@simplysm/sd-claude 13.0.71 → 13.0.74

package/dist/commands/auth-list.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../src/commands/auth-list.ts"],
-  "mappings": "AAAA,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,SAAS,cAAc,kBAAkB,qBAAqB;AAEvD,SAAS,YAAY,SAAwB;AAClD,QAAM,WAAW,aAAa,OAAO;AAErC,MAAI,SAAS,WAAW,GAAG;AAEzB,YAAQ,IAAI,oBAAoB;AAChC;AAAA,EACF;AAEA,QAAM,gBAAgB,iBAAiB,OAAO;AAC9C,QAAM,SAAS,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AAE9D,aAAW,QAAQ,QAAQ;AACzB,UAAM,aAAa,cAAc,MAAM,OAAO;AAE9C,UAAM,WAAW,KAAK;AAAA,MACpB,GAAG,aAAa,KAAK,KAAK,YAAY,WAAW,GAAG,OAAO;AAAA,IAC7D;AAEA,UAAM,WAAW,KAAK;AAAA,MACpB,GAAG,aAAa,KAAK,KAAK,YAAY,kBAAkB,GAAG,OAAO;AAAA,IACpE;AAEA,UAAM,eAAe,SAAS,cAAc;AAC5C,UAAM,QAAS,eAAe,cAAc,KAA4B;AACxE,UAAM,SAAS,SAAS,QAAQ;AAChC,UAAM,QAAQ,SAAS,eAAe;AACtC,QAAI,aAAa;AACjB,QAAI,SAAS,QAAQ,OAAO,MAAM,WAAW,MAAM,UAAU;AAC3D,YAAM,IAAI,IAAI,KAAK,MAAM,WAAW,CAAC;AACrC,mBAAa,GAAG,EAAE,YAAY,CAAC,IAAI,OAAO,EAAE,SAAS,IAAI,CAAC,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,IACtH;AAEA,UAAM,WAAW,iBAAiB,QAAQ,WAAW;AACrD,UAAM,SAAS,WAAW,MAAM;AAGhC,YAAQ,IAAI,GAAG,MAAM,IAAI,IAAI,KAAK,KAAK,cAAc,UAAU,EAAE;AAAA,EACnE;AACF;",
+  "mappings": "AAAA,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,SAAS,cAAc,kBAAkB,qBAAqB;AAE9D,MAAM,mBAAmB;AAazB,eAAe,WAAW,aAAyD;AACjF,MAAI;AACF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,gBAAgB;AAErE,UAAM,WAAW,MAAM,MAAM,6CAA6C;AAAA,MACxE,SAAS;AAAA,QACP,eAAe,UAAU,WAAW;AAAA,QACpC,kBAAkB;AAAA,MACpB;AAAA,MACA,QAAQ,WAAW;AAAA,IACrB,CAAC;AAED,iBAAa,OAAO;AAEpB,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO;AAAA,IACT;AAEA,WAAQ,MAAM,SAAS,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,oBAAoB,SAAqC;AAChE,MAAI,WAAW,KAAM,QAAO;AAC5B,MAAI;AACF,UAAM,YAAY,IAAI,KAAK,OAAO,EAAE,QAAQ;AAC5C,QAAI,OAAO,MAAM,SAAS,EAAG,QAAO;AAEpC,UAAM,SAAS,YAAY,KAAK,IAAI;AACpC,QAAI,UAAU,EAAG,QAAO;AAExB,UAAM,cAAc,KAAK,MAAM,UAAU,MAAO,GAAG;AACnD,UAAM,YAAY,KAAK,MAAM,cAAc,EAAE;AAC7C,UAAM,OAAO,KAAK,MAAM,YAAY,EAAE;AACtC,UAAM,QAAQ,YAAY;AAC1B,UAAM,UAAU,cAAc;AAE9B,QAAI,OAAO,EAAG,QAAO,GAAG,OAAO,IAAI,CAAC,IAAI,OAAO,KAAK,CAAC;AACrD,QAAI,QAAQ,EAAG,QAAO,GAAG,OAAO,KAAK,CAAC,IAAI,OAAO,OAAO,CAAC;AACzD,WAAO,GAAG,OAAO,OAAO,CAAC;AAAA,EAC3B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,YAAY,OAAe,MAAqC;AACvE,MAAI,QAAQ,KAAM,QAAO,GAAG,KAAK;AACjC,QAAM,MAAM,KAAK,eAAe,OAAO,GAAG,OAAO,KAAK,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM;AACpF,QAAM,YAAY,oBAAoB,KAAK,SAAS;AACpD,SAAO,YAAY,GAAG,KAAK,KAAK,GAAG,IAAI,SAAS,MAAM,GAAG,KAAK,KAAK,GAAG;AACxE;AAEA,eAAsB,YAAY,SAAiC;AACjE,QAAM,WAAW,aAAa,OAAO;AAErC,MAAI,SAAS,WAAW,GAAG;AAEzB,YAAQ,IAAI,oBAAoB;AAChC;AAAA,EACF;AAEA,QAAM,gBAAgB,iBAAiB,OAAO;AAC9C,QAAM,SAAS,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC;AAE9D,QAAM,UAAU,MAAM,QAAQ;AAAA,IAC5B,OAAO,IAAI,OAAO,SAAS;AACzB,YAAM,aAAa,cAAc,MAAM,OAAO;AAE9C,YAAM,WAAW,KAAK;AAAA,QACpB,GAAG,aAAa,KAAK,KAAK,YAAY,WAAW,GAAG,OAAO;AAAA,MAC7D;AAEA,YAAM,WAAW,KAAK;AAAA,QACpB,GAAG,aAAa,KAAK,KAAK,YAAY,kBAAkB,GAAG,OAAO;AAAA,MACpE;AAEA,YAAM,eAAe,SAAS,cAAc;AAC5C,YAAM,QAAS,eAAe,cAAc,KAA4B;AACxE,YAAM,SAAS,SAAS,QAAQ;AAChC,YAAM,QAAQ,SAAS,eAAe;AAEtC,UAAI,aAAa;AACjB,UAAI,SAAS,QAAQ,OAAO,MAAM,WAAW,MAAM,UAAU;AAC3D,cAAM,IAAI,IAAI,KAAK,MAAM,WAAW,CAAC;AACrC,qBAAa,GAAG,EAAE,YAAY,CAAC,IAAI,OAAO,EAAE,SAAS,IAAI,CAAC,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,MACtH;AAEA,YAAM,WAAW,iBAAiB,QAAQ,WAAW;AACrD,YAAM,SAAS,WAAW,MAAM;AAGhC,YAAM,cAAc,QAAQ,aAAa;AACzC,YAAM,YAAY,QAAQ,WAAW;AACrC,YAAM,eAAe,OAAO,cAAc,YAAY,KAAK,IAAI,IAAI;AACnE,YAAM,QACJ,eAAe,QAAQ,CAAC,eAAe,MAAM,WAAW,WAAW,IAAI;AAEzE,YAAM,YAAY,OAAO,SAAS,OAAO;AACzC,YAAM,cAAc,YAAY,MAAM,SAAS;AAC/C,YAAM,UAAU,YAAY,MAAM,OAAO,SAAS;AAElD,aAAO,GAAG,MAAM,IAAI,IAAI,KAAK,KAAK,cAAc,UAAU,WAAM,WAAW,WAAM,OAAO;AAAA,IAC1F,CAAC;AAAA,EACH;AAEA,aAAW,QAAQ,SAAS;AAE1B,YAAQ,IAAI,IAAI;AAAA,EAClB;AACF;",
   "names": []
 }

