npm - stub-auth - Versions diffs - 1.0.1 → 1.1.0 - Mend

stub-auth 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/handler.js CHANGED Viewed

@@ -1,4 +1,1622 @@
+// core-auth/dist/env.js
+import { existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function getConfigDir() {
+  return process.env.HUB_CONFIG_DIR || (existsSync(join(homedir(), ".claude")) ? join(homedir(), ".claude") : join(homedir(), ".config", "opencode"));
+}
+function configFolder() {
+  return join(getConfigDir(), "config");
+}
+// core-auth/dist/log.js
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, appendFileSync } from "fs";
+import { join as join4 } from "path";
+// core-auth/dist/config.js
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
+import { join as join3 } from "path";
+// core-auth/dist/models-cache.js
+import { existsSync as existsSync2, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { join as join2 } from "path";
+var MODELS_FILE = "core-auth-models.json";
+function cachePath() {
+  return join2(configFolder(), MODELS_FILE);
+}
+function readAll() {
+  try {
+    if (existsSync2(cachePath()))
+      return JSON.parse(readFileSync(cachePath(), "utf8")) || {};
+  } catch {
+  }
+  return {};
+}
+function readModelCache(providerId) {
+  const entry = readAll()[providerId];
+  return entry && entry.models ? entry : null;
+}
+// core-auth/dist/config.js
+function paths() {
+  const dir = getConfigDir();
+  return { preferred: join3(dir, "config", "core-auth.json"), fallback: join3(dir, "core-auth.json") };
+}
+function readConfig() {
+  const { preferred, fallback } = paths();
+  const p = existsSync3(preferred) ? preferred : existsSync3(fallback) ? fallback : null;
+  try {
+    return p ? JSON.parse(readFileSync2(p, "utf8")) : {};
+  } catch {
+    return {};
+  }
+}
+function writeConfig(cfg) {
+  const { preferred } = paths();
+  try {
+    if (!existsSync3(configFolder()))
+      mkdirSync2(configFolder(), { recursive: true });
+    writeFileSync2(preferred, JSON.stringify(cfg, null, 2), "utf8");
+  } catch {
+  }
+}
+function getAutoSources(providerId) {
+  const cache = readModelCache(providerId);
+  const extra = (cache && Array.isArray(cache.sorts) ? cache.sorts : []).filter((s) => s && s.id);
+  return [{ id: "manual", label: "Manual" }, ...extra];
+}
+function getAutoConfig(providerId) {
+  const stored = (readConfig().auto || {})[providerId] || {};
+  const cache = readModelCache(providerId);
+  const catalogOrder = cache && cache.ranking || [];
+  const sortOrders = cache && cache.sortOrders || {};
+  const reconcile = (ids) => {
+    const out = (Array.isArray(ids) ? ids : []).filter((id) => catalogOrder.includes(id));
+    for (const id of catalogOrder)
+      if (!out.includes(id))
+        out.push(id);
+    return out;
+  };
+  const sources = getAutoSources(providerId);
+  const validIds = sources.map((s) => s.id);
+  const source = stored.source && validIds.includes(stored.source) ? stored.source : "manual";
+  const order = source === "manual" ? reconcile(stored.order && stored.order.length ? stored.order : catalogOrder) : reconcile(sortOrders[source] || catalogOrder);
+  const excluded = (Array.isArray(stored.excluded) ? stored.excluded : []).filter((id) => catalogOrder.includes(id));
+  return { order, excluded, source, sources };
+}
+function setAutoConfig(providerId, auto) {
+  const cfg = readConfig();
+  cfg.auto = cfg.auto || {};
+  const prev = cfg.auto[providerId] || {};
+  cfg.auto[providerId] = {
+    order: auto.order !== void 0 ? auto.order : prev.order || [],
+    excluded: auto.excluded !== void 0 ? auto.excluded : prev.excluded || [],
+    source: auto.source !== void 0 ? auto.source : prev.source || "manual"
+  };
+  writeConfig(cfg);
+}
+// core-auth/dist/log.js
+var START_TIME = (/* @__PURE__ */ new Date()).toISOString().replace(/:/g, "-").split(".")[0];
+function log(message) {
+  if (readConfig().logging === false)
+    return;
+  try {
+    const dateStr = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+    const dir = join4(getConfigDir(), "logs", dateStr);
+    if (!existsSync4(dir))
+      mkdirSync3(dir, { recursive: true });
+    appendFileSync(join4(dir, "core-auth-" + START_TIME + ".log"), "[" + (/* @__PURE__ */ new Date()).toISOString() + "] " + message + "\n");
+  } catch {
+  }
+}
+// core-auth/dist/accounts.js
+import { existsSync as existsSync5, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync4, renameSync, openSync, closeSync, unlinkSync, statSync } from "fs";
+import { join as join5 } from "path";
+import { randomBytes } from "crypto";
+var DEFAULT_FILE = "core-auth-accounts.json";
+var LOCK_STALE_MS = 15 * 1e3;
+var LOCK_WAIT_MS = 5 * 1e3;
+var LOCK_POLL_MS = 25;
+function storeFile(opts) {
+  return join5(opts && opts.dir || configFolder(), opts && opts.file || DEFAULT_FILE);
+}
+function ensureDir(opts) {
+  const dir = opts && opts.dir || configFolder();
+  if (!existsSync5(dir))
+    mkdirSync4(dir, { recursive: true });
+}
+function sleepSync(ms) {
+  try {
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+  } catch {
+  }
+}
+function withLock(opts, fn) {
+  ensureDir(opts);
+  const lockPath = storeFile(opts) + ".lock";
+  const deadline = Date.now() + LOCK_WAIT_MS;
+  let handle2 = null;
+  while (handle2 === null) {
+    try {
+      handle2 = openSync(lockPath, "wx");
+    } catch (error) {
+      if (!error || error.code !== "EEXIST")
+        break;
+      try {
+        if (Date.now() - statSync(lockPath).mtimeMs > LOCK_STALE_MS) {
+          unlinkSync(lockPath);
+          continue;
+        }
+      } catch {
+      }
+      if (Date.now() > deadline)
+        break;
+      sleepSync(LOCK_POLL_MS);
+    }
+  }
+  try {
+    return fn();
+  } finally {
+    if (handle2 !== null) {
+      try {
+        closeSync(handle2);
+      } catch {
+      }
+      try {
+        unlinkSync(lockPath);
+      } catch {
+      }
+    }
+  }
+}
+function readStore(opts) {
+  try {
+    const file = storeFile(opts);
+    if (existsSync5(file))
+      return JSON.parse(readFileSync3(file, "utf8")) || {};
+  } catch {
+  }
+  return { version: 1, providers: {} };
+}
+function writeStore(store, opts) {
+  ensureDir(opts);
+  const file = storeFile(opts);
+  const tmp = file + "." + randomBytes(6).toString("hex") + ".tmp";
+  writeFileSync3(tmp, JSON.stringify(store, null, 2), { encoding: "utf8", mode: 384 });
+  renameSync(tmp, file);
+}
+function emptyPool() {
+  return { accounts: [], activeIndex: 0, activeIndexByLane: {} };
+}
+function poolFrom(store, provider) {
+  const p = store.providers && store.providers[provider];
+  if (!p || !Array.isArray(p.accounts))
+    return emptyPool();
+  return { accounts: p.accounts, activeIndex: p.activeIndex || 0, activeIndexByLane: p.activeIndexByLane || {} };
+}
+function loadAccounts(provider, opts) {
+  return poolFrom(readStore(opts), provider);
+}
+function saveAccounts(provider, pool, opts) {
+  withLock(opts, () => {
+    const store = readStore(opts);
+    store.version = 1;
+    store.providers = store.providers || {};
+    store.providers[provider] = {
+      accounts: pool.accounts || [],
+      activeIndex: pool.activeIndex || 0,
+      activeIndexByLane: pool.activeIndexByLane || {}
+    };
+    writeStore(store, opts);
+  });
+}
+function updateAccounts(provider, mutator, opts) {
+  const pool = withLock(opts, () => {
+    const store = readStore(opts);
+    store.version = 1;
+    store.providers = store.providers || {};
+    const current = poolFrom(store, provider);
+    mutator(current);
