takomi 2.1.25 → 2.1.26

package/.pi/extensions/oauth-router/README.md

@@ -11,11 +11,16 @@ Pi extension that auto-loads and registers an `oauth-router` provider with multi
 - supports account commands:
   - `/router-login add`
   - `/router-login list`
-  - `/router-login remove <id>`
-  - `/router-login refresh <id>`
+  - `/router-login remove [id]` / `/router-delete [id]`
+  - `/router-login rename [id] [label]` / `/router-rename [id] [label]`
+  - `/router-login relogin [id]` / `/router-relogin [id]`
+  - `/router-login refresh [id]`
   - `/router-status`
-  - `/router-enable <id>`
-  - `/router-disable <id>`
+  - `/router-usage [id]` / `/router-quota [id]`
+  - `/router-usage-raw [id]`
+  - `/router-refresh-usage [id|all]`
+  - `/router-enable [id]`
+  - `/router-disable [id]`
   - `/router-policy <name>`
 - routes across healthy accounts with:
   - round robin
@@ -50,8 +55,9 @@ Edit `~/.pi/agent/oauth-router/config.json` to add more upstreams, swap endpoint
 3. Add an account:
    - OAuth: `/router-login add chatgpt-codex`
    - API key fallback: `/router-login add openai-compatible`
-4. Check state:
+4. Check state and local usage windows:
    - `/router-status`
+   - `/router-usage`
 5. Select a model:
    - `oauth-router/gpt-5.4`
    - `oauth-router/gpt-4o`
@@ -88,15 +94,20 @@ Shape:
 }
 ```
 
-Health state lives separately in:
+Health and local usage state live separately in:
 
 - `~/.pi/agent/oauth-router/state.json`
 
+The router records successful request usage per account for rolling local 5-hour and weekly windows. These are router-observed counters only. `/router-refresh-usage [id|all]` now also probes configured authenticated provider endpoints for ChatGPT/Codex quota windows, then falls back to safe token claims such as account id, token expiry, issuer, subject, and available claim keys. `/router-usage` shows a compact visual quota view; `/router-usage-raw [id]` shows detailed/raw provider data. Provider-side quota counters depend on undocumented upstream endpoints and may change; they are not normally present in the OAuth token itself.
+
+Most account commands accept an optional account ID. When run in the Pi UI without an ID, the extension opens an account picker instead of dumping the same account list repeatedly.
+
 ## Security notes
 
 - credentials are stored separately from health state
 - files are written with restrictive permissions where the OS allows it
 - command output redacts secrets
+- token inspection reports metadata/claim keys only, not raw access or refresh tokens
 - the extension does not log access or refresh tokens
 
 ## Known limitations
@@ -105,6 +116,8 @@ Health state lives separately in:
 - the shipped OAuth adapter reuses Pi's built-in `openai-codex` OAuth implementation; generic OpenAI-compatible upstream OAuth still requires provider-specific adapters
 - safe failover only happens before meaningful output is emitted; no unsafe mid-stream account switching is attempted
 - API key fallback is supported, but OAuth remains the primary path for subscription-style upstreams
+- duplicate OAuth identities are detected after login and converted into an existing-account credential update unless explicitly allowed, because the same underlying refresh token lineage can invalidate another router/client session
+- local 5-hour/weekly usage windows are not provider quota truth; they only count requests that went through this router
 
 ## Validation
 

package/.pi/extensions/oauth-router/commands.ts

@@ -1,6 +1,6 @@
 import type { ExtensionAPI, ExtensionCommandContext } from "@mariozechner/pi-coding-agent";
 import { createAccountFromUpstream } from "./oauth-flow.ts";
-import type { RouterStatusRow, RoutingPolicyName } from "./types.ts";
+import type { RouterStatusRow, RouterUsageSummary, RouterUsageWindowSummary, RoutingPolicyName, StoredRouterAccount } from "./types.ts";
