return true;
+  return account.expiresAt <= Date.now() + TOKEN_EXPIRY_BUFFER_MS;
+}
+async function refreshToken(currentRefreshToken, accountId, client) {
+  if (!currentRefreshToken) return { ok: false, permanent: true };
+  const inFlightRefresh = refreshMutexByAccountId.get(accountId);
+  if (inFlightRefresh) return inFlightRefresh;
+  const refreshPromise = (async () => {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), TOKEN_REFRESH_TIMEOUT_MS);
+    try {
+      const startTime = Date.now();
+      const response = await fetch(ANTHROPIC_TOKEN_ENDPOINT, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          grant_type: "refresh_token",
+          refresh_token: currentRefreshToken,
+          client_id: ANTHROPIC_CLIENT_ID
+        }),
+        signal: controller.signal
+      });
+      if (!response.ok) {
+        const isPermanent = PERMANENT_FAILURE_STATUSES.has(response.status);
+        await client.app.log({
+          body: {
+            service: ANTHROPIC_OAUTH_ADAPTER.serviceLogName,
+            level: isPermanent ? "error" : "warn",
+            message: `Token refresh failed: ${response.status}${isPermanent ? " (permanent)" : ""}`,
+            extra: { accountId }
+          }
+        }).catch(() => {
+        });
+        return { ok: false, permanent: isPermanent };
+      }
+      const json = v6.parse(TokenResponseSchema, await response.json());
+      const patch = {
+        accessToken: json.access_token,
+        expiresAt: startTime + json.expires_in * 1e3,
+        refreshToken: json.refresh_token,
+        uuid: json.account?.uuid,
+        email: json.account?.email_address
+      };
+      return { ok: true, patch };
+    } catch (error) {
+      await client.app.log({
+        body: {
+          service: ANTHROPIC_OAUTH_ADAPTER.serviceLogName,
+          level: "warn",
+          message: `Token refresh network error: ${error instanceof Error ? error.message : String(error)}`,
+          extra: { accountId }
+        }
+      }).catch(() => {
+      });
+      return { ok: false, permanent: false };
+    } finally {
+      clearTimeout(timeout);
+      refreshMutexByAccountId.delete(accountId);
+    }
+  })();
+  refreshMutexByAccountId.set(accountId, refreshPromise);
+  return refreshPromise;
+}
+// src/account-manager.ts
+var AccountManager = createAccountManagerForProvider({
+  providerAuthId: "anthropic",
+  isTokenExpired,
+  refreshToken
+});
+// src/config.ts
+initCoreConfig("claude-multiauth.json");
+// src/utils.ts
+setConfigGetter(getConfig);
+// src/usage.ts
+import * as v7 from "valibot";
+var OAUTH_BETA_HEADER = ANTHROPIC_OAUTH_ADAPTER.oauthBetaHeader;
+var ProfileResponseSchema = v7.object({
+  account: v7.object({
+    email: v7.optional(v7.string()),
+    has_claude_pro: v7.optional(v7.boolean(), false),
+    has_claude_max: v7.optional(v7.boolean(), false)
+  })
+});
+async function fetchUsage(accessToken) {
+  try {
+    const response = await fetch(ANTHROPIC_USAGE_ENDPOINT, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        "anthropic-beta": OAUTH_BETA_HEADER
+      }
+    });
+    if (!response.ok) {
+      return { ok: false, reason: `HTTP ${response.status} ${response.statusText}` };
+    }
+    const result = v7.safeParse(UsageLimitsSchema2, await response.json());
+    if (!result.success) {
+      return { ok: false, reason: `Invalid response: ${result.issues[0]?.message ?? "unknown"}` };
+    }
+    return { ok: true, data: result.output };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    return { ok: false, reason: message };
+  }
+}
+async function fetchProfile(accessToken) {
+  try {
+    const response = await fetch(ANTHROPIC_PROFILE_ENDPOINT, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        "anthropic-beta": OAUTH_BETA_HEADER
+      }
+    });
+    if (!response.ok) {
+      return { ok: false, reason: `HTTP ${response.status} ${response.statusText}` };
+    }
+    const result = v7.safeParse(ProfileResponseSchema, await response.json());
+    if (!result.success) {
+      return { ok: false, reason: `Invalid response: ${result.issues[0]?.message ?? "unknown"}` };