+    store.providers[provider] = {
+      accounts: current.accounts || [],
+      activeIndex: current.activeIndex || 0,
+      activeIndexByLane: current.activeIndexByLane || {}
+    };
+    writeStore(store, opts);
+    return current;
+  });
+  return pool;
+}
+function addAccount(provider, account, opts) {
+  updateAccounts(provider, (pool) => {
+    const i = pool.accounts.findIndex((a) => account.id && a.id === account.id || account.refresh && a.refresh === account.refresh);
+    if (i >= 0)
+      pool.accounts[i] = { ...pool.accounts[i], ...account };
+    else
+      pool.accounts.push(account);
+  }, opts);
+}
+function removeAccount(provider, id, opts) {
+  updateAccounts(provider, (pool) => {
+    pool.accounts = pool.accounts.filter((a) => a.id !== id);
+  }, opts);
+}
+// core-auth/dist/ui/ansi.js
+var ANSI = {
+  hide: "\x1B[?25l",
+  show: "\x1B[?25h",
+  up: (n = 1) => `\x1B[${n}A`,
+  clearLine: "\x1B[2K",
+  clearScreen: "\x1B[2J",
+  moveTo: (row, col) => `\x1B[${row};${col}H`,
+  cyan: "\x1B[36m",
+  green: "\x1B[32m",
+  red: "\x1B[31m",
+  yellow: "\x1B[33m",
+  dim: "\x1B[2m",
+  bold: "\x1B[1m",
+  reset: "\x1B[0m"
+};
+function parseKey(data) {
+  const s = data.toString();
+  if (s === "\x1B[A" || s === "\x1BOA")
+    return "up";
+  if (s === "\x1B[B" || s === "\x1BOB")
+    return "down";
+  if (s === "\x1B[5~")
+    return "pageup";
+  if (s === "\x1B[6~")
+    return "pagedown";
+  if (s === "\x1B[H" || s === "\x1B[1~" || s === "\x1BOH")
+    return "home";
+  if (s === "\x1B[F" || s === "\x1B[4~" || s === "\x1BOF")
+    return "end";
+  if (s === "\r" || s === "\n")
+    return "enter";
+  if (s === "" || s === "\x1B")
+    return "escape";
+  return null;
+}
+function isTTY() {
+  return Boolean(process.stdin.isTTY);
+}
+function stripAnsi(s) {
+  return s.replace(/\x1b\[[0-9;]*m/g, "");
+}
+function truncateAnsi(s, max) {
+  if (stripAnsi(s).length <= max)
+    return s;
+  let out = "", visible = 0, i = 0;
+  while (i < s.length && visible < max) {
+    if (s[i] === "\x1B") {
+      const end = s.indexOf("m", i);
+      if (end !== -1) {
+        out += s.slice(i, end + 1);
+        i = end + 1;
+        continue;
+      }
+    }
+    out += s[i];
+    visible++;
+    i++;
+  }
+  return out + ANSI.reset;
+}
+// core-auth/dist/ui/menu-render.js
+import { createInterface as createInterface2 } from "node:readline/promises";
+// core-auth/dist/ui/select.js
+function colorCode(color) {
+  if (color === "red")
+    return ANSI.red;
+  if (color === "green")
+    return ANSI.green;
+  if (color === "yellow")
+    return ANSI.yellow;
+  if (color === "cyan")
+    return ANSI.cyan;
+  return "";
+}
+async function select(items, options) {
+  if (!isTTY())
+    throw new Error("Interactive select requires a TTY terminal");
+  const isSelectable = (i) => i && !i.disabled && !i.separator && i.kind !== "heading";
+  const enabled = items.filter(isSelectable);
+  if (enabled.length === 0)
+    throw new Error("All items disabled");
+  if (enabled.length === 1)
+    return enabled[0].value;
+  const { stdin: stdin2, stdout: stdout2 } = process;
+  let cursor = items.findIndex(isSelectable);
+  if (cursor === -1)
+    cursor = 0;
+  let renderedLines = 0;
+  const render = () => {
+    const columns = stdout2.columns ?? 80;
+    const rows = stdout2.rows ?? 24;
+    const shouldClear = options.clearScreen === true;
+    if (shouldClear)
+      stdout2.write(ANSI.clearScreen + ANSI.moveTo(1, 1));
+    else if (renderedLines > 0)
+      stdout2.write(ANSI.up(renderedLines));
+    let written = 0;
+    const writeLine = (line) => {
+      stdout2.write(`${ANSI.clearLine}${line}
+`);
+      written += 1;
+    };
+    const subtitleLines = options.subtitle ? 3 : 0;
+    const fixed = 1 + subtitleLines + 2;
+    const maxVisible = Math.max(1, Math.min(items.length, rows - fixed - 1));
+    let start = 0, end = items.length;
+    if (items.length > maxVisible) {
+      start = Math.max(0, Math.min(cursor - Math.floor(maxVisible / 2), items.length - maxVisible));
+      end = start + maxVisible;
+    }
+    writeLine(`${ANSI.dim}\u250C  ${ANSI.reset}${truncateAnsi(options.message, Math.max(1, columns - 4))}`);
+    if (options.subtitle) {
+      writeLine(`${ANSI.dim}\u2502${ANSI.reset}`);
+      writeLine(`${ANSI.cyan}\u25C6${ANSI.reset}  ${truncateAnsi(options.subtitle, Math.max(1, columns - 4))}`);
+      writeLine("");
+    }
+    for (let i = start; i < end; i++) {
+      const item = items[i];
+      if (!item)
+        continue;
+      if (item.separator) {
+        writeLine(`${ANSI.dim}\u2502${ANSI.reset}`);
+        continue;
+      }
+      if (item.kind === "heading") {
+        writeLine(`${ANSI.cyan}\u2502${ANSI.reset}  ${truncateAnsi(`${ANSI.bold}${item.label}${ANSI.reset}`, Math.max(1, columns - 6))}`);
+        continue;
+      }
+      const selected = i === cursor;
+      const cc = colorCode(item.color);
+      let text = selected ? cc ? `${cc}${item.label}${ANSI.reset}` : item.label : `${ANSI.dim}${cc}${item.label}${ANSI.reset}`;
+      if (item.hint)
+        text += ` ${ANSI.dim}${item.hint}${ANSI.reset}`;
+      text = truncateAnsi(text, Math.max(1, columns - 8));
+      const marker = selected ? `${ANSI.green}\u25CF${ANSI.reset}` : `${ANSI.dim}\u25CB${ANSI.reset}`;
+      writeLine(`${ANSI.cyan}\u2502${ANSI.reset}  ${marker} ${text}`);
+    }
+    const windowHint = items.length > end - start ? ` (${start + 1}-${end}/${items.length})` : "";
+    writeLine(`${ANSI.cyan}\u2502${ANSI.reset}  ${ANSI.dim}${options.help ?? `\u2191\u2193 move \xB7 PgUp/PgDn fast \xB7 Enter select \xB7 Esc back${windowHint}`}${ANSI.reset}`);
+    writeLine(`${ANSI.cyan}\u2514${ANSI.reset}`);
+    renderedLines = written;
+  };
+  return new Promise((resolve) => {
+    const wasRaw = stdin2.isRaw ?? false;
+    const cleanup = () => {
+      try {
+        stdin2.removeListener("data", onKey);
+        stdin2.setRawMode(wasRaw);
+        stdin2.pause();
+        stdout2.write(ANSI.show);
+      } catch {
+      }
+      process.removeListener("SIGINT", onSignal);
+    };
+    const onSignal = () => {
+      cleanup();
+      resolve(null);
+    };
+    const nextSelectable = (from, dir) => {
+      let next = from;
+      do {
+        next = (next + dir + items.length) % items.length;
+      } while (!isSelectable(items[next]) && next !== from);
+      return next;
+    };
+    const nearestSelectable = (idx) => {
+      const clamped = Math.max(0, Math.min(items.length - 1, idx));
+      for (let d = 0; d < items.length; d++) {
+        if (clamped + d < items.length && isSelectable(items[clamped + d]))
+          return clamped + d;
+        if (clamped - d >= 0 && isSelectable(items[clamped - d]))
+          return clamped - d;
+      }
+      return cursor;
+    };
+    const page = () => Math.max(1, (stdout2.rows || 24) - 8);
+    const onKey = (data) => {
+      const action = parseKey(data);
+      if (action === "up") {
+        cursor = nextSelectable(cursor, -1);
+        render();
+      } else if (action === "down") {
+        cursor = nextSelectable(cursor, 1);
+        render();
+      } else if (action === "pageup") {
+        cursor = nearestSelectable(cursor - page());
+        render();
+      } else if (action === "pagedown") {
+        cursor = nearestSelectable(cursor + page());
+        render();
+      } else if (action === "home") {
+        cursor = nearestSelectable(0);
+        render();
+      } else if (action === "end") {
+        cursor = nearestSelectable(items.length - 1);
+        render();
