orch-code 0.1.4 → 0.1.5

package/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 All notable changes to this project will be documented in this file.
 
+## v0.1.5 - 2026-04-03
+
+- feat: add OAuth account failover for OpenAI
 ## v0.1.4 - 2026-04-03
 
 - feat: add live probe mode for doctor

package/README.md

@@ -327,8 +327,14 @@ Or account mode (OAuth):
 
 ```bash
 ./orch auth login openai --method account --flow auto
+./orch auth login openai --method account --flow auto   # add another account
+./orch auth list
+./orch auth use <credential-id>
+./orch auth remove <credential-id>
 ```
 
+When multiple OpenAI OAuth accounts are stored, Orch keeps one active account and can fail over to the next local account when the active one is rate-limited or rejected.
+
 Validate runtime readiness:
 
 ```bash

package/cmd/auth.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"fmt"
 	"os"
-	"sort"
 	"strings"
 	"time"
 
@@ -56,6 +55,21 @@ var authLogoutCmd = &cobra.Command{
 	RunE:  runAuthLogout,
 }
 
+var authUseCmd = &cobra.Command{
+	Use:   "use <credential-id>",
+	Short: "Set the active stored credential",
+	Args:  cobra.ExactArgs(1),
+	RunE:  runAuthUse,
+}
+
+var authRemoveCmd = &cobra.Command{
+	Use:     "remove <credential-id>",
+	Aliases: []string{"rm"},
+	Short:   "Remove one stored credential",
+	Args:    cobra.ExactArgs(1),
+	RunE:    runAuthRemove,
+}
+
 var authOpenAICmd = &cobra.Command{
 	Use:    "openai",
 	Hidden: true,
@@ -71,10 +85,14 @@ func init() {
 	authLoginCmd.Flags().StringVar(&authAPIKeyFlag, "api-key", "", "API key")
 
 	authLogoutCmd.Flags().StringVarP(&authProviderFlag, "provider", "p", "openai", "Provider id")
+	authUseCmd.Flags().StringVarP(&authProviderFlag, "provider", "p", "openai", "Provider id")
+	authRemoveCmd.Flags().StringVarP(&authProviderFlag, "provider", "p", "openai", "Provider id")
 
 	authCmd.AddCommand(authLoginCmd)
 	authCmd.AddCommand(authStatusCmd)
 	authCmd.AddCommand(authListCmd)
+	authCmd.AddCommand(authUseCmd)
+	authCmd.AddCommand(authRemoveCmd)
 	authCmd.AddCommand(authLogoutCmd)
 	authOpenAICmd.AddCommand(newAuthCompatLoginCmd())
 	authOpenAICmd.AddCommand(newAuthCompatLogoutCmd())
@@ -173,6 +191,9 @@ func runAuthLogin(cmd *cobra.Command, args []string) error {
 
 		fmt.Println("Credential saved to .orch/auth.json (0600).")
 		fmt.Printf("Auth mode set to api_key. Env %s is still supported with higher priority.\n", cfg.Provider.OpenAI.APIKeyEnv)
+		if active, activeErr := auth.Get(cwd, provider); activeErr == nil && active != nil {
+			fmt.Printf("Active credential id: %s\n", active.ID)
+		}
 		return nil
 	}
 
@@ -213,6 +234,9 @@ func runAuthLogin(cmd *cobra.Command, args []string) error {
 
 	fmt.Println("Credential saved to .orch/auth.json (0600).")
 	fmt.Printf("Auth mode set to account. You can also use %s.\n", cfg.Provider.OpenAI.AccountTokenEnv)
+	if active, activeErr := auth.Get(cwd, provider); activeErr == nil && active != nil {
+		fmt.Printf("Active credential id: %s\n", active.ID)
+	}
 	if !result.ExpiresAt.IsZero() {
 		fmt.Printf("Token expires at: %s\n", result.ExpiresAt.UTC().Format(time.RFC3339))
 	}
@@ -234,6 +258,10 @@ func runAuthStatus(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
+	credentials, activeID, err := auth.List(cwd, "openai")
+	if err != nil {
+		return err
+	}
 
 	fmt.Println("Auth Status")
 	fmt.Println("-----------")
@@ -251,6 +279,10 @@ func runAuthStatus(cmd *cobra.Command, args []string) error {
 	fmt.Printf("stored_api_key: %t\n", storedAPIKey)
 	fmt.Printf("stored_account_token: %t\n", storedAccount)
 	fmt.Printf("stored_account_refresh: %t\n", storedRefresh)
+	fmt.Printf("stored_credentials: %d\n", len(credentials))
+	if activeID != "" {
+		fmt.Printf("active_credential_id: %s\n", activeID)
+	}
 	if cred != nil && cred.Type == "oauth" && !cred.ExpiresAt.IsZero() {
 		fmt.Printf("account_expires_at: %s\n", cred.ExpiresAt.UTC().Format(time.RFC3339))
 	}
@@ -270,29 +302,76 @@ func runAuthList(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("failed to get working directory: %w", err)
 	}
 
-	all, err := auth.LoadAll(cwd)
+	provider := resolveProviderArg(args)
+	if provider != "openai" {
+		return fmt.Errorf("unsupported provider: %s (supported: openai)", provider)
+	}
+
+	credentials, activeID, err := auth.List(cwd, provider)
 	if err != nil {
 		return err
 	}
 
 	fmt.Println("Stored Credentials")
 	fmt.Println("------------------")
-	if len(all) == 0 {
+	if len(credentials) == 0 {
 		fmt.Println("No stored credentials found.")
