opencode-codex-multi-account 0.2.7 → 0.2.9

package/dist/index.js

@@ -1,1860 +1,12 @@
 // src/index.ts
 import { tool } from "@opencode-ai/plugin";
+import { migrateFromAuthJson } from "opencode-multi-account-core";
 
-// ../multi-account-core/src/account-manager.ts
-import { randomUUID } from "node:crypto";
-
-// ../multi-account-core/src/claims.ts
-import { promises as fs2 } from "node:fs";
-import { randomBytes as randomBytes2 } from "node:crypto";
-import { dirname as dirname2, join as join3 } from "node:path";
-
-// ../multi-account-core/src/utils.ts
-import { join as join2 } from "node:path";
-import { homedir as homedir2 } from "node:os";
-
-// ../multi-account-core/src/config.ts
-import { promises as fs } from "node:fs";
-import { randomBytes } from "node:crypto";
-import { dirname, join } from "node:path";
-import { homedir } from "node:os";
-import * as v2 from "valibot";
-
-// ../multi-account-core/src/types.ts
-import * as v from "valibot";
-var OAuthCredentialsSchema = v.object({
-  type: v.literal("oauth"),
-  refresh: v.string(),
-  access: v.string(),
-  expires: v.number()
-});
-var UsageLimitEntrySchema = v.object({
-  utilization: v.number(),
-  resets_at: v.nullable(v.string())
-});
-var UsageLimitsSchema = v.object({
-  five_hour: v.optional(v.nullable(UsageLimitEntrySchema), null),
-  seven_day: v.optional(v.nullable(UsageLimitEntrySchema), null),
-  seven_day_sonnet: v.optional(v.nullable(UsageLimitEntrySchema), null)
-});
-var CredentialRefreshPatchSchema = v.object({
-  accessToken: v.string(),
-  expiresAt: v.number(),
-  refreshToken: v.optional(v.string()),
-  uuid: v.optional(v.string()),
-  accountId: v.optional(v.string()),
-  email: v.optional(v.string())
-});
-var StoredAccountSchema = v.object({
-  uuid: v.optional(v.string()),
-  accountId: v.optional(v.string()),
-  label: v.optional(v.string()),
-  email: v.optional(v.string()),
-  planTier: v.optional(v.string(), ""),
-  refreshToken: v.string(),
-  accessToken: v.optional(v.string()),
-  expiresAt: v.optional(v.number()),
-  addedAt: v.number(),
-  lastUsed: v.number(),
-  enabled: v.optional(v.boolean(), true),
-  rateLimitResetAt: v.optional(v.number()),
-  cachedUsage: v.optional(UsageLimitsSchema),
-  cachedUsageAt: v.optional(v.number()),
-  consecutiveAuthFailures: v.optional(v.number(), 0),
-  isAuthDisabled: v.optional(v.boolean(), false),
-  authDisabledReason: v.optional(v.string())
-});
-var AccountStorageSchema = v.object({
-  version: v.literal(1),
-  accounts: v.optional(v.array(StoredAccountSchema), []),
-  activeAccountUuid: v.optional(v.string())
-});
-var AccountSelectionStrategySchema = v.picklist(["sticky", "round-robin", "hybrid"]);
-var PluginConfigSchema = v.object({
-  account_selection_strategy: v.optional(AccountSelectionStrategySchema, "sticky"),
-  cross_process_claims: v.optional(v.boolean(), true),
-  soft_quota_threshold_percent: v.optional(v.pipe(v.number(), v.minValue(0), v.maxValue(100)), 100),
-  rate_limit_min_backoff_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 3e4),
-  default_retry_after_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 6e4),
-  max_consecutive_auth_failures: v.optional(v.pipe(v.number(), v.integer(), v.minValue(1)), 3),
-  token_failure_backoff_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 3e4),
-  proactive_refresh: v.optional(v.boolean(), true),
-  proactive_refresh_buffer_seconds: v.optional(v.pipe(v.number(), v.minValue(60)), 1800),
-  proactive_refresh_interval_seconds: v.optional(v.pipe(v.number(), v.minValue(30)), 300),
-  quiet_mode: v.optional(v.boolean(), false),
-  debug: v.optional(v.boolean(), false)
-});
-var TokenRefreshError = class _TokenRefreshError extends Error {
-  status;
-  permanent;
-  constructor(permanent, status) {
-    super(status === void 0 ? "Token refresh failed" : `Token refresh failed: ${status}`);
-    this.name = "TokenRefreshError";
-    this.status = status;
-    this.permanent = permanent;
-    Object.setPrototypeOf(this, _TokenRefreshError.prototype);
-  }
-};
-function isTokenRefreshError(error) {
-  if (error instanceof TokenRefreshError) return true;
-  if (!(error instanceof Error)) return false;
-  const candidate = error;
-  return candidate.name === "TokenRefreshError" && typeof candidate.permanent === "boolean" && (candidate.status === void 0 || typeof candidate.status === "number");
-}
-
-// ../multi-account-core/src/config.ts
-var DEFAULT_CONFIG_FILENAME = "multiauth-config.json";
-var DEFAULT_CONFIG = v2.parse(PluginConfigSchema, {});
-var configFilename = DEFAULT_CONFIG_FILENAME;
-var cachedConfig = null;
-var externalConfigGetter = null;
-function getConfigDir() {
-  return process.env.OPENCODE_CONFIG_DIR || join(process.env.XDG_CONFIG_HOME || join(homedir(), ".config"), "opencode");
-}
-function getConfigPath() {
-  return join(getConfigDir(), configFilename);
-}
-function parseConfig(raw) {
-  const result = v2.safeParse(PluginConfigSchema, raw);
-  return result.success ? result.output : DEFAULT_CONFIG;
-}
-function initCoreConfig(filename) {
-  configFilename = filename || DEFAULT_CONFIG_FILENAME;
-  cachedConfig = null;
-}
-async function loadConfig() {
-  if (cachedConfig) return cachedConfig;
-  const path = getConfigPath();
-  try {
-    const content = await fs.readFile(path, "utf-8");
-    cachedConfig = parseConfig(JSON.parse(content));
-  } catch {
-    cachedConfig = DEFAULT_CONFIG;
-  }
-  return cachedConfig;
-}
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
-  if (externalConfigGetter && externalConfigGetter !== getConfig) {
-    try {
-      return parseConfig(externalConfigGetter());
-    } catch {
-      return DEFAULT_CONFIG;
-    }
-  }
-  return DEFAULT_CONFIG;
-}
-function setConfigGetter(getter) {
-  if (getter === getConfig) {
-    return;
-  }
-  externalConfigGetter = getter;
-}
-async function updateConfigField(key, value) {
-  const path = getConfigPath();
-  let existing = {};
-  try {
-    const content2 = await fs.readFile(path, "utf-8");
-    existing = JSON.parse(content2);
-  } catch {
-  }
-  existing[key] = value;
-  await fs.mkdir(dirname(path), { recursive: true });
-  const content = `${JSON.stringify(existing, null, 2)}
-`;
-  const tempPath = `${path}.${randomBytes(8).toString("hex")}.tmp`;
-  try {
-    await fs.writeFile(tempPath, content, "utf-8");
-    await fs.rename(tempPath, path);
-  } catch (error) {
-    try {
-      await fs.unlink(tempPath);
-    } catch {
-    }
-    throw error;
-  }
-  cachedConfig = null;
-  await loadConfig();
-}
-
-// ../multi-account-core/src/utils.ts
-function getConfigDir2() {
-  return process.env.OPENCODE_CONFIG_DIR || join2(process.env.XDG_CONFIG_HOME || join2(homedir2(), ".config"), "opencode");
-}
-function getErrorCode(error) {
-  if (typeof error !== "object" || error === null || !("code" in error)) {
-    return void 0;
-  }
-  const code = error.code;
-  return typeof code === "string" ? code : void 0;
-}
-function formatWaitTime(ms) {
-  const totalSeconds = Math.ceil(ms / 1e3);
-  if (totalSeconds < 60) return `${totalSeconds}s`;
-  const days = Math.floor(totalSeconds / 86400);
-  const hours = Math.floor(totalSeconds % 86400 / 3600);
-  const minutes = Math.floor(totalSeconds % 3600 / 60);
-  const seconds = totalSeconds % 60;
-  const parts = [];
-  if (days > 0) parts.push(`${days}d`);
-  if (hours > 0) parts.push(`${hours}h`);
-  if (minutes > 0) parts.push(`${minutes}m`);
-  if (seconds > 0 && days === 0) parts.push(`${seconds}s`);
-  return parts.join(" ") || "0s";
-}
-function getAccountLabel(account) {
-  if (account.label) return account.label;
-  if (account.email) return account.email;
-  if (account.uuid) return `Account (${account.uuid.slice(0, 8)})`;
-  return `Account ${account.index + 1}`;
-}
-function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-async function showToast(client, message, variant) {
-  if (getConfig().quiet_mode) return;
-  try {
-    await client.tui.showToast({ body: { message, variant } });
-  } catch {
-  }
-}
-function debugLog(client, message, extra) {
-  if (!getConfig().debug) return;
-  client.app.log({
-    body: { service: "claude-multiauth", level: "debug", message, extra }
-  }).catch(() => {
-  });
-}
-function createMinimalClient() {
-  return {
-    auth: {
-      set: async () => {
-      }
-    },
-    tui: {
-      showToast: async () => {
-      }
-    },
-    app: {
-      log: async () => {
-      }
-    }
-  };
-}
-function getClearedOAuthBody() {
-  return {
-    type: "oauth",
-    refresh: "",
-    access: "",
-    expires: 0
-  };
-}
-
-// ../multi-account-core/src/claims.ts
-var CLAIMS_FILENAME = "multiauth-claims.json";
-var CLAIM_EXPIRY_MS = 6e4;
-function getClaimsPath() {
-  return join3(getConfigDir2(), CLAIMS_FILENAME);
-}
-function isClaimShape(value) {
-  if (!value || typeof value !== "object" || Array.isArray(value)) return false;
-  const claim = value;
-  return typeof claim.pid === "number" && Number.isInteger(claim.pid) && claim.pid > 0 && typeof claim.at === "number" && Number.isFinite(claim.at);
-}
-function parseClaims(raw) {
-  let parsed;
-  try {
-    parsed = JSON.parse(raw);
-  } catch {
-    return {};
-  }
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
-    return {};
-  }
-  const claims = {};
-  for (const [accountId, claim] of Object.entries(parsed)) {
-    if (isClaimShape(claim)) {
-      claims[accountId] = claim;
-    }
-  }
-  return claims;
-}
-function isProcessAlive(pid) {
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function cleanClaims(claims, now) {
-  const cleaned = {};
-  let changed = false;
-  for (const [accountId, claim] of Object.entries(claims)) {
-    const expiredByTime = now - claim.at > CLAIM_EXPIRY_MS;
-    const zombieClaim = !isProcessAlive(claim.pid);
-    if (expiredByTime || zombieClaim) {
-      changed = true;
-      continue;
-    }
-    cleaned[accountId] = claim;
-  }
-  return { cleaned, changed };
-}
-async function writeClaimsFile(claims) {
-  const path = getClaimsPath();
-  const tempPath = `${path}.${randomBytes2(6).toString("hex")}.tmp`;
-  await fs2.mkdir(dirname2(path), { recursive: true });
-  try {
-    await fs2.writeFile(tempPath, JSON.stringify(claims, null, 2), { encoding: "utf-8", mode: 384 });
-    await fs2.rename(tempPath, path);
-  } catch (error) {
-    try {
-      await fs2.unlink(tempPath);
-    } catch {
-    }
-    throw error;
-  }
-}
-async function readClaims() {
-  try {
-    const data = await fs2.readFile(getClaimsPath(), "utf-8");
-    const parsed = parseClaims(data);
-    const now = Date.now();
-    const { cleaned, changed } = cleanClaims(parsed, now);
-    if (changed) {
-      try {
-        await writeClaimsFile(cleaned);
-      } catch {
-      }
-    }
-    return cleaned;
-  } catch {
-    return {};
-  }
-}
-async function writeClaim(accountId) {
-  const now = Date.now();
-  const claims = await readClaims();
-  const { cleaned } = cleanClaims(claims, now);
-  cleaned[accountId] = { pid: process.pid, at: now };
-  try {
-    await writeClaimsFile(cleaned);
-  } catch {
-  }
-}
-function isClaimedByOther(claims, accountId) {
-  if (!accountId) return false;
-  const claim = claims[accountId];
-  if (!claim) return false;
-  if (Date.now() - claim.at > CLAIM_EXPIRY_MS) return false;
-  if (!isProcessAlive(claim.pid)) return false;
-  return claim.pid !== process.pid;
-}
-
-// ../multi-account-core/src/account-manager.ts
-var STARTUP_REFRESH_CONCURRENCY = 3;
-var RECENT_429_COOLDOWN_MS = 3e4;
-var HYBRID_SWITCH_MARGIN = 40;
-function createAccountManagerForProvider(dependencies) {
-  const {
-    providerAuthId,
-    isTokenExpired: isTokenExpired2,
-    refreshToken: refreshToken2
-  } = dependencies;
-  return class AccountManager2 {
-    constructor(store) {
-      this.store = store;
-    }
-    cached = [];
-    activeAccountUuid;
-    client = null;
-    runtimeFactory = null;
-    roundRobinCursor = 0;
-    last429Map = /* @__PURE__ */ new Map();
-    static async create(store, currentAuth, client) {
-      const manager = new AccountManager2(store);
-      await manager.initialize(currentAuth, client);
-      return manager;
-    }
-    async initialize(currentAuth, client) {
-      if (client) this.client = client;
-      const storage = await this.store.load();
-      if (storage.accounts.length > 0) {
-        this.cached = storage.accounts.map((account, index) => this.toManagedAccount(account, index));
-        this.activeAccountUuid = storage.activeAccountUuid;
-        if (!this.getActiveAccount() && this.cached.length > 0) {
-          this.activeAccountUuid = this.cached[0].uuid;
-        }
-        return;
-      }
-      if (currentAuth.refresh) {
-        const newAccount = this.createNewAccount(currentAuth, Date.now());
-        await this.store.addAccount(newAccount);
-        await this.store.setActiveUuid(newAccount.uuid);
-        this.cached = [this.toManagedAccount(newAccount, 0)];
-        this.activeAccountUuid = newAccount.uuid;
-      }
-    }
-    async refresh() {
-      const storage = await this.store.load();
-      this.cached = storage.accounts.map((account, index) => this.toManagedAccount(account, index));
-      if (storage.activeAccountUuid) {
-        this.activeAccountUuid = storage.activeAccountUuid;
-      }
-    }
-    toManagedAccount(storedAccount, index) {
-      return {
-        index,
-        uuid: storedAccount.uuid,
-        accountId: storedAccount.accountId,
-        label: storedAccount.label,
-        email: storedAccount.email,
-        planTier: storedAccount.planTier,
-        refreshToken: storedAccount.refreshToken,
-        accessToken: storedAccount.accessToken,
-        expiresAt: storedAccount.expiresAt,
-        addedAt: storedAccount.addedAt,
-        lastUsed: storedAccount.lastUsed,
-        enabled: storedAccount.enabled,
-        rateLimitResetAt: storedAccount.rateLimitResetAt,
-        cachedUsage: storedAccount.cachedUsage,
-        cachedUsageAt: storedAccount.cachedUsageAt,
-        consecutiveAuthFailures: storedAccount.consecutiveAuthFailures,
-        isAuthDisabled: storedAccount.isAuthDisabled,
-        authDisabledReason: storedAccount.authDisabledReason,
-        last429At: storedAccount.uuid ? this.last429Map.get(storedAccount.uuid) : void 0
-      };
-    }
-    createNewAccount(auth, now) {
-      return {
-        uuid: randomUUID(),
-        refreshToken: auth.refresh,
-        accessToken: auth.access,
-        expiresAt: auth.expires,
-        addedAt: now,
-        lastUsed: now,
-        enabled: true,
-        planTier: "",
-        consecutiveAuthFailures: 0,
-        isAuthDisabled: false
-      };
-    }
-    getAccountCount() {
-      return this.getEligibleAccounts().length;
-    }
-    getAccounts() {
-      return [...this.cached];
-    }
-    getActiveAccount() {
-      if (this.activeAccountUuid) {
-        return this.cached.find((account) => account.uuid === this.activeAccountUuid) ?? null;
-      }
-      return this.cached[0] ?? null;
-    }
-    setClient(client) {
-      this.client = client;
-    }
-    setRuntimeFactory(factory) {
-      this.runtimeFactory = factory;
-    }
-    getEligibleAccounts() {
-      return this.cached.filter((account) => account.uuid && account.enabled && !account.isAuthDisabled);
-    }
-    exceedsSoftQuota(account) {
-      const threshold = getConfig().soft_quota_threshold_percent;
-      if (threshold >= 100) return false;
-      const usage = account.cachedUsage;
-      if (!usage) return false;
-      const tiers = [usage.five_hour, usage.seven_day];
-      return tiers.some((tier) => tier != null && tier.utilization >= threshold);
-    }
-    hasAnyUsableAccount() {
-      return this.getEligibleAccounts().length > 0;
-    }
-    isRateLimited(account) {
-      if (account.rateLimitResetAt && Date.now() < account.rateLimitResetAt) {
-        return true;
-      }
-      return this.isUsageExhausted(account);
-    }
-    isUsageExhausted(account) {
-      const usage = account.cachedUsage;
-      if (!usage) return false;
-      const now = Date.now();
-      const tiers = [usage.five_hour, usage.seven_day];
-      return tiers.some(
-        (tier) => tier != null && tier.utilization >= 100 && tier.resets_at != null && Date.parse(tier.resets_at) > now
-      );
-    }
-    clearExpiredRateLimits() {
-      const now = Date.now();
-      for (const account of this.cached) {
-        if (account.rateLimitResetAt && now >= account.rateLimitResetAt) {
-          account.rateLimitResetAt = void 0;
-        }
-      }
-    }
-    getMinWaitTime() {
-      const eligible = this.getEligibleAccounts();
-      const available = eligible.filter((account) => !this.isRateLimited(account));
