diff --git a/src/cliproxy/account-manager.ts b/src/cliproxy/account-manager.ts index a65947c9..2fced28c 100644 --- a/src/cliproxy/account-manager.ts +++ b/src/cliproxy/account-manager.ts @@ -14,6 +14,12 @@ import { CLIProxyProvider } from './types'; import { getCliproxyDir, getAuthDir } from './config-generator'; import { PROVIDER_TYPE_VALUES } from './auth/auth-types'; +/** + * Providers that typically have empty email in OAuth token files. + * For these providers, nickname is used as accountId instead of email. + */ +export const PROVIDERS_WITHOUT_EMAIL: CLIProxyProvider[] = ['kiro', 'ghcp']; + /** Account information */ export interface AccountInfo { /** Account identifier (email or custom name) */ @@ -257,6 +263,14 @@ export function findAccountByQuery(provider: CLIProxyProvider, query: string): A /** * Register a new account * Called after successful OAuth to record the account + * + * For providers without email (kiro, ghcp): + * - nickname is REQUIRED and used as accountId + * - Uniqueness is enforced to prevent overwriting + * + * For providers with email: + * - email is used as accountId + * - nickname is auto-generated from email if not provided */ export function registerAccount( provider: CLIProxyProvider, @@ -279,12 +293,44 @@ export function registerAccount( throw new Error('Failed to initialize provider accounts'); } - // Determine account ID - use email if available, otherwise extract from filename - const accountId = extractAccountIdFromTokenFile(tokenFile, email); - const isFirstAccount = Object.keys(providerAccounts.accounts).length === 0; + // Determine account ID based on provider type + let accountId: string; + let accountNickname: string; - // Generate nickname if not provided - const accountNickname = nickname || generateNickname(email); + if (PROVIDERS_WITHOUT_EMAIL.includes(provider)) { + // For kiro/ghcp: nickname is REQUIRED and used as accountId + if (!nickname || nickname === 'default') { + throw new Error( + `Nickname is required when adding ${provider} accounts. ` + + `Use --nickname or provide a nickname in the UI.` + ); + } + + // Validate nickname format + const validationError = validateNickname(nickname); + if (validationError) { + throw new Error(validationError); + } + + // Check uniqueness + for (const [existingId, _account] of Object.entries(providerAccounts.accounts)) { + if (existingId.toLowerCase() === nickname.toLowerCase()) { + throw new Error( + `An account with nickname "${nickname}" already exists for ${provider}. ` + + `Choose a different nickname.` + ); + } + } + + accountId = nickname; + accountNickname = nickname; + } else { + // For other providers: use email as accountId, fallback to filename extraction + accountId = extractAccountIdFromTokenFile(tokenFile, email); + accountNickname = nickname || generateNickname(email); + } + + const isFirstAccount = Object.keys(providerAccounts.accounts).length === 0; // Create or update account providerAccounts.accounts[accountId] = { @@ -428,6 +474,10 @@ export function getAccountTokenPath(provider: CLIProxyProvider, accountId?: stri /** * Auto-discover accounts from existing token files * Called during migration or first run to populate accounts registry + * + * For kiro/ghcp providers without email, generates unique accountId from: + * 1. OAuth provider + profile ID from filename (e.g., github-ABC123) + * 2. Fallback: provider + index (e.g., kiro-1, kiro-2) */ export function discoverExistingAccounts(): void { const authDir = getAuthDir(); @@ -478,13 +528,10 @@ export function discoverExistingAccounts(): void { } } - // Use unified ID extraction: email or filename-based unique ID - const accountId = extractAccountIdFromTokenFile(file, email); - // Initialize provider section if needed if (!registry.providers[provider]) { registry.providers[provider] = { - default: accountId, + default: 'default', accounts: {}, }; } @@ -492,11 +539,45 @@ export function discoverExistingAccounts(): void { const providerAccounts = registry.providers[provider]; if (!providerAccounts) continue; + // Skip if token file already registered (under any accountId) + const existingTokenFiles = Object.values(providerAccounts.accounts).map((a) => a.tokenFile); + if (existingTokenFiles.includes(file)) { + continue; + } + + // Determine accountId based on provider type + let accountId: string; + + if (PROVIDERS_WITHOUT_EMAIL.includes(provider) && !email) { + // For kiro/ghcp without email: extract from filename or generate unique + // Pattern: kiro-github-ABC123.json -> github-ABC123 + const filenameId = extractAccountIdFromTokenFile(file, undefined); + + if (filenameId !