package/dist/sd-claude.js

@@ -50,9 +50,9 @@ await yargs(hideBin(process.argv)).help("help", "Help").alias("help", "h").comma
     "list",
     "Displays the list of saved accounts",
     (sub) => sub,
-    () => {
+    async () => {
       try {
-        runAuthList();
+        await runAuthList();
       } catch (err) {
         console.error(err.message);
         process.exit(1);

package/dist/sd-claude.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../src/sd-claude.ts"],
-  "mappings": ";AAEA,OAAO,WAAW;AAClB,SAAS,eAAe;AACxB,SAAS,kBAAkB;AAC3B,SAAS,kBAAkB;AAC3B,SAAS,kBAAkB;AAC3B,SAAS,mBAAmB;AAC5B,SAAS,qBAAqB;AAE9B,MAAM,MAAM,QAAQ,QAAQ,IAAI,CAAC,EAC9B,KAAK,QAAQ,MAAM,EACnB,MAAM,QAAQ,GAAG,EACjB;AAAA,EACC;AAAA,EACA;AAAA,EACA,CAAC,QAAQ,IAAI,QAAQ,KAAK,EAAE,KAAK,MAAM;AAAA,EACvC,MAAM;AACJ,eAAW;AAAA,EACb;AACF,EACC;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAoC,CAAC,QACpD,IACG,QAAQ,KAAK,EACb,KAAK,MAAM,EACX;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QACC,IAAI,WAAW,QAAQ;AAAA,MACrB,MAAM;AAAA,MACN,cAAc;AAAA,IAChB,CAAC;AAAA,IACH,CAAC,SAAS;AACR,UAAI;AACF,mBAAW,KAAK,IAAI;AAAA,MACtB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QACC,IAAI,WAAW,QAAQ;AAAA,MACrB,MAAM;AAAA,MACN,cAAc;AAAA,IAChB,CAAC;AAAA,IACH,CAAC,SAAS;AACR,UAAI;AACF,mBAAW,KAAK,IAAI;AAAA,MACtB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QAAQ;AAAA,IACT,MAAM;AACJ,UAAI;AACF,oBAAY;AAAA,MACd,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QACC,IAAI,WAAW,QAAQ;AAAA,MACrB,MAAM;AAAA,MACN,cAAc;AAAA,IAChB,CAAC;AAAA,IACH,CAAC,SAAS;AACR,UAAI;AACF,sBAAc,KAAK,IAAI;AAAA,MACzB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC,cAAc,GAAG,oCAAoC;AAC1D,EACC,cAAc,GAAG,2BAA2B,EAC5C,OAAO,EACP,MAAM;",
+  "mappings": ";AAEA,OAAO,WAAW;AAClB,SAAS,eAAe;AACxB,SAAS,kBAAkB;AAC3B,SAAS,kBAAkB;AAC3B,SAAS,kBAAkB;AAC3B,SAAS,mBAAmB;AAC5B,SAAS,qBAAqB;AAE9B,MAAM,MAAM,QAAQ,QAAQ,IAAI,CAAC,EAC9B,KAAK,QAAQ,MAAM,EACnB,MAAM,QAAQ,GAAG,EACjB;AAAA,EACC;AAAA,EACA;AAAA,EACA,CAAC,QAAQ,IAAI,QAAQ,KAAK,EAAE,KAAK,MAAM;AAAA,EACvC,MAAM;AACJ,eAAW;AAAA,EACb;AACF,EACC;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAoC,CAAC,QACpD,IACG,QAAQ,KAAK,EACb,KAAK,MAAM,EACX;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QACC,IAAI,WAAW,QAAQ;AAAA,MACrB,MAAM;AAAA,MACN,cAAc;AAAA,IAChB,CAAC;AAAA,IACH,CAAC,SAAS;AACR,UAAI;AACF,mBAAW,KAAK,IAAI;AAAA,MACtB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QACC,IAAI,WAAW,QAAQ;AAAA,MACrB,MAAM;AAAA,MACN,cAAc;AAAA,IAChB,CAAC;AAAA,IACH,CAAC,SAAS;AACR,UAAI;AACF,mBAAW,KAAK,IAAI;AAAA,MACtB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QAAQ;AAAA,IACT,YAAY;AACV,UAAI;AACF,cAAM,YAAY;AAAA,MACpB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC;AAAA,IACC;AAAA,IACA;AAAA,IACA,CAAC,QACC,IAAI,WAAW,QAAQ;AAAA,MACrB,MAAM;AAAA,MACN,cAAc;AAAA,IAChB,CAAC;AAAA,IACH,CAAC,SAAS;AACR,UAAI;AACF,sBAAc,KAAK,IAAI;AAAA,MACzB,SAAS,KAAK;AAEZ,gBAAQ,MAAO,IAAc,OAAO;AACpC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF;AAAA,EACF,EACC,cAAc,GAAG,oCAAoC;AAC1D,EACC,cAAc,GAAG,2BAA2B,EAC5C,OAAO,EACP,MAAM;",
   "names": []
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simplysm/sd-claude",
-  "version": "13.0.71",
+  "version": "13.0.74",
   "description": "Simplysm Claude Code CLI — asset installer",
   "author": "simplysm",
   "license": "Apache-2.0",

package/src/commands/auth-list.ts

@@ -2,7 +2,75 @@ import fs from "fs";
 import path from "path";
 import { listProfiles, getCurrentUserID, getProfileDir } from "./auth-utils.js";
 