-      if (available.length > 0) return 0;
-      const now = Date.now();
-      const waits = [];
-      for (const account of eligible) {
-        if (account.rateLimitResetAt) {
-          const ms = account.rateLimitResetAt - now;
-          if (ms > 0) waits.push(ms);
-        }
-        const usageResetMs = this.getUsageResetMs(account);
-        if (usageResetMs !== null && usageResetMs > 0) {
-          waits.push(usageResetMs);
-        }
-      }
-      return waits.length > 0 ? Math.min(...waits) : 0;
-    }
-    getUsageResetMs(account) {
-      const usage = account.cachedUsage;
-      if (!usage) return null;
-      const now = Date.now();
-      const candidates = [];
-      const tiers = [usage.five_hour, usage.seven_day];
-      for (const tier of tiers) {
-        if (tier != null && tier.utilization >= 100 && tier.resets_at != null) {
-          const ms = Date.parse(tier.resets_at) - now;
-          if (ms > 0) candidates.push(ms);
-        }
-      }
-      return candidates.length > 0 ? Math.min(...candidates) : null;
-    }
-    async selectAccount() {
-      await this.refresh();
-      this.clearExpiredRateLimits();
-      const eligible = this.getEligibleAccounts();
-      if (eligible.length === 0) return null;
-      const config = getConfig();
-      const claims = config.cross_process_claims ? await readClaims() : {};
-      const strategy = config.account_selection_strategy;
-      let selected;
-      switch (strategy) {
-        case "round-robin":
-          selected = this.selectRoundRobin(eligible, claims);
-          break;
-        case "hybrid":
-          selected = this.selectHybrid(eligible, claims);
-          break;
-        case "sticky":
-        default:
-          selected = this.selectSticky(eligible, claims);
-          break;
-      }
-      if (selected?.uuid) {
-        this.activeAccountUuid = selected.uuid;
-        this.store.setActiveUuid(selected.uuid).catch(() => {
-        });
-      }
-      if (config.cross_process_claims && selected?.uuid) {
-        writeClaim(selected.uuid).catch(() => {
-        });
-      }
-      return selected;
-    }
-    isUsable(account) {
-      return !this.isRateLimited(account) && !this.isInRecentCooldown(account) && !this.exceedsSoftQuota(account);
-    }
-    isInRecentCooldown(account) {
-      if (!account.last429At) return false;
-      return Date.now() - account.last429At < RECENT_429_COOLDOWN_MS;
-    }
-    fallbackNotRateLimited(eligible) {
-      const account = eligible.find((candidate) => !this.isRateLimited(candidate));
-      if (account) {
-        this.activateAccount(account);
-        return account;
-      }
-      return null;
-    }
-    selectSticky(eligible, claims) {
-      const current = this.getActiveAccount();
-      if (current?.enabled && !current.isAuthDisabled && this.isUsable(current)) {
-        this.activateAccount(current);
-        return current;
-      }
-      const unclaimed = eligible.find(
-        (account) => this.isUsable(account) && !isClaimedByOther(claims, account.uuid)
-      );
-      if (unclaimed) {
-        this.activateAccount(unclaimed);
-        return unclaimed;
-      }
-      const available = eligible.find((account) => this.isUsable(account));
-      if (available) {
-        this.activateAccount(available);
-        return available;
-      }
-      return this.fallbackNotRateLimited(eligible);
-    }
-    selectRoundRobin(eligible, claims) {
-      for (let i = 0; i < eligible.length; i++) {
-        const index = (this.roundRobinCursor + i) % eligible.length;
-        const account = eligible[index];
-        if (this.isUsable(account) && !isClaimedByOther(claims, account.uuid)) {
-          this.roundRobinCursor = (index + 1) % eligible.length;
-          this.activateAccount(account);
-          return account;
-        }
-      }
-      for (let i = 0; i < eligible.length; i++) {
-        const index = (this.roundRobinCursor + i) % eligible.length;
-        const account = eligible[index];
-        if (this.isUsable(account)) {
-          this.roundRobinCursor = (index + 1) % eligible.length;
-          this.activateAccount(account);
-          return account;
-        }
-      }
-      return this.fallbackNotRateLimited(eligible);
-    }
-    selectHybrid(eligible, claims) {
-      const usable = eligible.filter((account) => this.isUsable(account));
-      const pool = usable.length > 0 ? usable : eligible.filter((account) => !this.isRateLimited(account));
-      if (pool.length === 0) return null;
-      const activeUuid = this.activeAccountUuid;
-      let best = pool[0];
-      let bestScore = this.calculateHybridScore(best, best.uuid === activeUuid, claims);
-      for (let i = 1; i < pool.length; i++) {
-        const account = pool[i];
-        const score = this.calculateHybridScore(account, account.uuid === activeUuid, claims);
-        if (score > bestScore) {
-          best = account;
-          bestScore = score;
-        }
-      }
-      const current = pool.find((account) => account.uuid === activeUuid);
-      if (current && current !== best) {
-        const currentScore = this.calculateHybridScore(current, true, claims);
-        const bestWithoutStickiness = this.calculateHybridScore(best, false, claims);
-        if (bestWithoutStickiness <= currentScore + HYBRID_SWITCH_MARGIN) {
-          this.activateAccount(current);
-          return current;
-        }
-      }
-      this.activateAccount(best);
-      return best;
-    }
-    calculateHybridScore(account, isActive, claims) {
-      const maxUtilization = Math.min(100, Math.max(0, this.getMaxUtilization(account)));
-      const usageScore = (100 - maxUtilization) / 100 * 450;
-      const maxFailures = Math.max(1, getConfig().max_consecutive_auth_failures);
-      const healthScore = Math.max(0, (maxFailures - account.consecutiveAuthFailures) / maxFailures * 250);
-      const secondsSinceUsed = (Date.now() - account.lastUsed) / 1e3;
-      const freshnessScore = Math.min(secondsSinceUsed, 900) / 900 * 60;
-      const stickinessBonus = isActive ? 120 : 0;
-      const claimPenalty = isClaimedByOther(claims, account.uuid) ? -200 : 0;
-      return usageScore + healthScore + freshnessScore + stickinessBonus + claimPenalty;
-    }
-    getMaxUtilization(account) {
-      const usage = account.cachedUsage;
-      if (!usage) return 65;
-      const tiers = [usage.five_hour, usage.seven_day];
-      const utilizations = tiers.filter((tier) => tier != null).map((tier) => tier.utilization);
-      return utilizations.length > 0 ? Math.max(...utilizations) : 65;
-    }
-    activateAccount(account) {
-      this.activeAccountUuid = account.uuid;
-      account.lastUsed = Date.now();
-    }
-    async markRateLimited(uuid, backoffMs) {
-      const effectiveBackoff = backoffMs ?? getConfig().rate_limit_min_backoff_ms;
-      this.last429Map.set(uuid, Date.now());
-      await this.store.mutateAccount(uuid, (account) => {
-        account.rateLimitResetAt = Date.now() + effectiveBackoff;
-      });
-    }
-    async markRevoked(uuid) {
-      await this.removeAccountByUuid(uuid);
-    }
-    async markSuccess(uuid) {
-      this.last429Map.delete(uuid);
-      await this.store.mutateAccount(uuid, (account) => {
-        account.rateLimitResetAt = void 0;
-        account.consecutiveAuthFailures = 0;
-        account.lastUsed = Date.now();
-      });
-    }
-    syncToOpenCode(account) {
-      if (!this.client || !account.accessToken || !account.expiresAt) return;
-      this.client.auth.set({
-        path: { id: providerAuthId },
-        body: {
-          type: "oauth",
-          refresh: account.refreshToken,
-          access: account.accessToken,
-          expires: account.expiresAt
-        }
-      }).catch(() => {
-      });
-    }
-    async clearOpenCodeAuthIfNoAccountsRemain() {
-      if (!this.client) return;
-      const storage = await this.store.load();
-      if (storage.accounts.length > 0) return;
-      await this.client.auth.set({
-        path: { id: providerAuthId },
-        body: getClearedOAuthBody()
-      }).catch(() => {
-      });
-    }
-    async removeAccountByUuid(uuid) {
-      const removed = await this.store.removeAccount(uuid);
-      if (!removed) return;
-      this.last429Map.delete(uuid);
-      this.runtimeFactory?.invalidate(uuid);
-      await this.refresh();
-      await this.clearOpenCodeAuthIfNoAccountsRemain();
-    }
-    async markAuthFailure(uuid, result) {
-      if (!result.ok && result.permanent) {
-        await this.removeAccountByUuid(uuid);
-        return;
-      }
-      await this.store.mutateStorage((storage) => {
-        const account = storage.accounts.find((entry) => entry.uuid === uuid);
-        if (!account) return;
-        account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
-        const maxFailures = getConfig().max_consecutive_auth_failures;
-        const usableCount = storage.accounts.filter(
-          (entry) => entry.enabled && !entry.isAuthDisabled && entry.uuid !== uuid
-        ).length;
-        if (account.consecutiveAuthFailures >= maxFailures && usableCount > 0) {
-          account.isAuthDisabled = true;
-          account.authDisabledReason = `${maxFailures} consecutive auth failures`;
-        }
-      });
-    }
-    async applyUsageCache(uuid, usage) {
-      await this.store.mutateAccount(uuid, (account) => {
-        const now = Date.now();
-        const exhaustedTierResetTimes = [usage.five_hour, usage.seven_day].flatMap((tier) => {
-          if (tier == null || tier.utilization < 100 || tier.resets_at == null) {
-            return [];
-          }
-          return [Date.parse(tier.resets_at)];
-        }).filter((resetAt) => Number.isFinite(resetAt) && resetAt > now);
-        account.cachedUsage = usage;
-        account.cachedUsageAt = Date.now();
-        account.rateLimitResetAt = exhaustedTierResetTimes.length > 0 ? Math.min(...exhaustedTierResetTimes) : void 0;
-      });
-    }
-    async applyProfileCache(uuid, profile) {
-      await this.store.mutateAccount(uuid, (account) => {
-        account.email = profile.email ?? account.email;
-        account.planTier = profile.planTier;
-      });
-    }
-    async ensureValidToken(uuid, client) {
-      const credentials = await this.store.readCredentials(uuid);
-      if (!credentials) return { ok: false, permanent: true };
-      if (credentials.accessToken && credentials.expiresAt && !isTokenExpired2(credentials)) {
-        return {
-          ok: true,
-          patch: { accessToken: credentials.accessToken, expiresAt: credentials.expiresAt }
-        };
-      }
-      const result = await refreshToken2(credentials.refreshToken, uuid, client);
-      if (!result.ok) return result;
-      const updated = await this.store.mutateAccount(uuid, (account) => {
-        account.accessToken = result.patch.accessToken;
-        account.expiresAt = result.patch.expiresAt;
-        if (result.patch.refreshToken) account.refreshToken = result.patch.refreshToken;
-        if (result.patch.uuid && result.patch.uuid !== uuid) account.uuid = result.patch.uuid;
-        if (result.patch.accountId) account.accountId = result.patch.accountId;
-        if (result.patch.email) account.email = result.patch.email;
-        account.consecutiveAuthFailures = 0;
-        account.isAuthDisabled = false;
-        account.authDisabledReason = void 0;
-      });
-      if (result.patch.uuid && result.patch.uuid !== uuid && this.activeAccountUuid === uuid) {
-        this.activeAccountUuid = result.patch.uuid;
-        this.store.setActiveUuid(result.patch.uuid).catch(() => {
-        });
-      }
-      if (updated && (uuid === this.activeAccountUuid || updated.uuid === this.activeAccountUuid)) {
-        this.syncToOpenCode(updated);
-      }
-      return result;
-    }
-    async validateNonActiveTokens(client) {
-      await this.refresh();
-      const activeUuid = this.activeAccountUuid;
-      const eligible = this.cached.filter(
-        (account) => account.enabled && !account.isAuthDisabled && account.uuid && account.uuid !== activeUuid
-      );
-      for (let i = 0; i < eligible.length; i += STARTUP_REFRESH_CONCURRENCY) {
-        const batch = eligible.slice(i, i + STARTUP_REFRESH_CONCURRENCY);
-        await Promise.all(
-          batch.map(async (account) => {
-            if (!account.uuid || !isTokenExpired2(account)) return;
-            const result = await this.ensureValidToken(account.uuid, client);
-            if (!result.ok) {
-              await this.markAuthFailure(account.uuid, result);
-            }
-          })
-        );
-      }
-    }
-    async removeAccount(index) {
-      const account = this.cached[index];
-      if (!account?.uuid) return false;
-      const removed = await this.store.removeAccount(account.uuid);
-      if (removed) {
-        await this.refresh();
-      }
-      return removed;
-    }
-    async clearAllAccounts() {
-      await this.store.clear();
-      this.cached = [];
-      this.activeAccountUuid = void 0;
-    }
-    async addAccount(auth, email) {
-      if (!auth.refresh) return;
-      const existingByToken = this.cached.find((account) => account.refreshToken === auth.refresh);
-      if (existingByToken) return;
-      if (email) {
-        const existingByEmail = this.cached.find(
-          (account) => account.email && account.email === email
-        );
-        if (existingByEmail?.uuid) {
-          await this.replaceAccountCredentials(existingByEmail.uuid, auth);
-          return;
-        }
-      }
-      const newAccount = this.createNewAccount(auth, Date.now());
-      if (email) newAccount.email = email;
-      await this.store.addAccount(newAccount);
-      this.activeAccountUuid = newAccount.uuid;
-      await this.store.setActiveUuid(newAccount.uuid);
-      await this.refresh();
-    }
-    async toggleEnabled(uuid) {
-      await this.store.mutateAccount(uuid, (account) => {
-        account.enabled = !(account.enabled ?? true);
-        if (account.enabled) {
-          account.isAuthDisabled = false;
-          account.authDisabledReason = void 0;
-          account.consecutiveAuthFailures = 0;
-        }
-      });
-    }
-    async replaceAccountCredentials(uuid, auth) {
-      const updated = await this.store.mutateAccount(uuid, (account) => {
-        account.refreshToken = auth.refresh;
-        account.accessToken = auth.access;
-        account.expiresAt = auth.expires;
-        account.lastUsed = Date.now();
-        account.enabled = true;
-        account.isAuthDisabled = false;
-        account.authDisabledReason = void 0;
-        account.consecutiveAuthFailures = 0;
-        account.rateLimitResetAt = void 0;
-      });
-      this.runtimeFactory?.invalidate(uuid);
-      if (updated && uuid === this.activeAccountUuid) {
-        this.syncToOpenCode(updated);
-      }
-    }
-    async retryAuth(uuid, client) {
-      await this.store.mutateAccount(uuid, (account) => {
-        account.consecutiveAuthFailures = 0;
-        account.isAuthDisabled = false;
-        account.authDisabledReason = void 0;
-      });
-      this.runtimeFactory?.invalidate(uuid);
-      const credentials = await this.store.readCredentials(uuid);
-      if (!credentials) return { ok: false, permanent: true };
-      const result = await refreshToken2(credentials.refreshToken, uuid, client);
-      if (result.ok) {
-        const updated = await this.store.mutateAccount(uuid, (account) => {
-          account.accessToken = result.patch.accessToken;
-          account.expiresAt = result.patch.expiresAt;
-          if (result.patch.refreshToken) account.refreshToken = result.patch.refreshToken;
-          if (result.patch.uuid) account.uuid = result.patch.uuid;
-          if (result.patch.accountId) account.accountId = result.patch.accountId;
-          if (result.patch.email) account.email = result.patch.email;
-          account.enabled = true;
-          account.consecutiveAuthFailures = 0;
-        });
-        this.runtimeFactory?.invalidate(uuid);
-        if (result.patch.uuid) {
-          this.runtimeFactory?.invalidate(result.patch.uuid);
-        }
-        const nextUuid = result.patch.uuid ?? uuid;
-        if (this.activeAccountUuid === uuid && result.patch.uuid && result.patch.uuid !== uuid) {
-          this.activeAccountUuid = result.patch.uuid;
-          await this.store.setActiveUuid(result.patch.uuid);
-        }
-        if (updated && (uuid === this.activeAccountUuid || nextUuid === this.activeAccountUuid)) {
-          const freshCredentials = await this.store.readCredentials(nextUuid);
