pi-multi-account 1.0.0 → 1.2.0

package/CHANGELOG.md

@@ -5,6 +5,58 @@ All notable changes to this project are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.0] - 2026-06-10
+
+### Added
+
+- **Anthropic (Claude Pro/Max) OAuth now works out of the box.** OAuth login is
+  enabled on the base `anthropic` provider and on every `anthropic-account-*`
+  alias, and outgoing Anthropic OAuth requests are shaped (billing header +
+  system-prompt normalization) directly by this package. A separate
+  `pi-anthropic-auth` install is no longer required.
+
+### Changed
+
+- Request shaping is idempotent and only touches OAuth-marked Anthropic requests,
+  so it coexists safely with `pi-anthropic-auth` if both are installed, and leaves
+  API-key Anthropic and OpenAI Codex / Qwen requests untouched.
+
+### Credits
+
+- Anthropic OAuth request-shaping logic vendored from
+  [`gotgenes/pi-anthropic-auth`](https://github.com/gotgenes/pi-anthropic-auth) (MIT).
+
+## [1.1.0] - 2026-06-10
+
+### Fixed
+
+- **Runaway failover loop that could freeze the machine.** When every account was
+  rate-limited the rotation ping-ponged between accounts every 1–9s indefinitely,
+  growing session history until the system swapped itself to death. The
+  auto-continue counter was reset on every agent start, so `maxAutoContinuesPerPrompt`
+  never actually bounded the loop. The counter is now reset only by a genuine new
+  user prompt, making the cap a real per-task limit.
+- **Escape did not stop the loop.** Auto-continuation ran from background event
+  hooks and a timer, so cancelling the agent was immediately undone. User aborts
+  (`stopReason: "aborted"` / `ctx.signal`) now stop the chain and cancel all timers.
+
+### Added
+
+- Anti-ping-pong guard: immediate failover only switches to an account usable right
+  now and never bounces straight back to the account it just left within 60s.
+- Minimum 15s spacing between auto-continuations (no tight CPU/network loop, and a
+  real window for Esc to take effect).
+- In-session auto-resume: when the whole fallback circle is exhausted, the extension
+  waits and continues the agent's work as soon as any account recovers — for as long
+  as the session stays open.
+
+### Changed
+
+- **Tight session binding.** Background activity is now scoped to the live session:
+  ending or replacing a session (quit, reload, new, resume, fork) cancels all timers
+  and drops any pending resume. A new session starts clean and never inherits a
+  previous session's paused work; nothing survives once Pi exits.
+
 ## [1.0.0] - 2026-06-09
 
 ### Added
@@ -24,4 +76,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Plaintext-free credential handling (SHA-256 fingerprints only); `0600`
   config/state files.
 
+[1.2.0]: https://github.com/Sarrius/pi-multi-account/releases/tag/v1.2.0
+[1.1.0]: https://github.com/Sarrius/pi-multi-account/releases/tag/v1.1.0
 [1.0.0]: https://github.com/Sarrius/pi-multi-account/releases/tag/v1.0.0

package/README.md

@@ -21,7 +21,11 @@ pi install npm:pi-multi-account
 
 Restart Pi or run `/reload` after installation.
 
-> **Anthropic OAuth aliases** (`anthropic-account-2`, …) require [`@gotgenes/pi-anthropic-auth`](https://www.npmjs.com/package/@gotgenes/pi-anthropic-auth) for request shaping. The base `anthropic` provider and all OpenAI Codex / Qwen accounts work without it.
+> **Anthropic (Claude Pro/Max) works out of the box.** OAuth login and request
+> shaping for the base `anthropic` provider and every `anthropic-account-*` alias
+> are built in — no separate `pi-anthropic-auth` install is required. If you
+> already have `pi-anthropic-auth`, the two coexist safely (the shaping is
+> idempotent). OpenAI Codex / ChatGPT and Qwen accounts work as well.
 