 import { RouterRuntime } from "./provider.ts";
 
 function formatWhen(timestamp?: number): string {
@@ -42,6 +42,14 @@ function isHealthy(row: RouterStatusRow): boolean {
   return true;
 }
 
+function formatHealth(row: RouterStatusRow): string {
+  if (isHealthy(row)) return "healthy";
+  if (row.authHealth !== "ok") return `auth=${row.authHealth}`;
+  if (row.cooldownUntil && row.cooldownUntil > Date.now()) return `cooldown ${formatRelative(row.cooldownUntil)}`;
+  if (row.penaltyUntil && row.penaltyUntil > Date.now()) return `penalty ${formatRelative(row.penaltyUntil)}`;
+  return "inactive";
+}
+
 export function formatStatusReport(runtime: RouterRuntime): string {
   const config = runtime.getConfig();
   const rows = runtime.getStatusRows();
@@ -83,15 +91,7 @@ export function formatStatusReport(runtime: RouterRuntime): string {
         .map((row) => {
           const account = accountsById.get(row.id);
           const plan = typeof account?.meta?.planType === "string" ? account.meta.planType : "unknown";
-          const health = isHealthy(row)
-            ? "healthy"
-            : row.authHealth !== "ok"
-              ? `auth=${row.authHealth}`
-              : row.cooldownUntil && row.cooldownUntil > Date.now()
-                ? `cooldown ${formatRelative(row.cooldownUntil)}`
-                : row.penaltyUntil && row.penaltyUntil > Date.now()
-                  ? `penalty ${formatRelative(row.penaltyUntil)}`
-                  : "inactive";
+          const health = formatHealth(row);
 
           return [
             `- ${row.id} | ${row.label} | plan=${plan}`,
@@ -118,6 +118,149 @@ export function formatStatusReport(runtime: RouterRuntime): string {
   ].join("\n");
 }
 
+export function formatAccountsReport(runtime: RouterRuntime): string {
+  const rows = runtime.getStatusRows();
+  const accounts = rows.length
+    ? [...rows]
+        .sort((a, b) => a.label.localeCompare(b.label))
+        .map((row) => {
+          const lastUsed = row.lastUsedAt ? formatAgo(row.lastUsedAt) : "never";
+          return `- ${row.id} | ${row.label} | enabled=${row.enabled} | weight=${row.weight} | state=${formatHealth(row)} | lastUsed=${lastUsed} | 429s=${row.rateLimitCount} | authFailures=${row.authFailureCount}`;
+        })
+    : ["- No accounts configured yet. Use /router-login add."];
+
+  return [
+    "# oauth-router accounts",
+    "",
+    "Compact account list. Use /router-status for full routing details and /router-usage for usage windows.",
+    "",
+    ...accounts,
+  ].join("\n");
+}
+
+function formatNumber(value: number): string {
+  return Math.round(value).toLocaleString();
+}
+
+function formatCost(value: number): string {
+  if (!value) return "$0";
+  return `$${value.toFixed(value < 0.01 ? 6 : 4)}`;
+}
+
+function formatUsageWindow(window: RouterUsageWindowSummary): string {
+  return `${window.label}: ${window.requests} req | tokens=${formatNumber(window.totalTokens)} input=${formatNumber(window.input)} output=${formatNumber(window.output)} cache=${formatNumber(window.cacheRead + window.cacheWrite)} cost=${formatCost(window.costTotal)}`;
+}
+
+function findDuplicateAccount(account: StoredRouterAccount, accounts: StoredRouterAccount[]): StoredRouterAccount | undefined {
+  const accountId = typeof account.meta?.accountId === "string" ? account.meta.accountId : undefined;
+  if (!accountId) return undefined;
+  return accounts.find((candidate) => {
+    const candidateAccountId = typeof candidate.meta?.accountId === "string" ? candidate.meta.accountId : undefined;
+    return candidate.provider === account.provider && candidate.upstreamId === account.upstreamId && candidateAccountId === accountId;
+  });
+}
+
