@bjesuiter/codex-switcher 1.0.4 → 1.2.0

package/README.md

@@ -2,6 +2,11 @@
 
 CLI tool to switch between multiple OpenAI accounts for [OpenCode](https://opencode.ai).
 
+## Why codex-switcher?
+
+Anthropic has a $100/month plan, but OpenAI only offers $20 and $200 plans.
+So: switching between two $20 plans is the poor man's $100 plan for OpenAI. ^^
+
 ## Supported Configurations
 
 - **OpenAI Plus & Pro subscription accounts**: Log in to multiple OpenAI accounts via OAuth and switch the active auth credentials used by OpenCode.
@@ -35,7 +40,10 @@ Opens your browser to authenticate with OpenAI. After successful login, your cre
 cdx switch
 ```
 
-Interactive picker to select an account. Writes credentials to `~/.local/share/opencode/auth.json`.
+Interactive picker to select an account. Writes credentials to:
+- `~/.local/share/opencode/auth.json` (OpenCode)
+- `~/.pi/agent/auth.json` (Pi agent, or `$PI_CODING_AGENT_DIR/auth.json` when `PI_CODING_AGENT_DIR` is set)
+- `~/.codex/auth.json` (Codex CLI; requires `id_token`)
 
 ```bash
 cdx switch --next
@@ -86,6 +94,9 @@ Running `cdx` without arguments opens an interactive menu to:
 | `cdx switch <id>` | Switch to specific account |
 | `cdx label` | Label an account (interactive) |
 | `cdx label <account> <label>` | Assign label directly |
+| `cdx status` | Show account status, token expiry, and usage |
+| `cdx usage` | Show usage overview for all accounts |
+| `cdx usage <account>` | Show detailed usage for a specific account |
 | `cdx --help` | Show help |
 | `cdx --version` | Show version |
 
@@ -93,7 +104,10 @@ Running `cdx` without arguments opens an interactive menu to:
 
 - OAuth credentials are stored securely in macOS Keychain
 - Account list is stored in `~/.config/cdx/accounts.json`
-- Active account credentials are written to `~/.local/share/opencode/auth.json`
+- Active account credentials are written to:
+  - `~/.local/share/opencode/auth.json`
+  - `~/.pi/agent/auth.json` (or `$PI_CODING_AGENT_DIR/auth.json`)
+  - `~/.codex/auth.json` (when `id_token` exists)
 
 ## For Developers
 

package/cdx.mjs

@@ -1,9 +1,9 @@
 #!/usr/bin/env bun
 import { Command } from "commander";
-import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import path from "node:path";
 import os from "node:os";
-import { existsSync } from "node:fs";
 import * as p from "@clack/prompts";
 import { spawn } from "node:child_process";
 import { generatePKCE } from "@openauthjs/openauth/pkce";
@@ -11,17 +11,24 @@ import { randomBytes } from "node:crypto";
 import http from "node:http";
 
 //#region package.json
-var version = "1.0.4";
+var version = "1.2.0";
 
 //#endregion
 //#region lib/paths.ts
 const defaultConfigDir = path.join(os.homedir(), ".config", "cdx");
-const defaultPaths = {
+const resolvePiAuthPath = () => {
+	const piAgentDir = process.env.PI_CODING_AGENT_DIR?.trim();
+	if (piAgentDir) return path.join(piAgentDir, "auth.json");
+	return path.join(os.homedir(), ".pi", "agent", "auth.json");
+};
+const createDefaultPaths = () => ({
 	configDir: defaultConfigDir,
 	configPath: path.join(defaultConfigDir, "accounts.json"),
-	authPath: path.join(os.homedir(), ".local", "share", "opencode", "auth.json")
-};
-let currentPaths = { ...defaultPaths };
+	authPath: path.join(os.homedir(), ".local", "share", "opencode", "auth.json"),
+	codexAuthPath: path.join(os.homedir(), ".codex", "auth.json"),
+	piAuthPath: resolvePiAuthPath()
+});
+let currentPaths = createDefaultPaths();
 const getPaths = () => currentPaths;
 const setPaths = (paths) => {
 	currentPaths = {
@@ -31,27 +38,94 @@ const setPaths = (paths) => {
 	if (paths.configDir && !paths.configPath) currentPaths.configPath = path.join(paths.configDir, "accounts.json");
 };
 const resetPaths = () => {
-	currentPaths = { ...defaultPaths };
+	currentPaths = createDefaultPaths();
 };
 const createTestPaths = (testDir) => ({
 	configDir: path.join(testDir, "config"),
 	configPath: path.join(testDir, "config", "accounts.json"),
-	authPath: path.join(testDir, "auth", "auth.json")
+	authPath: path.join(testDir, "auth", "auth.json"),
+	codexAuthPath: path.join(testDir, "codex", "auth.json"),
+	piAuthPath: path.join(testDir, "pi", "auth.json")
 });
 