+    }
+    const planTier = result.output.account.has_claude_max ? "max" : result.output.account.has_claude_pro ? "pro" : "free";
+    return { ok: true, data: { email: result.output.account.email, planTier } };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    return { ok: false, reason: message };
+  }
+}
+function formatTimeRemaining(resetAt) {
+  if (!resetAt) return "unknown";
+  const diffMs = new Date(resetAt).getTime() - Date.now();
+  if (diffMs <= 0) return "0m";
+  return formatWaitTime(diffMs);
+}
+function getUsageSummary(account) {
+  if (!account.cachedUsage) return "no data";
+  const parts = [];
+  const { five_hour, seven_day } = account.cachedUsage;
+  if (five_hour) {
+    const reset = five_hour.resets_at ? ` (resets ${formatTimeRemaining(five_hour.resets_at)})` : "";
+    parts.push(`5h: ${five_hour.utilization.toFixed(0)}%${reset}`);
+  }
+  if (seven_day) {
+    const reset = seven_day.resets_at ? ` (resets ${formatTimeRemaining(seven_day.resets_at)})` : "";
+    parts.push(`7d: ${seven_day.utilization.toFixed(0)}%${reset}`);
+  }
+  return parts.length > 0 ? parts.join(", ") : "no data";
+}
+function getPlanLabel(account) {
+  if (!account.planTier || account.planTier === "free") return "";
+  return PLAN_LABELS[account.planTier] ?? account.planTier.charAt(0).toUpperCase() + account.planTier.slice(1);
+}
+// src/rate-limit.ts
+var {
+  fetchUsageLimits,
+  getResetMsFromUsage,
+  handleRateLimitResponse,
+  retryAfterMsFromResponse
+} = createRateLimitHandlers({
+  fetchUsage: async (accessToken) => fetchUsage(accessToken),
+  getConfig,
+  formatWaitTime,
+  getAccountLabel,
+  showToast
+});
+// src/executor.ts
+var { executeWithAccountRotation } = createExecutorForProvider("Anthropic", {
+  handleRateLimitResponse: async (manager, client, account, response) => handleRateLimitResponse(
+    manager,
+    client,
+    account,
+    response
+  ),
+  formatWaitTime,
+  sleep,
+  showToast,
+  getAccountLabel
+});
+// src/ui/auth-menu.ts
+function formatRelativeTime(timestamp) {
+  if (!timestamp) return "never";
+  const days = Math.floor((Date.now() - timestamp) / 864e5);
+  if (days === 0) return "today";
+  if (days === 1) return "yesterday";
+  if (days < 7) return `${days}d ago`;
+  if (days < 30) return `${Math.floor(days / 7)}w ago`;
+  return new Date(timestamp).toLocaleDateString();
+}
+function formatDate(timestamp) {
+  if (!timestamp) return "unknown";
+  return new Date(timestamp).toLocaleDateString();
+}
+function getAccountStatus(account) {
+  if (account.isAuthDisabled) return "auth-disabled";
+  if (!account.enabled) return "disabled";
+  if (account.rateLimitResetAt && account.rateLimitResetAt > Date.now()) return "rate-limited";
+  return "active";
+}
+var STATUS_BADGE = {
+  "active": `${ANSI.green}[active]${ANSI.reset}`,
+  "rate-limited": `${ANSI.yellow}[rate-limited]${ANSI.reset}`,
+  "auth-disabled": `${ANSI.red}[auth-disabled]${ANSI.reset}`,
+  "disabled": `${ANSI.red}[disabled]${ANSI.reset}`
+};
+function buildAccountMenuItem(account) {
+  const label = getAccountLabel(account);
+  const status = getAccountStatus(account);
+  const badge = STATUS_BADGE[status];
+  const fullLabel = `${label} ${badge}`;
+  return {
+    label: fullLabel,
+    hint: account.lastUsed ? `used ${formatRelativeTime(account.lastUsed)}` : "",
+    value: account,
+    disabled: false
+  };
+}
+async function showAuthMenu(accounts) {
+  const items = [
+    { label: "Add new account", value: { type: "add" }, color: "green" },
+    { label: "Check quotas", value: { type: "check-quotas" }, color: "cyan" },
+    { label: "Manage accounts", value: { type: "manage" } },
+    { label: "Load balancing", value: { type: "load-balancing" } },
+    { label: "", value: { type: "cancel" }, separator: true },
+    { label: "Delete all accounts", value: { type: "delete-all" }, color: "red" }
+  ];
+  while (true) {
+    const subtitle = `${accounts.length} account(s) registered`;
+    const result = await select(items, {
+      message: "Claude Multi-Auth",
+      subtitle
+    });
+    if (!result) return { type: "cancel" };
