@bjesuiter/codex-switcher 1.8.0 → 1.8.2

package/README.md

@@ -6,19 +6,15 @@ Switch the coding-agents [pi](https://pi.dev/), [codex](https://developers.opena
 
 ## Latest Changes
 
-### 1.8.0
+### 1.8.2
 
 #### Features
 
-- Added manual OAuth URL clipboard assist for login/relogin fallback flow, including an opt-in copy prompt and non-blocking behavior.
-- Added cross-platform clipboard copy strategies for auth URLs (local clipboard commands + OSC52 terminal fallback).
-- Added tmux/screen OSC52 framing support and fallback copy-command hints when auto-copy is unavailable.
+- Added `update-self` command aliases: `self-update`, `update`, and `updte`.
 
 #### Fixes
 
-- Clarified fallback guidance: manual URL copy/paste flow is now the recommended browser-launch fallback, while `--device-flow` may fail on some VPS/server IPs due to Cloudflare challenges.
-- Linux secure-store login reliability: treat native Secret Service "no matching entry" responses as missing-entry cases and improve unavailable-store error guidance.
-- Added Mosh-specific clipboard heuristics/warnings so OSC52 copy reports are less misleading when clipboard updates are unreliable.
+- Added an interactive Linux troubleshooting checklist in `cdx doctor` when the secure-store probe fails, guiding sequential checks for `gnome-keyring`, `secret-tool`, and running `gnome-keyring-daemon`.
 
 see full changelog here: https://github.com/bjesuiter/codex-switcher/blob/main/CHANGELOG.md
 
@@ -177,6 +173,8 @@ cdx migrate-secrets
 | `cdx doctor --check-keychain-acl` | Detect macOS keychain ACL/runtime mismatches (`cdx`/Bun vs legacy `security` CLI), warn about prompt-heavy setups, and suggest `cdx migrate-secrets` (slow) |
 | `cdx usage` | Show usage overview for all accounts |
 | `cdx usage <account>` | Show detailed usage for a specific account |
+| `cdx update-self` | Update cdx to the latest version |
+| `cdx self-update` / `cdx update` / `cdx updte` | Aliases for `cdx update-self` |
 | `cdx help [command]` | Show help for all commands or one command |
 | `cdx complete <shell>` | Generate shell completion script (`zsh`, `bash`, `fish`, `powershell`) |
 | `cdx version` | Show CLI version |

package/cdx.mjs

@@ -15,7 +15,7 @@ import { generatePKCE } from "@openauthjs/openauth/pkce";
 import http from "node:http";
 
 //#region package.json
-var version = "1.8.0";
+var version = "1.8.2";
 
 //#endregion
 //#region lib/platform/path-resolver.ts
@@ -256,7 +256,7 @@ const getBrowserLauncher = (platform = process.platform, url) => {
 		label: "xdg-open"
 	};
 };
-const isCommandAvailable$1 = (command, platform = process.platform) => {
+const isCommandAvailable$2 = (command, platform = process.platform) => {
 	const probe = platform === "win32" ? "where" : "which";
 	return Bun.spawnSync({
 		cmd: [probe, command],
@@ -269,13 +269,13 @@ const getBrowserLauncherCapability = (platform = process.platform) => {
 	return {
 		command: launcher.command,
 		label: launcher.label,
-		available: isCommandAvailable$1(launcher.command, platform)
+		available: isCommandAvailable$2(launcher.command, platform)
 	};
 };
 const openBrowserUrl = (url, options = {}) => {
 	const platform = options.platform ?? process.platform;
 	const spawnImpl = options.spawnImpl ?? spawn;
-	const commandAvailable = options.isCommandAvailableImpl ?? isCommandAvailable$1;
+	const commandAvailable = options.isCommandAvailableImpl ?? isCommandAvailable$2;
 	const launcher = getBrowserLauncher(platform, url);
 	if (!commandAvailable(launcher.command, platform)) return {
 		ok: false,
@@ -306,7 +306,7 @@ const openBrowserUrl = (url, options = {}) => {
 
