feat: add Copilot CLI Keychain token discovery and multi-account CLI support

[Shaglock]

Disclaimer

The initial issue (fix #73) I had was that my copilot sub was not detected through opencode auth token.
I have no Swift language knowledge, I tried to guide Claude Opus 4.6 to fix my problem. Then I went into a little rabbit hole trying to support two copilot subs at once. Obviously there is probably a lot of slop here, not sure if the keychain access is implemented correctly, and, but hopefully if it's not merged, at least it's a good starting point for someone.

Summary

• Add macOS Keychain (copilot-cli service) as a new GitHub Copilot token discovery source
• Rewrite CLI's CopilotCLIProvider to use TokenManager for multi-account token discovery, matching the GUI provider's logic
• Fix CLI table output alignment when multi-account provider names exceed the column width
• Add quota_snapshots API format support for Copilot plan info
• Display GitHub login names instead of #1/#2 numbering in the menu

Detailed Changes

Token Discovery — Keychain Support (TokenManager.swift)

• Add copilotCliKeychain case to CopilotAuthSource enum with CustomStringConvertible conformance
• Implement readCopilotCliKeychainAccounts() using a two-step Keychain query:
  1. Query with kSecReturnAttributes + kSecMatchLimitAll to list all items
  2. Query each item individually with kSecReturnData + kSecMatchLimitOne to get the password
  • This two-step approach is required because kSecMatchLimitAll + kSecReturnData returns errSecParam (-50) on macOS
• Parse username from the Keychain account field (format: https://github.com:username)
• Integrate into getGitHubCopilotAccounts() between OpenCode auth and VS Code file discovery
• Update dedupeCopilotAccounts() priority ordering:
  • OpenCode auth: 3 (highest)
  • Copilot CLI Keychain: 2
  • VS Code hosts.json: 1
  • VS Code apps.json: 0 (lowest)
• Add diagnostic logging for Keychain discovery in the auth summary

Copilot API — quota_snapshots Format (TokenManager.swift)

• Add parsing for the new quota_snapshots API response format alongside the legacy monthly_quotas / limited_user_quotas format
• quota_snapshots contains per-type objects with entitlement, remaining, and unlimited fields
• Priority: snapshots > monthly > legacy
• Preserve existing unlimited plan handling (snapshotEntitlement = 0, snapshotRemaining = 0 placeholder)
• Add error response body logging for failed Copilot API calls

GUI — Display Names (StatusBarController.swift, CopilotProvider.swift)

• Show GitHub login names (e.g., GitHub Copilot (Shaglock)) instead of generic index numbers (GitHub Copilot #1)
• Change auth source separator from parentheses to dash: GitHub Copilot (Shaglock) - OpenCode instead of GitHub Copilot #1 (OpenCode)
• Update CopilotProvider.sourcePriority() to include copilotCliKeychain case with priority 2

CLI — CopilotCLIProvider Rewrite (CopilotCLIProvider.swift)

Complete rewrite from ~276 lines to ~544 lines. The old provider only supported browser cookies and returned a single ProviderResult. The new provider:

• Uses TokenManager.shared.getGitHubCopilotAccounts() for token discovery (OpenCode auth, Keychain, VS Code files)
• Falls back to browser cookies as an additional source (non-fatal if cookies unavailable)
• Supports multi-account output via ProviderAccountResult array
• Uses CandidateDedupe.merge() for cross-source deduplication
• Fetches user login via GitHub /user API when not available from token metadata
• Merges plan info from token API with usage data from cookie-based billing API
• All cookie-based operations (fetchCustomerId, fetchUsageData) return optionals instead of throwing, enabling graceful fallback
• Removes the local CopilotUsage struct (now uses the shared model from CopilotUsage.swift)

CLI — Table Formatter Alignment Fix (main.swift)

• Replace hardcoded 20-char provider column width with dynamic computation
• Add computeProviderWidth() that scans ALL row labels (regular providers, Gemini multi-account, generic multi-account) before rendering
• Pass computed width to formatHeader(), formatSeparator(), formatRow(), formatGeminiAccountRow(), formatAccountRow()
• Add shortenAuthSource() to display file paths as just the filename (e.g., /Users/x/.local/share/opencode/auth.json becomes auth.json)
• Extract accountLabel() and geminiLabel() helpers shared between width computation and rendering
• JSON formatter already supported multi-account output (added in earlier work)

Build Configuration (project.pbxproj)

• Add CopilotUsage.swift to the CLI target's Sources build phase so the CLI can use the shared model

Files Changed

File	Change
CopilotMonitor/CopilotMonitor/Services/TokenManager.swift	Keychain reader, quota_snapshots parser, dedup priorities, diagnostics
CopilotMonitor/CopilotMonitor/Providers/CopilotProvider.swift	Add copilotCliKeychain to sourcePriority()
CopilotMonitor/CopilotMonitor/App/StatusBarController.swift	Display login names instead of indices
CopilotMonitor/CLI/Providers/CopilotCLIProvider.swift	Full rewrite for multi-account TokenManager support
CopilotMonitor/CLI/main.swift	Dynamic table column alignment, auth source shortening
CopilotMonitor/CopilotMonitor.xcodeproj/project.pbxproj	Add CopilotUsage.swift to CLI target

Testing

• Both targets build successfully (BUILD SUCCEEDED)

• CLI discovers accounts from both OpenCode auth and Keychain sources

• Table output is correctly aligned with dynamic column widths:

  Example of new table render

  

• JSON output correctly serializes both accounts with all fields

• GUI menu shows multiple accounts correctly

[op-gg-ai-devops]

Here is the summary of the changes in this PR:

This PR significantly enhances the CLI tool by adding multi-account support for Copilot (including discovery via macOS Keychain), aligns the CLI provider logic with the GUI version, and updates TokenManager to correctly parse the newer quota_snapshots API field.

