npm - @kaitranntt/ccs - Versions diffs - 7.79.1-dev.5 → 7.79.1-dev.6 - Mend

@kaitranntt/ccs 7.79.1-dev.5 → 7.79.1-dev.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/dist/codex-auth/commands/types.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Shared types and utilities for codex-auth command handlers.
+ */
+import type { CodexProfileRegistry } from '../codex-profile-registry';
+import { getCodexProfileNameError, isValidCodexProfileName } from '../types';
+export { formatRelativeTime } from '../../utils/time';
+export interface CodexCommandContext {
+    registry: CodexProfileRegistry;
+    version: string;
+}
+export interface CodexAuthArgs {
+    profileName?: string;
+    yes?: boolean;
+    json?: boolean;
+    force?: boolean;
+    shell?: string;
+    unknownFlags?: string[];
+    seenOptions?: string[];
+    extraPositionals?: string[];
+}
+export interface CodexProfileOutput {
+    name: string;
+    is_default: boolean;
+    is_active: boolean;
+    created: string;
+    last_used: string | null;
+    email: string | null;
+    plan: string | null;
+    account_id: string | null;
+    profile_dir: string;
+    auth_json_exists: boolean;
+    auth_json_mtime: string | null;
+    config_toml_link_target: string | null;
+}
+export { isValidCodexProfileName };
+export declare const getProfileNameError: typeof getCodexProfileNameError;
+export declare function parseArgs(args: string[]): CodexAuthArgs;
+export interface AllowedCodexAuthOptions {
+    yes?: boolean;
+    json?: boolean;
+    force?: boolean;
+    shell?: boolean;
+}
+export declare function rejectUnsupportedOptions(parsed: CodexAuthArgs, usage: string, allowed?: AllowedCodexAuthOptions): void;
+//# sourceMappingURL=types.d.ts.map

package/dist/codex-auth/commands/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/codex-auth/commands/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAG7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAItD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAID,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;CACxC;AAID,OAAO,EAAE,uBAAuB,EAAE,CAAC;AACnC,eAAO,MAAM,mBAAmB,iCAA2B,CAAC;AAI5D,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAqCvD;AAED,MAAM,WAAW,uBAAuB;IACtC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,aAAa,EACrB,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,uBAA4B,GACpC,IAAI,CAoBN"}

package/dist/codex-auth/commands/types.js ADDED Viewed

@@ -0,0 +1,85 @@
+"use strict";
+/**
+ * Shared types and utilities for codex-auth command handlers.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rejectUnsupportedOptions = exports.parseArgs = exports.getProfileNameError = exports.isValidCodexProfileName = exports.formatRelativeTime = void 0;
+const ui_1 = require("../../utils/ui");
+const errors_1 = require("../../errors");
+const exit_codes_1 = require("../../errors/exit-codes");
+const types_1 = require("../types");
+Object.defineProperty(exports, "isValidCodexProfileName", { enumerable: true, get: function () { return types_1.isValidCodexProfileName; } });
+// Re-export for convenience in command modules
+var time_1 = require("../../utils/time");
+Object.defineProperty(exports, "formatRelativeTime", { enumerable: true, get: function () { return time_1.formatRelativeTime; } });
+exports.getProfileNameError = types_1.getCodexProfileNameError;
+// ── Arg parsing ───────────────────────────────────────────────────────────────
+function parseArgs(args) {
+    const result = { unknownFlags: [], seenOptions: [] };
+    const positional = [];
+    const markSeen = (flag) => result.seenOptions?.push(flag);
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === '--yes' || arg === '-y') {
+            markSeen('--yes');
+            result.yes = true;
+        }
+        else if (arg === '--json') {
+            markSeen('--json');
+            result.json = true;
+        }
+        else if (arg === '--force') {
+            markSeen('--force');
+            result.force = true;
+        }
+        else if (arg === '--shell') {
+            markSeen('--shell');
+            result.shell = args[++i] ?? '';
+        }
+        else if (arg.startsWith('--shell=')) {
+            markSeen('--shell');
+            result.shell = arg.slice('--shell='.length);
+        }
+        else if (arg.startsWith('-') && arg !== '--') {
+            if (result.unknownFlags)
+                result.unknownFlags.push(arg);
+        }
+        else if (arg !== '--') {
+            positional.push(arg);
+        }
+    }
+    if (positional.length > 0) {
+        result.profileName = positional[0];
+    }
+    if (positional.length > 1) {
+        result.extraPositionals = positional.slice(1);
+    }
+    return result;
+}
+exports.parseArgs = parseArgs;
+function rejectUnsupportedOptions(parsed, usage, allowed = {}) {
+    const unsupported = new Set(parsed.unknownFlags ?? []);
+    const seen = new Set(parsed.seenOptions ?? []);
+    if (seen.has('--yes') && !allowed.yes)
+        unsupported.add('--yes');
+    if (seen.has('--json') && !allowed.json)
+        unsupported.add('--json');
+    if (seen.has('--force') && !allowed.force)
+        unsupported.add('--force');
+    if (seen.has('--shell') && !allowed.shell)
+        unsupported.add('--shell');
+    const extraPositionals = parsed.extraPositionals ?? [];
+    if (unsupported.size > 0 || extraPositionals.length > 0) {
+        const flags = [...unsupported].join(', ');
+        process.stderr.write(`Usage: ${(0, ui_1.color)(usage, 'command')}\n`);
+        const details = [
+            flags ? `Unknown options: ${flags}` : null,
+            extraPositionals.length > 0
+                ? `Unexpected arguments: ${extraPositionals.map((arg) => `"${arg}"`).join(', ')}`
+                : null,
+        ].filter(Boolean);
+        (0, errors_1.exitWithError)(details.join('; '), exit_codes_1.ExitCode.GENERAL_ERROR);
+    }
+}
+exports.rejectUnsupportedOptions = rejectUnsupportedOptions;
+//# sourceMappingURL=types.js.map