+async function shouldReplaceDuplicateAccount(ctx: ExtensionCommandContext, duplicate: StoredRouterAccount): Promise<boolean> {
+  const message = `This OAuth identity already exists as ${duplicate.id} (${duplicate.label}). Keeping both entries can make refresh tokens fight each other.`;
+  if (!ctx.hasUI) return true;
+  return ctx.ui.confirm("Duplicate OAuth account detected", `${message}\n\nUpdate the existing account with these new credentials instead?`);
+}
+
+function quotaBar(percent?: number, width = 18): string {
+  if (percent === undefined || !Number.isFinite(percent)) return "[??????????????????]";
+  const value = Math.max(0, Math.min(100, Math.round(percent)));
+  const filled = Math.round((value / 100) * width);
+  return `[${"█".repeat(filled)}${"░".repeat(width - filled)}]`;
+}
+
+function formatProviderQuota(window: { label: string; used?: number; limit?: number; remaining?: number; percentRemaining?: number; resetAt?: number }): string {
+  const pct = window.percentRemaining !== undefined ? Math.round(window.percentRemaining) : undefined;
+  const extra = [
+    window.remaining !== undefined ? `remaining=${formatNumber(window.remaining)}` : undefined,
+    window.used !== undefined ? `used=${formatNumber(window.used)}` : undefined,
+    window.limit !== undefined ? `limit=${formatNumber(window.limit)}` : undefined,
+  ].filter(Boolean).join(" | ");
+  const reset = window.resetAt ? `reset ${formatRelative(window.resetAt)}` : "reset unknown";
+  return `${window.label.padEnd(6)} ${quotaBar(pct)} ${pct ?? "?"}% left | ${reset}${extra ? ` | ${extra}` : ""}`;
+}
+
+function formatProviderVisual(summary: RouterUsageSummary): string[] {
+  const provider = summary.provider;
+  if (!provider) return ["Provider: not refreshed yet — run /router-refresh-usage all"];
+  const plan = provider.planType ? provider.planType.toUpperCase() : "UNKNOWN";
+  const fetched = formatAgo(provider.fetchedAt);
+  return [
+    `Provider: ${plan} | ${provider.source} | refreshed ${fetched}`,
+    provider.fiveHour ? formatProviderQuota(provider.fiveHour) : "5h     [n/a] no provider window returned",
+    provider.weekly ? formatProviderQuota(provider.weekly) : "weekly [n/a] no provider window returned",
+  ];
+}
+
+function formatProviderRaw(summary: RouterUsageSummary): string[] {
+  const provider = summary.provider;
+  if (!provider) return ["provider: not inspected yet; run /router-refresh-usage <id>"];
+  const identity = [
+    provider.planType ? `plan=${provider.planType}` : undefined,
+    provider.accountId ? `account=${provider.accountId}` : undefined,
+    provider.email ? `email=${provider.email}` : undefined,
+    provider.subject ? `sub=${provider.subject}` : undefined,
+  ].filter(Boolean);
+  return [
+    `provider: ${provider.source} | fetched=${formatLastUsedSummary(provider.fetchedAt)}`,
+    identity.length > 0 ? `identity: ${identity.join(" | ")}` : "identity: no readable identity claims",
+    provider.fiveHour ? formatProviderQuota(provider.fiveHour) : undefined,
+    provider.weekly ? formatProviderQuota(provider.weekly) : undefined,
+    provider.endpoint ? `endpoint: ${provider.endpoint} | status=${provider.status ?? "-"}` : undefined,
+    provider.rateLimitHeaders && Object.keys(provider.rateLimitHeaders).length > 0 ? `headers: ${Object.entries(provider.rateLimitHeaders).map(([key, value]) => `${key}=${value}`).join(" | ")}` : undefined,
+    `tokenExpires=${formatWhen(provider.expires)}`,
+    provider.message ? `note: ${provider.message}` : undefined,
+    provider.claimKeys?.length ? `claimKeys: ${provider.claimKeys.join(", ")}` : undefined,
+  ].filter((line): line is string => Boolean(line));
+}
+
+export function formatUsageReport(runtime: RouterRuntime, accountId?: string): string {
+  const accounts = runtime.listAccounts();
+  const accountMap = new Map(accounts.map((account) => [account.id, account]));