-          if (freshCredentials) {
-            this.syncToOpenCode({
-              refreshToken: freshCredentials.refreshToken,
-              accessToken: freshCredentials.accessToken,
-              expiresAt: freshCredentials.expiresAt
-            });
-          }
-        }
-      } else {
-        await this.markAuthFailure(uuid, result);
-        this.runtimeFactory?.invalidate(uuid);
-      }
-      return result;
-    }
-  };
-}
-
-// ../multi-account-core/src/account-store.ts
-import { promises as fs4 } from "node:fs";
-import { randomBytes as randomBytes3 } from "node:crypto";
-import { dirname as dirname4, join as join5 } from "node:path";
-import lockfile from "proper-lockfile";
-import * as v4 from "valibot";
-
-// ../multi-account-core/src/storage.ts
-import { promises as fs3 } from "node:fs";
-import { dirname as dirname3, join as join4 } from "node:path";
-import * as v3 from "valibot";
-
-// ../multi-account-core/src/constants.ts
-var DEFAULT_ACCOUNTS_FILENAME = "multiauth-accounts.json";
-var ACCOUNTS_FILENAME = DEFAULT_ACCOUNTS_FILENAME;
-function setAccountsFilename(filename) {
-  if (!filename) {
-    ACCOUNTS_FILENAME = DEFAULT_ACCOUNTS_FILENAME;
-    return;
-  }
-  ACCOUNTS_FILENAME = filename;
-}
-
-// ../multi-account-core/src/storage.ts
-function getStoragePath() {
-  return join4(getConfigDir2(), ACCOUNTS_FILENAME);
-}
-async function backupCorruptFile(targetPath, content) {
-  const backupPath = `${targetPath}.corrupt.${Date.now()}.bak`;
-  await fs3.mkdir(dirname3(backupPath), { recursive: true });
-  await fs3.writeFile(backupPath, content, "utf-8");
-}
-async function readStorageFromDisk(targetPath, backupOnCorrupt) {
-  let content;
-  try {
-    content = await fs3.readFile(targetPath, "utf-8");
-  } catch (error) {
-    if (getErrorCode(error) === "ENOENT") {
-      return null;
-    }
-    throw error;
-  }
-  let parsed;
-  try {
-    parsed = JSON.parse(content);
-  } catch {
-    if (backupOnCorrupt) {
-      try {
-        await backupCorruptFile(targetPath, content);
-      } catch {
-      }
-    }
-    return null;
-  }
-  const validation = v3.safeParse(AccountStorageSchema, parsed);
-  if (!validation.success) {
-    if (backupOnCorrupt) {
-      try {
-        await backupCorruptFile(targetPath, content);
-      } catch {
-      }
-    }
-    return null;
-  }
-  return validation.output;
-}
-function deduplicateAccounts(accounts) {
-  const deduplicated = [];
-  const indexByUuid = /* @__PURE__ */ new Map();
-  for (const account of accounts) {
-    if (!account.uuid) {
-      deduplicated.push(account);
-      continue;
-    }
-    const existingIndex = indexByUuid.get(account.uuid);
-    if (existingIndex === void 0) {
-      indexByUuid.set(account.uuid, deduplicated.length);
-      deduplicated.push(account);
-      continue;
-    }
-    const existingAccount = deduplicated[existingIndex];
-    if (!existingAccount || account.lastUsed >= existingAccount.lastUsed) {
-      deduplicated[existingIndex] = account;
-    }
-  }
-  return deduplicated;
-}
-async function loadAccounts() {
-  const storagePath = getStoragePath();
-  const storage = await readStorageFromDisk(storagePath, true);
-  if (!storage) {
-    return null;
-  }
-  return {
-    ...storage,
-    accounts: deduplicateAccounts(storage.accounts || [])
-  };
-}
-
-// ../multi-account-core/src/account-store.ts
-var FILE_MODE = 384;
-var LOCK_OPTIONS = {
-  stale: 1e4,
-  retries: { retries: 10, minTimeout: 50, maxTimeout: 2e3, factor: 2 }
-};
-function getStoragePath2() {
-  return join5(getConfigDir2(), ACCOUNTS_FILENAME);
-}
-function createEmptyStorage() {
-  return { version: 1, accounts: [] };
-}
-function buildTempPath(targetPath) {
-  return `${targetPath}.${randomBytes3(8).toString("hex")}.tmp`;
-}
-async function writeAtomicText(targetPath, content) {
-  await fs4.mkdir(dirname4(targetPath), { recursive: true });
-  const tempPath = buildTempPath(targetPath);
-  try {
-    await fs4.writeFile(tempPath, content, { encoding: "utf-8", mode: FILE_MODE });
-    await fs4.chmod(tempPath, FILE_MODE);
-    await fs4.rename(tempPath, targetPath);
-    await fs4.chmod(targetPath, FILE_MODE);
-  } catch (error) {
-    try {
-      await fs4.unlink(tempPath);
-    } catch {
-    }
-    throw error;
-  }
-}
-async function writeStorageAtomic(targetPath, storage) {
-  const validation = v4.safeParse(AccountStorageSchema, storage);
-  if (!validation.success) {
-    throw new Error("Invalid account storage payload");
-  }
-  await writeAtomicText(targetPath, `${JSON.stringify(validation.output, null, 2)}
-`);
-}
-async function ensureStorageFileExists(targetPath) {
-  await fs4.mkdir(dirname4(targetPath), { recursive: true });
-  const emptyContent = `${JSON.stringify(createEmptyStorage(), null, 2)}
-`;
-  try {
-    await fs4.writeFile(targetPath, emptyContent, { flag: "wx", mode: FILE_MODE });
-  } catch (error) {
-    if (getErrorCode(error) !== "EEXIST") throw error;
-  }
-}
-async function withFileLock(fn) {
-  const storagePath = getStoragePath2();
-  await ensureStorageFileExists(storagePath);
-  let release = null;
-  try {
-    release = await lockfile.lock(storagePath, LOCK_OPTIONS);
-    return await fn(storagePath);
-  } finally {
-    if (release) {
-      try {
-        await release();
-      } catch {
-      }
-    }
-  }
-}
-var AccountStore = class {
-  async load() {
-    const storage = await loadAccounts();
-    return storage ?? createEmptyStorage();
-  }
-  async readCredentials(uuid) {
-    const storagePath = getStoragePath2();
-    const storage = await readStorageFromDisk(storagePath, false);
-    if (!storage) return null;
-    const account = storage.accounts.find((a) => a.uuid === uuid);
-    if (!account) return null;
-    return {
-      refreshToken: account.refreshToken,
-      accessToken: account.accessToken,
-      expiresAt: account.expiresAt,
-      accountId: account.accountId
-    };
-  }
-  async mutateAccount(uuid, fn) {
-    return await withFileLock(async (storagePath) => {
-      const current = await readStorageFromDisk(storagePath, false);
-      if (!current) return null;
-      const account = current.accounts.find((a) => a.uuid === uuid);
-      if (!account) return null;
-      fn(account);
-      await writeStorageAtomic(storagePath, current);
-      return { ...account };
-    });
-  }
-  async mutateStorage(fn) {
-    await withFileLock(async (storagePath) => {
-      const current = await readStorageFromDisk(storagePath, false) ?? createEmptyStorage();
-      fn(current);
-      await writeStorageAtomic(storagePath, current);
-    });
-  }
-  async addAccount(account) {
-    await withFileLock(async (storagePath) => {
-      const current = await readStorageFromDisk(storagePath, false) ?? createEmptyStorage();
-      const exists = current.accounts.some(
-        (a) => a.uuid === account.uuid || a.refreshToken === account.refreshToken
-      );
-      if (exists) return;
-      current.accounts.push(account);
-      await writeStorageAtomic(storagePath, current);
-    });
-  }
-  async removeAccount(uuid) {
-    return await withFileLock(async (storagePath) => {
-      const current = await readStorageFromDisk(storagePath, false);
-      if (!current) return false;
-      const initialLength = current.accounts.length;
-      current.accounts = current.accounts.filter((a) => a.uuid !== uuid);
-      if (current.accounts.length === initialLength) return false;
-      if (current.activeAccountUuid === uuid) {
-        current.activeAccountUuid = current.accounts[0]?.uuid;
-      }
-      await writeStorageAtomic(storagePath, current);
-      return true;
-    });
-  }
-  async setActiveUuid(uuid) {
-    await this.mutateStorage((storage) => {
-      storage.activeAccountUuid = uuid;
-    });
-  }
-  async clear() {
-    await withFileLock(async (storagePath) => {
-      await writeStorageAtomic(storagePath, createEmptyStorage());
-    });
-  }
-};
-
-// ../multi-account-core/src/executor.ts
-var MIN_MAX_RETRIES = 6;
-var RETRIES_PER_ACCOUNT = 3;
-var MAX_SERVER_RETRIES_PER_ATTEMPT = 2;
-var MAX_RESOLVE_ATTEMPTS = 10;
-var SERVER_RETRY_BASE_MS = 1e3;
-var SERVER_RETRY_MAX_MS = 4e3;
-function isAbortError(error) {
-  return error instanceof Error && error.name === "AbortError";
-}
-function createExecutorForProvider(providerName, dependencies) {
-  const {
-    handleRateLimitResponse: handleRateLimitResponse2,
-    formatWaitTime: formatWaitTime2,
-    sleep: sleep2,
-    showToast: showToast2,
-    getAccountLabel: getAccountLabel2
-  } = dependencies;
-  async function executeWithAccountRotation2(manager, runtimeFactory, client, input, init) {
-    const maxRetries = Math.max(MIN_MAX_RETRIES, manager.getAccountCount() * RETRIES_PER_ACCOUNT);
-    let previousAccountUuid;
-    async function retryServerErrors(account, runtime) {
-      for (let attempt = 0; attempt < MAX_SERVER_RETRIES_PER_ATTEMPT; attempt++) {
-        const backoff = Math.min(SERVER_RETRY_BASE_MS * 2 ** attempt, SERVER_RETRY_MAX_MS);
-        const jitteredBackoff = backoff * (0.5 + Math.random() * 0.5);
-        await sleep2(jitteredBackoff);
-        let retryResponse;
-        try {
-          retryResponse = await runtime.fetch(input, init);
-        } catch (error) {
-          if (isAbortError(error)) throw error;
-          if (await handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error)) {
-            return null;
-          }
-          void showToast2(client, `${getAccountLabel2(account)} network error \u2014 switching`, "warning");
-          return null;
-        }
-        if (retryResponse.status < 500) return retryResponse;
-      }
-      return null;
-    }
-    const dispatchResponseStatus = async (account, accountUuid, runtime, response, allow401Retry, from401RefreshRetry) => {
-      if (response.status >= 500) {
-        const recovered = await retryServerErrors(account, runtime);
-        if (recovered === null) {
-          return { type: "retryOuter" };
-        }
-        response = recovered;
-      }
-      if (response.status === 401) {
-        if (allow401Retry) {
-          runtimeFactory.invalidate(accountUuid);
-          try {
-            const retryRuntime = await runtimeFactory.getRuntime(accountUuid);
-            const retryResponse = await retryRuntime.fetch(input, init);
-            return dispatchResponseStatus(account, accountUuid, retryRuntime, retryResponse, false, true);
-          } catch (error) {
-            if (isAbortError(error)) throw error;
-            if (await handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error)) {
-              return { type: "retryOuter" };
-            }
-            return { type: "retryOuter" };
-          }
-        }
-        await manager.markAuthFailure(accountUuid, { ok: false, permanent: false });
-        await manager.refresh();
-        if (!manager.hasAnyUsableAccount()) {
-          void showToast2(client, "All accounts have auth failures.", "error");
-          throw new Error(
-            `All ${providerName} accounts have authentication failures. Re-authenticate with \`opencode auth login\`.`
-          );
-        }
-        void showToast2(client, `${getAccountLabel2(account)} auth failed \u2014 switching to next account.`, "warning");
-        return { type: "retryOuter" };
-      }
-      if (response.status === 403) {
-        const revoked = await isRevokedTokenResponse(response);
-        if (revoked) {
-          await manager.markRevoked(accountUuid);
-          await manager.refresh();
-          void showToast2(
-            client,
-            `${getAccountLabel2(account)} disabled: OAuth token revoked.`,
-            "error"
-          );
-          if (!manager.hasAnyUsableAccount()) {
-            throw new Error(
-              `All ${providerName} accounts have been revoked or disabled. Re-authenticate with \`opencode auth login\`.`
-            );
-          }
-          return { type: "retryOuter" };
-        }
-        if (from401RefreshRetry) {
-          return { type: "handled", response };
-        }
-      }
-      if (response.status === 429) {
-        await handleRateLimitResponse2(manager, client, account, response);
-        return { type: "handled" };
-      }
-      return { type: "success", response };
-    };
-    for (let retries = 1; retries <= maxRetries; retries++) {
-      await manager.refresh();
-      const account = await resolveAccount(manager, client);
-      const accountUuid = account.uuid;
-      if (!accountUuid) continue;
-      if (previousAccountUuid && accountUuid !== previousAccountUuid && manager.getAccountCount() > 1) {
-        void showToast2(client, `Switched to ${getAccountLabel2(account)}`, "info");
-      }
-      previousAccountUuid = accountUuid;
-      let runtime;
-      let response;
-      try {
-        runtime = await runtimeFactory.getRuntime(accountUuid);
-        response = await runtime.fetch(input, init);
-      } catch (error) {
-        if (isAbortError(error)) throw error;
-        if (await handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error)) {
-          continue;
-        }
-        void showToast2(client, `${getAccountLabel2(account)} network error \u2014 switching`, "warning");
-        continue;
-      }
-      const transition = await dispatchResponseStatus(account, accountUuid, runtime, response, true, false);
-      if (transition.type === "retryOuter" || transition.type === "handled") {
-        if (transition.type === "handled" && transition.response) {
-          return transition.response;
-        }
-        continue;
-      }
-      await manager.markSuccess(accountUuid);
-      return transition.response;
-    }
-    throw new Error(
-      `Exhausted ${maxRetries} retries across all accounts. All attempts failed due to auth errors, rate limits, or token issues.`
-    );
-  }
-  async function handleRuntimeFetchFailure(manager, runtimeFactory, client, account, error) {
-    if (!isTokenRefreshError(error)) return false;
-    if (!account.uuid) return false;
-    const accountUuid = account.uuid;
-    runtimeFactory.invalidate(accountUuid);
-    await manager.markAuthFailure(accountUuid, {
-      ok: false,
-      permanent: error.permanent
-    });
-    await manager.refresh();
-    if (!manager.hasAnyUsableAccount()) {
-      void showToast2(client, "All accounts have auth failures.", "error");
-      throw new Error(
-        `All ${providerName} accounts have authentication failures. Re-authenticate with \`opencode auth login\`.`
-      );
-    }
-    void showToast2(client, `${getAccountLabel2(account)} auth failed \u2014 switching to next account.`, "warning");
-    return true;
-  }
-  async function resolveAccount(manager, client) {
-    let attempts = 0;
-    while (true) {
-      if (++attempts > MAX_RESOLVE_ATTEMPTS) {
-        throw new Error(
-          `Failed to resolve an available account after ${MAX_RESOLVE_ATTEMPTS} attempts. All accounts may be rate-limited or disabled.`
-        );
-      }
-      const account = await manager.selectAccount();
-      if (account) return account;
-      if (!manager.hasAnyUsableAccount()) {
-        throw new Error(
-          `All ${providerName} accounts are disabled. Re-authenticate with \`opencode auth login\`.`
-        );
-      }
-      const waitMs = manager.getMinWaitTime();
-      if (waitMs <= 0) {
-        throw new Error(
-          `All ${providerName} accounts are rate-limited. Add more accounts with \`opencode auth login\` or wait.`
-        );
-      }
-      await showToast2(
-        client,
-        `All ${manager.getAccountCount()} account(s) rate-limited. Waiting ${formatWaitTime2(waitMs)}...`,
-        "warning"
-      );
-      await sleep2(waitMs);
-    }
-  }
-  return {
-    executeWithAccountRotation: executeWithAccountRotation2
-  };
-}
-async function isRevokedTokenResponse(response) {
-  try {
-    const cloned = response.clone();
-    const body = await cloned.text();
-    return body.includes("revoked");
-  } catch {
-    return false;
-  }
-}
-
-// ../multi-account-core/src/proactive-refresh.ts
-var INITIAL_DELAY_MS = 5e3;
-function createProactiveRefreshQueueForProvider(dependencies) {
-  const {
-    providerAuthId,
-    getConfig: getConfig2,
-    refreshToken: refreshToken2,
-    isTokenExpired: isTokenExpired2,
-    debugLog: debugLog2
-  } = dependencies;
-  return class ProactiveRefreshQueue {
-    constructor(client, store, onInvalidate) {
-      this.client = client;
-      this.store = store;
-      this.onInvalidate = onInvalidate;
-    }
-    timeoutHandle = null;
-    runToken = 0;
-    inFlight = null;
-    start() {