package/dist/codex-auth/commands/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/codex-auth/commands/types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,uCAAuC;AACvC,yCAA6C;AAC7C,wDAAmD;AAEnD,oCAA6E;AA4CpE,wGA5C0B,+BAAuB,OA4C1B;AA1ChC,+CAA+C;AAC/C,yCAAsD;AAA7C,0GAAA,kBAAkB,OAAA;AA0Cd,QAAA,mBAAmB,GAAG,gCAAwB,CAAC;AAE5D,iFAAiF;AAEjF,SAAgB,SAAS,CAAC,IAAc;IACtC,MAAM,MAAM,GAAkB,EAAE,YAAY,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACpE,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAElE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACpC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC;QACpB,CAAC;aAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnB,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QACrB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAC/C,IAAI,MAAM,CAAC,YAAY;gBAAE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACxB,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,gBAAgB,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AArCD,8BAqCC;AASD,SAAgB,wBAAwB,CACtC,MAAqB,EACrB,KAAa,EACb,UAAmC,EAAE;IAErC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG;QAAE,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAChE,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI;QAAE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACnE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK;QAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK;QAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtE,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC;IAEvD,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,IAAA,UAAK,EAAC,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,CAAC,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI;YAC1C,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,CAAC,CAAC,yBAAyB,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACjF,CAAC,CAAC,IAAI;SACT,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAClB,IAAA,sBAAa,EAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,qBAAQ,CAAC,aAAa,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAxBD,4DAwBC"}

package/dist/codex-auth/commands/use-command.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * codex-auth use command.
+ *
+ * STDOUT DISCIPLINE (C2, R4): stdout contains ONLY shell-evalable export
+ * statements. ALL errors, hints, and info messages go to STDERR so that
+ * `eval "$(ccsx auth use <name>)"` is never contaminated.
+ *
+ * Belt-and-suspenders for C2: the primary protection is
+ * `src/bin/codex-runtime-router.ts`, which dispatches `auth` subcommands
+ * BEFORE pre-dispatch runs at all. This IIFE is a fallback for any future
+ * code path (e.g., direct import from a different bin entry) that bypasses
+ * the router and would otherwise let pre-dispatch banners hit stdout.
+ */
+import type { CodexCommandContext } from './types';
+export declare function handleUseCodex(ctx: CodexCommandContext, args: string[]): Promise<void>;
+//# sourceMappingURL=use-command.d.ts.map

package/dist/codex-auth/commands/use-command.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"use-command.d.ts","sourceRoot":"","sources":["../../../src/codex-auth/commands/use-command.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAoBH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAInD,wBAAsB,cAAc,CAAC,GAAG,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA+D5F"}

