opencode-openai-multi-auth 5.0.0

package/dist/lib/accounts/manager.js

@@ -0,0 +1,270 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
+import { homedir } from "node:os";
+import { join, dirname } from "node:path";
+import { decodeJWT, refreshAccessToken } from "../auth/auth.js";
+import { DEFAULT_MULTI_ACCOUNT_CONFIG } from "./types.js";
+const JWT_CLAIM_PATH = "https://api.openai.com/auth";
+const ACCOUNTS_FILE = join(homedir(), ".config", "opencode", "openai-accounts.json");
+const OPENCODE_AUTH_FILE = join(homedir(), ".local", "share", "opencode", "auth.json");
+export class AccountManager {
+    accounts = [];
+    activeIndex = 0;
+    config;
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_MULTI_ACCOUNT_CONFIG, ...config };
+    }
+    async loadFromDisk() {
+        if (!existsSync(ACCOUNTS_FILE))
+            return;
+        try {
+            const data = JSON.parse(readFileSync(ACCOUNTS_FILE, "utf-8"));
+            if (data.version === 1 && Array.isArray(data.accounts)) {
+                this.accounts = data.accounts;
+                this.activeIndex = data.activeAccountIndex || 0;
+            }
+        }
+        catch {
+            this.accounts = [];
+        }
+    }
+    async saveToDisk() {
+        const dir = dirname(ACCOUNTS_FILE);
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+        const data = {
+            version: 1,
+            accounts: this.accounts,
+            activeAccountIndex: this.activeIndex,
+        };
+        writeFileSync(ACCOUNTS_FILE, JSON.stringify(data, null, 2), "utf-8");
+    }
+    async importFromOpenCodeAuth() {
+        if (!existsSync(OPENCODE_AUTH_FILE))
+            return;
+        try {
+            const authData = JSON.parse(readFileSync(OPENCODE_AUTH_FILE, "utf-8"));
+            const openaiAuth = authData?.openai;
+            if (openaiAuth?.type === "oauth" && openaiAuth?.refresh) {
+                const existingAccount = this.accounts.find((a) => a.parts.refreshToken === openaiAuth.refresh);
+                if (!existingAccount) {
+                    await this.addAccount(undefined, openaiAuth.refresh, openaiAuth.access, openaiAuth.expires);
+                }
+            }
+        }
+        catch { }
+    }
+    async addAccount(email, refreshToken, accessToken, expires) {
+        let accountId;
+        let userId;
+        let extractedEmail = email;
+        let planType;
+        if (accessToken) {
+            const decoded = decodeJWT(accessToken);
+            if (decoded) {
+                const authClaims = decoded[JWT_CLAIM_PATH];
+                accountId = authClaims?.chatgpt_account_id;
+                userId = authClaims?.chatgpt_user_id;
+                planType = authClaims?.chatgpt_plan_type;
+                const profile = decoded["https://api.openai.com/profile"];
+                if (!extractedEmail && profile?.email) {
+                    extractedEmail = profile.email;
+                }
+            }
+        }
+        // Deduplicate by userId + accountId (unique per user per workspace) or fallback to refreshToken
+        const existingIndex = this.accounts.findIndex((a) => {
+            if (userId && a.userId) {
+                return a.userId === userId && a.accountId === accountId;
+            }
+            return a.parts.refreshToken === refreshToken;
+        });
+        if (existingIndex >= 0) {
+            const existing = this.accounts[existingIndex];
+            if (accessToken)
+                existing.access = accessToken;
+            if (refreshToken)
+                existing.parts.refreshToken = refreshToken;
+            if (expires)
+                existing.expires = expires;
+            if (userId)
+                existing.userId = userId;
+            if (accountId)
+                existing.accountId = accountId;
+            if (planType)
+                existing.planType = planType;
+            if (extractedEmail)
+                existing.email = extractedEmail;
+            existing.consecutiveFailures = 0;
+            await this.saveToDisk();
+            if (!this.config.quietMode) {
+                console.log(`[openai-multi-auth] Updated account ${extractedEmail || existing.index}`);
+            }
+            return existing;
+        }
+        const account = {
+            index: this.accounts.length,
+            email: extractedEmail,
+            userId,
+            planType,
+            accountId,
+            addedAt: Date.now(),
+            parts: { refreshToken },
+            access: accessToken,
+            expires,
+            rateLimitResets: {},
+            consecutiveFailures: 0,
+        };
+        this.accounts.push(account);
+        await this.saveToDisk();
+        if (!this.config.quietMode) {
+            console.log(`[openai-multi-auth] Added account ${extractedEmail || account.index}`);
+        }
+        return account;
+    }
+    getAllAccounts() {
+        return this.accounts;
+    }
+    getAccountCount() {
+        return this.accounts.length;
+    }
+    async getNextAvailableAccount(model) {
+        if (this.accounts.length === 0)
+            return null;
+        const now = Date.now();
+        const startIndex = this.activeIndex;
