feat(account): add account module with cache invalidation on account switch#153
Draft
nh13 wants to merge 3 commits intostephenleo:mainfrom
Draft
feat(account): add account module with cache invalidation on account switch#153nh13 wants to merge 3 commits intostephenleo:mainfrom
nh13 wants to merge 3 commits intostephenleo:mainfrom
Conversation
Adds a placeholder Unreleased entry for an upcoming cship.account module that will display the currently authenticated Anthropic account (work vs personal) via the /api/oauth/profile OAuth endpoint. No implementation yet — this commit exists so the feature can be tracked via a draft PR while design is firmed up.
…play
Add a new native module that fetches the current Anthropic account
profile from the /api/oauth/profile OAuth endpoint and renders the
organization name (or a user-defined label) in the statusline, so
users can see at a glance whether they're on their work or personal
Claude account.
- AccountProfile struct + API parser in src/account.rs
- Render module with format-string placeholders ({label},
{organization}, {display_name}, {email}, {tier}, {type})
- Opt-in label mapping via [cship.account.labels] BTreeMap
- 24h cache with stale fallback on fetch timeout
- Shared fetch_with_timeout<T>() in modules/mod.rs
- explain.rs updated with is_disabled + config_section_for arms
- 22 new tests (parser, cache, render, label resolution)
Add a token fingerprint (last 16 chars of OAuth token) to the usage limits and account profile cache envelopes. On every cache read, the current token is read from the OS credential store and its fingerprint is compared against the stored value. A mismatch (indicating an account switch via /login) invalidates the cache immediately, even for stale fallback reads. Changes: - platform.rs: add token_fingerprint() derivation function - cache.rs: add token_fingerprint field to both cache envelopes, update read/write signatures with expected_fingerprint parameter - account.rs: restructure render() to read token up front, pass fingerprint to all cache calls - usage_limits.rs: restructure resolve_data/fetch_and_cache to compute fingerprint up front, pass to cache calls
nh13
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
cship.accountmodule fetches organization and accountmetadata from the
/api/oauth/profileOAuth endpoint, letting users see at a glancewhether they're on their work or personal Claude account
[cship.account.labels]table maps raw organization names touser-friendly labels (e.g.
"Fulcrum Genomics" = "work","Personal Workspace" = "personal"){label},{organization},{display_name},{email},{tier},{type}— default format is{label}(resolved label or raw org name)via
ttl). Stale cache is used as fallback when the API fetch times out.token) is stored in both the usage limits and account profile cache envelopes. On every
cache read, the current token is re-read from the OS credential store and its fingerprint
is compared. A mismatch (e.g. after
/loginto a different account) invalidates thecache immediately — even stale fallback reads — preventing stale data from the wrong
account from being displayed.
fetch_with_timeout<T>(): extracted generic timeout wrapper tomodules/mod.rsTest plan
cargo fmt— passescargo clippy -- -D warnings— passes (lib clean; pre-existing warnings inexplain.rs/cli.rsare addressed by fix: resolve clippy warnings in explain and cli tests #151)cargo test— 356 unit + 66 integration tests pass (includes tests forAPI parsing, cache hit/miss/TTL/stale, format rendering, label resolution, render
entry points, fingerprint match/mismatch/stale/backwards-compat)
cargo build --release— builds successfully/api/oauth/profileendpoint