 ### Recommended setting
 

package/index.ts

@@ -15,9 +15,11 @@
  *   transparently switches to the next available account/model, optionally
  *   queuing a safe continuation prompt.
  *
- * Anthropic OAuth aliases require `@gotgenes/pi-anthropic-auth` for request
- * shaping (its before_provider_request hook is provider-agnostic and covers
- * every Anthropic OAuth alias this package registers).
+ * Anthropic OAuth (Claude Pro/Max) works out of the box: this package enables
+ * OAuth login on the base `anthropic` provider and on every `anthropic-account-*`
+ * alias, and shapes the outgoing requests itself (billing header + system-prompt
+ * normalization, vendored from gotgenes/pi-anthropic-auth, MIT). No separate
+ * pi-anthropic-auth install is needed; if you have one, both coexist (idempotent).
  *
  * Config:  ~/.pi/agent/provider-failover.json
  * State:   ~/.pi/agent/provider-failover-state.json
@@ -106,6 +108,11 @@ const STATE_VERSION = 3;
 const DEFAULT_COOLDOWN_MS = 6 * 60 * 60 * 1000;
 const DEFAULT_PROBE_COOLDOWN_MS = 5 * 60 * 1000;
 const DEFAULT_INVALID_COOLDOWN_MS = 365 * 24 * 60 * 60 * 1000; // effectively "until re-login"
+// Runaway-loop guards (added). Without these, when every account is rate-limited the
+// failover bounces between accounts every 1-9s forever, growing the session history
+// until the machine swaps itself to death.
+const ANTI_PINGPONG_MS = 60 * 1000; // don't switch straight back to the account we just left
+const MIN_AUTOCONTINUE_INTERVAL_MS = 15 * 1000; // floor between auto-continuations (CPU/network guard)
 
 const ANTHROPIC_BASE = "anthropic";
 const CODEX_BASE = "openai-codex";
@@ -450,7 +457,7 @@ function codexModelDef(id: string) {
 }
 
 function registerAnthropicSlot(pi: ExtensionAPI, id: string) {
-	if (id === ANTHROPIC_BASE) return; // base provider is native / shaped by pi-anthropic-auth
+	if (id === ANTHROPIC_BASE) return; // base provider: oauth + shaping registered in piMultiAccount()
 	const models = DEFAULT_ANTHROPIC_MODELS.map((m) => anthropicModelDef(m, id));
 	pi.registerProvider(id, {
 		name: `Claude Pro/Max (${id})`,
@@ -573,6 +580,14 @@ function formatUntil(timestamp: number) {
 	return rest ? `${hours}h ${rest}m` : `${hours}h`;
 }
 
+/** stopReason of the most recent assistant message — "aborted" means the user pressed Esc. */
+function lastAssistantStopReason(messages: any[]): string | undefined {
+	for (let i = messages.length - 1; i >= 0; i--) {
+		if (messages[i]?.role === "assistant") return messages[i]?.stopReason as string | undefined;
+	}
+	return undefined;
+}
+
 function getAssistantErrorText(messages: any[]) {
 	for (let i = messages.length - 1; i >= 0; i--) {
 		const message = messages[i];
@@ -588,6 +603,193 @@ function getAssistantErrorText(messages: any[]) {
 	return "";
 }
 
