feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements

[mguttmann]

Summary

Implements comprehensive multi-account OAuth support with automatic rate limit rotation, manual account switching, ability to delete individual accounts, and a new Settings menu for the desktop app.

Closes #9068

Changes

Backend - OAuth Pool Enhancements

• Auth.OAuthPool.setActive() - Manually switch active OAuth account
• Auth.OAuthPool.removeRecord() - Delete individual OAuth accounts
• Auth.OAuthPool.snapshot() - Returns activeID for credential selection
• rotating-fetch.ts - Prefers activeID while preserving auto-rotation on 429
• fetchAnthropicUsage() - Respects provider.active[namespace]
• getAccounts() - Correctly identifies active account

API

• POST /auth/active - Switch active account, returns updated usage data
• DELETE /auth/account - Delete individual OAuth account

Desktop App

New Settings Menu (DialogSettings):

• Providers Tab: Connected providers, add new with search
• Provider Detail: Account list, usage bars, switch functionality
• Delete Button: Remove individual accounts with confirmation
• About Tab: GitHub, docs, Discord, keyboard shortcuts

Context Panel:

• Anthropic Rate Limits section (5h, 7d-all, 7d-sonnet bars)
• Account switch buttons
• Only visible for Anthropic sessions

CLI

• opencode auth usage: Per-account usage with rate limits
• opencode auth switch: Interactive account switching
• opencode auth logout: Now supports selecting individual accounts to remove
• opencode auth list: Shows account counts
• All lists sorted alphabetically

Delete Individual Accounts

CLI

$ opencode auth logout

┌  Remove credential
│
◆  Select provider
│  ● Anthropic (oauth)
│
◆  Remove which account?
│  ○ Remove all accounts (3 accounts)
│  ○ Account 1
│  ○ Account 2 
│  ● Account 3
│
◐  Account removed. 2 accounts remaining.
│
└  Done

Desktop

In Settings → Providers → [Provider]:

• Each account has a delete button (X icon)
• Two-step confirmation to prevent accidents
• Shows loading state during deletion
• Auto-navigates back when last account is removed

Auto-Rotation Flow

1. Request with activeID (manually selected or first available)
2. On 429 rate limit:
   - Account gets cooldownUntil
   - Account moved to back of queue
   - Loop continues with next candidate
3. Next available account used automatically

Files Changed

Package	File	Description
opencode	auth/index.ts	Core OAuth pool functions incl. removeRecord()
opencode	auth/rotating-fetch.ts	Credential selection logic
opencode	server/server.ts	/auth/active and /auth/account endpoints
opencode	cli/cmd/auth.ts	CLI commands with logout account selection
app	dialog-settings.tsx	Settings dialog with delete buttons
app	session-context-tab.tsx	Context panel usage section
app	layout.tsx	Settings button
sdk	sdk.gen.ts, types.gen.ts	Regenerated

Testing

CLI

opencode auth list      # Shows providers with account counts
opencode auth usage     # Shows per-account stats with rate limits
opencode auth switch    # Interactive account switching
opencode auth logout    # Select individual accounts to remove

Desktop

1. Click ⚙️ Settings button → Providers tab
2. Click connected provider → View accounts and usage
3. Switch accounts → Verify bars update
4. Click X on account → Confirm deletion
5. Open Anthropic session → Context panel shows rate limits

Limitations

• Usage statistics: Anthropic only (OAuth API limitation)
• Multi-account: Anthropic, OpenAI, GitHub Copilot
• Other providers: Contributions welcome

Checklist

• Backend OAuth pool enhancements
• API endpoints for account switching and deletion
• Desktop Settings menu with delete buttons
• Context panel integration
• CLI commands with logout account selection
• Alphabetical sorting
• Auto-rotation preserved
• Local state updates (no full refresh on switch)

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Potential Related PRs Found

#8590 - feat(auth): OAuth Marathon - multi-account credential rotation

• feat(auth): OAuth Marathon - multi-account credential rotation #8590
• This PR directly addresses OAuth credential rotation across multiple accounts, which is the core feature in PR feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements #9069. This may be a predecessor or overlapping work on the same feature.

#6905 - feat: display Anthropic and OpenAI OAuth usage in status dialog and sidebar

• feat: display Anthropic and OpenAI OAuth usage in status dialog and sidebar #6905
• Related to OAuth usage display functionality, which overlaps with the usage bars and account statistics features in PR feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements #9069.

#5158 - add ratelimiter to opencode server

• add ratelimiter to opencode server  #5158
• Related to rate limiting infrastructure, which is relevant to the 429 rate limit rotation logic in PR feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements #9069.

[mguttmann]

Context on Related PRs

PR	Status	Relationship
#8590	Closed	Earlier implementation attempt. This PR provides a complete, production-ready version.
#6905	Merged	Basic OAuth usage display. This PR extends with multi-account support and Settings UI.
#5158	Merged	Server rate limiter. This PR handles client-side rate limit rotation (429 responses).
#8912	Merged	Usage dashboard foundation. This PR builds the full feature on top.

This PR represents the complete implementation of multi-account OAuth with:

• Backend credential rotation ✅
• API endpoints ✅
• Desktop Settings UI ✅
• Context panel integration ✅
• CLI commands ✅

All functionality has been tested and works together cohesively.

[mguttmann]

Rebased to latest dev (936f3eb)

This PR has been rebased onto the latest dev branch and adapted to the new modular settings structure:

Changes in this update:

• Rebased onto latest upstream (v1.1.30+)
• Moved auth endpoints (/auth/usage, /auth/active, /auth/account) to /provider/auth/* routes
• Added delete account functionality with confirmation UI in dialog-auth-usage.tsx
• Fixed duplicate imports and type issues
• Regenerated SDK types

Features preserved:

• Multi-account OAuth rotation with automatic failover
• Account health tracking and cooldown management
• Rate limit display for Anthropic accounts
• Account switching and deletion UI

Testing:

• TypeScript compilation passes
• CLI builds successfully

Ready for review!

[mguttmann]

Update: Rebased onto latest dev (v1.1.30+)

Branch has been rebased and updated to work with the new modular settings structure.

Changes since last update:

• Added missing /auth/usage endpoint for the usage dashboard
• Adapted to new modular settings components (no more monolithic dialog-settings.tsx)
• Auth endpoints moved to /provider/auth/* routes
• SDK regenerated

Features included:

• Multi-account OAuth rotation with automatic failover
• Auth usage dashboard with Anthropic rate limits
• Delete individual OAuth accounts
• CLI commands: opencode auth usage, opencode auth switch

Typecheck passes ✅ | Build passes ✅

This is the base PR for #9073 (YOLO Mode) and #9455 (Auto-Relogin).

[mguttmann]

Closing in favor of combined PR with all features (Multi-Account, YOLO Mode, Auto-Relogin)