-      const config = getConfig2();
-      if (!config.proactive_refresh) return;
-      this.runToken++;
-      if (this.timeoutHandle) {
-        clearTimeout(this.timeoutHandle);
-        this.timeoutHandle = null;
-      }
-      this.scheduleNext(this.runToken, INITIAL_DELAY_MS);
-      debugLog2(this.client, "Proactive refresh started", {
-        intervalSeconds: config.proactive_refresh_interval_seconds,
-        bufferSeconds: config.proactive_refresh_buffer_seconds
-      });
-    }
-    async stop() {
-      this.runToken++;
-      if (this.timeoutHandle) {
-        clearTimeout(this.timeoutHandle);
-        this.timeoutHandle = null;
-      }
-      if (this.inFlight) {
-        await this.inFlight;
-        this.inFlight = null;
-      }
-      debugLog2(this.client, "Proactive refresh stopped");
-    }
-    scheduleNext(token, delayMs) {
-      this.timeoutHandle = setTimeout(() => {
-        if (token !== this.runToken) return;
-        this.inFlight = this.runCheck(token).finally(() => {
-          this.inFlight = null;
-        });
-      }, delayMs);
-    }
-    needsProactiveRefresh(account) {
-      if (!account.accessToken || !account.expiresAt) return false;
-      if (isTokenExpired2(account)) return false;
-      const bufferMs = getConfig2().proactive_refresh_buffer_seconds * 1e3;
-      return account.expiresAt <= Date.now() + bufferMs;
-    }
-    async runCheck(token) {
-      try {
-        const stored = await this.store.load();
-        if (token !== this.runToken) return;
-        const candidates = stored.accounts.filter(
-          (a) => a.enabled !== false && !a.isAuthDisabled && a.uuid && this.needsProactiveRefresh(a)
-        );
-        if (candidates.length === 0) return;
-        debugLog2(this.client, `Proactive refresh: ${candidates.length} account(s) approaching expiry`);
-        for (const account of candidates) {
-          if (token !== this.runToken) return;
-          const credentials = await this.store.readCredentials(account.uuid);
-          if (!credentials || !this.needsProactiveRefresh(credentials)) continue;
-          const result = await refreshToken2(credentials.refreshToken, account.uuid, this.client);
-          if (result.ok) {
-            await this.store.mutateAccount(account.uuid, (target) => {
-              target.accessToken = result.patch.accessToken;
-              target.expiresAt = result.patch.expiresAt;
-              if (result.patch.refreshToken) target.refreshToken = result.patch.refreshToken;
-              if (result.patch.uuid) target.uuid = result.patch.uuid;
-              if (result.patch.email) target.email = result.patch.email;
-              if (result.patch.accountId) target.accountId = result.patch.accountId;
-              target.consecutiveAuthFailures = 0;
-              target.isAuthDisabled = false;
-              target.authDisabledReason = void 0;
-            });
-            this.onInvalidate?.(account.uuid);
-          } else {
-            await this.persistFailure(account, result.permanent);
-          }
-        }
-      } catch (error) {
-        debugLog2(this.client, `Proactive refresh check error: ${error}`);
-      } finally {
-        if (token === this.runToken) {
-          const intervalMs = getConfig2().proactive_refresh_interval_seconds * 1e3;
-          this.scheduleNext(token, intervalMs);
-        }
-      }
-    }
-    async persistFailure(account, permanent) {
-      try {
-        const accountUuid = account.uuid;
-        if (!accountUuid) return;
-        if (permanent) {
-          const removed = await this.store.removeAccount(accountUuid);
-          if (!removed) return;
-          this.onInvalidate?.(accountUuid);
-          await this.clearOpenCodeAuthIfNoAccountsRemain();
-          return;
-        }
-        await this.store.mutateStorage((storage) => {
-          const target = storage.accounts.find((entry) => entry.uuid === accountUuid);
-          if (!target) return;
-          target.consecutiveAuthFailures = (target.consecutiveAuthFailures ?? 0) + 1;
-          const maxFailures = getConfig2().max_consecutive_auth_failures;
-          const usableCount = storage.accounts.filter(
-            (entry) => entry.enabled && !entry.isAuthDisabled && entry.uuid !== accountUuid
-          ).length;
-          if (target.consecutiveAuthFailures >= maxFailures && usableCount > 0) {
-            target.isAuthDisabled = true;
-            target.authDisabledReason = `${maxFailures} consecutive auth failures (proactive refresh)`;
-          }
-        });
-      } catch {
-        debugLog2(this.client, `Failed to persist auth failure for ${account.uuid}`);
-      }
-    }
-    async clearOpenCodeAuthIfNoAccountsRemain() {
-      const storage = await this.store.load();
-      if (storage.accounts.length > 0) return;
-      await this.client.auth.set({
-        path: { id: providerAuthId },
-        body: getClearedOAuthBody()
-      }).catch(() => {
-      });
-    }
-  };
-}
-
-// ../multi-account-core/src/rate-limit.ts
-var USAGE_FETCH_COOLDOWN_MS = 3e4;
-function createRateLimitHandlers(dependencies) {
-  const {
-    fetchUsage: fetchUsage2,
-    getConfig: getConfig2,
-    formatWaitTime: formatWaitTime2,
-    getAccountLabel: getAccountLabel2,
-    showToast: showToast2
-  } = dependencies;
-  function retryAfterMsFromResponse2(response) {
-    const retryAfterMs = response.headers.get("retry-after-ms");
-    if (retryAfterMs) {
-      const parsed = parseInt(retryAfterMs, 10);
-      if (!isNaN(parsed) && parsed > 0) return parsed;
-    }
-    const retryAfter = response.headers.get("retry-after");
-    if (retryAfter) {
-      const parsed = parseInt(retryAfter, 10);
-      if (!isNaN(parsed) && parsed > 0) return parsed * 1e3;
-    }
-    return getConfig2().default_retry_after_ms;
-  }
-  function getResetMsFromUsage2(account) {
-    const usage = account.cachedUsage;
-    if (!usage) return null;
-    const now = Date.now();
-    const candidates = [];
-    if (usage.five_hour?.resets_at) {
-      const ms = Date.parse(usage.five_hour.resets_at) - now;
-      if (ms > 0) candidates.push(ms);
-    }
-    if (usage.seven_day?.resets_at) {
-      const ms = Date.parse(usage.seven_day.resets_at) - now;
-      if (ms > 0) candidates.push(ms);
-    }
-    return candidates.length > 0 ? Math.min(...candidates) : null;
-  }
-  async function fetchUsageLimits2(accessToken, accountId) {
-    if (!accessToken) return null;
-    try {
-      const result = await fetchUsage2(accessToken, accountId);
-      return result.ok ? result.data : null;
-    } catch {
-      return null;
-    }
-  }
-  async function handleRateLimitResponse2(manager, client, account, response) {
-    if (!account.uuid) return;
-    const resetMs = getResetMsFromUsage2(account) ?? retryAfterMsFromResponse2(response);
-    await manager.markRateLimited(account.uuid, resetMs);
-    const shouldFetchUsage = account.accessToken && (!account.cachedUsageAt || Date.now() - account.cachedUsageAt > USAGE_FETCH_COOLDOWN_MS);
-    if (shouldFetchUsage) {
-      const usage = await fetchUsageLimits2(account.accessToken, account.accountId);
-      if (usage) {
-        await manager.applyUsageCache(account.uuid, usage);
-      }
-    }
-    if (manager.getAccountCount() > 1) {
-      void showToast2(
-        client,
-        `${getAccountLabel2(account)} rate-limited (resets in ${formatWaitTime2(resetMs)}). Switching...`,
-        "warning"
-      );
-    }
-  }
-  return {
-    retryAfterMsFromResponse: retryAfterMsFromResponse2,
-    getResetMsFromUsage: getResetMsFromUsage2,
-    fetchUsageLimits: fetchUsageLimits2,
-    handleRateLimitResponse: handleRateLimitResponse2
-  };
-}
-
-// ../multi-account-core/src/auth-migration.ts
-import { promises as fs5 } from "node:fs";
-import { join as join6 } from "node:path";
-var AUTH_JSON_FILENAME = "auth.json";
-function isValidOAuthCredential(value) {
-  if (typeof value !== "object" || value === null) return false;
-  const candidate = value;
-  return candidate.type === "oauth" && typeof candidate.refresh === "string" && candidate.refresh.length > 0;
-}
-function resolveAuthJsonPath() {
-  return join6(getConfigDir2(), AUTH_JSON_FILENAME);
-}
-async function readAuthJson() {
-  const authPath = resolveAuthJsonPath();
-  let content;
-  try {
-    content = await fs5.readFile(authPath, "utf-8");
-  } catch {
-    return null;
-  }
-  try {
-    const parsed = JSON.parse(content);
-    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-      return null;
-    }
-    return parsed;
-  } catch {
-    return null;
-  }
-}
-async function migrateFromAuthJson(providerKey, store) {
-  const storage = await store.load();
-  const hasExistingAccounts = storage.accounts.length > 0;
-  if (hasExistingAccounts) return false;
-  const authData = await readAuthJson();
-  if (!authData) return false;
-  const providerCredential = authData[providerKey];
-  if (!isValidOAuthCredential(providerCredential)) return false;
-  const now = Date.now();
-  const newAccount = {
-    uuid: crypto.randomUUID(),
-    refreshToken: providerCredential.refresh,
-    accessToken: providerCredential.access,
-    expiresAt: providerCredential.expires,
-    addedAt: now,
-    lastUsed: now,
-    enabled: true,
-    planTier: "",
-    consecutiveAuthFailures: 0,
-    isAuthDisabled: false
-  };
-  await store.addAccount(newAccount);
-  await store.setActiveUuid(newAccount.uuid);
-  return true;
-}
-
-// ../multi-account-core/src/ui/ansi.ts
-var ANSI = {
-  hide: "\x1B[?25l",
-  show: "\x1B[?25h",
-  up: (n = 1) => `\x1B[${n}A`,
-  down: (n = 1) => `\x1B[${n}B`,
-  clearLine: "\x1B[2K",
-  cyan: "\x1B[36m",
-  green: "\x1B[32m",
-  red: "\x1B[31m",
-  yellow: "\x1B[33m",
-  dim: "\x1B[2m",
-  bold: "\x1B[1m",
-  reset: "\x1B[0m"
-};
-function parseKey(data) {
-  const s = data.toString();
-  if (s === "\x1B[A" || s === "\x1BOA") return "up";
-  if (s === "\x1B[B" || s === "\x1BOB") return "down";
-  if (s === "\r" || s === "\n") return "enter";
-  if (s === "") return "escape";
-  if (s === "\x1B") return "escape-start";
-  return null;
-}
-function isTTY() {
-  return Boolean(process.stdin.isTTY);
-}
-
-// ../multi-account-core/src/ui/select.ts
-var ESCAPE_TIMEOUT_MS = 50;
-var COLOR_MAP = {
-  red: ANSI.red,
-  green: ANSI.green,
-  yellow: ANSI.yellow,
-  cyan: ANSI.cyan
-};
-async function select(items, options) {
-  if (!isTTY()) {
-    throw new Error("Interactive select requires a TTY terminal");
-  }
-  const enabledItems = items.filter((i) => !i.disabled && !i.separator);
-  if (enabledItems.length === 0) {
-    throw new Error("All items disabled");
-  }
-  if (enabledItems.length === 1) {
-    return enabledItems[0].value;
-  }
-  const { message, subtitle } = options;
-  const { stdin, stdout } = process;
-  let cursor = items.findIndex((i) => !i.disabled && !i.separator);
-  if (cursor === -1) cursor = 0;
-  let escapeTimeout = null;
-  let isCleanedUp = false;
-  let isFirstRender = true;
-  const getTotalLines = () => {
-    const subtitleLines = subtitle ? 3 : 0;
-    return 1 + subtitleLines + items.length + 1 + 1;
-  };
-  const renderItemLabel = (item, isSelected) => {
-    const colorCode = item.color ? COLOR_MAP[item.color] ?? "" : "";
-    if (item.disabled) {
-      return `${ANSI.dim}${item.label} (unavailable)${ANSI.reset}`;
-    }
-    const hintSuffix = item.hint ? ` ${ANSI.dim}${item.hint}${ANSI.reset}` : "";
-    if (isSelected) {
-      const label = colorCode ? `${colorCode}${item.label}${ANSI.reset}` : item.label;
-      return `${label}${hintSuffix}`;
-    }
-    const dimLabel = colorCode ? `${ANSI.dim}${colorCode}${item.label}${ANSI.reset}` : `${ANSI.dim}${item.label}${ANSI.reset}`;
-    return `${dimLabel}${hintSuffix}`;
-  };
-  const render = () => {
-    const totalLines = getTotalLines();
-    if (!isFirstRender) {
-      stdout.write(ANSI.up(totalLines) + "\r");
-    }
-    isFirstRender = false;
-    stdout.write(`${ANSI.clearLine}${ANSI.dim}\u250C  ${ANSI.reset}${message}
-`);
-    if (subtitle) {
-      stdout.write(`${ANSI.clearLine}${ANSI.dim}\u2502${ANSI.reset}
-`);
-      stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u25C6${ANSI.reset}  ${subtitle}
-`);
-      stdout.write(`${ANSI.clearLine}
-`);
-    }
-    for (let i = 0; i < items.length; i++) {
-      const item = items[i];
-      if (!item) continue;
-      if (item.separator) {
-        stdout.write(`${ANSI.clearLine}${ANSI.dim}\u2502${ANSI.reset}
-`);
-        continue;
-      }
-      const isSelected = i === cursor;
-      const labelText = renderItemLabel(item, isSelected);
-      const bullet = isSelected ? `${ANSI.green}\u25CF${ANSI.reset}` : `${ANSI.dim}\u25CB${ANSI.reset}`;
-      stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u2502${ANSI.reset}  ${bullet} ${labelText}
-`);
-    }
-    stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u2502${ANSI.reset}  ${ANSI.dim}\u2191/\u2193 to select \u2022 Enter: confirm${ANSI.reset}
-`);
-    stdout.write(`${ANSI.clearLine}${ANSI.cyan}\u2514${ANSI.reset}
-`);
-  };
-  return new Promise((resolve) => {
-    const wasRaw = stdin.isRaw ?? false;
-    const cleanup = () => {
-      if (isCleanedUp) return;
-      isCleanedUp = true;
-      if (escapeTimeout) {
-        clearTimeout(escapeTimeout);
-        escapeTimeout = null;
-      }
-      try {
-        stdin.removeListener("data", onKey);
-        stdin.setRawMode(wasRaw);
-        stdin.pause();
-        stdout.write(ANSI.show);
-      } catch {
-      }
-      process.removeListener("SIGINT", onSignal);
-      process.removeListener("SIGTERM", onSignal);
-    };
-    const onSignal = () => {
-      cleanup();
-      resolve(null);
-    };
-    const finishWithValue = (value) => {
-      cleanup();
-      resolve(value);
-    };
-    const findNextSelectable = (from, direction) => {
-      if (items.length === 0) return from;
-      let next = from;
-      do {
-        next = (next + direction + items.length) % items.length;
-      } while (items[next]?.disabled || items[next]?.separator);
-      return next;
-    };
-    const onKey = (data) => {
-      if (escapeTimeout) {
-        clearTimeout(escapeTimeout);
-        escapeTimeout = null;
-      }
-      const action = parseKey(data);
-      switch (action) {
-        case "up":
-          cursor = findNextSelectable(cursor, -1);
-          render();
-          return;
-        case "down":
-          cursor = findNextSelectable(cursor, 1);
-          render();
-          return;
-        case "enter":
-          finishWithValue(items[cursor]?.value ?? null);
-          return;
-        case "escape":
-          finishWithValue(null);
-          return;
-        case "escape-start":
-          escapeTimeout = setTimeout(() => {
-            finishWithValue(null);
-          }, ESCAPE_TIMEOUT_MS);
-          return;
-        default:
-          return;
-      }
-    };
-    process.once("SIGINT", onSignal);
-    process.once("SIGTERM", onSignal);
-    try {
-      stdin.setRawMode(true);
-    } catch {
-      cleanup();
-      resolve(null);
-      return;
-    }
-    stdin.resume();
-    stdout.write(ANSI.hide);
-    render();
-    stdin.on("data", onKey);
-  });
-}
-
-// ../multi-account-core/src/ui/confirm.ts
-async function confirm(message, defaultYes = false) {
-  const items = defaultYes ? [
-    { label: "Yes", value: true },
-    { label: "No", value: false }
-  ] : [
-    { label: "No", value: false },
-    { label: "Yes", value: true }
-  ];
-  const result = await select(items, { message });
-  return result ?? false;
-}
-
-// ../multi-account-core/src/adapters/openai.ts
-var ISSUER = "https://auth.openai.com";
-var openAIOAuthAdapter = {
-  id: "openai",
-  authProviderId: "openai",
-  modelDisplayName: "ChatGPT",
-  statusToolName: "chatgpt_multiauth_status",
-  authMethodLabel: "ChatGPT Plus/Pro (Multi-Auth)",
-  serviceLogName: "chatgpt-multiauth",
-  oauthClientId: "app_EMoamEEZ73f0CkXaXp7hrann",
-  tokenEndpoint: `${ISSUER}/oauth/token`,
-  usageEndpoint: "",
-  profileEndpoint: "",
-  oauthBetaHeader: "",
-  requestBetaHeader: "",
-  cliUserAgent: "opencode/1.1.53",
-  cliVersion: "",
-  billingSalt: "",
-  toolPrefix: "mcp_",
-  accountStorageFilename: "openai-multi-account-accounts.json",
-  transform: {
-    rewriteOpenCodeBranding: false,
-    addToolPrefix: false,
-    stripToolPrefixInResponse: false,
-    enableMessagesBetaQuery: false
-  },
-  planLabels: {
-    pro: "ChatGPT Pro",
-    plus: "ChatGPT Plus",
-    go: "ChatGPT Go",
-    free: "Free"
-  },
-  supported: true
-};
+// src/account-manager.ts
+import { createAccountManagerForProvider } from "opencode-multi-account-core";
 