+// ===========================================================================
+// Anthropic OAuth request shaping (vendored)
+//
+// Makes Claude Pro/Max (OAuth) accounts work out of the box — no separate
+// pi-anthropic-auth install required. Ported from gotgenes/pi-anthropic-auth
+// (MIT). The logic is idempotent: if pi-anthropic-auth is ALSO installed, both
+// before_provider_request hooks run, but the second sees the request already
+// shaped (billing header present, Pi preamble already replaced) and no-ops.
+//
+// CLAUDE_CODE_VERSION must track the current Claude Code release; if it drifts
+// too far Anthropic may reject or miscount OAuth requests. Check `claude
+// --version` or https://github.com/anthropics/claude-code.
+// ===========================================================================
+
+const PI_DEFAULT_PROMPT_PREFIX = "You are an expert coding assistant operating inside pi, a coding agent harness.";
+const PI_DEFAULT_PROMPT_TERMINATOR =
+	"- Always read pi .md files completely and follow links to related docs (e.g., tui.md for TUI API details)";
+const MINIMAL_ANTHROPIC_OAUTH_PROMPT_PREFIX = "You are an expert coding assistant.";
+const MINIMAL_ANTHROPIC_OAUTH_PROMPT = [
+	MINIMAL_ANTHROPIC_OAUTH_PROMPT_PREFIX,
+	"Be concise and helpful.",
+	"Use the available tools to answer the user's request.",
+	"Show file paths clearly when working with files.",
+].join("\n");
+const CLAUDE_CODE_IDENTITY_PREFIX = "You are Claude Code, Anthropic's official CLI";
+const CLAUDE_CODE_VERSION = "2.1.150";
+const BILLING_HEADER_SALT = "59cf53e54c78";
+const BILLING_HEADER_POSITIONS = [4, 7, 20] as const;
+const CLAUDE_CODE_ENTRYPOINT = "sdk-cli";
+const PARAGRAPH_REMOVAL_ANCHORS: readonly string[] = [
+	"operating inside pi, a coding agent harness",
+	"In addition to the tools above",
+	"Pi documentation (read only when the user asks about pi itself",
+];
+const TEXT_REPLACEMENTS: readonly { match: string; replacement: string }[] = [
+	{
+		match: "Here is some useful information about the environment you are running in:",
+		replacement: "Environment context you are running in:",
+	},
+];
+
+type ShapeTextBlock = { type: "text"; text: string; [key: string]: unknown };
+type ShapeMessageBlock = { type?: string; text?: string; [key: string]: unknown };
+type ShapeMessageParam = { role?: string; content?: string | ShapeMessageBlock[]; [key: string]: unknown };
+type ShapeAnthropicPayload = { model?: unknown; messages?: unknown; system?: unknown; stream?: unknown; [key: string]: unknown };
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+	return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+
+function isAnthropicMessagesPayload(payload: unknown): payload is ShapeAnthropicPayload {
+	return isRecord(payload) && typeof payload.model === "string" && Array.isArray(payload.messages) && typeof payload.stream === "boolean";
+}
+
+function hasOAuthAnthropicSystemMarker(block: unknown): boolean {
+	if (!isRecord(block) || block.type !== "text" || typeof block.text !== "string") return false;
+	return (
+		block.text.includes(CLAUDE_CODE_IDENTITY_PREFIX) ||
+		block.text.includes("x-anthropic-billing-header:") ||
+		block.text.startsWith(MINIMAL_ANTHROPIC_OAUTH_PROMPT_PREFIX)
+	);
+}
+
+// Only requests that Pi already marked as OAuth (Claude Code identity block, or
+// already-shaped) are touched — API-key Anthropic requests pass through untouched.
+function isOAuthAnthropicPayload(payload: ShapeAnthropicPayload): boolean {
+	if (!Array.isArray(payload.system)) return false;
+	return payload.system.some(hasOAuthAnthropicSystemMarker);
+}
+
+function getFirstUserText(messages: ShapeMessageParam[]): string {
+	const firstUserMessage = messages.find((message) => message.role === "user");
+	if (!firstUserMessage) return "";
+	if (typeof firstUserMessage.content === "string") return firstUserMessage.content;
+	if (!Array.isArray(firstUserMessage.content)) return "";
+	const firstTextBlock = firstUserMessage.content.find((block) => block.type === "text" && typeof block.text === "string");
+	return typeof firstTextBlock?.text === "string" ? firstTextBlock.text : "";
+}
+
+function buildBillingHeaderValue(messages: ShapeMessageParam[]): string | undefined {
+	const messageText = getFirstUserText(messages);
+	if (!messageText) return undefined;
+	const cch = createHash("sha256").update(messageText).digest("hex").slice(0, 5);
+	const sampledCharacters = BILLING_HEADER_POSITIONS.map((index) => messageText[index] || "0").join("");
+	const suffix = createHash("sha256")
+		.update(`${BILLING_HEADER_SALT}${sampledCharacters}${CLAUDE_CODE_VERSION}`)
+		.digest("hex")
+		.slice(0, 3);
+	return ["x-anthropic-billing-header:", `cc_version=${CLAUDE_CODE_VERSION}.${suffix};`, `cc_entrypoint=${CLAUDE_CODE_ENTRYPOINT};`, `cch=${cch};`].join(" ");
+}
+
+function normalizeSystemBlock(block: unknown): ShapeTextBlock {
+	if (typeof block === "string") return { type: "text", text: block };
+	if (isRecord(block) && typeof block.text === "string") return { ...block, type: "text", text: block.text };
+	return { type: "text", text: "" };
+}
+
+function prependBillingHeader(system: unknown, messages: ShapeMessageParam[]): unknown {
+	const billingHeader = buildBillingHeaderValue(messages);
+	if (!billingHeader) return system;
+	const systemBlocks = Array.isArray(system) ? system.map(normalizeSystemBlock) : system == null ? [] : [normalizeSystemBlock(system)];
+	// Idempotent: don't add a second billing header (e.g. pi-anthropic-auth also ran).
+	if (systemBlocks.some((block) => block.text.includes("x-anthropic-billing-header:"))) return systemBlocks;
+	const billingBlock: ShapeTextBlock = { type: "text", text: billingHeader };
+	return [billingBlock, ...systemBlocks];
+}
+
+// The Anthropic API rejects assistant turns where non-tool_use blocks follow a
+// tool_use block; Pi's serializer can produce that, so split into two turns.
+function splitAssistantToolUseTrailingContent(messages: ShapeMessageParam[]): ShapeMessageParam[] {
+	return messages.flatMap((message) => {
+		if (message.role !== "assistant" || !Array.isArray(message.content)) return [message];
+		const firstToolUseIndex = message.content.findIndex((block) => block.type === "tool_use");
+		if (firstToolUseIndex === -1) return [message];
+		const trailingBlocks = message.content.slice(firstToolUseIndex);
+		if (!trailingBlocks.some((block) => block.type !== "tool_use")) return [message];
+		const nonToolUseBlocks = message.content.filter((block) => block.type !== "tool_use");
+		const toolUseBlocks = message.content.filter((block) => block.type === "tool_use");
+		return [
+			{ ...message, content: nonToolUseBlocks },
+			{ ...message, content: toolUseBlocks },
+		];
+	});
+}
+
+function sanitizeSystemText(text: string): string {
+	const paragraphs = text.split(/\n\n+/);
+	const filtered = paragraphs.filter((paragraph) => !PARAGRAPH_REMOVAL_ANCHORS.some((anchor) => paragraph.includes(anchor)));
+	let result = filtered.join("\n\n");
+	for (const rule of TEXT_REPLACEMENTS) result = result.replaceAll(rule.match, rule.replacement);
+	return result.trim();
+}
+
+function findProjectContextStart(systemPrompt: string): number {
+	return systemPrompt.indexOf("\n\n# Project Context\n\n");
+}
+
+function shapeAnthropicOAuthSystemPrompt(systemPrompt: string): string {
+	const prefixIdx = systemPrompt.indexOf(PI_DEFAULT_PROMPT_PREFIX);
+	if (prefixIdx === -1) return systemPrompt;
+	const terminatorIdx = systemPrompt.indexOf(PI_DEFAULT_PROMPT_TERMINATOR, prefixIdx);
+	if (terminatorIdx !== -1) {
+		const terminatorEnd = terminatorIdx + PI_DEFAULT_PROMPT_TERMINATOR.length;
+		const preamble = systemPrompt.slice(prefixIdx, terminatorEnd);
+		const sanitized = sanitizeSystemText(preamble);
+		const shapedPreamble = sanitized ? `${MINIMAL_ANTHROPIC_OAUTH_PROMPT}\n\n${sanitized}` : MINIMAL_ANTHROPIC_OAUTH_PROMPT;
+		return systemPrompt.slice(0, prefixIdx) + shapedPreamble + systemPrompt.slice(terminatorEnd);
+	}
+	// Pi reworded its preamble terminator → fall back to slicing from project context.
+	const projectContextStart = findProjectContextStart(systemPrompt);
+	if (projectContextStart === -1) return MINIMAL_ANTHROPIC_OAUTH_PROMPT;
+	return `${MINIMAL_ANTHROPIC_OAUTH_PROMPT}${systemPrompt.slice(projectContextStart)}`;
+}
+
+function shapeSystemBlocks(blocks: ShapeTextBlock[]): ShapeTextBlock[] {
+	return blocks.map((block) => {
+		if (block.type !== "text" || !block.text.includes(PI_DEFAULT_PROMPT_PREFIX)) return block;
+		return { ...block, text: shapeAnthropicOAuthSystemPrompt(block.text) };
+	});
+}
+
+/** before_provider_request shaper: makes Claude Pro/Max OAuth requests acceptable. */
+function shapeAnthropicOAuthPayload(payload: unknown): unknown {
+	if (!isAnthropicMessagesPayload(payload)) return payload;
+	const messages = payload.messages as ShapeMessageParam[];
+	if (!isOAuthAnthropicPayload(payload)) return payload; // API-key / non-OAuth → untouched
+	const normalizedMessages = splitAssistantToolUseTrailingContent(messages);
+	const shapedSystem = Array.isArray(payload.system) ? shapeSystemBlocks(payload.system as ShapeTextBlock[]) : payload.system;
+	const finalSystem = prependBillingHeader(shapedSystem, normalizedMessages);
+	return { ...payload, messages: normalizedMessages, system: finalSystem };
+}
+
+/** OAuth override enabling Claude Pro/Max login on a provider (base or alias). */
+const anthropicOAuthOverride = {
+	name: "Anthropic (Claude Pro/Max)",
+	login: (callbacks: any) => loginAnthropic(callbacks),
+	async refreshToken(credentials: any) {
+		const refreshed = await refreshAnthropicToken(credentials.refresh);
+		return {
+			...credentials,
+			...refreshed,
+			refresh: typeof refreshed.refresh === "string" && refreshed.refresh.trim().length > 0 ? refreshed.refresh : credentials.refresh,
+		};
+	},
+	getApiKey: (credentials: any) => credentials.access,
+};
+
 // ===========================================================================
 // Extension entry point
 // ===========================================================================
@@ -606,10 +808,22 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 	let lastAuthMtime = -1;
 