+      } else if (action === "enter") {
+        cleanup();
+        resolve(items[cursor]?.value ?? null);
+      } else if (action === "escape") {
+        cleanup();
+        resolve(null);
+      }
+    };
+    process.once("SIGINT", onSignal);
+    try {
+      stdin2.setRawMode(true);
+    } catch {
+      resolve(null);
+      return;
+    }
+    stdin2.resume();
+    stdout2.write(ANSI.hide);
+    render();
+    stdin2.on("data", onKey);
+  });
+}
+// core-auth/dist/ui/prompt.js
+import { createInterface } from "node:readline/promises";
+import { stdin, stdout } from "node:process";
+async function prompt(message) {
+  const rl = createInterface({ input: stdin, output: stdout });
+  try {
+    const answer = await rl.question(message + " ");
+    const trimmed = (answer || "").trim();
+    return trimmed || null;
+  } finally {
+    rl.close();
+  }
+}
+// core-auth/dist/ui/menu-render.js
+async function runMenu(rootBuilder) {
+  if (!isTTY())
+    return;
+  const stack = [rootBuilder];
+  const apply = (a) => {
+    if (!a)
+      return;
+    if (a.push)
+      stack.push(a.push);
+    else if (a.pop)
+      stack.pop();
+    else if (a.close)
+      stack.length = 0;
+  };
+  while (stack.length) {
+    const menu2 = stack[stack.length - 1]();
+    const items = menu2.items.map((it, i) => ({
+      label: it.label,
+      hint: it.hint,
+      color: it.color,
+      kind: it.kind,
+      separator: it.separator,
+      value: i
+    }));
+    const choice = await select(items, { message: menu2.title, subtitle: menu2.subtitle, clearScreen: true });
+    if (choice === null || choice === void 0) {
+      stack.pop();
+      continue;
+    }
+    const item = menu2.items[choice];
+    if (!item || typeof item.run !== "function")
+      continue;
+    let action;
+    try {
+      action = await item.run();
+    } catch (e) {
+      process.stderr.write(String(e) + "\n");
+      continue;
+    }
+    if (action && action.input) {
+      const inp = action.input;
+      if (inp.message)
+        process.stdout.write("\n" + inp.message + "\n");
+      let result;
+      if (inp.background) {
+        const rl = createInterface2({ input: process.stdin, output: process.stdout });
+        const pasteP = rl.question((inp.title || "Input") + ": ").then((t) => ({ paste: (t || "").trim() })).catch(() => ({ paste: null }));
+        const bgP = inp.background.then((account) => ({ bg: account }));
+        result = await Promise.race([pasteP, bgP]);
+        try {
+          rl.close();
+        } catch {
+        }
+      } else {
+        result = { paste: await prompt((inp.title || "Input") + ":") };
+      }
+      if (inp.onClose) {
+        try {
+          inp.onClose();
+        } catch {
+        }
+      }
+      try {
+        if (result.bg)
+          apply(result.bg);
+        else if (result.paste != null && String(result.paste).trim() !== "") {
+          if (inp.pendingLabel)
+            process.stdout.write("\n" + inp.pendingLabel + "\n");
+          apply(await inp.complete(String(result.paste).trim()));
+        }
+      } catch (e) {
+        process.stderr.write(String(e) + "\n");
+      }
+      continue;
+    }
+    apply(action);
+  }
+}
+// core-auth/dist/ui/confirm.js
+async function confirm(message, defaultYes = false) {
+  const items = defaultYes ? [{ label: "Yes", value: true }, { label: "No", value: false }] : [{ label: "No", value: false }, { label: "Yes", value: true }];
+  const result = await select(items, { message });
+  return result ?? false;
+}
+// core-auth/dist/proxy/store.js
+import { existsSync as existsSync6, readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync5, renameSync as renameSync2 } from "fs";
+import { join as join6 } from "path";
+import { randomBytes as randomBytes2 } from "crypto";
+var FILE = "core-auth-proxies.json";
+function storeFile2() {
+  return join6(configFolder(), FILE);
+}
+function empty() {
+  return { version: 1, mode: "disabled", providers: {}, proxies: [], assignments: {}, manualSelection: {} };
+}
+function loadProxyStore() {
+  try {
+    const f = storeFile2();
+    if (existsSync6(f))
+      return { ...empty(), ...JSON.parse(readFileSync4(f, "utf8")) || {} };
+  } catch {
+  }
+  return empty();
+}
+function saveProxyStore(store) {
+  try {
+    if (!existsSync6(configFolder()))
+      mkdirSync5(configFolder(), { recursive: true });
+    const file = storeFile2();
+    const tmp = file + "." + randomBytes2(6).toString("hex") + ".tmp";
+    writeFileSync4(tmp, JSON.stringify(store, null, 2), { encoding: "utf8", mode: 384 });
+    renameSync2(tmp, file);
+  } catch {
+  }
+}
+function updateProxyStore(mutator) {
+  const store = loadProxyStore();
+  mutator(store);
+  saveProxyStore(store);
+  return store;
+}
+// core-auth/dist/proxy/providers.js
+async function getText(url, init) {
+  const aborter = new AbortController();
+  const timer = setTimeout(() => aborter.abort(), 1e4);
+  try {
+    const r = await fetch(url, { ...init || {}, signal: aborter.signal });
+    return r.ok ? await r.text() : "";
+  } catch {
+    return "";
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function linesToProxies(text, provider) {
+  return text.split(/\s+/).map((l) => l.trim()).filter(Boolean).map((hostPort) => ({ url: hostPort.startsWith("http") ? hostPort : "http://" + hostPort, provider }));
+}
+async function proxyscrape() {
+  const text = await getText("https://api.proxyscrape.com/v2/?request=displayproxies&protocol=http&timeout=5000&country=all&ssl=all&anonymity=all");
+  return linesToProxies(text, "proxyscrape");
+}
+async function proxifly() {
+  const text = await getText("https://cdn.jsdelivr.net/gh/proxifly/free-proxy-list@main/proxies/protocols/http/data.txt");
+  return linesToProxies(text, "proxifly");
+}
+async function pubproxy() {
+  const text = await getText("http://pubproxy.com/api/proxy?limit=20&type=http&format=txt");
+  return linesToProxies(text, "pubproxy");
+}
+async function geonix() {
+  const text = await getText("https://cdn.jsdelivr.net/gh/TheSpeedX/PROXY-List@master/http.txt");
+  return linesToProxies(text, "geonix");
+}
+async function iplocate() {
+  const text = await getText("https://cdn.jsdelivr.net/gh/monosans/proxy-list@main/proxies/http.txt");
+  return linesToProxies(text, "iplocate");
+}
+async function keyed(provider, config) {
+  if (!config || !config.key)
+    return [];
+  return [];
+}
+var FREE = { proxyscrape, proxifly, pubproxy, geonix, iplocate };
+var KEYED = ["webshare", "brightdata", "oxylabs", "litport"];
+async function fetchEnabledProxies(providersConfig) {
+  const config = providersConfig || {};
+  const out = [];
+  for (const [name, fn] of Object.entries(FREE)) {
+    if (config[name] && config[name].enabled) {
+      try {
+        out.push(...await fn());
+      } catch {
+      }
+    }
+  }
+  for (const name of KEYED) {
+    if (config[name] && config[name].enabled) {
+      try {
+        out.push(...await keyed(name, config[name]));
+      } catch {
+      }
+    }
+  }
+  return out;
+}
+var PROXY_PROVIDERS = ["manual", ...Object.keys(FREE), ...KEYED];
+// core-auth/dist/proxy/manager.js
+var MAX_ACCOUNTS_PER_PROXY = 3;
+function countAssignments(store, url) {
+  return Object.values(store.assignments || {}).filter((u) => u === url).length;
+}
+function scoreOf(store, proxy) {
+  const s = proxy.stats || {};
+  const checks = s.checks || 0;
+  const failRate = checks ? (s.failures || 0) / checks : 0.5;
+  const inUse = countAssignments(store, proxy.url);