 //#endregion
 //#region lib/auth.ts
+const readExistingJson = async (filePath) => {
+	if (!existsSync(filePath)) return {};
+	try {
+		const raw = await readFile(filePath, "utf8");
+		const parsed = JSON.parse(raw);
+		return typeof parsed === "object" && parsed !== null ? parsed : {};
+	} catch {
+		return {};
+	}
+};
 const writeAuthFile = async (payload) => {
 	const { authPath } = getPaths();
 	await mkdir(path.dirname(authPath), { recursive: true });
-	const authJson = { openai: {
+	const existing = await readExistingJson(authPath);
+	existing.openai = {
 		type: "oauth",
 		refresh: payload.refresh,
 		access: payload.access,
 		expires: payload.expires,
 		accountId: payload.accountId
-	} };
-	await writeFile(authPath, JSON.stringify(authJson, null, 2), "utf8");
+	};
+	await writeFile(authPath, JSON.stringify(existing, null, 2), "utf8");
+};
+const writeCodexAuthFile = async (payload) => {
+	const { codexAuthPath } = getPaths();
+	await mkdir(path.dirname(codexAuthPath), { recursive: true });
+	const existing = await readExistingJson(codexAuthPath);
+	existing.tokens = {
+		...typeof existing.tokens === "object" && existing.tokens !== null ? existing.tokens : {},
+		id_token: payload.idToken ?? null,
+		access_token: payload.access,
+		refresh_token: payload.refresh,
+		account_id: payload.accountId
+	};
+	existing.last_refresh = (/* @__PURE__ */ new Date()).toISOString();
+	await writeFile(codexAuthPath, JSON.stringify(existing, null, 2), "utf8");
+};
+const writePiAuthFile = async (payload) => {
+	const { piAuthPath } = getPaths();
+	await mkdir(path.dirname(piAuthPath), { recursive: true });
+	const existing = await readExistingJson(piAuthPath);
+	existing["openai-codex"] = {
+		type: "oauth",
+		access: payload.access,
+		refresh: payload.refresh,
+		expires: payload.expires,
+		accountId: payload.accountId
+	};
+	await writeFile(piAuthPath, JSON.stringify(existing, null, 2), "utf8");
+};
+const writeAllAuthFiles = async (payload) => {
+	await writeAuthFile(payload);
+	await writePiAuthFile(payload);
+	if (payload.idToken) {
+		await writeCodexAuthFile(payload);
+		return {
+			piWritten: true,
+			codexWritten: true,
+			codexMissingIdToken: false,
+			codexCleared: false
+		};
+	}
+	const { codexAuthPath } = getPaths();
+	let codexCleared = false;
+	if (existsSync(codexAuthPath)) try {
+		await rm(codexAuthPath);
+		codexCleared = true;
+	} catch {
+		codexCleared = false;
+	}
+	return {
+		piWritten: true,
+		codexWritten: false,
+		codexMissingIdToken: true,
+		codexCleared
+	};
 };
 
