orch-code 0.1.3 → 0.1.5

package/CHANGELOG.md

@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file.
 
+## v0.1.5 - 2026-04-03
+
+- feat: add OAuth account failover for OpenAI
+## v0.1.4 - 2026-04-03
+
+- feat: add live probe mode for doctor
 ## v0.1.3 - 2026-04-03
 
 - ci: harden npm install and release flow

package/README.md

@@ -327,14 +327,23 @@ Or account mode (OAuth):
 
 ```bash
 ./orch auth login openai --method account --flow auto
+./orch auth login openai --method account --flow auto   # add another account
+./orch auth list
+./orch auth use <credential-id>
+./orch auth remove <credential-id>
 ```
 
+When multiple OpenAI OAuth accounts are stored, Orch keeps one active account and can fail over to the next local account when the active one is rate-limited or rejected.
+
 Validate runtime readiness:
 
 ```bash
 ./orch doctor
+./orch doctor --probe
 ```
 
+`--probe` runs a small live OpenAI chat check, which is useful for validating account-mode OAuth auth beyond local token shape checks.
+
 Generate a structured plan only:
 
 ```bash

package/cmd/auth.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"fmt"
 	"os"
-	"sort"
 	"strings"
 	"time"
 
@@ -56,6 +55,21 @@ var authLogoutCmd = &cobra.Command{
 	RunE:  runAuthLogout,
 }
 
+var authUseCmd = &cobra.Command{
+	Use:   "use <credential-id>",
+	Short: "Set the active stored credential",
+	Args:  cobra.ExactArgs(1),
+	RunE:  runAuthUse,
+}
+
+var authRemoveCmd = &cobra.Command{
+	Use:     "remove <credential-id>",
+	Aliases: []string{"rm"},
+	Short:   "Remove one stored credential",
+	Args:    cobra.ExactArgs(1),
+	RunE:    runAuthRemove,
+}
+
 var authOpenAICmd = &cobra.Command{
 	Use:    "openai",
 	Hidden: true,
@@ -71,10 +85,14 @@ func init() {
 	authLoginCmd.Flags().StringVar(&authAPIKeyFlag, "api-key", "", "API key")
 
 	authLogoutCmd.Flags().StringVarP(&authProviderFlag, "provider", "p", "openai", "Provider id")
+	authUseCmd.Flags().StringVarP(&authProviderFlag, "provider", "p", "openai", "Provider id")
+	authRemoveCmd.Flags().StringVarP(&authProviderFlag, "provider", "p", "openai", "Provider id")
 
 	authCmd.AddCommand(authLoginCmd)
 	authCmd.AddCommand(authStatusCmd)
 	authCmd.AddCommand(authListCmd)
+	authCmd.AddCommand(authUseCmd)
+	authCmd.AddCommand(authRemoveCmd)
 	authCmd.AddCommand(authLogoutCmd)
 	authOpenAICmd.AddCommand(newAuthCompatLoginCmd())
 	authOpenAICmd.AddCommand(newAuthCompatLogoutCmd())
@@ -173,6 +191,9 @@ func runAuthLogin(cmd *cobra.Command, args []string) error {
 
 		fmt.Println("Credential saved to .orch/auth.json (0600).")
 		fmt.Printf("Auth mode set to api_key. Env %s is still supported with higher priority.\n", cfg.Provider.OpenAI.APIKeyEnv)
+		if active, activeErr := auth.Get(cwd, provider); activeErr == nil && active != nil {
+			fmt.Printf("Active credential id: %s\n", active.ID)
+		}
 		return nil
 	}
 
@@ -213,6 +234,9 @@ func runAuthLogin(cmd *cobra.Command, args []string) error {
 
 	fmt.Println("Credential saved to .orch/auth.json (0600).")