+  return (s.avgLatencyMs || 2e3) / 1e3 + failRate * 10 + (s.ipRateLimitHits || 0) * 20 + inUse * 5 - (proxy.provider === "manual" ? 10 : 0);
+}
+var ProxyManager = class {
+  load() {
+    return loadProxyStore();
+  }
+  getMode() {
+    return this.load().mode || "disabled";
+  }
+  setMode(mode) {
+    updateProxyStore((s) => {
+      s.mode = mode;
+    });
+  }
+  enableProvider(name, on, key) {
+    updateProxyStore((s) => {
+      s.providers[name] = { ...s.providers[name] || {}, enabled: !!on, ...key !== void 0 ? { key } : {} };
+    });
+  }
+  providersConfig() {
+    return this.load().providers || {};
+  }
+  // proxies sorted best-first (lowest score)
+  list() {
+    const store = this.load();
+    return [...store.proxies].map((p) => ({ ...p, score: scoreOf(store, p), inUse: countAssignments(store, p.url) })).sort((a, b) => a.score - b.score);
+  }
+  // global view (account-only proxies are excluded; they show in their account's menu)
+  byProvider() {
+    const groups = {};
+    for (const p of this.list())
+      if (!p.owner)
+        (groups[p.provider] = groups[p.provider] || []).push(p);
+    return groups;
+  }
+  // proxies visible to one account: all global + the account's own
+  accountProxies(accountId) {
+    return this.list().filter((p) => !p.owner || p.owner === accountId);
+  }
+  get(url) {
+    return this.list().find((p) => p.url === url) || null;
+  }
+  // owner set -> account-only (visible + auto-used for that account only); else global
+  addManual(url, owner) {
+    const clean = url.startsWith("http") ? url : "http://" + url;
+    updateProxyStore((s) => {
+      if (!s.proxies.find((p) => p.url === clean))
+        s.proxies.push({ url: clean, provider: "manual", owner: owner || void 0, addedAt: Date.now(), stats: { checks: 0, failures: 0, avgLatencyMs: 0, ipRateLimitHits: 0, lastOkAt: 0 } });
+    });
+    return clean;
+  }
+  remove(url) {
+    updateProxyStore((s) => {
+      s.proxies = s.proxies.filter((p) => p.url !== url);
+      for (const [acc, u] of Object.entries(s.assignments))
+        if (u === url)
+          delete s.assignments[acc];
+      for (const acc of Object.keys(s.manualSelection))
+        s.manualSelection[acc] = (s.manualSelection[acc] || []).filter((u) => u !== url);
+    });
+  }
+  // manual-mode per-account selection (urls from the pool)
+  getAccountSelection(accountId) {
+    return this.load().manualSelection[accountId] || [];
+  }
+  setAccountSelection(accountId, urls) {
+    updateProxyStore((s) => {
+      s.manualSelection[accountId] = urls;
+    });
+  }
+  // pick a proxy url for an account per mode; sticks until freed (rate-limit) or cap-bound
+  selectForAccount(accountId) {
+    const store = this.load();
+    if (store.mode === "disabled")
+      return null;
+    if (store.mode === "manual") {
+      const owned = store.proxies.filter((p) => p.owner === accountId).map((p) => p.url);
+      const pool = [.../* @__PURE__ */ new Set([...store.manualSelection[accountId] || [], ...owned])].filter((u) => store.proxies.find((p) => p.url === u));
+      if (!pool.length)
+        return null;
+      const current2 = store.assignments[accountId];
+      if (current2 && pool.includes(current2))
+        return current2;
+      const chosen2 = pool[0];
+      updateProxyStore((s) => {
+        s.assignments[accountId] = chosen2;
+      });
+      return chosen2;
+    }
+    const current = store.assignments[accountId];
+    if (current && store.proxies.find((p) => p.url === current))
+      return current;
+    const candidates = store.proxies.filter((p) => (!p.owner || p.owner === accountId) && countAssignments(store, p.url) < MAX_ACCOUNTS_PER_PROXY).sort((a, b) => scoreOf(store, a) - scoreOf(store, b));
+    if (!candidates.length)
+      return null;
+    const chosen = candidates[0].url;
+    updateProxyStore((s) => {
+      s.assignments[accountId] = chosen;
+    });
+    return chosen;
+  }
+  // pick a proxy for login traffic before an account exists (no id to bind yet);
+  // returns the best globally-available proxy, or null when none/disabled
+  pickForLogin() {
+    const store = this.load();
+    if (store.mode === "disabled")
+      return null;
+    const candidates = store.proxies.filter((p) => !p.owner && countAssignments(store, p.url) < MAX_ACCOUNTS_PER_PROXY).sort((a, b) => scoreOf(store, a) - scoreOf(store, b));
+    return candidates.length ? candidates[0].url : null;
+  }
+  // stick the login proxy to the account so refresh + requests reuse it; in manual
+  // mode also record it in the account's selection so selectForAccount keeps it
+  bindAccountProxy(accountId, url) {
+    if (!url)
+      return;
+    updateProxyStore((s) => {
+      if (s.mode === "manual") {
+        const selection = s.manualSelection[accountId] || [];
+        if (!selection.includes(url))
+          selection.push(url);
+        s.manualSelection[accountId] = selection;
+      }
+      s.assignments[accountId] = url;
+    });
+  }
+  reportRateLimit(url) {
+    updateProxyStore((s) => {
+      const p = s.proxies.find((x) => x.url === url);
+      if (p) {
+        p.stats = p.stats || {};
+        p.stats.ipRateLimitHits = (p.stats.ipRateLimitHits || 0) + 1;
+        p.stats.lastRateLimitAt = Date.now();
+      }
+      for (const [acc, u] of Object.entries(s.assignments))
+        if (u === url)
+          delete s.assignments[acc];
+    });
+  }
+  reportResult(url, ok, latencyMs) {
+    updateProxyStore((s) => {
+      const p = s.proxies.find((x) => x.url === url);
+      if (!p)
+        return;
+      const st = p.stats = p.stats || { checks: 0, failures: 0, avgLatencyMs: 0, ipRateLimitHits: 0 };
+      st.checks = (st.checks || 0) + 1;
+      if (!ok)
+        st.failures = (st.failures || 0) + 1;
+      else {
+        st.lastOkAt = Date.now();
+        if (typeof latencyMs === "number")
+          st.avgLatencyMs = st.avgLatencyMs ? Math.round(st.avgLatencyMs * 0.7 + latencyMs * 0.3) : latencyMs;
+      }
+    });
+  }
+  async refresh() {
+    const fetched = await fetchEnabledProxies(this.providersConfig());
+    updateProxyStore((s) => {
+      const have = new Set(s.proxies.map((p) => p.url));
+      for (const f of fetched)
+        if (!have.has(f.url)) {
+          s.proxies.push({ url: f.url, provider: f.provider, addedAt: Date.now(), stats: { checks: 0, failures: 0, avgLatencyMs: 0, ipRateLimitHits: 0, lastOkAt: 0 } });
+          have.add(f.url);
+        }
+    });
+    return fetched.length;
+  }
+};
+var proxyManager = new ProxyManager();
+// core-auth/dist/ui/proxy-menu.js
+function fmtScore(n) {
+  return (Math.round(n * 10) / 10).toString();
+}
+async function selectAccountProxies(accountId) {
+  if (!isTTY())
+    return;
+  while (true) {
+    const selected = new Set(proxyManager.getAccountSelection(accountId));
+    const all = proxyManager.accountProxies(accountId);
+    const items = [
+      { label: "Done", value: { t: "done" } },
+      { label: "Add proxy", value: { t: "add" }, color: "cyan" }
+    ];
+    for (const p of all) {
+      const owned = p.owner === accountId;
+      const on = owned || selected.has(p.url);
+      items.push({ label: (on ? "[x] " : "[ ] ") + p.url + (owned ? " (this account)" : ""), hint: p.provider + " \xB7 score " + fmtScore(p.score), value: { t: "toggle", url: p.url, owned } });
+    }
+    const result = await select(items, { message: "Proxies for " + accountId, subtitle: "manual mode \xB7 [x] = used by this account", clearScreen: true });
+    if (!result || result.t === "done")
+      return;
+    if (result.t === "add") {