package/dist/codex-auth/commands/use-command.js ADDED Viewed

@@ -0,0 +1,86 @@
+"use strict";
+/**
+ * codex-auth use command.
+ *
+ * STDOUT DISCIPLINE (C2, R4): stdout contains ONLY shell-evalable export
+ * statements. ALL errors, hints, and info messages go to STDERR so that
+ * `eval "$(ccsx auth use <name>)"` is never contaminated.
+ *
+ * Belt-and-suspenders for C2: the primary protection is
+ * `src/bin/codex-runtime-router.ts`, which dispatches `auth` subcommands
+ * BEFORE pre-dispatch runs at all. This IIFE is a fallback for any future
+ * code path (e.g., direct import from a different bin entry) that bypasses
+ * the router and would otherwise let pre-dispatch banners hit stdout.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleUseCodex = void 0;
+(function guardPreDispatch() {
+    const argv = process.argv;
+    // argv[2] is the first user arg to ccsx (e.g. "auth"), argv[3] is the subcommand
+    for (let i = 2; i < argv.length - 1; i++) {
+        if (argv[i] === 'auth' && argv[i + 1] === 'use') {
+            process.env.CCS_NO_PRE_DISPATCH = '1';
+            break;
+        }
+    }
+})();
+// ── End guard — safe to import CCS modules now ───────────────────────────────
+const errors_1 = require("../../errors");
+const exit_codes_1 = require("../../errors/exit-codes");
+const codex_profile_paths_1 = require("../codex-profile-paths");
+const shell_detect_1 = require("../shell-detect");
+const types_1 = require("./types");
+const VALID_SHELLS = new Set(['bash', 'zsh', 'fish', 'pwsh', 'cmd']);
+async function handleUseCodex(ctx, args) {
+    const parsed = (0, types_1.parseArgs)(args);
+    (0, types_1.rejectUnsupportedOptions)(parsed, 'ccsx auth use <name> [--shell <bash|zsh|fish|pwsh|cmd>]', {
+        shell: true,
+    });
+    const { profileName, shell: shellOverride } = parsed;
+    // All errors → stderr, empty stdout
+    if (!profileName) {
+        process.stderr.write('[X] Profile name is required.\n');
+        process.stderr.write('Usage: ccsx auth use <name> [--shell <bash|zsh|fish|pwsh|cmd>]\n');
+        process.exit(exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const nameError = (0, types_1.getProfileNameError)(profileName);
+    if (nameError) {
+        process.stderr.write(`[X] ${nameError}\n`);
+        process.exit(exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    if (shellOverride !== undefined && !VALID_SHELLS.has(shellOverride)) {
+        process.stderr.write(`[X] Unsupported --shell value: "${shellOverride}". Valid: bash, zsh, fish, pwsh, cmd\n`);
+        process.exit(exit_codes_1.ExitCode.GENERAL_ERROR);
+        return;
+    }
+    const { registry } = ctx;
+    if (!registry.hasProfile(profileName)) {
+        const available = registry.listProfiles();
+        const availableStr = available.length > 0 ? available.join(', ') : '<none>';
+        process.stderr.write(`[X] Profile not found: ${profileName}. Available: ${availableStr}\n`);
+        process.exit(exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const profileDir = (0, codex_profile_paths_1.resolveCodexProfileDir)(profileName);
+    const shell = shellOverride !== undefined
+        ? shellOverride
+        : (0, shell_detect_1.detectShell)(process.env, process.platform);
+    // ── STDOUT: only export statements ──────────────────────────────────────────
+    process.stdout.write((0, shell_detect_1.formatExport)(shell, 'CODEX_HOME', profileDir) + '\n');
+    process.stdout.write((0, shell_detect_1.formatExport)(shell, 'CCS_CODEX_PROFILE', profileName) + '\n');
+    // ── STDERR: human-readable hint ─────────────────────────────────────────────
+    process.stderr.write(`[i] Codex profile "${profileName}" active in this shell. Run: codex\n`);
+    if (shell === 'cmd') {
+        process.stderr.write('[i] Note: cmd.exe cannot eval output from a subprocess natively.\n');
+        process.stderr.write('    Use PowerShell: ccsx auth use ' + profileName + ' | Invoke-Expression\n');
+    }
+    // Note: This profile applies only to native `codex`.
+    // `ccsxp` ignores CCS_CODEX_PROFILE and uses its own cliproxy pool.
+}
+exports.handleUseCodex = handleUseCodex;
+// suppress unused import warning — exitWithError is available but we use process.exit
+// for stdout purity in this command
+void errors_1.exitWithError;
+//# sourceMappingURL=use-command.js.map

package/dist/codex-auth/commands/use-command.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"use-command.js","sourceRoot":"","sources":["../../../src/codex-auth/commands/use-command.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,CAAC,SAAS,gBAAgB;IACxB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,iFAAiF;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,GAAG,CAAC;YACtC,MAAM;QACR,CAAC;IACH,CAAC;AACH,CAAC,CAAC,EAAE,CAAC;AACL,gFAAgF;AAEhF,yCAA6C;AAC7C,wDAAmD;AACnD,gEAAgE;AAChE,kDAA4D;AAC5D,mCAAmF;AAInF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAEtE,KAAK,UAAU,cAAc,CAAC,GAAwB,EAAE,IAAc;IAC3E,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC;IAC/B,IAAA,gCAAwB,EAAC,MAAM,EAAE,yDAAyD,EAAE;QAC1F,KAAK,EAAE,IAAI;KACZ,CAAC,CAAC;IAEH,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;IAErD,oCAAoC;IACpC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACzF,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2BAAmB,EAAC,WAAW,CAAC,CAAC;IACnD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,SAAS,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,aAAa,KAAK,SAAS,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mCAAmC,aAAa,wCAAwC,CACzF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;IAEzB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC5E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,WAAW,gBAAgB,YAAY,IAAI,CAAC,CAAC;QAC5F,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,4CAAsB,EAAC,WAAW,CAAC,CAAC;IACvD,MAAM,KAAK,GACT,aAAa,KAAK,SAAS;QACzB,CAAC,CAAE,aAAuB;QAC1B,CAAC,CAAC,IAAA,0BAAW,EAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEjD,+EAA+E;IAC/E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,2BAAY,EAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,2BAAY,EAAC,KAAK,EAAE,mBAAmB,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;IAEnF,+EAA+E;IAC/E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,WAAW,sCAAsC,CAAC,CAAC;IAE9F,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;QAC3F,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oCAAoC,GAAG,WAAW,GAAG,wBAAwB,CAC9E,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,oEAAoE;AACtE,CAAC;AA/DD,wCA+DC;AAED,sFAAsF;AACtF,oCAAoC;AACpC,KAAK,sBAAa,CAAC"}