 	fmt.Printf("Auth mode set to account. You can also use %s.\n", cfg.Provider.OpenAI.AccountTokenEnv)
+	if active, activeErr := auth.Get(cwd, provider); activeErr == nil && active != nil {
+		fmt.Printf("Active credential id: %s\n", active.ID)
+	}
 	if !result.ExpiresAt.IsZero() {
 		fmt.Printf("Token expires at: %s\n", result.ExpiresAt.UTC().Format(time.RFC3339))
 	}
@@ -234,6 +258,10 @@ func runAuthStatus(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
+	credentials, activeID, err := auth.List(cwd, "openai")
+	if err != nil {
+		return err
+	}
 
 	fmt.Println("Auth Status")
 	fmt.Println("-----------")
@@ -251,6 +279,10 @@ func runAuthStatus(cmd *cobra.Command, args []string) error {
 	fmt.Printf("stored_api_key: %t\n", storedAPIKey)
 	fmt.Printf("stored_account_token: %t\n", storedAccount)
 	fmt.Printf("stored_account_refresh: %t\n", storedRefresh)
+	fmt.Printf("stored_credentials: %d\n", len(credentials))
+	if activeID != "" {
+		fmt.Printf("active_credential_id: %s\n", activeID)
+	}
 	if cred != nil && cred.Type == "oauth" && !cred.ExpiresAt.IsZero() {
 		fmt.Printf("account_expires_at: %s\n", cred.ExpiresAt.UTC().Format(time.RFC3339))
 	}
@@ -270,29 +302,76 @@ func runAuthList(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("failed to get working directory: %w", err)
 	}
 
-	all, err := auth.LoadAll(cwd)
+	provider := resolveProviderArg(args)
+	if provider != "openai" {
+		return fmt.Errorf("unsupported provider: %s (supported: openai)", provider)
+	}
+
+	credentials, activeID, err := auth.List(cwd, provider)
 	if err != nil {
 		return err
 	}
 
 	fmt.Println("Stored Credentials")
 	fmt.Println("------------------")
-	if len(all) == 0 {
+	if len(credentials) == 0 {
 		fmt.Println("No stored credentials found.")
 		return nil
 	}
 
-	providers := make([]string, 0, len(all))
-	for provider := range all {
-		providers = append(providers, provider)
+	for _, cred := range credentials {
+		marker := " "
+		if cred.ID == activeID {
+			marker = "*"
+		}
+		line := fmt.Sprintf("%s %s (%s)", marker, cred.ID, cred.Type)
+		if cred.Email != "" {
+			line += " " + cred.Email
+		}
+		if cred.AccountID != "" {
+			line += " account=" + cred.AccountID
+		}
+		fmt.Println(line)
+	}
+
+	return nil
+}
+
+func runAuthUse(cmd *cobra.Command, args []string) error {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("failed to get working directory: %w", err)
+	}
+
+	provider := resolveProviderArg(nil)
+	if provider != "openai" {
+		return fmt.Errorf("unsupported provider: %s (supported: openai)", provider)
+	}
+	credentialID := strings.TrimSpace(args[0])
+	if err := auth.SetActive(cwd, provider, credentialID); err != nil {
+		return err
+	}
+
+	fmt.Printf("Active credential set to %s for %s.\n", credentialID, provider)
+	return nil
+}
+
+func runAuthRemove(cmd *cobra.Command, args []string) error {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("failed to get working directory: %w", err)
 	}
-	sort.Strings(providers)
 
-	for _, provider := range providers {
-		cred := all[provider]
-		fmt.Printf("%s (%s)\n", provider, cred.Type)
+	provider := resolveProviderArg(nil)
+	if provider != "openai" {
+		return fmt.Errorf("unsupported provider: %s (supported: openai)", provider)
+	}
+	credentialID := strings.TrimSpace(args[0])