+  const summaries = accountId ? [runtime.getUsageSummary(accountId)] : runtime.getUsageSummaries();
+
+  const rows = summaries.length
+    ? summaries.map((summary) => {
+        const account = accountMap.get(summary.accountId);
+        const title = account ? `${account.label} (${summary.accountId})` : summary.accountId;
+        return [
+          `## ${title}`,
+          ...formatProviderVisual(summary),
+          `Local: ${summary.fiveHour.requests} req / ${formatNumber(summary.fiveHour.totalTokens)} tokens in 5h · ${summary.weekly.requests} req / ${formatNumber(summary.weekly.totalTokens)} tokens weekly`,
+          `Raw: /router-usage-raw ${summary.accountId}`,
+        ].join("\n");
+      })
+    : ["No accounts configured yet. Use /router-login add."];
+
+  return [
+    "# oauth-router usage",
+    "",
+    "Provider bars show OpenAI/Codex reported quota remaining. Local line shows only traffic routed through this extension.",
+    "",
+    ...rows,
+  ].join("\n");
+}
+
+export function formatUsageRawReport(runtime: RouterRuntime, accountId?: string): string {
+  const accounts = runtime.listAccounts();
+  const accountMap = new Map(accounts.map((account) => [account.id, account]));
+  const summaries = accountId ? [runtime.getUsageSummary(accountId)] : runtime.getUsageSummaries();
+  const rows = summaries.map((summary) => {
+    const account = accountMap.get(summary.accountId);
+    return [
+      `## ${account ? `${account.label} (${summary.accountId})` : summary.accountId}`,
+      formatUsageWindow(summary.fiveHour),
+      formatUsageWindow(summary.weekly),
+      ...formatProviderRaw(summary),
+    ].filter((line): line is string => Boolean(line)).join("\n");
+  });
+  return ["# oauth-router usage raw", "", ...rows].join("\n");
+}
+
 function emitReport(pi: ExtensionAPI, text: string) {
   pi.sendMessage({
     customType: "oauth-router",
@@ -150,6 +293,51 @@ async function pickUpstream(runtime: RouterRuntime, ctx: ExtensionCommandContext
   return selected;
 }
 
+function formatAccountChoice(account: StoredRouterAccount, row?: RouterStatusRow): string {
+  return `${account.id} — ${account.label} — enabled=${row?.enabled ?? account.enabled} — weight=${row?.weight ?? account.weight} — state=${row ? formatHealth(row) : "unknown"}`;
+}
+
+async function pickAccount(runtime: RouterRuntime, ctx: ExtensionCommandContext, requestedId?: string, title = "Choose an account"): Promise<StoredRouterAccount> {
+  const accounts = runtime.listAccounts();
+  if (accounts.length === 0) throw new Error("No accounts configured yet. Use /router-login add.");
+
+  if (requestedId) {
+    const matched = accounts.find((account) => account.id === requestedId);
+    if (!matched) throw new Error(`Unknown account: ${requestedId}`);
+    return matched;
+  }
+
+  if (!ctx.hasUI) throw new Error("Account id required. Run /router-accounts to see available accounts.");
+
+  const rows = new Map(runtime.getStatusRows().map((row) => [row.id, row]));
+  const choice = await ctx.ui.select(
+    title,
+    accounts.map((account) => formatAccountChoice(account, rows.get(account.id))),
+  );
+  if (!choice) throw new Error("Cancelled by user");
+  const id = choice.split(" — ")[0]?.trim();
+  const selected = accounts.find((account) => account.id === id);
+  if (!selected) throw new Error(`Unknown account: ${id}`);
+  return selected;
+}
+
+async function pickUsageTarget(runtime: RouterRuntime, ctx: ExtensionCommandContext, requestedId?: string): Promise<"all" | string> {
+  if (requestedId === "all") return "all";
+  if (requestedId) return (await pickAccount(runtime, ctx, requestedId)).id;
+  if (!ctx.hasUI) throw new Error("Usage: /router-refresh-usage <id|all>");
+
+  const accounts = runtime.listAccounts();