+        let attempts = 0;
+        while (attempts < this.accounts.length) {
+            const index = (startIndex + attempts) % this.accounts.length;
+            const account = this.accounts[index];
+            if (this.isAccountAvailable(account, model, now)) {
+                this.activeIndex = index;
+                account.lastUsed = now;
+                return account;
+            }
+            attempts++;
+        }
+        return this.getLeastRateLimitedAccount(model);
+    }
+    isAccountAvailable(account, model, now) {
+        if (account.consecutiveFailures >= 3)
+            return false;
+        if (account.globalRateLimitReset && account.globalRateLimitReset > now) {
+            return false;
+        }
+        if (model && this.config.perModelRateLimits) {
+            const modelReset = account.rateLimitResets[model];
+            if (modelReset && modelReset > now) {
+                return false;
+            }
+        }
+        return true;
+    }
+    getLeastRateLimitedAccount(model) {
+        if (this.accounts.length === 0)
+            return null;
+        const now = Date.now();
+        let bestAccount = null;
+        let earliestReset = Infinity;
+        for (const account of this.accounts) {
+            if (account.consecutiveFailures >= 3)
+                continue;
+            let resetTime = account.globalRateLimitReset || 0;
+            if (model && this.config.perModelRateLimits) {
+                const modelReset = account.rateLimitResets[model] || 0;
+                resetTime = Math.max(resetTime, modelReset);
+            }
+            if (resetTime < earliestReset) {
+                earliestReset = resetTime;
+                bestAccount = account;
+            }
+        }
+        return bestAccount;
+    }
+    markRateLimited(account, retryAfterMs, model) {
+        const resetTime = Date.now() + retryAfterMs;
+        if (model && this.config.perModelRateLimits) {
+            account.rateLimitResets[model] = resetTime;
+        }
+        else {
+            account.globalRateLimitReset = resetTime;
+        }
+        if (this.config.debug) {
+            const identifier = account.email || `account-${account.index}`;
+            console.log(`[openai-multi-auth] ${identifier} rate limited until ${new Date(resetTime).toISOString()}`);
+        }
+    }
+    markRefreshFailed(account, error) {
+        account.consecutiveFailures++;
+        account.lastRefreshError = error;
+        account.isRefreshing = false;
+        if (this.config.removeOnInvalidGrant && error.includes("invalid_grant")) {
+            this.removeAccount(account);
+        }
+    }
+    removeAccount(account) {
+        const index = this.accounts.findIndex((a) => a.index === account.index);
+        if (index >= 0) {
+            this.accounts.splice(index, 1);
+            this.accounts.forEach((a, i) => (a.index = i));
+            if (this.activeIndex >= this.accounts.length) {
+                this.activeIndex = Math.max(0, this.accounts.length - 1);
+            }
+            this.saveToDisk();
+            if (!this.config.quietMode) {
+                console.log(`[openai-multi-auth] Removed account ${account.email || account.index}`);
+            }
+        }
+    }
+    async updateAccountTokens(account, accessToken, refreshToken, expires) {
+        account.access = accessToken;
+        account.parts.refreshToken = refreshToken;
+        account.expires = expires;
+        account.consecutiveFailures = 0;
+        account.isRefreshing = false;
+        account.lastRefreshError = undefined;
+        const decoded = decodeJWT(accessToken);
+        if (decoded) {
+            const authClaims = decoded[JWT_CLAIM_PATH];
+            if (authClaims?.chatgpt_account_id) {
+                account.accountId = authClaims.chatgpt_account_id;
+            }
+            if (authClaims?.chatgpt_user_id) {
+                account.userId = authClaims.chatgpt_user_id;
+            }
+            if (authClaims?.chatgpt_plan_type) {
+                account.planType = authClaims.chatgpt_plan_type;
+            }
+        }
+        await this.saveToDisk();
+    }
+    async ensureValidToken(account) {
+        if (!account.expires ||
+            account.expires > Date.now() + this.config.proactiveRefreshThresholdMs) {
+            return true;
+        }
+        if (account.isRefreshing) {
+            return !!account.access;
+        }
+        account.isRefreshing = true;
+        try {
+            const result = await refreshAccessToken(account.parts.refreshToken);
+            if (result.type === "success") {
+                await this.updateAccountTokens(account, result.access, result.refresh, result.expires);
+                return true;
+            }
+            this.markRefreshFailed(account, "Token refresh failed");
+            return false;
+        }
+        catch (err) {
+            this.markRefreshFailed(account, String(err));
+            return false;
+        }
+    }
+    getActiveAccount() {
+        if (this.accounts.length === 0)
+            return null;
+        return this.accounts[this.activeIndex] || this.accounts[0];
+    }
+}
+//# sourceMappingURL=manager.js.map