 //#endregion
 //#region lib/platform/clipboard.ts
-const isCommandAvailable = (command, platform = process.platform) => {
+const isCommandAvailable$1 = (command, platform = process.platform) => {
 	const probe = platform === "win32" ? "where" : "which";
 	return Bun.spawnSync({
 		cmd: [probe, command],
@@ -392,7 +392,7 @@ const getLocalClipboardTargets = (platform, env, commandExists) => {
 	});
 	return targets;
 };
-const resolveClipboardTargets = (context = {}, commandExists = isCommandAvailable) => {
+const resolveClipboardTargets = (context = {}, commandExists = isCommandAvailable$1) => {
 	const platform = context.platform ?? process.platform;
 	const env = context.env ?? process.env;
 	const isTTY = context.isTTY ?? (Boolean(process.stdin.isTTY) && Boolean(process.stdout.isTTY));
@@ -433,7 +433,7 @@ const defaultRunCommand = (command, args, input) => {
 	};
 };
 const tryCopyToClipboard = (text, options = {}) => {
-	const commandExists = options.commandExistsImpl ?? isCommandAvailable;
+	const commandExists = options.commandExistsImpl ?? isCommandAvailable$1;
 	const runCommand = options.runCommandImpl ?? defaultRunCommand;
 	const writeStdout = options.writeStdoutImpl ?? ((chunk) => {
 		process.stdout.write(chunk);
@@ -479,7 +479,7 @@ const tryCopyToClipboard = (text, options = {}) => {
 	};
 };
 const escapePosixSingleQuoted = (value) => `'${value.replace(/'/g, `'"'"'`)}'`;
-const buildClipboardHelperCommand = (text, context = {}, commandExists = isCommandAvailable) => {
+const buildClipboardHelperCommand = (text, context = {}, commandExists = isCommandAvailable$1) => {
 	const commandTarget = resolveClipboardTargets(context, commandExists).find((target) => target.kind === "command");
 	if (!commandTarget) return null;
 	if (commandTarget.method === "powershell") {
@@ -663,13 +663,15 @@ const MISSING_ENTRY_MARKERS = [
 	"no matching entry found in secure storage",
 	"password not found",
 	"no stored credentials found",
-	"credential not found"
+	"credential not found",
+	"no result found"
 ];
 const STORE_UNAVAILABLE_MARKERS = [
 	"unable to initialize linux secure-store backend",
 	"no keyring backend could be initialized",
 	"native keyring module not available",
 	"secret service operation failed",
+	"couldn't access platform secure storage",
 	"dbus",
 	"d-bus",
 	"org.freedesktop.secrets",
@@ -1061,14 +1063,16 @@ const windowsCrossKeychainPayloadExists = async (accountId) => withWindowsBacken
 //#endregion
 //#region lib/secrets/store.ts
 const MISSING_SECRET_STORE_ERROR_MARKERS = [
-	"No stored credentials found",
-	"No Keychain payload found",
-	"Password not found",
-	"no matching entry found in secure storage"
+	"no stored credentials found",
+	"no keychain payload found",
+	"password not found",
+	"no matching entry found in secure storage",
+	"no result found"
 ];
 const isMissingSecretStoreEntryError = (error) => {
 	if (!(error instanceof Error)) return false;
-	return MISSING_SECRET_STORE_ERROR_MARKERS.some((marker) => error.message.includes(marker));
+	const message = error.message.toLowerCase();
+	return MISSING_SECRET_STORE_ERROR_MARKERS.some((marker) => message.includes(marker));
 };
 const createMissingSecretStoreEntryError = (accountId) => /* @__PURE__ */ new Error(`No stored credentials found for account ${accountId}.`);
 const CACHED_ADAPTER_SYMBOL = Symbol.for("cdx.secretStore.cachedAdapter");
@@ -2711,6 +2715,56 @@ const getKeychainDecryptAccessByServiceAsync = async (services) => {
 	return parseKeychainDecryptAccessFromDump(dumpResult.output, dedupedServices);
 };
 