 		return nil
 	}
 
-	providers := make([]string, 0, len(all))
-	for provider := range all {
-		providers = append(providers, provider)
+	for _, cred := range credentials {
+		marker := " "
+		if cred.ID == activeID {
+			marker = "*"
+		}
+		line := fmt.Sprintf("%s %s (%s)", marker, cred.ID, cred.Type)
+		if cred.Email != "" {
+			line += " " + cred.Email
+		}
+		if cred.AccountID != "" {
+			line += " account=" + cred.AccountID
+		}
+		fmt.Println(line)
+	}
+
+	return nil
+}
+
+func runAuthUse(cmd *cobra.Command, args []string) error {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("failed to get working directory: %w", err)
+	}
+
+	provider := resolveProviderArg(nil)
+	if provider != "openai" {
+		return fmt.Errorf("unsupported provider: %s (supported: openai)", provider)
+	}
+	credentialID := strings.TrimSpace(args[0])
+	if err := auth.SetActive(cwd, provider, credentialID); err != nil {
+		return err
+	}
+
+	fmt.Printf("Active credential set to %s for %s.\n", credentialID, provider)
+	return nil
+}
+
+func runAuthRemove(cmd *cobra.Command, args []string) error {
+	cwd, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("failed to get working directory: %w", err)
 	}
-	sort.Strings(providers)
 
-	for _, provider := range providers {
-		cred := all[provider]
-		fmt.Printf("%s (%s)\n", provider, cred.Type)
+	provider := resolveProviderArg(nil)
+	if provider != "openai" {
+		return fmt.Errorf("unsupported provider: %s (supported: openai)", provider)
+	}
+	credentialID := strings.TrimSpace(args[0])
+	if err := auth.RemoveCredential(cwd, provider, credentialID); err != nil {
+		return err
 	}
 
+	fmt.Printf("Stored credential %s removed for %s.\n", credentialID, provider)
 	return nil
 }
 

package/cmd/auth_test.go

@@ -19,15 +19,27 @@ func TestAuthLoginAccountAndLogout(t *testing.T) {
 		t.Fatalf("save config: %v", err)
 	}
 
-	originalOAuthRunner := runOAuthLoginFlow
-	runOAuthLoginFlow = func(flow string) (auth.OAuthResult, error) {
-		return auth.OAuthResult{
+	results := []auth.OAuthResult{
+		{
 			AccessToken:  "token-123",
 			RefreshToken: "refresh-123",
 			ExpiresAt:    time.Now().UTC().Add(1 * time.Hour),
 			AccountID:    "acc-123",
 			Email:        "oauth@example.com",
-		}, nil
+		},
+		{
+			AccessToken:  "token-456",
+			RefreshToken: "refresh-456",
+			ExpiresAt:    time.Now().UTC().Add(2 * time.Hour),
+			AccountID:    "acc-456",
+			Email:        "second@example.com",
+		},
+	}
+	originalOAuthRunner := runOAuthLoginFlow
+	runOAuthLoginFlow = func(flow string) (auth.OAuthResult, error) {
+		result := results[0]
+		results = results[1:]
+		return result, nil
 	}
 	defer func() {
 		runOAuthLoginFlow = originalOAuthRunner
@@ -57,6 +69,47 @@ func TestAuthLoginAccountAndLogout(t *testing.T) {
 		t.Fatalf("expected stored account id")
 	}
 
+	authEmailFlag = "second@example.com"
+	if err := runAuthLogin(nil, nil); err != nil {
+		t.Fatalf("auth login second account: %v", err)
+	}
+
+	credentials, activeID, err := auth.List(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("list credentials: %v", err)
+	}
+	if len(credentials) != 2 {
+		t.Fatalf("expected 2 credentials, got %d", len(credentials))
+	}
+	if activeID != "acc-456" {
+		t.Fatalf("expected second account to become active, got %s", activeID)
+	}
+
+	if err := runAuthUse(nil, []string{"acc-123"}); err != nil {
+		t.Fatalf("auth use: %v", err)
+	}
+	active, err := auth.Get(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("get active credential: %v", err)