package/dist/lib/accounts/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../../lib/accounts/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAMhE,OAAO,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,cAAc,GAAG,6BAA6B,CAAC;AACrD,MAAM,aAAa,GAAG,IAAI,CACxB,OAAO,EAAE,EACT,SAAS,EACT,UAAU,EACV,sBAAsB,CACvB,CAAC;AACF,MAAM,kBAAkB,GAAG,IAAI,CAC7B,OAAO,EAAE,EACT,QAAQ,EACR,OAAO,EACP,UAAU,EACV,WAAW,CACZ,CAAC;AAEF,MAAM,OAAO,cAAc;IACjB,QAAQ,GAAqB,EAAE,CAAC;IAChC,WAAW,GAAG,CAAC,CAAC;IAChB,MAAM,CAAqB;IAEnC,YAAY,SAAsC,EAAE;QAClD,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,4BAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,OAAO;QAEvC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CACrB,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAClB,CAAC;YACrB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;gBAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,kBAAkB,IAAI,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;QACnC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,IAAI,GAAoB;YAC5B,OAAO,EAAE,CAAC;YACV,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,kBAAkB,EAAE,IAAI,CAAC,WAAW;SACrC,CAAC;QACF,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,sBAAsB;QAC1B,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC;YAAE,OAAO;QAE5C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,QAAQ,EAAE,MAAM,CAAC;YAEpC,IAAI,UAAU,EAAE,IAAI,KAAK,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;gBACxD,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,KAAK,UAAU,CAAC,OAAO,CACnD,CAAC;gBAEF,IAAI,CAAC,eAAe,EAAE,CAAC;oBACrB,MAAM,IAAI,CAAC,UAAU,CACnB,SAAS,EACT,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,MAAM,EACjB,UAAU,CAAC,OAAO,CACnB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,UAAU,CACd,KAAyB,EACzB,YAAoB,EACpB,WAAoB,EACpB,OAAgB;QAEhB,IAAI,SAA6B,CAAC;QAClC,IAAI,MAA0B,CAAC;QAC/B,IAAI,cAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,QAA4B,CAAC;QAEjC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;YACvC,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,cAAc,CAE5B,CAAC;gBACd,SAAS,GAAG,UAAU,EAAE,kBAAwC,CAAC;gBACjE,MAAM,GAAG,UAAU,EAAE,eAAqC,CAAC;gBAC3D,QAAQ,GAAG,UAAU,EAAE,iBAAuC,CAAC;gBAE/D,MAAM,OAAO,GAAG,OAAO,CAAC,gCAAgC,CAE3C,CAAC;gBACd,IAAI,CAAC,cAAc,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;oBACtC,cAAc,GAAG,OAAO,CAAC,KAAe,CAAC;gBAC3C,CAAC;YACH,CAAC;QACH,CAAC;QAED,gGAAgG;QAChG,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE;YAClD,IAAI,MAAM,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;YAC1D,CAAC;YACD,OAAO,CAAC,CAAC,KAAK,CAAC,YAAY,KAAK,YAAY,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC9C,IAAI,WAAW;gBAAE,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC;YAC/C,IAAI,YAAY;gBAAE,QAAQ,CAAC,KAAK,CAAC,YAAY,GAAG,YAAY,CAAC;YAC7D,IAAI,OAAO;gBAAE,QAAQ,CAAC,OAAO,GAAG,OAAO,CAAC;YACxC,IAAI,MAAM;gBAAE,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;YACrC,IAAI,SAAS;gBAAE,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;YAC9C,IAAI,QAAQ;gBAAE,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC3C,IAAI,cAAc;gBAAE,QAAQ,CAAC,KAAK,GAAG,cAAc,CAAC;YACpD,QAAQ,CAAC,mBAAmB,GAAG,CAAC,CAAC;YACjC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAExB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CACT,uCAAuC,cAAc,IAAI,QAAQ,CAAC,KAAK,EAAE,CAC1E,CAAC;YACJ,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAmB;YAC9B,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YAC3B,KAAK,EAAE,cAAc;YACrB,MAAM;YACN,QAAQ;YACR,SAAS;YACT,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE;YACnB,KAAK,EAAE,EAAE,YAAY,EAAE;YACvB,MAAM,EAAE,WAAW;YACnB,OAAO;YACP,eAAe,EAAE,EAAE;YACnB,mBAAmB,EAAE,CAAC;SACvB,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CACT,qCAAqC,cAAc,IAAI,OAAO,CAAC,KAAK,EAAE,CACvE,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,cAAc;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,KAAc;QAEd,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAE5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,IAAI,QAAQ,GAAG,CAAC,CAAC;QAEjB,OAAO,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YACvC,MAAM