+	if err := auth.RemoveCredential(cwd, provider, credentialID); err != nil {
+		return err
 	}
 
+	fmt.Printf("Stored credential %s removed for %s.\n", credentialID, provider)
 	return nil
 }
 

package/cmd/auth_test.go

@@ -19,15 +19,27 @@ func TestAuthLoginAccountAndLogout(t *testing.T) {
 		t.Fatalf("save config: %v", err)
 	}
 
-	originalOAuthRunner := runOAuthLoginFlow
-	runOAuthLoginFlow = func(flow string) (auth.OAuthResult, error) {
-		return auth.OAuthResult{
+	results := []auth.OAuthResult{
+		{
 			AccessToken:  "token-123",
 			RefreshToken: "refresh-123",
 			ExpiresAt:    time.Now().UTC().Add(1 * time.Hour),
 			AccountID:    "acc-123",
 			Email:        "oauth@example.com",
-		}, nil
+		},
+		{
+			AccessToken:  "token-456",
+			RefreshToken: "refresh-456",
+			ExpiresAt:    time.Now().UTC().Add(2 * time.Hour),
+			AccountID:    "acc-456",
+			Email:        "second@example.com",
+		},
+	}
+	originalOAuthRunner := runOAuthLoginFlow
+	runOAuthLoginFlow = func(flow string) (auth.OAuthResult, error) {
+		result := results[0]
+		results = results[1:]
+		return result, nil
 	}
 	defer func() {
 		runOAuthLoginFlow = originalOAuthRunner
@@ -57,6 +69,47 @@ func TestAuthLoginAccountAndLogout(t *testing.T) {
 		t.Fatalf("expected stored account id")
 	}
 
+	authEmailFlag = "second@example.com"
+	if err := runAuthLogin(nil, nil); err != nil {
+		t.Fatalf("auth login second account: %v", err)
+	}
+
+	credentials, activeID, err := auth.List(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("list credentials: %v", err)
+	}
+	if len(credentials) != 2 {
+		t.Fatalf("expected 2 credentials, got %d", len(credentials))
+	}
+	if activeID != "acc-456" {
+		t.Fatalf("expected second account to become active, got %s", activeID)
+	}
+
+	if err := runAuthUse(nil, []string{"acc-123"}); err != nil {
+		t.Fatalf("auth use: %v", err)
+	}
+	active, err := auth.Get(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("get active credential: %v", err)
+	}
+	if active == nil || active.ID != "acc-123" {
+		t.Fatalf("expected acc-123 active, got %#v", active)
+	}
+
+	if err := runAuthRemove(nil, []string{"acc-456"}); err != nil {
+		t.Fatalf("auth remove: %v", err)
+	}
+	credentials, activeID, err = auth.List(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("list credentials after remove: %v", err)
+	}
+	if len(credentials) != 1 {
+		t.Fatalf("expected 1 credential after remove, got %d", len(credentials))
+	}
+	if activeID != "acc-123" {
+		t.Fatalf("expected acc-123 to remain active, got %s", activeID)
+	}
+
 	if err := runAuthLogout(nil, nil); err != nil {
 		t.Fatalf("auth logout: %v", err)
 	}

package/cmd/doctor.go

@@ -9,10 +9,13 @@ import (
 
 	"github.com/furkanbeydemir/orch/internal/auth"
 	"github.com/furkanbeydemir/orch/internal/config"
+	"github.com/furkanbeydemir/orch/internal/providers"
 	"github.com/furkanbeydemir/orch/internal/providers/openai"
 	"github.com/spf13/cobra"
 )
 
+var doctorProbeFlag bool
+
 var doctorCmd = &cobra.Command{
 	Use:   "doctor",
 	Short: "Validate Orch runtime readiness",
@@ -21,6 +24,7 @@ var doctorCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(doctorCmd)
+	doctorCmd.Flags().BoolVar(&doctorProbeFlag, "probe", false, "Run a live provider chat probe")
 }
 
 func runDoctor(cmd *cobra.Command, args []string) error {