== 'default') { + accountId = filenameId; + } else { + // Generate unique ID: provider + incrementing index + let index = 1; + while (providerAccounts.accounts[`${provider}-${index}`]) { + index++; + } + accountId = `${provider}-${index}`; + } + } else { + // For providers with email: use email or filename extraction + accountId = extractAccountIdFromTokenFile(file, email); + } + // Skip if account already registered if (providerAccounts.accounts[accountId]) { continue; } + // Set as default if first account + if (Object.keys(providerAccounts.accounts).length === 0) { + providerAccounts.default = accountId; + } + // Get file stats for creation time const stats = fs.statSync(filePath); diff --git a/src/cliproxy/auth/oauth-handler.ts b/src/cliproxy/auth/oauth-handler.ts index 34ecabbc..fea5b39f 100644 --- a/src/cliproxy/auth/oauth-handler.ts +++ b/src/cliproxy/auth/oauth-handler.ts @@ -20,6 +20,8 @@ import { getProviderAccounts, getDefaultAccount, touchAccount, + PROVIDERS_WITHOUT_EMAIL, + validateNickname, } from '../account-manager'; import { enhancedPreflightOAuthCheck, @@ -49,6 +51,66 @@ async function promptAddAccount(): Promise { }); } +/** + * Prompt user for account nickname (required for kiro/ghcp) + * Returns null if user cancels + */ +async function promptNickname( + provider: CLIProxyProvider, + existingAccounts: AccountInfo[] +): Promise { + const readline = await import('readline'); + const rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + }); + + const existingNicknames = existingAccounts.map( + (a) => a.nickname?.toLowerCase() || a.id.toLowerCase() + ); + + console.log(''); + console.log(info(`${provider} accounts require a unique nickname to distinguish them.`)); + if (existingNicknames.length > 0) { + console.log(` Existing: ${existingNicknames.join(', ')}`); + } + + return new Promise((resolve) => { + // Handle Ctrl+C gracefully + rl.on('close', () => resolve(null)); + + const askForNickname = () => { + rl.question('[?] Enter a nickname for this account: ', (answer) => { + const nickname = answer.trim(); + + if (!nickname) { + console.log(fail('Nickname cannot be empty')); + askForNickname(); + return; + } + + const validationError = validateNickname(nickname); + if (validationError) { + console.log(fail(validationError)); + askForNickname(); + return; + } + + if (existingNicknames.includes(nickname.toLowerCase())) { + console.log(fail(`Nickname "${nickname}" is already in use. Choose a different one.`)); + askForNickname(); + return; + } + + rl.close(); + resolve(nickname); + }); + }; + + askForNickname(); + }); +} + /** * Run pre-flight OAuth checks */ @@ -127,7 +189,21 @@ export async function triggerOAuth( options: OAuthOptions = {} ): Promise { const oauthConfig = getOAuthConfig(provider); - const { verbose = false, add = false, nickname, fromUI = false, noIncognito = true } = options; + const { verbose = false, add = false, fromUI = false, noIncognito = true } = options; + let { nickname } = options; + + // Check for existing accounts + const existingAccounts = getProviderAccounts(provider); + + // For kiro/ghcp: require nickname if not provided (CLI only, not fromUI) + if (PROVIDERS_WITHOUT_EMAIL.includes(provider) && !nickname && !fromUI) { + const promptedNickname = await promptNickname(provider, existingAccounts); + if (!promptedNickname) { + console.log(info('Cancelled')); + return null; + } + nickname = promptedNickname; + } // Handle --import flag: skip OAuth and import from Kiro IDE directly if (options.import && provider === 'kiro') { @@ -144,8 +220,6 @@ export async function triggerOAuth( const headless = options.headless ?? isHeadlessEnvironment(); const isDeviceCodeFlow = callbackPort === null; - // Check for existing accounts - const existingAccounts = getProviderAccounts(provider); if (existingAccounts.length > 0 && !add) { console.log(''); console.log( diff --git a/src/web-server/routes/cliproxy-auth-routes.ts b/src/web-server/routes/cliproxy-auth-routes.ts index baa5d167..306b30ac 100644 --- a/src/web-server/routes/cliproxy-auth-routes.ts +++ b/src/web-server/routes/cliproxy-auth-routes.ts @@ -24,6 +24,8 @@ import { setDefaultAccount as setDefaultAccountFn, removeAccount as removeAccountFn, touchAccount, + PROVIDERS_WITHOUT_EMAIL, + validateNickname, } from '../../cliproxy/account-manager'; import { getProxyTarget } from '../../cliproxy/proxy-target-resolver'; import { fetchRemoteAuthStatus } from '../../cliproxy/remote-auth-fetcher'; @@ -283,6 +285,39 @@ router.post('/:provider/start', async (req: Request, res: Response): Promise a.nickname?.toLowerCase() || a.id.toLowerCase() + ); + if (existingNicknames.includes(nickname.toLowerCase())) { + res.status(400).json({ + error: `Nickname "${nickname}" is already in use. Choose a different one.