@bjesuiter/codex-switcher 1.1.0 → 1.3.0

package/README.md

@@ -1,6 +1,31 @@
 # cdx
 
-CLI tool to switch between multiple OpenAI accounts for [OpenCode](https://opencode.ai).
+Switch the coding-agents [pi](https://pi.dev/), [codex](https://developers.openai.com/codex/cli/) and [opencode](https://opencode.ai/) auth between multiple openAI Plus and Pro accounts.
+
+---
+
+## Latest Changes
+
+### 1.3.0
+
+#### Features
+
+- Rename `cdx refresh` command to `cdx relogin`
+
+#### Fixes
+
+- Fix `cdx relogin` selector flow exiting early after account selection (now continues into OAuth browser login)
+
+#### Internal
+
+- Modularize CLI command wiring by moving command handlers into per-command modules under `lib/commands/`, keeping `cdx.ts` as a thin composition entrypoint
+- Update package dependencies and lockfile (`@clack/prompts`, `commander`, `tsdown`, `@types/bun`, `@types/node`)
+
+see full changelog here: https://github.com/bjesuiter/codex-switcher/blob/main/CHANGELOG.md
+
+
+
+---
 
 ## Why codex-switcher?
 
@@ -9,7 +34,10 @@ So: switching between two $20 plans is the poor man's $100 plan for OpenAI. ^^
 
 ## Supported Configurations
 
-- **OpenAI Plus & Pro subscription accounts**: Log in to multiple OpenAI accounts via OAuth and switch the active auth credentials used by OpenCode.
+- **OpenAI Plus & Pro subscription accounts**: Log in to multiple OpenAI OAuth accounts and switch the active credentials.
+- **OpenCode auth target**: Writes active credentials to `~/.local/share/opencode/auth.json`.
+- **Pi Agent auth target**: Writes active credentials to `~/.pi/agent/auth.json` (or `$PI_CODING_AGENT_DIR/auth.json`).
+- **Codex CLI auth target**: Writes active credentials to `~/.codex/auth.json` when `id_token` is available.
 
 ## Requirements
 
@@ -40,7 +68,10 @@ Opens your browser to authenticate with OpenAI. After successful login, your cre
 cdx switch
 ```
 
-Interactive picker to select an account. Writes credentials to `~/.local/share/opencode/auth.json`.
+Interactive picker to select an account. Writes credentials to:
+- `~/.local/share/opencode/auth.json` (OpenCode)
+- `~/.pi/agent/auth.json` (Pi agent, or `$PI_CODING_AGENT_DIR/auth.json` when `PI_CODING_AGENT_DIR` is set)
+- `~/.codex/auth.json` (Codex CLI; requires `id_token`)
 
 ```bash
 cdx switch --next
@@ -86,14 +117,18 @@ Running `cdx` without arguments opens an interactive menu to:
 |---------|-------------|
 | `cdx` | Interactive mode |
 | `cdx login` | Add a new OpenAI account via OAuth |
+| `cdx relogin` | Re-authenticate an existing account via OAuth |
+| `cdx relogin <account>` | Re-authenticate a specific account by ID or label |
 | `cdx switch` | Switch account (interactive picker) |
 | `cdx switch --next` | Cycle to next account |
 | `cdx switch <id>` | Switch to specific account |
 | `cdx label` | Label an account (interactive) |
 | `cdx label <account> <label>` | Assign label directly |
-| `cdx status` | Show account status, token expiry, and usage |
+| `cdx status` | Show account status, token expiry, usage, and auth file state |
 | `cdx usage` | Show usage overview for all accounts |
 | `cdx usage <account>` | Show detailed usage for a specific account |
+| `cdx help [command]` | Show help for all commands or one command |
+| `cdx version` | Show CLI version |
 | `cdx --help` | Show help |
 | `cdx --version` | Show version |
 
@@ -101,7 +136,10 @@ Running `cdx` without arguments opens an interactive menu to:
 
 - OAuth credentials are stored securely in macOS Keychain
 - Account list is stored in `~/.config/cdx/accounts.json`
-- Active account credentials are written to `~/.local/share/opencode/auth.json`
+- Active account credentials are written to:
+  - `~/.local/share/opencode/auth.json`
+  - `~/.pi/agent/auth.json` (or `$PI_CODING_AGENT_DIR/auth.json`)
+  - `~/.codex/auth.json` (when `id_token` exists)
 
 ## For Developers
 

package/cdx.mjs

@@ -1,28 +1,42 @@
 #!/usr/bin/env bun
 import { Command } from "commander";
+import * as p from "@clack/prompts";
 import { existsSync } from "node:fs";
 import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import path from "node:path";
 import os from "node:os";
-import * as p from "@clack/prompts";
 import { spawn } from "node:child_process";
 import { generatePKCE } from "@openauthjs/openauth/pkce";
 import { randomBytes } from "node:crypto";
 import http from "node:http";
 