@@ -85,8 +89,8 @@ func runDoctor(cmd *cobra.Command, args []string) error {
 	})
 
 	checks = append(checks, check{
-		name: "openai.account_refresh",
-		ok:   authMode != "account" || accountToken != "" || !storedAccount || storedRefresh || (storedCred != nil && storedCred.ExpiresAt.IsZero()) || time.Now().UTC().Before(storedCred.ExpiresAt),
+		name:   "openai.account_refresh",
+		ok:     authMode != "account" || accountToken != "" || !storedAccount || storedRefresh || (storedCred != nil && storedCred.ExpiresAt.IsZero()) || time.Now().UTC().Before(storedCred.ExpiresAt),
 		detail: fmt.Sprintf("required_when_expired=%t", authMode == "account" && accountToken == ""),
 	})
 
@@ -95,30 +99,27 @@ func runDoctor(cmd *cobra.Command, args []string) error {
 	checks = append(checks, check{name: "openai.model.reviewer", ok: strings.TrimSpace(cfg.Provider.OpenAI.Models.Reviewer) != "", detail: cfg.Provider.OpenAI.Models.Reviewer})
 
 	if cfg.Provider.Flags.OpenAIEnabled && defaultProvider == "openai" {
-		client := openai.New(cfg.Provider.OpenAI)
-		client.SetTokenResolver(func(ctx context.Context) (string, error) {
-			_ = ctx
-			if authMode == "api_key" {
-				if storedCred != nil && strings.TrimSpace(storedCred.Key) != "" {
-					return strings.TrimSpace(storedCred.Key), nil
-				}
-				return "", nil
-			}
-			resolved, resolveErr := auth.ResolveAccountAccessToken(cwd, "openai")
-			if resolveErr != nil {
-				return "", resolveErr
-			}
-			return resolved, nil
-		})
+		client := newDoctorOpenAIClient(cwd, cfg.Provider.OpenAI, authMode, storedCred)
 
 		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 		defer cancel()
 		validateErr := client.Validate(ctx)
 		checks = append(checks, check{
-			name:   "openai.auth",
+			name:   "openai.auth.local",
 			ok:     validateErr == nil,
 			detail: errDetail(validateErr, "ok"),
 		})
+
+		if doctorProbeFlag {
+			probeCtx, probeCancel := context.WithTimeout(context.Background(), doctorProbeTimeout(cfg.Provider.OpenAI.TimeoutSeconds))
+			defer probeCancel()
+			probeErr := runOpenAIProbe(probeCtx, client, cfg.Provider.OpenAI.Models.Coder)
+			checks = append(checks, check{
+				name:   "openai.auth.probe",
+				ok:     probeErr == nil,
+				detail: errDetail(probeErr, "ok"),
+			})
+		}
 	}
 
 	failed := 0
@@ -147,3 +148,52 @@ func errDetail(err error, fallback string) string {
 	}
 	return err.Error()
 }
+
+func newDoctorOpenAIClient(cwd string, cfg config.OpenAIProviderConfig, authMode string, storedCred *auth.Credential) *openai.Client {
+	client := openai.New(cfg)
+	var accountSession *auth.AccountSession
+	if authMode == "account" && strings.TrimSpace(os.Getenv(cfg.AccountTokenEnv)) == "" {
+		accountSession = auth.NewAccountSession(cwd, "openai")
+		client.SetAccountFailoverHandler(func(ctx context.Context, err error) (string, bool, error) {
+			return accountSession.Failover(ctx, openai.AccountFailoverCooldown(err), err.Error())
+		})
+		client.SetAccountSuccessHandler(func(ctx context.Context) {
+			accountSession.MarkSuccess(ctx)
+		})
+	}
+	client.SetTokenResolver(func(ctx context.Context) (string, error) {
+		if authMode == "api_key" {
+			if storedCred != nil && strings.TrimSpace(storedCred.Key) != "" {
+				return strings.TrimSpace(storedCred.Key), nil