,KAAK,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAErC,IAAI,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;gBACjD,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;gBACzB,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBACvB,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,QAAQ,EAAE,CAAC;QACb,CAAC;QAED,OAAO,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAEO,kBAAkB,CACxB,OAAuB,EACvB,KAAyB,EACzB,GAAW;QAEX,IAAI,OAAO,CAAC,mBAAmB,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QAEnD,IAAI,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,oBAAoB,GAAG,GAAG,EAAE,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,UAAU,IAAI,UAAU,GAAG,GAAG,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,0BAA0B,CAAC,KAAc;QAC/C,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAE5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,WAAW,GAA0B,IAAI,CAAC;QAC9C,IAAI,aAAa,GAAG,QAAQ,CAAC;QAE7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,mBAAmB,IAAI,CAAC;gBAAE,SAAS;YAE/C,IAAI,SAAS,GAAG,OAAO,CAAC,oBAAoB,IAAI,CAAC,CAAC;YAClD,IAAI,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;gBAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACvD,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;gBAC9B,aAAa,GAAG,SAAS,CAAC;gBAC1B,WAAW,GAAG,OAAO,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,eAAe,CACb,OAAuB,EACvB,YAAoB,EACpB,KAAc;QAEd,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC;QAE5C,IAAI,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC5C,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;QAC3C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,IAAI,WAAW,OAAO,CAAC,KAAK,EAAE,CAAC;YAC/D,OAAO,CAAC,GAAG,CACT,uBAAuB,UAAU,uBAAuB,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAC5F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,iBAAiB,CAAC,OAAuB,EAAE,KAAa;QACtD,OAAO,CAAC,mBAAmB,EAAE,CAAC;QAC9B,OAAO,CAAC,gBAAgB,GAAG,KAAK,CAAC;QACjC,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC;QAE7B,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,IAAI,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACxE,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,aAAa,CAAC,OAAuB;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;QACxE,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACf,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC/B,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;YAE/C,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAElB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CACT,uCAAuC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CACxE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,OAAuB,EACvB,WAAmB,EACnB,YAAoB,EACpB,OAAe;QAEf,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC;QAC7B,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,YAAY,CAAC;QAC1C,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QAC1B,OAAO,CAAC,mBAAmB,GAAG,CAAC,CAAC;QAChC,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC;QAC7B,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC;QAErC,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,UAAU,GAAG,OAAO,CAAC,cAAc,CAE5B,CAAC;YACd,IAAI,UAAU,EAAE,kBAAkB,EAAE,CAAC;gBACnC,OAAO,CAAC,SAAS,GAAG,UAAU,CAAC,kBAA4B,CAAC;YAC9D,CAAC;YACD,IAAI,UAAU,EAAE,eAAe,EAAE,CAAC;gBAChC,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,eAAyB,CAAC;YACxD,CAAC;YACD,IAAI,UAAU,EAAE,iBAAiB,EAAE,CAAC;gBAClC,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,iBAA2B,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAuB;QAC5C,IACE,CAAC,OAAO,CAAC,OAAO;YAChB,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,2BAA2B,EACtE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QAED,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAEpE,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9B,MAAM,IAAI,CAAC,mBAAmB,CAC5B,OAAO,EACP,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,OAAO,CACf,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YACxD,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,gBAAgB;QACd,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC7D,CAAC;CACF"}