 //#endregion
@@ -210,9 +284,35 @@ const exchangeAuthorizationCode = async (code, verifier) => {
 		type: "success",
 		access: json.access_token,
 		refresh: json.refresh_token,
-		expires: Date.now() + json.expires_in * 1e3
+		expires: Date.now() + json.expires_in * 1e3,
+		idToken: json.id_token
 	};
 };
+const refreshAccessToken = async (refreshToken) => {
+	try {
+		const response = await fetch(TOKEN_URL, {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: new URLSearchParams({
+				grant_type: "refresh_token",
+				refresh_token: refreshToken,
+				client_id: CLIENT_ID
+			})
+		});
+		if (!response.ok) return { type: "failed" };
+		const json = await response.json();
+		if (!json?.access_token || !json?.refresh_token || typeof json?.expires_in !== "number") return { type: "failed" };
+		return {
+			type: "success",
+			access: json.access_token,
+			refresh: json.refresh_token,
+			expires: Date.now() + json.expires_in * 1e3,
+			idToken: json.id_token
+		};
+	} catch {
+		return { type: "failed" };
+	}
+};
 const decodeJWT = (token) => {
 	try {
 		const parts = token.split(".");
@@ -353,6 +453,60 @@ const addAccountToConfig = async (accountId, label) => {
 	};
 	await saveConfig(config);
 };
+const performRefresh = async (targetAccountId, label) => {
+	const displayName = label ?? targetAccountId;
+	p.log.step(`Refreshing credentials for "${displayName}"...`);
+	let flow;
+	try {
+		flow = await createAuthorizationFlow();
+	} catch (error) {
+		const msg = error instanceof Error ? error.message : String(error);
+		p.log.error(`Failed to create authorization flow: ${msg}`);
+		return null;
+	}
+	const server = await startOAuthServer(flow.state);
+	if (!server.ready) {
+		p.log.error("Failed to start local server on port 1455.");
+		p.log.info("Please ensure the port is not in use.");
+		return null;
+	}
+	const spinner = p.spinner();
+	p.log.info("Opening browser for authentication...");
+	openBrowser(flow.url);
+	spinner.start("Waiting for authentication...");
+	const result = await server.waitForCode();
+	server.close();
+	if (!result) {
+		spinner.stop("Authentication timed out or failed.");
+		return null;
+	}
+	spinner.message("Exchanging authorization code...");
+	const tokenResult = await exchangeAuthorizationCode(result.code, flow.pkce.verifier);
+	if (tokenResult.type === "failed") {
+		spinner.stop("Failed to exchange authorization code.");
+		return null;
+	}
+	const newAccountId = extractAccountId(tokenResult.access);
+	if (!newAccountId) {
+		spinner.stop("Failed to extract account ID from token.");
+		return null;
+	}
+	if (newAccountId !== targetAccountId) {
+		spinner.stop(`Account mismatch: expected "${targetAccountId}" but got "${newAccountId}". Make sure you log in with the correct OpenAI account.`);
+		return null;
+	}
+	spinner.message("Updating credentials...");
+	saveKeychainPayload(newAccountId, {
+		refresh: tokenResult.refresh,
+		access: tokenResult.access,
+		expires: tokenResult.expires,
+		accountId: newAccountId,
+		...tokenResult.idToken ? { idToken: tokenResult.idToken } : {}
+	});
+	spinner.stop("Credentials refreshed!");
+	p.log.success(`Account "${displayName}" credentials updated in Keychain.`);
+	return { accountId: newAccountId };
+};
 const performLogin = async () => {
 	p.intro("cdx login - Add OpenAI account");
 	const flow = await createAuthorizationFlow();
@@ -388,7 +542,8 @@ const performLogin = async () => {
 		refresh: tokenResult.refresh,
 		access: tokenResult.access,
 		expires: tokenResult.expires,
-		accountId
+		accountId,
+		...tokenResult.idToken ? { idToken: tokenResult.idToken } : {}
 	});
 	spinner.stop("Login successful!");
 	const labelInput = await p.text({
@@ -403,6 +558,139 @@ const performLogin = async () => {
 	return { accountId };
 };
 