+			}
+			return "", nil
+		}
+		if accountSession == nil {
+			return "", nil
+		}
+		return accountSession.ResolveToken(ctx)
+	})
+	return client
+}
+
+func runOpenAIProbe(ctx context.Context, client *openai.Client, model string) error {
+	_, err := client.Chat(ctx, providers.ChatRequest{
+		Role:            providers.RoleCoder,
+		Model:           strings.TrimSpace(model),
+		SystemPrompt:    "Reply with OK only.",
+		UserPrompt:      "ping",
+		ReasoningEffort: "low",
+	})
+	return err
+}
+
+func doctorProbeTimeout(timeoutSeconds int) time.Duration {
+	if timeoutSeconds <= 0 {
+		return 20 * time.Second
+	}
+	timeout := time.Duration(timeoutSeconds) * time.Second
+	if timeout > 20*time.Second {
+		return 20 * time.Second
+	}
+	return timeout
+}

package/cmd/interactive.go

@@ -961,8 +961,17 @@ func executeChatPrompt(prompt string) (*chatExecutionResult, error) {
 	}
 
 	client := openai.New(cfg.Provider.OpenAI)
+	var accountSession *auth.AccountSession
+	if strings.ToLower(strings.TrimSpace(cfg.Provider.OpenAI.AuthMode)) == "account" && strings.TrimSpace(os.Getenv(cfg.Provider.OpenAI.AccountTokenEnv)) == "" {
+		accountSession = auth.NewAccountSession(cwd, "openai")
+		client.SetAccountFailoverHandler(func(ctx context.Context, err error) (string, bool, error) {
+			return accountSession.Failover(ctx, openai.AccountFailoverCooldown(err), err.Error())
+		})
+		client.SetAccountSuccessHandler(func(ctx context.Context) {
+			accountSession.MarkSuccess(ctx)
+		})
+	}
 	client.SetTokenResolver(func(ctx context.Context) (string, error) {
-		_ = ctx
 		mode := strings.ToLower(strings.TrimSpace(cfg.Provider.OpenAI.AuthMode))
 		if mode == "api_key" {
 			cred, credErr := auth.Get(cwd, "openai")
@@ -974,7 +983,10 @@ func executeChatPrompt(prompt string) (*chatExecutionResult, error) {
 			}
 			return "", nil
 		}
-		return auth.ResolveAccountAccessToken(cwd, "openai")
+		if accountSession == nil {
+			return "", nil
+		}
+		return accountSession.ResolveToken(ctx)
 	})
 
 	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(cfg.Provider.OpenAI.TimeoutSeconds)*time.Second)

package/cmd/provider_model_doctor_test.go

@@ -1,7 +1,11 @@
 package cmd
 
 import (
+	"encoding/base64"
 	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 
@@ -56,6 +60,76 @@ func TestDoctorFailsWithoutAPIKey(t *testing.T) {
 	}
 }
 
+func TestDoctorProbeAccountModeSucceeds(t *testing.T) {
+	repoRoot := t.TempDir()
+	t.Chdir(repoRoot)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/codex/responses" {
+			t.Fatalf("unexpected path: %s", r.URL.Path)
+		}
+		if got := r.Header.Get("ChatGPT-Account-Id"); got != "acc-123" {
+			t.Fatalf("unexpected account header: %s", got)
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte(`{"output_text":"OK","status":"completed","usage":{"input_tokens":1,"output_tokens":1,"total_tokens":2}}`))
+	}))
+	defer server.Close()
+
+	if err := config.EnsureOrchDir(repoRoot); err != nil {
+		t.Fatalf("ensure orch dir: %v", err)
+	}
+	cfg := config.DefaultConfig()
+	cfg.Provider.OpenAI.AuthMode = "account"
+	cfg.Provider.OpenAI.BaseURL = server.URL
+	cfg.Provider.OpenAI.TimeoutSeconds = 5
+	if err := config.Save(repoRoot, cfg); err != nil {
+		t.Fatalf("save config: %v", err)
+	}
+
+	t.Setenv("OPENAI_ACCOUNT_TOKEN", testDoctorAccountToken("acc-123"))
