@kaitranntt/ccs 7.79.1 → 8.0.0

package/dist/codex-auth/commands/show-detail-view.js

@@ -0,0 +1,134 @@
+"use strict";
+/**
+ * Detail view renderer for `ccsx auth show <name>`.
+ * Extracted from show-command.ts to keep files under 200 lines.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.showProfileDetail = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const ui_1 = require("../../utils/ui");
+const errors_1 = require("../../errors");
+const exit_codes_1 = require("../../errors/exit-codes");
+const codex_profile_paths_1 = require("../codex-profile-paths");
+const codex_account_identity_1 = require("../codex-account-identity");
+function showProfileDetail(profileName, ctx, json) {
+    const { registry } = ctx;
+    if (!registry.hasProfile(profileName)) {
+        (0, errors_1.exitWithError)(`Profile not found: ${profileName}`, exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const meta = registry.getProfile(profileName);
+    const profileDir = (0, codex_profile_paths_1.resolveCodexProfileDir)(profileName);
+    const authJsonPath = path.join(profileDir, 'auth.json');
+    const configTomlPath = path.join(profileDir, 'config.toml');
+    const authExists = fs.existsSync(authJsonPath);
+    let authMtime = null;
+    let identity = {
+        email: undefined,
+        plan_type: undefined,
+        account_id: undefined,
+    };
+    let authState = 'missing';
+    if (authExists) {
+        try {
+            const stat = fs.statSync(authJsonPath);
+            authMtime = stat.mtime.toISOString();
+            identity = (0, codex_account_identity_1.decodeAccountIdentity)(authJsonPath);
+            authState = `present (mtime: ${new Date(authMtime).toLocaleString()})`;
+        }
+        catch {
+            authState = 'present (unreadable)';
+        }
+    }
+    // Inspect config.toml symlink
+    let configTarget = null;
+    try {
+        const lstat = fs.lstatSync(configTomlPath);
+        if (lstat.isSymbolicLink()) {
+            configTarget = fs.readlinkSync(configTomlPath);
+        }
+        else {
+            configTarget = `${configTomlPath} (regular file, not symlink)`;
+        }
+    }
+    catch {
+        configTarget = null;
+    }
+    const isDefault = registry.getDefault() === profileName;
+    const isActive = process.env.CCS_CODEX_PROFILE === profileName;
+    const states = [];
+    if (isDefault)
+        states.push('default');
+    if (isActive)
+        states.push('active');
+    const stateStr = states.join(',');
+    const accountId = meta.account_id ?? identity.account_id ?? null;
+    const email = meta.email ?? identity.email ?? null;
+    const plan = meta.plan_type ?? identity.plan_type ?? null;
+    if (json) {
+        const out = {
+            name: profileName,
+            is_default: isDefault,
+            is_active: isActive,
+            created: meta.created,
+            last_used: meta.last_used ?? null,
+            email,
+            plan,
+            account_id: accountId,
+            profile_dir: profileDir,
+            auth_json_exists: authExists,
+            auth_json_mtime: authMtime,
+            config_toml_link_target: configTarget,
+        };
+        console.log(JSON.stringify(out, null, 2));
+        return;
+    }
+    const badge = stateStr ? ` (${stateStr})` : '';
+    console.log(`Codex Profile: ${profileName}${badge}`);
+    console.log('');
+    const rows = [
+        ['Name', profileName],
+        ['Profile dir', profileDir],
+        ['config.toml', configTarget ? `-> ${configTarget}  (symlink)` : '(not linked)'],
+        ['auth.json', authState],
+        ['Email', email ?? (authExists ? '<invalid>' : '<unknown>')],
+        ['Plan', plan ?? (authExists ? '<invalid>' : '<unknown>')],
+        ['Account ID', accountId ?? '-'],
+        ['Created', new Date(meta.created).toLocaleString()],
+        ['Last used', meta.last_used ? new Date(meta.last_used).toLocaleString() : 'never'],
+        ['CODEX_HOME (env)', process.env.CODEX_HOME ?? 'unset'],
+        ['CCS_CODEX_PROFILE', process.env.CCS_CODEX_PROFILE ?? 'unset'],
+    ];
+    console.log((0, ui_1.table)(rows, { colWidths: [20, 55] }));
+    // H4: warn if config.toml is a regular file (not symlink)
+    if (configTarget && configTarget.includes('regular file')) {
+        process.stderr.write(`[!] config.toml is a regular file, not a symlink. Config changes won't propagate.\n`);
+        process.stderr.write(`    Run: ccsx auth create ${profileName} --force\n`);
+    }
+}
+exports.showProfileDetail = showProfileDetail;
+//# sourceMappingURL=show-detail-view.js.map