+//#endregion
+//#region lib/refresh.ts
+const writeActiveAuthFilesIfCurrent = async (accountId) => {
+	if (!configExists()) return null;
+	const config = await loadConfig();
+	const current = config.accounts[config.current];
+	if (!current || current.accountId !== accountId) return null;
+	return writeAllAuthFiles(loadKeychainPayload(accountId));
+};
+
+//#endregion
+//#region lib/status.ts
+const formatDuration = (ms) => {
+	const absMs = Math.abs(ms);
+	const seconds = Math.floor(absMs / 1e3);
+	const minutes = Math.floor(seconds / 60);
+	const hours = Math.floor(minutes / 60);
+	const days = Math.floor(hours / 24);
+	if (days > 0) {
+		const remainingHours = hours % 24;
+		return remainingHours > 0 ? `${days}d ${remainingHours}h` : `${days}d`;
+	}
+	if (hours > 0) {
+		const remainingMinutes = minutes % 60;
+		return remainingMinutes > 0 ? `${hours}h ${remainingMinutes}m` : `${hours}h`;
+	}
+	if (minutes > 0) return `${minutes}m`;
+	return `${seconds}s`;
+};
+const formatExpiry = (expiresAt) => {
+	if (expiresAt === null) return "unknown";
+	const remaining = expiresAt - Date.now();
+	if (remaining <= 0) return `EXPIRED ${formatDuration(remaining)} ago`;
+	return `expires in ${formatDuration(remaining)}`;
+};
+const readOpenCodeAuthAccount = async () => {
+	const { authPath } = getPaths();
+	if (!existsSync(authPath)) return {
+		exists: false,
+		accountId: null
+	};
+	try {
+		const raw = await readFile(authPath, "utf8");
+		return {
+			exists: true,
+			accountId: JSON.parse(raw).openai?.accountId ?? null
+		};
+	} catch {
+		return {
+			exists: true,
+			accountId: null
+		};
+	}
+};
+const readCodexAuthAccount = async () => {
+	const { codexAuthPath } = getPaths();
+	if (!existsSync(codexAuthPath)) return {
+		exists: false,
+		accountId: null
+	};
+	try {
+		const raw = await readFile(codexAuthPath, "utf8");
+		return {
+			exists: true,
+			accountId: JSON.parse(raw).tokens?.account_id ?? null
+		};
+	} catch {
+		return {
+			exists: true,
+			accountId: null
+		};
+	}
+};
+const readPiAuthAccount = async () => {
+	const { piAuthPath } = getPaths();
+	if (!existsSync(piAuthPath)) return {
+		exists: false,
+		accountId: null
+	};
+	try {
+		const raw = await readFile(piAuthPath, "utf8");
+		return {
+			exists: true,
+			accountId: JSON.parse(raw)["openai-codex"]?.accountId ?? null
+		};
+	} catch {
+		return {
+			exists: true,
+			accountId: null
+		};
+	}
+};
+const getAccountStatus = (accountId, isCurrent, label) => {
+	const keychainExists = keychainPayloadExists(accountId);
+	let expiresAt = null;
+	let hasIdToken = false;
+	if (keychainExists) try {
+		const payload = loadKeychainPayload(accountId);
+		expiresAt = payload.expires;
+		hasIdToken = !!payload.idToken;
+	} catch {}
+	return {
+		accountId,
+		label,
+		isCurrent,
+		keychainExists,
+		hasIdToken,
+		expiresAt,
+		expiresIn: formatExpiry(expiresAt)
+	};
+};
+const getStatus = async () => {
+	const accounts = [];
+	if (configExists()) {
+		const config = await loadConfig();
+		for (let i = 0; i < config.accounts.length; i++) {
+			const account = config.accounts[i];
+			accounts.push(getAccountStatus(account.accountId, i === config.current, account.label));
+		}
+	}
+	const [opencodeAuth, codexAuth, piAuth] = await Promise.all([
+		readOpenCodeAuthAccount(),
+		readCodexAuthAccount(),
+		readPiAuthAccount()
+	]);
+	return {
+		accounts,
+		opencodeAuth,
+		codexAuth,
+		piAuth
+	};
+};
+
 //#endregion
 //#region lib/interactive.ts
 const getAccountDisplay = (accountId, isCurrent, label) => {
@@ -456,15 +744,72 @@ const handleSwitchAccount = async () => {
 		p.log.error("Invalid selection.");
 		return;
 	}
-	await writeAuthFile(loadKeychainPayload(selectedAccount.accountId));
+	let payload;
+	try {
+		payload = loadKeychainPayload(selectedAccount.accountId);
+	} catch {
+		p.log.error(`Missing credentials for account ${selectedAccount.label ?? selectedAccount.accountId}. Re-login with 'cdx login'.`);
+		return;
+	}
+	const result = await writeAllAuthFiles(payload);
 	config.current = selected;
 	await saveConfig(config);
 	const displayName = selectedAccount.label ?? selectedAccount.accountId;
+	const opencodeMark = "✓";
+	const piMark = result.piWritten ? "✓" : "✗";
+	const codexMark = result.codexWritten ? "✓" : result.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
 	p.log.success(`Switched to account ${displayName}`);