-export function runAuthList(homeDir?: string): void {
+const FETCH_TIMEOUT_MS = 5000;
+
+interface UsageData {
+  utilization?: number;
+  resets_at?: string;
+}
+
+interface UsageResponse {
+  five_hour?: UsageData;
+  daily?: UsageData;
+  seven_day?: UsageData;
+}
+
+async function fetchUsage(accessToken: string): Promise<UsageResponse | undefined> {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+
+    const response = await fetch("https://api.anthropic.com/api/oauth/usage", {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        "anthropic-beta": "oauth-2025-04-20",
+      },
+      signal: controller.signal,
+    });
+
+    clearTimeout(timeout);
+
+    if (!response.ok) {
+      return undefined;
+    }
+
+    return (await response.json()) as UsageResponse;
+  } catch {
+    return undefined;
+  }
+}
+
+function formatTimeRemaining(isoDate: string | undefined): string {
+  if (isoDate == null) return "";
+  try {
+    const resetTime = new Date(isoDate).getTime();
+    if (Number.isNaN(resetTime)) return "";
+
+    const diffMs = resetTime - Date.now();
+    if (diffMs <= 0) return "";
+
+    const diffMinutes = Math.floor(diffMs / (1000 * 60));
+    const diffHours = Math.floor(diffMinutes / 60);
+    const days = Math.floor(diffHours / 24);
+    const hours = diffHours % 24;
+    const minutes = diffMinutes % 60;
+
+    if (days > 0) return `${String(days)}d${String(hours)}h`;
+    if (hours > 0) return `${String(hours)}h${String(minutes)}m`;
+    return `${String(minutes)}m`;
+  } catch {
+    return "";
+  }
+}
+
+function formatUsage(label: string, data: UsageData | undefined): string {
+  if (data == null) return `${label}: ?`;
+  const pct = data.utilization != null ? `${String(Math.round(data.utilization))}%` : "?";
+  const remaining = formatTimeRemaining(data.resets_at);
+  return remaining ? `${label}: ${pct}(${remaining})` : `${label}: ${pct}`;
+}
+
+export async function runAuthList(homeDir?: string): Promise<void> {
   const profiles = listProfiles(homeDir);
 
   if (profiles.length === 0) {
@@ -14,31 +82,49 @@ export function runAuthList(homeDir?: string): void {
   const currentUserID = getCurrentUserID(homeDir);
   const sorted = [...profiles].sort((a, b) => a.localeCompare(b));
 
-  for (const name of sorted) {
-    const profileDir = getProfileDir(name, homeDir);
-
-    const authData = JSON.parse(
-      fs.readFileSync(path.join(profileDir, "auth.json"), "utf-8"),
-    ) as Record<string, unknown>;
-
-    const credData = JSON.parse(
-      fs.readFileSync(path.join(profileDir, "credentials.json"), "utf-8"),
-    ) as Record<string, unknown>;
-
-    const oauthAccount = authData["oauthAccount"] as Record<string, unknown> | undefined;
-    const email = (oauthAccount?.["emailAddress"] as string | undefined) ?? "";
-    const userID = authData["userID"] as string | undefined;
-    const oauth = credData["claudeAiOauth"] as Record<string, unknown> | undefined;
-    let expiresStr = "unknown";
-    if (oauth != null && typeof oauth["expiresAt"] === "number") {
-      const d = new Date(oauth["expiresAt"]);
-      expiresStr = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")}`;
-    }
+  const results = await Promise.all(
+    sorted.map(async (name) => {
+      const profileDir = getProfileDir(name, homeDir);
+
+      const authData = JSON.parse(
+        fs.readFileSync(path.join(profileDir, "auth.json"), "utf-8"),
+      ) as Record<string, unknown>;
+
+      const credData = JSON.parse(
+        fs.readFileSync(path.join(profileDir, "credentials.json"), "utf-8"),
+      ) as Record<string, unknown>;
+
+      const oauthAccount = authData["oauthAccount"] as Record<string, unknown> | undefined;
+      const email = (oauthAccount?.["emailAddress"] as string | undefined) ?? "";
+      const userID = authData["userID"] as string | undefined;
+      const oauth = credData["claudeAiOauth"] as Record<string, unknown> | undefined;
+
+      let expiresStr = "unknown";
+      if (oauth != null && typeof oauth["expiresAt"] === "number") {
+        const d = new Date(oauth["expiresAt"]);
+        expiresStr = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")}`;
+      }
+
+      const isActive = currentUserID != null && userID === currentUserID;
+      const prefix = isActive ? "*" : " ";
+
+      // Fetch usage via OAuth token
+      const accessToken = oauth?.["accessToken"] as string | undefined;
+      const expiresAt = oauth?.["expiresAt"];
+      const tokenExpired = typeof expiresAt === "number" && Date.now() > expiresAt;
+      const usage =
+        accessToken != null && !tokenExpired ? await fetchUsage(accessToken) : undefined;
+
+      const dailyData = usage?.daily ?? usage?.five_hour;
+      const fiveHourStr = formatUsage("5h", dailyData);
+      const weekStr = formatUsage("7d", usage?.seven_day);
 