 //#region package.json
-var version = "1.1.0";
+var version = "1.3.0";
+
+//#endregion
+//#region lib/commands/errors.ts
+const exitWithCommandError = (error) => {
+	const message = error instanceof Error ? error.message : String(error);
+	process.stderr.write(`${message}\n`);
+	process.exit(1);
+};
 
 //#endregion
 //#region lib/paths.ts
 const defaultConfigDir = path.join(os.homedir(), ".config", "cdx");
-const defaultPaths = {
+const resolvePiAuthPath = () => {
+	const piAgentDir = process.env.PI_CODING_AGENT_DIR?.trim();
+	if (piAgentDir) return path.join(piAgentDir, "auth.json");
+	return path.join(os.homedir(), ".pi", "agent", "auth.json");
+};
+const createDefaultPaths = () => ({
 	configDir: defaultConfigDir,
 	configPath: path.join(defaultConfigDir, "accounts.json"),
 	authPath: path.join(os.homedir(), ".local", "share", "opencode", "auth.json"),
-	codexAuthPath: path.join(os.homedir(), ".codex", "auth.json")
-};
-let currentPaths = { ...defaultPaths };
+	codexAuthPath: path.join(os.homedir(), ".codex", "auth.json"),
+	piAuthPath: resolvePiAuthPath()
+});
+let currentPaths = createDefaultPaths();
 const getPaths = () => currentPaths;
 const setPaths = (paths) => {
 	currentPaths = {
@@ -32,13 +46,14 @@ const setPaths = (paths) => {
 	if (paths.configDir && !paths.configPath) currentPaths.configPath = path.join(paths.configDir, "accounts.json");
 };
 const resetPaths = () => {
-	currentPaths = { ...defaultPaths };
+	currentPaths = createDefaultPaths();
 };
 const createTestPaths = (testDir) => ({
 	configDir: path.join(testDir, "config"),
 	configPath: path.join(testDir, "config", "accounts.json"),
 	authPath: path.join(testDir, "auth", "auth.json"),
-	codexAuthPath: path.join(testDir, "codex", "auth.json")
+	codexAuthPath: path.join(testDir, "codex", "auth.json"),
+	piAuthPath: path.join(testDir, "pi", "auth.json")
 });
 