+	p.log.message(`  OpenCode:  ${opencodeMark}`);
+	p.log.message(`  Pi Agent:  ${piMark}`);
+	p.log.message(`  Codex CLI: ${codexMark}`);
 };
 const handleAddAccount = async () => {
 	await performLogin();
 };
+const handleRefreshAccount = async () => {
+	if (!configExists()) {
+		p.log.warning("No accounts configured. Use 'Add account' first.");
+		return;
+	}
+	const config = await loadConfig();
+	if (config.accounts.length === 0) {
+		p.log.warning("No accounts to refresh.");
+		return;
+	}
+	const currentAccountId = config.accounts[config.current]?.accountId;
+	const options = config.accounts.map((account) => ({
+		value: account.accountId,
+		label: getAccountDisplay(account.accountId, account.accountId === currentAccountId, account.label)
+	}));
+	const selected = await p.select({
+		message: "Select account to refresh:",
+		options
+	});
+	if (p.isCancel(selected)) {
+		p.log.info("Cancelled.");
+		return;
+	}
+	const accountId = selected;
+	const account = config.accounts.find((a) => a.accountId === accountId);
+	try {
+		const result = await performRefresh(accountId, account?.label);
+		if (!result) p.log.warning("Refresh was not completed.");
+		else {
+			const authResult = await writeActiveAuthFilesIfCurrent(result.accountId);
+			if (authResult) {
+				const piMark = authResult.piWritten ? "✓" : "✗";
+				const codexMark = authResult.codexWritten ? "✓" : authResult.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
+				p.log.message("Updated active auth files:");
+				p.log.message("  OpenCode:  ✓");
+				p.log.message(`  Pi Agent:  ${piMark}`);
+				p.log.message(`  Codex CLI: ${codexMark}`);
+			}
+		}
+	} catch (error) {
+		const msg = error instanceof Error ? error.message : String(error);
+		p.log.error(`Refresh failed: ${msg}`);
+	}
+};
 const handleRemoveAccount = async () => {
 	if (!configExists()) {
 		p.log.warning("No accounts configured.");
@@ -552,6 +897,28 @@ const handleLabelAccount = async () => {
 	if (newLabel) p.log.success(`Account ${accountId} labeled as "${newLabel}".`);
 	else p.log.success(`Label removed from account ${accountId}.`);
 };
+const handleStatus = async () => {
+	const status = await getStatus();
+	if (status.accounts.length === 0) {
+		p.log.warning("No accounts configured. Use 'Add account' to get started.");
+		return;
+	}
+	p.log.info("Account status:");
+	for (const account of status.accounts) {
+		const marker = account.isCurrent ? "→ " : "  ";
+		const name = account.label ? `${account.label} (${account.accountId})` : account.accountId;
+		const keychain = account.keychainExists ? "" : " [no keychain]";
+		const idToken = account.hasIdToken ? "" : " [no id_token]";
+		p.log.message(`${marker}${name} — ${account.expiresIn}${keychain}${idToken}`);
+	}
+	const ocStatus = status.opencodeAuth.exists ? `active: ${status.opencodeAuth.accountId ?? "unknown"}` : "not found";
+	const cxStatus = status.codexAuth.exists ? `active: ${status.codexAuth.accountId ?? "unknown"}` : "not found";
+	const piStatus = status.piAuth.exists ? `active: ${status.piAuth.accountId ?? "unknown"}` : "not found";
+	p.log.info(`Auth files:`);
+	p.log.message(`  OpenCode: ${ocStatus}`);
+	p.log.message(`  Codex CLI: ${cxStatus}`);
+	p.log.message(`  Pi Agent: ${piStatus}`);
+};
 const runInteractiveMode = async () => {
 	p.intro("cdx - OpenAI Account Switcher");
 	let running = true;
@@ -578,6 +945,10 @@ const runInteractiveMode = async () => {
 					value: "add",
 					label: "Add account (OAuth login)"
 				},
+				{
+					value: "refresh",
+					label: "Refresh account (re-login)"
+				},
 				{
 					value: "remove",
 					label: "Remove account"
@@ -586,6 +957,10 @@ const runInteractiveMode = async () => {
 					value: "label",
 					label: "Label account"
 				},
+				{
+					value: "status",
+					label: "Account status & token expiry"
+				},
 				{
 					value: "exit",
 					label: "Exit"
@@ -606,12 +981,18 @@ const runInteractiveMode = async () => {
 			case "add":
 				await handleAddAccount();
 				break;
+			case "refresh":
+				await handleRefreshAccount();
+				break;
 			case "remove":
 				await handleRemoveAccount();
 				break;
 			case "label":
 				await handleLabelAccount();
 				break;
+			case "status":
+				await handleStatus();
+				break;
 			case "exit":
 				running = false;
 				break;
@@ -621,6 +1002,162 @@ const runInteractiveMode = async () => {
 	p.outro("Goodbye!");
 };
 