package/dist/codex-auth/decode-id-token.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { CodexAccountIdentity } from './types';
+/**
+ * Decode the payload of a JWT id_token without signature verification.
+ * Returns only the display-safe fields: email, plan_type, account_id.
+ * Returns {} on any parse failure — never throws.
+ *
+ * Security note: signature is NOT verified. This is purely cosmetic data
+ * for dashboard display. Auth boundary is OS file perms on auth.json.
+ */
+export declare function decodeIdToken(idToken: string): CodexAccountIdentity;
+export declare function hasStructurallyValidIdToken(idToken: string): boolean;
+//# sourceMappingURL=decode-id-token.d.ts.map

package/dist/codex-auth/decode-id-token.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"decode-id-token.d.ts","sourceRoot":"","sources":["../../src/codex-auth/decode-id-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAwCpD;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,oBAAoB,CA0BnE;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAEpE"}

package/dist/codex-auth/decode-id-token.js ADDED Viewed

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasStructurallyValidIdToken = exports.decodeIdToken = void 0;
+// JWT claim URI for OpenAI-specific auth data (nested object).
+// Verified against real auth.json: chatgpt_plan_type and chatgpt_account_id
+// live under this key, NOT at top level.
+const OPENAI_AUTH_CLAIM = 'https://api.openai.com/auth';
+const OPENAI_PROFILE_CLAIM = 'https://api.openai.com/profile';
+const BASE64URL_SEGMENT_RE = /^[A-Za-z0-9_-]+$/;
+function base64urlDecode(str) {
+    // Convert base64url to standard base64
+    const base64 = str.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = base64.padEnd(base64.length + ((4 - (base64.length % 4)) % 4), '=');
+    return Buffer.from(padded, 'base64').toString('utf8');
+}
+function isBase64UrlSegment(str) {
+    return str.length > 0 && str.length % 4 !== 1 && BASE64URL_SEGMENT_RE.test(str);
+}
+function decodeJsonSegment(str) {
+    return JSON.parse(base64urlDecode(str));
+}
+/**
+ * Decode the payload of a JWT id_token without signature verification.
+ * Returns only the display-safe fields: email, plan_type, account_id.
+ * Returns {} on any parse failure — never throws.
+ *
+ * Security note: signature is NOT verified. This is purely cosmetic data
+ * for dashboard display. Auth boundary is OS file perms on auth.json.
+ */
+function decodeIdToken(idToken) {
+    try {
+        const payload = decodeJwtPayload(idToken);
+        if (!payload)
+            return {};
+        const authClaim = payload[OPENAI_AUTH_CLAIM];
+        const profileClaim = payload[OPENAI_PROFILE_CLAIM];
+        // Email: prefer top-level, fall back to profile claim
+        const email = payload.email ?? profileClaim?.email;
+        const result = {};
+        if (typeof email === 'string' && email.length > 0) {
+            result.email = email;
+        }
+        if (typeof authClaim?.chatgpt_plan_type === 'string') {
+            result.plan_type = authClaim.chatgpt_plan_type;
+        }
+        if (typeof authClaim?.chatgpt_account_id === 'string') {
+            result.account_id = authClaim.chatgpt_account_id;
+        }
+        return result;
+    }
+    catch {
+        return {};
+    }
+}
+exports.decodeIdToken = decodeIdToken;
+function hasStructurallyValidIdToken(idToken) {
+    return decodeJwtPayload(idToken) !== null;
+}
+exports.hasStructurallyValidIdToken = hasStructurallyValidIdToken;
+function decodeJwtPayload(idToken) {
+    try {
+        const parts = idToken.split('.');
+        if (parts.length !== 3) {
+            return null;
+        }
+        if (!parts.every((part) => isBase64UrlSegment(part))) {
+            return null;
+        }
+        const header = decodeJsonSegment(parts[0] ?? '');
+        if (!header || typeof header !== 'object' || Array.isArray(header)) {
+            return null;
+        }
+        const payload = decodeJsonSegment(parts[1] ?? '');
+        if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
+            return null;
+        }
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=decode-id-token.js.map

