feat(opencode): add killswitch indicators to TUI sidebar

[iceteaSA]

Dependencies: Requires #35 (killswitch) and #37 (TUI sidebar) to be merged first.

Adds killswitch awareness to the TUI sidebar widget:

• Red dot for killed accounts, green for active
• Quota/refresh backoff state display
• Kill summary section showing which accounts are blocked
• writeSidebarState() computes killswitch policy for all accounts

Files:

• packages/opencode/src/sidebar-state.ts — adds killed, backoff fields
• packages/opencode/src/tui.tsx — killed indicator, kill status section
• packages/opencode/src/index.ts — killswitch-aware sidebar state

---

Summary by cubic

Adds a killswitch and a restyled, real-time TUI quota sidebar. Blocks low‑quota requests and shows live quota, backoff, killswitch state, and cache keepalive in the sidebar.

• New Features

  • Killswitch: per‑account and main 5h/7d thresholds with persisted config; skip killed main and filter killed fallbacks; synthetic 429 with Retry‑After; /claude-killswitch on/off/set/status.
  • TUI sidebar: account status (active/idle/blocked), kill summary; aligned quota bars with right‑aligned reset times; Health shows quota/token backoff and killswitch retry‑at; Cache shows 1h keepalive window and tracked sessions; event‑driven refresh with debounce + poll; LIMITED badge when degraded.
  • Packaging/Docs: export ./tui in @cortexkit/opencode-anthropic-auth, register in oc-plugin; add @opentui/core, @opentui/solid, solid-js; copy tui.tsx at build; @cortexkit/anthropic-auth-core now exports killswitch APIs; READMEs document /claude-killswitch and TUI registration.

• Bug Fixes

  • Backoff scoped per route (main vs each fallback) to avoid cross‑account blocking.
  • Token‑aware fail‑closed read: bind cached main quota to the access‑token fingerprint; drop snapshots on token change; enforced in getMain().
  • Every‑N refresh: count all replayable requests (including fallback‑first) and restore the process‑scoped counter.
  • Fallback selection: evaluate from the QuotaManager cache as the single source of truth; token‑bind fallback cache entries and invalidate on re‑login.

^{Written for commit e86d9d3. Summary will update on new commits.}

[cubic-dev-ai]

2 issues found across 16 files

<sub>Tip: cubic can generate docs of your entire codebase and keep them up to date. Try it here.

Fix all with cubic | Re-trigger cubic</sub>

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/@opentui/solid@0.3.0 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​opentui/​core@​0.3.0
	solid-js@​1.9.13
	@​opentui/​solid@​0.3.0

View full report