+    if (result.type === "delete-all") {
+      const confirmed = await confirm("Delete ALL accounts? This cannot be undone.");
+      if (!confirmed) continue;
+    }
+    return result;
+  }
+}
+async function showManageAccounts(accounts) {
+  const items = [
+    { label: "Back", value: null },
+    { label: "", value: null, separator: true },
+    ...accounts.map(buildAccountMenuItem)
+  ];
+  const selected = await select(items, {
+    message: "Manage Accounts",
+    subtitle: "Select an account to manage"
+  });
+  if (!selected) return { action: "back" };
+  return showAccountDetails(selected);
+}
+async function showAccountDetails(account) {
+  const label = getAccountLabel(account);
+  const status = getAccountStatus(account);
+  const badge = STATUS_BADGE[status];
+  console.log("");
+  console.log(`${ANSI.bold}Account: ${label} ${badge}${ANSI.reset}`);
+  console.log(`${ANSI.dim}Added: ${formatDate(account.addedAt)}${ANSI.reset}`);
+  console.log(`${ANSI.dim}Last used: ${formatRelativeTime(account.lastUsed)}${ANSI.reset}`);
+  if (account.isAuthDisabled) {
+    console.log(`${ANSI.red}Auth disabled: ${account.authDisabledReason ?? "unknown"}${ANSI.reset}`);
+  }
+  console.log("");
+  while (true) {
+    const toggleLabel = account.enabled ? "Disable account" : "Enable account";
+    const toggleColor = account.enabled ? "yellow" : "green";
+    const items = [
+      { label: "Back", value: "back" }
+    ];
+    items.push({ label: toggleLabel, value: "toggle", color: toggleColor });
+    items.push({ label: "Re-authenticate", value: "retry-auth", color: "cyan" });
+    items.push({ label: "Delete this account", value: "delete", color: "red" });
+    const result = await select(items, {
+      message: "Account options",
+      subtitle: label
+    });
+    if (result === "delete") {
+      const confirmed = await confirm(`Delete ${label}?`);
+      if (!confirmed) continue;
+    }
+    return { action: result ?? "cancel", account };
+  }
+}
+function getUsageColor(utilization) {
+  if (utilization >= 90) return ANSI.red;
+  if (utilization >= 60) return ANSI.yellow;
+  return ANSI.green;
+}
+function createProgressBar(utilization, width = 20) {
+  const filled = Math.round(utilization / 100 * width);
+  const empty = width - filled;
+  const color = getUsageColor(utilization);
+  return `${color}${"\u2588".repeat(filled)}${ANSI.reset}${"\u2591".repeat(empty)} ${color}${Math.round(utilization)}% used${ANSI.reset}`;
+}
+function formatResetTime(resetAt) {
+  if (!resetAt) return "";
+  const date = new Date(resetAt);
+  const now = /* @__PURE__ */ new Date();
+  const tz = Intl.DateTimeFormat().resolvedOptions().timeZone;
+  const timeStr = date.toLocaleTimeString(void 0, { hour: "numeric", minute: "2-digit", hour12: true });
+  const isSameDay = date.getFullYear() === now.getFullYear() && date.getMonth() === now.getMonth() && date.getDate() === now.getDate();
+  if (isSameDay) {
+    return ` (resets ${timeStr}, ${tz})`;
+  }
+  const dateStr = date.toLocaleDateString(void 0, { month: "short", day: "numeric" });
+  return ` (resets ${dateStr} ${timeStr}, ${tz})`;
+}
+function printUsageEntry(name, entry, isLast) {
+  const connector = isLast ? "\u2514\u2500" : "\u251C\u2500";
+  if (!entry) {
+    console.log(`     ${connector} ${name.padEnd(16)} no data`);
+    return;
+  }
+  const bar = createProgressBar(entry.utilization);
+  const reset = formatResetTime(entry.resets_at);
+  console.log(`     ${connector} ${name.padEnd(16)} ${bar}${reset}`);
+}
+function printQuotaReport(account, usage) {
+  const label = getAccountLabel(account);
+  const status = getAccountStatus(account);
+  const badge = STATUS_BADGE[status];
+  const planLabel = getPlanLabel(account) || "Free";
+  console.log(`\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501`);
+  console.log(`  ${label} ${badge}`);
+  console.log(`\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501`);
+  if (account.email) {
+    console.log(`  \u{1F4E7} ${account.email}`);
+  }
+  console.log(`  \u{1F4CB} ${planLabel}`);
+  console.log(`
