feat: add addAccountByToken tRPC mutation with upsert logic and tests

Adds a new mutation that accepts an email + raw OAuth token and upserts
the account — creating it if it doesn't exist, updating credentials if
it does. Covers all four scenarios with unit tests (new, existing,
empty-email, empty-token validation).

apps/server/trpc/routers/account.ts

@@ -72,5 +72,29 @@ export function accountProcedures(publicProcedure: ProcedureBuilder) {
       .query(() => {
         return listProviderNames();
       }),
+
+    addAccountByToken: publicProcedure
+      .input(z.object({
+        email: z.string().min(1),
+        provider: z.string().default('claude'),
+        token: z.string().min(1),
+      }))
+      .mutation(async ({ ctx, input }) => {
+        const repo = requireAccountRepository(ctx);
+        const credentials = JSON.stringify({ claudeAiOauth: { accessToken: input.token } });
+        const configJson = JSON.stringify({ hasCompletedOnboarding: true });
+        const existing = await repo.findByEmail(input.email);
+        if (existing) {
+          const account = await repo.updateAccountAuth(existing.id, configJson, credentials);
+          return { upserted: true, account };
+        }
+        const account = await repo.create({
+          email: input.email,
+          provider: input.provider,
+          configJson,
+          credentials,
+        });
+        return { upserted: false, account };
+      }),
   };
 }