+	}
+	if active == nil || active.ID != "acc-123" {
+		t.Fatalf("expected acc-123 active, got %#v", active)
+	}
+
+	if err := runAuthRemove(nil, []string{"acc-456"}); err != nil {
+		t.Fatalf("auth remove: %v", err)
+	}
+	credentials, activeID, err = auth.List(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("list credentials after remove: %v", err)
+	}
+	if len(credentials) != 1 {
+		t.Fatalf("expected 1 credential after remove, got %d", len(credentials))
+	}
+	if activeID != "acc-123" {
+		t.Fatalf("expected acc-123 to remain active, got %s", activeID)
+	}
+
 	if err := runAuthLogout(nil, nil); err != nil {
 		t.Fatalf("auth logout: %v", err)
 	}

package/cmd/doctor.go

@@ -151,19 +151,27 @@ func errDetail(err error, fallback string) string {
 
 func newDoctorOpenAIClient(cwd string, cfg config.OpenAIProviderConfig, authMode string, storedCred *auth.Credential) *openai.Client {
 	client := openai.New(cfg)
+	var accountSession *auth.AccountSession
+	if authMode == "account" && strings.TrimSpace(os.Getenv(cfg.AccountTokenEnv)) == "" {
+		accountSession = auth.NewAccountSession(cwd, "openai")
+		client.SetAccountFailoverHandler(func(ctx context.Context, err error) (string, bool, error) {
+			return accountSession.Failover(ctx, openai.AccountFailoverCooldown(err), err.Error())
+		})
+		client.SetAccountSuccessHandler(func(ctx context.Context) {
+			accountSession.MarkSuccess(ctx)
+		})
+	}
 	client.SetTokenResolver(func(ctx context.Context) (string, error) {
-		_ = ctx
 		if authMode == "api_key" {
 			if storedCred != nil && strings.TrimSpace(storedCred.Key) != "" {
 				return strings.TrimSpace(storedCred.Key), nil
 			}
 			return "", nil
 		}
-		resolved, resolveErr := auth.ResolveAccountAccessToken(cwd, "openai")
-		if resolveErr != nil {
-			return "", resolveErr
+		if accountSession == nil {
+			return "", nil
 		}
-		return resolved, nil
+		return accountSession.ResolveToken(ctx)
 	})
 	return client
 }

package/cmd/interactive.go

@@ -961,8 +961,17 @@ func executeChatPrompt(prompt string) (*chatExecutionResult, error) {
 	}
 
 	client := openai.New(cfg.Provider.OpenAI)
+	var accountSession *auth.AccountSession
+	if strings.ToLower(strings.TrimSpace(cfg.Provider.OpenAI.AuthMode)) == "account" && strings.TrimSpace(os.Getenv(cfg.Provider.OpenAI.AccountTokenEnv)) == "" {
+		accountSession = auth.NewAccountSession(cwd, "openai")
+		client.SetAccountFailoverHandler(func(ctx context.Context, err error) (string, bool, error) {
+			return accountSession.Failover(ctx, openai.AccountFailoverCooldown(err), err.Error())
+		})
+		client.SetAccountSuccessHandler(func(ctx context.Context) {
+			accountSession.MarkSuccess(ctx)
+		})
+	}
 	client.SetTokenResolver(func(ctx context.Context) (string, error) {
-		_ = ctx
 		mode := strings.ToLower(strings.TrimSpace(cfg.Provider.OpenAI.AuthMode))
 		if mode == "api_key" {
 			cred, credErr := auth.Get(cwd, "openai")
@@ -974,7 +983,10 @@ func executeChatPrompt(prompt string) (*chatExecutionResult, error) {
 			}
 			return "", nil
 		}
-		return auth.ResolveAccountAccessToken(cwd, "openai")
+		if accountSession == nil {
+			return "", nil
+		}
+		return accountSession.ResolveToken(ctx)
 	})
 
 	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(cfg.Provider.OpenAI.TimeoutSeconds)*time.Second)

package/cmd/version.go

@@ -1,4 +1,4 @@
 package cmd
 
 // version is overridden in release builds via GoReleaser ldflags.