---

Code Review Feedback

• Keychain Integration: The readCopilotCliKeychainAccounts implementation using SecItemCopyMatching is clean and standard for retrieving generic passwords. This is a great addition for users who rely on the official GitHub CLI auth.
• API Future-Proofing: Excellent catch on the quota_snapshots structure in TokenManager. Relying solely on monthly_quotas or limited_user_quotas was becoming risky as the API evolved, so aggregating entitlements from snapshots makes the logic much more robust.
• CLI UX: The dynamic width calculation in TableFormatter is a thoughtful improvement; fixed-width tables almost always break when long email addresses are involved.
• Maintainability: Since CopilotCLIProvider now mirrors the GUI CopilotProvider significantly (deduplication priority, fetching logic), consider extracting shared logic into a common service in a future refactor to prevent logic drift between the two interface modes.

---

This is just a quick preview.
For a detailed, line-by-line code review (including bug detection and security checks), please comment:
**@opgginc/op-gg-ai-devops** review this

[kargnas]

@opgginc/op-gg-ai-devops

[op-gg-ai-devops]

✅ AI Code Review Completed

Review finished. Please address the feedback regarding usage logic, concurrency, and keychain access.

Review Plan

• Read AGENTS.md to determine review language and project rules
• Fetch and analyze git diff between BASE_SHA and HEAD_SHA
• Check for documentation updates (README.md, AGENTS.md, .env.example)
• Perform deep code review (logic, security, performance, style)
• Draft and post review using gh api
• Update status comment to Completed

Reviewed with google/gemini-3-pro-preview

---

📋 View Full Logs

[op-gg-ai-devops]

🤖 OP.GG DevOps AI Code Review

This PR enhances the CopilotCLIProvider to support multi-account discovery via TokenManager, aligning the CLI behavior with the GUI application. It introduces Keychain access for token retrieval and improves output formatting for multiple accounts.

🔍 Key Findings

1. Logic Change in Usage Calculation: The CLI now uses the shared CopilotUsage model, which calculates usedRequests differently than the previous CLI implementation. The old implementation included netQuantity (overage) and respected filteredUserPremiumRequestEntitlement. The shared model only uses discountQuantity and userPremiumRequestEntitlement. Please verify if this simplification is intentional or if the shared model needs updating.
2. Concurrency Optimization: The token discovery process fetches plan info and user login sequentially for each account. For users with multiple accounts, this could be parallelized to improve performance.
3. Keychain Access in CLI: The integration of TokenManager means the CLI will now attempt to access the macOS Keychain. Ensure this behaves correctly in headless environments (e.g., CI/CD) and that users are aware of potential permission prompts.

🛠️ Suggestions

I have included inline suggestions to improve performance, clean up unused code, and refine the table formatting logic.

[op-gg-ai-devops]

It seems cachedUserEmail is assigned but never read. If it's not needed for future logic, consider removing it to keep the state clean.

Suggested change

	private var cachedUserEmail: String?
	private var cachedCustomerId: String?

[op-gg-ai-devops]

Fetching plan info and user login sequentially for each account might be slow if there are many accounts. Consider using TaskGroup to fetch these in parallel.

Suggested change

	private func fetchTokenInfos(_ accounts: [CopilotAuthAccount]) async -> [CopilotTokenInfo] {
	var infos: [CopilotTokenInfo] = []
	for account in accounts {
	let planInfo = await TokenManager.shared.fetchCopilotPlanInfo(accessToken: account.accessToken)
	var login = account.login
	if login == nil {
	login = await fetchCopilotUserLogin(accessToken: account.accessToken)
	}
	let accountId = account.accountId ?? planInfo?.userId ?? login
	infos.append(
	CopilotTokenInfo(
	accountId: accountId,
	login: login,
	planInfo: planInfo,
	authSource: account.authSource,
	source: account.source
	await withTaskGroup(of: CopilotTokenInfo.self) { group in
	for account in accounts {
	group.addTask {
	let planInfo = await TokenManager.shared.fetchCopilotPlanInfo(accessToken: account.accessToken)
	var login = account.login
	if login == nil {
	login = await self.fetchCopilotUserLogin(accessToken: account.accessToken)
	}
	let accountId = account.accountId ?? planInfo?.userId ?? login
	return CopilotTokenInfo(
	accountId: accountId,
	login: login,
	planInfo: planInfo,
	authSource: account.authSource,
	source: account.source
	)
	}
	}
	for await info in group {
	infos.append(info)
	}
	}

[op-gg-ai-devops]

The hardcoded 30 for the metrics column width might cause the separator line to be too short if the metrics string is long (e.g., "$12.34 spent (resets Jan 1)"). Consider calculating the max width of the metrics column dynamically, similar to computeProviderWidth, or at least increasing this constant to cover typical output lengths.

[Shaglock]

Tried to address the comments :)