+  if (accounts.length === 0) throw new Error("No accounts configured yet. Use /router-login add.");
+  const rows = new Map(runtime.getStatusRows().map((row) => [row.id, row]));
+  const allLabel = "all — refresh all accounts";
+  const choice = await ctx.ui.select("Refresh usage metadata for", [allLabel, ...accounts.map((account) => formatAccountChoice(account, rows.get(account.id)))]);
+  if (!choice) throw new Error("Cancelled by user");
+  if (choice === allLabel) return "all";
+  const id = choice.split(" — ")[0]?.trim();
+  if (!id) throw new Error("No account selected");
+  return id;
+}
+
 async function getLabel(ctx: ExtensionCommandContext, fallback: string, provided?: string) {
   if (provided && provided.trim()) return provided.trim();
   if (!ctx.hasUI) return fallback;
@@ -157,6 +345,15 @@ async function getLabel(ctx: ExtensionCommandContext, fallback: string, provided
   return response?.trim() || fallback;
 }
 
+async function getRequiredLabel(ctx: ExtensionCommandContext, fallback: string, provided?: string) {
+  if (provided && provided.trim()) return provided.trim();
+  if (!ctx.hasUI) throw new Error("Account label required");
+  const response = await ctx.ui.input("Account label:", fallback);
+  const label = response?.trim();
+  if (!label) throw new Error("Account label cannot be empty");
+  return label;
+}
+
 function normalizePolicy(input?: string): RoutingPolicyName | undefined {
   if (!input) return undefined;
   const value = input.trim().toLowerCase();
@@ -179,15 +376,6 @@ function setFooterStatus(ctx: ExtensionCommandContext, runtime: RouterRuntime) {
   ctx.ui.setStatus("oauth-router", `oauth-router ${healthy}/${rows.length || 0} healthy | ${runtime.getPolicy()}`);
 }
 
-function getAccountUsageLines(runtime: RouterRuntime): string[] {
-  const rows = runtime.getStatusRows();
-  if (rows.length === 0) {
-    return ["No accounts configured yet. Use /router-login add."];
-  }
-
-  return rows.map((row) => `- ${row.id} | ${row.label} | enabled=${row.enabled} | weight=${row.weight}`);
-}
-
 function showCommandHint(pi: ExtensionAPI, ctx: ExtensionCommandContext, title: string, lines: string[]) {
   emitReport(pi, [`# ${title}`, "", ...lines].join("\n"));
   ctx.ui.notify(title, "info");
@@ -198,35 +386,90 @@ async function handleRouterLogin(pi: ExtensionAPI, runtime: RouterRuntime, args:
 
   switch (command) {
     case "add": {
+      const allowDuplicate = rest.includes("--allow-duplicate");
+      const labelParts = rest.filter((part) => part !== "--allow-duplicate");
       const upstream = await pickUpstream(runtime, ctx, first);
-      const label = await getLabel(ctx, `${upstream.label} ${runtime.listAccounts().length + 1}`, rest.join(" "));
+      const label = await getLabel(ctx, `${upstream.label} ${runtime.listAccounts().length + 1}`, labelParts.join(" "));
       const account = await createAccountFromUpstream(upstream, label, ctx);
+      const duplicate = findDuplicateAccount(account, runtime.listAccounts());
+      if (duplicate && !allowDuplicate) {
+        const replace = await shouldReplaceDuplicateAccount(ctx, duplicate);
+        if (!replace) throw new Error("Cancelled duplicate account add");
+        runtime.updateAccount({
+          ...duplicate,
+          access: account.access,
+          refresh: account.refresh,
+          expires: account.expires,
+          meta: account.meta,
+          updatedAt: Date.now(),
+        });
+        runtime.clearAccountHealth(duplicate.id);
+        await runtime.refreshUsageSnapshot(duplicate.id);
+        setFooterStatus(ctx, runtime);
+        emitReport(pi, `Updated existing account ${duplicate.id} (${duplicate.label}) with fresh credentials instead of adding a duplicate.`);
+        return;
+      }
       runtime.addAccount(account);
+      await runtime.refreshUsageSnapshot(account.id);