 	let currentPromptSwitch: SwitchRecord | undefined;
+	// Number of auto-continuations issued for the CURRENT task. Crucially this is NOT
+	// reset by the self-triggered re-prompts failover issues (only by a genuine new user
+	// prompt — see before_agent_start), so config.maxAutoContinuesPerPrompt actually bounds
+	// the failover loop instead of resetting to 0 on every iteration.
 	let autoContinuesThisPrompt = 0;
 	let lastErrorText = "";
 	let latestCtx: any | undefined;
 	let pendingWakeTimer: ReturnType<typeof setTimeout> | undefined;
+	// --- runaway-loop & user-interrupt guards (added) ---
+	let expectingSelfContinuation = false; // true between our sendUserMessage and its agent_start
+	let lastSentContinuationPrompt = ""; // secondary check to recognise our own re-prompt
+	let userAbortedChain = false; // user pressed Esc → stop auto-continuing until a new prompt
+	let lastAutoContinueAt = 0; // for minimum spacing between auto-continuations
+	let autoContinueTimer: ReturnType<typeof setTimeout> | undefined; // pending spaced continuation
+	let lastLeftProvider: string | undefined; // account we just failed away from (anti-ping-pong)
+	let lastLeftAt = 0;
 	// The thinking level the user intended for this turn. pi.setModel() re-clamps and
 	// persists the thinking level on every model switch, so without this it drifts
 	// downward across failovers ("thinking level keeps dropping"). We capture it before
@@ -836,7 +1050,7 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 	 *      cooldown first — i.e. the account that will recover soonest — honoring the
 	 *      per-provider probe interval so we don't hammer a still-limited account.
 	 */
-	function findFallbackModels(ctx: any, currentModel: any) {
+	function findFallbackModels(ctx: any, currentModel: any, options: { availableNowOnly?: boolean } = {}) {
 		const fallbacks = activeFallbacks();
 		if (fallbacks.length === 0) return [];
 