package/dist/codex-auth/commands/show-detail-view.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"show-detail-view.js","sourceRoot":"","sources":["../../../src/codex-auth/commands/show-detail-view.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAuC;AACvC,yCAA6C;AAC7C,wDAAmD;AACnD,gEAAgE;AAChE,sEAAkE;AAGlE,SAAgB,iBAAiB,CAC/B,WAAmB,EACnB,GAAwB,EACxB,IAAa;IAEb,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;IAEzB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtC,IAAA,sBAAa,EAAC,sBAAsB,WAAW,EAAE,EAAE,qBAAQ,CAAC,aAAa,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAA,4CAAsB,EAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAE5D,MAAM,UAAU,GAAG,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,QAAQ,GAAG;QACb,KAAK,EAAE,SAA+B;QACtC,SAAS,EAAE,SAA+B;QAC1C,UAAU,EAAE,SAA+B;KAC5C,CAAC;IACF,IAAI,SAAS,GAAG,SAAS,CAAC;IAE1B,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YACvC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;YACrC,QAAQ,GAAG,IAAA,8CAAqB,EAAC,YAAY,CAAoB,CAAC;YAClE,SAAS,GAAG,mBAAmB,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,GAAG,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,GAAG,sBAAsB,CAAC;QACrC,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;YAC3B,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,GAAG,cAAc,8BAA8B,CAAC;QACjE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,UAAU,EAAE,KAAK,WAAW,CAAC;IACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,WAAW,CAAC;IAC/D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS;QAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtC,IAAI,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC;IACjE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC;IACnD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC;IAE1D,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,GAAG,GAAuB;YAC9B,IAAI,EAAE,WAAW;YACjB,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,KAAK;YACL,IAAI;YACJ,UAAU,EAAE,SAAS;YACrB,WAAW,EAAE,UAAU;YACvB,gBAAgB,EAAE,UAAU;YAC5B,eAAe,EAAE,SAAS;YAC1B,uBAAuB,EAAE,YAAY;SACtC,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,kBAAkB,WAAW,GAAG,KAAK,EAAE,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,IAAI,GAAuB;QAC/B,CAAC,MAAM,EAAE,WAAW,CAAC;QACrB,CAAC,aAAa,EAAE,UAAU,CAAC;QAC3B,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,YAAY,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC;QAChF,CAAC,WAAW,EAAE,SAAS,CAAC;QACxB,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAC5D,CAAC,MAAM,EAAE,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAC1D,CAAC,YAAY,EAAE,SAAS,IAAI,GAAG,CAAC;QAChC,CAAC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,CAAC;QACpD,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QACnF,CAAC,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC;QACvD,CAAC,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC;KAChE,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,IAAA,UAAK,EAAC,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAElD,0DAA0D;IAC1D,IAAI,YAAY,IAAI,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qFAAqF,CACtF,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,WAAW,YAAY,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AA1GD,8CA0GC"}

package/dist/codex-auth/commands/switch-command.d.ts

@@ -0,0 +1,7 @@
+/**
+ * codex-auth switch command.
+ * Sets the persistent default Codex profile in the registry.
+ */
+import type { CodexCommandContext } from './types';
+export declare function handleSwitchCodex(ctx: CodexCommandContext, args: string[]): Promise<void>;
+//# sourceMappingURL=switch-command.d.ts.map

package/dist/codex-auth/commands/switch-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"switch-command.d.ts","sourceRoot":"","sources":["../../../src/codex-auth/commands/switch-command.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAEnD,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA2C/F"}

package/dist/codex-auth/commands/switch-command.js

@@ -0,0 +1,48 @@
+"use strict";
+/**
+ * codex-auth switch command.
+ * Sets the persistent default Codex profile in the registry.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleSwitchCodex = void 0;
+const ui_1 = require("../../utils/ui");
+const errors_1 = require("../../errors");
+const exit_codes_1 = require("../../errors/exit-codes");
+const types_1 = require("./types");
+async function handleSwitchCodex(ctx, args) {
+    await (0, ui_1.initUI)();
+    const parsed = (0, types_1.parseArgs)(args);
+    (0, types_1.rejectUnsupportedOptions)(parsed, 'ccsx auth switch <name>');
+    const { profileName } = parsed;
+    if (!profileName) {
+        console.log('Usage: ccsx auth switch <name>');
+        (0, errors_1.exitWithError)('Profile name required', exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const nameError = (0, types_1.getProfileNameError)(profileName);
+    if (nameError) {
+        (0, errors_1.exitWithError)(nameError, exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const { registry } = ctx;
+    if (!registry.hasProfile(profileName)) {
+        const available = registry.listProfiles();
+        const availableStr = available.length > 0 ? available.join(', ') : '<none>';
+        (0, errors_1.exitWithError)(`Profile not found: ${profileName}. Available: ${availableStr}`, exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    registry.setDefault(profileName);
+    const meta = registry.getProfile(profileName);
+    const emailStr = meta.email ? `\n    Email: ${meta.email}` : '';
+    const planStr = meta.plan_type ? `\n    Plan : ${meta.plan_type}` : '';
+    console.log((0, ui_1.ok)(`Default Codex profile: ${profileName}`));
+    if (emailStr)
+        process.stdout.write(emailStr + '\n');
+    if (planStr)
+        process.stdout.write(planStr + '\n');
+    console.log('');
+    console.log('[i] This is the persistent default. To use a different profile in the');
+    console.log(`    current shell only, run: eval "$(ccsx auth use <other>)"`);
+}
+exports.handleSwitchCodex = handleSwitchCodex;
+//# sourceMappingURL=switch-command.js.map

