This fork adds VibeProxy-compatible multi-account auth handling plus a deterministic binary path.
Key behaviors
- Per-account auth files in
~/.cli-proxy-apinamedprovider-accountId.json. typeandaccountIdalways set; legacy files (provider.json) still read as single accounts.- Active account chosen via
~/.cli-proxy-api/active-accounts.json(provider -> id/email/filename hints), with graceful fallback. Only applied when using the default auth dir; legacy single-file auth still works. - Expired accounts (via
expired) avoided when valid accounts exist. accountNicknameand unknown fields preserved when updating files.
Implementation highlights
- New
internal/accountspackage:- Scans
~/.cli-proxy-api/*.json(excludingactive-accounts.json) intoProviderAccounts. - Infers provider +
accountIdfrom JSON and filename. - Loads
active-accounts.jsonand resolves active account per provider with VibeProxy-compatible matching rules. SaveProviderAccountwrites/mergesprovider-accountId.jsonpreserving metadata.
- Scans
- Provider auth storages (Codex, Claude, Gemini, Qwen) now save via
SaveProviderAccountusing stable IDs (e.g. account id/email) instead of single global files. - Watcher synthesizer prefers multi-account files and
active-accounts.jsonwhen the auth dir is default, then falls back to legacy single-file auths to avoid duplicates.
Binary artifact
- Standard build target for automation:
go build -o ./bin/cli-proxy-api ./cmd/...
- Tools (e.g. VibeProxy) can download the compiled binary from
bin/cli-proxy-apiin this repo.
Upstream merge guidance
- Conflicts are expected primarily under
internal/auth/*,internal/runtime/executor/*, and the newinternal/accountspackage. - When updating from upstream:
- Keep
internal/accountsintact. - Ensure any upstream auth changes continue to call
SaveTokenToFileso per-account files remain the source of truth. - Verify
active-accounts.jsonresolution and binary path still behave as specified inCLIProxyAPI_MULTI_ACCOUNT_SPEC.md.
- Keep