+//#endregion
+//#region lib/secrets/probe.ts
+const toError = (error) => error instanceof Error ? error : new Error(String(error));
+const createProbePayload = (accountId, now) => ({
+	refresh: `probe-refresh-${accountId}`,
+	access: `probe-access-${accountId}`,
+	expires: now + 6e4,
+	accountId
+});
+const payloadMatches = (expected, actual) => expected.accountId === actual.accountId && expected.refresh === actual.refresh && expected.access === actual.access && expected.expires === actual.expires;
+const runSecretStoreWriteReadProbe = async (secretStore, options = {}) => {
+	const probeAccountId = options.probeAccountId ?? `cdx-doctor-probe-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 10)}`;
+	const payload = createProbePayload(probeAccountId, options.now ?? Date.now());
+	let saveSucceeded = false;
+	let result = { ok: true };
+	try {
+		await secretStore.save(probeAccountId, payload);
+		saveSucceeded = true;
+	} catch (error) {
+		result = {
+			ok: false,
+			stage: "save",
+			error: toError(error)
+		};
+	}
+	if (result.ok) try {
+		if (!payloadMatches(payload, await secretStore.load(probeAccountId))) result = {
+			ok: false,
+			stage: "verify",
+			error: /* @__PURE__ */ new Error("Secure-store probe loaded payload does not match the saved payload.")
+		};
+	} catch (error) {
+		result = {
+			ok: false,
+			stage: "load",
+			error: toError(error)
+		};
+	}
+	if (saveSucceeded) try {
+		await secretStore.delete(probeAccountId);
+	} catch (error) {
+		if (result.ok) result = {
+			ok: false,
+			stage: "delete",
+			error: toError(error)
+		};
+	}
+	return result;
+};
+
 //#endregion
 //#region lib/commands/doctor.ts
 const hasRuntimeTrustedApp = (trustedApplications, runtimeExecutablePath) => {
@@ -2720,6 +2774,123 @@ const hasRuntimeTrustedApp = (trustedApplications, runtimeExecutablePath) => {
 		return path.basename(trustedApp).toLowerCase() === runtimeBaseName;
 	});
 };
+const getSecretStoreProbeHeading = (platform) => {
+	if (platform === "linux") return "Linux secure-store probe";
+	if (platform === "darwin") return "macOS secure-store probe";
+	if (platform === "win32") return "Windows secure-store probe";
+	return null;
+};
+const createProbeAdapterForCurrentPlatform = () => {
+	const currentAdapter = getSecretStoreAdapter();
+	if (process.platform === "darwin" && currentAdapter.id === "macos-legacy-keychain") return createSecretStoreAdapterFromSelection("legacy-keychain", "darwin");
+	return createRuntimeSecretStoreAdapter(process.platform);
+};
+const getSecretStoreProbeGuidance = (platform) => {
+	if (platform === "linux") return "Suggested fix: ensure Secret Service is running/unlocked (for example gnome-keyring + secret-tool), then retry login.";
+	if (platform === "darwin") return "Suggested fix: ensure Keychain Access is unlocked and allows this runtime/toolchain to store/read passwords, then retry login.";
+	if (platform === "win32") return "Suggested fix: ensure Windows Credential Manager is available for this user session, then retry login.";
+	return null;
+};
+const isInteractiveTerminal = () => Boolean(process.stdin.isTTY) && Boolean(process.stdout.isTTY);
+const runCommandCapture = async (command, args) => await new Promise((resolve) => {
+	const child = spawn(command, args, { stdio: [
+		"ignore",
+		"pipe",
+		"pipe"
+	] });
+	let stdout = "";
+	let stderr = "";
+	let spawnError = null;
+	child.stdout?.on("data", (chunk) => {
+		stdout += chunk.toString();
+	});
+	child.stderr?.on("data", (chunk) => {
+		stderr += chunk.toString();
+	});
+	child.once("error", (error) => {
+		spawnError = error.message;
+	});
+	child.once("close", (code) => {
+		resolve({
+			ok: spawnError === null && code === 0,
+			stdout: stdout.trim(),
+			stderr: stderr.trim(),
+			...spawnError ? { error: spawnError } : {}
+		});
+	});
+});
+const extractCommandFailureDetails = (result) => result.error || result.stderr || result.stdout || void 0;
+const isCommandAvailable = async (commandName) => {
+	return (await runCommandCapture("sh", ["-lc", `command -v ${commandName} >/dev/null 2>&1`])).ok;
+};
+const checkGnomeKeyringRunning = async () => {
+	if (await isCommandAvailable("pgrep")) {
+		const pgrepResult = await runCommandCapture("pgrep", ["-x", "gnome-keyring-daemon"]);
+		if (pgrepResult.ok) return { ok: true };
+		return {
+			ok: false,
+			details: extractCommandFailureDetails(pgrepResult) ?? "No gnome-keyring-daemon process found."
+		};
+	}
+	const psFallback = await runCommandCapture("sh", ["-lc", "ps -A -o comm= | grep -q '^gnome-keyring-daemon$'"]);
+	if (psFallback.ok) return { ok: true };
+	return {
+		ok: false,
+		details: extractCommandFailureDetails(psFallback) ?? "No gnome-keyring-daemon process found."
+	};
+};
+const runLinuxSecretStoreChecklist = async () => {
+	const gnomeKeyringInstalled = await isCommandAvailable("gnome-keyring-daemon");
+	const secretToolInstalled = await isCommandAvailable("secret-tool");