package/dist/codex-auth/commands/switch-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"switch-command.js","sourceRoot":"","sources":["../../../src/codex-auth/commands/switch-command.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,uCAA4C;AAC5C,yCAA6C;AAC7C,wDAAmD;AACnD,mCAAmF;AAG5E,KAAK,UAAU,iBAAiB,CAAC,GAAwB,EAAE,IAAc;IAC9E,MAAM,IAAA,WAAM,GAAE,CAAC;IACf,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC;IAC/B,IAAA,gCAAwB,EAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;IAE5D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAE/B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAC9C,IAAA,sBAAa,EAAC,uBAAuB,EAAE,qBAAQ,CAAC,aAAa,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2BAAmB,EAAC,WAAW,CAAC,CAAC;IACnD,IAAI,SAAS,EAAE,CAAC;QACd,IAAA,sBAAa,EAAC,SAAS,EAAE,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;IAEzB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC5E,IAAA,sBAAa,EACX,sBAAsB,WAAW,gBAAgB,YAAY,EAAE,EAC/D,qBAAQ,CAAC,aAAa,CACvB,CAAC;QACF,OAAO;IACT,CAAC;IAED,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAEjC,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,gBAAgB,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEvE,OAAO,CAAC,GAAG,CAAC,IAAA,OAAE,EAAC,0BAA0B,WAAW,EAAE,CAAC,CAAC,CAAC;IACzD,IAAI,QAAQ;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACpD,IAAI,OAAO;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,uEAAuE,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;AAC9E,CAAC;AA3CD,8CA2CC"}

package/dist/codex-auth/commands/types.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Shared types and utilities for codex-auth command handlers.
+ */
+import type { CodexProfileRegistry } from '../codex-profile-registry';
+import { getCodexProfileNameError, isValidCodexProfileName } from '../types';
+export { formatRelativeTime } from '../../utils/time';
+export interface CodexCommandContext {
+    registry: CodexProfileRegistry;
+    version: string;
+}
+export interface CodexAuthArgs {
+    profileName?: string;
+    yes?: boolean;
+    json?: boolean;
+    force?: boolean;
+    shell?: string;
+    unknownFlags?: string[];
+    seenOptions?: string[];
+    extraPositionals?: string[];
+}
+export interface CodexProfileOutput {
+    name: string;
+    is_default: boolean;
+    is_active: boolean;
+    created: string;
+    last_used: string | null;
+    email: string | null;
+    plan: string | null;
+    account_id: string | null;
+    profile_dir: string;
+    auth_json_exists: boolean;
+    auth_json_mtime: string | null;
+    config_toml_link_target: string | null;
+}
+export { isValidCodexProfileName };
+export declare const getProfileNameError: typeof getCodexProfileNameError;
+export declare function parseArgs(args: string[]): CodexAuthArgs;
+export interface AllowedCodexAuthOptions {
+    yes?: boolean;
+    json?: boolean;
+    force?: boolean;
+    shell?: boolean;
+}
+export declare function rejectUnsupportedOptions(parsed: CodexAuthArgs, usage: string, allowed?: AllowedCodexAuthOptions): void;
+//# sourceMappingURL=types.d.ts.map

package/dist/codex-auth/commands/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/codex-auth/commands/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAG7E,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAItD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAID,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;CACxC;AAID,OAAO,EAAE,uBAAuB,EAAE,CAAC;AACnC,eAAO,MAAM,mBAAmB,iCAA2B,CAAC;AAI5D,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAqCvD;AAED,MAAM,WAAW,uBAAuB;IACtC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,aAAa,EACrB,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,uBAA4B,GACpC,IAAI,CAoBN"}

