@mostok/codexes 0.2.0 → 0.3.2

package/dist/cli.js

@@ -70,14 +70,20 @@ async function resolveWrapperConfig(input) {
     input.paths.codexConfigFile,
     input.logger
   );
+  const selectionStrategy = resolveAccountSelectionStrategy(input.env, input.logger);
   const resolved = {
     configFilePath: input.paths.wrapperConfigFile,
     codexConfigFilePath: input.paths.codexConfigFile,
     selectionCacheFilePath: input.paths.selectionCacheFile,
     credentialStoreMode,
     credentialStorePolicyReason: credentialStoreMode === "file" ? "file mode detected in Codex config" : "codexes currently supports only file-backed auth storage",
-    accountSelectionStrategy: resolveAccountSelectionStrategy(input.env),
-    experimentalSelection: resolveExperimentalSelectionConfig(input.env, input.logger)
+    accountSelectionStrategy: selectionStrategy.strategy,
+    accountSelectionStrategySource: selectionStrategy.source,
+    experimentalSelection: resolveExperimentalSelectionConfig({
+      env: input.env,
+      logger: input.logger,
+      strategy: selectionStrategy.strategy
+    })
   };
   input.logger.info("wrapper_config.resolved", {
     configFilePath: resolved.configFilePath,
@@ -85,28 +91,29 @@ async function resolveWrapperConfig(input) {
     selectionCacheFilePath: resolved.selectionCacheFilePath,
     credentialStoreMode: resolved.credentialStoreMode,
     accountSelectionStrategy: resolved.accountSelectionStrategy,
+    accountSelectionStrategySource: resolved.accountSelectionStrategySource,
     experimentalSelection: resolved.experimentalSelection
   });
   return resolved;
 }
-function resolveExperimentalSelectionConfig(env, logger) {
+function resolveExperimentalSelectionConfig(input) {
   const probeTimeoutMs = resolvePositiveIntegerEnv({
     defaultValue: DEFAULT_EXPERIMENTAL_PROBE_TIMEOUT_MS,
-    env,
+    env: input.env,
     envKey: "CODEXES_EXPERIMENTAL_SELECTION_TIMEOUT_MS",
-    logger
+    logger: input.logger
   });
   const cacheTtlMs = resolvePositiveIntegerEnv({
     defaultValue: DEFAULT_EXPERIMENTAL_CACHE_TTL_MS,
-    env,
+    env: input.env,
     envKey: "CODEXES_EXPERIMENTAL_SELECTION_CACHE_TTL_MS",
-    logger
+    logger: input.logger
   });
   const useAccountIdHeader = resolveBooleanEnv(
-    env.CODEXES_EXPERIMENTAL_SELECTION_USE_ACCOUNT_ID_HEADER
+    input.env.CODEXES_EXPERIMENTAL_SELECTION_USE_ACCOUNT_ID_HEADER
   );
-  const enabled = resolveAccountSelectionStrategy(env) === "remaining-limit-experimental";
-  logger.debug("wrapper_config.experimental_selection_resolved", {
+  const enabled = input.strategy === "remaining-limit" || input.strategy === "remaining-limit-experimental";
+  input.logger.debug("wrapper_config.experimental_selection_resolved", {
     enabled,
     probeTimeoutMs,
     cacheTtlMs,
@@ -119,18 +126,59 @@ function resolveExperimentalSelectionConfig(env, logger) {
     useAccountIdHeader
   };
 }
-function resolveAccountSelectionStrategy(env) {
-  switch (env.CODEXES_ACCOUNT_SELECTION_STRATEGY?.trim().toLowerCase()) {
+function resolveAccountSelectionStrategy(env, logger) {
+  const rawOverride = env.CODEXES_ACCOUNT_SELECTION_STRATEGY?.trim().toLowerCase();
+  switch (rawOverride) {
     case "single-account":
-      return "single-account";
+      logger.info("wrapper_config.selection_strategy_override_applied", {
+        envKey: "CODEXES_ACCOUNT_SELECTION_STRATEGY",
+        requestedStrategy: rawOverride,
+        resolvedStrategy: "single-account"
+      });
+      return {
+        source: "env-override",
+        strategy: "single-account"
+      };
+    case "remaining-limit":
     case "remaining-limit-experimental":
-      return "remaining-limit-experimental";
-    case "manual-default":
+      logger.info("wrapper_config.selection_strategy_override_applied", {
+        envKey: "CODEXES_ACCOUNT_SELECTION_STRATEGY",
+        requestedStrategy: rawOverride,
+        resolvedStrategy: "remaining-limit"
+      });
+      return {
+        source: "env-override",
+        strategy: "remaining-limit"
+      };
     case void 0:
     case "":
-      return "manual-default";
+      logger.info("wrapper_config.selection_strategy_default_applied", {
+        defaultStrategy: "remaining-limit"
+      });
+      return {
+        source: "default",
+        strategy: "remaining-limit"
+      };
+    case "manual-default":
+      logger.info("wrapper_config.selection_strategy_override_applied", {
+        envKey: "CODEXES_ACCOUNT_SELECTION_STRATEGY",
+        requestedStrategy: rawOverride,
+        resolvedStrategy: "manual-default"
+      });
+      return {
+        source: "env-override",
+        strategy: "manual-default"
+      };
     default:
-      return "manual-default";
+      logger.warn("wrapper_config.selection_strategy_invalid_override", {
+        envKey: "CODEXES_ACCOUNT_SELECTION_STRATEGY",
+        rawValue: rawOverride,
+        fallbackStrategy: "remaining-limit"
+      });
+      return {
+        source: "invalid-env-fallback",
+        strategy: "remaining-limit"
+      };
   }
 }
 async function detectCredentialStoreMode(configFile, logger) {
@@ -907,6 +955,9 @@ async function buildAppContext(argv, io) {
       stdout: io.stdout,
       stderr: io.stderr
     },
+    output: {
+      stdoutIsTTY: io.stdout.isTTY === true
+    },
     logging: {
       level: logLevel,
       sink
@@ -1664,1560 +1715,2148 @@ function buildLoginFailureMessage(loginResult) {
 `;
 }
 
-// src/accounts/account-resolution.ts
-import { readFile as readFile6 } from "node:fs/promises";
-import path9 from "node:path";
-function resolveAccountBySelector(input) {
-  const normalizedSelector = input.selector.trim();
-  const matches = input.accounts.filter(
-    (account) => account.id === normalizedSelector || account.label.toLowerCase() === normalizedSelector.toLowerCase()
-  );
-  input.logger.debug("account_resolution.lookup", {
-    selector: normalizedSelector,
-    accountCount: input.accounts.length,
-    matchCount: matches.length,
-    matchedAccountIds: matches.map((account) => account.id)
+// src/selection/format-selection-summary.ts
+function formatSelectionSummary(input) {
+  const renderMode = input.capabilities.useColor ? "color" : "plain";
+  input.logger.debug("selection.format_summary.start", {
+    mode: input.summary.mode,
+    strategy: input.summary.strategy,
+    entryCount: input.summary.entries.length,
+    stdoutIsTTY: input.capabilities.stdoutIsTTY,
+    useColor: input.capabilities.useColor,
+    renderMode,
+    fallbackReason: input.summary.fallbackReason,
+    selectedAccountId: input.summary.selectedAccount?.id ?? null,
+    executionBlockedReason: input.summary.executionBlockedReason
   });
-  if (matches.length === 0) {
-    throw new Error(`No account matches "${normalizedSelector}".`);
-  }
-  if (matches.length > 1) {
-    throw new Error(
-      `Selector "${normalizedSelector}" matched multiple accounts; use the account id instead.`
+  const lines = [
+    "Account selection summary:",
+    ...input.summary.entries.map(
+      (entry) => formatSelectionEntry(entry, input.capabilities)
+    )
+  ];
+  if (input.summary.selectedAccount && input.summary.selectedBy) {
+    lines.push(
+      `Selected account: ${input.summary.selectedAccount.label} (${input.summary.selectedAccount.id}) via ${describeSelectionMode(input.summary)}.`
     );
+  } else {
+    lines.push("Selected account: unavailable for execution.");
+  }
+  if (input.summary.fallbackReason) {
+    lines.push(`Fallback: ${describeFallback(input.summary.fallbackReason)}.`);
+  }
+  if (input.summary.executionBlockedReason) {
+    lines.push(`Execution note: ${input.summary.executionBlockedReason}`);
+  }
+  input.logger.debug("selection.format_summary.complete", {
+    mode: input.summary.mode,
+    strategy: input.summary.strategy,
+    renderMode,
+    lineCount: lines.length,
+    fallbackIncluded: input.summary.fallbackReason !== null,
+    selectedAccountId: input.summary.selectedAccount?.id ?? null,
+    executionBlockedReason: input.summary.executionBlockedReason
+  });
+  return `${lines.join("\n")}
+`;
+}
+function formatSelectionEntry(entry, capabilities) {
+  const tags = [
+    entry.isSelected ? "selected" : null,
+    entry.isDefault ? "default" : null,
+    entry.rankingPosition !== null ? `rank #${entry.rankingPosition}` : null
+  ].filter((value) => value !== null).join(", ");
+  const status = entry.snapshot?.status ?? (entry.failureCategory ? "probe-failed" : "not-probed");
+  const detail = entry.failureMessage ?? entry.snapshot?.statusReason ?? "usage probing was not required for this strategy";
+  return [
+    "-",
+    `${entry.account.label} (${entry.account.id})`,
+    tags ? colorize(capabilities, "tag", `[${tags}]`) : null,
+    colorize(capabilities, mapStatusTone(status), `status=${status}`),
+    formatWindowMetric(capabilities, "5h", entry.snapshot?.dailyRemaining ?? null),
+    formatWindowMetric(capabilities, "weekly", entry.snapshot?.weeklyRemaining ?? null),
+    entry.snapshot?.plan ? `${colorize(capabilities, "plan", "plan")}=${colorize(capabilities, "planValue", entry.snapshot.plan)}` : null,
+    colorize(capabilities, "source", `source=${entry.source}`),
+    `detail=${describeDetailMarker(entry, detail)}`
+  ].filter((value) => value !== null).join(" ");
+}
+function formatPercent(value) {
+  return value === null ? "unknown" : `${trimTrailingZeroes(value)}%`;
+}
+function formatWindowMetric(capabilities, label, value) {
+  const renderedPercent = colorize(
+    capabilities,
+    mapRemainingTone(value),
+    formatPercent(value)
+  );
+  return `${colorize(capabilities, "windowLabel", label)}=${renderedPercent}`;
+}
+function describeSelectionMode(summary) {
+  if (summary.selectedBy === null) {
+    return "no execution selection";
   }
-  const [match] = matches;
-  if (!match) {
-    throw new Error(`No account matches "${normalizedSelector}".`);
+  switch (summary.selectedBy) {
+    case "experimental-ranked":
+      return "remaining-limit";
+    case "single-account":
+      return "single-account";
+    case "manual-default":
+      return "manual-default";
+    case "manual-default-fallback-single":
+      return summary.fallbackReason ? "manual-default fallback because only one account was available" : "manual-default because only one account is configured";
   }
-  return match;
 }
-async function buildAccountPresentations(input) {
-  const presentations = [];
-  for (const account of input.accounts) {
-    presentations.push({
-      account,
-      ...await readAccountMetadataSummary(account, input.logger)
-    });
+function describeFallback(reason) {
+  switch (reason) {
+    case "experimental-config-missing":
+      return "remaining-limit probing was unavailable, so codexes fell back to manual-default";
+    case "all-probes-failed":
+      return "every account probe failed, so codexes could not establish a reliable execution winner";
+    case "mixed-probe-outcomes":
+      return "some account probes failed, so codexes could not establish a reliable execution winner";
+    case "all-accounts-exhausted":
+      return "all probed accounts were exhausted, so codexes could not establish a reliable execution winner";
+    case "ambiguous-usage":
+      return "the usage data was incomplete or ambiguous, so codexes could not establish a reliable execution winner";
+    case null:
+      return "no fallback was required";
+  }
+}
+function describeDetailMarker(entry, detail) {
+  if (entry.failureCategory === "timeout") {
+    return "probe-timeout";
+  }
+  if (entry.failureCategory === "http-error") {
+    return "http-error";
   }
-  return presentations;
+  if (entry.failureCategory === "auth-missing") {
+    return "auth-missing";
+  }
+  if (entry.failureCategory === "invalid-response") {
+    return "invalid-response";
+  }
+  switch (entry.snapshot?.status) {
+    case "usable":
+      return "rankable";
+    case "limit-reached":
+      return "exhausted";
+    case "not-allowed":
+      return "blocked";
+    case "missing-usage-data":
+      return "incomplete";
+    default:
+      return detail.includes("not required") ? "not-probed" : "diagnostic";
+  }
+}
+function mapStatusTone(status) {
+  switch (status) {
+    case "usable":
+      return "success";
+    case "limit-reached":
+      return "warning";
+    case "probe-failed":
+    case "not-allowed":
+      return "error";
+    default:
+      return "muted";
+  }
+}
+function colorize(capabilities, tone, value) {
+  if (!capabilities.useColor) {
+    return value;
+  }
+  const open = ANSI_CODES[tone];
+  return `${open}${value}${ANSI_RESET}`;
+}
+function mapRemainingTone(value) {
+  if (value === null) {
+    return "muted";
+  }
+  if (value <= 20) {
+    return "error";
+  }
+  if (value <= 50) {
+    return "warning";
+  }
+  return "success";
 }
-async function readAccountMetadataSummary(account, logger) {
-  const metadataFile = path9.join(account.authDirectory, "account.json");
+function trimTrailingZeroes(value) {
+  return value.toFixed(2).replace(/\.00$/, "").replace(/(\.\d)0$/, "$1");
+}
+var ANSI_RESET = "\x1B[0m";
+var ANSI_CODES = {
+  source: "\x1B[36m",
+  success: "\x1B[32m",
+  muted: "\x1B[90m",
+  warning: "\x1B[33m",
+  error: "\x1B[31m",
+  tag: "\x1B[1m",
+  windowLabel: "\x1B[94m",
+  plan: "\x1B[95m",
+  planValue: "\x1B[1;95m"
+};
+
+// src/selection/account-auth-state.ts
+import { readFile as readFile6 } from "node:fs/promises";
+import path9 from "node:path";
+async function readAccountAuthState(input) {
+  const filePath = path9.join(input.account.authDirectory, "state", "auth.json");
+  input.logger.debug("selection.account_auth_state.read_start", {
+    accountId: input.account.id,
+    label: input.account.label,
+    filePath
+  });
   try {
-    const raw = await readFile6(metadataFile, "utf8");
+    const raw = await readFile6(filePath, "utf8");
     const parsed = JSON.parse(raw);
-    const summary = {
-      authAccountId: typeof parsed.authAccountId === "string" ? parsed.authAccountId : null,
-      authMode: typeof parsed.authMode === "string" ? parsed.authMode : null
+    if (!isRecord(parsed)) {
+      input.logger.warn("selection.account_auth_state.unsupported_shape", {
+        accountId: input.account.id,
+        label: input.account.label,
+        filePath,
+        topLevelType: typeof parsed
+      });
+      return {
+        ok: false,
+        category: "unsupported-auth-shape",
+        filePath,
+        message: "auth.json is not a JSON object."
+      };
+    }
+    const accessToken = resolveString(
+      parsed.access_token,
+      getNestedString(parsed, ["tokens", "access_token"]),
+      getNestedString(parsed, ["tokens", "accessToken"])
+    );
+    if (!accessToken) {
+      input.logger.warn("selection.account_auth_state.access_token_missing", {
+        accountId: input.account.id,
+        label: input.account.label,
+        filePath,
+        hasTokensObject: isRecord(parsed.tokens)
+      });
+      return {
+        ok: false,
+        category: "missing-access-token",
+        filePath,
+        message: "auth.json does not contain an access_token."
+      };
+    }
+    const result = {
+      ok: true,
+      filePath,
+      state: {
+        accessToken,
+        accountId: resolveString(
+          parsed.account_id,
+          parsed.accountId,
+          getNestedString(parsed, ["tokens", "account_id"]),
+          getNestedString(parsed, ["tokens", "accountId"])
+        ),
+        authMode: resolveString(
+          parsed.auth_mode,
+          parsed.authMode,
+          getNestedString(parsed, ["tokens", "auth_mode"]),
+          getNestedString(parsed, ["tokens", "authMode"])
+        ),
+        lastRefresh: resolveString(
+          parsed.last_refresh,
+          parsed.lastRefresh,
+          parsed.refresh_at,
+          parsed.refreshAt
+        )
+      }
     };
-    logger.debug("account_resolution.metadata_loaded", {
-      accountId: account.id,
-      metadataFile,
-      authAccountId: summary.authAccountId,
-      authMode: summary.authMode
+    input.logger.debug("selection.account_auth_state.read_complete", {
+      accountId: input.account.id,
+      label: input.account.label,
+      filePath,
+      hasAccessToken: true,
+      authAccountId: result.state.accountId,
+      authMode: result.state.authMode,
+      hasRefreshMetadata: result.state.lastRefresh !== null
     });
-    return summary;
+    return result;
   } catch (error) {
-    if (typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT") {
-      logger.debug("account_resolution.metadata_missing", {
-        accountId: account.id,
-        metadataFile
+    if (isNodeErrorWithCode(error, "ENOENT")) {
+      input.logger.warn("selection.account_auth_state.missing_file", {
+        accountId: input.account.id,
+        label: input.account.label,
+        filePath
+      });
+      return {
+        ok: false,
+        category: "missing-file",
+        filePath,
+        message: "auth.json was not found for the account profile."