+//#endregion
+//#region lib/usage.ts
+const USAGE_ENDPOINT = "https://chatgpt.com/backend-api/wham/usage";
+const USER_AGENT = "cdx-cli";
+/**
+* Hits the undocumented OpenAI usage endpoint (may change without notice).
+*/
+const fetchUsageRaw = async (accessToken, accountId) => {
+	const headers = {
+		Authorization: `Bearer ${accessToken}`,
+		"User-Agent": USER_AGENT,
+		Accept: "application/json"
+	};
+	if (accountId) headers["ChatGPT-Account-Id"] = accountId;
+	return fetch(USAGE_ENDPOINT, { headers });
+};
+/**
+* Fetches usage for an account. On 401, refreshes the token and retries once.
+*/
+const fetchUsage = async (accountId) => {
+	let payload;
+	try {
+		payload = loadKeychainPayload(accountId);
+	} catch (err) {
+		return {
+			ok: false,
+			error: {
+				type: "auth_failed",
+				message: err instanceof Error ? err.message : "Failed to load credentials"
+			}
+		};
+	}
+	try {
+		let response = await fetchUsageRaw(payload.access, payload.accountId);
+		if (response.status === 401) {
+			const refreshResult = await refreshAccessToken(payload.refresh);
+			if (refreshResult.type === "failed") return {
+				ok: false,
+				error: {
+					type: "auth_failed",
+					message: "Token expired and refresh failed. Try 'cdx login' to re-authenticate."
+				}
+			};
+			const updatedPayload = {
+				...payload,
+				access: refreshResult.access,
+				refresh: refreshResult.refresh,
+				expires: refreshResult.expires,
+				idToken: refreshResult.idToken ?? payload.idToken
+			};
+			saveKeychainPayload(accountId, updatedPayload);
+			response = await fetchUsageRaw(updatedPayload.access, updatedPayload.accountId);
+			if (!response.ok) return {
+				ok: false,
+				error: {
+					type: "auth_failed",
+					message: `Usage API returned ${response.status} after token refresh.`
+				}
+			};
+		} else if (!response.ok) return {
+			ok: false,
+			error: {
+				type: "unexpected",
+				message: `Usage API returned ${response.status}: ${response.statusText}`
+			}
+		};
+		return {
+			ok: true,
+			data: await response.json()
+		};
+	} catch (err) {
+		return {
+			ok: false,
+			error: {
+				type: "network_error",
+				message: err instanceof Error ? err.message : "Network request failed"
+			}
+		};
+	}
+};
+const formatWindowLabel = (seconds) => {
+	const hours = seconds / 3600;
+	if (hours >= 24) {
+		const days = Math.round(hours / 24);
+		return days === 7 ? "weekly" : `${days}d`;
+	}
+	return `${Math.round(hours)}h`;
+};
+const formatResetCountdown = (resetAtUnix) => {
+	const diff = resetAtUnix * 1e3 - Date.now();
+	if (diff <= 0) return "now";
+	const minutes = Math.floor(diff / 6e4);
+	const hours = Math.floor(minutes / 60);
+	const remainingMinutes = minutes % 60;
+	if (hours > 0) return remainingMinutes > 0 ? `${hours}h ${remainingMinutes}m` : `${hours}h`;
+	return `${minutes}m`;
+};
+const formatPercentageBar = (usedPercent) => {
+	const width = 20;
+	const filled = Math.round(usedPercent / 100 * width);
+	const empty = width - filled;
+	return `[${"█".repeat(filled)}${"░".repeat(empty)}] ${usedPercent}% used`;
+};
+const formatWindow = (label, w) => {
+	return [
+		`${label} (${formatWindowLabel(w.limit_window_seconds)} window):`,
+		`  ${formatPercentageBar(w.used_percent)}`,
+		`  Resets in: ${formatResetCountdown(w.reset_at)}`
+	];
+};
+const formatUsage = (usage) => {
+	const lines = [];
+	const plan = usage.plan_type ?? "unknown";
+	lines.push(`Plan: ${plan}`);
+	lines.push("");
+	if (usage.rate_limit?.primary_window) lines.push(...formatWindow("Primary", usage.rate_limit.primary_window));
+	if (usage.rate_limit?.secondary_window) lines.push(...formatWindow("Secondary", usage.rate_limit.secondary_window));
+	if (usage.credits) {
+		lines.push("");
+		if (usage.credits.unlimited) lines.push("Credits: unlimited");
+		else if (usage.credits.has_credits && usage.credits.balance !== void 0) lines.push(`Credits: $${Number(usage.credits.balance).toFixed(2)}`);
+		else if (!usage.credits.has_credits) lines.push("Credits: none");
+	}
+	return lines.join("\n");
+};
+const formatUsageBars = (usage, indent = "    ") => {
+	const windows = [];
+	if (usage.rate_limit?.primary_window) windows.push({
+		label: formatWindowLabel(usage.rate_limit.primary_window.limit_window_seconds),
+		window: usage.rate_limit.primary_window
+	});
+	if (usage.rate_limit?.secondary_window) windows.push({
+		label: formatWindowLabel(usage.rate_limit.secondary_window.limit_window_seconds),
+		window: usage.rate_limit.secondary_window
+	});
+	const maxLabelLen = Math.max(...windows.map((w) => w.label.length), 0);
+	return windows.map(({ label, window: w }) => {
+		return `${indent}${label.padEnd(maxLabelLen)}  ${formatPercentageBar(w.used_percent)}  resets in ${formatResetCountdown(w.reset_at)}`;
