poe-code 3.0.69-beta.1 → 3.0.69-beta.2

package/dist/index.js

@@ -2032,170 +2032,9 @@ var init_context = __esm({
   }
 });
 
-// src/services/credentials.ts
-import path4 from "node:path";
-async function saveCredentials(options) {
-  const { fs: fs3, filePath, apiKey } = options;
-  const document = await readCredentialsDocument(fs3, filePath);
-  document.apiKey = apiKey;
-  await writeCredentialsDocument(fs3, filePath, document);
-}
-async function loadCredentials(options) {
-  const { fs: fs3, filePath } = options;
-  const document = await readCredentialsDocument(fs3, filePath);
-  return typeof document.apiKey === "string" && document.apiKey.length > 0 ? document.apiKey : null;
-}
-async function deleteCredentials(options) {
-  const { fs: fs3, filePath } = options;
-  try {
-    await fs3.unlink(filePath);
-    return true;
-  } catch (error2) {
-    if (isNotFound(error2)) {
-      return false;
-    }
-    throw error2;
-  }
-}
-async function loadConfiguredServices(options) {
-  const { fs: fs3, filePath } = options;
-  const document = await readCredentialsDocument(fs3, filePath);
-  return { ...document.configured_services ?? {} };
-}
-async function saveConfiguredService(options) {
-  const { fs: fs3, filePath, service, metadata } = options;
-  const document = await readCredentialsDocument(fs3, filePath);
-  const normalized = normalizeConfiguredServiceMetadata(metadata);
-  document.configured_services = {
-    ...document.configured_services ?? {},
-    [service]: normalized
-  };
-  await writeCredentialsDocument(fs3, filePath, document);
-}
-async function unconfigureService(options) {
-  const { fs: fs3, filePath, service } = options;
-  const document = await readCredentialsDocument(fs3, filePath);
-  const services = document.configured_services;
-  if (!services || !(service in services)) {
-    return false;
-  }
-  delete services[service];
-  if (Object.keys(services).length === 0) {
-    delete document.configured_services;
-  }
-  await writeCredentialsDocument(fs3, filePath, document);
-  return true;
-}
-function normalizeConfiguredServiceMetadata(metadata) {
-  const seen = /* @__PURE__ */ new Set();
-  const files = [];
-  for (const entry of metadata.files ?? []) {
-    if (typeof entry !== "string" || entry.length === 0) {
-      continue;
-    }
-    if (!seen.has(entry)) {
-      files.push(entry);
-      seen.add(entry);
-    }
-  }
-  return {
-    files
-  };
-}
-async function readCredentialsDocument(fs3, filePath) {
-  try {
-    const raw = await fs3.readFile(filePath, "utf8");
-    return await parseCredentialsDocument(fs3, filePath, raw);
-  } catch (error2) {
-    if (isNotFound(error2)) {
-      return {};
-    }
-    throw error2;
-  }
-}
-async function parseCredentialsDocument(fs3, filePath, raw) {
-  try {
-    const parsed = JSON.parse(raw);
-    return normalizeCredentialsDocument(parsed);
-  } catch (error2) {
-    if (error2 instanceof SyntaxError) {
-      await recoverInvalidCredentials(fs3, filePath, raw);
-      return {};
-    }
-    throw error2;
-  }
-}
-function normalizeCredentialsDocument(value) {
-  if (!isRecord3(value)) {
-    return {};
-  }
-  const document = {};
-  if (typeof value.apiKey === "string" && value.apiKey.length > 0) {
-    document.apiKey = value.apiKey;
-  }
-  const services = normalizeConfiguredServices(value.configured_services);
-  if (Object.keys(services).length > 0) {
-    document.configured_services = services;
-  }
-  return document;
-}
-function normalizeConfiguredServices(value) {
-  if (!isRecord3(value)) {
-    return {};
-  }
-  const entries = {};
-  for (const [key, entry] of Object.entries(value)) {
-    if (!isRecord3(entry)) {
-      continue;
-    }
-    const normalized = normalizeConfiguredServiceMetadata({
-      files: Array.isArray(entry.files) ? entry.files : []
-    });
-    entries[key] = normalized;
-  }
-  return entries;
-}
-async function writeCredentialsDocument(fs3, filePath, document) {