+      const url = await prompt("Proxy URL (host:port or http://...):");
+      if (!url)
+        continue;
+      const scope = await select([{ label: "Global (all accounts)", value: "global" }, { label: "This account only", value: "account" }], { message: "Proxy visibility", clearScreen: true });
+      if (scope === "account")
+        proxyManager.addManual(url, accountId);
+      else if (scope === "global") {
+        const clean = proxyManager.addManual(url);
+        proxyManager.setAccountSelection(accountId, [...selected, clean]);
+      }
+    } else if (result.t === "toggle") {
+      if (result.owned) {
+        if (await confirm("Remove this account-only proxy?"))
+          proxyManager.remove(result.url);
+      } else {
+        if (selected.has(result.url))
+          selected.delete(result.url);
+        else
+          selected.add(result.url);
+        proxyManager.setAccountSelection(accountId, [...selected]);
+      }
+    }
+  }
+}
+// core-auth/dist/browser.js
+import { spawn } from "node:child_process";
+function openBrowser(url) {
+  if (!url)
+    return;
+  try {
+    const platform = process.platform;
+    const command = platform === "win32" ? "cmd" : platform === "darwin" ? "open" : "xdg-open";
+    const args = platform === "win32" ? ["/c", "start", "", url] : [url];
+    const child = spawn(command, args, { detached: true, stdio: "ignore" });
+    child.on("error", () => {
+    });
+    child.unref();
+  } catch {
+  }
+}
+// core-auth/dist/ui/url-auth.js
+async function buildLoginInput(def) {
+  const flow = await def.loginFlow({ configDir: getConfigDir(), log });
+  openBrowser(flow.url);
+  return {
+    input: {
+      title: "Sign in to " + def.label,
+      message: (flow.instructions || "Approve in your browser, then paste the authorization code here.") + (flow.url ? "\n\n" + flow.url : ""),
+      // shown while complete() runs — the token exchange + project discovery can
+      // take ~10-15s (proxied), so the field reports progress instead of vanishing
+      pendingLabel: "Adding account\u2026 (exchanging the code, this can take a few seconds)",
+      // paste fallback: trade the pasted code/redirect URL for an account
+      complete: async (text) => {
+        await flow.complete(text);
+        return { refresh: true };
+      },
+      // primary path: the loopback listener auto-completes the input when it fires
+      background: flow.loopback ? flow.loopback.then((account) => account ? { refresh: true } : null).catch(() => null) : null,
+      // release the listener when the input is dismissed / superseded
+      onClose: typeof flow.cancel === "function" ? flow.cancel : void 0
+    }
+  };
+}
+// core-auth/dist/ui/settings-menu.js
+function formatValue(field, value) {
+  if (field.type === "bool")
+    return value ? "on" : "off";
+  if (value === void 0 || value === null || value === "")
+    return "default";
+  return String(value);
+}
+function fieldItem(def, field) {
+  const settings = def.settings;
+  const value = settings.get(field.key);
+  const label = field.label + "  [" + formatValue(field, value) + "]";
+  if (field.type === "bool") {
+    return { label, hint: field.hint || "", run: () => {
+      settings.set(field.key, !value);
+      return { refresh: true };
+    } };
+  }
+  if (field.type === "enum") {
+    const options = field.options || [];
+    return { label, hint: field.hint || "", run: () => {
+      const i = options.indexOf(value);
+      settings.set(field.key, options[(i + 1) % options.length]);
+      return { refresh: true };
+    } };
+  }
+  const range = field.type === "number" && (field.min != null || field.max != null) ? "  (range " + (field.min != null ? field.min : "") + "\u2013" + (field.max != null ? field.max : "") + ")" : "";
+  return {
+    label,
+    hint: field.hint || "",
+    run: () => ({ input: {
+      title: field.label,
+      message: (field.hint ? field.hint + "\n\n" : "") + "Current: " + formatValue(field, value) + range + "\n\nEnter a new value (blank resets to default):",
+      complete: (text) => {
+        const t = (text || "").trim();
+        if (t === "") {
+          settings.set(field.key, void 0);
+          return { refresh: true };
+        }
+        if (field.type === "number") {
+          const n = Number(t);
+          if (!isFinite(n))
+            return { refresh: true };
+          if (field.min != null && n < field.min)
+            return { refresh: true };
+          if (field.max != null && n > field.max)
+            return { refresh: true };
+          settings.set(field.key, n);
+        } else {
+          settings.set(field.key, t);
+        }
+        return { refresh: true };
+      }
+    } })
+  };
+}
+function buildSettingsMenu(def, groupIndex) {
+  const groups = def.settings && def.settings.groups || [];
+  if (groupIndex === void 0 && groups.length > 1) {
+    const items2 = [{ label: "Back", run: () => ({ pop: true }) }];
+    groups.forEach((g, i) => items2.push({ label: g.title, hint: (g.fields || []).length + " options", run: () => ({ push: () => buildSettingsMenu(def, i) }) }));
+    return { title: def.label + " \u2014 Settings", subtitle: "Pick a section \xB7 changes apply on restart \xB7 Esc to go back", items: items2 };
+  }
+  const group = groups[groupIndex || 0] || { title: "Settings", fields: [] };
+  const items = [{ label: "Back", run: () => ({ pop: true }) }];
+  for (const field of group.fields)
+    items.push(fieldItem(def, field));
+  return { title: def.label + " \u2014 " + group.title, subtitle: "Enter to change \xB7 blank input resets to default \xB7 applies on restart", items };
+}
+// core-auth/dist/ui/menu-model.js
+function buildProxyDetail(url) {
+  return { title: url, items: [
+    { label: "Back", run: () => ({ pop: true }) },
+    { label: "Remove this proxy", color: "red", suspend: true, run: async () => {
+      if (await confirm("Remove " + url + "?")) {
+        proxyManager.remove(url);
+        return { pop: true };
+      }
+      return { refresh: true };
+    } }
+  ] };
+}
+function buildProxyMenu() {
+  const mode = proxyManager.getMode();
+  const grouped = proxyManager.byProvider() || {};
+  const items = [
+    { label: "Back", run: () => ({ pop: true }) },
+    { label: "Mode: " + mode, color: "cyan", run: () => {
+      const order = ["automatic", "manual", "disabled"];
+      const i = order.indexOf(mode);
+      proxyManager.setMode(order[(i + 1) % order.length]);
+      return { refresh: true };
+    } },
+    { label: "Add proxy", color: "green", run: () => ({ input: { title: "Proxy URL", message: "Enter a proxy (host:port or http://...)", complete: (url) => {
+      proxyManager.addManual(url);
+      return { refresh: true };
+    } } }) },
+    { label: "Refresh from providers", color: "cyan", suspend: true, run: async () => {
+      try {
+        await proxyManager.refresh();
+      } catch {
+      }
+      return { refresh: true };
+    } }
+  ];
+  for (const provider of Object.keys(grouped)) {
+    const list = grouped[provider] || [];
+    if (!list.length)
+      continue;
+    items.push({ label: "", separator: true });
+    items.push({ label: provider + " (" + list.length + ")", kind: "heading" });
+    for (const p of list)
+      items.push({ label: p.url, hint: "score " + (typeof p.score === "number" ? p.score.toFixed(2) : "?") + " \xB7 in-use " + (p.inUse || 0), run: /* @__PURE__ */ ((u) => () => ({ push: () => buildProxyDetail(u) }))(p.url) });
+  }
+  return { title: "Proxies", subtitle: "mode: " + mode + " \xB7 Esc to go back", items };