+	});
+};
+const formatUsageOverview = (entries) => {
+	const lines = [];
+	for (let i = 0; i < entries.length; i++) {
+		const entry = entries[i];
+		const marker = entry.isCurrent ? "→ " : "  ";
+		if (entry.result.ok) {
+			const usage = entry.result.data;
+			const plan = usage.plan_type ?? "unknown";
+			lines.push(`${marker}${entry.displayName} (${plan})`);
+			lines.push(...formatUsageBars(usage));
+		} else lines.push(`${marker}${entry.displayName}: [error] ${entry.result.error.message}`);
+		if (i < entries.length - 1) lines.push("");
+	}
+	return lines.join("\n");
+};
+
 //#endregion
 //#region cdx.ts
 const switchNext = async () => {
@@ -629,22 +1166,34 @@ const switchNext = async () => {
 	const nextAccount = config.accounts[nextIndex];
 	if (!nextAccount?.accountId) throw new Error("Account entry missing accountId.");
 	const payload = loadKeychainPayload(nextAccount.accountId);
-	await writeAuthFile(payload);
+	const result = await writeAllAuthFiles(payload);
 	config.current = nextIndex;
 	await saveConfig(config);
 	const displayName = nextAccount.label ?? payload.accountId;
+	const opencodeMark = "✓";
+	const piMark = result.piWritten ? "✓" : "✗";
+	const codexMark = result.codexWritten ? "✓" : result.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
 	process.stdout.write(`Switched to account ${displayName}\n`);
+	process.stdout.write(`  OpenCode:  ${opencodeMark}\n`);
+	process.stdout.write(`  Pi Agent:  ${piMark}\n`);
+	process.stdout.write(`  Codex CLI: ${codexMark}\n`);
 };
 const switchToAccount = async (identifier) => {
 	const config = await loadConfig();
 	const index = config.accounts.findIndex((a) => a.accountId === identifier || a.label === identifier);
 	if (index === -1) throw new Error(`Account "${identifier}" not found. Use 'cdx login' to add it.`);
 	const account = config.accounts[index];
-	await writeAuthFile(loadKeychainPayload(account.accountId));
+	const result = await writeAllAuthFiles(loadKeychainPayload(account.accountId));
 	config.current = index;
 	await saveConfig(config);
 	const displayName = account.label ?? account.accountId;
+	const opencodeMark = "✓";
+	const piMark = result.piWritten ? "✓" : "✗";
+	const codexMark = result.codexWritten ? "✓" : result.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
 	process.stdout.write(`Switched to account ${displayName}\n`);
+	process.stdout.write(`  OpenCode:  ${opencodeMark}\n`);
+	process.stdout.write(`  Pi Agent:  ${piMark}\n`);
+	process.stdout.write(`  Codex CLI: ${codexMark}\n`);
 };
 const interactiveMode = runInteractiveMode;
 const createProgram = (deps = {}) => {
@@ -663,6 +1212,32 @@ const createProgram = (deps = {}) => {
 			process.exit(1);
 		}
 	});
+	program.command("refresh").description("Re-authenticate an existing account (update tokens without creating a duplicate)").argument("[account]", "Account ID or label to refresh").action(async (account) => {
+		try {
+			if (account) {
+				const target = (await loadConfig()).accounts.find((a) => a.accountId === account || a.label === account);
+				if (!target) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
+				const result = await performRefresh(target.accountId, target.label);
+				if (!result) {
+					process.stderr.write("Refresh failed.\n");
+					process.exit(1);
+				}
+				const authResult = await writeActiveAuthFilesIfCurrent(result.accountId);
+				if (authResult) {
+					const piMark = authResult.piWritten ? "✓" : "✗";
+					const codexMark = authResult.codexWritten ? "✓" : authResult.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
+					process.stdout.write("Updated active auth files:\n");
+					process.stdout.write("  OpenCode:  ✓\n");
+					process.stdout.write(`  Pi Agent:  ${piMark}\n`);
+					process.stdout.write(`  Codex CLI: ${codexMark}\n`);
+				}
+			} else await handleRefreshAccount();
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			process.stderr.write(`${message}\n`);
+			process.exit(1);
+		}
+	});
 	program.command("switch").description("Switch OpenAI account (interactive picker, by name, or --next)").argument("[account-id]", "Account ID to switch to directly").option("-n, --next", "Cycle to the next configured account").action(async (accountId, options) => {
 		try {
 			if (options.next) await switchNext();
@@ -690,6 +1265,98 @@ const createProgram = (deps = {}) => {
 			process.exit(1);
 		}
 	});
+	program.command("status").description("Show account status, token expiry, and auth file state").action(async () => {
+		try {
+			const status = await getStatus();
+			if (status.accounts.length === 0) {
+				process.stdout.write("No accounts configured. Use 'cdx login' to add one.\n");
+				return;
+			}
+			process.stdout.write("\n");