package/dist/lib/accounts/types.d.ts

@@ -0,0 +1,35 @@
+export interface ManagedAccount {
+    index: number;
+    email?: string;
+    userId?: string;
+    accountId?: string;
+    planType?: string;
+    addedAt: number;
+    lastUsed?: number;
+    parts: {
+        refreshToken: string;
+    };
+    access?: string;
+    expires?: number;
+    rateLimitResets: Record<string, number>;
+    globalRateLimitReset?: number;
+    consecutiveFailures: number;
+    isRefreshing?: boolean;
+    lastRefreshError?: string;
+}
+export interface AccountsStorage {
+    version: 1;
+    accounts: ManagedAccount[];
+    activeAccountIndex: number;
+}
+export interface MultiAccountConfig {
+    accountSelectionStrategy: "sticky" | "round-robin" | "hybrid";
+    debug: boolean;
+    quietMode: boolean;
+    pidOffsetEnabled: boolean;
+    proactiveRefreshThresholdMs: number;
+    removeOnInvalidGrant: boolean;
+    perModelRateLimits: boolean;
+}
+export declare const DEFAULT_MULTI_ACCOUNT_CONFIG: MultiAccountConfig;
+//# sourceMappingURL=types.d.ts.map

package/dist/lib/accounts/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../lib/accounts/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE;QACL,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,CAAC,CAAC;IACX,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,wBAAwB,EAAE,QAAQ,GAAG,aAAa,GAAG,QAAQ,CAAC;IAC9D,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,2BAA2B,EAAE,MAAM,CAAC;IACpC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAED,eAAO,MAAM,4BAA4B,EAAE,kBAQ1C,CAAC"}

package/dist/lib/accounts/types.js

@@ -0,0 +1,10 @@
+export const DEFAULT_MULTI_ACCOUNT_CONFIG = {
+    accountSelectionStrategy: "sticky",
+    debug: false,
+    quietMode: false,
+    pidOffsetEnabled: false,
+    proactiveRefreshThresholdMs: 5 * 60 * 1000,
+    removeOnInvalidGrant: true,
+    perModelRateLimits: true,
+};
+//# sourceMappingURL=types.js.map

package/dist/lib/accounts/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../lib/accounts/types.ts"],"names":[],"mappings":"AAoCA,MAAM,CAAC,MAAM,4BAA4B,GAAuB;IAC9D,wBAAwB,EAAE,QAAQ;IAClC,KAAK,EAAE,KAAK;IACZ,SAAS,EAAE,KAAK;IAChB,gBAAgB,EAAE,KAAK;IACvB,2BAA2B,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;IAC1C,oBAAoB,EAAE,IAAI;IAC1B,kBAAkB,EAAE,IAAI;CACzB,CAAC"}