+      };
+    }
+    if (error instanceof SyntaxError) {
+      input.logger.warn("selection.account_auth_state.malformed_json", {
+        accountId: input.account.id,
+        label: input.account.label,
+        filePath,
+        message: error.message
       });
-      return { authAccountId: null, authMode: null };
+      return {
+        ok: false,
+        category: "malformed-json",
+        filePath,
+        message: error.message
+      };
     }
-    logger.warn("account_resolution.metadata_failed", {
-      accountId: account.id,
-      metadataFile,
+    input.logger.warn("selection.account_auth_state.unsupported_shape", {
+      accountId: input.account.id,
+      label: input.account.label,
+      filePath,
       message: error instanceof Error ? error.message : String(error)
     });
-    return { authAccountId: null, authMode: null };
+    return {
+      ok: false,
+      category: "unsupported-auth-shape",
+      filePath,
+      message: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+function getNestedString(value, pathParts) {
+  let current = value;
+  for (const part of pathParts) {
+    if (!isRecord(current) || typeof current[part] === "undefined") {
+      return null;
+    }
+    current = current[part];
+  }
+  return typeof current === "string" && current.trim().length > 0 ? current : null;
+}
+function resolveString(...values) {
+  for (const value of values) {
+    if (typeof value === "string" && value.trim().length > 0) {
+      return value;
+    }
   }
+  return null;
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function isNodeErrorWithCode(error, code) {
+  return typeof error === "object" && error !== null && "code" in error && error.code === code;
 }
 
-// src/commands/account-list/run-account-list-command.ts
-async function runAccountListCommand(context) {
-  const logger = createLogger({
-    level: context.logging.level,
-    name: "account_list",
-    sink: context.logging.sink
+// src/selection/usage-normalize.ts
+function normalizeWhamUsageResponse(input) {
+  const payloadShape = resolvePayloadShape(input.raw);
+  const dailyWindow = resolveUsageWindow(input.raw, "daily");
+  const weeklyWindow = resolveUsageWindow(input.raw, "weekly");
+  input.logger.debug("selection.usage_normalize.start", {
+    accountIdHint: input.accountIdHint ?? null,
+    payloadShape,
+    hasPrimaryWindow: dailyWindow.source === "rate_limit.primary_window",
+    hasSecondaryWindow: weeklyWindow.source === "rate_limit.secondary_window",
+    topLevelKeys: Object.keys(input.raw).sort()
   });
-  const registry = createAccountRegistry({
-    accountRoot: context.paths.accountRoot,
-    logger,
-    registryFile: context.paths.registryFile
+  const daily = normalizeUsageWindow({
+    accountIdHint: input.accountIdHint,
+    logger: input.logger,
+    raw: dailyWindow.raw,
+    source: dailyWindow.source,
+    window: "daily"
   });
-  const [accounts, defaultAccount] = await Promise.all([
-    registry.listAccounts(),
-    registry.getDefaultAccount()
-  ]);
-  logger.info("command.start", {
-    accountCount: accounts.length,
-    defaultAccountId: defaultAccount?.id ?? null
+  const weekly = normalizeUsageWindow({
+    accountIdHint: input.accountIdHint,
+    logger: input.logger,
+    raw: weeklyWindow.raw,
+    source: weeklyWindow.source,
+    window: "weekly"
   });
-  if (accounts.length === 0) {
-    context.io.stdout.write(
-      [
-        "No accounts configured.",
-        "Add one with: codexes account add <label>"
-      ].join("\n") + "\n"
-    );
-    logger.info("command.empty");
-    return 0;
-  }
-  const presentations = await buildAccountPresentations({ accounts, logger });
-  const lines = presentations.map(({ account, authAccountId, authMode }) => {
-    const markers = [
-      defaultAccount?.id === account.id ? "default" : null,
-      authMode ? `auth=${authMode}` : null,
-      authAccountId ? `authAccountId=${authAccountId}` : null
-    ].filter((value) => Boolean(value)).join(", ");
-    return `${defaultAccount?.id === account.id ? "*" : " "} ${account.label} (${account.id})${markers ? ` [${markers}]` : ""}`;
-  });
-  context.io.stdout.write(`${lines.join("\n")}
-`);
-  logger.info("command.complete", {
-    accountIds: presentations.map(({ account }) => account.id)
-  });
-  return 0;
-}
-
-// src/commands/account-remove/run-account-remove-command.ts
-import { rm as rm3 } from "node:fs/promises";
-async function runAccountRemoveCommand(context, argv) {
-  const logger = createLogger({
-    level: context.logging.level,
-    name: "account_remove",
-    sink: context.logging.sink
-  });
-  if (argv.includes("--help")) {
-    context.io.stdout.write(`${buildAccountRemoveHelpText()}
-`);
-    logger.info("help.rendered");
-    return 0;
-  }
-  const selector = argv[0]?.trim();
-  if (!selector || argv.length > 1) {
-    throw new Error(buildAccountRemoveHelpText());
-  }
-  const registry = createAccountRegistry({
-    accountRoot: context.paths.accountRoot,
-    logger,
-    registryFile: context.paths.registryFile
-  });
-  const accounts = await registry.listAccounts();
-  if (accounts.length === 0) {
-    context.io.stdout.write("No accounts configured.\n");
-    logger.info("command.empty");
-    return 0;
-  }
-  const account = resolveAccountBySelector({ accounts, logger, selector });
-  logger.info("command.start", {
-    requestedSelector: selector,
-    resolvedAccountId: account.id,
-    label: account.label
-  });
-  await registry.removeAccount(account.id);
-  await rm3(account.authDirectory, { force: true, recursive: true });
-  context.io.stdout.write(`Removed account "${account.label}" (${account.id}).
-`);
-  logger.info("command.complete", {
-    requestedSelector: selector,
-    resolvedAccountId: account.id
-  });
-  return 0;
-}
-function buildAccountRemoveHelpText() {
-  return [
-    "Usage:",
-    "  codexes account remove <account-id-or-label>"
-  ].join("\n");
-}
-
-// src/commands/account-use/run-account-use-command.ts
-async function runAccountUseCommand(context, argv) {
-  const logger = createLogger({
-    level: context.logging.level,
-    name: "account_use",
-    sink: context.logging.sink
-  });
-  if (argv.includes("--help")) {
-    context.io.stdout.write(`${buildAccountUseHelpText()}
-`);
-    logger.info("help.rendered");
-    return 0;
-  }
-  const registry = createAccountRegistry({
-    accountRoot: context.paths.accountRoot,
-    logger,
-    registryFile: context.paths.registryFile
-  });
-  const accounts = await registry.listAccounts();
-  if (accounts.length === 0) {
-    context.io.stdout.write(
-      [
-        "No accounts configured.",
-        "Add one with: codexes account add <label>"
-      ].join("\n") + "\n"
-    );
-    logger.info("command.empty");
-    return 0;
-  }
-  const selector = argv[0]?.trim() ?? null;
-  if (argv.length > 1) {
-    throw new Error(buildAccountUseHelpText());
-  }
-  let targetAccount = null;
-  if (!selector) {
-    if (accounts.length === 1) {
-      const [singleAccount] = accounts;
-      if (!singleAccount) {
-        throw new Error("No accounts configured.");
-      }
-      targetAccount = singleAccount;
-      logger.info("command.single_account_default", {
-        resolvedAccountId: targetAccount.id,
-        label: targetAccount.label
-      });
-    } else {
-      throw new Error(
-        "Multiple accounts exist. Specify which one to use: codexes account use <account-id-or-label>"
-      );
-    }
-  } else {
-    targetAccount = resolveAccountBySelector({ accounts, logger, selector });
-  }
-  if (!targetAccount) {
-    throw new Error("Could not resolve the account to use.");
-  }
-  logger.info("command.start", {
-    requestedSelector: selector,
-    resolvedAccountId: targetAccount.id,
-    label: targetAccount.label
-  });
-  const selectedAccount = await registry.selectAccount(targetAccount.id);
-  context.io.stdout.write(
-    `Using account "${selectedAccount.label}" (${selectedAccount.id}) as the default.
-`
-  );
-  logger.info("command.complete", {
-    requestedSelector: selector,
-    resolvedAccountId: selectedAccount.id
-  });
-  return 0;
-}
-function buildAccountUseHelpText() {
-  return [
-    "Usage:",
-    "  codexes account use <account-id-or-label>",
-    "  codexes account use",
-    "",
-    "When only one account exists, `codexes account use` selects it automatically."
-  ].join("\n");
-}
-
-// src/runtime/lock/runtime-lock.ts
-import os3 from "node:os";
-import path10 from "node:path";
-import { mkdir as mkdir6, readFile as readFile7, rm as rm4, stat as stat5, writeFile as writeFile5 } from "node:fs/promises";
-var DEFAULT_WAIT_TIMEOUT_MS = 15e3;
-var DEFAULT_STALE_LOCK_MS = 5 * 60 * 1e3;
-var DEFAULT_POLL_INTERVAL_MS = 250;
-async function acquireRuntimeLock(input) {
-  const lockRoot = path10.join(input.runtimeRoot, "lock");
-  const ownerFile = path10.join(lockRoot, "owner.json");
-  const waitTimeoutMs = input.waitTimeoutMs ?? DEFAULT_WAIT_TIMEOUT_MS;
-  const staleLockMs = input.staleLockMs ?? DEFAULT_STALE_LOCK_MS;
-  const pollIntervalMs = input.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
-  const startedAt = Date.now();
-  input.logger.info("runtime_lock.acquire.start", {
-    lockRoot,
-    waitTimeoutMs,
-    staleLockMs,
-    pollIntervalMs
-  });
-  while (true) {
-    try {
-      await mkdir6(lockRoot);
-      const owner = {
-        pid: process.pid,
-        host: os3.hostname(),
-        createdAt: (/* @__PURE__ */ new Date()).toISOString()
-      };
-      await writeFile5(ownerFile, JSON.stringify(owner, null, 2), "utf8");
-      input.logger.info("runtime_lock.acquire.complete", {
-        lockRoot,
-        waitedMs: Date.now() - startedAt,
-        owner
-      });
-      return {
-        async release() {
-          input.logger.info("runtime_lock.release.start", { lockRoot });
-          await rm4(lockRoot, { force: true, recursive: true }).catch(() => void 0);
-          input.logger.info("runtime_lock.release.complete", { lockRoot });
-        }
-      };
-    } catch (error) {
-      if (!isAlreadyExistsError(error)) {
-        input.logger.error("runtime_lock.acquire.failed", {
-          lockRoot,
-          message: error instanceof Error ? error.message : String(error)
-        });
-        throw error;
-      }
-    }
-    const lockAgeMs = await readLockAgeMs(lockRoot, ownerFile);
-    if (lockAgeMs !== null && lockAgeMs > staleLockMs) {
-      input.logger.warn("runtime_lock.stale_detected", {
-        lockRoot,
-        lockAgeMs
-      });
-      await rm4(lockRoot, { force: true, recursive: true }).catch(() => void 0);
-      continue;
-    }
-    const waitedMs = Date.now() - startedAt;
-    input.logger.debug("runtime_lock.acquire.waiting", {
-      lockRoot,
-      waitedMs,
-      lockAgeMs
-    });
-    if (waitedMs >= waitTimeoutMs) {
-      input.logger.error("runtime_lock.acquire.timeout", {
-        lockRoot,
-        waitedMs,
-        lockAgeMs
-      });
-      throw new Error(
-        `Timed out waiting for the shared runtime lock after ${waitTimeoutMs}ms.`
-      );
-    }
-    await sleep(pollIntervalMs);
-  }
-}
-async function readLockAgeMs(lockRoot, ownerFile) {
-  const ownerContents = await readFile7(ownerFile, "utf8").catch(() => null);
-  if (ownerContents) {
-    const parsed = JSON.parse(ownerContents);
-    if (typeof parsed.createdAt === "string") {
-      return Date.now() - new Date(parsed.createdAt).getTime();
-    }
-  }
-  const lockStats = await stat5(lockRoot).catch(() => null);
-  return lockStats ? Date.now() - lockStats.mtimeMs : null;
-}
-function isAlreadyExistsError(error) {
-  return typeof error === "object" && error !== null && "code" in error && error.code === "EEXIST";
-}
-function sleep(durationMs) {
-  return new Promise((resolve) => {
-    setTimeout(resolve, durationMs);
-  });
-}
-
-// src/runtime/activate-account/activate-account.ts
-import { copyFile as copyFile3, cp as cp3, mkdir as mkdir7, readFile as readFile8, rm as rm5, stat as stat6 } from "node:fs/promises";
-import path11 from "node:path";
-import { createHash } from "node:crypto";
-async function activateAccountIntoSharedRuntime(input) {
-  const runtimePaths = resolveAccountRuntimePaths(input.runtimeContract, input.account.id);
-  const accountStateRoot = runtimePaths.accountStateDirectory;
-  const backupRoot = path11.join(runtimePaths.runtimeBackupDirectory, "active");
-  input.logger.info("account_activation.start", {
-    accountId: input.account.id,
-    label: input.account.label,
-    accountStateRoot,
-    sharedCodexHome: input.sharedCodexHome,
-    backupRoot
-  });
-  await rm5(backupRoot, { force: true, recursive: true }).catch(() => void 0);
-  await mkdir7(backupRoot, { recursive: true });
-  const accountRules = input.runtimeContract.fileRules.filter(
-    (rule) => rule.classification === "account"
-  );
-  const authSourcePath = path11.join(accountStateRoot, "auth.json");
-  if (!await pathExists4(authSourcePath)) {
-    input.logger.error("account_activation.missing_auth", {
-      accountId: input.account.id,
-      authSourcePath
-    });
-    throw new Error(
-      `Account "${input.account.label}" has no stored auth.json; add the account again.`
-    );
-  }
-  try {
-    for (const rule of accountRules) {
-      await backupRuntimeArtifact({
-        backupRoot,
-        logger: input.logger,
-        rule,
-        sharedCodexHome: input.sharedCodexHome
-      });
-      await replaceRuntimeArtifact({
-        accountStateRoot,
-        logger: input.logger,
-        rule,
-        sharedCodexHome: input.sharedCodexHome
-      });
-    }
-  } catch (error) {
-    input.logger.error("account_activation.failed", {
-      accountId: input.account.id,
-      message: error instanceof Error ? error.message : String(error)
-    });
-    await restoreSharedRuntimeFromBackup({
-      account: input.account,
-      backupRoot,
-      logger: input.logger,
-      runtimeContract: input.runtimeContract,
-      sharedCodexHome: input.sharedCodexHome
-    });
-    throw error;
-  }
-  input.logger.info("account_activation.complete", {
-    accountId: input.account.id,
-    sharedCodexHome: input.sharedCodexHome
-  });
-  return {
-    account: input.account,
-    backupRoot,
-    runtimeContract: input.runtimeContract,
-    sharedCodexHome: input.sharedCodexHome,
-    sourceAccountStateRoot: accountStateRoot
-  };
-}
-async function syncSharedRuntimeBackToAccount(input) {
-  const accountRules = input.session.runtimeContract.fileRules.filter(
-    (rule) => rule.classification === "account"
-  );
-  input.logger.info("account_sync.start", {
-    accountId: input.session.account.id,
-    sharedCodexHome: input.session.sharedCodexHome,
-    accountStateRoot: input.session.sourceAccountStateRoot
-  });
-  for (const rule of accountRules) {
-    await syncRuntimeArtifact({
-      accountStateRoot: input.session.sourceAccountStateRoot,
-      logger: input.logger,
-      rule,
-      sharedCodexHome: input.session.sharedCodexHome
-    });
-  }
-  input.logger.info("account_sync.complete", {
-    accountId: input.session.account.id
-  });
-}
-async function restoreSharedRuntimeFromBackup(input) {
-  const accountRules = input.runtimeContract.fileRules.filter(
-    (rule) => rule.classification === "account"
+  const accountId = pickString(input.raw.account_id, input.raw.accountId, input.accountIdHint);
+  const plan = pickString(
+    input.raw.plan,
+    input.raw.subscription_plan,
+    input.raw.plan_type,
+    input.raw.rate_limit?.plan,
+    input.raw.rate_limit?.subscription_plan
   );
-  input.logger.warn("account_activation.restore.start", {
-    accountId: input.account.id,
-    backupRoot: input.backupRoot,
-    sharedCodexHome: input.sharedCodexHome
+  const allowed = pickBoolean(input.raw.allowed, input.raw.rate_limit?.allowed, true) ?? true;
+  const limitReached = (pickBoolean(input.raw.limit_reached, input.raw.rate_limit?.limit_reached) ?? daily.limitReached) || weekly.limitReached;
+  const status = classifyUsageStatus({
+    allowed,
+    dailyRemaining: daily.remaining,
+    limitReached,
+    weeklyRemaining: weekly.remaining
   });
-  for (const rule of accountRules) {
-    await restoreRuntimeArtifact({
-      backupRoot: input.backupRoot,
-      logger: input.logger,
-      rule,
-      sharedCodexHome: input.sharedCodexHome
-    });
+  const statusEvent = `selection.usage_normalize.status_${status}`;
+  const statusDetails = {
+    accountId,
+    accountIdHint: input.accountIdHint ?? null,
+    allowed,
+    payloadShape,
+    dailyRemaining: daily.remaining,
+    weeklyRemaining: weekly.remaining,
+    dailyWindowSource: daily.source,
+    weeklyWindowSource: weekly.source,
+    hasRemainingPercent: daily.remaining !== null || weekly.remaining !== null
+  };
+  if (status === "usable") {
+    input.logger.info(statusEvent, statusDetails);
+  } else {
+    input.logger.warn(statusEvent, statusDetails);
   }
-  input.logger.warn("account_activation.restore.complete", {
-    accountId: input.account.id
+  const snapshot = {
+    accountId,
+    allowed,
+    limitReached,
+    plan,
+    dailyRemaining: daily.remaining,
+    weeklyRemaining: weekly.remaining,
+    dailyResetsAt: daily.resetsAt,
+    weeklyResetsAt: weekly.resetsAt,
+    dailyPercentUsed: daily.percentUsed,
+    weeklyPercentUsed: weekly.percentUsed,
+    observedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    status,
+    statusReason: describeUsageStatus(status),
+    windows: {
+      daily,
+      weekly
+    }
+  };
+  input.logger.debug("selection.usage_normalize.complete", {
+    accountId: snapshot.accountId,
+    allowed: snapshot.allowed,
+    payloadShape,
+    limitReached: snapshot.limitReached,
+    plan: snapshot.plan,
+    dailyRemaining: snapshot.dailyRemaining,
+    weeklyRemaining: snapshot.weeklyRemaining,
+    dailyResetsAt: snapshot.dailyResetsAt,
+    weeklyResetsAt: snapshot.weeklyResetsAt,
+    status: snapshot.status,
+    statusReason: snapshot.statusReason
   });
+  return snapshot;
 }