+  \u2514\u2500 Claude Quota`);
+  printUsageEntry("Current session", usage.five_hour, false);
+  printUsageEntry("Current week", usage.seven_day, !usage.seven_day_sonnet);
+  if (usage.seven_day_sonnet) {
+    printUsageEntry("Sonnet only", usage.seven_day_sonnet, true);
+  }
+  console.log("");
+}
+var STRATEGY_DESCRIPTIONS = {
+  "sticky": "Same account until rate-limited",
+  "round-robin": "Rotate every request",
+  "hybrid": "Score-based (usage + health)"
+};
+async function showStrategySelect(current) {
+  const strategies = ["sticky", "round-robin", "hybrid"];
+  const items = strategies.map((s) => ({
+    label: `${s}${s === current ? " (current)" : ""}`,
+    hint: STRATEGY_DESCRIPTIONS[s],
+    value: s
+  }));
+  return select(items, {
+    message: "Load Balancing Strategy",
+    subtitle: `Current: ${current}`
+  });
+}
+function printQuotaError(account, error) {
+  const label = getAccountLabel(account);
+  console.log(`\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501`);
+  console.log(`  ${label}`);
+  if (account.email) {
+    console.log(`  \u{1F4E7} ${account.email}`);
+  }
+  console.log(`\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501`);
+  console.log(`  ${ANSI.red}Error: ${error}${ANSI.reset}
+`);
+}
+// src/account-store.ts
+setAccountsFilename(ACCOUNTS_FILENAME2);
+// src/auth-handler.ts
+import { randomUUID as randomUUID2 } from "node:crypto";
+import { createInterface } from "node:readline";
+import { exec } from "node:child_process";
+function makeFailedFlowResult(message) {
+  return {
+    url: "",
+    instructions: message,
+    method: "auto",
+    callback: async () => ({ type: "failed" })
+  };
+}
+function delegateToOriginalAuth(originalAuth, manager, inputs) {
+  const originalMethod = originalAuth.methods?.[0];
+  if (!originalMethod?.authorize) {
+    return Promise.resolve(makeFailedFlowResult("Original OAuth method not available"));
+  }
+  return originalMethod.authorize(inputs).then(
+    (result) => wrapCallbackWithManagerSync(result, manager, originalAuth, inputs)
+  );
+}
+function delegateReauthForAccount(originalAuth, manager, targetAccount, inputs) {
+  const originalMethod = originalAuth.methods?.[0];
+  if (!originalMethod?.authorize) {
+    return Promise.resolve(makeFailedFlowResult("Original OAuth method not available"));
+  }
+  return originalMethod.authorize(inputs).then(
+    (result) => wrapCallbackWithAccountReplace(result, manager, targetAccount)
+  );
+}
+function wrapCallbackWithAccountReplace(result, manager, targetAccount) {
+  const originalCallback = result.callback;
+  return {
+    ...result,
+    callback: async function(code) {
+      const callbackResult = await originalCallback(code);
+      if (callbackResult?.type === "success" && callbackResult.refresh) {
+        const auth = {
+          type: "oauth",
+          refresh: callbackResult.refresh,
+          access: callbackResult.access,
+          expires: callbackResult.expires
+        };
+        if (targetAccount.uuid) {
+          await manager.replaceAccountCredentials(targetAccount.uuid, auth);
+        }
+        const label = getAccountLabel(targetAccount);
+        console.log(`
+\u2705 ${label} re-authenticated successfully.
+`);
+      }
+      return callbackResult;
+    }
+  };
+}
+function wrapCallbackWithManagerSync(result, manager, originalAuth, inputs) {
+  const originalCallback = result.callback;
+  return {
+    ...result,
+    callback: async function(code) {
+      const callbackResult = await originalCallback(code);
+      if (callbackResult?.type === "success" && callbackResult.refresh) {
+        const auth = {
+          type: "oauth",
+          refresh: callbackResult.refresh,
+          access: callbackResult.access,
+          expires: callbackResult.expires
+        };
+        if (manager) {
+          const countBefore = manager.getAccounts().length;
+          await manager.addAccount(auth);
+          const countAfter = manager.getAccounts().length;
+          if (countAfter > countBefore) {
+            console.log(`
+\u2705 Account added to multi-auth pool (${countAfter} total).