-  await fs3.mkdir(path4.dirname(filePath), { recursive: true });
-  const payload = {};
-  if (document.apiKey) {
-    payload.apiKey = document.apiKey;
-  }
-  if (document.configured_services) {
-    payload.configured_services = document.configured_services;
-  }
-  await fs3.writeFile(filePath, `${JSON.stringify(payload, null, 2)}
-`, {
-    encoding: "utf8"
-  });
-}
-async function recoverInvalidCredentials(fs3, filePath, content) {
-  const backupPath = createInvalidBackupPath(filePath);
-  await fs3.writeFile(backupPath, content, { encoding: "utf8" });
-  await fs3.writeFile(filePath, EMPTY_DOCUMENT, { encoding: "utf8" });
-}
-function createInvalidBackupPath(filePath) {
-  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-  const dir = path4.dirname(filePath);
-  const base = path4.basename(filePath);
-  return path4.join(dir, `${base}.invalid-${timestamp}.json`);
-}
-function isRecord3(value) {
-  return Boolean(value && typeof value === "object" && !Array.isArray(value));
-}
-var EMPTY_DOCUMENT;
-var init_credentials2 = __esm({
-  "src/services/credentials.ts"() {
-    "use strict";
-    init_src2();
-    EMPTY_DOCUMENT = `${JSON.stringify({}, null, 2)}
-`;
-  }
-});
-
 // src/cli/isolated-env.ts
-import path5 from "node:path";
-async function resolveIsolatedEnvDetails(env, isolated, providerName, fs3) {
+import path4 from "node:path";
+async function resolveIsolatedEnvDetails(env, isolated, providerName, readApiKey) {
   if (!providerName) {
     throw new Error("resolveIsolatedEnvDetails requires providerName.");
   }
@@ -2208,7 +2047,7 @@ async function resolveIsolatedEnvDetails(env, isolated, providerName, fs3) {
   }
   return {
     agentBinary: isolated.agentBinary,
-    env: await resolveIsolatedEnvVars(env, baseDir, isolated.env, fs3),
+    env: await resolveIsolatedEnvVars(env, baseDir, isolated.env, readApiKey),
     configProbePath: isolated.configProbe ? resolveIsolatedEnvPath(env, baseDir, isolated.configProbe) : void 0
   };
 }
@@ -2216,7 +2055,7 @@ function resolveIsolatedTargetDirectory(input) {
   const expanded = expandHomeShortcut(input.env, input.targetDirectory);
   const baseDir = resolveIsolatedBaseDir(input.env, input.providerName);
   const homeDir = input.env.homeDir;
-  const homeDirWithSep = `${homeDir}${path5.sep}`;
+  const homeDirWithSep = `${homeDir}${path4.sep}`;
   if (expanded !== homeDir && !expanded.startsWith(homeDirWithSep)) {
     throw new Error(
       `Isolated config targets must live under the user's home directory (received "${input.targetDirectory}").`
@@ -2231,20 +2070,20 @@ function resolveIsolatedTargetDirectory(input) {
   if (!expanded.startsWith(homeDirWithSep)) {
     return expanded;
   }
-  const mapped = path5.join(baseDir, expanded.slice(homeDirWithSep.length));
+  const mapped = path4.join(baseDir, expanded.slice(homeDirWithSep.length));
   return stripAgentHome(mapped, baseDir, input.isolated.agentBinary);
 }
 function resolveIsolatedBaseDir(env, providerName) {
   return env.resolveHomePath(".poe-code", providerName);
 }
-async function resolveIsolatedEnvVars(env, baseDir, vars, fs3) {
+async function resolveIsolatedEnvVars(env, baseDir, vars, readApiKey) {
   const out = {};
   for (const [key, value] of Object.entries(vars)) {
-    out[key] = await resolveIsolatedEnvValue(env, baseDir, value, fs3);
+    out[key] = await resolveIsolatedEnvValue(env, baseDir, value, readApiKey);
   }
   return out;
 }
-async function resolveIsolatedEnvValue(env, baseDir, value, fs3) {
+async function resolveIsolatedEnvValue(env, baseDir, value, readApiKey) {
   if (typeof value === "string") {
     return expandHomeShortcut(env, value);
   }
@@ -2262,12 +2101,12 @@ async function resolveIsolatedEnvValue(env, baseDir, value, fs3) {
     if (typeof resolved === "string" && resolved.trim().length > 0) {
       return resolved;
     }
-    if (!fs3) {
+    if (!readApiKey) {
       throw new Error(
         'Missing Poe API key for isolated wrapper. Set "POE_API_KEY" or run "poe-code login".'