 //#endregion
@@ -80,11 +95,26 @@ const writeCodexAuthFile = async (payload) => {
 	existing.last_refresh = (/* @__PURE__ */ new Date()).toISOString();
 	await writeFile(codexAuthPath, JSON.stringify(existing, null, 2), "utf8");
 };
+const writePiAuthFile = async (payload) => {
+	const { piAuthPath } = getPaths();
+	await mkdir(path.dirname(piAuthPath), { recursive: true });
+	const existing = await readExistingJson(piAuthPath);
+	existing["openai-codex"] = {
+		type: "oauth",
+		access: payload.access,
+		refresh: payload.refresh,
+		expires: payload.expires,
+		accountId: payload.accountId
+	};
+	await writeFile(piAuthPath, JSON.stringify(existing, null, 2), "utf8");
+};
 const writeAllAuthFiles = async (payload) => {
 	await writeAuthFile(payload);
+	await writePiAuthFile(payload);
 	if (payload.idToken) {
 		await writeCodexAuthFile(payload);
 		return {
+			piWritten: true,
 			codexWritten: true,
 			codexMissingIdToken: false,
 			codexCleared: false
@@ -99,6 +129,7 @@ const writeAllAuthFiles = async (payload) => {
 		codexCleared = false;
 	}
 	return {
+		piWritten: true,
 		codexWritten: false,
 		codexMissingIdToken: true,
 		codexCleared
@@ -406,10 +437,16 @@ const startOAuthServer = (state) => {
 //#endregion
 //#region lib/oauth/login.ts
 const openBrowser = (url) => {
-	spawn(process.platform === "darwin" ? "open" : "xdg-open", [url], {
-		detached: true,
-		stdio: "ignore"
-	}).unref();
+	const cmd = process.platform === "darwin" ? "open" : "xdg-open";
+	try {
+		spawn(cmd, [url], {
+			detached: true,
+			stdio: "ignore"
+		}).unref();
+	} catch (error) {
+		const msg = error instanceof Error ? error.message : String(error);
+		p.log.warning(`Could not auto-open browser (${msg}).`);
+	}
 };
 const addAccountToConfig = async (accountId, label) => {
 	let config;
@@ -430,59 +467,74 @@ const addAccountToConfig = async (accountId, label) => {
 	};
 	await saveConfig(config);
 };
-const performRefresh = async (targetAccountId, label) => {
-	const displayName = label ?? targetAccountId;
-	p.log.step(`Refreshing credentials for "${displayName}"...`);
-	let flow;
+const performRefresh = async (targetAccountId, label, options = {}) => {
+	const keepAlive = setInterval(() => {}, 1e3);
 	try {
-		flow = await createAuthorizationFlow();
-	} catch (error) {
-		const msg = error instanceof Error ? error.message : String(error);
-		p.log.error(`Failed to create authorization flow: ${msg}`);
-		return null;
-	}
-	const server = await startOAuthServer(flow.state);
-	if (!server.ready) {
-		p.log.error("Failed to start local server on port 1455.");
-		p.log.info("Please ensure the port is not in use.");
-		return null;
-	}
-	const spinner = p.spinner();
-	p.log.info("Opening browser for authentication...");
-	openBrowser(flow.url);
-	spinner.start("Waiting for authentication...");
-	const result = await server.waitForCode();
-	server.close();
-	if (!result) {
-		spinner.stop("Authentication timed out or failed.");
-		return null;
-	}
-	spinner.message("Exchanging authorization code...");
-	const tokenResult = await exchangeAuthorizationCode(result.code, flow.pkce.verifier);
-	if (tokenResult.type === "failed") {
-		spinner.stop("Failed to exchange authorization code.");
-		return null;
-	}
-	const newAccountId = extractAccountId(tokenResult.access);
-	if (!newAccountId) {
-		spinner.stop("Failed to extract account ID from token.");
-		return null;
-	}
-	if (newAccountId !== targetAccountId) {
-		spinner.stop(`Account mismatch: expected "${targetAccountId}" but got "${newAccountId}". Make sure you log in with the correct OpenAI account.`);
-		return null;
+		const displayName = label ?? targetAccountId;
+		p.log.step(`Re-authenticating account "${displayName}"...`);
+		const useSpinner = options.useSpinner ?? true;
+		let flow;
+		try {
+			flow = await createAuthorizationFlow();
+		} catch (error) {
+			const msg = error instanceof Error ? error.message : String(error);
+			p.log.error(`Failed to create authorization flow: ${msg}`);
+			process.stderr.write(`Failed to create authorization flow: ${msg}\n`);
+			return null;
+		}
+		const server = await startOAuthServer(flow.state);
+		if (!server.ready) {
+			p.log.error("Failed to start local server on port 1455.");