-async function backupRuntimeArtifact(input) {
-  const sourcePath = path11.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
-  const backupPath = path11.join(input.backupRoot, normalizedPattern(input.rule.pathPattern));
-  if (!await pathExists4(sourcePath)) {
-    input.logger.debug("account_activation.backup.skip", {
-      pathPattern: input.rule.pathPattern,
-      sourcePath,
-      reason: "missing"
+function normalizeUsageWindow(input) {
+  if (!input.raw) {
+    input.logger.debug("selection.usage_normalize.window_missing", {
+      accountIdHint: input.accountIdHint ?? null,
+      source: input.source,
+      window: input.window
     });
-    return;
-  }
-  await mkdir7(path11.dirname(backupPath), { recursive: true });
-  if (isDirectoryPattern(input.rule)) {
-    await cp3(sourcePath, backupPath, { recursive: true });
-  } else {
-    await copyFile3(sourcePath, backupPath);
+    return {
+      limit: null,
+      used: null,
+      remaining: null,
+      limitReached: false,
+      resetsAt: null,
+      percentUsed: null,
+      source: input.source
+    };
   }
-  input.logger.debug("account_activation.backup.complete", {
-    pathPattern: input.rule.pathPattern,
-    sourcePath,
-    backupPath
+  const limit = pickNumber(input.raw.limit);
+  const percentResolution = resolveUsedPercent({
+    accountIdHint: input.accountIdHint,
+    logger: input.logger,
+    raw: input.raw,
+    window: input.window
+  });
+  const remainingFromPercent = calculateRemainingFromPercent(percentResolution.percentUsed);
+  const used = pickNumber(
+    input.raw.used,
+    calculateUsed(limit, pickNumber(input.raw.remaining)),
+    calculateUsed(limit, remainingFromPercent)
+  );
+  const remaining = pickNumber(
+    input.raw.remaining,
+    remainingFromPercent,
+    calculateRemaining(limit, used)
+  );
+  const limitReached = typeof input.raw.limit_reached === "boolean" ? input.raw.limit_reached : remaining !== null ? remaining <= 0 : false;
+  const percentUsed = percentResolution.percentUsed ?? calculatePercentUsed(limit, used, remaining);
+  const resetsAt = normalizeTimestamp(
+    input.raw.reset_at,
+    input.raw.resets_at,
+    input.raw.next_reset_at,
+    calculateResetAtFromSeconds(input.raw.reset_after_seconds)
+  );
+  const source = resolveWindowSource(input.raw, input.source);
+  input.logger.debug("selection.usage_normalize.window_complete", {
+    accountIdHint: input.accountIdHint ?? null,
+    window: input.window,
+    source,
+    limit,
+    used,
+    remaining,
+    limitReached,
+    rawUsedPercent: percentResolution.rawValue,
+    percentResolutionSource: percentResolution.source,
+    percentUsed,
+    resetsAt,
+    limitWindowSeconds: pickNumber(input.raw.limit_window_seconds)
   });
+  return {
+    limit,
+    used,
+    remaining,
+    limitReached,
+    resetsAt,
+    percentUsed,
+    source
+  };
 }
-async function replaceRuntimeArtifact(input) {
-  const sourcePath = path11.join(input.accountStateRoot, normalizedPattern(input.rule.pathPattern));
-  const targetPath = path11.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
-  await rm5(targetPath, { force: true, recursive: true }).catch(() => void 0);
-  if (!await pathExists4(sourcePath)) {
-    input.logger.debug("account_activation.replace.skip", {
-      pathPattern: input.rule.pathPattern,
-      sourcePath,
-      reason: "missing"
-    });
-    return;
+function resolveUsageWindow(raw, window) {
+  const rateLimitWindow = window === "daily" ? raw.rate_limit?.primary_window : raw.rate_limit?.secondary_window;
+  if (isRecord2(rateLimitWindow)) {
+    return {
+      raw: rateLimitWindow,
+      source: `rate_limit.${window === "daily" ? "primary_window" : "secondary_window"}`
+    };
   }
-  await mkdir7(path11.dirname(targetPath), { recursive: true });
-  if (isDirectoryPattern(input.rule)) {
-    await cp3(sourcePath, targetPath, { recursive: true });
-  } else {
-    await copyFile3(sourcePath, targetPath);
+  const candidates = [
+    { raw: raw[window], source: `legacy.${window}` },
+    { raw: raw.usage?.[window], source: `usage.${window}` },
+    { raw: raw.quotas?.[window], source: `quotas.${window}` }
+  ];
+  for (const candidate of candidates) {
+    if (isRecord2(candidate.raw)) {
+      return {
+        raw: candidate.raw,
+        source: candidate.source
+      };
+    }
   }
-  input.logger.debug("account_activation.replace.complete", {
-    pathPattern: input.rule.pathPattern,
-    sourcePath,
-    targetPath
-  });
+  return {
+    raw: null,
+    source: null
+  };
 }
-async function syncRuntimeArtifact(input) {
-  const sourcePath = path11.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
-  const targetPath = path11.join(input.accountStateRoot, normalizedPattern(input.rule.pathPattern));
-  if (!await pathExists4(sourcePath)) {
-    input.logger.debug("account_sync.skip", {
-      pathPattern: input.rule.pathPattern,
-      sourcePath,
-      reason: "missing"
-    });
-    return;
+function resolveWindowSource(raw, fallbackSource) {
+  if (typeof raw.source === "string") {
+    return raw.source;
   }
-  const changed = await hasArtifactChanged(sourcePath, targetPath, isDirectoryPattern(input.rule));
-  if (!changed) {
-    input.logger.debug("account_sync.no_change", {
-      pathPattern: input.rule.pathPattern,
-      sourcePath,
-      targetPath
-    });
-    return;
+  if (typeof raw.kind === "string") {
+    return raw.kind;
   }
-  await rm5(targetPath, { force: true, recursive: true }).catch(() => void 0);
-  await mkdir7(path11.dirname(targetPath), { recursive: true });
-  if (isDirectoryPattern(input.rule)) {
-    await cp3(sourcePath, targetPath, { recursive: true });
-  } else {
-    await copyFile3(sourcePath, targetPath);
+  return fallbackSource;
+}
+function resolvePayloadShape(raw) {
+  if (isRecord2(raw.rate_limit) && (isRecord2(raw.rate_limit.primary_window) || isRecord2(raw.rate_limit.secondary_window))) {
+    return "rate_limit";
   }
-  input.logger.info("account_sync.updated", {
-    pathPattern: input.rule.pathPattern,
-    sourcePath,
-    targetPath
-  });
+  return "legacy";
 }
-async function restoreRuntimeArtifact(input) {
-  const backupPath = path11.join(input.backupRoot, normalizedPattern(input.rule.pathPattern));
-  const targetPath = path11.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
-  await rm5(targetPath, { force: true, recursive: true }).catch(() => void 0);
-  if (!await pathExists4(backupPath)) {
-    input.logger.debug("account_activation.restore.skip", {
-      pathPattern: input.rule.pathPattern,
-      backupPath,
-      reason: "missing"
-    });
-    return;
+function classifyUsageStatus(input) {
+  if (!input.allowed) {
+    return "not-allowed";
   }
-  await mkdir7(path11.dirname(targetPath), { recursive: true });
-  if (isDirectoryPattern(input.rule)) {
-    await cp3(backupPath, targetPath, { recursive: true });
-  } else {
-    await copyFile3(backupPath, targetPath);
+  if (input.limitReached) {
+    return "limit-reached";
   }
-  input.logger.debug("account_activation.restore.complete_artifact", {
-    pathPattern: input.rule.pathPattern,
-    backupPath,
-    targetPath
-  });
+  if (input.dailyRemaining === null && input.weeklyRemaining === null) {
+    return "missing-usage-data";
+  }
+  return "usable";
 }
-function isDirectoryPattern(rule) {
-  return rule.pathPattern.endsWith("/**");
+function describeUsageStatus(status) {
+  switch (status) {
+    case "not-allowed":
+      return "usage endpoint reported that the account is not allowed to launch";
+    case "limit-reached":
+      return "usage endpoint reported an exhausted limit window";
+    case "missing-usage-data":
+      return "usage endpoint did not expose enough quota fields to rank this account";
+    case "usable":
+      return "usage endpoint exposed enough quota fields to rank this account";
+  }
 }
-function normalizedPattern(pattern) {
-  return pattern.endsWith("/**") ? pattern.slice(0, -3) : pattern;
+function normalizeTimestamp(...values) {
+  for (const value of values) {
+    if (typeof value === "string") {
+      const parsed = new Date(value);
+      if (!Number.isNaN(parsed.valueOf())) {
+        return parsed.toISOString();
+      }
+    }
+    if (typeof value === "number" && Number.isFinite(value)) {
+      const normalizedValue = value > 1e10 ? value : value * 1e3;
+      const parsed = new Date(normalizedValue);
+      if (!Number.isNaN(parsed.valueOf())) {
+        return parsed.toISOString();
+      }
+    }
+  }
+  return null;
 }
-async function hasArtifactChanged(sourcePath, targetPath, isDirectory) {
-  if (!await pathExists4(targetPath)) {
-    return true;
+function calculateResetAtFromSeconds(value) {
+  if (typeof value !== "number" || !Number.isFinite(value) || value < 0) {
+    return null;
   }
-  if (isDirectory) {
-    const [sourceHash2, targetHash2] = await Promise.all([
-      hashDirectory(sourcePath),
-      hashDirectory(targetPath)
-    ]);
-    return sourceHash2 !== targetHash2;
+  return new Date(Date.now() + value * 1e3).toISOString();
+}
+function calculateRemaining(limit, used) {
+  if (limit === null || used === null) {
+    return null;
   }
-  const [sourceHash, targetHash] = await Promise.all([
-    hashFile(sourcePath),
-    hashFile(targetPath)
-  ]);
-  return sourceHash !== targetHash;
+  return limit - used;
+}
+function calculateUsed(limit, remaining) {
+  if (limit === null || remaining === null) {
+    return null;
+  }
+  return limit - remaining;
 }
-async function hashFile(filePath) {
-  const content = await readFile8(filePath);
-  return createHash("sha256").update(content).digest("hex");
+function calculatePercentUsed(limit, used, remaining) {
+  if (limit === null || limit <= 0) {
+    return null;
+  }
+  const numerator = used ?? calculateUsed(limit, remaining);
+  if (numerator === null) {
+    return null;
+  }
+  return Number((numerator / limit * 100).toFixed(2));
 }
-async function hashDirectory(directoryPath) {
-  const entries = await collectFiles(directoryPath);
-  const hash = createHash("sha256");
-  for (const entry of entries.sort()) {
-    hash.update(entry.relativePath);
-    hash.update(await readFile8(entry.absolutePath));
+function calculateRemainingFromPercent(percentUsed) {
+  if (percentUsed === null) {
+    return null;
   }
-  return hash.digest("hex");
+  return Number((100 - percentUsed).toFixed(2));
 }
-async function collectFiles(root) {
-  const rootStats = await stat6(root).catch(() => null);
-  if (!rootStats) {
-    return [];
+function resolveUsedPercent(input) {
+  const candidates = [
+    { source: "used_percent", value: input.raw.used_percent },
+    { source: "percent_used", value: input.raw.percent_used },
+    { source: "percentage_used", value: input.raw.percentage_used }
+  ];
+  for (const candidate of candidates) {
+    if (candidate.value === null || candidate.value === void 0 || candidate.value === "") {
+      continue;
+    }
+    const parsed = normalizePercentValue(candidate.value);
+    if (parsed === null) {
+      input.logger.debug("selection.usage_normalize.percent_invalid", {
+        accountIdHint: input.accountIdHint ?? null,
+        window: input.window,
+        source: candidate.source,
+        rawValue: candidate.value,
+        behavior: "skip"
+      });
+      return {
+        percentUsed: null,
+        rawValue: typeof candidate.value === "string" || typeof candidate.value === "number" ? candidate.value : null,
+        source: "invalid"
+      };
+    }
+    if (parsed.wasClamped) {
+      input.logger.debug("selection.usage_normalize.percent_clamped", {
+        accountIdHint: input.accountIdHint ?? null,
+        window: input.window,
+        source: candidate.source,
+        rawValue: candidate.value,
+        clampedValue: parsed.value
+      });
+    }
+    input.logger.debug("selection.usage_normalize.percent_resolved", {
+      accountIdHint: input.accountIdHint ?? null,
+      window: input.window,
+      source: candidate.source,
+      rawValue: candidate.value,
+      percentUsed: parsed.value,
+      remainingPercent: calculateRemainingFromPercent(parsed.value)
+    });
+    return {
+      percentUsed: parsed.value,
+      rawValue: typeof candidate.value === "string" || typeof candidate.value === "number" ? candidate.value : null,
+      source: candidate.source
+    };
   }
-  if (!rootStats.isDirectory()) {
-    return [{ absolutePath: root, relativePath: path11.basename(root) }];
+  input.logger.debug("selection.usage_normalize.percent_missing", {
+    accountIdHint: input.accountIdHint ?? null,
+    window: input.window,
+    fallback: "derive-from-limit-or-remaining-if-possible"
+  });
+  return {
+    percentUsed: null,
+    rawValue: null,
+    source: "missing"
+  };
+}
+function normalizePercentValue(value) {
+  const numericValue = typeof value === "number" ? value : value.trim().length > 0 ? Number(value) : Number.NaN;
+  if (!Number.isFinite(numericValue)) {
+    return null;
   }
-  const results = [];
-  const stack = [root];
-  while (stack.length > 0) {
-    const current = stack.pop();
-    if (!current) {
-      continue;
+  const clampedValue = Math.min(100, Math.max(0, numericValue));
+  return {
+    value: Number(clampedValue.toFixed(2)),
+    wasClamped: clampedValue !== numericValue
+  };
+}
+function pickString(...values) {
+  for (const value of values) {
+    if (typeof value === "string" && value.trim().length > 0) {
+      return value;
     }
-    const entries = await import("node:fs/promises").then(
-      (fs) => fs.readdir(current, { withFileTypes: true })
-    );
-    for (const entry of entries) {
-      const absolutePath = path11.join(current, entry.name);
-      if (entry.isDirectory()) {
-        stack.push(absolutePath);
-        continue;
-      }
-      if (entry.isFile()) {
-        results.push({
-          absolutePath,
-          relativePath: path11.relative(root, absolutePath).split(path11.sep).join("/")
-        });
-      }
+  }
+  return null;
+}
+function pickNumber(...values) {
+  for (const value of values) {
+    if (typeof value === "number" && Number.isFinite(value)) {
+      return value;
     }
   }
-  return results;
+  return null;
 }
-async function pathExists4(targetPath) {
-  try {
-    await stat6(targetPath);
-    return true;
-  } catch (error) {
-    if (typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT") {
-      return false;
+function pickBoolean(...values) {
+  for (const value of values) {
+    if (typeof value === "boolean") {
+      return value;
     }
-    throw error;
   }
+  return null;
 }
-
-// src/process/spawn-codex-command.ts
-import { spawn as spawn2 } from "node:child_process";
-async function spawnCodexCommand(input) {
-  const launchSpec = await resolveCodexLaunchSpec(input.codexBinaryPath, input.argv);
-  input.logger.info("spawn_codex.start", {
-    codexBinaryPath: input.codexBinaryPath,
-    resolvedCommand: launchSpec.command,
-    codexHome: input.codexHome,
-    argv: launchSpec.args,
-    stdinIsTTY: process.stdin.isTTY ?? false,
-    stdoutIsTTY: process.stdout.isTTY ?? false,
-    stderrIsTTY: process.stderr.isTTY ?? false
-  });
-  return new Promise((resolve, reject) => {
-    const child = spawn2(launchSpec.command, launchSpec.args, {
-      env: {
-        ...process.env,
-        CODEX_HOME: input.codexHome
-      },
-      shell: false,
-      stdio: "inherit",
-      windowsHide: false
-    });
-    let settled = false;
-    const forwardSignal = (signal) => {
-      input.logger.warn("spawn_codex.parent_signal", {
-        signal,
-        pid: child.pid ?? null
-      });
-      child.kill(signal);
-    };
-    const signalHandlers = {
-      SIGINT: () => forwardSignal("SIGINT"),
-      SIGTERM: () => forwardSignal("SIGTERM")
-    };
-    process.on("SIGINT", signalHandlers.SIGINT);
-    process.on("SIGTERM", signalHandlers.SIGTERM);
-    const cleanup = () => {
-      process.off("SIGINT", signalHandlers.SIGINT);
-      process.off("SIGTERM", signalHandlers.SIGTERM);
-    };
-    child.on("error", (error) => {
-      if (settled) {
-        return;
-      }
-      settled = true;
-      cleanup();
-      input.logger.error("spawn_codex.error", {
-        codexBinaryPath: input.codexBinaryPath,
-        message: error.message
-      });
-      reject(error);
-    });
-    child.on("exit", (exitCode2, signal) => {
-      if (settled) {
-        return;
-      }
-      settled = true;
-      cleanup();
-      input.logger.info("spawn_codex.complete", {
-        codexBinaryPath: input.codexBinaryPath,
-        exitCode: exitCode2,
-        signal
-      });
-      resolve(exitCode2 ?? 1);
-    });
-  });
+function isRecord2(value) {
+  return typeof value === "object" && value !== null;
 }
 
-// src/selection/account-auth-state.ts
-import { readFile as readFile9 } from "node:fs/promises";
-import path12 from "node:path";
-async function readAccountAuthState(input) {
-  const filePath = path12.join(input.account.authDirectory, "state", "auth.json");
-  input.logger.debug("selection.account_auth_state.read_start", {
+// src/selection/usage-client.ts
+var WHAM_USAGE_URL = "https://chatgpt.com/backend-api/wham/usage";
+async function probeAccountUsage(input) {
+  const fetchImpl = input.fetchImpl ?? fetch;
+  input.logger.info("selection.usage_probe.start", {
     accountId: input.account.id,
     label: input.account.label,
-    filePath
+    timeoutMs: input.probeConfig.probeTimeoutMs,
+    useAccountIdHeader: input.probeConfig.useAccountIdHeader
   });
-  try {
-    const raw = await readFile9(filePath, "utf8");
-    const parsed = JSON.parse(raw);
-    if (!isRecord(parsed)) {
-      input.logger.warn("selection.account_auth_state.unsupported_shape", {
-        accountId: input.account.id,
-        label: input.account.label,
-        filePath,
-        topLevelType: typeof parsed
-      });
-      return {
-        ok: false,
-        category: "unsupported-auth-shape",
-        filePath,
-        message: "auth.json is not a JSON object."