+}
+var STATUS = {
+  active: "[active]",
+  "rate-limited": "[rate-limited]",
+  "cooling-down": "[cooling]",
+  "verification-required": "[needs verification]",
+  disabled: "[disabled]"
+};
+function modelName(providerId, id) {
+  const cache = readModelCache(providerId);
+  const m = cache && cache.models && cache.models[id];
+  return m && m.name || id;
+}
+function buildAutoModelEdit(def, id) {
+  const providerId = def.id;
+  const { order, excluded, source } = getAutoConfig(providerId);
+  const included = !excluded.includes(id);
+  const pos = order.indexOf(id);
+  const items = [
+    { label: "Back", run: () => ({ pop: true }) },
+    {
+      label: included ? "Exclude" : "Include",
+      color: included ? "yellow" : "green",
+      run: () => {
+        setAutoConfig(providerId, { excluded: included ? [...excluded, id] : excluded.filter((x) => x !== id) });
+        return { pop: true };
+      }
+    }
+  ];
+  if (source === "manual") {
+    items.push({ label: "Move up", run: () => {
+      if (pos > 0) {
+        const n = order.slice();
+        [n[pos - 1], n[pos]] = [n[pos], n[pos - 1]];
+        setAutoConfig(providerId, { order: n });
+      }
+      return { pop: true };
+    } });
+    items.push({ label: "Move down", run: () => {
+      if (pos >= 0 && pos < order.length - 1) {
+        const n = order.slice();
+        [n[pos + 1], n[pos]] = [n[pos], n[pos + 1]];
+        setAutoConfig(providerId, { order: n });
+      }
+      return { pop: true };
+    } });
+  }
+  return { title: modelName(providerId, id), items };
+}
+function buildAutoMenu(def) {
+  const providerId = def.id;
+  const { order, excluded, source, sources } = getAutoConfig(providerId);
+  const current = sources.find((s) => s.id === source) || sources[0] || { id: "manual", label: "Manual" };
+  const items = [];
+  if (sources.length > 1) {
+    items.push({
+      label: "Sort: " + current.label,
+      color: "cyan",
+      run: () => {
+        const i = sources.findIndex((s) => s.id === source);
+        setAutoConfig(providerId, { source: sources[(i + 1) % sources.length].id });
+        return { refresh: true };
+      }
+    });
+  }
+  if (source === "manual")
+    items.push({ label: "Reset to default order", color: "yellow", run: () => {
+      setAutoConfig(providerId, { order: [] });
+      return { refresh: true };
+    } });
+  items.push({ label: "", separator: true });
+  items.push({ label: "Models (top = preferred)", kind: "heading" });
+  order.forEach((id, i) => {
+    const inc = !excluded.includes(id);
+    items.push({ label: (inc ? "[x] " : "[ ] ") + (i + 1) + ". " + modelName(providerId, id), hint: inc ? "" : "excluded", run: () => ({ push: () => buildAutoModelEdit(def, id) }) });
+  });
+  const sub = source === "manual" ? "Tries these top-to-bottom, skipping rate-limited ones. Enter a model to reorder/include." : "Order is automatic (" + current.label + "). Enter a model to include/exclude.";
+  return { title: def.label + " \u2014 Auto model ranking", subtitle: sub, items };
+}
+function buildAccountDetail(def, view) {
+  const controller = def.accounts;
+  const proxies = !!def.proxies;
+  const label = view.email || view.id;
+  const extra = typeof controller.accountActions === "function" ? controller.accountActions(view) : [];
+  const items = [
+    { label: "Back", run: () => ({ pop: true }) },
+    { label: view.enabled === false ? "Enable" : "Disable", color: view.enabled === false ? "green" : "yellow", run: () => {
+      controller.enable(view.id, view.enabled === false);
+      return { pop: true };
+    } }
+  ];
+  if (proxies)
+    items.push({ label: "Select proxies", color: "cyan", suspend: true, run: async () => {
+      await selectAccountProxies(view.id);
+      return { pop: true };
+    } });
+  extra.forEach((a) => items.push({ label: a.label, color: a.color || "cyan", suspend: true, run: async () => {
+    try {
+      await a.run();
+    } catch {
+    }
+    return { pop: true };
+  } }));
+  items.push({ label: "Remove", color: "red", suspend: true, run: async () => {
+    if (await confirm(`Remove ${label}?`)) {
+      controller.remove(view.id);
+      return { pop: true };
+    }
+    return { refresh: true };
+  } });
+  return { title: label + (STATUS[view.status] ? " " + STATUS[view.status] : ""), items };
+}
+function buildAccountMenu(def) {
+  const controller = def.accounts;
+  const proxies = !!def.proxies;
+  const views = controller.list();
+  const extraActions = (typeof controller.actions === "function" ? controller.actions() : []).slice();
+  if (readModelCache(def.id))
+    extraActions.push({ label: "Configure Auto models", color: "cyan", auto: true });
+  const addAccount2 = typeof def.loginFlow === "function" ? { label: "Add account", color: "cyan", run: () => buildLoginInput(def) } : { label: "Add account", color: "cyan", suspend: true, run: async () => {
+    try {
+      await controller.login();
+    } catch (e) {
+      process.stderr.write(String(e) + "\n");
+    }
+    return { refresh: true };
+  } };
+  const items = [{ label: "Actions", kind: "heading" }, addAccount2];
+  if (typeof controller.refreshQuota === "function")
+    items.push({ label: "Refresh quotas", color: "cyan", suspend: true, run: async () => {
+      try {
+        await controller.refreshQuota();
+      } catch {
+      }
+      return { refresh: true };
+    } });
+  if (proxies)
+    items.push({ label: "Manage proxies", color: "cyan", run: () => ({ push: () => buildProxyMenu() }) });
+  if (def.settings && (def.settings.groups || []).length)
+    items.push({ label: "Settings", color: "cyan", run: () => ({ push: () => buildSettingsMenu(def) }) });
+  extraActions.forEach((a) => {
+    if (a.auto)
+      items.push({ label: a.label, color: a.color || "cyan", run: () => ({ push: () => buildAutoMenu(def) }) });
+    else
+      items.push({ label: a.label, color: a.color || "cyan", suspend: true, run: async () => {
+        try {
+          await a.run();
+        } catch (e) {
+          process.stderr.write(String(e) + "\n");
+        }
+        return { refresh: true };
+      } });
+  });
+  items.push({ label: "", separator: true });
+  items.push({ label: `Accounts (${views.length})`, kind: "heading" });
+  for (const view of views) {
+    items.push({ label: `${view.email || view.id}${STATUS[view.status] ? " " + STATUS[view.status] : ""}`, hint: view.detail || "", run: () => ({ push: () => buildAccountDetail(def, view) }) });
+  }
+  if (views.length > 0) {
+    items.push({ label: "", separator: true });
+    items.push({ label: "Delete all accounts", color: "red", suspend: true, run: async () => {
+      if (await confirm("Delete ALL accounts? This cannot be undone.")) {
+        for (const v of controller.list())
+          controller.remove(v.id);
+      }
+      return { refresh: true };
+    } });
+  }
+  return { title: def.label + " accounts", subtitle: "Esc to exit \xB7 Enter an action or account", items, providerLabel: def.label };
+}
+// core-auth/dist/menu.js
+async function runProviderMenu(def) {
+  if (!def || !def.accounts || !isTTY())
+    return;
+  await runMenu(() => buildAccountMenu(def));
+}
+// core-auth/dist/oauth.js
+var ACCESS_TOKEN_EXPIRY_BUFFER_MS = 60 * 1e3;
+function accessTokenExpired(auth) {
+  if (!auth || !auth.access || typeof auth.expires !== "number")
+    return true;
+  return auth.expires <= Date.now() + ACCESS_TOKEN_EXPIRY_BUFFER_MS;
+}
+function calculateTokenExpiry(requestTimeMs, expiresInSeconds) {