+			p.log.info("Please ensure the port is not in use.");
+			return null;
+		}
+		const spinner = useSpinner ? p.spinner() : null;
+		p.log.info("Opening browser for authentication...");
+		openBrowser(flow.url);
+		p.log.message(`If your browser did not open, paste this URL:\n${flow.url}`);
+		if (spinner) spinner.start("Waiting for authentication...");
+		const result = await server.waitForCode();
+		server.close();
+		if (!result) {
+			if (spinner) spinner.stop("Authentication timed out or failed.");
+			else p.log.warning("Authentication timed out or failed.");
+			return null;
+		}
+		if (spinner) spinner.message("Exchanging authorization code...");
+		else p.log.message("Exchanging authorization code...");
+		const tokenResult = await exchangeAuthorizationCode(result.code, flow.pkce.verifier);
+		if (tokenResult.type === "failed") {
+			if (spinner) spinner.stop("Failed to exchange authorization code.");
+			else p.log.error("Failed to exchange authorization code.");
+			return null;
+		}
+		const newAccountId = extractAccountId(tokenResult.access);
+		if (!newAccountId) {
+			if (spinner) spinner.stop("Failed to extract account ID from token.");
+			else p.log.error("Failed to extract account ID from token.");
+			return null;
+		}
+		if (newAccountId !== targetAccountId) {
+			if (spinner) spinner.stop("Authentication completed for a different account.");
+			else p.log.error("Authentication completed for a different account.");
+			throw new Error(`Account mismatch: expected "${targetAccountId}" but got "${newAccountId}". Make sure you log in with the correct OpenAI account.`);
+		}
+		if (spinner) spinner.message("Updating credentials...");
+		else p.log.message("Updating credentials...");
+		saveKeychainPayload(newAccountId, {
+			refresh: tokenResult.refresh,
+			access: tokenResult.access,
+			expires: tokenResult.expires,
+			accountId: newAccountId,
+			...tokenResult.idToken ? { idToken: tokenResult.idToken } : {}
+		});
+		if (spinner) spinner.stop("Credentials refreshed!");
+		else p.log.success("Credentials refreshed!");
+		p.log.success(`Account "${displayName}" credentials updated in Keychain.`);
+		return { accountId: newAccountId };
+	} finally {
+		clearInterval(keepAlive);
 	}
-	spinner.message("Updating credentials...");
-	saveKeychainPayload(newAccountId, {
-		refresh: tokenResult.refresh,
-		access: tokenResult.access,
-		expires: tokenResult.expires,
-		accountId: newAccountId,
-		...tokenResult.idToken ? { idToken: tokenResult.idToken } : {}
-	});
-	spinner.stop("Credentials refreshed!");
-	p.log.success(`Account "${displayName}" credentials updated in Keychain.`);
-	return { accountId: newAccountId };
 };
 const performLogin = async () => {
 	p.intro("cdx login - Add OpenAI account");
@@ -496,6 +548,7 @@ const performLogin = async () => {
 	const spinner = p.spinner();
 	p.log.info("Opening browser for authentication...");
 	openBrowser(flow.url);
+	p.log.message(`If your browser did not open, paste this URL:\n${flow.url}`);
 	spinner.start("Waiting for authentication...");
 	const result = await server.waitForCode();
 	server.close();
@@ -608,6 +661,25 @@ const readCodexAuthAccount = async () => {
 		};
 	}
 };
+const readPiAuthAccount = async () => {
+	const { piAuthPath } = getPaths();
+	if (!existsSync(piAuthPath)) return {
+		exists: false,
+		accountId: null
+	};
+	try {
+		const raw = await readFile(piAuthPath, "utf8");
+		return {
+			exists: true,
+			accountId: JSON.parse(raw)["openai-codex"]?.accountId ?? null
+		};
+	} catch {
+		return {
+			exists: true,
+			accountId: null
+		};
+	}
+};
 const getAccountStatus = (accountId, isCurrent, label) => {
 	const keychainExists = keychainPayloadExists(accountId);
 	let expiresAt = null;
@@ -636,11 +708,16 @@ const getStatus = async () => {
 			accounts.push(getAccountStatus(account.accountId, i === config.current, account.label));
 		}
 	}
-	const [opencodeAuth, codexAuth] = await Promise.all([readOpenCodeAuthAccount(), readCodexAuthAccount()]);
+	const [opencodeAuth, codexAuth, piAuth] = await Promise.all([
+		readOpenCodeAuthAccount(),
+		readCodexAuthAccount(),
+		readPiAuthAccount()
+	]);
 	return {
 		accounts,
 		opencodeAuth,
-		codexAuth
+		codexAuth,
+		piAuth
 	};
 };
 