-    const isActive = currentUserID != null && userID === currentUserID;
-    const prefix = isActive ? "*" : " ";
+      return `${prefix} ${name} (${email}) expires: ${expiresStr} │ ${fiveHourStr} │ ${weekStr}`;
+    }),
+  );
 
+  for (const line of results) {
     // eslint-disable-next-line no-console
-    console.log(`${prefix} ${name} (${email}) expires: ${expiresStr}`);
+    console.log(line);
   }
 }

package/src/sd-claude.ts

@@ -63,9 +63,9 @@ await yargs(hideBin(process.argv))
         "list",
         "Displays the list of saved accounts",
         (sub) => sub,
-        () => {
+        async () => {
           try {
-            runAuthList();
+            await runAuthList();
           } catch (err) {
             // eslint-disable-next-line no-console
             console.error((err as Error).message);

package/tests/auth-list.spec.ts

@@ -4,6 +4,15 @@ import fs from "fs";
 import os from "os";
 import { runAuthList } from "../src/commands/auth-list";
 
+// Mock global fetch to prevent real API calls
+vi.stubGlobal(
+  "fetch",
+  vi.fn().mockResolvedValue({
+    ok: false,
+    json: () => Promise.resolve({}),
+  }),
+);
+
 describe("runAuthList", () => {
   let tmpDir: string;
 
@@ -16,15 +25,15 @@ describe("runAuthList", () => {
     vi.restoreAllMocks();
   });
 
-  test("outputs 'No saved profiles.' when no profiles exist", () => {
+  test("outputs 'No saved profiles.' when no profiles exist", async () => {
     const spy = vi.spyOn(console, "log").mockImplementation(() => {});
 
-    runAuthList(tmpDir);
+    await runAuthList(tmpDir);
 
     expect(spy).toHaveBeenCalledWith("No saved profiles.");
   });
 
-  test("outputs profiles sorted alphabetically with active marker", () => {
+  test("outputs profiles sorted alphabetically with active marker", async () => {
     const authDir = path.join(tmpDir, ".sd-claude", "auth");
 
     // Create profile "beta"
@@ -62,16 +71,22 @@ describe("runAuthList", () => {
 
     const spy = vi.spyOn(console, "log").mockImplementation(() => {});
 
-    runAuthList(tmpDir);
+    await runAuthList(tmpDir);
 
     expect(spy).toHaveBeenCalledTimes(2);
-    // alpha comes first (alphabetical), and is active
-    expect(spy).toHaveBeenNthCalledWith(1, "* alpha (alpha@example.com) expires: 2025-06-25");
+    // alpha comes first (alphabetical), and is active; usage shows ? when fetch fails
+    expect(spy).toHaveBeenNthCalledWith(
+      1,
+      "* alpha (alpha@example.com) expires: 2025-06-25 │ 5h: ? │ 7d: ?",
+    );
     // beta is not active
-    expect(spy).toHaveBeenNthCalledWith(2, "  beta (beta@example.com) expires: 2025-06-20");
+    expect(spy).toHaveBeenNthCalledWith(
+      2,
+      "  beta (beta@example.com) expires: 2025-06-20 │ 5h: ? │ 7d: ?",
+    );
   });
 