-      };
-    }
-    const accessToken = resolveString(
-      parsed.access_token,
-      getNestedString(parsed, ["tokens", "access_token"]),
-      getNestedString(parsed, ["tokens", "accessToken"])
-    );
-    if (!accessToken) {
-      input.logger.warn("selection.account_auth_state.access_token_missing", {
-        accountId: input.account.id,
-        label: input.account.label,
-        filePath,
-        hasTokensObject: isRecord(parsed.tokens)
-      });
-      return {
-        ok: false,
-        category: "missing-access-token",
-        filePath,
-        message: "auth.json does not contain an access_token."
-      };
-    }
-    const result = {
-      ok: true,
-      filePath,
-      state: {
-        accessToken,
-        accountId: resolveString(
-          parsed.account_id,
-          parsed.accountId,
-          getNestedString(parsed, ["tokens", "account_id"]),
-          getNestedString(parsed, ["tokens", "accountId"])
-        ),
-        authMode: resolveString(
-          parsed.auth_mode,
-          parsed.authMode,
-          getNestedString(parsed, ["tokens", "auth_mode"]),
-          getNestedString(parsed, ["tokens", "authMode"])
-        ),
-        lastRefresh: resolveString(
-          parsed.last_refresh,
-          parsed.lastRefresh,
-          parsed.refresh_at,
-          parsed.refreshAt
-        )
-      }
+  const authState = await readAccountAuthState({
+    account: input.account,
+    logger: input.logger
+  });
+  if (!authState.ok) {
+    input.logger.warn("selection.usage_probe.auth_missing", {
+      accountId: input.account.id,
+      label: input.account.label,
+      category: authState.category,
+      filePath: authState.filePath
+    });
+    return {
+      ok: false,
+      account: input.account,
+      category: "auth-missing",
+      message: authState.message,
+      source: "fresh"
     };
-    input.logger.debug("selection.account_auth_state.read_complete", {
+  }
+  try {
+    const response = await fetchImpl(WHAM_USAGE_URL, {
+      method: "GET",
+      headers: buildUsageHeaders({
+        accessToken: authState.state.accessToken,
+        accountId: authState.state.accountId,
+        useAccountIdHeader: input.probeConfig.useAccountIdHeader
+      }),
+      signal: AbortSignal.timeout(input.probeConfig.probeTimeoutMs)
+    });
+    input.logger.debug("selection.usage_probe.http_complete", {
       accountId: input.account.id,
       label: input.account.label,
-      filePath,
-      hasAccessToken: true,
-      authAccountId: result.state.accountId,
-      authMode: result.state.authMode,
-      hasRefreshMetadata: result.state.lastRefresh !== null
+      status: response.status,
+      ok: response.ok
     });
-    return result;
-  } catch (error) {
-    if (isNodeErrorWithCode(error, "ENOENT")) {
-      input.logger.warn("selection.account_auth_state.missing_file", {
+    if (!response.ok) {
+      input.logger.warn("selection.usage_probe.http_error", {
         accountId: input.account.id,
         label: input.account.label,
-        filePath
+        status: response.status
       });
       return {
         ok: false,
-        category: "missing-file",
-        filePath,
-        message: "auth.json was not found for the account profile."
+        account: input.account,
+        category: "http-error",
+        message: `Usage probe returned HTTP ${response.status}.`,
+        source: "fresh"
       };
     }
-    if (error instanceof SyntaxError) {
-      input.logger.warn("selection.account_auth_state.malformed_json", {
+    const body = await response.json();
+    if (!isRecord3(body)) {
+      input.logger.warn("selection.usage_probe.invalid_response", {
         accountId: input.account.id,
         label: input.account.label,
-        filePath,
-        message: error.message
+        bodyType: typeof body
       });
       return {
         ok: false,
-        category: "malformed-json",
-        filePath,
-        message: error.message
+        account: input.account,
+        category: "invalid-response",
+        message: "Usage probe returned a non-object JSON payload.",
+        source: "fresh"
       };
     }
-    input.logger.warn("selection.account_auth_state.unsupported_shape", {
+    const snapshot = normalizeWhamUsageResponse({
+      accountIdHint: authState.state.accountId ?? input.account.id,
+      logger: input.logger,
+      raw: body
+    });
+    input.logger.info("selection.usage_probe.success", {
+      accountId: input.account.id,
+      label: input.account.label,
+      snapshotStatus: snapshot.status,
+      dailyRemaining: snapshot.dailyRemaining,
+      weeklyRemaining: snapshot.weeklyRemaining,
+      limitReached: snapshot.limitReached
+    });
+    return {
+      ok: true,
+      account: input.account,
+      snapshot,
+      source: "fresh"
+    };
+  } catch (error) {
+    if (isAbortError(error)) {
+      input.logger.warn("selection.usage_probe.timeout", {
+        accountId: input.account.id,
+        label: input.account.label,
+        timeoutMs: input.probeConfig.probeTimeoutMs
+      });
+      return {
+        ok: false,
+        account: input.account,
+        category: "timeout",
+        message: `Usage probe timed out after ${input.probeConfig.probeTimeoutMs}ms.`,
+        source: "fresh"
+      };
+    }
+    input.logger.error("selection.usage_probe.request_failed", {
       accountId: input.account.id,
       label: input.account.label,
-      filePath,
       message: error instanceof Error ? error.message : String(error)
     });
     return {
       ok: false,
-      category: "unsupported-auth-shape",
-      filePath,
-      message: error instanceof Error ? error.message : String(error)
+      account: input.account,
+      category: "invalid-response",
+      message: error instanceof Error ? error.message : String(error),
+      source: "fresh"
     };
   }
 }
-function getNestedString(value, pathParts) {
-  let current = value;
-  for (const part of pathParts) {
-    if (!isRecord(current) || typeof current[part] === "undefined") {
-      return null;
+function buildUsageHeaders(input) {
+  const headers = new Headers({
+    accept: "application/json",
+    authorization: `Bearer ${input.accessToken}`,
+    "user-agent": "codexes/0.1 experimental-usage-probe"
+  });
+  if (input.useAccountIdHeader && input.accountId) {
+    headers.set("OpenAI-Account-ID", input.accountId);
+  }
+  return headers;
+}
+function isAbortError(error) {
+  return error instanceof Error && (error.name === "AbortError" || error.name === "TimeoutError");
+}
+function isRecord3(value) {
+  return typeof value === "object" && value !== null;
+}
+
+// src/selection/usage-cache.ts
+import { mkdir as mkdir6, readFile as readFile7, rename as rename2, writeFile as writeFile5 } from "node:fs/promises";
+import path10 from "node:path";
+var USAGE_CACHE_SCHEMA_VERSION = 1;
+async function loadUsageCache(input) {
+  try {
+    const raw = await readFile7(input.cacheFilePath, "utf8");
+    const parsed = JSON.parse(raw);
+    const normalized = normalizeUsageCacheDocument(parsed);
+    input.logger.debug("selection.usage_cache.load_success", {
+      cacheFilePath: input.cacheFilePath,
+      entryCount: normalized.entries.length,
+      compatibilitySummary: normalized.entries.map((entry) => ({
+        accountId: entry.accountId,
+        shape: describeSnapshotShape(entry.snapshot)
+      }))
+    });
+    return normalized.entries;
+  } catch (error) {
+    if (isNodeErrorWithCode2(error, "ENOENT")) {
+      input.logger.debug("selection.usage_cache.missing", {
+        cacheFilePath: input.cacheFilePath
+      });
+      return [];
     }
-    current = current[part];
+    const backupPath = `${input.cacheFilePath}.corrupt-${Date.now()}`;
+    await rename2(input.cacheFilePath, backupPath).catch(() => void 0);
+    input.logger.warn("selection.usage_cache.corrupt", {
+      cacheFilePath: input.cacheFilePath,
+      backupPath,
+      message: error instanceof Error ? error.message : String(error)
+    });
+    return [];
   }
-  return typeof current === "string" && current.trim().length > 0 ? current : null;
 }
-function resolveString(...values) {
-  for (const value of values) {
-    if (typeof value === "string" && value.trim().length > 0) {
-      return value;
-    }
+async function persistUsageCache(input) {
+  await mkdir6(path10.dirname(input.cacheFilePath), { recursive: true });
+  const document = {
+    schemaVersion: USAGE_CACHE_SCHEMA_VERSION,
+    entries: input.entries
+  };
+  const tempFile = `${input.cacheFilePath}.tmp`;
+  const serialized = JSON.stringify(document, null, 2);
+  await writeFile5(tempFile, serialized, "utf8");
+  await rename2(tempFile, input.cacheFilePath);
+  input.logger.debug("selection.usage_cache.persisted", {
+    cacheFilePath: input.cacheFilePath,
+    entryCount: input.entries.length
+  });
+}
+function resolveFreshUsageCacheEntry(input) {
+  const entry = input.entries.find((candidate) => candidate.accountId === input.accountId) ?? null;
+  if (!entry) {
+    input.logger.debug("selection.usage_cache.miss", {
+      accountId: input.accountId,
+      ttlMs: input.ttlMs,
+      snapshotSource: "fresh-required"
+    });
+    return null;
+  }
+  const ageMs = input.now - new Date(entry.cachedAt).valueOf();
+  if (!Number.isFinite(ageMs) || ageMs > input.ttlMs) {
+    input.logger.debug("selection.usage_cache.expired", {
+      accountId: input.accountId,
+      cachedAt: entry.cachedAt,
+      ageMs: Number.isFinite(ageMs) ? ageMs : null,
+      ttlMs: input.ttlMs,
+      primaryRemainingPercent: entry.snapshot.dailyRemaining,
+      secondaryRemainingPercent: entry.snapshot.weeklyRemaining,
+      snapshotStatus: entry.snapshot.status,
+      compatibilityPath: describeSnapshotShape(entry.snapshot)
+    });
+    return null;
+  }
+  input.logger.debug("selection.usage_cache.hit", {
+    accountId: input.accountId,
+    cachedAt: entry.cachedAt,
+    ageMs,
+    ttlMs: input.ttlMs,
+    primaryRemainingPercent: entry.snapshot.dailyRemaining,
+    secondaryRemainingPercent: entry.snapshot.weeklyRemaining,
+    snapshotStatus: entry.snapshot.status,
+    compatibilityPath: describeSnapshotShape(entry.snapshot)
+  });
+  return entry;
+}
+function normalizeUsageCacheDocument(value) {
+  if (!isRecord4(value)) {
+    throw new Error("Usage cache document is not an object.");
+  }
+  const schemaVersion = typeof value.schemaVersion === "number" ? value.schemaVersion : USAGE_CACHE_SCHEMA_VERSION;
+  if (schemaVersion !== USAGE_CACHE_SCHEMA_VERSION) {
+    throw new Error(`Unsupported usage cache schema version ${schemaVersion}.`);
+  }
+  const entries = Array.isArray(value.entries) ? value.entries.filter(isUsageCacheEntry) : [];
+  return {
+    schemaVersion: USAGE_CACHE_SCHEMA_VERSION,
+    entries
+  };
+}
+function isUsageCacheEntry(value) {
+  return isRecord4(value) && typeof value.accountId === "string" && typeof value.accountLabel === "string" && typeof value.cachedAt === "string" && isRecord4(value.snapshot);
+}
+function isRecord4(value) {
+  return typeof value === "object" && value !== null;
+}
+function isNodeErrorWithCode2(error, code) {
+  return typeof error === "object" && error !== null && "code" in error && error.code === code;
+}
+function describeSnapshotShape(snapshot) {
+  if (typeof snapshot === "object" && snapshot !== null && "windows" in snapshot && typeof snapshot.windows === "object" && snapshot.windows !== null) {
+    return "current";
+  }
+  return "legacy-compatible";
+}
+
+// src/selection/usage-probe-coordinator.ts
+async function resolveAccountUsageSnapshots(input) {
+  const now = Date.now();
+  input.logger.info("selection.usage_probe_coordinator.start", {
+    accountCount: input.accounts.length,
+    cacheFilePath: input.cacheFilePath,
+    cacheTtlMs: input.probeConfig.cacheTtlMs,
+    timeoutMs: input.probeConfig.probeTimeoutMs
+  });
+  const cacheEntries = await loadUsageCache({
+    cacheFilePath: input.cacheFilePath,
+    logger: input.logger
+  });
+  const freshCacheEntries = [...cacheEntries];
+  const resolutions = await Promise.all(
+    input.accounts.map(async (account) => {
+      const cached = resolveFreshUsageCacheEntry({
+        accountId: account.id,
+        entries: freshCacheEntries,
+        logger: input.logger,
+        now,
+        ttlMs: input.probeConfig.cacheTtlMs
+      });
+      if (cached) {
+        return {
+          ok: true,
+          account,
+          snapshot: cached.snapshot,
+          source: "cache"
+        };
+      }
+      const fresh = await probeAccountUsage({
+        account,
+        fetchImpl: input.fetchImpl,
+        logger: input.logger,
+        probeConfig: input.probeConfig
+      });
+      if (fresh.ok) {
+        upsertCacheEntry(freshCacheEntries, {
+          accountId: account.id,
+          accountLabel: account.label,
+          cachedAt: new Date(now).toISOString(),
+          snapshot: fresh.snapshot
+        });
+      }
+      return fresh;
+    })
+  );
+  await persistUsageCache({
+    cacheFilePath: input.cacheFilePath,
+    entries: freshCacheEntries,
+    logger: input.logger
+  });
+  input.logger.info("selection.usage_probe_coordinator.complete", {
+    accountCount: input.accounts.length,
+    cacheHitCount: resolutions.filter((entry) => entry.ok && entry.source === "cache").length,
+    freshSuccessCount: resolutions.filter((entry) => entry.ok && entry.source === "fresh").length,
+    failureCount: resolutions.filter((entry) => !entry.ok).length,
+    resolutionSummary: resolutions.map(
+      (entry) => entry.ok ? {
+        accountId: entry.account.id,
+        source: entry.source,
+        snapshotStatus: entry.snapshot.status,
+        primaryRemainingPercent: entry.snapshot.dailyRemaining,
+        secondaryRemainingPercent: entry.snapshot.weeklyRemaining
+      } : {
+        accountId: entry.account.id,
+        source: entry.source,
+        failureCategory: entry.category
+      }
+    )
+  });
+  return resolutions;
+}
+function upsertCacheEntry(entries, nextEntry) {
+  const existingIndex = entries.findIndex((entry) => entry.accountId === nextEntry.accountId);
+  if (existingIndex >= 0) {
+    entries.splice(existingIndex, 1, nextEntry);
+    return;
   }
-  return null;
-}
-function isRecord(value) {
-  return typeof value === "object" && value !== null;
-}
-function isNodeErrorWithCode(error, code) {
-  return typeof error === "object" && error !== null && "code" in error && error.code === code;
+  entries.push(nextEntry);
 }
 
-// src/selection/usage-normalize.ts
-function normalizeWhamUsageResponse(input) {
-  input.logger.debug("selection.usage_normalize.start", {
-    accountIdHint: input.accountIdHint ?? null,
-    topLevelKeys: Object.keys(input.raw).sort()
+// src/selection/selection-summary.ts
+async function resolveSelectionSummary(input) {
+  const mode = input.mode ?? "execution";
+  const accounts = await input.registry.listAccounts();
+  input.logger.info("selection.summary.start", {
+    mode,
+    strategy: input.strategy,
+    accountCount: accounts.length
   });
-  const daily = normalizeUsageWindow({
-    accountIdHint: input.accountIdHint,
+  if (accounts.length === 0) {