+`);
+          } else {
+            console.log(`
+\u2139\uFE0F  Account already exists in multi-auth pool (${countAfter} total).
+`);
+          }
+          if (originalAuth && inputs && isTTY()) {
+            await addMoreAccountsLoop(manager, originalAuth, inputs);
+          }
+        } else {
+          await persistFallback(auth);
+          console.log(`
+\u2705 Account saved.
+`);
+        }
+      }
+      return callbackResult;
+    }
+  };
+}
+function promptYesNo(message) {
+  if (!isTTY()) return Promise.resolve(false);
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(message, (answer) => {
+      rl.close();
+      resolve(answer.trim().toLowerCase() === "y");
+    });
+  });
+}
+function openBrowser(url) {
+  const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+  exec(`${cmd} ${JSON.stringify(url)}`);
+}
+async function addMoreAccountsLoop(manager, originalAuth, inputs) {
+  const originalMethod = originalAuth.methods?.[0];
+  if (!originalMethod?.authorize) return;
+  while (true) {
+    const currentCount = manager.getAccounts().length;
+    const shouldAdd = await promptYesNo(`Add another account? (${currentCount} added) (y/n): `);
+    if (!shouldAdd) break;
+    let flow;
+    try {
+      flow = await originalMethod.authorize(inputs);
+    } catch {
+      console.log("\n\u274C Failed to start OAuth flow.\n");
+      break;
+    }
+    if (flow.url) {
+      openBrowser(flow.url);
+    }
+    let callbackResult;
+    try {
+      callbackResult = await flow.callback();
+    } catch {
+      console.log("\n\u274C Authentication failed.\n");
+      break;
+    }
+    if (callbackResult?.type !== "success" || !("refresh" in callbackResult)) {
+      console.log("\n\u274C Authentication failed.\n");
+      break;
+    }
+    const auth = {
+      type: "oauth",
+      refresh: callbackResult.refresh,
+      access: callbackResult.access,
+      expires: callbackResult.expires
+    };
+    const countBefore = manager.getAccounts().length;
+    await manager.addAccount(auth);
+    const countAfter = manager.getAccounts().length;
+    if (countAfter > countBefore) {
+      console.log(`
+\u2705 Account added to multi-auth pool (${countAfter} total).
+`);
+    } else {
+      console.log(`
+\u2139\uFE0F  Account already exists in multi-auth pool (${countAfter} total).
+`);
+    }
+  }
+}
+async function persistFallback(auth) {
+  try {
+    const store = new AccountStore();
+    const now = Date.now();
+    const account = {
+      uuid: randomUUID2(),
+      refreshToken: auth.refresh,
+      accessToken: auth.access,
+      expiresAt: auth.expires,
+      addedAt: now,
+      lastUsed: now,
+      enabled: true,
+      planTier: "",
+      consecutiveAuthFailures: 0,
+      isAuthDisabled: false
+    };
+    await store.addAccount(account);
+    await store.setActiveUuid(account.uuid);
+  } catch {
+  }
+}
+async function handleAuthorize(originalAuth, manager, inputs, client) {
+  if (!inputs || !isTTY()) {
+    return delegateToOriginalAuth(originalAuth, manager, inputs);
+  }
+  const effectiveManager = manager ?? await loadManagerFromDisk(client);
+  if (!effectiveManager || effectiveManager.getAccounts().length === 0) {
+    return delegateToOriginalAuth(originalAuth, manager, inputs);
+  }
+  return runAccountManagementMenu(originalAuth, effectiveManager, inputs, client);
+}
+async function loadManagerFromDisk(client) {
+  const store = new AccountStore();
+  const stored = await store.load();
+  if (stored.accounts.length === 0) return null;
+  const emptyAuth = { type: "oauth", refresh: "", access: "", expires: 0 };
+  const mgr = await AccountManager.create(store, emptyAuth, client);
+  return mgr;
+}
+async function runAccountManagementMenu(originalAuth, manager, inputs, client) {
+  while (true) {
+    const allAccounts = manager.getAccounts();
+    const menuAction = await showAuthMenu(allAccounts);
+    switch (menuAction.type) {
+      case "add":
+        return delegateToOriginalAuth(originalAuth, manager, inputs);
+      case "check-quotas":
+        await handleCheckQuotas(manager, client);
+        continue;