       );
     }
-    return await resolvePoeApiKeyFromCredentials({ fs: fs3, env });
+    return await resolvePoeApiKeyFromAuthStore(readApiKey);
   }
   if (isPoeBaseUrlReference(value)) {
     return env.poeBaseUrl;
@@ -2280,9 +2119,9 @@ async function resolveIsolatedEnvValue(env, baseDir, value, fs3) {
 function resolveIsolatedEnvPath(env, baseDir, value) {
   switch (value.kind) {
     case "isolatedDir":
-      return value.relativePath ? path5.join(baseDir, value.relativePath) : baseDir;
+      return value.relativePath ? path4.join(baseDir, value.relativePath) : baseDir;
     case "isolatedFile":
-      return path5.join(baseDir, value.relativePath);
+      return path4.join(baseDir, value.relativePath);
   }
 }
 function isEnvVarReference(value) {
@@ -2294,8 +2133,8 @@ function isPoeApiKeyReference(value) {
 function isPoeBaseUrlReference(value) {
   return typeof value === "object" && value.kind === "poeBaseUrl";
 }
-async function resolvePoeApiKeyFromCredentials(input) {
-  const stored = await loadCredentials({ fs: input.fs, filePath: input.env.credentialsPath }) ?? void 0;
+async function resolvePoeApiKeyFromAuthStore(readApiKey) {
+  const stored = await readApiKey();
   if (typeof stored !== "string" || stored.trim().length === 0) {
     throw new Error(
       'Missing Poe API key for isolated wrapper. Set "POE_API_KEY" or run "poe-code login".'
@@ -2324,10 +2163,10 @@ async function applyIsolatedEnvRepairs(input) {
     if (repair.kind !== "chmod") {
       continue;
     }
-    if (path5.isAbsolute(repair.relativePath)) {
+    if (path4.isAbsolute(repair.relativePath)) {
       continue;
     }
-    const repairPath = path5.join(baseDir, repair.relativePath);
+    const repairPath = path4.join(baseDir, repair.relativePath);
     try {
       await input.fs.chmod(repairPath, repair.mode);
     } catch (error2) {
@@ -2338,11 +2177,11 @@ async function applyIsolatedEnvRepairs(input) {
     }
   }
 }
-async function resolveCliSettings(cliSettings, env, fs3) {
+async function resolveCliSettings(cliSettings, env, readApiKey) {
   const result = { ...cliSettings.values };
   if (cliSettings.resolved) {
     for (const [key, value] of Object.entries(cliSettings.resolved)) {
-      result[key] = await resolveCliSettingValue(value, env, fs3);
+      result[key] = await resolveCliSettingValue(value, env, readApiKey);
     }
   }
   if (cliSettings.env) {
@@ -2351,21 +2190,21 @@ async function resolveCliSettings(cliSettings, env, fs3) {
       if (typeof value === "string") {
         resolvedEnv[key] = value;
       } else {
-        resolvedEnv[key] = await resolveCliSettingValue(value, env, fs3);
+        resolvedEnv[key] = await resolveCliSettingValue(value, env, readApiKey);
       }
     }
     result.env = resolvedEnv;
   }
   return result;
 }
-async function resolveCliSettingValue(value, env, fs3) {
+async function resolveCliSettingValue(value, env, readApiKey) {
   if (isPoeApiKeyReference(value)) {
     const resolved = env.getVariable("POE_API_KEY");
     if (typeof resolved === "string" && resolved.trim().length > 0) {
       return resolved;
     }
-    if (fs3) {
-      return await resolvePoeApiKeyFromCredentials({ fs: fs3, env });
+    if (readApiKey) {
+      return await resolvePoeApiKeyFromAuthStore(readApiKey);
     }
     throw new Error(
       'Missing Poe API key for CLI settings. Set "POE_API_KEY" or run "poe-code login".'