+    input.logger.warn("selection.none", {
+      mode,
+      strategy: input.strategy
+    });
+    throw new Error("No accounts configured. Add one with `codexes account add <label>`.");
+  }
+  const defaultAccount = await input.registry.getDefaultAccount();
+  const summary = await resolveStrategySummary({
+    accounts,
+    defaultAccount,
+    experimentalSelection: input.experimentalSelection,
+    fetchImpl: input.fetchImpl,
     logger: input.logger,
-    raw: resolveUsageWindow(input.raw, "daily"),
-    window: "daily"
+    mode,
+    registry: input.registry,
+    selectionCacheFilePath: input.selectionCacheFilePath,
+    strategy: input.strategy
   });
-  const weekly = normalizeUsageWindow({
-    accountIdHint: input.accountIdHint,
-    logger: input.logger,
-    raw: resolveUsageWindow(input.raw, "weekly"),
-    window: "weekly"
+  input.logger.info("selection.summary.complete", {
+    mode: summary.mode,
+    strategy: summary.strategy,
+    selectedAccountId: summary.selectedAccount?.id ?? null,
+    selectedBy: summary.selectedBy,
+    fallbackReason: summary.fallbackReason,
+    executionBlockedReason: summary.executionBlockedReason,
+    entryCount: summary.entries.length
   });
-  const accountId = pickString(input.raw.account_id, input.raw.accountId, input.accountIdHint);
-  const allowed = typeof input.raw.allowed === "boolean" ? input.raw.allowed : true;
-  const limitReached = typeof input.raw.limit_reached === "boolean" ? input.raw.limit_reached : daily.limitReached || weekly.limitReached;
-  const status = classifyUsageStatus({
-    allowed,
-    dailyRemaining: daily.remaining,
-    limitReached,
-    weeklyRemaining: weekly.remaining
+  return summary;
+}
+async function resolveStrategySummary(input) {
+  switch (input.strategy) {
+    case "manual-default":
+      return buildManualDefaultSummary(input.registry, input.logger, input.accounts, input.defaultAccount, input.mode);
+    case "single-account":
+      return buildSingleAccountSummary(input.registry, input.logger, input.accounts, input.defaultAccount, input.mode);
+    case "remaining-limit":
+    case "remaining-limit-experimental":
+      return buildExperimentalSummary(input);
+  }
+}
+async function buildManualDefaultSummary(registry, logger, accounts, defaultAccount, mode) {
+  const selection = await resolveManualDefaultSelection({
+    accounts,
+    logger,
+    mode,
+    registry,
+    strategy: "manual-default"
   });
-  const snapshot = {
-    accountId,
-    allowed,
-    limitReached,
-    dailyRemaining: daily.remaining,
-    weeklyRemaining: weekly.remaining,
-    dailyResetsAt: daily.resetsAt,
-    weeklyResetsAt: weekly.resetsAt,
-    dailyPercentUsed: daily.percentUsed,
-    weeklyPercentUsed: weekly.percentUsed,
-    observedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    status,
-    statusReason: describeUsageStatus(status),
-    windows: {
-      daily,
-      weekly
-    }
+  return {
+    entries: createUnavailableEntries(accounts, defaultAccount, selection.selectedAccount),
+    executionBlockedReason: selection.executionBlockedReason,
+    fallbackReason: null,
+    mode,
+    selectedAccount: selection.selectedAccount,
+    selectedBy: selection.selectedBy,
+    strategy: "manual-default"
   };
-  input.logger.debug("selection.usage_normalize.complete", {
-    accountId: snapshot.accountId,
-    allowed: snapshot.allowed,
-    limitReached: snapshot.limitReached,
-    dailyRemaining: snapshot.dailyRemaining,
-    weeklyRemaining: snapshot.weeklyRemaining,
-    dailyResetsAt: snapshot.dailyResetsAt,
-    weeklyResetsAt: snapshot.weeklyResetsAt,
-    status: snapshot.status,
-    statusReason: snapshot.statusReason
-  });
-  return snapshot;
 }
-function normalizeUsageWindow(input) {
-  if (!input.raw) {
-    input.logger.debug("selection.usage_normalize.window_missing", {
-      accountIdHint: input.accountIdHint ?? null,
-      window: input.window
+async function buildSingleAccountSummary(registry, logger, accounts, defaultAccount, mode) {
+  const selectedAccount = await selectSingleAccountOnly(registry, logger, accounts, mode);
+  return {
+    entries: createUnavailableEntries(accounts, defaultAccount, selectedAccount),
+    executionBlockedReason: null,
+    fallbackReason: null,
+    mode,
+    selectedAccount,
+    selectedBy: "single-account",
+    strategy: "single-account"
+  };
+}
+async function buildExperimentalSummary(input) {
+  if (!input.experimentalSelection?.enabled || !input.selectionCacheFilePath) {
+    input.logger.warn("selection.experimental_config_missing", {
+      enabled: input.experimentalSelection?.enabled ?? false,
+      hasSelectionCacheFilePath: Boolean(input.selectionCacheFilePath),
+      mode: input.mode
+    });
+    const fallbackSelection = await resolveManualDefaultSelection({
+      accounts: input.accounts,
+      fallbackReason: "experimental-config-missing",
+      logger: input.logger,
+      mode: input.mode,
+      registry: input.registry,
+      strategy: input.strategy
     });
     return {
-      limit: null,
-      used: null,
-      remaining: null,
-      limitReached: false,
-      resetsAt: null,
-      percentUsed: null,
-      source: null
+      entries: createUnavailableEntries(input.accounts, input.defaultAccount, fallbackSelection.selectedAccount),
+      executionBlockedReason: fallbackSelection.executionBlockedReason,
+      fallbackReason: "experimental-config-missing",
+      mode: input.mode,
+      selectedAccount: fallbackSelection.selectedAccount,
+      selectedBy: fallbackSelection.selectedBy,
+      strategy: input.strategy
     };
   }
-  const limit = pickNumber(input.raw.limit);
-  const used = pickNumber(input.raw.used, calculateUsed(limit, pickNumber(input.raw.remaining)));
-  const remaining = pickNumber(
-    input.raw.remaining,
-    calculateRemaining(limit, used)
-  );
-  const limitReached = typeof input.raw.limit_reached === "boolean" ? input.raw.limit_reached : remaining !== null ? remaining <= 0 : false;
-  const percentUsed = pickNumber(
-    input.raw.percent_used,
-    input.raw.percentage_used,
-    calculatePercentUsed(limit, used, remaining)
-  );
-  const resetsAt = normalizeTimestamp(
-    input.raw.reset_at,
-    input.raw.resets_at,
-    input.raw.next_reset_at
+  const probeResults = await resolveAccountUsageSnapshots({
+    accounts: input.accounts,
+    cacheFilePath: input.selectionCacheFilePath,
+    fetchImpl: input.fetchImpl,
+    logger: input.logger,
+    probeConfig: input.experimentalSelection
+  });
+  const failedProbes = probeResults.filter((entry) => !entry.ok);
+  if (failedProbes.length > 0) {
+    const fallbackReason = failedProbes.length === probeResults.length ? "all-probes-failed" : "mixed-probe-outcomes";
+    input.logger.warn(
+      fallbackReason === "all-probes-failed" ? "selection.experimental_fallback_all_probes_failed" : "selection.experimental_fallback_mixed_probe_outcomes",
+      {
+        failedAccountIds: failedProbes.map((entry) => entry.account.id),
+        failureCategories: failedProbes.map((entry) => entry.category),
+        mode: input.mode,
+        successfulAccountIds: probeResults.filter((entry) => entry.ok).map((entry) => entry.account.id)
+      }
+    );
+    const fallbackSelection = await resolveManualDefaultSelection({
+      accounts: input.accounts,
+      fallbackReason,
+      logger: input.logger,
+      mode: input.mode,
+      registry: input.registry,
+      strategy: input.strategy
+    });
+    logExperimentalFallbackSelection(input.logger, {
+      fallbackReason,
+      mode: input.mode,
+      selectedAccount: fallbackSelection.selectedAccount,
+      selectedBy: fallbackSelection.selectedBy
+    });
+    return {
+      entries: createExperimentalEntries({
+        defaultAccount: input.defaultAccount,
+        probeResults,
+        selectedAccount: fallbackSelection.selectedAccount,
+        selectedCandidateIds: []
+      }),
+      executionBlockedReason: fallbackSelection.executionBlockedReason,
+      fallbackReason,
+      mode: input.mode,
+      selectedAccount: fallbackSelection.selectedAccount,
+      selectedBy: fallbackSelection.selectedBy,
+      strategy: input.strategy
+    };
+  }
+  const successfulProbes = probeResults.filter((entry) => entry.ok);
+  const candidates = successfulProbes.filter((entry) => entry.snapshot.status === "usable").sort(
+    (left, right) => compareExperimentalCandidates({
+      defaultAccountId: input.defaultAccount?.id ?? null,
+      left,
+      registryOrder: input.accounts,
+      right
+    })
   );
-  const source = resolveWindowSource(input.raw);
-  input.logger.debug("selection.usage_normalize.window_complete", {
-    accountIdHint: input.accountIdHint ?? null,
-    window: input.window,
-    limit,
-    used,
-    remaining,
-    limitReached,
-    percentUsed,
-    resetsAt,
-    source
+  input.logger.info("selection.experimental_ranked", {
+    candidateOrder: candidates.map((entry) => ({
+      accountId: entry.account.id,
+      label: entry.account.label,
+      primaryRemainingPercent: entry.snapshot.dailyRemaining,
+      secondaryRemainingPercent: entry.snapshot.weeklyRemaining,
+      source: entry.source
+    })),
+    defaultAccountId: input.defaultAccount?.id ?? null,
+    mode: input.mode,
+    rankingSignal: "remaining-percent",
+    tieBreakOrder: [
+      "primary_remaining_percent_desc",
+      "secondary_remaining_percent_desc",
+      "default_account",
+      "registry_order"
+    ]
+  });
+  const selected = candidates[0];
+  if (!selected) {
+    const allExhausted = successfulProbes.every(
+      (entry) => entry.snapshot.limitReached || entry.snapshot.status === "limit-reached"
+    );
+    const fallbackReason = allExhausted ? "all-accounts-exhausted" : "ambiguous-usage";
+    input.logger.warn(
+      allExhausted ? "selection.experimental_fallback_all_accounts_exhausted" : "selection.experimental_fallback_ambiguous_usage",
+      {
+        mode: input.mode,
+        usableProbeCount: candidates.length,
+        probeStatuses: successfulProbes.map((entry) => ({
+          accountId: entry.account.id,
+          snapshotStatus: entry.snapshot.status,
+          limitReached: entry.snapshot.limitReached,
+          dailyRemaining: entry.snapshot.dailyRemaining,
+          weeklyRemaining: entry.snapshot.weeklyRemaining
+        }))
+      }
+    );
+    const fallbackSelection = await resolveManualDefaultSelection({
+      accounts: input.accounts,
+      fallbackReason,
+      logger: input.logger,
+      mode: input.mode,
+      registry: input.registry,
+      strategy: input.strategy
+    });
+    logExperimentalFallbackSelection(input.logger, {
+      fallbackReason,
+      mode: input.mode,
+      selectedAccount: fallbackSelection.selectedAccount,
+      selectedBy: fallbackSelection.selectedBy
+    });
+    return {
+      entries: createExperimentalEntries({
+        defaultAccount: input.defaultAccount,
+        probeResults,
+        selectedAccount: fallbackSelection.selectedAccount,
+        selectedCandidateIds: []
+      }),
+      executionBlockedReason: fallbackSelection.executionBlockedReason,
+      fallbackReason,
+      mode: input.mode,
+      selectedAccount: fallbackSelection.selectedAccount,
+      selectedBy: fallbackSelection.selectedBy,
+      strategy: input.strategy
+    };
+  }
+  input.logger.info("selection.experimental_selected", {
+    accountId: selected.account.id,
+    label: selected.account.label,
+    primaryRemainingPercent: selected.snapshot.dailyRemaining,
+    secondaryRemainingPercent: selected.snapshot.weeklyRemaining,
+    source: selected.source,
+    mode: input.mode,
+    selectedBy: "experimental-ranked",
+    rankingSignal: "remaining-percent"
   });
   return {
-    limit,
-    used,
-    remaining,
-    limitReached,
-    resetsAt,
-    percentUsed,
-    source
+    entries: createExperimentalEntries({
+      defaultAccount: input.defaultAccount,
+      probeResults,
+      selectedAccount: selected.account,
+      selectedCandidateIds: candidates.map((entry) => entry.account.id)
+    }),
+    executionBlockedReason: null,
+    fallbackReason: null,
+    mode: input.mode,
+    selectedAccount: selected.account,
+    selectedBy: "experimental-ranked",
+    strategy: input.strategy
   };
 }
-function resolveUsageWindow(raw, window) {
-  const candidates = [raw[window], raw.usage?.[window], raw.quotas?.[window]];
-  for (const candidate of candidates) {
-    if (isRecord2(candidate)) {
-      return candidate;
+async function resolveManualDefaultSelection(input) {
+  input.logger.debug("selection.manual_default.requirement", {
+    mode: input.mode,
+    strategy: input.strategy,
+    fallbackReason: input.fallbackReason ?? null,
+    accountCount: input.accounts.length
+  });
+  const defaultAccount = await input.registry.getDefaultAccount();
+  if (defaultAccount) {
+    input.logger.info("selection.manual_default", {
+      accountId: defaultAccount.id,
+      label: defaultAccount.label,
+      mode: input.mode,
+      strategy: input.strategy
+    });
+    return {
+      executionBlockedReason: null,
+      selectedAccount: defaultAccount,
+      selectedBy: "manual-default"
+    };
+  }
+  if (input.accounts.length === 1) {
+    const [singleAccount] = input.accounts;
+    if (!singleAccount) {
+      throw new Error("No accounts configured.");
     }
+    input.logger.info("selection.manual_default_fallback_single", {
+      accountId: singleAccount.id,
+      label: singleAccount.label,
+      mode: input.mode,
+      strategy: input.strategy
+    });
+    return {
+      executionBlockedReason: null,
+      selectedAccount: await input.registry.selectAccount(singleAccount.id),
+      selectedBy: "manual-default-fallback-single"
+    };
+  }
+  const executionBlockedReason = "Multiple accounts are configured but no default account is selected. Use `codexes account use <account-id-or-label>` first.";
+  input.logger.warn("selection.manual_default_missing", {
+    accountCount: input.accounts.length,
+    mode: input.mode,
+    strategy: input.strategy,
+    fallbackReason: input.fallbackReason ?? null
+  });
+  if (input.mode === "display-only") {
+    input.logger.info("selection.display_only_missing_execution_account", {
+      accountCount: input.accounts.length,
+      strategy: input.strategy,
+      fallbackReason: input.fallbackReason ?? null
+    });
+    return {
+      executionBlockedReason,
+      selectedAccount: null,
+      selectedBy: null
+    };
+  }
+  input.logger.warn("selection.execution_blocked_missing_default", {
+    accountCount: input.accounts.length,
+    strategy: input.strategy,
+    fallbackReason: input.fallbackReason ?? null
+  });
+  throw new Error(executionBlockedReason);
+}
+async function selectSingleAccountOnly(registry, logger, accounts, mode) {
+  logger.debug("selection.single_account.requirement", {
+    mode,
+    accountCount: accounts.length
+  });
+  if (accounts.length !== 1) {
+    logger.warn("selection.single_account_invalid", {
+      accountCount: accounts.length,
+      mode
+    });
+    throw new Error(
+      "The single-account strategy requires exactly one configured account."