package/dist/codex-auth/commands/types.js

@@ -0,0 +1,85 @@
+"use strict";
+/**
+ * Shared types and utilities for codex-auth command handlers.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rejectUnsupportedOptions = exports.parseArgs = exports.getProfileNameError = exports.isValidCodexProfileName = exports.formatRelativeTime = void 0;
+const ui_1 = require("../../utils/ui");
+const errors_1 = require("../../errors");
+const exit_codes_1 = require("../../errors/exit-codes");
+const types_1 = require("../types");
+Object.defineProperty(exports, "isValidCodexProfileName", { enumerable: true, get: function () { return types_1.isValidCodexProfileName; } });
+// Re-export for convenience in command modules
+var time_1 = require("../../utils/time");
+Object.defineProperty(exports, "formatRelativeTime", { enumerable: true, get: function () { return time_1.formatRelativeTime; } });
+exports.getProfileNameError = types_1.getCodexProfileNameError;
+// ── Arg parsing ───────────────────────────────────────────────────────────────
+function parseArgs(args) {
+    const result = { unknownFlags: [], seenOptions: [] };
+    const positional = [];
+    const markSeen = (flag) => result.seenOptions?.push(flag);
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === '--yes' || arg === '-y') {
+            markSeen('--yes');
+            result.yes = true;
+        }
+        else if (arg === '--json') {
+            markSeen('--json');
+            result.json = true;
+        }
+        else if (arg === '--force') {
+            markSeen('--force');
+            result.force = true;
+        }
+        else if (arg === '--shell') {
+            markSeen('--shell');
+            result.shell = args[++i] ?? '';
+        }
+        else if (arg.startsWith('--shell=')) {
+            markSeen('--shell');
+            result.shell = arg.slice('--shell='.length);
+        }
+        else if (arg.startsWith('-') && arg !== '--') {
+            if (result.unknownFlags)
+                result.unknownFlags.push(arg);
+        }
+        else if (arg !== '--') {
+            positional.push(arg);
+        }
+    }
+    if (positional.length > 0) {
+        result.profileName = positional[0];
+    }
+    if (positional.length > 1) {
+        result.extraPositionals = positional.slice(1);
+    }
+    return result;
+}
+exports.parseArgs = parseArgs;
+function rejectUnsupportedOptions(parsed, usage, allowed = {}) {
+    const unsupported = new Set(parsed.unknownFlags ?? []);
+    const seen = new Set(parsed.seenOptions ?? []);
+    if (seen.has('--yes') && !allowed.yes)
+        unsupported.add('--yes');
+    if (seen.has('--json') && !allowed.json)
+        unsupported.add('--json');
+    if (seen.has('--force') && !allowed.force)
+        unsupported.add('--force');
+    if (seen.has('--shell') && !allowed.shell)
+        unsupported.add('--shell');
+    const extraPositionals = parsed.extraPositionals ?? [];
+    if (unsupported.size > 0 || extraPositionals.length > 0) {
+        const flags = [...unsupported].join(', ');
+        process.stderr.write(`Usage: ${(0, ui_1.color)(usage, 'command')}\n`);
+        const details = [
+            flags ? `Unknown options: ${flags}` : null,
+            extraPositionals.length > 0
+                ? `Unexpected arguments: ${extraPositionals.map((arg) => `"${arg}"`).join(', ')}`
+                : null,
+        ].filter(Boolean);
+        (0, errors_1.exitWithError)(details.join('; '), exit_codes_1.ExitCode.GENERAL_ERROR);
+    }
+}
+exports.rejectUnsupportedOptions = rejectUnsupportedOptions;
+//# sourceMappingURL=types.js.map

package/dist/codex-auth/commands/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/codex-auth/commands/types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,uCAAuC;AACvC,yCAA6C;AAC7C,wDAAmD;AAEnD,oCAA6E;AA4CpE,wGA5C0B,+BAAuB,OA4C1B;AA1ChC,+CAA+C;AAC/C,yCAAsD;AAA7C,0GAAA,kBAAkB,OAAA;AA0Cd,QAAA,mBAAmB,GAAG,gCAAwB,CAAC;AAE5D,iFAAiF;AAEjF,SAAgB,SAAS,CAAC,IAAc;IACtC,MAAM,MAAM,GAAkB,EAAE,YAAY,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACpE,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAElE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACpC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC;QACpB,CAAC;aAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnB,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QACrB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAC/C,IAAI,MAAM,CAAC,YAAY;gBAAE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACxB,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,gBAAgB,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AArCD,8BAqCC;AASD,SAAgB,wBAAwB,CACtC,MAAqB,EACrB,KAAa,EACb,UAAmC,EAAE;IAErC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG;QAAE,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAChE,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI;QAAE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACnE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK;QAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK;QAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtE,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC;IAEvD,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,IAAA,UAAK,EAAC,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,CAAC,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI;YAC1C,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,CAAC,CAAC,yBAAyB,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACjF,CAAC,CAAC,IAAI;SACT,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAClB,IAAA,sBAAa,EAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,qBAAQ,CAAC,aAAa,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAxBD,4DAwBC"}