-var version = "0.1.4"
+var version = "0.1.5"

package/internal/auth/account.go

@@ -9,12 +9,34 @@ import (
 const refreshSkew = 30 * time.Second
 
 func ResolveAccountCredential(repoRoot, provider string) (*Credential, error) {
+	return resolveAccountCredentialByID(repoRoot, provider, "")
+}
+
+func resolveAccountCredentialByID(repoRoot, provider, credentialID string) (*Credential, error) {
 	provider = strings.ToLower(strings.TrimSpace(provider))
 	if provider == "" {
 		return nil, fmt.Errorf("provider is required")
 	}
 
-	cred, err := Get(repoRoot, provider)
+	var (
+		cred *Credential
+		err  error
+	)
+	if strings.TrimSpace(credentialID) == "" {
+		cred, err = Get(repoRoot, provider)
+	} else {
+		credentials, _, listErr := List(repoRoot, provider)
+		if listErr != nil {
+			return nil, listErr
+		}
+		for i := range credentials {
+			if credentials[i].ID == credentialID {
+				copy := credentials[i]
+				cred = &copy
+				break
+			}
+		}
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -56,7 +78,10 @@ func ResolveAccountCredential(repoRoot, provider string) (*Credential, error) {
 		return nil, err
 	}
 
-	return Get(repoRoot, provider)
+	if strings.TrimSpace(credentialID) == "" {
+		return Get(repoRoot, provider)
+	}
+	return resolveAccountCredentialByID(repoRoot, provider, credentialID)
 }
 
 func ResolveAccountAccessToken(repoRoot, provider string) (string, error) {

package/internal/auth/account_session.go

@@ -0,0 +1,154 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+)
+
+type AccountSession struct {
+	repoRoot  string
+	provider  string
+	currentID string
+	excluded  map[string]struct{}
+}
+
+func NewAccountSession(repoRoot, provider string) *AccountSession {
+	return &AccountSession{
+		repoRoot: strings.TrimSpace(repoRoot),
+		provider: strings.ToLower(strings.TrimSpace(provider)),
+		excluded: map[string]struct{}{},
+	}
+}
+
+func (s *AccountSession) ResolveToken(ctx context.Context) (string, error) {
+	_ = ctx
+	cred, err := s.pickCredential()
+	if err != nil {
+		return "", err
+	}
+	if cred == nil {
+		return "", fmt.Errorf("no active oauth credential available for provider %s", s.provider)
+	}
+	s.currentID = cred.ID
+	return strings.TrimSpace(cred.AccessToken), nil
+}
+
+func (s *AccountSession) Failover(ctx context.Context, cooldown time.Duration, reason string) (string, bool, error) {
+	_ = ctx
+	if strings.TrimSpace(s.currentID) == "" {
+		return "", false, nil
+	}
+	if err := mutateCredential(s.repoRoot, s.provider, s.currentID, func(cred *Credential) error {
+		if cooldown > 0 {
+			cred.CooldownUntil = time.Now().UTC().Add(cooldown)
+		}
+		cred.LastError = strings.TrimSpace(reason)
+		cred.UpdatedAt = time.Now().UTC()
+		return nil
+	}); err != nil {
+		return "", false, err
+	}
+	s.excluded[s.currentID] = struct{}{}
+
+	cred, err := s.pickCredential()
+	if err != nil {
+		return "", false, err
+	}
+	if cred == nil {
+		return "", false, nil
+	}
+	s.currentID = cred.ID
+	return strings.TrimSpace(cred.AccessToken), true, nil
+}
+
+func (s *AccountSession) MarkSuccess(ctx context.Context) {
+	_ = ctx
+	if strings.TrimSpace(s.currentID) == "" {
+		return
+	}
+	_ = mutateCredential(s.repoRoot, s.provider, s.currentID, func(cred *Credential) error {
+		cred.LastError = ""
+		cred.CooldownUntil = time.Time{}
+		cred.LastUsedAt = time.Now().UTC()
+		cred.UpdatedAt = time.Now().UTC()
+		return nil
+	})
+	s.excluded = map[string]struct{}{}
+}
+
+func (s *AccountSession) pickCredential() (*Credential, error) {
+	credentials, activeID, err := List(s.repoRoot, s.provider)
+	if err != nil {
+		return nil, err
+	}
+	if len(credentials) == 0 {
+		return nil, nil
+	}
+
+	now := time.Now().UTC()
+	ordered := orderCredentials(credentials, activeID, s.currentID)
+	for _, candidate := range ordered {
+		if candidate.Type != "oauth" {
+			continue
+		}
+		if _, skip := s.excluded[candidate.ID]; skip {