 // src/constants.ts
+import { openAIOAuthAdapter } from "opencode-multi-account-core";
 var OPENAI_OAUTH_ADAPTER = openAIOAuthAdapter;
 var OPENAI_CLIENT_ID = OPENAI_OAUTH_ADAPTER.oauthClientId;
 var OPENAI_TOKEN_ENDPOINT = OPENAI_OAUTH_ADAPTER.tokenEndpoint;
@@ -1867,95 +19,95 @@ var OAUTH_PORT = 1455;
 var OPENAI_BETA_HEADER = OPENAI_OAUTH_ADAPTER.requestBetaHeader;
 var OPENAI_CLI_USER_AGENT = OPENAI_OAUTH_ADAPTER.cliUserAgent;
 var TOOL_PREFIX = OPENAI_OAUTH_ADAPTER.toolPrefix;
-var ACCOUNTS_FILENAME2 = OPENAI_OAUTH_ADAPTER.accountStorageFilename;
+var ACCOUNTS_FILENAME = OPENAI_OAUTH_ADAPTER.accountStorageFilename;
 var PLAN_LABELS = OPENAI_OAUTH_ADAPTER.planLabels;
 var TOKEN_EXPIRY_BUFFER_MS = 6e4;
 var TOKEN_REFRESH_TIMEOUT_MS = 3e4;
 