@@ -2378,13 +2217,13 @@ async function resolveCliSettingValue(value, env, fs3) {
 }
 function stripAgentHome(mapped, baseDir, agentBinary) {
   const agentDir = `.${agentBinary}`;
-  const prefix = path5.join(baseDir, agentDir);
+  const prefix = path4.join(baseDir, agentDir);
   if (mapped === prefix) {
     return baseDir;
   }
-  const withSep = `${prefix}${path5.sep}`;
+  const withSep = `${prefix}${path4.sep}`;
   if (mapped.startsWith(withSep)) {
-    return path5.join(baseDir, mapped.slice(withSep.length));
+    return path4.join(baseDir, mapped.slice(withSep.length));
   }
   return mapped;
 }
@@ -2395,11 +2234,11 @@ function expandHomeShortcut(env, input) {
   if (input === "~") {
     return env.homeDir;
   }
-  if (input.startsWith("~/") || input.startsWith(`~${path5.sep}`)) {
-    return path5.join(env.homeDir, input.slice(2));
+  if (input.startsWith("~/") || input.startsWith(`~${path4.sep}`)) {
+    return path4.join(env.homeDir, input.slice(2));
   }
-  if (input.startsWith("~./") || input.startsWith(`~.${path5.sep}`)) {
-    return path5.join(env.homeDir, `.${input.slice(3)}`);
+  if (input.startsWith("~./") || input.startsWith(`~.${path4.sep}`)) {
+    return path4.join(env.homeDir, `.${input.slice(3)}`);
   }
   return input;
 }
@@ -2407,7 +2246,6 @@ var init_isolated_env = __esm({
   "src/cli/isolated-env.ts"() {
     "use strict";
     init_src2();
-    init_credentials2();
   }
 });
 
@@ -4389,7 +4227,7 @@ var init_src5 = __esm({
 });
 
 // src/cli/commands/shared.ts
-import path6 from "node:path";
+import path5 from "node:path";
 function resolveCommandFlags(program) {
   const opts = program.optsWithGlobals();
   return {
@@ -4462,7 +4300,7 @@ function buildResumeCommand(canonicalService, threadId, cwd) {
   if (!binaryName) {
     return void 0;
   }
-  const resumeCwd = path6.resolve(cwd);
+  const resumeCwd = path5.resolve(cwd);
   const args = spawnConfig.resumeCommand(threadId, resumeCwd);
   const agentCommand = [binaryName, ...args.map(shlexQuote)].join(" ");
   const needsCdPrefix = !args.includes(resumeCwd);
@@ -4559,7 +4397,7 @@ var init_shared = __esm({
 });
 
 // src/sdk/spawn-core.ts
-import path7 from "node:path";
+import path6 from "node:path";
 import chalk10 from "chalk";
 async function spawnCore(container, service, options, flags = { dryRun: false, verbose: false }) {
   const cwdOverride = resolveSpawnWorkingDirectory(
@@ -4657,10 +4495,10 @@ function resolveSpawnWorkingDirectory(baseDir, candidate) {
   if (!candidate || candidate.trim().length === 0) {
     return void 0;
   }
-  if (path7.isAbsolute(candidate)) {
+  if (path6.isAbsolute(candidate)) {
     return candidate;
   }
-  return path7.resolve(baseDir, candidate);
+  return path6.resolve(baseDir, candidate);
 }
 var init_spawn_core = __esm({
   "src/sdk/spawn-core.ts"() {
@@ -4670,14 +4508,14 @@ var init_spawn_core = __esm({
 });
 
 // src/cli/environment.ts
-import path8 from "node:path";
+import path7 from "node:path";
 function createCliEnvironment(init) {
   const platform = init.platform ?? process.platform;
   const variables = init.variables ?? process.env;
   const credentialsPath = resolveCredentialsPath(init.homeDir);
   const logDir = resolveLogDir(init.homeDir);
   const { poeApiBaseUrl, poeBaseUrl } = resolvePoeBaseUrls(variables);
-  const resolveHomePath = (...segments) => path8.join(init.homeDir, ...segments);
+  const resolveHomePath = (...segments) => path7.join(init.homeDir, ...segments);
   const getVariable = (name) => variables[name];
   return {
     cwd: init.cwd,
@@ -4693,10 +4531,10 @@ function createCliEnvironment(init) {
   };
 }
 function resolveCredentialsPath(homeDir) {
-  return path8.join(homeDir, ".poe-code", "credentials.json");