package/dist/codex-auth/commands/use-command.d.ts

@@ -0,0 +1,16 @@
+/**
+ * codex-auth use command.
+ *
+ * STDOUT DISCIPLINE (C2, R4): stdout contains ONLY shell-evalable export
+ * statements. ALL errors, hints, and info messages go to STDERR so that
+ * `eval "$(ccsx auth use <name>)"` is never contaminated.
+ *
+ * Belt-and-suspenders for C2: the primary protection is
+ * `src/bin/codex-runtime-router.ts`, which dispatches `auth` subcommands
+ * BEFORE pre-dispatch runs at all. This IIFE is a fallback for any future
+ * code path (e.g., direct import from a different bin entry) that bypasses
+ * the router and would otherwise let pre-dispatch banners hit stdout.
+ */
+import type { CodexCommandContext } from './types';
+export declare function handleUseCodex(ctx: CodexCommandContext, args: string[]): Promise<void>;
+//# sourceMappingURL=use-command.d.ts.map

package/dist/codex-auth/commands/use-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-command.d.ts","sourceRoot":"","sources":["../../../src/codex-auth/commands/use-command.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAoBH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAInD,wBAAsB,cAAc,CAAC,GAAG,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA+D5F"}

package/dist/codex-auth/commands/use-command.js

@@ -0,0 +1,86 @@
+"use strict";
+/**
+ * codex-auth use command.
+ *
+ * STDOUT DISCIPLINE (C2, R4): stdout contains ONLY shell-evalable export
+ * statements. ALL errors, hints, and info messages go to STDERR so that
+ * `eval "$(ccsx auth use <name>)"` is never contaminated.
+ *
+ * Belt-and-suspenders for C2: the primary protection is
+ * `src/bin/codex-runtime-router.ts`, which dispatches `auth` subcommands
+ * BEFORE pre-dispatch runs at all. This IIFE is a fallback for any future
+ * code path (e.g., direct import from a different bin entry) that bypasses
+ * the router and would otherwise let pre-dispatch banners hit stdout.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleUseCodex = void 0;
+(function guardPreDispatch() {
+    const argv = process.argv;
+    // argv[2] is the first user arg to ccsx (e.g. "auth"), argv[3] is the subcommand
+    for (let i = 2; i < argv.length - 1; i++) {
+        if (argv[i] === 'auth' && argv[i + 1] === 'use') {
+            process.env.CCS_NO_PRE_DISPATCH = '1';
+            break;
+        }
+    }
+})();
+// ── End guard — safe to import CCS modules now ───────────────────────────────
+const errors_1 = require("../../errors");
+const exit_codes_1 = require("../../errors/exit-codes");
+const codex_profile_paths_1 = require("../codex-profile-paths");
+const shell_detect_1 = require("../shell-detect");
+const types_1 = require("./types");
+const VALID_SHELLS = new Set(['bash', 'zsh', 'fish', 'pwsh', 'cmd']);
+async function handleUseCodex(ctx, args) {
+    const parsed = (0, types_1.parseArgs)(args);
+    (0, types_1.rejectUnsupportedOptions)(parsed, 'ccsx auth use <name> [--shell <bash|zsh|fish|pwsh|cmd>]', {
+        shell: true,
+    });
+    const { profileName, shell: shellOverride } = parsed;
+    // All errors → stderr, empty stdout
+    if (!profileName) {
+        process.stderr.write('[X] Profile name is required.\n');
+        process.stderr.write('Usage: ccsx auth use <name> [--shell <bash|zsh|fish|pwsh|cmd>]\n');
+        process.exit(exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const nameError = (0, types_1.getProfileNameError)(profileName);
+    if (nameError) {
+        process.stderr.write(`[X] ${nameError}\n`);
+        process.exit(exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    if (shellOverride !== undefined && !VALID_SHELLS.has(shellOverride)) {
+        process.stderr.write(`[X] Unsupported --shell value: "${shellOverride}". Valid: bash, zsh, fish, pwsh, cmd\n`);
+        process.exit(exit_codes_1.ExitCode.GENERAL_ERROR);
+        return;
+    }
+    const { registry } = ctx;
+    if (!registry.hasProfile(profileName)) {
+        const available = registry.listProfiles();
+        const availableStr = available.length > 0 ? available.join(', ') : '<none>';
+        process.stderr.write(`[X] Profile not found: ${profileName}. Available: ${availableStr}\n`);
+        process.exit(exit_codes_1.ExitCode.PROFILE_ERROR);
+        return;
+    }
+    const profileDir = (0, codex_profile_paths_1.resolveCodexProfileDir)(profileName);
+    const shell = shellOverride !== undefined
+        ? shellOverride
+        : (0, shell_detect_1.detectShell)(process.env, process.platform);
+    // ── STDOUT: only export statements ──────────────────────────────────────────
+    process.stdout.write((0, shell_detect_1.formatExport)(shell, 'CODEX_HOME', profileDir) + '\n');
+    process.stdout.write((0, shell_detect_1.formatExport)(shell, 'CCS_CODEX_PROFILE', profileName) + '\n');
+    // ── STDERR: human-readable hint ─────────────────────────────────────────────
+    process.stderr.write(`[i] Codex profile "${profileName}" active in this shell. Run: codex\n`);
+    if (shell === 'cmd') {
+        process.stderr.write('[i] Note: cmd.exe cannot eval output from a subprocess natively.\n');
+        process.stderr.write('    Use PowerShell: ccsx auth use ' + profileName + ' | Invoke-Expression\n');
+    }
+    // Note: This profile applies only to native `codex`.
+    // `ccsxp` ignores CCS_CODEX_PROFILE and uses its own cliproxy pool.
+}
+exports.handleUseCodex = handleUseCodex;
+// suppress unused import warning — exitWithError is available but we use process.exit
+// for stdout purity in this command
+void errors_1.exitWithError;
+//# sourceMappingURL=use-command.js.map