       setFooterStatus(ctx, runtime);
       emitReport(pi, `Added account ${account.id} (${account.label}) for upstream ${upstream.id}.`);
       ctx.ui.notify(`Added ${account.id}`, "info");
       return;
     }
     case "list": {
-      const report = formatStatusReport(runtime);
-      emitReport(pi, report);
+      emitReport(pi, formatAccountsReport(runtime));
       setFooterStatus(ctx, runtime);
       return;
     }
+    case "delete":
     case "remove": {
-      if (!first) throw new Error("Usage: /router-login remove <id>");
+      const account = await pickAccount(runtime, ctx, first, "Choose account to delete");
       if (ctx.hasUI) {
-        const ok = await ctx.ui.confirm("Remove account?", `Delete router account ${first}?`);
+        const ok = await ctx.ui.confirm("Remove account?", `Delete router account ${account.id} (${account.label})? This removes stored tokens and usage state for that router account.`);
         if (!ok) throw new Error("Cancelled by user");
       }
-      runtime.removeAccount(first);
+      runtime.removeAccount(account.id);
       setFooterStatus(ctx, runtime);
-      emitReport(pi, `Removed account ${first}.`);
+      emitReport(pi, `Removed account ${account.id}.`);
+      return;
+    }
+    case "rename": {
+      const account = await pickAccount(runtime, ctx, first, "Choose account to rename");
+      const label = await getRequiredLabel(ctx, account.label, rest.join(" "));
+      runtime.renameAccount(account.id, label);
+      setFooterStatus(ctx, runtime);
+      emitReport(pi, `Renamed account ${account.id} to ${label}.`);
+      return;
+    }
+    case "relogin": {
+      const existing = await pickAccount(runtime, ctx, first, "Choose account to re-login");
+      const upstream = runtime.listUpstreams().find((entry) => entry.id === existing.upstreamId);
+      if (!upstream) throw new Error(`Unknown upstream for account ${existing.id}: ${existing.upstreamId}`);
+      if (ctx.hasUI) {
+        const ok = await ctx.ui.confirm("Re-login account?", `Replace OAuth/API credentials for ${existing.id} (${existing.label}) and clear auth failure state?`);
+        if (!ok) throw new Error("Cancelled by user");
+      }
+      const fresh = await createAccountFromUpstream(upstream, existing.label, ctx);
+      runtime.updateAccount({
+        ...existing,
+        provider: fresh.provider,
+        upstreamId: fresh.upstreamId,
+        access: fresh.access,
+        refresh: fresh.refresh,
+        expires: fresh.expires,
+        meta: fresh.meta,
+        updatedAt: Date.now(),
+      });
+      runtime.clearAccountHealth(existing.id);
+      await runtime.refreshUsageSnapshot(existing.id);
+      setFooterStatus(ctx, runtime);
+      emitReport(pi, `Re-logged account ${existing.id} (${existing.label}) and cleared auth state.`);
       return;
     }
     case "refresh": {
-      if (!first) throw new Error("Usage: /router-login refresh <id>");
-      const refreshed = await runtime.refreshAccount(first);
+      const account = await pickAccount(runtime, ctx, first, "Choose account to refresh");
+      const refreshed = await runtime.refreshAccount(account.id);
+      await runtime.refreshUsageSnapshot(refreshed.id);
       setFooterStatus(ctx, runtime);
       emitReport(pi, `Refreshed account ${refreshed.id} (${refreshed.label}).`);
       return;
@@ -238,12 +481,18 @@ async function handleRouterLogin(pi: ExtensionAPI, runtime: RouterRuntime, args:
         [
           "# oauth-router commands",
           "",
-          "- /router-login add [upstreamId] [label]",
+          "- /router-login add [upstreamId] [label] [--allow-duplicate]",
           "- /router-login list",
           "- /router-login remove <id>",
+          "- /router-login delete <id>",
+          "- /router-login rename <id> <new label>",