+			continue
+		}
+		if !candidate.CooldownUntil.IsZero() && candidate.CooldownUntil.After(now) {
+			continue
+		}
+		if candidate.ID != activeID {
+			if err := SetActive(s.repoRoot, s.provider, candidate.ID); err != nil {
+				return nil, err
+			}
+		}
+		resolved, err := resolveAccountCredentialByID(s.repoRoot, s.provider, candidate.ID)
+		if err == nil {
+			return resolved, nil
+		}
+		_ = mutateCredential(s.repoRoot, s.provider, candidate.ID, func(cred *Credential) error {
+			cred.LastError = strings.TrimSpace(err.Error())
+			cred.CooldownUntil = now.Add(5 * time.Minute)
+			cred.UpdatedAt = now
+			return nil
+		})
+		s.excluded[candidate.ID] = struct{}{}
+	}
+
+	return nil, nil
+}
+
+func orderCredentials(credentials []Credential, activeID, currentID string) []Credential {
+	ordered := make([]Credential, 0, len(credentials))
+	appendByID := func(id string) {
+		if strings.TrimSpace(id) == "" {
+			return
+		}
+		for _, cred := range credentials {
+			if cred.ID == id && !containsCredential(ordered, id) {
+				ordered = append(ordered, cred)
+				return
+			}
+		}
+	}
+	appendByID(currentID)
+	appendByID(activeID)
+	for _, cred := range credentials {
+		if containsCredential(ordered, cred.ID) {
+			continue
+		}
+		ordered = append(ordered, cred)
+	}
+	return ordered
+}
+
+func containsCredential(credentials []Credential, credentialID string) bool {
+	for _, cred := range credentials {
+		if cred.ID == credentialID {
+			return true
+		}
+	}
+	return false
+}

package/internal/auth/account_session_test.go

@@ -0,0 +1,71 @@
+package auth
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"testing"
+	"time"
+)
+
+func TestAccountSessionFailsOverToNextCredential(t *testing.T) {
+	repoRoot := t.TempDir()
+	if err := Set(repoRoot, "openai", Credential{Type: "oauth", AccessToken: testSessionAccountToken("acc-1"), RefreshToken: "refresh-1", AccountID: "acc-1", Email: "one@example.com"}); err != nil {
+		t.Fatalf("set first account: %v", err)
+	}
+	if err := Set(repoRoot, "openai", Credential{Type: "oauth", AccessToken: testSessionAccountToken("acc-2"), RefreshToken: "refresh-2", AccountID: "acc-2", Email: "two@example.com"}); err != nil {
+		t.Fatalf("set second account: %v", err)
+	}
+	if err := SetActive(repoRoot, "openai", "acc-1"); err != nil {
+		t.Fatalf("set active: %v", err)
+	}
+
+	session := NewAccountSession(repoRoot, "openai")
+	token, err := session.ResolveToken(context.Background())
+	if err != nil {
+		t.Fatalf("resolve token: %v", err)
+	}
+	if token != testSessionAccountToken("acc-1") {
+		t.Fatalf("expected first token, got %q", token)
+	}
+
+	nextToken, switched, err := session.Failover(context.Background(), time.Minute, "rate limited")
+	if err != nil {
+		t.Fatalf("failover: %v", err)
+	}
+	if !switched {
+		t.Fatalf("expected failover switch")
+	}
+	if nextToken != testSessionAccountToken("acc-2") {
+		t.Fatalf("expected second token, got %q", nextToken)
+	}
+
+	active, err := Get(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("get active credential: %v", err)
+	}
+	if active == nil || active.ID != "acc-2" {
+		t.Fatalf("expected acc-2 active after failover, got %#v", active)
+	}
+	credentials, _, err := List(repoRoot, "openai")
+	if err != nil {
+		t.Fatalf("list credentials: %v", err)
+	}
+	var first *Credential
+	for i := range credentials {
+		if credentials[i].ID == "acc-1" {
+			first = &credentials[i]
+			break
+		}
+	}
+	if first == nil || first.CooldownUntil.IsZero() {
+		t.Fatalf("expected first credential to have cooldown set, got %#v", first)
+	}
+}
+
+func testSessionAccountToken(accountID string) string {
+	header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"none"}`))
+	payload := fmt.Sprintf(`{"https://api.openai.com/auth":{"chatgpt_account_id":"%s"}}`, accountID)
+	body := base64.RawURLEncoding.EncodeToString([]byte(payload))
+	return header + "." + body + ".sig"
+}