package/dist/codex-auth/decode-id-token.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"decode-id-token.js","sourceRoot":"","sources":["../../src/codex-auth/decode-id-token.ts"],"names":[],"mappings":";;;AAEA,+DAA+D;AAC/D,4EAA4E;AAC5E,yCAAyC;AACzC,MAAM,iBAAiB,GAAG,6BAA6B,CAAC;AACxD,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;AAC9D,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAkBhD,SAAS,eAAe,CAAC,GAAW;IAClC,uCAAuC;IACvC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,aAAa,CAAC,OAAe;IAC3C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAExB,MAAM,SAAS,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAEnD,sDAAsD;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,YAAY,EAAE,KAAK,CAAC;QAEnD,MAAM,MAAM,GAAyB,EAAE,CAAC;QACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,CAAC;QACD,IAAI,OAAO,SAAS,EAAE,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC,iBAAiB,CAAC;QACjD,CAAC;QACD,IAAI,OAAO,SAAS,EAAE,kBAAkB,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC,kBAAkB,CAAC;QACnD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AA1BD,sCA0BC;AAED,SAAgB,2BAA2B,CAAC,OAAe;IACzD,OAAO,gBAAgB,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;AAC5C,CAAC;AAFD,kEAEC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,OAAqB,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/codex-auth/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export { CodexProfileRegistry } from './codex-profile-registry';
+export { getCodexAuthRegistryPath, getCodexInstancesDir, resolveCodexProfileDir, getSharedCodexConfigPath, } from './codex-profile-paths';
+export { ensureSharedConfigSymlink } from './codex-config-symlink';
+export { decodeAccountIdentity } from './codex-account-identity';
+export { decodeIdToken } from './decode-id-token';
+export type { CodexProfileMetadata, CodexProfileData, CodexAccountIdentity } from './types';
+export { CODEX_PROFILE_SCHEMA_VERSION } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/codex-auth/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/codex-auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAC5F,OAAO,EAAE,4BAA4B,EAAE,MAAM,SAAS,CAAC"}

package/dist/codex-auth/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CODEX_PROFILE_SCHEMA_VERSION = exports.decodeIdToken = exports.decodeAccountIdentity = exports.ensureSharedConfigSymlink = exports.getSharedCodexConfigPath = exports.resolveCodexProfileDir = exports.getCodexInstancesDir = exports.getCodexAuthRegistryPath = exports.CodexProfileRegistry = void 0;
+var codex_profile_registry_1 = require("./codex-profile-registry");
+Object.defineProperty(exports, "CodexProfileRegistry", { enumerable: true, get: function () { return codex_profile_registry_1.CodexProfileRegistry; } });
+var codex_profile_paths_1 = require("./codex-profile-paths");
+Object.defineProperty(exports, "getCodexAuthRegistryPath", { enumerable: true, get: function () { return codex_profile_paths_1.getCodexAuthRegistryPath; } });
+Object.defineProperty(exports, "getCodexInstancesDir", { enumerable: true, get: function () { return codex_profile_paths_1.getCodexInstancesDir; } });
+Object.defineProperty(exports, "resolveCodexProfileDir", { enumerable: true, get: function () { return codex_profile_paths_1.resolveCodexProfileDir; } });
+Object.defineProperty(exports, "getSharedCodexConfigPath", { enumerable: true, get: function () { return codex_profile_paths_1.getSharedCodexConfigPath; } });
+var codex_config_symlink_1 = require("./codex-config-symlink");
+Object.defineProperty(exports, "ensureSharedConfigSymlink", { enumerable: true, get: function () { return codex_config_symlink_1.ensureSharedConfigSymlink; } });
+var codex_account_identity_1 = require("./codex-account-identity");
+Object.defineProperty(exports, "decodeAccountIdentity", { enumerable: true, get: function () { return codex_account_identity_1.decodeAccountIdentity; } });
+var decode_id_token_1 = require("./decode-id-token");
+Object.defineProperty(exports, "decodeIdToken", { enumerable: true, get: function () { return decode_id_token_1.decodeIdToken; } });
+var types_1 = require("./types");
+Object.defineProperty(exports, "CODEX_PROFILE_SCHEMA_VERSION", { enumerable: true, get: function () { return types_1.CODEX_PROFILE_SCHEMA_VERSION; } });
+//# sourceMappingURL=index.js.map

package/dist/codex-auth/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/codex-auth/index.ts"],"names":[],"mappings":";;;AAAA,mEAAgE;AAAvD,8HAAA,oBAAoB,OAAA;AAC7B,6DAK+B;AAJ7B,+HAAA,wBAAwB,OAAA;AACxB,2HAAA,oBAAoB,OAAA;AACpB,6HAAA,sBAAsB,OAAA;AACtB,+HAAA,wBAAwB,OAAA;AAE1B,+DAAmE;AAA1D,iIAAA,yBAAyB,OAAA;AAClC,mEAAiE;AAAxD,+HAAA,qBAAqB,OAAA;AAC9B,qDAAkD;AAAzC,gHAAA,aAAa,OAAA;AAEtB,iCAAuD;AAA9C,qHAAA,4BAA4B,OAAA"}