+    );
+  }
+  const [singleAccount] = accounts;
+  if (!singleAccount) {
+    throw new Error("No accounts configured.");
+  }
+  logger.info("selection.single_account", {
+    accountId: singleAccount.id,
+    label: singleAccount.label,
+    mode
+  });
+  const defaultAccount = await registry.getDefaultAccount();
+  if (defaultAccount?.id === singleAccount.id) {
+    return singleAccount;
+  }
+  return registry.selectAccount(singleAccount.id);
+}
+function createUnavailableEntries(accounts, defaultAccount, selectedAccount) {
+  return accounts.map((account) => ({
+    account,
+    failureCategory: null,
+    failureMessage: null,
+    isDefault: account.id === defaultAccount?.id,
+    isEligibleForRanking: false,
+    isSelected: account.id === selectedAccount?.id,
+    rankingPosition: null,
+    snapshot: null,
+    source: "unavailable"
+  }));
+}
+function createExperimentalEntries(input) {
+  return input.probeResults.map((entry) => ({
+    account: entry.account,
+    failureCategory: entry.ok ? null : entry.category,
+    failureMessage: entry.ok ? null : entry.message,
+    isDefault: entry.account.id === input.defaultAccount?.id,
+    isEligibleForRanking: entry.ok && entry.snapshot.status === "usable",
+    isSelected: entry.account.id === input.selectedAccount?.id,
+    rankingPosition: entry.ok ? resolveRankingPosition(input.selectedCandidateIds, entry.account.id) : null,
+    snapshot: entry.ok ? entry.snapshot : null,
+    source: entry.ok ? entry.source : "fresh"
+  }));
+}
+function resolveRankingPosition(selectedCandidateIds, accountId) {
+  const index = selectedCandidateIds.indexOf(accountId);
+  if (index < 0) {
+    return null;
+  }
+  return index + 1;
+}
+function compareExperimentalCandidates(input) {
+  const dailyDelta = (input.right.snapshot.dailyRemaining ?? Number.NEGATIVE_INFINITY) - (input.left.snapshot.dailyRemaining ?? Number.NEGATIVE_INFINITY);
+  if (dailyDelta !== 0) {
+    return dailyDelta;
+  }
+  const weeklyDelta = (input.right.snapshot.weeklyRemaining ?? Number.NEGATIVE_INFINITY) - (input.left.snapshot.weeklyRemaining ?? Number.NEGATIVE_INFINITY);
+  if (weeklyDelta !== 0) {
+    return weeklyDelta;
   }
-  return null;
+  const leftIsDefault = input.left.account.id === input.defaultAccountId;
+  const rightIsDefault = input.right.account.id === input.defaultAccountId;
+  if (leftIsDefault !== rightIsDefault) {
+    return leftIsDefault ? -1 : 1;
+  }
+  return input.registryOrder.findIndex((account) => account.id === input.left.account.id) - input.registryOrder.findIndex((account) => account.id === input.right.account.id);
 }
-function resolveWindowSource(raw) {
-  if (typeof raw.source === "string") {
-    return raw.source;
+function logExperimentalFallbackSelection(logger, input) {
+  logger.info("selection.experimental_fallback_selected", {
+    fallbackReason: input.fallbackReason,
+    mode: input.mode,
+    selectedAccountId: input.selectedAccount?.id ?? null,
+    selectedBy: input.selectedBy,
+    rankingSignal: input.selectedBy === null ? null : "manual-default-fallback"
+  });
+}
+
+// src/commands/account-list/run-account-list-command.ts
+async function runAccountListCommand(context) {
+  const logger = createLogger({
+    level: context.logging.level,
+    name: "account_list",
+    sink: context.logging.sink
+  });
+  const registry = createAccountRegistry({
+    accountRoot: context.paths.accountRoot,
+    logger,
+    registryFile: context.paths.registryFile
+  });
+  const accounts = await registry.listAccounts();
+  logger.info("command.start", {
+    accountCount: accounts.length
+  });
+  if (accounts.length === 0) {
+    context.io.stdout.write(
+      [
+        "No accounts configured.",
+        "Add one with: codexes account add <label>"
+      ].join("\n") + "\n"
+    );
+    logger.info("command.empty");
+    return 0;
   }
-  if (typeof raw.kind === "string") {
-    return raw.kind;
+  const summary = await resolveSelectionSummary({
+    experimentalSelection: context.wrapperConfig.experimentalSelection,
+    fetchImpl: fetch,
+    logger,
+    mode: "display-only",
+    registry,
+    selectionCacheFilePath: context.paths.selectionCacheFile,
+    strategy: context.wrapperConfig.accountSelectionStrategy
+  });
+  const formattedSummary = formatSelectionSummary({
+    capabilities: {
+      stdoutIsTTY: context.output.stdoutIsTTY,
+      useColor: context.output.stdoutIsTTY
+    },
+    logger,
+    summary
+  });
+  context.io.stdout.write(formattedSummary);
+  logger.info("summary_rendered", {
+    mode: summary.mode,
+    strategy: summary.strategy,
+    useColor: context.output.stdoutIsTTY,
+    selectedAccountId: summary.selectedAccount?.id ?? null,
+    fallbackReason: summary.fallbackReason,
+    executionBlockedReason: summary.executionBlockedReason
+  });
+  if (summary.fallbackReason || summary.executionBlockedReason) {
+    logger.warn("fallback_announced", {
+      fallbackReason: summary.fallbackReason,
+      selectedAccountId: summary.selectedAccount?.id ?? null,
+      executionBlockedReason: summary.executionBlockedReason
+    });
   }
-  return null;
+  logger.info("command.complete", {
+    accountIds: summary.entries.map(({ account }) => account.id)
+  });
+  return 0;
 }
-function classifyUsageStatus(input) {
-  if (!input.allowed) {
-    return "not-allowed";
+
+// src/commands/account-remove/run-account-remove-command.ts
+import { rm as rm3 } from "node:fs/promises";
+
+// src/accounts/account-resolution.ts
+function resolveAccountBySelector(input) {
+  const normalizedSelector = input.selector.trim();
+  const matches = input.accounts.filter(
+    (account) => account.id === normalizedSelector || account.label.toLowerCase() === normalizedSelector.toLowerCase()
+  );
+  input.logger.debug("account_resolution.lookup", {
+    selector: normalizedSelector,
+    accountCount: input.accounts.length,
+    matchCount: matches.length,
+    matchedAccountIds: matches.map((account) => account.id)
+  });
+  if (matches.length === 0) {
+    throw new Error(`No account matches "${normalizedSelector}".`);
   }
-  if (input.limitReached) {
-    return "limit-reached";
+  if (matches.length > 1) {
+    throw new Error(
+      `Selector "${normalizedSelector}" matched multiple accounts; use the account id instead.`
+    );
   }
-  if (input.dailyRemaining === null && input.weeklyRemaining === null) {
-    return "missing-usage-data";
+  const [match] = matches;
+  if (!match) {
+    throw new Error(`No account matches "${normalizedSelector}".`);
   }
-  return "usable";
+  return match;
 }
-function describeUsageStatus(status) {
-  switch (status) {
-    case "not-allowed":
-      return "usage endpoint reported that the account is not allowed to launch";
-    case "limit-reached":
-      return "usage endpoint reported an exhausted limit window";
-    case "missing-usage-data":
-      return "usage endpoint did not expose enough quota fields to rank this account";
-    case "usable":
-      return "usage endpoint exposed enough quota fields to rank this account";
+
+// src/commands/account-remove/run-account-remove-command.ts
+async function runAccountRemoveCommand(context, argv) {
+  const logger = createLogger({
+    level: context.logging.level,
+    name: "account_remove",
+    sink: context.logging.sink
+  });
+  if (argv.includes("--help")) {
+    context.io.stdout.write(`${buildAccountRemoveHelpText()}
+`);
+    logger.info("help.rendered");
+    return 0;
   }
-}
-function normalizeTimestamp(...values) {
-  for (const value of values) {
-    if (typeof value === "string") {
-      const parsed = new Date(value);
-      if (!Number.isNaN(parsed.valueOf())) {
-        return parsed.toISOString();
-      }
-    }
-    if (typeof value === "number" && Number.isFinite(value)) {
-      const normalizedValue = value > 1e10 ? value : value * 1e3;
-      const parsed = new Date(normalizedValue);
-      if (!Number.isNaN(parsed.valueOf())) {
-        return parsed.toISOString();
-      }
-    }
+  const selector = argv[0]?.trim();
+  if (!selector || argv.length > 1) {
+    throw new Error(buildAccountRemoveHelpText());
   }
-  return null;
-}
-function calculateRemaining(limit, used) {
-  if (limit === null || used === null) {
-    return null;
+  const registry = createAccountRegistry({
+    accountRoot: context.paths.accountRoot,
+    logger,
+    registryFile: context.paths.registryFile
+  });
+  const accounts = await registry.listAccounts();
+  if (accounts.length === 0) {
+    context.io.stdout.write("No accounts configured.\n");
+    logger.info("command.empty");
+    return 0;
   }
-  return limit - used;
+  const account = resolveAccountBySelector({ accounts, logger, selector });
+  logger.info("command.start", {
+    requestedSelector: selector,
+    resolvedAccountId: account.id,
+    label: account.label
+  });
+  await registry.removeAccount(account.id);
+  await rm3(account.authDirectory, { force: true, recursive: true });
+  context.io.stdout.write(`Removed account "${account.label}" (${account.id}).
+`);
+  logger.info("command.complete", {
+    requestedSelector: selector,
+    resolvedAccountId: account.id
+  });
+  return 0;
 }
-function calculateUsed(limit, remaining) {
-  if (limit === null || remaining === null) {
-    return null;
-  }
-  return limit - remaining;
+function buildAccountRemoveHelpText() {
+  return [
+    "Usage:",
+    "  codexes account remove <account-id-or-label>"
+  ].join("\n");
 }
-function calculatePercentUsed(limit, used, remaining) {
-  if (limit === null || limit <= 0) {
-    return null;
+
+// src/commands/account-use/run-account-use-command.ts
+async function runAccountUseCommand(context, argv) {
+  const logger = createLogger({
+    level: context.logging.level,
+    name: "account_use",
+    sink: context.logging.sink
+  });
+  if (argv.includes("--help")) {
+    context.io.stdout.write(`${buildAccountUseHelpText()}
+`);
+    logger.info("help.rendered");
+    return 0;
   }
-  const numerator = used ?? calculateUsed(limit, remaining);
-  if (numerator === null) {
-    return null;
+  const registry = createAccountRegistry({
+    accountRoot: context.paths.accountRoot,
+    logger,
+    registryFile: context.paths.registryFile
+  });
+  const accounts = await registry.listAccounts();
+  if (accounts.length === 0) {
+    context.io.stdout.write(
+      [
+        "No accounts configured.",
+        "Add one with: codexes account add <label>"
+      ].join("\n") + "\n"
+    );
+    logger.info("command.empty");
+    return 0;
   }
-  return Number((numerator / limit * 100).toFixed(2));
-}
-function pickString(...values) {
-  for (const value of values) {
-    if (typeof value === "string" && value.trim().length > 0) {
-      return value;
-    }
+  const selector = argv[0]?.trim() ?? null;
+  if (argv.length > 1) {
+    throw new Error(buildAccountUseHelpText());
   }
-  return null;
-}
-function pickNumber(...values) {
-  for (const value of values) {
-    if (typeof value === "number" && Number.isFinite(value)) {
-      return value;
+  let targetAccount = null;
+  if (!selector) {
+    if (accounts.length === 1) {
+      const [singleAccount] = accounts;
+      if (!singleAccount) {
+        throw new Error("No accounts configured.");
+      }
+      targetAccount = singleAccount;
+      logger.info("command.single_account_default", {
+        resolvedAccountId: targetAccount.id,
+        label: targetAccount.label
+      });
+    } else {
+      throw new Error(
+        "Multiple accounts exist. Specify which one to use: codexes account use <account-id-or-label>"
+      );
     }
+  } else {
+    targetAccount = resolveAccountBySelector({ accounts, logger, selector });
   }
-  return null;
+  if (!targetAccount) {
+    throw new Error("Could not resolve the account to use.");
+  }
+  logger.info("command.start", {
+    requestedSelector: selector,
+    resolvedAccountId: targetAccount.id,
+    label: targetAccount.label
+  });
+  const selectedAccount = await registry.selectAccount(targetAccount.id);
+  context.io.stdout.write(
+    `Using account "${selectedAccount.label}" (${selectedAccount.id}) as the default.
+`
+  );
+  logger.info("command.complete", {
+    requestedSelector: selector,
+    resolvedAccountId: selectedAccount.id
+  });
+  return 0;
 }
-function isRecord2(value) {
-  return typeof value === "object" && value !== null;
+function buildAccountUseHelpText() {
+  return [
+    "Usage:",
+    "  codexes account use <account-id-or-label>",
+    "  codexes account use",
+    "",
+    "When only one account exists, `codexes account use` selects it automatically."