+  return path7.join(homeDir, ".poe-code", "credentials.json");
 }
 function resolveLogDir(homeDir) {
-  return path8.join(homeDir, ".poe-code", "logs");
+  return path7.join(homeDir, ".poe-code", "logs");
 }
 function resolvePoeBaseUrls(variables) {
   const raw = variables.POE_BASE_URL;
@@ -5233,7 +5071,7 @@ var init_logger2 = __esm({
 });
 
 // src/cli/error-logger.ts
-import path9 from "node:path";
+import path8 from "node:path";
 var DEFAULT_MAX_SIZE, DEFAULT_MAX_BACKUPS, ErrorLogger;
 var init_error_logger = __esm({
   "src/cli/error-logger.ts"() {
@@ -5250,7 +5088,7 @@ var init_error_logger = __esm({
       fileLoggingAvailable;
       constructor(options) {
         this.fs = options.fs;
-        this.logFilePath = path9.join(options.logDir, "errors.log");
+        this.logFilePath = path8.join(options.logDir, "errors.log");
         this.logToStderr = options.logToStderr ?? true;
         this.maxSize = options.maxSize ?? DEFAULT_MAX_SIZE;
         this.maxBackups = options.maxBackups ?? DEFAULT_MAX_BACKUPS;
@@ -5369,7 +5207,7 @@ ${entry.stack}`);
         return `${this.logFilePath}.${index}`;
       }
       ensureLogDirectory() {
-        const directory = path9.dirname(this.logFilePath);
+        const directory = path8.dirname(this.logFilePath);
         try {
           if (!this.fs.existsSync(directory)) {
             this.fs.mkdirSync(directory, { recursive: true });
@@ -5387,7 +5225,7 @@ ${entry.stack}`);
 });
 
 // src/providers/index.ts
-import path10 from "node:path";
+import path9 from "node:path";
 import { readdir } from "node:fs/promises";
 import { fileURLToPath, pathToFileURL } from "node:url";
 function isProviderModule(filename) {
@@ -5414,7 +5252,7 @@ async function loadProviders() {
   for (const entry of entries) {
     if (!entry.isFile()) continue;
     if (!isProviderModule(entry.name)) continue;
-    const moduleUrl = pathToFileURL(path10.join(currentDir, entry.name)).href;
+    const moduleUrl = pathToFileURL(path9.join(currentDir, entry.name)).href;
     const moduleExports = await import(moduleUrl);
     if (!moduleExports.provider) {
       throw new Error(`Provider module "${entry.name}" must export "provider".`);
@@ -5430,8 +5268,8 @@ var moduleDir, currentDir, defaultProviders;
 var init_providers = __esm({
   async "src/providers/index.ts"() {
     "use strict";
-    moduleDir = path10.dirname(fileURLToPath(import.meta.url));
-    currentDir = path10.basename(moduleDir) === "providers" ? moduleDir : path10.join(moduleDir, "providers");
+    moduleDir = path9.dirname(fileURLToPath(import.meta.url));
+    currentDir = path9.basename(moduleDir) === "providers" ? moduleDir : path9.join(moduleDir, "providers");
     defaultProviders = await loadProviders();
   }
 });
@@ -5613,7 +5451,7 @@ async function ensureIsolatedConfigForService(input) {
     container.env,
     isolated,
     adapter.name,
-    container.fs
+    container.readApiKey
   );
   const hasConfig = await isolatedConfigExists(
     container.fs,
@@ -5688,7 +5526,7 @@ function createPoeCodeCommandRunner(input) {
       container.env,
       adapter.isolatedEnv,
       adapter.name,
-      container.fs
+      container.readApiKey
     );
     if (adapter.isolatedEnv.requiresConfig !== false) {
       const hasConfig = await isolatedConfigExists(
@@ -5719,7 +5557,7 @@ function createPoeCodeCommandRunner(input) {
       const resolvedSettings = await resolveCliSettings(
         adapter.isolatedEnv.cliSettings,
         container.env,
-        container.fs
+        container.readApiKey
       );
       forwarded = buildArgsWithMergedSettings(forwarded, resolvedSettings);
     }
@@ -5864,7 +5702,9 @@ function createSdkContainer(options) {
         platform: process.platform,
         variables
       }