@@ -865,10 +1079,21 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 
 		// (1) Anything available right now → soonest-recovered wins (all remaining=0),
 		// deterministic rotation-order tiebreak.
-		const availableNow = scored.filter((s) => s.remaining === 0).sort((a, b) => a.rotIndex - b.rotIndex);
+		let availableNow = scored.filter((s) => s.remaining === 0).sort((a, b) => a.rotIndex - b.rotIndex);
+		// Anti-ping-pong: don't bounce straight back to the account we just left if any
+		// other account is also free right now — that's the loop that freezes the machine.
+		if (lastLeftProvider && now - lastLeftAt < ANTI_PINGPONG_MS && availableNow.length > 1) {
+			availableNow = availableNow.filter((s) => s.model.provider !== lastLeftProvider);
+		}
 		if (availableNow.length > 0) return availableNow.map((s) => s.model);
 
+		// Immediate failover must NEVER switch into a still-exhausted account: that account
+		// would re-fail at once and the rotation would ping-pong forever. When nothing is
+		// available right now, the caller falls back to the delayed pending-resume path.
+		if (options.availableNowOnly) return [];
+
 		// (2) All exhausted → closest-to-recovery first (shortest remaining cooldown).
+		// Only reached by the pending-resume probe, which is rate-limited per provider.
 		const probeable = scored.filter((s) => s.probeReady);
 		const pool = probeable.length > 0 ? probeable : scored;
 		return pool.sort((a, b) => a.remaining - b.remaining || a.rotIndex - b.rotIndex).map((s) => s.model);
@@ -880,16 +1105,22 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		if (!currentModel) return false;
 