+  ].join("\n");
 }
 
-// src/selection/usage-client.ts
-var WHAM_USAGE_URL = "https://chatgpt.com/backend-api/wham/usage";
-async function probeAccountUsage(input) {
-  const fetchImpl = input.fetchImpl ?? fetch;
-  input.logger.info("selection.usage_probe.start", {
-    accountId: input.account.id,
-    label: input.account.label,
-    timeoutMs: input.probeConfig.probeTimeoutMs,
-    useAccountIdHeader: input.probeConfig.useAccountIdHeader
-  });
-  const authState = await readAccountAuthState({
-    account: input.account,
-    logger: input.logger
+// src/runtime/lock/runtime-lock.ts
+import os3 from "node:os";
+import path11 from "node:path";
+import { mkdir as mkdir7, readFile as readFile8, rm as rm4, stat as stat5, writeFile as writeFile6 } from "node:fs/promises";
+var DEFAULT_WAIT_TIMEOUT_MS = 15e3;
+var DEFAULT_STALE_LOCK_MS = 5 * 60 * 1e3;
+var DEFAULT_POLL_INTERVAL_MS = 250;
+async function acquireRuntimeLock(input) {
+  const lockRoot = path11.join(input.runtimeRoot, "lock");
+  const ownerFile = path11.join(lockRoot, "owner.json");
+  const waitTimeoutMs = input.waitTimeoutMs ?? DEFAULT_WAIT_TIMEOUT_MS;
+  const staleLockMs = input.staleLockMs ?? DEFAULT_STALE_LOCK_MS;
+  const pollIntervalMs = input.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
+  const startedAt = Date.now();
+  input.logger.info("runtime_lock.acquire.start", {
+    lockRoot,
+    waitTimeoutMs,
+    staleLockMs,
+    pollIntervalMs
   });
-  if (!authState.ok) {
-    input.logger.warn("selection.usage_probe.auth_missing", {
-      accountId: input.account.id,
-      label: input.account.label,
-      category: authState.category,
-      filePath: authState.filePath
-    });
-    return {
-      ok: false,
-      account: input.account,
-      category: "auth-missing",
-      message: authState.message,
-      source: "fresh"
-    };
-  }
-  try {
-    const response = await fetchImpl(WHAM_USAGE_URL, {
-      method: "GET",
-      headers: buildUsageHeaders({
-        accessToken: authState.state.accessToken,
-        accountId: authState.state.accountId,
-        useAccountIdHeader: input.probeConfig.useAccountIdHeader
-      }),
-      signal: AbortSignal.timeout(input.probeConfig.probeTimeoutMs)
-    });
-    input.logger.debug("selection.usage_probe.http_complete", {
-      accountId: input.account.id,
-      label: input.account.label,
-      status: response.status,
-      ok: response.ok
-    });
-    if (!response.ok) {
-      input.logger.warn("selection.usage_probe.http_error", {
-        accountId: input.account.id,
-        label: input.account.label,
-        status: response.status
+  while (true) {
+    try {
+      await mkdir7(lockRoot);
+      const owner = {
+        pid: process.pid,
+        host: os3.hostname(),
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      await writeFile6(ownerFile, JSON.stringify(owner, null, 2), "utf8");
+      input.logger.info("runtime_lock.acquire.complete", {
+        lockRoot,
+        waitedMs: Date.now() - startedAt,
+        owner
       });
       return {
-        ok: false,
-        account: input.account,
-        category: "http-error",
-        message: `Usage probe returned HTTP ${response.status}.`,
-        source: "fresh"
+        async release() {
+          input.logger.info("runtime_lock.release.start", { lockRoot });
+          await rm4(lockRoot, { force: true, recursive: true }).catch(() => void 0);
+          input.logger.info("runtime_lock.release.complete", { lockRoot });
+        }
       };
+    } catch (error) {
+      if (!isAlreadyExistsError(error)) {
+        input.logger.error("runtime_lock.acquire.failed", {
+          lockRoot,
+          message: error instanceof Error ? error.message : String(error)
+        });
+        throw error;
+      }
     }
-    const body = await response.json();
-    if (!isRecord3(body)) {
-      input.logger.warn("selection.usage_probe.invalid_response", {
-        accountId: input.account.id,
-        label: input.account.label,
-        bodyType: typeof body
+    const lockAgeMs = await readLockAgeMs(lockRoot, ownerFile);
+    if (lockAgeMs !== null && lockAgeMs > staleLockMs) {
+      input.logger.warn("runtime_lock.stale_detected", {
+        lockRoot,
+        lockAgeMs
       });
-      return {
-        ok: false,
-        account: input.account,
-        category: "invalid-response",
-        message: "Usage probe returned a non-object JSON payload.",
-        source: "fresh"
-      };
+      await rm4(lockRoot, { force: true, recursive: true }).catch(() => void 0);
+      continue;
     }
-    const snapshot = normalizeWhamUsageResponse({
-      accountIdHint: authState.state.accountId ?? input.account.id,
-      logger: input.logger,
-      raw: body
-    });
-    input.logger.info("selection.usage_probe.success", {
-      accountId: input.account.id,
-      label: input.account.label,
-      snapshotStatus: snapshot.status,
-      dailyRemaining: snapshot.dailyRemaining,
-      weeklyRemaining: snapshot.weeklyRemaining,
-      limitReached: snapshot.limitReached
+    const waitedMs = Date.now() - startedAt;
+    input.logger.debug("runtime_lock.acquire.waiting", {
+      lockRoot,
+      waitedMs,
+      lockAgeMs
     });
-    return {
-      ok: true,
-      account: input.account,
-      snapshot,
-      source: "fresh"
-    };
-  } catch (error) {
-    if (isAbortError(error)) {
-      input.logger.warn("selection.usage_probe.timeout", {
-        accountId: input.account.id,
-        label: input.account.label,
-        timeoutMs: input.probeConfig.probeTimeoutMs
+    if (waitedMs >= waitTimeoutMs) {
+      input.logger.error("runtime_lock.acquire.timeout", {
+        lockRoot,
+        waitedMs,
+        lockAgeMs
       });
-      return {
-        ok: false,
-        account: input.account,
-        category: "timeout",
-        message: `Usage probe timed out after ${input.probeConfig.probeTimeoutMs}ms.`,
-        source: "fresh"
-      };
+      throw new Error(
+        `Timed out waiting for the shared runtime lock after ${waitTimeoutMs}ms.`
+      );
     }
-    input.logger.error("selection.usage_probe.request_failed", {
-      accountId: input.account.id,
-      label: input.account.label,
-      message: error instanceof Error ? error.message : String(error)
-    });
-    return {
-      ok: false,
-      account: input.account,
-      category: "invalid-response",
-      message: error instanceof Error ? error.message : String(error),
-      source: "fresh"
-    };
+    await sleep(pollIntervalMs);
   }
 }
-function buildUsageHeaders(input) {
-  const headers = new Headers({
-    accept: "application/json",
-    authorization: `Bearer ${input.accessToken}`,
-    "user-agent": "codexes/0.1 experimental-usage-probe"
-  });
-  if (input.useAccountIdHeader && input.accountId) {
-    headers.set("OpenAI-Account-ID", input.accountId);
+async function readLockAgeMs(lockRoot, ownerFile) {
+  const ownerContents = await readFile8(ownerFile, "utf8").catch(() => null);
+  if (ownerContents) {
+    const parsed = JSON.parse(ownerContents);
+    if (typeof parsed.createdAt === "string") {
+      return Date.now() - new Date(parsed.createdAt).getTime();
+    }
   }
-  return headers;
+  const lockStats = await stat5(lockRoot).catch(() => null);
+  return lockStats ? Date.now() - lockStats.mtimeMs : null;
 }
-function isAbortError(error) {
-  return error instanceof Error && (error.name === "AbortError" || error.name === "TimeoutError");
+function isAlreadyExistsError(error) {
+  return typeof error === "object" && error !== null && "code" in error && error.code === "EEXIST";
 }
-function isRecord3(value) {
-  return typeof value === "object" && value !== null;
+function sleep(durationMs) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, durationMs);
+  });
 }
 
-// src/selection/usage-cache.ts
-import { mkdir as mkdir8, readFile as readFile10, rename as rename2, writeFile as writeFile6 } from "node:fs/promises";
-import path13 from "node:path";
-var USAGE_CACHE_SCHEMA_VERSION = 1;
-async function loadUsageCache(input) {
-  try {
-    const raw = await readFile10(input.cacheFilePath, "utf8");
-    const parsed = JSON.parse(raw);
-    const normalized = normalizeUsageCacheDocument(parsed);
-    input.logger.debug("selection.usage_cache.load_success", {
-      cacheFilePath: input.cacheFilePath,
-      entryCount: normalized.entries.length
+// src/runtime/activate-account/activate-account.ts
+import { copyFile as copyFile3, cp as cp3, mkdir as mkdir8, readFile as readFile9, rm as rm5, stat as stat6 } from "node:fs/promises";
+import path12 from "node:path";
+import { createHash } from "node:crypto";
+async function activateAccountIntoSharedRuntime(input) {
+  const runtimePaths = resolveAccountRuntimePaths(input.runtimeContract, input.account.id);
+  const accountStateRoot = runtimePaths.accountStateDirectory;
+  const backupRoot = path12.join(runtimePaths.runtimeBackupDirectory, "active");
+  input.logger.info("account_activation.start", {
+    accountId: input.account.id,
+    label: input.account.label,
+    accountStateRoot,
+    sharedCodexHome: input.sharedCodexHome,
+    backupRoot
+  });
+  await rm5(backupRoot, { force: true, recursive: true }).catch(() => void 0);
+  await mkdir8(backupRoot, { recursive: true });
+  const accountRules = input.runtimeContract.fileRules.filter(
+    (rule) => rule.classification === "account"
+  );
+  const authSourcePath = path12.join(accountStateRoot, "auth.json");
+  if (!await pathExists4(authSourcePath)) {
+    input.logger.error("account_activation.missing_auth", {
+      accountId: input.account.id,
+      authSourcePath
     });
-    return normalized.entries;
-  } catch (error) {
-    if (isNodeErrorWithCode2(error, "ENOENT")) {
-      input.logger.debug("selection.usage_cache.missing", {
-        cacheFilePath: input.cacheFilePath
+    throw new Error(
+      `Account "${input.account.label}" has no stored auth.json; add the account again.`
+    );
+  }
+  try {
+    for (const rule of accountRules) {
+      await backupRuntimeArtifact({
+        backupRoot,
+        logger: input.logger,
+        rule,
+        sharedCodexHome: input.sharedCodexHome
+      });
+      await replaceRuntimeArtifact({
+        accountStateRoot,
+        logger: input.logger,
+        rule,
+        sharedCodexHome: input.sharedCodexHome
       });
-      return [];
     }
-    const backupPath = `${input.cacheFilePath}.corrupt-${Date.now()}`;
-    await rename2(input.cacheFilePath, backupPath).catch(() => void 0);
-    input.logger.warn("selection.usage_cache.corrupt", {
-      cacheFilePath: input.cacheFilePath,
-      backupPath,
+  } catch (error) {
+    input.logger.error("account_activation.failed", {
+      accountId: input.account.id,
       message: error instanceof Error ? error.message : String(error)
     });
-    return [];
-  }
-}
-async function persistUsageCache(input) {
-  await mkdir8(path13.dirname(input.cacheFilePath), { recursive: true });
-  const document = {
-    schemaVersion: USAGE_CACHE_SCHEMA_VERSION,
-    entries: input.entries
-  };
-  const tempFile = `${input.cacheFilePath}.tmp`;
-  const serialized = JSON.stringify(document, null, 2);
-  await writeFile6(tempFile, serialized, "utf8");
-  await rename2(tempFile, input.cacheFilePath);
-  input.logger.debug("selection.usage_cache.persisted", {
-    cacheFilePath: input.cacheFilePath,
-    entryCount: input.entries.length
-  });
-}
-function resolveFreshUsageCacheEntry(input) {
-  const entry = input.entries.find((candidate) => candidate.accountId === input.accountId) ?? null;
-  if (!entry) {
-    input.logger.debug("selection.usage_cache.miss", {
-      accountId: input.accountId,
-      ttlMs: input.ttlMs
-    });
-    return null;
-  }
-  const ageMs = input.now - new Date(entry.cachedAt).valueOf();
-  if (!Number.isFinite(ageMs) || ageMs > input.ttlMs) {
-    input.logger.debug("selection.usage_cache.expired", {
-      accountId: input.accountId,
-      cachedAt: entry.cachedAt,
-      ageMs: Number.isFinite(ageMs) ? ageMs : null,
-      ttlMs: input.ttlMs
+    await restoreSharedRuntimeFromBackup({
+      account: input.account,
+      backupRoot,
+      logger: input.logger,
+      runtimeContract: input.runtimeContract,
+      sharedCodexHome: input.sharedCodexHome
     });
-    return null;
+    throw error;
   }
-  input.logger.debug("selection.usage_cache.hit", {
-    accountId: input.accountId,
-    cachedAt: entry.cachedAt,
-    ageMs,
-    ttlMs: input.ttlMs
+  input.logger.info("account_activation.complete", {
+    accountId: input.account.id,
+    sharedCodexHome: input.sharedCodexHome
   });
-  return entry;
-}
-function normalizeUsageCacheDocument(value) {
-  if (!isRecord4(value)) {
-    throw new Error("Usage cache document is not an object.");
-  }
-  const schemaVersion = typeof value.schemaVersion === "number" ? value.schemaVersion : USAGE_CACHE_SCHEMA_VERSION;
-  if (schemaVersion !== USAGE_CACHE_SCHEMA_VERSION) {
-    throw new Error(`Unsupported usage cache schema version ${schemaVersion}.`);
-  }
-  const entries = Array.isArray(value.entries) ? value.entries.filter(isUsageCacheEntry) : [];
   return {
-    schemaVersion: USAGE_CACHE_SCHEMA_VERSION,
-    entries
+    account: input.account,
+    backupRoot,
+    runtimeContract: input.runtimeContract,
+    sharedCodexHome: input.sharedCodexHome,
+    sourceAccountStateRoot: accountStateRoot
   };
 }
-function isUsageCacheEntry(value) {
-  return isRecord4(value) && typeof value.accountId === "string" && typeof value.accountLabel === "string" && typeof value.cachedAt === "string" && isRecord4(value.snapshot);
-}
-function isRecord4(value) {
-  return typeof value === "object" && value !== null;
-}
-function isNodeErrorWithCode2(error, code) {
-  return typeof error === "object" && error !== null && "code" in error && error.code === code;
-}
-
-// src/selection/usage-probe-coordinator.ts
-async function resolveAccountUsageSnapshots(input) {
-  const now = Date.now();
-  input.logger.info("selection.usage_probe_coordinator.start", {
-    accountCount: input.accounts.length,
-    cacheFilePath: input.cacheFilePath,
-    cacheTtlMs: input.probeConfig.cacheTtlMs,
-    timeoutMs: input.probeConfig.probeTimeoutMs
+async function syncSharedRuntimeBackToAccount(input) {
+  const accountRules = input.session.runtimeContract.fileRules.filter(
+    (rule) => rule.classification === "account"
+  );
+  input.logger.info("account_sync.start", {
+    accountId: input.session.account.id,
+    sharedCodexHome: input.session.sharedCodexHome,
+    accountStateRoot: input.session.sourceAccountStateRoot
   });
-  const cacheEntries = await loadUsageCache({
-    cacheFilePath: input.cacheFilePath,
-    logger: input.logger
+  for (const rule of accountRules) {
+    await syncRuntimeArtifact({
+      accountStateRoot: input.session.sourceAccountStateRoot,
+      logger: input.logger,
+      rule,
+      sharedCodexHome: input.session.sharedCodexHome
+    });
+  }
+  input.logger.info("account_sync.complete", {
+    accountId: input.session.account.id
   });
-  const freshCacheEntries = [...cacheEntries];
-  const resolutions = await Promise.all(
-    input.accounts.map(async (account) => {
-      const cached = resolveFreshUsageCacheEntry({
-        accountId: account.id,
-        entries: freshCacheEntries,
-        logger: input.logger,
-        now,
-        ttlMs: input.probeConfig.cacheTtlMs
-      });
-      if (cached) {
-        return {
-          ok: true,
-          account,
-          snapshot: cached.snapshot,
-          source: "cache"
-        };
-      }
-      const fresh = await probeAccountUsage({
-        account,
-        fetchImpl: input.fetchImpl,
-        logger: input.logger,
-        probeConfig: input.probeConfig
-      });
-      if (fresh.ok) {
-        upsertCacheEntry(freshCacheEntries, {
-          accountId: account.id,
-          accountLabel: account.label,
-          cachedAt: new Date(now).toISOString(),
-          snapshot: fresh.snapshot
-        });
-      }
-      return fresh;
-    })
+}
+async function restoreSharedRuntimeFromBackup(input) {
+  const accountRules = input.runtimeContract.fileRules.filter(
+    (rule) => rule.classification === "account"
   );
-  await persistUsageCache({
-    cacheFilePath: input.cacheFilePath,
-    entries: freshCacheEntries,
-    logger: input.logger
+  input.logger.warn("account_activation.restore.start", {
+    accountId: input.account.id,
+    backupRoot: input.backupRoot,
+    sharedCodexHome: input.sharedCodexHome
   });
-  input.logger.info("selection.usage_probe_coordinator.complete", {
-    accountCount: input.accounts.length,
-    cacheHitCount: resolutions.filter((entry) => entry.ok && entry.source === "cache").length,
-    freshSuccessCount: resolutions.filter((entry) => entry.ok && entry.source === "fresh").length,
-    failureCount: resolutions.filter((entry) => !entry.ok).length
+  for (const rule of accountRules) {
+    await restoreRuntimeArtifact({
+      backupRoot: input.backupRoot,
+      logger: input.logger,
+      rule,
+      sharedCodexHome: input.sharedCodexHome
+    });
+  }
+  input.logger.warn("account_activation.restore.complete", {
+    accountId: input.account.id
   });
-  return resolutions;
 }
-function upsertCacheEntry(entries, nextEntry) {
-  const existingIndex = entries.findIndex((entry) => entry.accountId === nextEntry.accountId);
-  if (existingIndex >= 0) {
-    entries.splice(existingIndex, 1, nextEntry);
+async function backupRuntimeArtifact(input) {
+  const sourcePath = path12.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
+  const backupPath = path12.join(input.backupRoot, normalizedPattern(input.rule.pathPattern));
+  if (!await pathExists4(sourcePath)) {
+    input.logger.debug("account_activation.backup.skip", {
+      pathPattern: input.rule.pathPattern,
+      sourcePath,
+      reason: "missing"
+    });
     return;
   }
-  entries.push(nextEntry);
+  await mkdir8(path12.dirname(backupPath), { recursive: true });
+  if (isDirectoryPattern(input.rule)) {
+    await cp3(sourcePath, backupPath, { recursive: true });
+  } else {
+    await copyFile3(sourcePath, backupPath);
+  }
+  input.logger.debug("account_activation.backup.complete", {
+    pathPattern: input.rule.pathPattern,
+    sourcePath,
+    backupPath
+  });
 }
-
-// src/selection/select-account.ts
-async function selectAccountForExecution(input) {
-  const accounts = await input.registry.listAccounts();
-  input.logger.info("selection.start", {
-    strategy: input.strategy,
-    accountCount: accounts.length
+async function replaceRuntimeArtifact(input) {
+  const sourcePath = path12.join(input.accountStateRoot, normalizedPattern(input.rule.pathPattern));
+  const targetPath = path12.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
+  await rm5(targetPath, { force: true, recursive: true }).catch(() => void 0);
+  if (!await pathExists4(sourcePath)) {
+    input.logger.debug("account_activation.replace.skip", {
+      pathPattern: input.rule.pathPattern,
+      sourcePath,
+      reason: "missing"
+    });
+    return;
+  }
+  await mkdir8(path12.dirname(targetPath), { recursive: true });
+  if (isDirectoryPattern(input.rule)) {
+    await cp3(sourcePath, targetPath, { recursive: true });
+  } else {
+    await copyFile3(sourcePath, targetPath);
+  }
+  input.logger.debug("account_activation.replace.complete", {
+    pathPattern: input.rule.pathPattern,
+    sourcePath,
+    targetPath
   });
-  if (accounts.length === 0) {
-    input.logger.warn("selection.none");
-    throw new Error("No accounts configured. Add one with `codexes account add <label>`.");
+}
+async function syncRuntimeArtifact(input) {
+  const sourcePath = path12.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
+  const targetPath = path12.join(input.accountStateRoot, normalizedPattern(input.rule.pathPattern));
+  if (!await pathExists4(sourcePath)) {
+    input.logger.debug("account_sync.skip", {
+      pathPattern: input.rule.pathPattern,
+      sourcePath,
+      reason: "missing"
+    });
+    return;
   }
-  switch (input.strategy) {
-    case "manual-default":
-      return selectManualDefaultAccount(input.registry, input.logger, accounts);
-    case "single-account":
-      return selectSingleAccountOnly(input.registry, input.logger, accounts);
-    case "remaining-limit-experimental":
-      return selectExperimentalRemainingLimitAccount({
-        accounts,
-        experimentalSelection: input.experimentalSelection,
-        fetchImpl: input.fetchImpl,
-        logger: input.logger,
-        registry: input.registry,
-        selectionCacheFilePath: input.selectionCacheFilePath
-      });
+  const changed = await hasArtifactChanged(sourcePath, targetPath, isDirectoryPattern(input.rule));
+  if (!changed) {
+    input.logger.debug("account_sync.no_change", {
+      pathPattern: input.rule.pathPattern,
+      sourcePath,
+      targetPath
+    });
+    return;
+  }
+  await rm5(targetPath, { force: true, recursive: true }).catch(() => void 0);
+  await mkdir8(path12.dirname(targetPath), { recursive: true });
+  if (isDirectoryPattern(input.rule)) {
+    await cp3(sourcePath, targetPath, { recursive: true });
+  } else {
+    await copyFile3(sourcePath, targetPath);
   }
+  input.logger.info("account_sync.updated", {
+    pathPattern: input.rule.pathPattern,
+    sourcePath,
+    targetPath
+  });
 }
-async function selectManualDefaultAccount(registry, logger, accounts) {
-  const defaultAccount = await registry.getDefaultAccount();
-  if (defaultAccount) {
-    logger.info("selection.manual_default", {
-      accountId: defaultAccount.id,
-      label: defaultAccount.label
+async function restoreRuntimeArtifact(input) {
+  const backupPath = path12.join(input.backupRoot, normalizedPattern(input.rule.pathPattern));
+  const targetPath = path12.join(input.sharedCodexHome, normalizedPattern(input.rule.pathPattern));
+  await rm5(targetPath, { force: true, recursive: true }).catch(() => void 0);
+  if (!await pathExists4(backupPath)) {
+    input.logger.debug("account_activation.restore.skip", {
+      pathPattern: input.rule.pathPattern,
+      backupPath,
+      reason: "missing"
     });
-    return defaultAccount;
+    return;
   }
-  if (accounts.length === 1) {
-    const [singleAccount] = accounts;
-    if (!singleAccount) {
-      throw new Error("No accounts configured.");
-    }
-    logger.info("selection.manual_default_fallback_single", {
-      accountId: singleAccount.id,
-      label: singleAccount.label
-    });
-    return registry.selectAccount(singleAccount.id);
+  await mkdir8(path12.dirname(targetPath), { recursive: true });
+  if (isDirectoryPattern(input.rule)) {
+    await cp3(backupPath, targetPath, { recursive: true });
+  } else {
+    await copyFile3(backupPath, targetPath);
   }
-  logger.warn("selection.manual_default_missing", {
-    accountCount: accounts.length
+  input.logger.debug("account_activation.restore.complete_artifact", {
+    pathPattern: input.rule.pathPattern,
+    backupPath,
+    targetPath
   });
-  throw new Error(
-    "Multiple accounts are configured but no default account is selected. Use `codexes account use <account-id-or-label>` first."