-    }
+    },
+    readApiKey,
+    writeApiKey
   };
   return container;
 }
@@ -6037,6 +5877,161 @@ var init_errors = __esm({
   }
 });
 
+// src/services/credentials.ts
+import path10 from "node:path";
+async function loadCredentials(options) {
+  const { fs: fs3, filePath } = options;
+  const document = await readCredentialsDocument(fs3, filePath);
+  return typeof document.apiKey === "string" && document.apiKey.length > 0 ? document.apiKey : null;
+}
+async function deleteCredentials(options) {
+  const { fs: fs3, filePath } = options;
+  try {
+    await fs3.unlink(filePath);
+    return true;
+  } catch (error2) {
+    if (isNotFound(error2)) {
+      return false;
+    }
+    throw error2;
+  }
+}
+async function loadConfiguredServices(options) {
+  const { fs: fs3, filePath } = options;
+  const document = await readCredentialsDocument(fs3, filePath);
+  return { ...document.configured_services ?? {} };
+}
+async function saveConfiguredService(options) {
+  const { fs: fs3, filePath, service, metadata } = options;
+  const document = await readCredentialsDocument(fs3, filePath);
+  const normalized = normalizeConfiguredServiceMetadata(metadata);
+  document.configured_services = {
+    ...document.configured_services ?? {},
+    [service]: normalized
+  };
+  await writeCredentialsDocument(fs3, filePath, document);
+}
+async function unconfigureService(options) {
+  const { fs: fs3, filePath, service } = options;
+  const document = await readCredentialsDocument(fs3, filePath);
+  const services = document.configured_services;
+  if (!services || !(service in services)) {
+    return false;
+  }
+  delete services[service];
+  if (Object.keys(services).length === 0) {
+    delete document.configured_services;
+  }
+  await writeCredentialsDocument(fs3, filePath, document);
+  return true;
+}
+function normalizeConfiguredServiceMetadata(metadata) {
+  const seen = /* @__PURE__ */ new Set();
+  const files = [];
+  for (const entry of metadata.files ?? []) {
+    if (typeof entry !== "string" || entry.length === 0) {
+      continue;
+    }
+    if (!seen.has(entry)) {
+      files.push(entry);
+      seen.add(entry);
+    }
+  }
+  return {
+    files
+  };
+}
+async function readCredentialsDocument(fs3, filePath) {
+  try {
+    const raw = await fs3.readFile(filePath, "utf8");
+    return await parseCredentialsDocument(fs3, filePath, raw);
+  } catch (error2) {
+    if (isNotFound(error2)) {
+      return {};
+    }
+    throw error2;
+  }
+}
+async function parseCredentialsDocument(fs3, filePath, raw) {
+  try {
+    const parsed = JSON.parse(raw);
+    return normalizeCredentialsDocument(parsed);
+  } catch (error2) {
+    if (error2 instanceof SyntaxError) {
+      await recoverInvalidCredentials(fs3, filePath, raw);
+      return {};
+    }
+    throw error2;
+  }
+}
+function normalizeCredentialsDocument(value) {
+  if (!isRecord3(value)) {
+    return {};
+  }
+  const document = {};
+  if (typeof value.apiKey === "string" && value.apiKey.length > 0) {
+    document.apiKey = value.apiKey;
+  }
+  const services = normalizeConfiguredServices(value.configured_services);
+  if (Object.keys(services).length > 0) {
+    document.configured_services = services;
+  }
+  return document;
+}
+function normalizeConfiguredServices(value) {
+  if (!isRecord3(value)) {
+    return {};
+  }
+  const entries = {};
+  for (const [key, entry] of Object.entries(value)) {
+    if (!isRecord3(entry)) {
+      continue;
+    }
+    const normalized = normalizeConfiguredServiceMetadata({
+      files: Array.isArray(entry.files) ? entry.files : []
+    });
+    entries[key] = normalized;
+  }
+  return entries;
+}
+async function writeCredentialsDocument(fs3, filePath, document) {