 // src/oauth.ts
-import * as v6 from "valibot";
+import * as v2 from "valibot";
 
 // src/types.ts
-import * as v5 from "valibot";
-var OAuthCredentialsSchema2 = v5.object({
-  type: v5.literal("oauth"),
-  refresh: v5.string(),
-  access: v5.string(),
-  expires: v5.number()
+import * as v from "valibot";
+var OAuthCredentialsSchema = v.object({
+  type: v.literal("oauth"),
+  refresh: v.string(),
+  access: v.string(),
+  expires: v.number()
 });
-var UsageLimitEntrySchema2 = v5.object({
-  utilization: v5.number(),
-  resets_at: v5.nullable(v5.string())
+var UsageLimitEntrySchema = v.object({
+  utilization: v.number(),
+  resets_at: v.nullable(v.string())
 });
-var UsageLimitsSchema2 = v5.object({
-  five_hour: v5.optional(v5.nullable(UsageLimitEntrySchema2), null),
-  seven_day: v5.optional(v5.nullable(UsageLimitEntrySchema2), null),
-  seven_day_sonnet: v5.optional(v5.nullable(UsageLimitEntrySchema2), null)
+var UsageLimitsSchema = v.object({
+  five_hour: v.optional(v.nullable(UsageLimitEntrySchema), null),
+  seven_day: v.optional(v.nullable(UsageLimitEntrySchema), null),
+  seven_day_sonnet: v.optional(v.nullable(UsageLimitEntrySchema), null)
 });
-var CredentialRefreshPatchSchema2 = v5.object({
-  accessToken: v5.string(),
-  expiresAt: v5.number(),
-  refreshToken: v5.optional(v5.string()),
-  uuid: v5.optional(v5.string()),
-  accountId: v5.optional(v5.string()),
-  email: v5.optional(v5.string())
+var CredentialRefreshPatchSchema = v.object({
+  accessToken: v.string(),
+  expiresAt: v.number(),
+  refreshToken: v.optional(v.string()),
+  uuid: v.optional(v.string()),
+  accountId: v.optional(v.string()),
+  email: v.optional(v.string())
 });
-var StoredAccountSchema2 = v5.object({
-  uuid: v5.optional(v5.string()),
-  accountId: v5.optional(v5.string()),
-  label: v5.optional(v5.string()),
-  email: v5.optional(v5.string()),
-  planTier: v5.optional(v5.string(), ""),
-  refreshToken: v5.string(),
-  accessToken: v5.optional(v5.string()),
-  expiresAt: v5.optional(v5.number()),
-  addedAt: v5.number(),
-  lastUsed: v5.number(),
-  enabled: v5.optional(v5.boolean(), true),
-  rateLimitResetAt: v5.optional(v5.number()),
-  cachedUsage: v5.optional(UsageLimitsSchema2),
-  cachedUsageAt: v5.optional(v5.number()),
-  consecutiveAuthFailures: v5.optional(v5.number(), 0),
-  isAuthDisabled: v5.optional(v5.boolean(), false),
-  authDisabledReason: v5.optional(v5.string())
+var StoredAccountSchema = v.object({
+  uuid: v.optional(v.string()),
+  accountId: v.optional(v.string()),
+  label: v.optional(v.string()),
+  email: v.optional(v.string()),
+  planTier: v.optional(v.string(), ""),
+  refreshToken: v.string(),
+  accessToken: v.optional(v.string()),
+  expiresAt: v.optional(v.number()),
+  addedAt: v.number(),
+  lastUsed: v.number(),
+  enabled: v.optional(v.boolean(), true),
+  rateLimitResetAt: v.optional(v.number()),
+  cachedUsage: v.optional(UsageLimitsSchema),
+  cachedUsageAt: v.optional(v.number()),
+  consecutiveAuthFailures: v.optional(v.number(), 0),
+  isAuthDisabled: v.optional(v.boolean(), false),
+  authDisabledReason: v.optional(v.string())
 });
-var AccountStorageSchema2 = v5.object({
-  version: v5.literal(1),
-  accounts: v5.optional(v5.array(StoredAccountSchema2), []),
-  activeAccountUuid: v5.optional(v5.string())
+var AccountStorageSchema = v.object({
+  version: v.literal(1),
+  accounts: v.optional(v.array(StoredAccountSchema), []),
+  activeAccountUuid: v.optional(v.string())
 });
-var TokenResponseSchema = v5.object({
-  id_token: v5.optional(v5.string()),
-  access_token: v5.string(),
-  refresh_token: v5.optional(v5.string()),
-  expires_in: v5.number()
+var TokenResponseSchema = v.object({
+  id_token: v.optional(v.string()),
+  access_token: v.string(),
+  refresh_token: v.optional(v.string()),
+  expires_in: v.number()
 });
-var AccountSelectionStrategySchema2 = v5.picklist(["sticky", "round-robin", "hybrid"]);
-var PluginConfigSchema2 = v5.object({
+var AccountSelectionStrategySchema = v.picklist(["sticky", "round-robin", "hybrid"]);
+var PluginConfigSchema = v.object({
   /** sticky: same account until failure, round-robin: rotate every request, hybrid: health+usage scoring */
-  account_selection_strategy: v5.optional(AccountSelectionStrategySchema2, "sticky"),
+  account_selection_strategy: v.optional(AccountSelectionStrategySchema, "sticky"),
   /** Use cross-process claim file to distribute parallel sessions across accounts */
-  cross_process_claims: v5.optional(v5.boolean(), true),
+  cross_process_claims: v.optional(v.boolean(), true),
   /** Skip account when any usage tier utilization >= this % (100 = disabled) */
-  soft_quota_threshold_percent: v5.optional(v5.pipe(v5.number(), v5.minValue(0), v5.maxValue(100)), 100),
+  soft_quota_threshold_percent: v.optional(v.pipe(v.number(), v.minValue(0), v.maxValue(100)), 100),
   /** Minimum backoff after rate limit (ms) */
-  rate_limit_min_backoff_ms: v5.optional(v5.pipe(v5.number(), v5.minValue(0)), 3e4),
+  rate_limit_min_backoff_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 3e4),
   /** Default retry-after when header is missing (ms) */
-  default_retry_after_ms: v5.optional(v5.pipe(v5.number(), v5.minValue(0)), 6e4),
+  default_retry_after_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 6e4),
   /** Consecutive auth failures before disabling account */
-  max_consecutive_auth_failures: v5.optional(v5.pipe(v5.number(), v5.integer(), v5.minValue(1)), 3),
+  max_consecutive_auth_failures: v.optional(v.pipe(v.number(), v.integer(), v.minValue(1)), 3),
   /** Backoff after token refresh failure (ms) */
-  token_failure_backoff_ms: v5.optional(v5.pipe(v5.number(), v5.minValue(0)), 3e4),
+  token_failure_backoff_ms: v.optional(v.pipe(v.number(), v.minValue(0)), 3e4),
   /** Enable proactive background token refresh */
-  proactive_refresh: v5.optional(v5.boolean(), true),
+  proactive_refresh: v.optional(v.boolean(), true),
   /** Seconds before expiry to trigger proactive refresh (default 30 min) */
-  proactive_refresh_buffer_seconds: v5.optional(v5.pipe(v5.number(), v5.minValue(60)), 1800),
+  proactive_refresh_buffer_seconds: v.optional(v.pipe(v.number(), v.minValue(60)), 1800),
   /** Interval between background refresh checks in seconds (default 5 min) */
-  proactive_refresh_interval_seconds: v5.optional(v5.pipe(v5.number(), v5.minValue(30)), 300),
+  proactive_refresh_interval_seconds: v.optional(v.pipe(v.number(), v.minValue(30)), 300),
   /** Suppress toast notifications */
-  quiet_mode: v5.optional(v5.boolean(), false),
+  quiet_mode: v.optional(v.boolean(), false),
   /** Enable debug logging */
-  debug: v5.optional(v5.boolean(), false)
+  debug: v.optional(v.boolean(), false)
 });
 