 		markExhausted(currentModel.provider, cooldownMs);
-		const candidates = findFallbackModels(ctx, currentModel);
+		lastLeftProvider = currentModel.provider;
+		lastLeftAt = Date.now();
+		// Immediate failover only ever switches to an account that is usable RIGHT NOW. If
+		// none is, we don't bounce into an exhausted one — we arm the delayed pending-resume
+		// path, which probes accounts as their cooldowns expire.
+		const candidates = findFallbackModels(ctx, currentModel, { availableNowOnly: true });
 		if (candidates.length === 0) {
 			const cooldowns = [...exhaustedUntilByProvider.entries()]
 				.filter(([, until]) => until > Date.now())
 				.map(([c, until]) => `${c}: ${formatUntil(until)}`)
 				.join(", ");
 			ctx.ui.notify(
-				`Provider failover: no available fallback after ${currentModel.provider}/${currentModel.id}. ${cooldowns ? `Cooldowns: ${cooldowns}` : "All known accounts may be unauthenticated, invalidated, or same account."}`,
+				`Provider failover: no immediately available fallback after ${currentModel.provider}/${currentModel.id}. ${cooldowns ? `Cooldowns: ${cooldowns}` : "All known accounts may be unauthenticated, invalidated, or same account."}`,
 				"warning",
 			);
+			setPendingContinuation(ctx, reason); // wait for an account to recover, then resume
 			return false;
 		}
 
@@ -921,6 +1152,37 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		return config.continuationPrompt.replaceAll("{from}", record.from).replaceAll("{to}", record.to).replaceAll("{reason}", record.reason);
 	}
 
+	/** Mark that the next agent run is our own failover continuation, then send it. */
+	function dispatchSelfContinuation(ctx: any, prompt: string) {
+		lastAutoContinueAt = Date.now();
+		lastSentContinuationPrompt = prompt;
+		expectingSelfContinuation = true;
+		pi.sendUserMessage(prompt, ctx.isIdle() ? undefined : { deliverAs: "followUp" });
+	}
+
+	/**
+	 * Send an auto-continuation, but never faster than MIN_AUTOCONTINUE_INTERVAL_MS.
+	 * The spacing keeps a fully rate-limited rotation from pegging CPU/network and gives
+	 * the user a real window in which Esc actually sticks.
+	 */
+	function scheduleAutoContinue(ctx: any, prompt: string) {
+		if (autoContinueTimer) {
+			clearTimeout(autoContinueTimer);
+			autoContinueTimer = undefined;
+		}
+		const wait = Math.max(0, MIN_AUTOCONTINUE_INTERVAL_MS - (Date.now() - lastAutoContinueAt));
+		if (wait === 0) {
+			dispatchSelfContinuation(ctx, prompt);
+			return;
+		}
+		autoContinueTimer = setTimeout(() => {
+			autoContinueTimer = undefined;
+			if (userAbortedChain || ctx.signal?.aborted) return; // user took over while we waited
+			dispatchSelfContinuation(ctx, prompt);
+		}, wait);
+		ctx.ui.notify(`Provider failover: next auto-continue in ~${Math.ceil(wait / 1000)}s (press Esc to cancel).`, "info");
+	}
+
 	function clearPendingContinuation() {
 		if (pendingWakeTimer) {
 			clearTimeout(pendingWakeTimer);
@@ -958,6 +1220,10 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 	}
 
 	function setPendingContinuation(ctx: any, reason: string) {
+		// Don't re-arm or re-notify if a pending resume is already queued — switchToFallback
+		// and agent_end can both reach here for the same exhaustion, and the wake timer is
+		// already running.
+		const alreadyPending = !!persistedState.pendingContinuationPrompt;
 		const current = ctx.model ? ref(ctx.model.provider, ctx.model.id) : ("unknown/model" as ModelRef);
 		const record: SwitchRecord = { from: current, to: "next-available/account" as ModelRef, reason, at: Date.now() };
 		persistedState = {
@@ -968,6 +1234,7 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		};
 		persist();
 		schedulePendingWake(ctx);
+		if (alreadyPending) return;
 		const delayMs = nextPendingWakeDelayMs();
 		ctx.ui.notify(
 			`Provider failover: all accounts appear exhausted. Will automatically probe/resume in ~${Math.ceil((delayMs ?? config.probeCooldownMs) / 1000)}s if this Pi session stays open.`,
@@ -979,6 +1246,14 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		const ctx = latestCtx;
 		const prompt = persistedState.pendingContinuationPrompt;
 		if (!ctx || !prompt || !config.enabled || !config.autoContinue) return;
+		if (userAbortedChain) {
+			clearPendingContinuation(); // user took over — abandon the background resurrection
+			return;
+		}
+		if (autoContinuesThisPrompt >= config.maxAutoContinuesPerPrompt) {
+			clearPendingContinuation(); // task-level cap reached — stop resurrecting
+			return;
+		}
 		refreshDiscovery();
 		pruneCooldowns();
 		const candidates = findFallbackModels(ctx, ctx.model);
@@ -996,8 +1271,12 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 			restoreDesiredThinking(); // keep the user's thinking level across the switch
 			setLastProbe(candidate.provider);
 			clearPendingContinuation();
+			// A genuine recovery after a real wait earns a fresh continuation budget so the
+			// agent can keep going whenever an account recovers; rapid flapping (resume that
+			// immediately re-limits) does NOT reset, so the cap still bounds a tight loop.
+			if (Date.now() - lastAutoContinueAt >= config.probeCooldownMs) autoContinuesThisPrompt = 0;
 			ctx.ui.notify(`Provider failover: resuming pending work on ${to}`, "warning");
-			pi.sendUserMessage(prompt, ctx.isIdle() ? undefined : { deliverAs: "followUp" });
+			dispatchSelfContinuation(ctx, prompt);
 			return;
 		}
 		schedulePendingWake(ctx);
@@ -1096,6 +1375,14 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		pi.registerCommand(name, { description: "Manage automatic multi-account failover & rotation", handler: handleCommand });
 	}
 