package/dist/codex-auth/resolve-active-profile.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/// <reference types="node" />
+/// <reference types="bun-types" />
+export interface ResolvedProfile {
+    name: string;
+    dir: string;
+    source: 'env' | 'default';
+}
+export declare class CodexAuthProfileResolutionError extends Error {
+    constructor(message: string);
+}
+/** @param env - Process env map; defaults to process.env. Injectable for tests. */
+export declare function resolveActiveProfile(env?: NodeJS.ProcessEnv): ResolvedProfile | null;
+//# sourceMappingURL=resolve-active-profile.d.ts.map

package/dist/codex-auth/resolve-active-profile.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resolve-active-profile.d.ts","sourceRoot":"","sources":["../../src/codex-auth/resolve-active-profile.ts"],"names":[],"mappings":";;AAcA,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC;CAC3B;AAED,qBAAa,+BAAgC,SAAQ,KAAK;gBAC5C,OAAO,EAAE,MAAM;CAI5B;AAyED,mFAAmF;AACnF,wBAAgB,oBAAoB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,eAAe,GAAG,IAAI,CA8FjG"}

package/dist/codex-auth/resolve-active-profile.js ADDED Viewed

@@ -0,0 +1,161 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveActiveProfile = exports.CodexAuthProfileResolutionError = void 0;
+/**
+ * Synchronous hot-path resolver for the active codex auth profile. <5ms typical.
+ * Precedence: CCS_CODEX_PROFILE env → registry.default → null (legacy ~/.codex).
+ * Legacy fallback is allowed only when no explicit CCS_CODEX_PROFILE was requested.
+ */
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const yaml = __importStar(require("js-yaml"));
+const codex_profile_paths_1 = require("./codex-profile-paths");
+const config_manager_1 = require("../utils/config-manager");
+const types_1 = require("./types");
+const codex_profile_registry_1 = require("./codex-profile-registry");
+class CodexAuthProfileResolutionError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CodexAuthProfileResolutionError';
+    }
+}
+exports.CodexAuthProfileResolutionError = CodexAuthProfileResolutionError;
+function quoteDiagnosticValue(value) {
+    const escaped = value
+        .replace(/[\x00-\x1f\x7f]/g, (char) => `\\x${char.charCodeAt(0).toString(16).padStart(2, '0')}`)
+        .replace(/'/g, "\\'");
+    return `'${escaped.length > 96 ? `${escaped.slice(0, 96)}...` : escaped}'`;
+}
+function registryDisplayPath(registryPath) {
+    const [source] = (0, config_manager_1.getCcsDirSource)();
+    if (source === 'default') {
+        return process.platform === 'win32'
+            ? '%USERPROFILE%\\.ccs\\codex-profiles.yaml'
+            : '~/.ccs/codex-profiles.yaml';
+    }
+    if (source === 'CCS_HOME' || source === 'scoped:CCS_HOME') {
+        return '$CCS_HOME/.ccs/codex-profiles.yaml';
+    }
+    if (source === 'CCS_DIR' || source === 'scoped:CCS_DIR') {
+        return '$CCS_DIR/codex-profiles.yaml';
+    }
+    return registryPath;
+}
+function resolutionFailure(message, envName, displayEnvName) {
+    const prefix = envName ? `CCS_CODEX_PROFILE=${displayEnvName} is set but ` : '';
+    throw new CodexAuthProfileResolutionError(`${prefix}${message}. Refusing to fall back to ~/.codex.`);
+}
+function assertValidProfileNameForResolution(name, envName, displayEnvName) {
+    const nameError = (0, types_1.getCodexProfileNameError)(name);
+    if (nameError) {
+        resolutionFailure(`profile name ${quoteDiagnosticValue(name)} is invalid: ${nameError}`, envName, displayEnvName);
+    }
+}
+function assertValidProfileEntry(name, profiles, envName, displayEnvName, displayRegistryPath) {
+    assertValidProfileNameForResolution(name, envName, displayEnvName);
+    const profile = profiles[name];
+    if (!profile || typeof profile !== 'object' || Array.isArray(profile)) {
+        resolutionFailure(`registry profile ${quoteDiagnosticValue(name)} at ${displayRegistryPath} is not a valid object`, envName, displayEnvName);
+    }
+    const type = profile.type;
+    if (type !== 'codex') {
+        resolutionFailure(`registry profile ${quoteDiagnosticValue(name)} at ${displayRegistryPath} is not a Codex profile`, envName, displayEnvName);
+    }
+}
+/** @param env - Process env map; defaults to process.env. Injectable for tests. */
+function resolveActiveProfile(env = process.env) {
+    const registryPath = (0, codex_profile_paths_1.getCodexAuthRegistryPath)();
+    const envName = (env.CCS_CODEX_PROFILE ?? '').trim();
+    const displayEnvName = quoteDiagnosticValue(envName);
+    const displayRegistryPath = registryDisplayPath(registryPath);
+    // F4: silent fallback — no registry means no profiles, legacy mode
+    if (!fs.existsSync(registryPath)) {
+        if (envName) {
+            throw new CodexAuthProfileResolutionError(`CCS_CODEX_PROFILE=${displayEnvName} is set but ${displayRegistryPath} does not exist. Refusing to fall back to ~/.codex.`);
+        }
+        return null;
+    }
+    let parsed;
+    try {
+        const raw = fs.readFileSync(registryPath, 'utf8');
+        parsed = yaml.load(raw);
+    }
+    catch (err) {
+        if (err instanceof CodexAuthProfileResolutionError)
+            throw err;
+        const msg = `registry YAML could not be parsed at ${displayRegistryPath}`;
+        resolutionFailure(msg, envName, displayEnvName);
+    }
+    let registry;
+    try {
+        registry = (0, codex_profile_registry_1.validateCodexProfileRegistryData)(parsed);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        resolutionFailure(`registry at ${displayRegistryPath} is invalid: ${msg}`, envName, displayEnvName);
+    }
+    const profiles = registry.profiles;
+    if (!profiles || typeof profiles !== 'object' || Array.isArray(profiles)) {
+        resolutionFailure(`registry at ${displayRegistryPath} is missing a valid profiles map`, envName, displayEnvName);
+    }
+    for (const profileName of Object.keys(profiles)) {
+        assertValidProfileEntry(profileName, profiles, envName, displayEnvName, displayRegistryPath);
+    }
+    // F2: explicit env override
+    if (envName) {
+        assertValidProfileNameForResolution(envName, envName, displayEnvName);
+        if (!Object.prototype.hasOwnProperty.call(profiles, envName)) {
+            throw new CodexAuthProfileResolutionError(`CCS_CODEX_PROFILE=${displayEnvName} not found in registry. Refusing to fall back to ~/.codex.`);
+        }
+        assertValidProfileEntry(envName, profiles, envName, displayEnvName, displayRegistryPath);
+        return {
+            name: envName,
+            dir: path.resolve((0, codex_profile_paths_1.resolveCodexProfileDir)(envName)),
+            source: 'env',
+        };
+    }
+    // F3: registry default
+    const defaultName = registry.default;
+    if (defaultName !== null) {
+        if (typeof defaultName !== 'string') {
+            resolutionFailure(`registry default at ${displayRegistryPath} is not a valid profile name`, envName, displayEnvName);
+        }
+        assertValidProfileNameForResolution(defaultName, envName, displayEnvName);
+        if (!Object.prototype.hasOwnProperty.call(profiles, defaultName)) {
+            resolutionFailure(`registry default ${quoteDiagnosticValue(defaultName)} is missing from profiles map`, envName, displayEnvName);
+        }
+        assertValidProfileEntry(defaultName, profiles, envName, displayEnvName, displayRegistryPath);
+        return {
+            name: defaultName,
+            dir: path.resolve((0, codex_profile_paths_1.resolveCodexProfileDir)(defaultName)),
+            source: 'default',
+        };
+    }
+    // F4: no profile configured
+    return null;
+}
+exports.resolveActiveProfile = resolveActiveProfile;
+//# sourceMappingURL=resolve-active-profile.js.map