package/dist/lib/auth/auth.d.ts

@@ -0,0 +1,43 @@
+import type { AuthorizationFlow, TokenResult, ParsedAuthInput, JWTPayload } from "../types.js";
+export declare const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+export declare const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+export declare const TOKEN_URL = "https://auth.openai.com/oauth/token";
+export declare const REDIRECT_URI = "http://localhost:1455/auth/callback";
+export declare const SCOPE = "openid profile email offline_access";
+/**
+ * Generate a random state value for OAuth flow
+ * @returns Random hex string
+ */
+export declare function createState(): string;
+/**
+ * Parse authorization code and state from user input
+ * @param input - User input (URL, code#state, or just code)
+ * @returns Parsed authorization data
+ */
+export declare function parseAuthorizationInput(input: string): ParsedAuthInput;
+/**
+ * Exchange authorization code for access and refresh tokens
+ * @param code - Authorization code from OAuth flow
+ * @param verifier - PKCE verifier
+ * @param redirectUri - OAuth redirect URI
+ * @returns Token result
+ */
+export declare function exchangeAuthorizationCode(code: string, verifier: string, redirectUri?: string): Promise<TokenResult>;
+/**
+ * Decode a JWT token to extract payload
+ * @param token - JWT token to decode
+ * @returns Decoded payload or null if invalid
+ */
+export declare function decodeJWT(token: string): JWTPayload | null;
+/**
+ * Refresh access token using refresh token
+ * @param refreshToken - Refresh token
+ * @returns Token result
+ */
+export declare function refreshAccessToken(refreshToken: string): Promise<TokenResult>;
+/**
+ * Create OAuth authorization flow
+ * @returns Authorization flow details
+ */
+export declare function createAuthorizationFlow(): Promise<AuthorizationFlow>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/lib/auth/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../lib/auth/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAY,iBAAiB,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzG,eAAO,MAAM,SAAS,iCAAiC,CAAC;AACxD,eAAO,MAAM,aAAa,4CAA4C,CAAC;AACvE,eAAO,MAAM,SAAS,wCAAwC,CAAC;AAC/D,eAAO,MAAM,YAAY,wCAAwC,CAAC;AAClE,eAAO,MAAM,KAAK,wCAAwC,CAAC;AAE3D;;;GAGG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,CAwBtE;AAED;;;;;;GAMG;AACH,wBAAsB,yBAAyB,CAC9C,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,WAAW,GAAE,MAAqB,GAChC,OAAO,CAAC,WAAW,CAAC,CAoCtB;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAU1D;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAkDnF;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAiB1E"}