+	// ----- Anthropic OAuth out of the box -----------------------------------
+	// Enable Claude Pro/Max OAuth login on the base `anthropic` provider and shape
+	// every Anthropic OAuth request so subscription tokens are accepted — without
+	// requiring a separate pi-anthropic-auth install. Idempotent, so it coexists
+	// safely if pi-anthropic-auth is also present.
+	pi.registerProvider("anthropic", { oauth: anthropicOAuthOverride } as any);
+	pi.on("before_provider_request", (event: any) => shapeAnthropicOAuthPayload(event.payload));
+
 	// ----- lifecycle hooks --------------------------------------------------
 
 	refreshDiscovery(true);
@@ -1104,23 +1391,65 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		latestCtx = ctx;
 		refreshDiscovery(true);
 		pruneCooldowns();
-		schedulePendingWake(ctx);
+		// Tight session binding: every session starts as a clean slate. Auto-resume only ever
+		// runs *inside the live session that hit the limit* (its timer is armed by
+		// setPendingContinuation). A new session — or a reopened one after a crash — must NEVER
+		// inherit and silently restart a previous session's paused work, so we drop any leftover
+		// pending state and reset all in-memory guards here.
+		if (persistedState.pendingContinuationPrompt) clearPendingContinuation();
+		autoContinuesThisPrompt = 0;
+		userAbortedChain = false;
+		expectingSelfContinuation = false;
+		lastSentContinuationPrompt = "";
 		ctx.ui.notify(
 			`pi-multi-account loaded (${config.enabled ? "enabled" : "disabled"}). ${rotation.length} account(s) in rotation. Config: ${CONFIG_PATH}`,
 			"info",
 		);
 	});
 
+	// CRITICAL: when the current session ends — for ANY reason (quit, reload, or replacement
+	// by a new/resumed/forked session) — the extension's background activity must end with it.
+	// Kill every timer and drop the pending continuation so nothing survives the session.
 	pi.on("session_shutdown", async () => {
 		if (pendingWakeTimer) {
 			clearTimeout(pendingWakeTimer);
 			pendingWakeTimer = undefined;
 		}
+		if (autoContinueTimer) {
+			clearTimeout(autoContinueTimer);
+			autoContinueTimer = undefined;
+		}
+		clearPendingContinuation();
+		userAbortedChain = false;
+		expectingSelfContinuation = false;
+		autoContinuesThisPrompt = 0;
+		lastSentContinuationPrompt = "";
+	});
+
+	// Distinguish a genuine new user prompt from our own failover continuation. Only a
+	// genuine prompt resets the per-task auto-continue counter and cancels any pending
+	// resurrection — this is what stops maxAutoContinuesPerPrompt from resetting every
+	// iteration (the bug that let the failover loop run forever).
+	pi.on("before_agent_start", async (event) => {
+		const prompt = typeof (event as any).prompt === "string" ? (event as any).prompt : "";
+		const isSelfContinuation =
+			expectingSelfContinuation || (!!lastSentContinuationPrompt && prompt.trim() === lastSentContinuationPrompt.trim());
+		if (isSelfContinuation) return;
+		// Genuine user input → fresh task: reset the chain and stop any auto-resume so the
+		// user is fully back in control.
+		autoContinuesThisPrompt = 0;
+		userAbortedChain = false;
+		lastSentContinuationPrompt = "";
+		if (autoContinueTimer) {
+			clearTimeout(autoContinueTimer);
+			autoContinueTimer = undefined;
+		}
+		if (persistedState.pendingContinuationPrompt) clearPendingContinuation();
 	});
 