package/dist/codex-auth/commands/use-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-command.js","sourceRoot":"","sources":["../../../src/codex-auth/commands/use-command.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,CAAC,SAAS,gBAAgB;IACxB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,iFAAiF;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,GAAG,CAAC;YACtC,MAAM;QACR,CAAC;IACH,CAAC;AACH,CAAC,CAAC,EAAE,CAAC;AACL,gFAAgF;AAEhF,yCAA6C;AAC7C,wDAAmD;AACnD,gEAAgE;AAChE,kDAA4D;AAC5D,mCAAmF;AAInF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAEtE,KAAK,UAAU,cAAc,CAAC,GAAwB,EAAE,IAAc;IAC3E,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC;IAC/B,IAAA,gCAAwB,EAAC,MAAM,EAAE,yDAAyD,EAAE;QAC1F,KAAK,EAAE,IAAI;KACZ,CAAC,CAAC;IAEH,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;IAErD,oCAAoC;IACpC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACzF,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2BAAmB,EAAC,WAAW,CAAC,CAAC;IACnD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,SAAS,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,aAAa,KAAK,SAAS,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mCAAmC,aAAa,wCAAwC,CACzF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;IAEzB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC5E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,WAAW,gBAAgB,YAAY,IAAI,CAAC,CAAC;QAC5F,OAAO,CAAC,IAAI,CAAC,qBAAQ,CAAC,aAAa,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,4CAAsB,EAAC,WAAW,CAAC,CAAC;IACvD,MAAM,KAAK,GACT,aAAa,KAAK,SAAS;QACzB,CAAC,CAAE,aAAuB;QAC1B,CAAC,CAAC,IAAA,0BAAW,EAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEjD,+EAA+E;IAC/E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,2BAAY,EAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;IAC3E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,2BAAY,EAAC,KAAK,EAAE,mBAAmB,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;IAEnF,+EAA+E;IAC/E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,WAAW,sCAAsC,CAAC,CAAC;IAE9F,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;QAC3F,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oCAAoC,GAAG,WAAW,GAAG,wBAAwB,CAC9E,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,oEAAoE;AACtE,CAAC;AA/DD,wCA+DC;AAED,sFAAsF;AACtF,oCAAoC;AACpC,KAAK,sBAAa,CAAC"}

package/dist/codex-auth/decode-id-token.d.ts

@@ -0,0 +1,12 @@
+import type { CodexAccountIdentity } from './types';
+/**
+ * Decode the payload of a JWT id_token without signature verification.
+ * Returns only the display-safe fields: email, plan_type, account_id.
+ * Returns {} on any parse failure — never throws.
+ *
+ * Security note: signature is NOT verified. This is purely cosmetic data
+ * for dashboard display. Auth boundary is OS file perms on auth.json.
+ */
+export declare function decodeIdToken(idToken: string): CodexAccountIdentity;
+export declare function hasStructurallyValidIdToken(idToken: string): boolean;
+//# sourceMappingURL=decode-id-token.d.ts.map

package/dist/codex-auth/decode-id-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-id-token.d.ts","sourceRoot":"","sources":["../../src/codex-auth/decode-id-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAwCpD;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,oBAAoB,CA0BnE;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAEpE"}