+      case "manage": {
+        const result = await showManageAccounts(allAccounts);
+        if (result.action === "back" || result.action === "cancel") continue;
+        const manageResult = await handleManageAction(manager, result.action, result.account, client);
+        if (manageResult.triggerOAuth) {
+          return delegateReauthForAccount(originalAuth, manager, manageResult.account, inputs);
+        }
+        continue;
+      }
+      case "load-balancing":
+        await handleLoadBalancing();
+        continue;
+      case "delete-all":
+        await manager.clearAllAccounts();
+        console.log("\nAll accounts deleted.\n");
+        return delegateToOriginalAuth(originalAuth, manager, inputs);
+      case "cancel":
+        return makeFailedFlowResult("Authentication cancelled");
+    }
+  }
+}
+async function handleCheckQuotas(manager, client) {
+  await manager.refresh();
+  const accounts = manager.getAccounts();
+  const effectiveClient = client ?? createMinimalClient();
+  if (client) manager.setClient(client);
+  console.log(`
+\u{1F4CA} Checking quotas for ${accounts.length} account(s)...
+`);
+  for (const account of accounts) {
+    if (account.isAuthDisabled || !account.accessToken || isTokenExpired(account)) {
+      if (!account.uuid) {
+        printQuotaError(account, "Missing account UUID");
+        continue;
+      }
+      const result = await manager.ensureValidToken(account.uuid, effectiveClient);
+      if (!result.ok) {
+        printQuotaError(account, account.isAuthDisabled ? `${account.authDisabledReason ?? "Auth disabled"} (refresh failed)` : "Failed to refresh token");
+        continue;
+      }
+      await manager.refresh();
+    }
+    const freshAccounts = manager.getAccounts();
+    const freshAccount = freshAccounts.find((candidate) => candidate.uuid === account.uuid);
+    if (!freshAccount?.accessToken) {
+      printQuotaError(account, "No access token available");
+      continue;
+    }
+    const usageResult = await fetchUsage(freshAccount.accessToken);
+    if (!usageResult.ok) {
+      printQuotaError(freshAccount, `Failed to fetch usage: ${usageResult.reason}`);
+      continue;
+    }
+    if (freshAccount.uuid) {
+      await manager.applyUsageCache(freshAccount.uuid, usageResult.data);
+    }
+    let reportAccount = freshAccount;
+    const profileResult = await fetchProfile(freshAccount.accessToken);
+    if (profileResult.ok) {
+      if (freshAccount.uuid) {
+        await manager.applyProfileCache(freshAccount.uuid, profileResult.data);
+      }
+      reportAccount = {
+        ...freshAccount,
+        email: profileResult.data.email ?? freshAccount.email,
+        planTier: profileResult.data.planTier
+      };
+    }
+    printQuotaReport(reportAccount, usageResult.data);
+  }
+}
+async function handleLoadBalancing() {
+  const current = getConfig().account_selection_strategy;
+  const selected = await showStrategySelect(current);
+  if (!selected || selected === current) return;
+  await updateConfigField("account_selection_strategy", selected);
+  console.log(`
+Load balancing strategy changed: ${current} \u2192 ${selected}
+`);
+}
+async function handleManageAction(manager, action, account, client) {
+  if (!account) return { triggerOAuth: false };
+  const label = getAccountLabel(account);
+  switch (action) {
+    case "toggle":
+      if (!account.uuid) break;
+      await manager.toggleEnabled(account.uuid);
+      await manager.refresh();
+      {
+        const updated = manager.getAccounts().find((candidate) => candidate.uuid === account.uuid);
+        console.log(`
+${label} ${updated?.enabled ? "enabled" : "disabled"}.
+`);
+      }
+      break;
+    case "delete":
+      if (!account.uuid) break;
+      {
+        const removed = await manager.removeAccount(account.index);
+        console.log(removed ? "\nAccount deleted.\n" : "\nFailed to delete account.\n");
+      }
+      break;
+    case "retry-auth": {
+      if (!account.uuid) break;
+      const effectiveClient = client ?? createMinimalClient();
+      console.log(`
+Retrying authentication for ${label}...