 // src/oauth.ts
@@ -2034,7 +186,7 @@ function tokenEndpoint() {
   return `${OAUTH_ISSUER}/oauth/token`;
 }
 function parseTokenResponse(json) {
-  return v6.parse(TokenResponseSchema, json);
+  return v2.parse(TokenResponseSchema, json);
 }
 async function postTokenForm(body) {
   const response = await fetch(tokenEndpoint(), {
@@ -2233,7 +385,7 @@ function buildAuthorizeUrl(redirectUri, pkce, state) {
 }
 
 // src/token.ts
-import * as v7 from "valibot";
+import * as v3 from "valibot";
 var PERMANENT_FAILURE_STATUSES = /* @__PURE__ */ new Set([400, 401, 403]);
 var refreshMutexByAccountId = /* @__PURE__ */ new Map();
 function isTokenExpired(account) {
@@ -2272,7 +424,7 @@ async function refreshToken(currentRefreshToken, accountId, client) {
         });
         return { ok: false, permanent: isPermanent, status: response.status };
       }
-      const json = v7.parse(TokenResponseSchema, await response.json());
+      const json = v3.parse(TokenResponseSchema, await response.json());
       const patch = {
         accessToken: json.access_token,
         expiresAt: startTime + json.expires_in * 1e3,
@@ -2307,37 +459,61 @@ var AccountManager = createAccountManagerForProvider({
   refreshToken
 });
 