package/dist/codex-auth/decode-id-token.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasStructurallyValidIdToken = exports.decodeIdToken = void 0;
+// JWT claim URI for OpenAI-specific auth data (nested object).
+// Verified against real auth.json: chatgpt_plan_type and chatgpt_account_id
+// live under this key, NOT at top level.
+const OPENAI_AUTH_CLAIM = 'https://api.openai.com/auth';
+const OPENAI_PROFILE_CLAIM = 'https://api.openai.com/profile';
+const BASE64URL_SEGMENT_RE = /^[A-Za-z0-9_-]+$/;
+function base64urlDecode(str) {
+    // Convert base64url to standard base64
+    const base64 = str.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = base64.padEnd(base64.length + ((4 - (base64.length % 4)) % 4), '=');
+    return Buffer.from(padded, 'base64').toString('utf8');
+}
+function isBase64UrlSegment(str) {
+    return str.length > 0 && str.length % 4 !== 1 && BASE64URL_SEGMENT_RE.test(str);
+}
+function decodeJsonSegment(str) {
+    return JSON.parse(base64urlDecode(str));
+}
+/**
+ * Decode the payload of a JWT id_token without signature verification.
+ * Returns only the display-safe fields: email, plan_type, account_id.
+ * Returns {} on any parse failure — never throws.
+ *
+ * Security note: signature is NOT verified. This is purely cosmetic data
+ * for dashboard display. Auth boundary is OS file perms on auth.json.
+ */
+function decodeIdToken(idToken) {
+    try {
+        const payload = decodeJwtPayload(idToken);
+        if (!payload)
+            return {};
+        const authClaim = payload[OPENAI_AUTH_CLAIM];
+        const profileClaim = payload[OPENAI_PROFILE_CLAIM];
+        // Email: prefer top-level, fall back to profile claim
+        const email = payload.email ?? profileClaim?.email;
+        const result = {};
+        if (typeof email === 'string' && email.length > 0) {
+            result.email = email;
+        }
+        if (typeof authClaim?.chatgpt_plan_type === 'string') {
+            result.plan_type = authClaim.chatgpt_plan_type;
+        }
+        if (typeof authClaim?.chatgpt_account_id === 'string') {
+            result.account_id = authClaim.chatgpt_account_id;
+        }
+        return result;
+    }
+    catch {
+        return {};
+    }
+}
+exports.decodeIdToken = decodeIdToken;
+function hasStructurallyValidIdToken(idToken) {
+    return decodeJwtPayload(idToken) !== null;
+}
+exports.hasStructurallyValidIdToken = hasStructurallyValidIdToken;
+function decodeJwtPayload(idToken) {
+    try {
+        const parts = idToken.split('.');
+        if (parts.length !== 3) {
+            return null;
+        }
+        if (!parts.every((part) => isBase64UrlSegment(part))) {
+            return null;
+        }
+        const header = decodeJsonSegment(parts[0] ?? '');
+        if (!header || typeof header !== 'object' || Array.isArray(header)) {
+            return null;
+        }
+        const payload = decodeJsonSegment(parts[1] ?? '');
+        if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
+            return null;
+        }
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=decode-id-token.js.map

package/dist/codex-auth/decode-id-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode-id-token.js","sourceRoot":"","sources":["../../src/codex-auth/decode-id-token.ts"],"names":[],"mappings":";;;AAEA,+DAA+D;AAC/D,4EAA4E;AAC5E,yCAAyC;AACzC,MAAM,iBAAiB,GAAG,6BAA6B,CAAC;AACxD,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;AAC9D,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAkBhD,SAAS,eAAe,CAAC,GAAW;IAClC,uCAAuC;IACvC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,aAAa,CAAC,OAAe;IAC3C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAExB,MAAM,SAAS,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAEnD,sDAAsD;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,YAAY,EAAE,KAAK,CAAC;QAEnD,MAAM,MAAM,GAAyB,EAAE,CAAC;QACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,CAAC;QACD,IAAI,OAAO,SAAS,EAAE,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC,iBAAiB,CAAC;QACjD,CAAC;QACD,IAAI,OAAO,SAAS,EAAE,kBAAkB,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC,kBAAkB,CAAC;QACnD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AA1BD,sCA0BC;AAED,SAAgB,2BAA2B,CAAC,OAAe;IACzD,OAAO,gBAAgB,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;AAC5C,CAAC;AAFD,kEAEC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,OAAqB,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/codex-auth/index.d.ts