+`);
+      const result = await manager.retryAuth(account.uuid, effectiveClient);
+      if (result.ok) {
+        console.log(`\u2705 ${label} re-authenticated successfully.
+`);
+      } else {
+        console.log(`Token refresh failed \u2014 starting OAuth flow...
+`);
+        return { triggerOAuth: true, account };
+      }
+      break;
+    }
+  }
+  return { triggerOAuth: false };
+}
+// src/proactive-refresh.ts
+var ProactiveRefreshQueue = createProactiveRefreshQueueForProvider({
+  getConfig,
+  isTokenExpired,
+  refreshToken,
+  debugLog
+});
+// src/runtime-factory.ts
+import { AnthropicAuthPlugin } from "opencode-anthropic-auth";
+var AccountRuntimeFactory = class {
+  constructor(pluginCtx, store, client, provider) {
+    this.pluginCtx = pluginCtx;
+    this.store = store;
+    this.client = client;
+    this.provider = provider;
+  }
+  runtimes = /* @__PURE__ */ new Map();
+  initLocks = /* @__PURE__ */ new Map();
+  async getRuntime(uuid) {
+    const cached = this.runtimes.get(uuid);
+    if (cached) return cached;
+    const existing = this.initLocks.get(uuid);
+    if (existing) return existing;
+    const initPromise = this.createRuntime(uuid);
+    this.initLocks.set(uuid, initPromise);
+    try {
+      const runtime = await initPromise;
+      this.runtimes.set(uuid, runtime);
+      return runtime;
+    } finally {
+      this.initLocks.delete(uuid);
+    }
+  }
+  invalidate(uuid) {
+    this.runtimes.delete(uuid);
+  }
+  invalidateAll() {
+    this.runtimes.clear();
+  }
+  async createRuntime(uuid) {
+    const scopedClient = this.createScopedClient(uuid);
+    const scopedCtx = {
+      ...this.pluginCtx,
+      client: scopedClient
+    };
+    const hooks = await AnthropicAuthPlugin(scopedCtx);
+    const auth = hooks.auth;
+    if (!auth?.loader) {
+      throw new Error(`Base plugin loader unavailable for account ${uuid}`);
+    }
+    const scopedGetAuth = this.createScopedGetAuth(uuid);
+    const result = await auth.loader(scopedGetAuth, this.provider);
+    if (!result?.fetch) {
+      throw new Error(`Base plugin returned no fetch for account ${uuid}`);
+    }
+    debugLog(this.client, `Runtime created for account ${uuid.slice(0, 8)}`);
+    return { fetch: result.fetch };
+  }
+  createScopedGetAuth(uuid) {
+    const store = this.store;
+    return async () => {
+      const credentials = await store.readCredentials(uuid);
+      if (!credentials) {
+        return { type: "oauth", refresh: "", access: "", expires: 0 };
+      }
+      return {
+        type: "oauth",
+        refresh: credentials.refreshToken,
+        access: credentials.accessToken ?? "",
+        expires: credentials.expiresAt ?? 0
+      };
+    };
+  }
+  createScopedClient(uuid) {
+    const store = this.store;
+    const originalClient = this.client;
+    return {
+      auth: {
+        async set(params) {
+          const { body } = params;
+          await store.mutateAccount(uuid, (account) => {
+            account.accessToken = body.access;
+            account.expiresAt = body.expires;
+            if (body.refresh) account.refreshToken = body.refresh;
+            account.consecutiveAuthFailures = 0;
+            account.isAuthDisabled = false;
+            account.authDisabledReason = void 0;
+          });
+          originalClient.auth.set(params).catch(() => {
+          });
+        }
+      },
+      tui: originalClient.tui,
+      app: originalClient.app
+    };
+  }
+};
+// src/index.ts
+var ClaudeMultiAuthPlugin = async (ctx) => {
+  const { client } = ctx;
+  await loadConfig();
+  const originalHooks = await AnthropicAuthPlugin2(ctx);
+  const originalAuth = originalHooks.auth;
+  const store = new AccountStore();
+  let manager = null;
+  let runtimeFactory = null;
+  let refreshQueue = null;
+  return {
+    "experimental.chat.system.transform": originalHooks["experimental.chat.system.transform"],
+    tool: {
+      [ANTHROPIC_OAUTH_ADAPTER.statusToolName]: tool({
+        description: "Show status of all multi-auth accounts including rate limits and usage.",
+        args: {},
+        async execute(_args, _context) {
+          if (!manager) {
+            return "Multi-auth not initialized. No OAuth accounts detected.";
+          }
