feat: v4.11.0 - subdirectory detection, countdown timer, auto-remove, refresh tool

ndycode · ndycode · commit 339d80a66ff5 · 2026-01-29T16:47:36.000+08:00
- subdirectory detection: walks up directory tree to find project root for per-project accounts
- countdown timer: shows live countdown during rate limit waits (every 5s)
- auto-remove: removes accounts after 3 consecutive auth failures with notification
- openai-accounts-refresh: new tool to manually refresh all OAuth tokens
diff --git a/README.md b/README.md
@@ -252,19 +252,21 @@ opencode auth login  # run again to add more accounts
 - `openai-accounts` — list all accounts
 - `openai-accounts-switch` — switch active account
 - `openai-accounts-status` — show rate limit status
-- `openai-accounts-remove` — remove an account by index (new in v4.10.0)
+- `openai-accounts-remove` — remove an account by index
 - `openai-accounts-health` — check health of all accounts
+- `openai-accounts-refresh` — manually refresh all tokens (new in v4.11.0)
 
 **how rotation works:**
 - health scoring tracks success/failure per account
 - token bucket prevents hitting rate limits
 - hybrid selection prefers healthy accounts with available tokens
-- always retries when all accounts are rate-limited (waits for reset)
+- always retries when all accounts are rate-limited (waits for reset with live countdown)
 - 20% jitter on retry delays to avoid thundering herd
+- auto-removes accounts after 3 consecutive auth failures (new in v4.11.0)
 
 **per-project accounts (v4.10.0+):**
 
-by default, each project directory gets its own account storage. this means you can have different active accounts per project. disable with `perProjectAccounts: false` in your config.
+by default, each project directory gets its own account storage. this means you can have different active accounts per project. works from subdirectories too — the plugin walks up to find the project root (v4.11.0). disable with `perProjectAccounts: false` in your config.
 
 **storage locations:**
 - per-project: `{project-root}/.opencode/openai-codex-accounts.json`
diff --git a/index.ts b/index.ts
@@ -674,31 +674,61 @@ export const OpenAIOAuthPlugin: Plugin = async ({ client }: PluginInput) => {
 																				const modelFamily = model ? getModelFamily(model) : "gpt-5.1";
 																				const quotaKey = model ? `${modelFamily}:${model}` : modelFamily;
 
-																				const abortSignal = requestInit?.signal ?? init?.signal ?? null;
-									const sleep = (ms: number): Promise<void> =>
-										new Promise((resolve, reject) => {
-											if (abortSignal?.aborted) {
-												reject(new Error("Aborted"));
-												return;
-											}
-
-											const timeout = setTimeout(() => {
-												cleanup();
-												resolve();
-											}, ms);
-
-											const onAbort = () => {
-												cleanup();
-												reject(new Error("Aborted"));
-											};
-
-											const cleanup = () => {
-												clearTimeout(timeout);
-												abortSignal?.removeEventListener("abort", onAbort);
-											};
+					const abortSignal = requestInit?.signal ?? init?.signal ?? null;
+					const sleep = (ms: number): Promise<void> =>
+						new Promise((resolve, reject) => {
+							if (abortSignal?.aborted) {
+								reject(new Error("Aborted"));
+								return;
+							}
 
-											abortSignal?.addEventListener("abort", onAbort, { once: true });
-										});
+							const timeout = setTimeout(() => {
+								cleanup();
+								resolve();
+							}, ms);
+
+							const onAbort = () => {
+								cleanup();
+								reject(new Error("Aborted"));
+							};
+
+							const cleanup = () => {
+								clearTimeout(timeout);
+								abortSignal?.removeEventListener("abort", onAbort);
+							};
+
+							abortSignal?.addEventListener("abort", onAbort, { once: true });
+						});
+
+					const sleepWithCountdown = async (
+						totalMs: number,
+						message: string,
+						intervalMs: number = 5000,
+					): Promise<void> => {
+						const startTime = Date.now();
+						const endTime = startTime + totalMs;
+						
+						while (Date.now() < endTime) {
+							if (abortSignal?.aborted) {
+								throw new Error("Aborted");
+							}
+							
+							const remaining = Math.max(0, endTime - Date.now());
+							const waitLabel = formatWaitTime(remaining);
+							await showToast(
+								`${message} (${waitLabel} remaining)`,
+								"warning",
+								{ duration: Math.min(intervalMs + 1000, toastDurationMs) },
+							);
+							
+							const sleepTime = Math.min(intervalMs, remaining);
+							if (sleepTime > 0) {
+								await sleep(sleepTime);
+							} else {
+								break;
+							}
+						}
+					};
 
 									let allRateLimitedRetries = 0;
 