+// src/executor.ts
+import { createExecutorForProvider } from "opencode-multi-account-core";
+
+// src/rate-limit.ts
+import { createRateLimitHandlers } from "opencode-multi-account-core";
+
 // src/config.ts
+import {
+  getConfig,
+  initCoreConfig,
+  loadConfig,
+  resetConfigCache,
+  updateConfigField
+} from "opencode-multi-account-core";
 initCoreConfig("codex-multiauth.json");
 
 // src/utils.ts
+import { setConfigGetter } from "opencode-multi-account-core";
+import {
+  createMinimalClient,
+  debugLog,
+  formatWaitTime,
+  getAccountLabel,
+  getConfigDir,
+  getErrorCode,
+  showToast,
+  sleep
+} from "opencode-multi-account-core";
 setConfigGetter(getConfig);
 
 // src/usage.ts
-import * as v8 from "valibot";
+import * as v4 from "valibot";
 var OPENAI_AUTH_CLAIM = "https://api.openai.com/auth";
 var OPENAI_PROFILE_CLAIM = "https://api.openai.com/profile";
-var OpenAIAuthClaimSchema = v8.object({
-  chatgpt_plan_type: v8.optional(v8.string()),
-  chatgpt_account_id: v8.optional(v8.string()),
-  chatgpt_user_id: v8.optional(v8.string())
+var OpenAIAuthClaimSchema = v4.object({
+  chatgpt_plan_type: v4.optional(v4.string()),
+  chatgpt_account_id: v4.optional(v4.string()),
+  chatgpt_user_id: v4.optional(v4.string())
 });
-var OpenAIProfileClaimSchema = v8.object({
-  email: v8.optional(v8.string())
+var OpenAIProfileClaimSchema = v4.object({
+  email: v4.optional(v4.string())
 });
-var WhamRateLimitWindowSchema = v8.object({
-  used_percent: v8.number(),
-  reset_after_seconds: v8.number()
+var WhamRateLimitWindowSchema = v4.object({
+  used_percent: v4.number(),
+  reset_after_seconds: v4.number()
 });
-var WhamUsageResponseSchema = v8.object({
-  plan_type: v8.optional(v8.nullable(v8.string())),
-  rate_limit: v8.optional(v8.nullable(v8.object({
-    primary_window: v8.optional(v8.nullable(WhamRateLimitWindowSchema)),
-    secondary_window: v8.optional(v8.nullable(WhamRateLimitWindowSchema))
+var WhamUsageResponseSchema = v4.object({
+  plan_type: v4.optional(v4.nullable(v4.string())),
+  rate_limit: v4.optional(v4.nullable(v4.object({
+    primary_window: v4.optional(v4.nullable(WhamRateLimitWindowSchema)),
+    secondary_window: v4.optional(v4.nullable(WhamRateLimitWindowSchema))
   }))),
-  credits: v8.optional(v8.nullable(v8.object({
-    balance: v8.optional(v8.nullable(v8.string())),
-    unlimited: v8.optional(v8.nullable(v8.boolean()))
+  credits: v4.optional(v4.nullable(v4.object({
+    balance: v4.optional(v4.nullable(v4.string())),
+    unlimited: v4.optional(v4.nullable(v4.boolean()))
   })))
 });
 function secondsToISOResetTime(resetAfterSeconds) {
@@ -2359,7 +535,7 @@ async function fetchUsage(accessToken, accountId) {
     if (!response.ok) {
       return { ok: false, reason: `HTTP ${response.status} ${response.statusText}` };
     }
-    const parsed = v8.safeParse(WhamUsageResponseSchema, await response.json());
+    const parsed = v4.safeParse(WhamUsageResponseSchema, await response.json());
     if (!parsed.success) {
       return { ok: false, reason: `Invalid response: ${parsed.issues[0]?.message ?? "unknown"}` };
     }
@@ -2377,7 +553,7 @@ async function fetchUsage(accessToken, accountId) {
       } : null,
       seven_day_sonnet: null
     };
-    const validated = v8.safeParse(UsageLimitsSchema2, usage);
+    const validated = v4.safeParse(UsageLimitsSchema, usage);
     if (!validated.success) {
       return { ok: false, reason: `Mapping error: ${validated.issues[0]?.message ?? "unknown"}` };
     }
@@ -2399,10 +575,10 @@ function fetchProfile(accessToken) {
     }
     const record = claims;
     const profileClaim = record[OPENAI_PROFILE_CLAIM];
-    const profileParsed = v8.safeParse(OpenAIProfileClaimSchema, profileClaim ?? {});
+    const profileParsed = v4.safeParse(OpenAIProfileClaimSchema, profileClaim ?? {});
     const email = profileParsed.success ? profileParsed.output.email : void 0;
     const authClaim = record[OPENAI_AUTH_CLAIM];
-    const authParsed = v8.safeParse(OpenAIAuthClaimSchema, authClaim ?? {});
+    const authParsed = v4.safeParse(OpenAIAuthClaimSchema, authClaim ?? {});
     const planType = authParsed.success ? authParsed.output.chatgpt_plan_type ?? "" : "";
     const planTier = derivePlanTier(planType);
     return {
@@ -2422,7 +598,7 @@ function formatTimeRemaining(resetAt) {
 }
 function getUsageSummary(account) {
   if (!account.cachedUsage) return "no usage data";
-  const parsed = v8.safeParse(UsageLimitsSchema2, account.cachedUsage);
+  const parsed = v4.safeParse(UsageLimitsSchema, account.cachedUsage);
   if (!parsed.success) return "no usage data";
   const parts = [];
   const { five_hour, seven_day } = parsed.output;
@@ -2470,7 +646,22 @@ var { executeWithAccountRotation } = createExecutorForProvider("Codex", {
 });
 
 // src/auth-handler.ts
-import * as v9 from "valibot";
+import * as v5 from "valibot";
+
+// src/ui/ansi.ts
+import {
+  ANSI,
+  isTTY,
+  parseKey
+} from "opencode-multi-account-core";
+
+// src/ui/select.ts
+import {
+  select
+} from "opencode-multi-account-core";
+
+// src/ui/confirm.ts
+import { confirm } from "opencode-multi-account-core";
 
 // src/ui/auth-menu.ts
 function formatRelativeTime(timestamp) {
@@ -2684,15 +875,21 @@ function printQuotaError(account, error) {
 }
 
 // src/account-store.ts
-setAccountsFilename(ACCOUNTS_FILENAME2);
+import {
+  AccountStore,
+  setAccountsFilename
+} from "opencode-multi-account-core";
+setAccountsFilename(ACCOUNTS_FILENAME);
 
 // src/auth-handler.ts
-import { randomUUID as randomUUID2 } from "node:crypto";
-var DeviceUserCodeResponseSchema = v9.object({
-  device_code: v9.string(),
-  user_code: v9.string(),
-  expires_in: v9.number(),
-  interval: v9.optional(v9.number())
+import { randomUUID } from "crypto";
+import { createInterface } from "readline";
+import { exec } from "child_process";
+var DeviceUserCodeResponseSchema = v5.object({
+  device_code: v5.string(),
+  user_code: v5.string(),
+  expires_in: v5.number(),
+  interval: v5.optional(v5.number())
 });
 function makeFailedFlowResult(message) {
   return {
@@ -2732,7 +929,7 @@ async function pollDeviceAuthToken(startResult) {
       })
     });
     if (response.ok) {
-      return v9.parse(TokenResponseSchema, await response.json());
+      return v5.parse(TokenResponseSchema, await response.json());
     }
     const payload = await response.json().catch(() => ({}));
     const error = typeof payload.error === "string" ? payload.error : "";
@@ -2785,7 +982,7 @@ async function startDeviceAuth() {
   if (!response.ok) {
     throw new Error(`Failed to start device authorization: ${response.status}`);
   }
-  const startResult = v9.parse(DeviceUserCodeResponseSchema, await response.json());
+  const startResult = v5.parse(DeviceUserCodeResponseSchema, await response.json());
   return {
     url: `${OAUTH_ISSUER}/codex/device`,
     instructions: `Enter code: ${startResult.user_code}`,
@@ -2869,7 +1066,7 @@ async function persistFallback(auth, accountId) {
     const store = new AccountStore();
     const now = Date.now();
     const account = {
-      uuid: randomUUID2(),
+      uuid: randomUUID(),
       accountId,
       refreshToken: auth.refresh,
       accessToken: auth.access,
@@ -3060,6 +1257,7 @@ Retrying authentication for ${label}...
 }
 
 // src/proactive-refresh.ts
+import { createProactiveRefreshQueueForProvider } from "opencode-multi-account-core";
 var ProactiveRefreshQueue = createProactiveRefreshQueueForProvider({
   providerAuthId: "openai",
   getConfig,
@@ -3131,11 +1329,14 @@ function transformRequestUrl(input) {
 }
 
 // src/runtime-factory.ts
+import { TokenRefreshError } from "opencode-multi-account-core";
 var AccountRuntimeFactory = class {
   constructor(store, client) {
     this.store = store;
     this.client = client;
   }
+  store;
+  client;
   runtimes = /* @__PURE__ */ new Map();
   initLocks = /* @__PURE__ */ new Map();
   async getRuntime(uuid) {
@@ -3341,3 +1542,4 @@ var CodexMultiAuthPlugin = async (ctx) => {
 export {
   CodexMultiAuthPlugin
 };
+//# sourceMappingURL=index.js.map