-  );
 }
-async function selectSingleAccountOnly(registry, logger, accounts) {
-  if (accounts.length !== 1) {
-    logger.warn("selection.single_account_invalid", {
-      accountCount: accounts.length
-    });
-    throw new Error(
-      "The single-account strategy requires exactly one configured account."
-    );
+function isDirectoryPattern(rule) {
+  return rule.pathPattern.endsWith("/**");
+}
+function normalizedPattern(pattern) {
+  return pattern.endsWith("/**") ? pattern.slice(0, -3) : pattern;
+}
+async function hasArtifactChanged(sourcePath, targetPath, isDirectory) {
+  if (!await pathExists4(targetPath)) {
+    return true;
   }
-  const [singleAccount] = accounts;
-  if (!singleAccount) {
-    throw new Error("No accounts configured.");
+  if (isDirectory) {
+    const [sourceHash2, targetHash2] = await Promise.all([
+      hashDirectory(sourcePath),
+      hashDirectory(targetPath)
+    ]);
+    return sourceHash2 !== targetHash2;
   }
-  logger.info("selection.single_account", {
-    accountId: singleAccount.id,
-    label: singleAccount.label
-  });
-  const defaultAccount = await registry.getDefaultAccount();
-  if (defaultAccount?.id === singleAccount.id) {
-    return singleAccount;
+  const [sourceHash, targetHash] = await Promise.all([
+    hashFile(sourcePath),
+    hashFile(targetPath)
+  ]);
+  return sourceHash !== targetHash;
+}
+async function hashFile(filePath) {
+  const content = await readFile9(filePath);
+  return createHash("sha256").update(content).digest("hex");
+}
+async function hashDirectory(directoryPath) {
+  const entries = await collectFiles(directoryPath);
+  const hash = createHash("sha256");
+  for (const entry of entries.sort()) {
+    hash.update(entry.relativePath);
+    hash.update(await readFile9(entry.absolutePath));
   }
-  return registry.selectAccount(singleAccount.id);
+  return hash.digest("hex");
 }
-async function selectExperimentalRemainingLimitAccount(input) {
-  if (!input.experimentalSelection?.enabled || !input.selectionCacheFilePath) {
-    input.logger.warn("selection.experimental_config_missing", {
-      enabled: input.experimentalSelection?.enabled ?? false,
-      hasSelectionCacheFilePath: Boolean(input.selectionCacheFilePath)
-    });
-    return selectManualDefaultAccount(input.registry, input.logger, input.accounts);
+async function collectFiles(root) {
+  const rootStats = await stat6(root).catch(() => null);
+  if (!rootStats) {
+    return [];
   }
-  const defaultAccount = await input.registry.getDefaultAccount();
-  const probeResults = await resolveAccountUsageSnapshots({
-    accounts: input.accounts,
-    cacheFilePath: input.selectionCacheFilePath,
-    fetchImpl: input.fetchImpl,
-    logger: input.logger,
-    probeConfig: input.experimentalSelection
-  });
-  const failedProbes = probeResults.filter((entry) => !entry.ok);
-  if (failedProbes.length > 0) {
-    const eventName = failedProbes.length === probeResults.length ? "selection.experimental_fallback_all_probes_failed" : "selection.experimental_fallback_mixed_probe_outcomes";
-    input.logger.warn(eventName, {
-      failedAccountIds: failedProbes.map((entry) => entry.account.id),
-      failureCategories: failedProbes.map((entry) => entry.category),
-      successfulAccountIds: probeResults.filter((entry) => entry.ok).map((entry) => entry.account.id)
-    });
-    return selectManualDefaultAccount(input.registry, input.logger, input.accounts);
+  if (!rootStats.isDirectory()) {
+    return [{ absolutePath: root, relativePath: path12.basename(root) }];
   }
-  const successfulProbes = probeResults.filter((entry) => entry.ok);
-  const candidates = successfulProbes.filter((entry) => entry.snapshot.status === "usable").sort(
-    (left, right) => compareExperimentalCandidates({
-      defaultAccountId: defaultAccount?.id ?? null,
-      left,
-      right,
-      registryOrder: input.accounts
-    })
-  );
-  input.logger.info("selection.experimental_ranked", {
-    candidateOrder: candidates.map((entry) => ({
-      accountId: entry.account.id,
-      label: entry.account.label,
-      dailyRemaining: entry.snapshot.dailyRemaining,
-      weeklyRemaining: entry.snapshot.weeklyRemaining,
-      source: entry.source
-    })),
-    defaultAccountId: defaultAccount?.id ?? null
-  });
-  const selected = candidates[0];
-  if (!selected) {
-    const allExhausted = successfulProbes.every(
-      (entry) => entry.snapshot.limitReached || entry.snapshot.status === "limit-reached"
+  const results = [];
+  const stack = [root];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    if (!current) {
+      continue;
+    }
+    const entries = await import("node:fs/promises").then(
+      (fs) => fs.readdir(current, { withFileTypes: true })
     );
-    input.logger.warn(
-      allExhausted ? "selection.experimental_fallback_all_accounts_exhausted" : "selection.experimental_fallback_ambiguous_usage",
-      {
-        usableProbeCount: candidates.length,
-        probeStatuses: successfulProbes.map((entry) => ({
-          accountId: entry.account.id,
-          snapshotStatus: entry.snapshot.status,
-          limitReached: entry.snapshot.limitReached,
-          dailyRemaining: entry.snapshot.dailyRemaining,
-          weeklyRemaining: entry.snapshot.weeklyRemaining
-        }))
+    for (const entry of entries) {
+      const absolutePath = path12.join(current, entry.name);
+      if (entry.isDirectory()) {
+        stack.push(absolutePath);
+        continue;
       }
-    );
-    return selectManualDefaultAccount(input.registry, input.logger, input.accounts);
+      if (entry.isFile()) {
+        results.push({
+          absolutePath,
+          relativePath: path12.relative(root, absolutePath).split(path12.sep).join("/")
+        });
+      }
+    }
   }
-  input.logger.info("selection.experimental_selected", {
-    accountId: selected.account.id,
-    label: selected.account.label,
-    dailyRemaining: selected.snapshot.dailyRemaining,
-    weeklyRemaining: selected.snapshot.weeklyRemaining,
-    source: selected.source
-  });
-  return selected.account;
+  return results;
 }
-function compareExperimentalCandidates(input) {
-  const dailyDelta = (input.right.snapshot.dailyRemaining ?? Number.NEGATIVE_INFINITY) - (input.left.snapshot.dailyRemaining ?? Number.NEGATIVE_INFINITY);
-  if (dailyDelta !== 0) {
-    return dailyDelta;
-  }
-  const weeklyDelta = (input.right.snapshot.weeklyRemaining ?? Number.NEGATIVE_INFINITY) - (input.left.snapshot.weeklyRemaining ?? Number.NEGATIVE_INFINITY);
-  if (weeklyDelta !== 0) {
-    return weeklyDelta;
-  }
-  const leftIsDefault = input.left.account.id === input.defaultAccountId;
-  const rightIsDefault = input.right.account.id === input.defaultAccountId;
-  if (leftIsDefault !== rightIsDefault) {
-    return leftIsDefault ? -1 : 1;
+async function pathExists4(targetPath) {
+  try {
+    await stat6(targetPath);
+    return true;
+  } catch (error) {
+    if (typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT") {
+      return false;
+    }
+    throw error;
   }
-  return input.registryOrder.findIndex((account) => account.id === input.left.account.id) - input.registryOrder.findIndex((account) => account.id === input.right.account.id);
+}
+
+// src/process/spawn-codex-command.ts
+import { spawn as spawn2 } from "node:child_process";
+async function spawnCodexCommand(input) {
+  const launchSpec = await resolveCodexLaunchSpec(input.codexBinaryPath, input.argv);
+  input.logger.info("spawn_codex.start", {
+    codexBinaryPath: input.codexBinaryPath,
+    resolvedCommand: launchSpec.command,
+    codexHome: input.codexHome,
+    argv: launchSpec.args,
+    stdinIsTTY: process.stdin.isTTY ?? false,
+    stdoutIsTTY: process.stdout.isTTY ?? false,
+    stderrIsTTY: process.stderr.isTTY ?? false
+  });
+  return new Promise((resolve, reject) => {
+    const child = spawn2(launchSpec.command, launchSpec.args, {
+      env: {
+        ...process.env,
+        CODEX_HOME: input.codexHome
+      },
+      shell: false,
+      stdio: "inherit",
+      windowsHide: false
+    });
+    let settled = false;
+    const forwardSignal = (signal) => {
+      input.logger.warn("spawn_codex.parent_signal", {
+        signal,
+        pid: child.pid ?? null
+      });
+      child.kill(signal);
+    };
+    const signalHandlers = {
+      SIGINT: () => forwardSignal("SIGINT"),
+      SIGTERM: () => forwardSignal("SIGTERM")
+    };
+    process.on("SIGINT", signalHandlers.SIGINT);
+    process.on("SIGTERM", signalHandlers.SIGTERM);
+    const cleanup = () => {
+      process.off("SIGINT", signalHandlers.SIGINT);
+      process.off("SIGTERM", signalHandlers.SIGTERM);
+    };
+    child.on("error", (error) => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      cleanup();
+      input.logger.error("spawn_codex.error", {
+        codexBinaryPath: input.codexBinaryPath,
+        message: error.message
+      });
+      reject(error);
+    });
+    child.on("exit", (exitCode2, signal) => {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      cleanup();
+      input.logger.info("spawn_codex.complete", {
+        codexBinaryPath: input.codexBinaryPath,
+        exitCode: exitCode2,
+        signal
+      });
+      resolve(exitCode2 ?? 1);
+    });
+  });
 }
 
 // src/commands/root/run-root-command.ts
@@ -3240,6 +3879,7 @@ async function runRootCommand(context) {
     createdRuntimeFiles: context.runtimeInitialization.createdFiles,
     credentialStoreMode: context.wrapperConfig.credentialStoreMode,
     accountSelectionStrategy: context.wrapperConfig.accountSelectionStrategy,
+    accountSelectionStrategySource: context.wrapperConfig.accountSelectionStrategySource,
     experimentalSelection: context.wrapperConfig.experimentalSelection,
     codexBinaryPath: context.codexBinary.path,
     recursionGuardSource: context.executablePath
@@ -3306,23 +3946,68 @@ async function runRootCommand(context) {
     logger,
     registryFile: context.paths.registryFile
   });
-  if (context.wrapperConfig.accountSelectionStrategy === "remaining-limit-experimental") {
-    logger.warn("selection.experimental_enabled", {
+  logger.info("selection.strategy_active", {
+    strategy: context.wrapperConfig.accountSelectionStrategy,
+    source: context.wrapperConfig.accountSelectionStrategySource
+  });
+  if (context.wrapperConfig.accountSelectionStrategy === "remaining-limit" || context.wrapperConfig.accountSelectionStrategy === "remaining-limit-experimental") {
+    logger.info("selection.experimental_enabled", {
       endpoint: "https://chatgpt.com/backend-api/wham/usage",
       fallbackStrategy: "manual-default",
       timeoutMs: context.wrapperConfig.experimentalSelection.probeTimeoutMs,
       cacheTtlMs: context.wrapperConfig.experimentalSelection.cacheTtlMs,
-      useAccountIdHeader: context.wrapperConfig.experimentalSelection.useAccountIdHeader
+      useAccountIdHeader: context.wrapperConfig.experimentalSelection.useAccountIdHeader,
+      source: context.wrapperConfig.accountSelectionStrategySource
     });
   }
-  const activeAccount = await selectAccountForExecution({
+  const selectionSummary = await resolveSelectionSummary({
     experimentalSelection: context.wrapperConfig.experimentalSelection,
     fetchImpl: fetch,
     logger,
+    mode: "execution",
     registry,
     selectionCacheFilePath: context.paths.selectionCacheFile,
     strategy: context.wrapperConfig.accountSelectionStrategy
   });
+  const activeAccount = selectionSummary.selectedAccount;
+  if (!activeAccount || !selectionSummary.selectedBy) {
+    logger.error("selection.execution_summary_incomplete", {
+      strategy: selectionSummary.strategy,
+      fallbackReason: selectionSummary.fallbackReason,
+      executionBlockedReason: selectionSummary.executionBlockedReason
+    });
+    throw new Error(
+      selectionSummary.executionBlockedReason ?? "Execution selection did not resolve an account."
+    );
+  }
+  const formattedSummary = formatSelectionSummary({
+    capabilities: {
+      stdoutIsTTY: context.output.stdoutIsTTY,
+      useColor: context.output.stdoutIsTTY
+    },
+    logger,
+    summary: selectionSummary
+  });
+  context.io.stdout.write(formattedSummary);
+  logger.info("summary_rendered", {
+    mode: selectionSummary.mode,
+    strategy: selectionSummary.strategy,
+    useColor: context.output.stdoutIsTTY,
+    selectedAccountId: activeAccount.id,
+    fallbackReason: selectionSummary.fallbackReason,
+    executionBlockedReason: selectionSummary.executionBlockedReason
+  });
+  logger.info("selected_account_announced", {
+    accountId: activeAccount.id,
+    label: activeAccount.label,
+    selectedBy: selectionSummary.selectedBy
+  });
+  if (selectionSummary.fallbackReason) {
+    logger.warn("fallback_announced", {
+      fallbackReason: selectionSummary.fallbackReason,
+      selectedAccountId: activeAccount.id
+    });
+  }
   const lock = await acquireRuntimeLock({
     logger,
     runtimeRoot: context.paths.runtimeRoot
@@ -3379,8 +4064,10 @@ function buildHelpText() {
     "",
     "Current status:",
     "  Account management and default Codex passthrough are implemented.",
-    "  Selection strategies: manual-default, single-account, remaining-limit-experimental.",
-    "  Experimental mode probes https://chatgpt.com/backend-api/wham/usage and falls back to manual-default when ranking is unreliable."
+    "  Default selection strategy: remaining-limit.",
+    "  Available overrides: manual-default, single-account, remaining-limit.",
+    "  Legacy compatibility override: remaining-limit-experimental.",
+    "  Remaining-limit mode probes https://chatgpt.com/backend-api/wham/usage and falls back to manual-default when ranking is unreliable."
   ].join("\n");
 }