+	const gnomeKeyringRunning = await checkGnomeKeyringRunning();
+	return [
+		{
+			question: "Is gnome-keyring installed?",
+			ok: gnomeKeyringInstalled,
+			hint: "Install the `gnome-keyring` package, then log out/in (or restart your session)."
+		},
+		{
+			question: "Is secret-tool installed?",
+			ok: secretToolInstalled,
+			hint: "Install the package that provides `secret-tool` (often `libsecret-tools`)."
+		},
+		{
+			question: "Is gnome-keyring running?",
+			ok: gnomeKeyringRunning.ok,
+			details: gnomeKeyringRunning.details,
+			hint: "Start/unlock gnome-keyring-daemon in your session (for a quick test: `gnome-keyring-daemon --start --components=secrets`)."
+		}
+	];
+};
+const maybeRunLinuxSecretStoreChecklist = async () => {
+	if (!isInteractiveTerminal()) {
+		process.stdout.write("  Tip: run `cdx doctor` in an interactive terminal to start guided Linux secret-store checks.\n");
+		return;
+	}
+	const shouldRunChecklist = await p.confirm({
+		message: "Run guided Linux secret-store checks now? (gnome-keyring installed, secret-tool installed, gnome-keyring running)",
+		initialValue: true
+	});
+	if (p.isCancel(shouldRunChecklist) || !shouldRunChecklist) {
+		process.stdout.write("  Guided Linux checks skipped.\n");
+		return;
+	}
+	process.stdout.write("  Guided Linux checks:\n");
+	const checklist = await runLinuxSecretStoreChecklist();
+	let passed = 0;
+	for (let i = 0; i < checklist.length; i++) {
+		const item = checklist[i];
+		if (item.ok) {
+			passed += 1;
+			process.stdout.write(`    ${i + 1}/3 ${item.question} yes\n`);
+			continue;
+		}
+		process.stdout.write(`    ${i + 1}/3 ${item.question} no\n`);
+		if (item.details) process.stdout.write(`      details: ${item.details}\n`);
+		if (item.hint) process.stdout.write(`      hint: ${item.hint}\n`);
+	}
+	process.stdout.write(`  Guided checklist summary: ${passed}/${checklist.length} checks passed.\n`);
+};
 const registerDoctorCommand = (program) => {
 	program.command("doctor").description("Show auth file paths and runtime capabilities").option("--check-keychain-acl", "Run keychain trusted-app/ACL checks on macOS (can be slow)").action(async (options) => {
 		try {
@@ -2770,6 +2941,18 @@ const registerDoctorCommand = (program) => {
 					process.stdout.write(`  Summary: ${okCount}/${status.accounts.length} configured account(s) passed secure-store load checks.\n`);
 				}
 			}
+			const probeHeading = getSecretStoreProbeHeading(process.platform);
+			if (probeHeading) {
+				process.stdout.write(`\n${probeHeading}:\n`);
+				const probeResult = await runSecretStoreWriteReadProbe(createProbeAdapterForCurrentPlatform());
+				if (probeResult.ok) process.stdout.write("  write/read/delete probe: OK\n");
+				else {
+					process.stdout.write(`  ⚠ ${probeResult.stage} failed: ${probeResult.error.message}\n`);
+					const guidance = getSecretStoreProbeGuidance(process.platform);
+					if (guidance) process.stdout.write(`  ${guidance}\n`);
+					if (process.platform === "linux") await maybeRunLinuxSecretStoreChecklist();
+				}
+			}
 			if (process.platform === "darwin" && !options.checkKeychainAcl) {
 				process.stdout.write("  ┌─ Optional keychain ACL check\n");
 				process.stdout.write("  │  Run: cdx doctor --check-keychain-acl\n");
@@ -2827,7 +3010,7 @@ const registerDoctorCommand = (program) => {
 const registerHelpCommand = (program) => {
 	program.command("help").description("Show available commands and usage information").argument("[command]", "Show help for a specific command").action((commandName) => {
 		if (commandName) {
-			const command = program.commands.find((entry) => entry.name() === commandName);
+			const command = program.commands.find((entry) => entry.name() === commandName || entry.aliases().includes(commandName));
 			if (command) {
 				command.outputHelp();
 				return;
@@ -3447,7 +3630,11 @@ const executeUpdate = async (command, args) => {
 	});
 };
 const registerUpdateSelfCommand = (program) => {
-	program.command("update-self").description("Update cdx to the latest version").option("--manager <manager>", "Select update manager (auto|bun|npm|deno)", "auto").option("--dry-run", "Print selected manager and update command without executing").option("-y, --yes", "Skip confirmation prompt").action(async (options) => {
+	program.command("update-self").aliases([
+		"self-update",
+		"update",
+		"updte"
+	]).description("Update cdx to the latest version").option("--manager <manager>", "Select update manager (auto|bun|npm|deno)", "auto").option("--dry-run", "Print selected manager and update command without executing").option("-y, --yes", "Skip confirmation prompt").action(async (options) => {
 		try {
 			const requestedManager = options.manager ?? "auto";
 			if (![

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bjesuiter/codex-switcher",
-  "version": "1.8.0",
+  "version": "1.8.2",
   "type": "module",
   "description": "CLI tool to switch between multiple OpenAI accounts for OpenCode",
   "bin": {