package/dist/codex-auth/resolve-active-profile.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resolve-active-profile.js","sourceRoot":"","sources":["../../src/codex-auth/resolve-active-profile.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,uCAAyB;AACzB,2CAA6B;AAC7B,8CAAgC;AAChC,+DAAyF;AACzF,4DAA0D;AAC1D,mCAAmD;AACnD,qEAA4E;AAS5E,MAAa,+BAAgC,SAAQ,KAAK;IACxD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC;IAChD,CAAC;CACF;AALD,0EAKC;AAED,SAAS,oBAAoB,CAAC,KAAa;IACzC,MAAM,OAAO,GAAG,KAAK;SAClB,OAAO,CAAC,kBAAkB,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;SAC/F,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACxB,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC;AAC7E,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB;IAC/C,MAAM,CAAC,MAAM,CAAC,GAAG,IAAA,gCAAe,GAAE,CAAC;IACnC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO;YACjC,CAAC,CAAC,0CAA0C;YAC5C,CAAC,CAAC,4BAA4B,CAAC;IACnC,CAAC;IACD,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;QAC1D,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;QACxD,OAAO,8BAA8B,CAAC;IACxC,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,OAAe,EAAE,cAAsB;IACjF,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,qBAAqB,cAAc,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;IAChF,MAAM,IAAI,+BAA+B,CACvC,GAAG,MAAM,GAAG,OAAO,sCAAsC,CAC1D,CAAC;AACJ,CAAC;AAED,SAAS,mCAAmC,CAC1C,IAAY,EACZ,OAAe,EACf,cAAsB;IAEtB,MAAM,SAAS,GAAG,IAAA,gCAAwB,EAAC,IAAI,CAAC,CAAC;IACjD,IAAI,SAAS,EAAE,CAAC;QACd,iBAAiB,CACf,gBAAgB,oBAAoB,CAAC,IAAI,CAAC,gBAAgB,SAAS,EAAE,EACrE,OAAO,EACP,cAAc,CACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,IAAY,EACZ,QAAiC,EACjC,OAAe,EACf,cAAsB,EACtB,mBAA2B;IAE3B,mCAAmC,CAAC,IAAI,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IACnE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACtE,iBAAiB,CACf,oBAAoB,oBAAoB,CAAC,IAAI,CAAC,OAAO,mBAAmB,wBAAwB,EAChG,OAAO,EACP,cAAc,CACf,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAI,OAA8B,CAAC,IAAI,CAAC;IAClD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,iBAAiB,CACf,oBAAoB,oBAAoB,CAAC,IAAI,CAAC,OAAO,mBAAmB,yBAAyB,EACjG,OAAO,EACP,cAAc,CACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED,mFAAmF;AACnF,SAAgB,oBAAoB,CAAC,MAAyB,OAAO,CAAC,GAAG;IACvE,MAAM,YAAY,GAAG,IAAA,8CAAwB,GAAE,CAAC;IAChD,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,cAAc,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAE9D,mEAAmE;IACnE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,+BAA+B,CACvC,qBAAqB,cAAc,eAAe,mBAAmB,qDAAqD,CAC3H,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,+BAA+B;YAAE,MAAM,GAAG,CAAC;QAC9D,MAAM,GAAG,GAAG,wCAAwC,mBAAmB,EAAE,CAAC;QAC1E,iBAAiB,CAAC,GAAG,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,QAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,QAAQ,GAAG,IAAA,yDAAgC,EAAC,MAAM,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,iBAAiB,CACf,eAAe,mBAAmB,gBAAgB,GAAG,EAAE,EACvD,OAAO,EACP,cAAc,CACf,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC;IACnC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzE,iBAAiB,CACf,eAAe,mBAAmB,kCAAkC,EACpE,OAAO,EACP,cAAc,CACf,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,uBAAuB,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAC;IAC/F,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,EAAE,CAAC;QACZ,mCAAmC,CAAC,OAAO,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;QACtE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,+BAA+B,CACvC,qBAAqB,cAAc,4DAA4D,CAChG,CAAC;QACJ,CAAC;QACD,uBAAuB,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAC;QACzF,OAAO;YACL,IAAI,EAAE,OAAO;YACb,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,IAAA,4CAAsB,EAAC,OAAO,CAAC,CAAC;YAClD,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC;IACrC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,iBAAiB,CACf,uBAAuB,mBAAmB,8BAA8B,EACxE,OAAO,EACP,cAAc,CACf,CAAC;QACJ,CAAC;QACD,mCAAmC,CAAC,WAAW,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;QAC1E,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;YACjE,iBAAiB,CACf,oBAAoB,oBAAoB,CAAC,WAAW,CAAC,+BAA+B,EACpF,OAAO,EACP,cAAc,CACf,CAAC;QACJ,CAAC;QACD,uBAAuB,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAC;QAC7F,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,IAAA,4CAAsB,EAAC,WAAW,CAAC,CAAC;YACtD,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AA9FD,oDA8FC"}