package/dist/lib/auth/auth.js

@@ -0,0 +1,163 @@
+import { generatePKCE } from "@openauthjs/openauth/pkce";
+import { randomBytes } from "node:crypto";
+// OAuth constants (from openai/codex)
+export const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+export const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+export const TOKEN_URL = "https://auth.openai.com/oauth/token";
+export const REDIRECT_URI = "http://localhost:1455/auth/callback";
+export const SCOPE = "openid profile email offline_access";
+/**
+ * Generate a random state value for OAuth flow
+ * @returns Random hex string
+ */
+export function createState() {
+    return randomBytes(16).toString("hex");
+}
+/**
+ * Parse authorization code and state from user input
+ * @param input - User input (URL, code#state, or just code)
+ * @returns Parsed authorization data
+ */
+export function parseAuthorizationInput(input) {
+    const value = (input || "").trim();
+    if (!value)
+        return {};
+    try {
+        const url = new URL(value);
+        return {
+            code: url.searchParams.get("code") ?? undefined,
+            state: url.searchParams.get("state") ?? undefined,
+        };
+    }
+    catch { }
+    if (value.includes("#")) {
+        const [code, state] = value.split("#", 2);
+        return { code, state };
+    }
+    if (value.includes("code=")) {
+        const params = new URLSearchParams(value);
+        return {
+            code: params.get("code") ?? undefined,
+            state: params.get("state") ?? undefined,
+        };
+    }
+    return { code: value };
+}
+/**
+ * Exchange authorization code for access and refresh tokens
+ * @param code - Authorization code from OAuth flow
+ * @param verifier - PKCE verifier
+ * @param redirectUri - OAuth redirect URI
+ * @returns Token result
+ */
+export async function exchangeAuthorizationCode(code, verifier, redirectUri = REDIRECT_URI) {
+    const res = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            client_id: CLIENT_ID,
+            code,
+            code_verifier: verifier,
+            redirect_uri: redirectUri,
+        }),
+    });
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        console.error("[openai-codex-plugin] code->token failed:", res.status, text);
+        return { type: "failed" };
+    }
+    const json = (await res.json());
+    if (!json?.access_token ||
+        !json?.refresh_token ||
+        typeof json?.expires_in !== "number") {
+        console.error("[openai-codex-plugin] token response missing fields:", json);
+        return { type: "failed" };
+    }
+    return {
+        type: "success",
+        access: json.access_token,
+        refresh: json.refresh_token,
+        expires: Date.now() + json.expires_in * 1000,
+    };
+}
+/**
+ * Decode a JWT token to extract payload
+ * @param token - JWT token to decode
+ * @returns Decoded payload or null if invalid
+ */
+export function decodeJWT(token) {
+    try {
+        const parts = token.split(".");
+        if (parts.length !== 3)
+            return null;
+        const payload = parts[1];
+        const decoded = Buffer.from(payload, "base64").toString("utf-8");
+        return JSON.parse(decoded);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Refresh access token using refresh token
+ * @param refreshToken - Refresh token
+ * @returns Token result
+ */
+export async function refreshAccessToken(refreshToken) {
+    try {
+        const response = await fetch(TOKEN_URL, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                grant_type: "refresh_token",
+                refresh_token: refreshToken,
+                client_id: CLIENT_ID,
+            }),
+        });
+        if (!response.ok) {
+            const text = await response.text().catch(() => "");
+            console.error("[openai-codex-plugin] Token refresh failed:", response.status, text);
+            return { type: "failed" };
+        }
+        const json = (await response.json());
+        if (!json?.access_token ||
+            !json?.refresh_token ||
+            typeof json?.expires_in !== "number") {
+            console.error("[openai-codex-plugin] Token refresh response missing fields:", json);
+            return { type: "failed" };
+        }
+        return {
+            type: "success",
+            access: json.access_token,
+            refresh: json.refresh_token,
+            expires: Date.now() + json.expires_in * 1000,
+        };
+    }
+    catch (error) {
+        const err = error;
+        console.error("[openai-codex-plugin] Token refresh error:", err);
+        return { type: "failed" };
+    }
+}
+/**
+ * Create OAuth authorization flow
+ * @returns Authorization flow details
+ */
+export async function createAuthorizationFlow() {
+    const pkce = (await generatePKCE());
+    const state = createState();
+    const url = new URL(AUTHORIZE_URL);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", CLIENT_ID);
+    url.searchParams.set("redirect_uri", REDIRECT_URI);
+    url.searchParams.set("scope", SCOPE);
+    url.searchParams.set("code_challenge", pkce.challenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("state", state);
+    url.searchParams.set("id_token_add_organizations", "true");
+    url.searchParams.set("codex_cli_simplified_flow", "true");
+    url.searchParams.set("originator", "codex_cli_rs");
+    return { pkce, state, url: url.toString() };
+}
+//# sourceMappingURL=auth.js.map

package/dist/lib/auth/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../lib/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,sCAAsC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAG,8BAA8B,CAAC;AACxD,MAAM,CAAC,MAAM,aAAa,GAAG,yCAAyC,CAAC;AACvE,MAAM,CAAC,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAC/D,MAAM,CAAC,MAAM,YAAY,GAAG,qCAAqC,CAAC;AAClE,MAAM,CAAC,MAAM,KAAK,GAAG,qCAAqC,CAAC;AAE3D;;;GAGG;AACH,MAAM,UAAU,WAAW;IAC1B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACpD,MAAM,KAAK,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO;YACN,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YAC/C,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACjD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO;YACN,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YACrC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACvC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC9C,IAAY,EACZ,QAAgB,EAChB,cAAsB,YAAY;IAElC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACzB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,aAAa,EAAE,QAAQ;YACvB,YAAY,EAAE,WAAW;SACzB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IACF,IACC,CAAC,IAAI,EAAE,YAAY;QACnB,CAAC,IAAI,EAAE,aAAa;QACpB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,EACnC,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,IAAI,CAAC,CAAC;QAC5E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO;QACN,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC5C,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACtC,IAAI,CAAC;QACJ,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC5D,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACzB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,SAAS;aACpB,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,KAAK,CACZ,6CAA6C,EAC7C,QAAQ,CAAC,MAAM,EACf,IAAI,CACJ,CAAC;YACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;QACF,IACC,CAAC,IAAI,EAAE,YAAY;YACnB,CAAC,IAAI,EAAE,aAAa;YACpB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,EACnC,CAAC;YACF,OAAO,CAAC,KAAK,CACZ,8DAA8D,EAC9D,IAAI,CACJ,CAAC;YACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO;YACN,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI,CAAC,YAAY;YACzB,OAAO,EAAE,IAAI,CAAC,aAAa;YAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC5C,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,KAAc,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;QACjE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC5C,MAAM,IAAI,GAAG,CAAC,MAAM,YAAY,EAAE,CAAa,CAAC;IAChD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC7C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAC;IAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,2BAA2B,EAAE,MAAM,CAAC,CAAC;IAC1D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAEnD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC7C,CAAC"}