@@ -650,6 +727,14 @@ const getAccountDisplay = (accountId, isCurrent, label) => {
 	const name = label ? `${label} (${accountId})` : accountId;
 	return isCurrent ? `${name} (current)` : name;
 };
+const getRefreshExpiryState = (accountId) => {
+	if (!keychainPayloadExists(accountId)) return "unknown [no keychain]";
+	try {
+		return formatExpiry(loadKeychainPayload(accountId).expires);
+	} catch {
+		return "unknown";
+	}
+};
 const handleListAccounts = async () => {
 	if (!configExists()) {
 		p.log.warning("No accounts configured. Use 'Add account' to get started.");
@@ -709,31 +794,33 @@ const handleSwitchAccount = async () => {
 	await saveConfig(config);
 	const displayName = selectedAccount.label ?? selectedAccount.accountId;
 	const opencodeMark = "✓";
+	const piMark = result.piWritten ? "✓" : "✗";
 	const codexMark = result.codexWritten ? "✓" : result.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
 	p.log.success(`Switched to account ${displayName}`);
 	p.log.message(`  OpenCode:  ${opencodeMark}`);
+	p.log.message(`  Pi Agent:  ${piMark}`);
 	p.log.message(`  Codex CLI: ${codexMark}`);
 };
 const handleAddAccount = async () => {
 	await performLogin();
 };
-const handleRefreshAccount = async () => {
+const handleReloginAccount = async () => {
 	if (!configExists()) {
 		p.log.warning("No accounts configured. Use 'Add account' first.");
 		return;
 	}
 	const config = await loadConfig();
 	if (config.accounts.length === 0) {
-		p.log.warning("No accounts to refresh.");
+		p.log.warning("No accounts to re-login.");
 		return;
 	}
 	const currentAccountId = config.accounts[config.current]?.accountId;
 	const options = config.accounts.map((account) => ({
 		value: account.accountId,
-		label: getAccountDisplay(account.accountId, account.accountId === currentAccountId, account.label)
+		label: `${getAccountDisplay(account.accountId, account.accountId === currentAccountId, account.label)} — ${getRefreshExpiryState(account.accountId)}`
 	}));
 	const selected = await p.select({
-		message: "Select account to refresh:",
+		message: "Select account to re-login:",
 		options
 	});
 	if (p.isCancel(selected)) {
@@ -742,21 +829,26 @@ const handleRefreshAccount = async () => {
 	}
 	const accountId = selected;
 	const account = config.accounts.find((a) => a.accountId === accountId);
+	const expiryState = getRefreshExpiryState(accountId);
+	const displayName = account?.label ?? accountId;
+	p.log.info(`Current token status for ${displayName}: ${expiryState}`);
 	try {
-		const result = await performRefresh(accountId, account?.label);
-		if (!result) p.log.warning("Refresh was not completed.");
+		const result = await performRefresh(accountId, account?.label, { useSpinner: false });
+		if (!result) p.log.warning("Re-login was not completed.");
 		else {
 			const authResult = await writeActiveAuthFilesIfCurrent(result.accountId);
 			if (authResult) {
+				const piMark = authResult.piWritten ? "✓" : "✗";
 				const codexMark = authResult.codexWritten ? "✓" : authResult.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
 				p.log.message("Updated active auth files:");
 				p.log.message("  OpenCode:  ✓");
+				p.log.message(`  Pi Agent:  ${piMark}`);
 				p.log.message(`  Codex CLI: ${codexMark}`);
 			}
 		}
 	} catch (error) {
 		const msg = error instanceof Error ? error.message : String(error);
-		p.log.error(`Refresh failed: ${msg}`);
+		p.log.error(`Re-login failed: ${msg}`);
 	}
 };
 const handleRemoveAccount = async () => {
@@ -862,9 +954,11 @@ const handleStatus = async () => {
 	}
 	const ocStatus = status.opencodeAuth.exists ? `active: ${status.opencodeAuth.accountId ?? "unknown"}` : "not found";
 	const cxStatus = status.codexAuth.exists ? `active: ${status.codexAuth.accountId ?? "unknown"}` : "not found";
+	const piStatus = status.piAuth.exists ? `active: ${status.piAuth.accountId ?? "unknown"}` : "not found";
 	p.log.info(`Auth files:`);
 	p.log.message(`  OpenCode: ${ocStatus}`);
 	p.log.message(`  Codex CLI: ${cxStatus}`);
+	p.log.message(`  Pi Agent: ${piStatus}`);
 };
 const runInteractiveMode = async () => {
 	p.intro("cdx - OpenAI Account Switcher");
@@ -893,8 +987,8 @@ const runInteractiveMode = async () => {
 					label: "Add account (OAuth login)"
 				},
 				{
-					value: "refresh",
-					label: "Refresh account (re-login)"
+					value: "relogin",
+					label: "Re-login account"
 				},
 				{
 					value: "remove",
@@ -928,8 +1022,8 @@ const runInteractiveMode = async () => {
 			case "add":
 				await handleAddAccount();
 				break;
-			case "refresh":
-				await handleRefreshAccount();
+			case "relogin":
+				await handleReloginAccount();
 				break;
 			case "remove":
 				await handleRemoveAccount();
@@ -949,6 +1043,131 @@ const runInteractiveMode = async () => {
 	p.outro("Goodbye!");
 };
 
