core: make account login upgrades safe while adding multi-account workspace auth#15487
Open
core: make account login upgrades safe while adding multi-account workspace auth#15487
Conversation
opencode-agent bot
added a commit
that referenced
this pull request
Feb 28, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Feb 28, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Feb 28, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
The auth command has been renamed to providers to better reflect its purpose of managing AI provider credentials. This makes it easier for users to discover and use the credential management features when configuring different AI providers.
…agement Refactor internal authentication system by renaming the control module to account, making it easier to understand that this handles user account credentials and tokens. Simplify database schema management by removing the centralized schema exports and letting each module manage its own tables directly.
Allow users to authenticate via browser-based OAuth device flow with opencode login command. Includes login, logout, switch account, and workspaces list commands for managing multiple accounts.
…l workspace access Enable users to authenticate with multiple accounts and switch between them, accessing workspaces from each account separately.
…mands Switch from boolean active flag to workspace_id tracking so users can select which workspace context to operate in. Login now automatically selects the first available workspace and stores it on the account record. Logout command now actually removes account records and supports targeting specific accounts by email. Switch command provides an interactive picker to change active workspace. Workspaces command lists all available workspaces across accounts. Configuration now loads workspace-specific settings from the server when an active workspace is selected, enabling per-workspace customization of opencode behavior.
…estoring legacy ControlAccountTable alongside new AccountTable structure
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 1, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
opencode-agent bot
added a commit
that referenced
this pull request
Mar 3, 2026
…multi-account workspace auth
Rewrite the account layer using Effect for typed error handling, schema validation, and structured concurrency. Split into three concerns: - schema.ts: branded types (AccountID, OrgID, AccessToken) and shared data classes - repo.ts: AccountRepo service owning all DB operations via drizzle - service.ts: AccountService owning HTTP orchestration (OAuth device flow, token refresh, org/config fetching) with AccountRepo as a dependency Key improvements: - Branded types enforce type safety at API boundaries - Option used consistently instead of null/undefined in internal APIs - User and orgs fetches parallelized during login poll - Schema-validated HTTP request/response bodies - Transient read retry with exponential backoff - Clock.currentTimeMillis instead of Date.now() for testability - 11 new repo tests covering all DB operations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- persistToken: positional params → named object to prevent swaps - persistAccount: wrap in Database.transaction for atomicity - Internal response schemas: Schema.Class → Schema.Struct (lighter) - fromRow: pass row directly to decoder (strips unknown keys) - Test: add afterAll runtime disposal, use branded ID in assertion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rewrite all account CLI commands (login, logout, switch, orgs) as Effect.fn with AccountService accessed directly via yield* - Convert PollResult from plain object union to Schema.TaggedClass variants with Schema.Union and Match.valueTags for exhaustive matching - Add recursive poll function for device auth flow (stack-safe via Effect trampolining) - Add shared Effect runtime at src/effect/runtime.ts - Add Effect wrappers for @clack/prompts at src/cli/effect/prompt.ts - Add @effect/language-service TS plugin for editor support - Refactor repo tests to use testEffect helper with Layer-based setup - Parallelize org fetching in orgs command Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Align the account CLI with the Effect-based service types so polling, org switching, and prompt cancellation narrow cleanly. This keeps the refactor type-safe and avoids leaking legacy wrapper shapes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
providersandaccountcommands so people can connect and manage credentials from the CLI without hand-editing config