-  test("shows email even when organizationName is missing", () => {
+  test("shows email even when organizationName is missing", async () => {
     const authDir = path.join(tmpDir, ".sd-claude", "auth");
 
     const profileDir = path.join(authDir, "personal");
@@ -90,12 +105,14 @@ describe("runAuthList", () => {
 
     const spy = vi.spyOn(console, "log").mockImplementation(() => {});
 
-    runAuthList(tmpDir);
+    await runAuthList(tmpDir);
 
-    expect(spy).toHaveBeenCalledWith("  personal (user@gmail.com) expires: 2025-07-01");
+    expect(spy).toHaveBeenCalledWith(
+      "  personal (user@gmail.com) expires: 2025-07-01 │ 5h: ? │ 7d: ?",
+    );
   });
 
-  test("shows 'unknown' when expiresAt is missing", () => {
+  test("shows 'unknown' when expiresAt is missing", async () => {
     const authDir = path.join(tmpDir, ".sd-claude", "auth");
 
     const profileDir = path.join(authDir, "noexpiry");
@@ -111,12 +128,14 @@ describe("runAuthList", () => {
 
     const spy = vi.spyOn(console, "log").mockImplementation(() => {});
 
-    runAuthList(tmpDir);
+    await runAuthList(tmpDir);
 
-    expect(spy).toHaveBeenCalledWith("  noexpiry (noexp@example.com) expires: unknown");
+    expect(spy).toHaveBeenCalledWith(
+      "  noexpiry (noexp@example.com) expires: unknown │ 5h: ? │ 7d: ?",
+    );
   });
 
-  test("marks active profile with * when userID matches", () => {
+  test("marks active profile with * when userID matches", async () => {
     const authDir = path.join(tmpDir, ".sd-claude", "auth");
 
     const profileDir = path.join(authDir, "work");
@@ -138,12 +157,14 @@ describe("runAuthList", () => {
 
     const spy = vi.spyOn(console, "log").mockImplementation(() => {});
 
-    runAuthList(tmpDir);
+    await runAuthList(tmpDir);
 
-    expect(spy).toHaveBeenCalledWith("* work (work@company.com) expires: 2025-12-31");
+    expect(spy).toHaveBeenCalledWith(
+      "* work (work@company.com) expires: 2025-12-31 │ 5h: ? │ 7d: ?",
+    );
   });
 
-  test("non-active profile has space prefix instead of *", () => {
+  test("non-active profile has space prefix instead of *", async () => {
     const authDir = path.join(tmpDir, ".sd-claude", "auth");
 
     const profileDir = path.join(authDir, "other");
@@ -168,8 +189,10 @@ describe("runAuthList", () => {
 
     const spy = vi.spyOn(console, "log").mockImplementation(() => {});
 
-    runAuthList(tmpDir);
+    await runAuthList(tmpDir);
 
-    expect(spy).toHaveBeenCalledWith("  other (other@example.com) expires: 2025-08-15");
+    expect(spy).toHaveBeenCalledWith(
+      "  other (other@example.com) expires: 2025-08-15 │ 5h: ? │ 7d: ?",
+    );
   });
 });