+  await fs3.mkdir(path10.dirname(filePath), { recursive: true });
+  const payload = {};
+  if (document.apiKey) {
+    payload.apiKey = document.apiKey;
+  }
+  if (document.configured_services) {
+    payload.configured_services = document.configured_services;
+  }
+  await fs3.writeFile(filePath, `${JSON.stringify(payload, null, 2)}
+`, {
+    encoding: "utf8"
+  });
+}
+async function recoverInvalidCredentials(fs3, filePath, content) {
+  const backupPath = createInvalidBackupPath(filePath);
+  await fs3.writeFile(backupPath, content, { encoding: "utf8" });
+  await fs3.writeFile(filePath, EMPTY_DOCUMENT, { encoding: "utf8" });
+}
+function createInvalidBackupPath(filePath) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+  const dir = path10.dirname(filePath);
+  const base = path10.basename(filePath);
+  return path10.join(dir, `${base}.invalid-${timestamp}.json`);
+}
+function isRecord3(value) {
+  return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+var EMPTY_DOCUMENT;
+var init_credentials2 = __esm({
+  "src/services/credentials.ts"() {
+    "use strict";
+    init_src2();
+    EMPTY_DOCUMENT = `${JSON.stringify({}, null, 2)}
+`;
+  }
+});
+
 // src/services/llm-client.ts
 function createPoeClient(options) {
   const httpClient = options.httpClient ?? createDefaultHttpClient();
@@ -6242,19 +6237,33 @@ function createCliContainer(dependencies) {
   });
   const commandRunner = dependencies.commandRunner ?? runCommand;
   const promptLibrary = createPromptLibrary();
+  const authFs = {
+    readFile: (filePath, encoding) => dependencies.fs.readFile(filePath, encoding),
+    writeFile: (filePath, data, opts) => dependencies.fs.writeFile(filePath, data, opts),
+    mkdir: (directoryPath, opts) => dependencies.fs.mkdir(directoryPath, opts).then(() => void 0),
+    unlink: (filePath) => dependencies.fs.unlink(filePath),
+    chmod: (filePath, mode) => dependencies.fs.chmod ? dependencies.fs.chmod(filePath, mode) : Promise.resolve()
+  };
+  const { store: authStore } = createAuthStore({
+    env: dependencies.env.variables,
+    platform: dependencies.env.platform,
+    fileStore: {
+      fs: authFs,
+      getHomeDirectory: () => dependencies.env.homeDir
+    },
+    legacyCredentials: {
+      fs: authFs,
+      getHomeDirectory: () => dependencies.env.homeDir
+    }
+  });
+  const readApiKey = authStore.getApiKey.bind(authStore);
+  const writeApiKey = authStore.setApiKey.bind(authStore);
   const options = createOptionResolvers({
     prompts: dependencies.prompts,
     promptLibrary,
     apiKeyStore: {
-      read: () => loadCredentials({
-        fs: dependencies.fs,
-        filePath: environment.credentialsPath
-      }),
-      write: (value) => saveCredentials({
-        fs: dependencies.fs,
-        filePath: environment.credentialsPath,
-        apiKey: value
-      })
+      read: readApiKey,
+      write: writeApiKey
     }
   });
   const registry2 = createServiceRegistry();
@@ -6282,14 +6291,16 @@ function createCliContainer(dependencies) {
     httpClient,
     commandRunner: wrappedRunner,
     providers,
-    dependencies
+    dependencies,
+    readApiKey,
+    writeApiKey
   };
   return container;
 }
 var init_container2 = __esm({
   async "src/cli/container.ts"() {
     "use strict";
-    init_credentials2();
+    init_src();
     init_environment();
     init_service_registry();
     init_context();
@@ -7193,7 +7204,7 @@ async function isolatedEnvRunner(input) {
     input.env,
     input.isolated,
     input.providerName,
-    input.fs
+    input.readApiKey
   );
   let args = input.argv.slice(2);
   if (input.isolated.requiresConfig !== false) {
@@ -7208,7 +7219,7 @@ async function isolatedEnvRunner(input) {
     const resolvedSettings = await resolveCliSettings(