+  const seconds = typeof expiresInSeconds === "number" ? expiresInSeconds : 3600;
+  if (isNaN(seconds) || seconds <= 0)
+    return requestTimeMs;
+  return requestTimeMs + seconds * 1e3;
+}
+var TokenRefreshError = class extends Error {
+  constructor(options) {
+    super(options.message);
+    this.name = "TokenRefreshError";
+    this.code = options.code;
+    this.description = options.description;
+    this.status = options.status;
+    this.statusText = options.statusText;
+    this.revoked = options.code === "invalid_grant";
+  }
+};
+function parseOAuthError(text) {
+  if (!text)
+    return {};
+  try {
+    const payload = JSON.parse(text);
+    if (!payload || typeof payload !== "object")
+      return { description: text };
+    let code;
+    if (typeof payload.error === "string")
+      code = payload.error;
+    else if (payload.error && typeof payload.error === "object") {
+      code = payload.error.status || payload.error.code;
+      if (!payload.error_description && payload.error.message)
+        return { code, description: payload.error.message };
+    }
+    if (payload.error_description)
+      return { code, description: payload.error_description };
+    if (payload.error && typeof payload.error === "object" && payload.error.message)
+      return { code, description: payload.error.message };
+    return { code };
+  } catch {
+    return { description: text };
+  }
+}
+async function refreshAccessToken(refreshToken, opts) {
+  if (!refreshToken)
+    return void 0;
+  const startTime = Date.now();
+  const params = {
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+    client_id: opts.clientId
+  };
+  if (opts.clientSecret)
+    params.client_secret = opts.clientSecret;
+  Object.assign(params, opts.extraParams || {});
+  const init = {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams(params)
+  };
+  if (opts.proxy)
+    init.proxy = opts.proxy;
+  let response;
+  try {
+    response = await fetch(opts.tokenUrl, init);
+  } catch (err) {
+    const message = String(err && err.message || err);
+    if (init.proxy && /unable to connect|failed to connect|could not connect|fetch failed|ECONNREFUSED|ECONNRESET|ETIMEDOUT|ENOTFOUND|EHOSTUNREACH|EAI_AGAIN|socket|proxy|tunnel|network/i.test(message)) {
+      delete init.proxy;
+      response = await fetch(opts.tokenUrl, init);
+    } else {
+      throw err;
+    }
+  }
+  if (!response.ok) {
+    let errorText;
+    try {
+      errorText = await response.text();
+    } catch {
+      errorText = void 0;
+    }
+    const { code, description } = parseOAuthError(errorText);
+    const details = [code, description || errorText].filter(Boolean).join(": ");
+    const base = "OAuth token refresh failed (" + response.status + " " + response.statusText + ")";
+    throw new TokenRefreshError({
+      message: details ? base + " - " + details : base,
+      code,
+      description: description || errorText,
+      status: response.status,
+      statusText: response.statusText
+    });
+  }
+  const payload = await response.json();
+  return {
+    access: payload.access_token,
+    expires: calculateTokenExpiry(startTime, payload.expires_in),
+    refresh: payload.refresh_token || refreshToken
+  };
+}
+// core-auth/dist/ratelimit.js
+function isEnabled(account) {
+  return account.enabled !== false;
+}
+function isCoolingDown(account, now) {
+  return typeof account.coolingDownUntil === "number" && account.coolingDownUntil > now;
+}
+function isLaneRateLimited(account, lane, now) {
+  if (!lane || !account.rateLimitResetTimes)
+    return false;
+  const until = account.rateLimitResetTimes[lane];
+  return typeof until === "number" && until > now;
+}
+function isAvailable(account, lane, now) {
+  if (!isEnabled(account))
+    return false;
+  if (isCoolingDown(account, now))
+    return false;
+  if (lane && isLaneRateLimited(account, lane, now))
+    return false;
+  return true;
+}
+function availableAt(account, lane, now) {
+  if (!isEnabled(account))
+    return Infinity;
+  let t = 0;
+  if (typeof account.coolingDownUntil === "number")
+    t = Math.max(t, account.coolingDownUntil);
+  if (lane && account.rateLimitResetTimes && typeof account.rateLimitResetTimes[lane] === "number") {
+    t = Math.max(t, account.rateLimitResetTimes[lane]);
+  }
+  return Math.max(t, now);
+}
+function calculateBackoffMs(attempt, opts) {
+  const base = opts && opts.baseMs || 1e3;
+  const max = opts && opts.maxMs || 5 * 60 * 1e3;
+  const raw = Math.min(max, base * Math.pow(2, Math.max(0, attempt)));
+  if (opts && opts.jitter === false)
+    return raw;
+  return Math.floor(raw / 2 + Math.random() * (raw / 2));
+}
+// core-auth/dist/selection.js
+function laneCursor(pool, lane) {
+  if (lane && pool.activeIndexByLane && typeof pool.activeIndexByLane[lane] === "number")
+    return pool.activeIndexByLane[lane];
+  return pool.activeIndex || 0;
+}
+function setLaneCursor(pool, lane, index) {
+  if (lane) {
+    pool.activeIndexByLane = pool.activeIndexByLane || {};
+    pool.activeIndexByLane[lane] = index;
+  } else {
+    pool.activeIndex = index;
+  }
+}
+function firstAvailableFrom(pool, start, lane, now, available) {
+  const n = pool.accounts.length;
+  for (let step = 0; step < n; step++) {
+    const i = (start + step) % n;
+    if (available(pool.accounts[i], lane, now))
+      return i;
+  }
+  return -1;
+}
+function soonestFree(pool, lane, now) {
+  let best = -1, bestAt = Infinity;
+  for (let i = 0; i < pool.accounts.length; i++) {
+    const at = availableAt(pool.accounts[i], lane, now);
+    if (at < bestAt) {
+      bestAt = at;
+      best = i;
+    }
+  }
+  return best;
+}
+function selectIndex(pool, lane, now, strategy, available) {
+  const n = pool.accounts.length;
+  if (n === 0)
+    return -1;
+  const isFree = available || isAvailable;
+  const cursor = laneCursor(pool, lane);
+  const strat = strategy || "hybrid";
+  if (strat === "round-robin") {
+    const i2 = firstAvailableFrom(pool, (cursor + 1) % n, lane, now, isFree);
+    if (i2 >= 0)
+      setLaneCursor(pool, lane, i2);
+    return i2;
+  }
+  if (cursor >= 0 && cursor < n && isFree(pool.accounts[cursor], lane, now))
+    return cursor;
+  const i = firstAvailableFrom(pool, cursor, lane, now, isFree);
+  if (i >= 0) {
+    setLaneCursor(pool, lane, i);
+    return i;
+  }
+  if (strat === "hybrid") {
+    const best = soonestFree(pool, lane, now);
+    if (best >= 0)
+      setLaneCursor(pool, lane, best);
+    return best;
+  }
+  return -1;
+}
+// core-auth/dist/manager.js
+function oauthWithProxy(oauth, id) {
+  const proxy = proxyManager.selectForAccount(id);
+  return proxy ? { ...oauth, proxy } : oauth;
+}
+var AccountManager = class {
+  constructor(providerId, opts) {
+    this.providerId = providerId;
+    const options = opts || {};
+    this.strategy = options.selection || "hybrid";
+    this.oauth = options.oauth || null;
+    this.backoff = options.backoff || {};
+    this.store = options.store || null;
+    this.extraAvailable = typeof options.isAvailable === "function" ? options.isAvailable : null;
+    this.available = (account, lane, now) => isAvailable(account, lane, now) && (!this.extraAvailable || this.extraAvailable(account, lane, now));
+  }
+  load() {
+    return loadAccounts(this.providerId, this.store);
+  }
+  save(pool) {
+    saveAccounts(this.providerId, pool, this.store);
+  }
+  list() {
+    return this.load().accounts;
+  }
+  // selection + lastUsed claim run under the store lock; the network token refresh runs outside it so a slow refresh never blocks other writers.