package/dist/codex-auth/shell-detect.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Shell detection for codex-auth use command.
+ * Determines current shell to emit correct eval-safe export syntax.
+ */
+/// <reference types="node" />
+/// <reference types="bun-types" />
+export type Shell = 'bash' | 'zsh' | 'fish' | 'pwsh' | 'cmd';
+/**
+ * Detect current shell from environment.
+ * On Windows: inspect explicit shell executable hints, else default to cmd.
+ * On Unix: inspect $SHELL suffix.
+ */
+export declare function detectShell(env?: NodeJS.ProcessEnv, platform?: string, parentProcessName?: string): Shell;
+/**
+ * Format a single env var export statement for the target shell.
+ * Used by use-command to emit eval-safe lines.
+ */
+export declare function formatExport(shell: Shell, key: string, value: string): string;
+//# sourceMappingURL=shell-detect.d.ts.map

package/dist/codex-auth/shell-detect.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"shell-detect.d.ts","sourceRoot":"","sources":["../../src/codex-auth/shell-detect.ts"],"names":[],"mappings":"AAAA;;;GAGG;;;AAIH,MAAM,MAAM,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC;AAE7D;;;;GAIG;AACH,wBAAgB,WAAW,CACzB,GAAG,GAAE,MAAM,CAAC,UAAwB,EACpC,QAAQ,GAAE,MAAyB,EACnC,iBAAiB,CAAC,EAAE,MAAM,GACzB,KAAK,CAaP;AAuED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAY7E"}