@@ -718,25 +748,40 @@ while (attempted.size < Math.max(1, accountCount)) {
 							);
 
 											let accountAuth = accountManager.toAuthDetails(account) as OAuthAuthDetails;
-											try {
-							if (shouldRefreshToken(accountAuth, tokenRefreshSkewMs)) {
-								accountAuth = (await refreshAndUpdateToken(
-									accountAuth,
-									client,
-								)) as OAuthAuthDetails;
-								accountManager.updateFromAuth(account, accountAuth);
-								accountManager.saveToDiskDebounced();
-							}
+								try {
+						if (shouldRefreshToken(accountAuth, tokenRefreshSkewMs)) {
+							accountAuth = (await refreshAndUpdateToken(
+								accountAuth,
+								client,
+							)) as OAuthAuthDetails;
+							accountManager.updateFromAuth(account, accountAuth);
+							accountManager.clearAuthFailures(account);
+							accountManager.saveToDiskDebounced();
+						}
 			} catch (err) {
 				logDebug(`[${PLUGIN_NAME}] Auth refresh failed for account: ${(err as Error)?.message ?? String(err)}`);
+				const failures = accountManager.incrementAuthFailures(account);
+				const accountLabel = formatAccountLabel(account, account.index);
+				
+				if (failures >= ACCOUNT_LIMITS.MAX_AUTH_FAILURES_BEFORE_REMOVAL) {
+					accountManager.removeAccount(account);
+					accountManager.saveToDiskDebounced();
+					await showToast(
+						`Removed ${accountLabel} after ${failures} consecutive auth failures. Run 'opencode auth login' to re-add.`,
+						"error",
+						{ duration: toastDurationMs * 2 },
+					);
+					continue;
+				}
+				
 				accountManager.markAccountCoolingDown(
 								account,
 								ACCOUNT_LIMITS.AUTH_FAILURE_COOLDOWN_MS,
 								"auth-failure",
 							);
-							accountManager.saveToDiskDebounced();
-							continue;
-						}
+						accountManager.saveToDiskDebounced();
+						continue;
+					}
 
 						const hadAccountId = !!account.accountId;
 						const accountId =
@@ -883,24 +928,19 @@ while (attempted.size < Math.max(1, accountCount)) {
 										const waitMs = accountManager.getMinWaitTimeForFamily(modelFamily, model);
 										const count = accountManager.getAccountCount();
 
-										if (
-											retryAllAccountsRateLimited &&
-											count > 0 &&
-											waitMs > 0 &&
-											(retryAllAccountsMaxWaitMs === 0 ||
-												waitMs <= retryAllAccountsMaxWaitMs) &&
-											allRateLimitedRetries < retryAllAccountsMaxRetries
-										) {
-								const waitLabel = formatWaitTime(waitMs);
-									await showToast(
-										`All ${count} account(s) are rate-limited. Waiting ${waitLabel}...`,
-										"warning",
-										{ duration: toastDurationMs },
-									);
+								if (
+									retryAllAccountsRateLimited &&
+									count > 0 &&
+									waitMs > 0 &&
+									(retryAllAccountsMaxWaitMs === 0 ||
+										waitMs <= retryAllAccountsMaxWaitMs) &&
+									allRateLimitedRetries < retryAllAccountsMaxRetries
+								) {
+									const countdownMessage = `All ${count} account(s) rate-limited. Waiting`;
+									await sleepWithCountdown(addJitter(waitMs, 0.2), countdownMessage);
 									allRateLimitedRetries++;
-									await sleep(addJitter(waitMs, 0.2));
 									continue;
-										}
+								}
 
 										const waitLabel = waitMs > 0 ? formatWaitTime(waitMs) : "a bit";
 										const message =
@@ -1475,6 +1515,52 @@ while (attempted.size < Math.max(1, accountCount)) {
 				},
 			}),
 