       input.isolated.cliSettings,
       input.env,
-      input.fs
+      input.readApiKey
     );
     args = buildArgsWithMergedSettings(args, resolvedSettings);
   }
@@ -7295,6 +7306,7 @@ function registerWrapCommand(program, container) {
     await isolatedEnvRunner({
       env: container.env,
       fs: container.fs,
+      readApiKey: container.readApiKey,
       providerName: adapter.name,
       isolated,
       argv: ["node", "poe-code", ...forwarded]
@@ -7328,11 +7340,9 @@ function registerLoginCommand(program, container) {
         fs: container.fs,
         filePath: container.env.credentialsPath
       });
-      await saveCredentials({
-        fs: resources.context.fs,
-        filePath: container.env.credentialsPath,
-        apiKey: normalized
-      });
+      if (!flags.dryRun) {
+        await container.writeApiKey(normalized);
+      }
       await reconfigureServices({
         program,
         container,
@@ -7702,7 +7712,7 @@ async function executeTest(program, container, service, options = {}) {
     container.env,
     adapter.isolatedEnv,
     adapter.name,
-    container.fs
+    container.readApiKey
   ) : null;
   if (options.isolated && adapter.isolatedEnv) {
     const { ensureIsolatedConfigForService: ensureIsolatedConfigForService2 } = await Promise.resolve().then(() => (init_ensure_isolated_config(), ensure_isolated_config_exports));
@@ -35428,10 +35438,7 @@ function registerMcpCommand(program, container) {
   mcp.command("configure [agent]").description("Configure MCP client to use poe-code").option("-y, --yes", "Skip prompt, use claude-code").action(async (agentArg, options) => {
     const flags = resolveCommandFlags(program);
     const resources = createExecutionResources(container, flags, "mcp");
-    const existingKey = await loadCredentials({
-      fs: container.fs,
-      filePath: container.env.credentialsPath
-    });
+    const existingKey = await container.readApiKey();
     if (!existingKey) {
       resources.logger.intro("login");
       await container.options.resolveApiKey({ dryRun: flags.dryRun });
@@ -35531,10 +35538,7 @@ async function runMcpServer(container, options) {
   const outputFormatPreferences = parseMcpOutputFormatPreferences(
     options.outputFormat
   );
-  const apiKey = await loadCredentials({
-    fs: container.fs,
-    filePath: container.env.credentialsPath
-  });
+  const apiKey = await container.readApiKey();
   if (!apiKey) {
     process.stderr.write("No credentials found. Run 'poe-code login' first.\n");
     process.exit(1);
@@ -35552,7 +35556,6 @@ var init_mcp = __esm({
   "src/cli/commands/mcp.ts"() {
     "use strict";
     init_src4();
-    init_credentials2();
     init_client_instance();
     init_mcp_server();
     init_shared();
@@ -38691,10 +38694,7 @@ function registerModelsCommand(program, container) {
     const commandOptions = this.opts();
     resources.logger.intro("models");
     try {
-      const apiKey = await loadCredentials({
-        fs: container.fs,
-        filePath: container.env.credentialsPath
-      });
+      const apiKey = await container.readApiKey();
       if (flags.dryRun) {
         resources.logger.dryRun(
           "Dry run: would fetch models from Poe API."
@@ -38882,7 +38882,6 @@ var init_models = __esm({
   "src/cli/commands/models.ts"() {
     "use strict";
     init_shared();
-    init_credentials2();
     init_errors();
     init_src4();
     MAX_VALUES_LENGTH = 105;
@@ -38896,7 +38895,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "poe-code",
-      version: "3.0.69-beta.1",
+      version: "3.0.69-beta.2",
       description: "CLI tool to configure Poe API for developer workflows.",
       type: "module",
       main: "./dist/index.js",