+	doctorProbeFlag = true
+	defer func() { doctorProbeFlag = false }()
+
+	if err := runDoctor(nil, nil); err != nil {
+		t.Fatalf("expected doctor probe to succeed: %v", err)
+	}
+}
+
+func TestDoctorProbeAccountModeFailsWhenProviderRejects(t *testing.T) {
+	repoRoot := t.TempDir()
+	t.Chdir(repoRoot)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusUnauthorized)
+		_, _ = w.Write([]byte(`{"error":"unauthorized"}`))
+	}))
+	defer server.Close()
+
+	if err := config.EnsureOrchDir(repoRoot); err != nil {
+		t.Fatalf("ensure orch dir: %v", err)
+	}
+	cfg := config.DefaultConfig()
+	cfg.Provider.OpenAI.AuthMode = "account"
+	cfg.Provider.OpenAI.BaseURL = server.URL
+	cfg.Provider.OpenAI.TimeoutSeconds = 5
+	if err := config.Save(repoRoot, cfg); err != nil {
+		t.Fatalf("save config: %v", err)
+	}
+
+	t.Setenv("OPENAI_ACCOUNT_TOKEN", testDoctorAccountToken("acc-123"))
+	doctorProbeFlag = true
+	defer func() { doctorProbeFlag = false }()
+
+	err := runDoctor(nil, nil)
+	if err == nil {
+		t.Fatalf("expected doctor probe failure")
+	}
+	if !strings.Contains(err.Error(), "doctor failed") {
+		t.Fatalf("unexpected doctor error: %v", err)
+	}
+}
+
 func TestProviderListJSONOutput(t *testing.T) {
 	repoRoot := t.TempDir()
 	t.Chdir(repoRoot)
@@ -89,3 +163,10 @@ func TestProviderListJSONOutput(t *testing.T) {
 		t.Fatalf("expected openai in all providers, got: %#v", all)
 	}
 }
+
+func testDoctorAccountToken(accountID string) string {
+	header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"none"}`))
+	payload := fmt.Sprintf(`{"https://api.openai.com/auth":{"chatgpt_account_id":"%s"}}`, accountID)
+	body := base64.RawURLEncoding.EncodeToString([]byte(payload))
+	return header + "." + body + ".sig"
+}

package/cmd/version.go

@@ -1,4 +1,4 @@
 package cmd
 
 // version is overridden in release builds via GoReleaser ldflags.
-var version = "0.1.3"
+var version = "0.1.5"

package/internal/auth/account.go

@@ -9,12 +9,34 @@ import (
 const refreshSkew = 30 * time.Second
 
 func ResolveAccountCredential(repoRoot, provider string) (*Credential, error) {
+	return resolveAccountCredentialByID(repoRoot, provider, "")
+}
+
+func resolveAccountCredentialByID(repoRoot, provider, credentialID string) (*Credential, error) {
 	provider = strings.ToLower(strings.TrimSpace(provider))
 	if provider == "" {
 		return nil, fmt.Errorf("provider is required")
 	}
 
-	cred, err := Get(repoRoot, provider)
+	var (
+		cred *Credential
+		err  error
+	)
+	if strings.TrimSpace(credentialID) == "" {
+		cred, err = Get(repoRoot, provider)
+	} else {
+		credentials, _, listErr := List(repoRoot, provider)
+		if listErr != nil {
+			return nil, listErr
+		}
+		for i := range credentials {
+			if credentials[i].ID == credentialID {
+				copy := credentials[i]
+				cred = &copy
+				break
+			}
+		}
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -56,7 +78,10 @@ func ResolveAccountCredential(repoRoot, provider string) (*Credential, error) {
 		return nil, err
 	}
 
-	return Get(repoRoot, provider)
+	if strings.TrimSpace(credentialID) == "" {
+		return Get(repoRoot, provider)
+	}
+	return resolveAccountCredentialByID(repoRoot, provider, credentialID)
 }
 
 func ResolveAccountAccessToken(repoRoot, provider string) (string, error) {