+//#endregion
+//#region lib/commands/interactive.ts
+const registerDefaultInteractiveAction = (program) => {
+	program.action(async () => {
+		try {
+			await runInteractiveMode();
+		} catch (error) {
+			exitWithCommandError(error);
+		}
+	});
+};
+
+//#endregion
+//#region lib/commands/help.ts
+const registerHelpCommand = (program) => {
+	program.command("help").description("Show available commands and usage information").argument("[command]", "Show help for a specific command").action((commandName) => {
+		if (commandName) {
+			const command = program.commands.find((entry) => entry.name() === commandName);
+			if (command) {
+				command.outputHelp();
+				return;
+			}
+			process.stderr.write(`Unknown command: ${commandName}\n`);
+			program.outputHelp();
+			process.exit(1);
+		}
+		program.outputHelp();
+	});
+};
+
+//#endregion
+//#region lib/commands/label.ts
+const registerLabelCommand = (program) => {
+	program.command("label").description("Add or change label for an account").argument("[account]", "Account ID or current label to relabel").argument("[new-label]", "New label to assign").action(async (account, newLabel) => {
+		try {
+			if (account && newLabel) {
+				const config = await loadConfig();
+				const target = config.accounts.find((entry) => entry.accountId === account || entry.label === account);
+				if (!target) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
+				target.label = newLabel;
+				await saveConfig(config);
+				process.stdout.write(`Account ${target.accountId} labeled as "${newLabel}".\n`);
+				return;
+			}
+			await handleLabelAccount();
+		} catch (error) {
+			exitWithCommandError(error);
+		}
+	});
+};
+
+//#endregion
+//#region lib/commands/login.ts
+const registerLoginCommand = (program, deps = {}) => {
+	const runLogin = deps.performLogin ?? performLogin;
+	program.command("login").description("Add a new OpenAI account via OAuth").action(async () => {
+		try {
+			if (!await runLogin()) {
+				process.stderr.write("Login failed.\n");
+				process.exit(1);
+			}
+		} catch (error) {
+			exitWithCommandError(error);
+		}
+	});
+};
+
+//#endregion
+//#region lib/commands/output.ts
+const formatCodexMark = (result) => {
+	if (result.codexWritten) return "✓";
+	if (result.codexCleared) return "⚠ missing id_token (cleared)";
+	return "⚠ missing id_token";
+};
+const writeSwitchSummary = (displayName, result) => {
+	const piMark = result.piWritten ? "✓" : "✗";
+	const codexMark = formatCodexMark(result);
+	process.stdout.write(`Switched to account ${displayName}\n`);
+	process.stdout.write("  OpenCode:  ✓\n");
+	process.stdout.write(`  Pi Agent:  ${piMark}\n`);
+	process.stdout.write(`  Codex CLI: ${codexMark}\n`);
+};
+const writeUpdatedAuthSummary = (result) => {
+	const piMark = result.piWritten ? "✓" : "✗";
+	const codexMark = formatCodexMark(result);
+	process.stdout.write("Updated active auth files:\n");
+	process.stdout.write("  OpenCode:  ✓\n");
+	process.stdout.write(`  Pi Agent:  ${piMark}\n`);
+	process.stdout.write(`  Codex CLI: ${codexMark}\n`);
+};
+
+//#endregion
+//#region lib/commands/refresh.ts
+const registerReloginCommand = (program) => {
+	program.command("relogin").description("Re-authenticate an existing account with full OAuth login (no duplicate account)").argument("[account]", "Account ID or label to re-login").action(async (account) => {
+		try {
+			if (account) {
+				const target = (await loadConfig()).accounts.find((entry) => entry.accountId === account || entry.label === account);
+				if (!target) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
+				const displayName = target.label ?? target.accountId;
+				let expiryState = "unknown";
+				let keychainState = "";
+				if (keychainPayloadExists(target.accountId)) try {
+					expiryState = formatExpiry(loadKeychainPayload(target.accountId).expires);
+				} catch {
+					expiryState = "unknown";
+				}
+				else keychainState = " [no keychain]";
+				process.stdout.write(`Current token status for ${displayName}: ${expiryState}${keychainState}\n`);
+				const result = await performRefresh(target.accountId, target.label);
+				if (!result) {
+					process.stderr.write("Re-login failed.\n");
+					process.exit(1);
+				}
+				const authResult = await writeActiveAuthFilesIfCurrent(result.accountId);
+				if (authResult) writeUpdatedAuthSummary(authResult);
+				return;
+			}
+			await handleReloginAccount();
+		} catch (error) {
+			exitWithCommandError(error);
+		}
+	});
+};
+
 //#endregion
 //#region lib/usage.ts
 const USAGE_ENDPOINT = "https://chatgpt.com/backend-api/wham/usage";
@@ -1106,107 +1325,9 @@ const formatUsageOverview = (entries) => {
 };
 