`, + code: 'NICKNAME_EXISTS', + }); + return; + } + } + // Check Kiro no-incognito setting from config (or request body) // Default to true (use normal browser) for reliability - incognito often fails let noIncognito = true; diff --git a/tests/unit/cliproxy/account-manager-discover.test.js b/tests/unit/cliproxy/account-manager-discover.test.js index ae3cf72a..3f48f1e1 100644 --- a/tests/unit/cliproxy/account-manager-discover.test.js +++ b/tests/unit/cliproxy/account-manager-discover.test.js @@ -164,7 +164,7 @@ describe('Account Manager - discoverExistingAccounts', () => { assert.strictEqual(accountIds[0], 'actual@email.com', 'Should use data.email when available'); }); - it('falls back to "default" when no email in file or filename', () => { + it('generates unique ID for kiro/ghcp when no email in file or filename', () => { createAuthFile('kiro-nomail.json', { type: 'kiro', email: '', @@ -174,7 +174,8 @@ describe('Account Manager - discoverExistingAccounts', () => { const accounts = getAccountsFile(); const accountIds = Object.keys(accounts.providers.kiro.accounts); - assert.strictEqual(accountIds[0], 'default', 'Should fall back to "default"'); + // For kiro/ghcp without email, generates unique ID like "kiro-1" + assert.strictEqual(accountIds[0], 'kiro-1', 'Should generate unique ID for kiro without email'); }); it('handles dots in email local part', () => { @@ -274,6 +275,72 @@ describe('Account Manager - discoverExistingAccounts', () => { 'First account should be default' ); }); + + it('generates sequential IDs for multiple kiro files without email', () => { + // Create multiple kiro files without email in filename + // Files like "kiro-nomail.json" don't match oauth pattern (need 2+ hyphens) + createAuthFile('kiro-account1.json', { + type: 'kiro', + email: '', + }); + createAuthFile('kiro-account2.json', { + type: 'kiro', + email: '', + }); + + accountManager.discoverExistingAccounts(); + const accounts = getAccountsFile(); + + const accountIds = Object.keys(accounts.providers.kiro.accounts); + assert.strictEqual(accountIds.length, 2, 'Should have 2 accounts'); + // Both should have kiro-N format since filenames don't match oauth pattern (1 hyphen only) + assert(accountIds.includes('kiro-1'), 'Should have kiro-1'); + assert(accountIds.includes('kiro-2'), 'Should have kiro-2'); + }); + + it('skips to next ID when collision exists', () => { + // Pre-create accounts.json with kiro-1 already registered + const accountsPath = path.join(testDir, '.ccs', 'cliproxy', 'accounts.json'); + const existingRegistry = { + version: 1, + providers: { + kiro: { + default: 'kiro-1', + accounts: { + 'kiro-1': { + tokenFile: 'kiro-existing.json', + createdAt: new Date().toISOString(), + }, + }, + }, + }, + }; + fs.writeFileSync(accountsPath, JSON.stringify(existingRegistry)); + + // Create the existing token file (matches registry) + createAuthFile('kiro-existing.json', { + type: 'kiro', + email: '', + }); + + // Create new file that will need auto-generated ID (single hyphen = no oauth pattern match) + createAuthFile('kiro-newaccount.json', { + type: 'kiro', + email: '', + }); + + // Reload module to pick up pre-existing accounts.json + delete require.cache[require.resolve('../../../dist/cliproxy/account-manager')]; + accountManager = require('../../../dist/cliproxy/account-manager'); + accountManager.discoverExistingAccounts(); + + const accounts = getAccountsFile(); + const accountIds = Object.keys(accounts.providers.kiro.accounts); + + assert.strictEqual(accountIds.length, 2, 'Should have 2 accounts'); + assert(accountIds.includes('kiro-1'), 'Should keep existing kiro-1'); + assert(accountIds.includes('kiro-2'), 'New account should be kiro-2 (skipped kiro-1)'); + }); }); // =========================================================================