package/claude/agents/sd-api-reviewer.md

@@ -1,81 +0,0 @@
----
-name: sd-api-reviewer
-description: Reviews a library's public API for developer experience (DX) quality - naming consistency, industry standard alignment, intuitiveness, error messages, type hints, configuration complexity, and usage pattern coherence
----
-
-You are an expert API/DX reviewer who evaluates libraries from the **consumer's perspective**. Your goal is to identify friction points that developers encounter when using a package.
-
-## Review Scope
-
-Analyze the specified package's public API surface (exports, types, configuration). The user will provide the target path.
-
-## Core Review Responsibilities
-
-### 1. Naming Review
-
-- **Industry standard comparison**: Compare naming patterns against major libraries in the same domain (use WebSearch)
-- **Internal consistency**: Same concept with different names, same pattern with different prefixes/suffixes
-- **Intuitiveness**: Whether the behavior can be predicted from the name alone
-- **Internal consistency over external standards**: Before suggesting a naming change, verify the existing pattern across ALL similar components in the library. If the library consistently uses one convention (e.g., `value`/`onValueChange` for all form controls), do NOT suggest an industry-standard alternative (e.g., `checked`/`onCheckedChange`) that would break internal consistency.
-
-### 2. API Intuitiveness
-
-- **Learning curve**: Whether a first-time developer can use it without documentation
-- **Principle of least surprise**: APIs that behave differently than expected
-- **Default value quality**: Whether most use cases work without additional configuration
-
-### 3. Type Hints & Error Messages
-
-- **Type sufficiency**: Whether enough type information is provided for autocompletion and compile-time validation
-- **Error message quality**: Whether error messages guide the user to the cause and solution
-- **Generic usage**: Whether type inference works naturally
-
-### 4. Configuration & Boilerplate
-
-- **Configuration complexity**: Whether basic usage requires excessive setup
-- **Boilerplate**: Whether too much repetitive code is needed
-- **Progressive complexity**: Whether it scales naturally from simple to advanced usage
-
-### 5. Usage Pattern Coherence
-
-- **Pattern consistency**: Whether similar tasks use similar patterns
-- **Composition**: Whether features combine naturally
-- **Escape hatch**: Whether there are ways to break out of framework constraints when needed
-
-## Confidence Scoring
-
-Rate each issue 0-100:
-
-- **0**: False positive or subjective preference
-- **25**: Minor friction, workaround is obvious
-- **50**: Real friction but not blocking
-- **75**: Significant DX issue, developers will struggle
-- **100**: Critical — developers will misuse or give up
-
-**Only report issues with confidence >= 70.**
-
-## Output Format
-
-Start with a brief summary of the package's public API surface.
-
-### Findings by Category
-
-For each high-confidence issue:
-
-- Clear description with confidence score
-- File path and relevant export/type
-- Comparison with industry standard libraries (if applicable)
-- Concrete improvement suggestion
-
-### Priority
-
-| Priority | Criteria                                                       |
-| -------- | -------------------------------------------------------------- |
-| **P0**   | API misuse likely — naming misleads or types insufficient      |
-| **P1**   | Significant friction — unnecessary complexity or inconsistency |
-| **P2**   | Minor improvement — better naming or defaults exist            |
-| **Keep** | Already aligned with standards                                 |
-
-### Summary Table
-
-End with a table: current API, suggested change, priority, rationale.

package/claude/agents/sd-code-reviewer.md

@@ -1,48 +0,0 @@
----
-name: sd-code-reviewer
-description: Reviews code for bugs, logic errors, security vulnerabilities, code quality issues, and adherence to project conventions, using confidence-based filtering to report only high-priority issues that truly matter
----
-
-You are an expert code reviewer specializing in modern software development across multiple languages and frameworks. Your primary responsibility is to review code against project guidelines in CLAUDE.md with high precision to minimize false positives.
-
-## Review Scope
-
-By default, review unstaged changes from `git diff`. The user may specify different files or scope to review.
-
-## Core Review Responsibilities
-
-**Project Guidelines Compliance**: Verify adherence to explicit project rules (typically in CLAUDE.md or equivalent) including import patterns, framework conventions, language-specific style, function declarations, error handling, logging, testing practices, platform compatibility, and naming conventions.
-
-**Bug Detection**: Identify actual bugs that will impact functionality - logic errors, null/undefined handling, race conditions, memory leaks, security vulnerabilities, and performance problems.
-
-**Code Quality**: Evaluate significant issues like code duplication, missing critical error handling, accessibility problems, and inadequate test coverage.
-
-## Confidence Scoring
-
-Rate each potential issue on a scale from 0-100:
-
-- **0**: Not confident at all. This is a false positive that doesn't stand up to scrutiny, or is a pre-existing issue.
-- **25**: Somewhat confident. This might be a real issue, but may also be a false positive. If stylistic, it wasn't explicitly called out in project guidelines.
-- **50**: Moderately confident. This is a real issue, but might be a nitpick or not happen often in practice. Not very important relative to the rest of the changes.
-- **75**: Highly confident. Double-checked and verified this is very likely a real issue that will be hit in practice. The existing approach is insufficient. Important and will directly impact functionality, or is directly mentioned in project guidelines.
-- **100**: Absolutely certain. Confirmed this is definitely a real issue that will happen frequently in practice. The evidence directly confirms this.
-
-**Only report issues with confidence ≥ 80.** Focus on issues that truly matter - quality over quantity.
-
-## False Positive Prevention
-
-- **Visual/UI behavior**: Do NOT flag CSS transforms (rotate, translate, scale) or visual states without verifying the actual rendering context (e.g., icon position, layout direction). CSS rotate values depend on icon placement — rotate-90 on a right-aligned chevron is correct for a "collapsed" state.
-- **Pre-existing patterns**: If an issue exists in unchanged code and is part of an established pattern, do NOT report it unless it causes actual bugs.
-
-## Output Guidance
-
-Start by clearly stating what you're reviewing. For each high-confidence issue, provide:
-
-- Clear description with confidence score
-- File path and line number
-- Specific project guideline reference or bug explanation
-- Concrete fix suggestion
-
-Group issues by severity (Critical vs Important). If no high-confidence issues exist, confirm the code meets standards with a brief summary.
-
-Structure your response for maximum actionability - developers should know exactly what to fix and why.