+  async acquire(lane) {
+    const now = Date.now();
+    let claimedId = null;
+    updateAccounts(this.providerId, (pool) => {
+      const index = selectIndex(pool, lane, now, this.strategy, this.available);
+      if (index < 0)
+        return;
+      const account2 = pool.accounts[index];
+      if (!this.available(account2, lane, now))
+        return;
+      account2.lastUsed = now;
+      claimedId = account2.id;
+    }, this.store);
+    if (!claimedId)
+      return null;
+    const access = await this.ensureAccess(claimedId);
+    const account = this.load().accounts.find((candidate) => candidate.id === claimedId);
+    return { account, access };
+  }
+  // a revoked refresh token disables the account so selection skips it.
+  async ensureAccess(id) {
+    const account = this.load().accounts.find((candidate) => candidate.id === id);
+    if (!account)
+      return void 0;
+    if (!accessTokenExpired(account))
+      return account.access;
+    if (!this.oauth || !account.refresh)
+      return account.access;
+    try {
+      const refreshed = await refreshAccessToken(account.refresh, oauthWithProxy(this.oauth, id));
+      this.mutate(id, (a) => {
+        a.access = refreshed.access;
+        a.expires = refreshed.expires;
+        if (refreshed.refresh)
+          a.refresh = refreshed.refresh;
+      });
+      return refreshed.access;
+    } catch (error) {
+      if (error instanceof TokenRefreshError && error.revoked) {
+        this.mutate(id, (a) => {
+          a.enabled = false;
+          a.cooldownReason = "refresh token revoked";
+        });
+      }
+      throw error;
+    }
+  }
+  reportRateLimit(id, lane, resetMs) {
+    this.mutate(id, (account) => {
+      account.rateLimitResetTimes = account.rateLimitResetTimes || {};
+      account.rateLimitResetTimes[lane] = resetMs;
+    });
+  }
+  reportError(id, attempt, reason) {
+    const ms = calculateBackoffMs(attempt || 0, this.backoff);
+    this.mutate(id, (account) => {
+      account.coolingDownUntil = Date.now() + ms;
+      account.cooldownReason = reason || "transient error";
+    });
+  }
+  reportSuccess(id) {
+    this.mutate(id, (account) => {
+      account.coolingDownUntil = 0;
+      account.cooldownReason = null;
+      account.lastUsed = Date.now();
+    });
+  }
+  nextAvailableAt(lane) {
+    const now = Date.now();
+    let best = Infinity;
+    for (const account of this.load().accounts)
+      best = Math.min(best, availableAt(account, lane, now));
+    return best === Infinity ? null : best;
+  }
+  mutate(id, fn) {
+    updateAccounts(this.providerId, (pool) => {
+      const account = pool.accounts.find((candidate) => candidate.id === id);
+      if (account)
+        fn(account);
+    }, this.store);
+  }
+  remove(id) {
+    removeAccount(this.providerId, id, this.store);
+  }
+  // force a token refresh regardless of expiry (manual "refresh token" action)
+  async refresh(id) {
+    const account = this.load().accounts.find((candidate) => candidate.id === id);
+    if (!account || !this.oauth || !account.refresh)
+      return false;
+    const refreshed = await refreshAccessToken(account.refresh, oauthWithProxy(this.oauth, id));
+    this.mutate(id, (a) => {
+      a.access = refreshed.access;
+      a.expires = refreshed.expires;
+      if (refreshed.refresh)
+        a.refresh = refreshed.refresh;
+    });
+    return true;
+  }
+};
+// core-auth/dist/controller.js
+function defaultStatus(account, now) {
+  if (account.enabled === false)
+    return "disabled";
+  if (isCoolingDown(account, now))
+    return "cooling-down";
+  const lanes = account.rateLimitResetTimes || {};
+  if (Object.values(lanes).some((reset) => typeof reset === "number" && reset > now))
+    return "rate-limited";
+  return "active";
+}
+function accountControllerFromManager(manager, opts) {
+  const options = opts || {};
+  return {
+    list() {
+      const now = Date.now();
+      return manager.list().map((account) => ({
+        id: account.id,
+        email: account.email,
+        enabled: account.enabled !== false,
+        lastUsed: account.lastUsed,
+        status: options.status ? options.status(account, now) : defaultStatus(account, now),
+        detail: options.detail ? options.detail(account, now) : void 0,
+        quota: options.quota ? options.quota(account) : void 0
+      }));
+    },
+    enable(id, on) {
+      manager.mutate(id, (account) => {
+        account.enabled = !!on;
+      });
+    },
+    remove(id) {
+      manager.remove(id);
+    },
+    login: options.login || (async () => null),
+    refreshQuota: options.refreshQuota,
+    actions: options.actions,
+    accountActions: options.accountActions
+  };
+}
 // src/driver.ts
+var accountManager = new AccountManager("stub", {});
+function stubAddAccount() {
+  const n = accountManager.list().length + 1;
+  const account = { id: "stub-" + n + "@example.com", email: "stub-" + n + "@example.com", refresh: "stub-refresh-" + n, addedAt: Date.now(), lastUsed: 0, enabled: true };
+  addAccount("stub", account);
+  return account;
+}
 var STUB_TEXT = "Hello from stub-auth \u2014 the core-auth pipeline works end to end.";
 function stubText(model) {
   return STUB_TEXT + " (served by " + model + ")";
@@ -44,11 +1662,23 @@ var driver = {
       return new Response(streamBody(model), { status: 200, headers: { "content-type": "text/event-stream" } });
     }
     return new Response(JSON.stringify(jsonBody(model)), { status: 200, headers: { "content-type": "application/json" } });
-  }
+  },
+  loginFlow: async () => ({ url: "https://example.com/stub-login", instructions: "Stub login (no real OAuth) \u2014 completes immediately.", complete: async () => stubAddAccount() }),
+  accounts: accountControllerFromManager(accountManager, { login: async () => {
+    const a = stubAddAccount();
+    return { id: a.id, email: a.email, status: "active", enabled: true };
+  } }),
+  proxies: true
 };
 // src/handler.ts
 var handle = driver.handle;
+var accounts = driver.accounts;
+var menu = () => runProviderMenu(driver);
+var menuModel = () => buildAccountMenu(driver);
 export {
-  handle
+  accounts,
+  handle,
+  menu,
+  menuModel
 };