+          "- /router-login relogin <id>",
           "- /router-login refresh <id>",
           "- /router-status",
           "- /router-accounts",
+          "- /router-usage [id]",
+          "- /router-usage-raw [id]",
+          "- /router-refresh-usage <id|all>",
           "- /router-enable <id>",
           "- /router-disable <id>",
           "- /router-policy <round-robin|weighted-round-robin>",
@@ -270,28 +519,92 @@ export function registerRouterCommands(pi: ExtensionAPI, runtime: RouterRuntime)
   });
 
   pi.registerCommand("router-accounts", {
-    description: "Show oauth-router accounts",
+    description: "Show compact oauth-router account list",
     handler: async (_args, ctx) => {
-      emitReport(pi, formatStatusReport(runtime));
+      emitReport(pi, formatAccountsReport(runtime));
       setFooterStatus(ctx, runtime);
     },
   });
 
+  pi.registerCommand("router-usage", {
+    description: "Show oauth-router visual provider quota and local usage",
+    handler: async (args, ctx) => {
+      const [id] = parseArgs(args || "");
+      emitReport(pi, formatUsageReport(runtime, id));
+      setFooterStatus(ctx, runtime);
+    },
+  });
+
+  pi.registerCommand("router-usage-raw", {
+    description: "Show raw oauth-router usage/provider quota details",
+    handler: async (args, ctx) => {
+      const [id] = parseArgs(args || "");
+      emitReport(pi, formatUsageRawReport(runtime, id));
+      setFooterStatus(ctx, runtime);
+    },
+  });
+
+  pi.registerCommand("router-quota", {
+    description: "Alias for visual oauth-router usage/quota",
+    handler: async (args, ctx) => {
+      const [id] = parseArgs(args || "");
+      emitReport(pi, formatUsageReport(runtime, id));
+      setFooterStatus(ctx, runtime);
+    },
+  });
+
+  pi.registerCommand("router-refresh-usage", {
+    description: "Refresh oauth-router account metadata from token claims",
+    handler: async (args, ctx) => {
+      const [requestedId] = parseArgs(args || "");
+      const target = await pickUsageTarget(runtime, ctx, requestedId);
+      const ids = target === "all" ? runtime.listAccounts().map((account) => account.id) : [target];
+      for (const accountId of ids) await runtime.refreshUsageSnapshot(accountId);
+      emitReport(pi, formatUsageReport(runtime, target === "all" ? undefined : target));
+      setFooterStatus(ctx, runtime);
+    },
+  });
+
+  pi.registerCommand("router-rename", {
+    description: "Rename an oauth-router account",
+    handler: async (args, ctx) => {
+      const [id, ...labelParts] = parseArgs(args || "");
+      const account = await pickAccount(runtime, ctx, id, "Choose account to rename");
+      const label = await getRequiredLabel(ctx, account.label, labelParts.join(" "));
+      runtime.renameAccount(account.id, label);
+      setFooterStatus(ctx, runtime);
+      emitReport(pi, `Renamed account ${account.id} to ${label}.`);
+    },
+  });
+
+  pi.registerCommand("router-delete", {
+    description: "Delete an oauth-router account",
+    handler: async (args, ctx) => {
+      const [id] = parseArgs(args || "");
+      const account = await pickAccount(runtime, ctx, id, "Choose account to delete");
+      if (ctx.hasUI) {
+        const ok = await ctx.ui.confirm("Delete account?", `Delete router account ${account.id} (${account.label})? This removes stored tokens and usage state.`);
+        if (!ok) throw new Error("Cancelled by user");
+      }
+      runtime.removeAccount(account.id);
+      setFooterStatus(ctx, runtime);
+      emitReport(pi, `Deleted account ${account.id}.`);
+    },
+  });
+
+  pi.registerCommand("router-relogin", {
+    description: "Re-login and recover an oauth-router account",
+    handler: async (args, ctx) => handleRouterLogin(pi, runtime, `relogin ${args || ""}`, ctx),