 //#endregion
-//#region cdx.ts
-const switchNext = async () => {
-	const config = await loadConfig();
-	const nextIndex = (config.current + 1) % config.accounts.length;
-	const nextAccount = config.accounts[nextIndex];
-	if (!nextAccount?.accountId) throw new Error("Account entry missing accountId.");
-	const payload = loadKeychainPayload(nextAccount.accountId);
-	const result = await writeAllAuthFiles(payload);
-	config.current = nextIndex;
-	await saveConfig(config);
-	const displayName = nextAccount.label ?? payload.accountId;
-	const opencodeMark = "✓";
-	const codexMark = result.codexWritten ? "✓" : result.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
-	process.stdout.write(`Switched to account ${displayName}\n`);
-	process.stdout.write(`  OpenCode:  ${opencodeMark}\n`);
-	process.stdout.write(`  Codex CLI: ${codexMark}\n`);
-};
-const switchToAccount = async (identifier) => {
-	const config = await loadConfig();
-	const index = config.accounts.findIndex((a) => a.accountId === identifier || a.label === identifier);
-	if (index === -1) throw new Error(`Account "${identifier}" not found. Use 'cdx login' to add it.`);
-	const account = config.accounts[index];
-	const result = await writeAllAuthFiles(loadKeychainPayload(account.accountId));
-	config.current = index;
-	await saveConfig(config);
-	const displayName = account.label ?? account.accountId;
-	const opencodeMark = "✓";
-	const codexMark = result.codexWritten ? "✓" : result.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
-	process.stdout.write(`Switched to account ${displayName}\n`);
-	process.stdout.write(`  OpenCode:  ${opencodeMark}\n`);
-	process.stdout.write(`  Codex CLI: ${codexMark}\n`);
-};
-const interactiveMode = runInteractiveMode;
-const createProgram = (deps = {}) => {
-	const program = new Command();
-	const runLogin = deps.performLogin ?? performLogin;
-	program.name("cdx").description("OpenAI account switcher - manage multiple OpenAI Pro subscriptions").version(version, "-v, --version");
-	program.command("login").description("Add a new OpenAI account via OAuth").action(async () => {
-		try {
-			if (!await runLogin()) {
-				process.stderr.write("Login failed.\n");
-				process.exit(1);
-			}
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
-		}
-	});
-	program.command("refresh").description("Re-authenticate an existing account (update tokens without creating a duplicate)").argument("[account]", "Account ID or label to refresh").action(async (account) => {
-		try {
-			if (account) {
-				const target = (await loadConfig()).accounts.find((a) => a.accountId === account || a.label === account);
-				if (!target) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
-				const result = await performRefresh(target.accountId, target.label);
-				if (!result) {
-					process.stderr.write("Refresh failed.\n");
-					process.exit(1);
-				}
-				const authResult = await writeActiveAuthFilesIfCurrent(result.accountId);
-				if (authResult) {
-					const codexMark = authResult.codexWritten ? "✓" : authResult.codexCleared ? "⚠ missing id_token (cleared)" : "⚠ missing id_token";
-					process.stdout.write("Updated active auth files:\n");
-					process.stdout.write("  OpenCode:  ✓\n");
-					process.stdout.write(`  Codex CLI: ${codexMark}\n`);
-				}
-			} else await handleRefreshAccount();
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
-		}
-	});
-	program.command("switch").description("Switch OpenAI account (interactive picker, by name, or --next)").argument("[account-id]", "Account ID to switch to directly").option("-n, --next", "Cycle to the next configured account").action(async (accountId, options) => {
-		try {
-			if (options.next) await switchNext();
-			else if (accountId) await switchToAccount(accountId);
-			else await handleSwitchAccount();
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
-		}
-	});
-	program.command("label").description("Add or change label for an account").argument("[account]", "Account ID or current label to relabel").argument("[new-label]", "New label to assign").action(async (account, newLabel) => {
-		try {
-			if (account && newLabel) {
-				const config = await loadConfig();
-				const target = config.accounts.find((a) => a.accountId === account || a.label === account);
-				if (!target) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
-				target.label = newLabel;
-				await saveConfig(config);
-				process.stdout.write(`Account ${target.accountId} labeled as "${newLabel}".\n`);
-			} else await handleLabelAccount();
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
-		}
-	});
-	program.command("status").description("Show account status, token expiry, and auth file state").action(async () => {
+//#region lib/commands/status.ts
+const registerStatusCommand = (program) => {
+	program.command("status").description("Show account status, token expiry, usage, and auth file state").action(async () => {
 		try {
 			const status = await getStatus();
 			if (status.accounts.length === 0) {
@@ -1232,92 +1353,130 @@ const createProgram = (deps = {}) => {
 				}
 				if (i < status.accounts.length - 1) process.stdout.write("\n");
 			}
-			const resolveLabel = (id) => {
-				if (!id) return "unknown";
-				return status.accounts.find((a) => a.accountId === id)?.label ?? id;
+			const resolveLabel = (accountId) => {
+				if (!accountId) return "unknown";
+				return status.accounts.find((account) => account.accountId === accountId)?.label ?? accountId;
 			};
 			process.stdout.write("\nAuth files:\n");
 			const ocStatus = status.opencodeAuth.exists ? `active: ${resolveLabel(status.opencodeAuth.accountId)}` : "not found";
 			process.stdout.write(`  OpenCode: ${ocStatus}\n`);
 			const cxStatus = status.codexAuth.exists ? `active: ${resolveLabel(status.codexAuth.accountId)}` : "not found";
 			process.stdout.write(`  Codex CLI: ${cxStatus}\n`);
+			const piStatus = status.piAuth.exists ? `active: ${resolveLabel(status.piAuth.accountId)}` : "not found";
+			process.stdout.write(`  Pi Agent: ${piStatus}\n`);
 			process.stdout.write("\n");
 		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
+			exitWithCommandError(error);
 		}
 	});
+};
+
+//#endregion
+//#region lib/commands/switch.ts
+const switchNext = async () => {
+	const config = await loadConfig();
+	const nextIndex = (config.current + 1) % config.accounts.length;
+	const nextAccount = config.accounts[nextIndex];
+	if (!nextAccount?.accountId) throw new Error("Account entry missing accountId.");
+	const payload = loadKeychainPayload(nextAccount.accountId);
+	const result = await writeAllAuthFiles(payload);
+	config.current = nextIndex;
+	await saveConfig(config);