 	pi.on("agent_start", async () => {
 		currentPromptSwitch = undefined;
-		autoContinuesThisPrompt = 0;
+		expectingSelfContinuation = false; // consume the flag once the run has started
 		lastErrorText = "";
 		captureDesiredThinking(); // remember the level BEFORE any failover can clamp it
 		refreshDiscovery(); // cheap: only re-scans when auth.json changed (new /login)
@@ -1129,6 +1458,7 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 	pi.on("after_provider_response", async (event, ctx) => {
 		latestCtx = ctx;
 		if (!config.enabled) return;
+		if (userAbortedChain || ctx.signal?.aborted) return; // user is cancelling — don't fail over
 		const status = (event as any).status;
 		if (status === 401) {
 			// Authorization is dead → drop this account, then move on.
@@ -1145,6 +1475,7 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		latestCtx = ctx;
 		const message = (event as any).message;
 		if (message?.role !== "assistant" || message.stopReason !== "error") return;
+		if (userAbortedChain || ctx.signal?.aborted) return; // user is cancelling — don't fail over
 		const errorText = typeof message.errorMessage === "string" ? message.errorMessage : "";
 		lastErrorText = errorText;
 		if (currentPromptSwitch) return;
@@ -1161,15 +1492,44 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 	pi.on("agent_end", async (event, ctx) => {
 		latestCtx = ctx;
 		if (!config.enabled || !config.autoContinue) return;
+
+		// Respect the user: if they pressed Esc, the last assistant message is "aborted".
+		// Stop the failover chain dead and cancel every background timer so nothing
+		// resurrects the task. It only restarts when the user sends a new prompt.
+		if (lastAssistantStopReason((event as any).messages ?? []) === "aborted" || ctx.signal?.aborted) {
+			userAbortedChain = true;
+			if (autoContinueTimer) {
+				clearTimeout(autoContinueTimer);
+				autoContinueTimer = undefined;
+			}
+			clearPendingContinuation();
+			currentPromptSwitch = undefined;
+			lastErrorText = "";
+			return;
+		}
+		if (userAbortedChain) return;
+
 		const errorText = lastErrorText || getAssistantErrorText((event as any).messages ?? []);
 		if (isAuthError(errorText) && ctx.model) markInvalid(ctx.model.provider, errorText.slice(0, 60));
 		if (!isLimitError(errorText) && !isAuthError(errorText)) return;
-		if (autoContinuesThisPrompt >= config.maxAutoContinuesPerPrompt) return;
+
+		// Task-level cap. Because this counter is no longer reset by our own re-prompts,
+		// it genuinely bounds the failover loop. When it trips we stop completely (and do
+		// NOT arm a resurrection timer) so the machine can't be driven into a swap spiral.
+		if (autoContinuesThisPrompt >= config.maxAutoContinuesPerPrompt) {
+			ctx.ui.notify(
+				`Provider failover: stopped after ${autoContinuesThisPrompt} auto-continues — every account kept hitting limits. Send a new message, or run /multi-account reset to retry.`,
+				"warning",
+			);
+			return;
+		}
 
 		if (!currentPromptSwitch) {
 			const reason = `agent ended with provider limit: ${errorText.slice(0, 120)}`;
 			const switched = await switchToFallback(ctx, reason, cooldownFromErrorText(errorText) ?? config.cooldownMs);
-			if (!switched && !currentPromptSwitch) {
+			// switchToFallback already arms pending-resume when nothing is available now, so
+			// only set it here if it somehow didn't (defensive; alreadyPending makes it a no-op).
+			if (!switched && !currentPromptSwitch && !persistedState.pendingContinuationPrompt) {
 				setPendingContinuation(ctx, reason);
 				return;
 			}
@@ -1178,7 +1538,7 @@ export default function piMultiAccount(pi: ExtensionAPI) {
 		if (currentPromptSwitch) {
 			autoContinuesThisPrompt++;
 			const prompt = continuationPrompt(currentPromptSwitch);
-			pi.sendUserMessage(prompt, ctx.isIdle() ? undefined : { deliverAs: "followUp" });
+			scheduleAutoContinue(ctx, prompt); // spaced + Esc-cancellable, not a tight loop
 		}
 	});
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-multi-account",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "Automatic multi-account failover & rotation for Pi Agent across Anthropic (Claude), OpenAI/ChatGPT Codex, and Qwen/Alibaba. Auto-discovers authenticated accounts, grows the rotation on login, and drops accounts on logout, expiry, or quota/rate-limit errors.",
   "type": "module",
   "license": "MIT",