+			"openai-accounts-refresh": tool({
+				description: "Manually refresh OAuth tokens for all accounts to verify they're still valid.",
+				args: {},
+				async execute() {
+					const storage = await loadAccounts();
+					if (!storage || storage.accounts.length === 0) {
+						return "No OpenAI accounts configured. Run: opencode auth login";
+					}
+
+					const results: string[] = [
+						`Refreshing ${storage.accounts.length} account(s):`,
+						"",
+					];
+
+					let refreshedCount = 0;
+					let failedCount = 0;
+
+					for (let i = 0; i < storage.accounts.length; i++) {
+						const account = storage.accounts[i];
+						if (!account) continue;
+						const label = formatAccountLabel(account, i);
+
+						try {
+							const refreshResult = await queuedRefresh(account.refreshToken);
+							if (refreshResult.type === "success") {
+								account.refreshToken = refreshResult.refresh;
+								results.push(`  ✓ ${label}: Refreshed`);
+								refreshedCount++;
+							} else {
+								results.push(`  ✗ ${label}: Failed - ${refreshResult.message ?? refreshResult.reason}`);
+								failedCount++;
+							}
+						} catch (error) {
+							const errorMsg = error instanceof Error ? error.message : String(error);
+							results.push(`  ✗ ${label}: Error - ${errorMsg.slice(0, 50)}`);
+							failedCount++;
+						}
+					}
+
+					await saveAccounts(storage);
+					results.push("");
+					results.push(`Summary: ${refreshedCount} refreshed, ${failedCount} failed`);
+					return results.join("\n");
+				},
+			}),
+
 		},
         };
 };
diff --git a/lib/accounts.ts b/lib/accounts.ts
@@ -354,6 +354,7 @@ export interface ManagedAccount {
   rateLimitResetTimes: RateLimitStateV3;
   coolingDownUntil?: number;
   cooldownReason?: CooldownReason;
+  consecutiveAuthFailures?: number;
 }
 
 function clearExpiredRateLimits(account: ManagedAccount): void {
@@ -756,6 +757,15 @@ export class AccountManager {
     delete account.cooldownReason;
   }
 
+  incrementAuthFailures(account: ManagedAccount): number {
+    account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
+    return account.consecutiveAuthFailures;
+  }
+
+  clearAuthFailures(account: ManagedAccount): void {
+    account.consecutiveAuthFailures = 0;
+  }
+
   shouldShowAccountToast(accountIndex: number, debounceMs = 30000): boolean {
     const now = nowMs();
     if (accountIndex === this.lastToastAccountIndex && now - this.lastToastTime < debounceMs) {
diff --git a/lib/constants.ts b/lib/constants.ts
@@ -87,4 +87,6 @@ export const ACCOUNT_LIMITS = {
 	MAX_ACCOUNTS: 20,
 	/** Cooldown period (ms) after auth failure before retrying account */
 	AUTH_FAILURE_COOLDOWN_MS: 30_000,
+	/** Number of consecutive auth failures before auto-removing account */
+	MAX_AUTH_FAILURES_BEFORE_REMOVAL: 3,
 } as const;
diff --git a/lib/storage.ts b/lib/storage.ts
@@ -89,11 +89,41 @@ function isProjectDirectory(dir: string): boolean {
   return PROJECT_MARKERS.some((marker) => existsSync(join(dir, marker)));
 }
 
+/**
+ * Walk up the directory tree to find the nearest project root.
+ * Returns the first directory containing a project marker, or null if none found.
+ */
+function findProjectRoot(startDir: string): string | null {
+  let current = startDir;
+  const root = dirname(current) === current ? current : null;
+  
+  while (current) {
+    if (isProjectDirectory(current)) {
+      return current;
+    }
+    
+    const parent = dirname(current);
+    // Reached filesystem root
+    if (parent === current) {
+      break;
+    }
+    current = parent;
+  }
+  
+  return root && isProjectDirectory(root) ? root : null;
+}
+
 let currentStoragePath: string | null = null;
 
 export function setStoragePath(projectPath: string | null): void {
-  if (projectPath && isProjectDirectory(projectPath)) {
-    currentStoragePath = join(getProjectConfigDir(projectPath), "openai-codex-accounts.json");
+  if (!projectPath) {
+    currentStoragePath = null;
+    return;
+  }
+  
+  const projectRoot = findProjectRoot(projectPath);
+  if (projectRoot) {
+    currentStoragePath = join(getProjectConfigDir(projectRoot), "openai-codex-accounts.json");
   } else {
     currentStoragePath = null;
   }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "oc-chatgpt-multi-auth",
-  "version": "4.10.0",
+  "version": "4.11.0",
   "description": "Multi-account rotation plugin for ChatGPT Plus/Pro (OAuth / Codex backend)",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "oc-chatgpt-multi-auth",`
`3`		`- "version": "4.10.0",`
	`3`	`+ "version": "4.11.0",`
`4`	`4`	`"description": "Multi-account rotation plugin for ChatGPT Plus/Pro (OAuth / Codex backend)",`
`5`	`5`	`"main": "./dist/index.js",`
`6`	`6`	`"types": "./dist/index.d.ts",`