+	writeSwitchSummary(nextAccount.label ?? payload.accountId, result);
+};
+const switchToAccount = async (identifier) => {
+	const config = await loadConfig();
+	const index = config.accounts.findIndex((account) => account.accountId === identifier || account.label === identifier);
+	if (index === -1) throw new Error(`Account "${identifier}" not found. Use 'cdx login' to add it.`);
+	const account = config.accounts[index];
+	const result = await writeAllAuthFiles(loadKeychainPayload(account.accountId));
+	config.current = index;
+	await saveConfig(config);
+	writeSwitchSummary(account.label ?? account.accountId, result);
+};
+const registerSwitchCommand = (program) => {
+	program.command("switch").description("Switch OpenAI account (interactive picker, by name, or --next)").argument("[account-id]", "Account ID to switch to directly").option("-n, --next", "Cycle to the next configured account").action(async (accountId, options) => {
+		try {
+			if (options.next) await switchNext();
+			else if (accountId) await switchToAccount(accountId);
+			else await handleSwitchAccount();
+		} catch (error) {
+			exitWithCommandError(error);
+		}
+	});
+};
+
+//#endregion
+//#region lib/commands/usage.ts
+const registerUsageCommand = (program) => {
 	program.command("usage").description("Show OpenAI usage for all accounts (or detailed view for one)").argument("[account]", "Account ID or label (shows detailed single-account view)").action(async (account) => {
 		try {
 			const config = await loadConfig();
 			if (account) {
-				const found = config.accounts.find((a) => a.accountId === account || a.label === account);
+				const found = config.accounts.find((entry) => entry.accountId === account || entry.label === account);
 				if (!found) throw new Error(`Account "${account}" not found. Use 'cdx login' to add it.`);
 				const result = await fetchUsage(found.accountId);
 				if (!result.ok) throw new Error(result.error.message);
 				const displayName = found.label ? `${found.label} (${found.accountId})` : found.accountId;
 				process.stdout.write(`\n${displayName}\n${formatUsage(result.data)}\n\n`);
-			} else {
-				if (config.accounts.length === 0) throw new Error("No accounts configured. Use 'cdx login' to add one.");
-				const results = await Promise.allSettled(config.accounts.map((a) => fetchUsage(a.accountId)));
-				const entries = config.accounts.map((a, i) => {
-					const settled = results[i];
-					const displayName = a.label ? `${a.label} (${a.accountId})` : a.accountId;
-					const result = settled.status === "fulfilled" ? settled.value : {
-						ok: false,
-						error: {
-							type: "network_error",
-							message: settled.reason?.message ?? "Fetch failed"
-						}
-					};
-					return {
-						displayName,
-						isCurrent: i === config.current,
-						result
-					};
-				});
-				process.stdout.write(`\n${formatUsageOverview(entries)}\n\n`);
+				return;
 			}
+			if (config.accounts.length === 0) throw new Error("No accounts configured. Use 'cdx login' to add one.");
+			const results = await Promise.allSettled(config.accounts.map((entry) => fetchUsage(entry.accountId)));
+			const entries = config.accounts.map((entry, index) => {
+				const settled = results[index];
+				const displayName = entry.label ? `${entry.label} (${entry.accountId})` : entry.accountId;
+				const result = settled.status === "fulfilled" ? settled.value : {
+					ok: false,
+					error: {
+						type: "network_error",
+						message: settled.reason?.message ?? "Fetch failed"
+					}
+				};
+				return {
+					displayName,
+					isCurrent: index === config.current,
+					result
+				};
+			});
+			process.stdout.write(`\n${formatUsageOverview(entries)}\n\n`);
 		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
+			exitWithCommandError(error);
 		}
 	});
-	program.command("help").description("Show available commands and usage information").argument("[command]", "Show help for a specific command").action((commandName) => {
-		if (commandName) {
-			const cmd = program.commands.find((c) => c.name() === commandName);
-			if (cmd) cmd.outputHelp();
-			else {
-				process.stderr.write(`Unknown command: ${commandName}\n`);
-				program.outputHelp();
-				process.exit(1);
-			}
-		} else program.outputHelp();
-	});
+};
+
+//#endregion
+//#region lib/commands/version.ts
+const registerVersionCommand = (program, version) => {
 	program.command("version").description("Show CLI version").action(() => {
 		process.stdout.write(`${version}\n`);
 	});
-	program.action(async () => {
-		try {
-			await interactiveMode();
-		} catch (error) {
-			const message = error instanceof Error ? error.message : String(error);
-			process.stderr.write(`${message}\n`);
-			process.exit(1);
-		}
-	});
+};
+
+//#endregion
+//#region cdx.ts
+const interactiveMode = runInteractiveMode;
+const createProgram = (deps = {}) => {
+	const program = new Command();
+	program.name("cdx").description("OpenAI account switcher - manage multiple OpenAI Pro subscriptions").version(version, "-v, --version");
+	registerLoginCommand(program, deps);
+	registerReloginCommand(program);
+	registerSwitchCommand(program);
+	registerLabelCommand(program);
+	registerStatusCommand(program);
+	registerUsageCommand(program);
+	registerHelpCommand(program);
+	registerVersionCommand(program, version);
+	registerDefaultInteractiveAction(program);
 	return program;
 };
 const main = async () => {
 	await createProgram().parseAsync(process.argv);
 };
 if (import.meta.main) main().catch((error) => {
-	const message = error instanceof Error ? error.message : String(error);
-	process.stderr.write(`${message}\n`);
-	process.exit(1);
+	exitWithCommandError(error);
 });
 
 //#endregion
-export { createProgram, createTestPaths, getPaths, interactiveMode, loadConfig, resetPaths, runInteractiveMode, saveConfig, setPaths, switchNext, switchToAccount, writeAllAuthFiles, writeAuthFile, writeCodexAuthFile };
+export { createProgram, createTestPaths, getPaths, interactiveMode, loadConfig, resetPaths, runInteractiveMode, saveConfig, setPaths, switchNext, switchToAccount, writeAllAuthFiles, writeAuthFile, writeCodexAuthFile, writePiAuthFile };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bjesuiter/codex-switcher",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "type": "module",
   "description": "CLI tool to switch between multiple OpenAI accounts for OpenCode",
   "bin": {
@@ -20,8 +20,8 @@
   "license": "MIT",
   "author": "bjesuiter",
   "dependencies": {
-    "@clack/prompts": "^0.11.0",
+    "@clack/prompts": "^1.0.0",
     "@openauthjs/openauth": "^0.4.3",
-    "commander": "^14.0.2"
+    "commander": "^14.0.3"
   }
 }