@@ -0,0 +1,9 @@
+export { CodexProfileRegistry } from './codex-profile-registry';
+export { getCodexAuthRegistryPath, getCodexInstancesDir, resolveCodexProfileDir, getSharedCodexConfigPath, } from './codex-profile-paths';
+export { ensureSharedConfigSymlink } from './codex-config-symlink';
+export { ensureCodexProfileResources, SHARED_CODEX_RESOURCE_DIRS } from './codex-profile-resources';
+export { decodeAccountIdentity } from './codex-account-identity';
+export { decodeIdToken } from './decode-id-token';
+export type { CodexProfileMetadata, CodexProfileData, CodexAccountIdentity } from './types';
+export { CODEX_PROFILE_SCHEMA_VERSION } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/codex-auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/codex-auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AACpG,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAC5F,OAAO,EAAE,4BAA4B,EAAE,MAAM,SAAS,CAAC"}

package/dist/codex-auth/index.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CODEX_PROFILE_SCHEMA_VERSION = exports.decodeIdToken = exports.decodeAccountIdentity = exports.SHARED_CODEX_RESOURCE_DIRS = exports.ensureCodexProfileResources = exports.ensureSharedConfigSymlink = exports.getSharedCodexConfigPath = exports.resolveCodexProfileDir = exports.getCodexInstancesDir = exports.getCodexAuthRegistryPath = exports.CodexProfileRegistry = void 0;
+var codex_profile_registry_1 = require("./codex-profile-registry");
+Object.defineProperty(exports, "CodexProfileRegistry", { enumerable: true, get: function () { return codex_profile_registry_1.CodexProfileRegistry; } });
+var codex_profile_paths_1 = require("./codex-profile-paths");
+Object.defineProperty(exports, "getCodexAuthRegistryPath", { enumerable: true, get: function () { return codex_profile_paths_1.getCodexAuthRegistryPath; } });
+Object.defineProperty(exports, "getCodexInstancesDir", { enumerable: true, get: function () { return codex_profile_paths_1.getCodexInstancesDir; } });
+Object.defineProperty(exports, "resolveCodexProfileDir", { enumerable: true, get: function () { return codex_profile_paths_1.resolveCodexProfileDir; } });
+Object.defineProperty(exports, "getSharedCodexConfigPath", { enumerable: true, get: function () { return codex_profile_paths_1.getSharedCodexConfigPath; } });
+var codex_config_symlink_1 = require("./codex-config-symlink");
+Object.defineProperty(exports, "ensureSharedConfigSymlink", { enumerable: true, get: function () { return codex_config_symlink_1.ensureSharedConfigSymlink; } });
+var codex_profile_resources_1 = require("./codex-profile-resources");
+Object.defineProperty(exports, "ensureCodexProfileResources", { enumerable: true, get: function () { return codex_profile_resources_1.ensureCodexProfileResources; } });
+Object.defineProperty(exports, "SHARED_CODEX_RESOURCE_DIRS", { enumerable: true, get: function () { return codex_profile_resources_1.SHARED_CODEX_RESOURCE_DIRS; } });
+var codex_account_identity_1 = require("./codex-account-identity");
+Object.defineProperty(exports, "decodeAccountIdentity", { enumerable: true, get: function () { return codex_account_identity_1.decodeAccountIdentity; } });
+var decode_id_token_1 = require("./decode-id-token");
+Object.defineProperty(exports, "decodeIdToken", { enumerable: true, get: function () { return decode_id_token_1.decodeIdToken; } });
+var types_1 = require("./types");
+Object.defineProperty(exports, "CODEX_PROFILE_SCHEMA_VERSION", { enumerable: true, get: function () { return types_1.CODEX_PROFILE_SCHEMA_VERSION; } });
+//# sourceMappingURL=index.js.map

package/dist/codex-auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/codex-auth/index.ts"],"names":[],"mappings":";;;AAAA,mEAAgE;AAAvD,8HAAA,oBAAoB,OAAA;AAC7B,6DAK+B;AAJ7B,+HAAA,wBAAwB,OAAA;AACxB,2HAAA,oBAAoB,OAAA;AACpB,6HAAA,sBAAsB,OAAA;AACtB,+HAAA,wBAAwB,OAAA;AAE1B,+DAAmE;AAA1D,iIAAA,yBAAyB,OAAA;AAClC,qEAAoG;AAA3F,sIAAA,2BAA2B,OAAA;AAAE,qIAAA,0BAA0B,OAAA;AAChE,mEAAiE;AAAxD,+HAAA,qBAAqB,OAAA;AAC9B,qDAAkD;AAAzC,gHAAA,aAAa,OAAA;AAEtB,iCAAuD;AAA9C,qHAAA,4BAA4B,OAAA"}

package/dist/codex-auth/resolve-active-profile.d.ts

@@ -0,0 +1,13 @@
+/// <reference types="node" />
+/// <reference types="bun-types" />
+export interface ResolvedProfile {
+    name: string;
+    dir: string;
+    source: 'env' | 'default';
+}
+export declare class CodexAuthProfileResolutionError extends Error {
+    constructor(message: string);
+}
+/** @param env - Process env map; defaults to process.env. Injectable for tests. */
+export declare function resolveActiveProfile(env?: NodeJS.ProcessEnv): ResolvedProfile | null;
+//# sourceMappingURL=resolve-active-profile.d.ts.map