+  });
+
   pi.registerCommand("router-enable", {
     description: "Enable an oauth-router account",
     handler: async (args, ctx) => {
       const [id] = parseArgs(args || "");
-      if (!id) {
-        showCommandHint(pi, ctx, "router-enable", ["Usage: /router-enable <id>", "", ...getAccountUsageLines(runtime)]);
-        return;
-      }
-      if (!runtime.getAccount(id)) {
-        showCommandHint(pi, ctx, "router-enable", [`Unknown account: ${id}`, "", ...getAccountUsageLines(runtime)]);
-        return;
-      }
-      runtime.setEnabled(id, true);
+      const account = await pickAccount(runtime, ctx, id, "Choose account to enable");
+      runtime.setEnabled(account.id, true);
       setFooterStatus(ctx, runtime);
-      emitReport(pi, `Enabled account ${id}.`);
+      emitReport(pi, `Enabled account ${account.id}.`);
     },
   });
 
@@ -299,17 +612,10 @@ export function registerRouterCommands(pi: ExtensionAPI, runtime: RouterRuntime)
     description: "Disable an oauth-router account",
     handler: async (args, ctx) => {
       const [id] = parseArgs(args || "");
-      if (!id) {
-        showCommandHint(pi, ctx, "router-disable", ["Usage: /router-disable <id>", "", ...getAccountUsageLines(runtime)]);
-        return;
-      }
-      if (!runtime.getAccount(id)) {
-        showCommandHint(pi, ctx, "router-disable", [`Unknown account: ${id}`, "", ...getAccountUsageLines(runtime)]);
-        return;
-      }
-      runtime.setEnabled(id, false);
+      const account = await pickAccount(runtime, ctx, id, "Choose account to disable");
+      runtime.setEnabled(account.id, false);
       setFooterStatus(ctx, runtime);
-      emitReport(pi, `Disabled account ${id}.`);
+      emitReport(pi, `Disabled account ${account.id}.`);
     },
   });
 
@@ -346,35 +652,19 @@ export function registerRouterCommands(pi: ExtensionAPI, runtime: RouterRuntime)
     description: "Set oauth-router account weight for weighted round robin",
     handler: async (args, ctx) => {
       const [id, rawWeight] = parseArgs(args || "");
-      const hasAccounts = runtime.getStatusRows().length > 0;
-      if (!id && !rawWeight) {
-        showCommandHint(pi, ctx, "router-weight", [
-          "Usage: /router-weight <id> <n>",
-          "",
-          "Example: /router-weight acct_ab12cd34 3",
-          "",
-          ...getAccountUsageLines(runtime),
-        ]);
-        return;
-      }
-
-      const weight = Number(rawWeight);
-      if (!id || !Number.isFinite(weight)) {
-        showCommandHint(pi, ctx, "router-weight", [
-          "Usage: /router-weight <id> <n>",
-          hasAccounts ? "Provide both an account id and a numeric weight." : "Add an account first with /router-login add.",
-          "",
-          ...getAccountUsageLines(runtime),
-        ]);
-        return;
+      const account = await pickAccount(runtime, ctx, id, "Choose account to reweight");
+      let weight = Number(rawWeight);
+      if (!Number.isFinite(weight) && ctx.hasUI) {
+        const response = await ctx.ui.input("Account weight:", String(account.weight));
+        weight = Number(response);
       }
-      if (!runtime.getAccount(id)) {
-        showCommandHint(pi, ctx, "router-weight", [`Unknown account: ${id}`, "", ...getAccountUsageLines(runtime)]);
+      if (!Number.isFinite(weight)) {
+        showCommandHint(pi, ctx, "router-weight", ["Usage: /router-weight <id> <n>", "Example: /router-weight acct_ab12cd34 3"]);
         return;
       }
-      runtime.setWeight(id, weight);
+      runtime.setWeight(account.id, weight);
       setFooterStatus(ctx, runtime);
-      emitReport(pi, `Updated weight for ${id} to ${Math.max(1, Math.floor(weight))}.`);
+      emitReport(pi, `Updated weight for ${account.id} to ${Math.max(1, Math.floor(weight))}.`);
     },
   });
 }