+          const accounts = manager.getAccounts();
+          if (accounts.length === 0) {
+            return "No accounts configured. Run `opencode auth login` to add an account.";
+          }
+          const lines = [
+            `## ${ANTHROPIC_OAUTH_ADAPTER.modelDisplayName} Multi-Auth Status (${accounts.length} accounts)
+`
+          ];
+          for (const account of accounts) {
+            const isActive = account.uuid === manager.getActiveAccount()?.uuid;
+            const marker = isActive ? " **[ACTIVE]**" : "";
+            const label = getAccountLabel(account);
+            const usage = getUsageSummary(account);
+            const planLabel = getPlanLabel(account);
+            const planBadge = planLabel ? ` [${planLabel}]` : "";
+            const statusParts = [];
+            if (account.isAuthDisabled) statusParts.push(`AUTH DISABLED: ${account.authDisabledReason}`);
+            else if (!account.enabled) statusParts.push("disabled");
+            else statusParts.push("enabled");
+            if (account.rateLimitResetAt && account.rateLimitResetAt > Date.now()) {
+              const remaining = formatWaitTime(account.rateLimitResetAt - Date.now());
+              statusParts.push(`RATE LIMITED (resets in ${remaining})`);
+            }
+            lines.push(
+              `- **${label}**${planBadge}${marker}: ${statusParts.join(" | ")} | ${usage}`
+            );
+          }
+          return lines.join("\n");
+        }
+      })
+    },
+    auth: {
+      provider: ANTHROPIC_OAUTH_ADAPTER.authProviderId,
+      methods: [
+        {
+          label: ANTHROPIC_OAUTH_ADAPTER.authMethodLabel,
+          type: "oauth",
+          async authorize() {
+            const inputs = arguments.length > 0 ? arguments[0] : void 0;
+            return handleAuthorize(originalAuth, manager, inputs, client);
+          }
+        },
+        { type: "api", label: "Create an API Key" },
+        { type: "api", label: "Manually enter API Key" }
+      ],
+      async loader(getAuth, provider) {
+        const auth = await getAuth();
+        if (auth.type !== "oauth") {
+          return originalAuth.loader(getAuth, provider);
+        }
+        for (const model of Object.values(provider.models ?? {})) {
+          if (model) {
+            model.cost = { input: 0, output: 0, cache: { read: 0, write: 0 } };
+          }
+        }
+        const credentials = auth;
+        await migrateFromAuthJson("anthropic", store);
+        manager = await AccountManager.create(store, credentials, client);
+        runtimeFactory = new AccountRuntimeFactory(ctx, store, client, provider);
+        manager.setRuntimeFactory(runtimeFactory);
+        if (manager.getAccountCount() > 0) {
+          const activeLabel = manager.getActiveAccount() ? getAccountLabel(manager.getActiveAccount()) : "none";
+          void showToast(
+            client,
+            `Multi-Auth: ${manager.getAccountCount()} account(s) loaded. Active: ${activeLabel}`,
+            "info"
+          );
+          await manager.validateNonActiveTokens(client);
+          const disabledCount = manager.getAccounts().filter((a) => a.isAuthDisabled).length;
+          if (disabledCount > 0) {
+            void showToast(
+              client,
+              `${disabledCount} account(s) have auth failures.`,
+              "warning"
+            );
+          }
+          if (refreshQueue) {
+            await refreshQueue.stop();
+          }
+          refreshQueue = new ProactiveRefreshQueue(
+            client,
+            store,
+            (uuid) => runtimeFactory?.invalidate(uuid)
+          );
+          refreshQueue.start();
+        }
+        return {
+          apiKey: "",
+          async fetch(input, init) {
+            if (!manager || !runtimeFactory) {
+              return fetch(input, init);
+            }
+            if (manager.getAccountCount() === 0) {
+              throw new Error(
+                "No Anthropic accounts configured. Run `opencode auth login` to add an account."
+              );
+            }
+            return executeWithAccountRotation(manager, runtimeFactory, client, input, init);
+          }
+        };
+      }
+    }
+  };
+};
+export {
+  ClaudeMultiAuthPlugin
+};