package/dist/lib/auth/browser.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Browser utilities for OAuth flow
+ * Handles platform-specific browser opening
+ */
+/**
+ * Gets the platform-specific command to open a URL in the default browser
+ * @returns Browser opener command for the current platform
+ */
+export declare function getBrowserOpener(): string;
+/**
+ * Opens a URL in the default browser
+ * Silently fails if browser cannot be opened (user can copy URL manually)
+ * @param url - URL to open
+ * @returns True if a browser launch was attempted
+ */
+export declare function openBrowserUrl(url: string): boolean;
+//# sourceMappingURL=browser.d.ts.map

package/dist/lib/auth/browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../../lib/auth/browser.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAKzC;AAkCD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAgBnD"}

package/dist/lib/auth/browser.js

@@ -0,0 +1,76 @@
+/**
+ * Browser utilities for OAuth flow
+ * Handles platform-specific browser opening
+ */
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { PLATFORM_OPENERS } from "../constants.js";
+/**
+ * Gets the platform-specific command to open a URL in the default browser
+ * @returns Browser opener command for the current platform
+ */
+export function getBrowserOpener() {
+    const platform = process.platform;
+    if (platform === "darwin")
+        return PLATFORM_OPENERS.darwin;
+    if (platform === "win32")
+        return PLATFORM_OPENERS.win32;
+    return PLATFORM_OPENERS.linux;
+}
+function commandExists(command) {
+    if (!command)
+        return false;
+    // "start" is a shell builtin on Windows; rely on shell execution
+    if (process.platform === "win32" && command.toLowerCase() === "start") {
+        return true;
+    }
+    const pathValue = process.env.PATH || "";
+    const entries = pathValue.split(path.delimiter).filter(Boolean);
+    if (entries.length === 0)
+        return false;
+    if (process.platform === "win32") {
+        const pathext = (process.env.PATHEXT || ".EXE;.CMD;.BAT;.COM")
+            .split(";")
+            .filter(Boolean);
+        for (const entry of entries) {
+            for (const ext of pathext) {
+                const candidate = path.join(entry, `${command}${ext}`);
+                if (fs.existsSync(candidate))
+                    return true;
+            }
+        }
+        return false;
+    }
+    for (const entry of entries) {
+        const candidate = path.join(entry, command);
+        if (fs.existsSync(candidate))
+            return true;
+    }
+    return false;
+}
+/**
+ * Opens a URL in the default browser
+ * Silently fails if browser cannot be opened (user can copy URL manually)
+ * @param url - URL to open
+ * @returns True if a browser launch was attempted
+ */
+export function openBrowserUrl(url) {
+    try {
+        const opener = getBrowserOpener();
+        if (!commandExists(opener)) {
+            return false;
+        }
+        const child = spawn(opener, [url], {
+            stdio: "ignore",
+            shell: process.platform === "win32",
+        });
+        child.on("error", () => { });
+        return true;
+    }
+    catch (error) {
+        // Silently fail - user can manually open the URL from instructions
+        return false;
+    }
+}
+//# sourceMappingURL=browser.js.map