+			for (let i = 0; i < status.accounts.length; i++) {
+				const account = status.accounts[i];
+				const marker = account.isCurrent ? "→ " : "  ";
+				const warnings = [];
+				if (!account.keychainExists) warnings.push("[no keychain]");
+				if (!account.hasIdToken) warnings.push("[no id_token]");
+				const warnStr = warnings.length > 0 ? `  ${warnings.join(" ")}` : "";
+				const displayName = account.label ?? account.accountId;
+				process.stdout.write(`${marker}${displayName}${warnStr}\n`);
+				if (account.label) process.stdout.write(`    ${account.accountId}\n`);
+				process.stdout.write(`    ${account.expiresIn}\n`);
+				const usageResult = await fetchUsage(account.accountId);
+				if (usageResult.ok) {
+					const bars = formatUsageBars(usageResult.data);
+					for (const bar of bars) process.stdout.write(`${bar}\n`);
+				}
+				if (i < status.accounts.length - 1) process.stdout.write("\n");
+			}
+			const resolveLabel = (id) => {
+				if (!id) return "unknown";
+				return status.accounts.find((a) => a.accountId === id)?.label ?? id;
+			};
+			process.stdout.write("\nAuth files:\n");
+			const ocStatus = status.opencodeAuth.exists ? `active: ${resolveLabel(status.opencodeAuth.accountId)}` : "not found";
+			process.stdout.write(`  OpenCode: ${ocStatus}\n`);
+			const cxStatus = status.codexAuth.exists ? `active: ${resolveLabel(status.codexAuth.accountId)}` : "not found";
+			process.stdout.write(`  Codex CLI: ${cxStatus}\n`);
+			const piStatus = status.piAuth.exists ? `active: ${resolveLabel(status.piAuth.accountId)}` : "not found";
+			process.stdout.write(`  Pi Agent: ${piStatus}\n`);
+			process.stdout.write("\n");
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			process.stderr.write(`${message}\n`);
+			process.exit(1);
+		}
+	});
+	program.command("usage").description("Show OpenAI usage for all accounts (or detailed view for one)").argument("[account]", "Account ID or label (shows detailed single-account view)").action(async (account) => {
+		try {
+			const config = await loadConfig();
+			if (account) {
+				const found = config.accounts.find((a) => a.accountId === account || a.label === account);
+				if (!found) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
+				const result = await fetchUsage(found.accountId);
+				if (!result.ok) throw new Error(result.error.message);
+				const displayName = found.label ? `${found.label} (${found.accountId})` : found.accountId;
+				process.stdout.write(`\n${displayName}\n${formatUsage(result.data)}\n\n`);
+			} else {
+				if (config.accounts.length === 0) throw new Error("No accounts configured. Use 'cdx login' to add one.");
+				const results = await Promise.allSettled(config.accounts.map((a) => fetchUsage(a.accountId)));
+				const entries = config.accounts.map((a, i) => {
+					const settled = results[i];
+					const displayName = a.label ? `${a.label} (${a.accountId})` : a.accountId;
+					const result = settled.status === "fulfilled" ? settled.value : {
+						ok: false,
+						error: {
+							type: "network_error",
+							message: settled.reason?.message ?? "Fetch failed"
+						}
+					};
+					return {
+						displayName,
+						isCurrent: i === config.current,
+						result
+					};
+				});
+				process.stdout.write(`\n${formatUsageOverview(entries)}\n\n`);
+			}
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			process.stderr.write(`${message}\n`);
+			process.exit(1);
+		}
+	});
+	program.command("help").description("Show available commands and usage information").argument("[command]", "Show help for a specific command").action((commandName) => {
+		if (commandName) {
+			const cmd = program.commands.find((c) => c.name() === commandName);
+			if (cmd) cmd.outputHelp();
+			else {
+				process.stderr.write(`Unknown command: ${commandName}\n`);
+				program.outputHelp();
+				process.exit(1);
+			}
+		} else program.outputHelp();
+	});
 	program.command("version").description("Show CLI version").action(() => {
 		process.stdout.write(`${version}\n`);
 	});
@@ -714,4 +1381,4 @@ if (import.meta.main) main().catch((error) => {
 });
 
 //#endregion
-export { createProgram, createTestPaths, getPaths, interactiveMode, loadConfig, resetPaths, runInteractiveMode, saveConfig, setPaths, switchNext, switchToAccount, writeAuthFile };
+export { createProgram, createTestPaths, getPaths, interactiveMode, loadConfig, resetPaths, runInteractiveMode, saveConfig, setPaths, switchNext, switchToAccount, writeAllAuthFiles, writeAuthFile, writeCodexAuthFile, writePiAuthFile };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bjesuiter/codex-switcher",
-  "version": "1.0.4",
+  "version": "1.2.0",
   "type": "module",
   "description": "CLI tool to switch between multiple OpenAI accounts for OpenCode",
   "bin": {