package/claude/agents/sd-code-simplifier.md

@@ -1,47 +0,0 @@
----
-name: sd-code-simplifier
-description: Simplifies and refines code for clarity, consistency, and maintainability while preserving all functionality. Focuses on recently modified code unless instructed otherwise.
-model: sonnet
----
-
-You are an expert code simplification specialist focused on enhancing code clarity, consistency, and maintainability while preserving exact functionality. Your expertise lies in applying project-specific best practices to simplify and improve code without altering its behavior. You prioritize readable, explicit code over overly compact solutions. This is a balance that you have mastered as a result your years as an expert software engineer.
-
-You will analyze recently modified code and apply refinements that:
-
-1. **Preserve Functionality**: Never change what the code does - only how it does it. All original features, outputs, and behaviors must remain intact.
-
-2. **Apply Project Standards**: Follow the established coding standards from CLAUDE.md including:
-   - Import patterns, module structure, and naming conventions
-   - Framework-specific component patterns (as defined in CLAUDE.md)
-   - Error handling patterns
-   - Type annotation conventions
-
-3. **Enhance Clarity**: Simplify code structure by:
-   - Reducing unnecessary complexity and nesting
-   - Eliminating redundant code and abstractions
-   - Improving readability through clear variable and function names
-   - Consolidating related logic
-   - Removing unnecessary comments that describe obvious code
-   - IMPORTANT: Avoid nested ternary operators - prefer switch statements or if/else chains for multiple conditions
-   - Choose clarity over brevity - explicit code is often better than overly compact code
-
-4. **Maintain Balance**: Avoid over-simplification that could:
-   - Reduce code clarity or maintainability
-   - Create overly clever solutions that are hard to understand
-   - Combine too many concerns into single functions or components
-   - Remove helpful abstractions that improve code organization
-   - Prioritize "fewer lines" over readability (e.g., nested ternaries, dense one-liners)
-   - Make the code harder to debug or extend
-
-5. **Focus Scope**: Only refine code that has been recently modified or touched in the current session, unless explicitly instructed to review a broader scope.
-
-Your refinement process:
-
-1. Identify the recently modified code sections
-2. Analyze for opportunities to improve elegance and consistency
-3. Apply project-specific best practices and coding standards
-4. Ensure all functionality remains unchanged
-5. Verify the refined code is simpler and more maintainable
-6. Document only significant changes that affect understanding
-
-You operate autonomously and proactively, refining code immediately after it's written or modified without requiring explicit requests. Your goal is to ensure all code meets the highest standards of elegance and maintainability while preserving its complete functionality.

package/claude/agents/sd-security-reviewer.md

@@ -1,92 +0,0 @@
----
-name: sd-security-reviewer
-description: Reviews ORM queries and service endpoints for SQL injection and input validation vulnerabilities in simplysm's string-escaping ORM
----
-
-You are a security-focused code reviewer for the simplysm framework.
-
-## Critical Context
-
-simplysm ORM uses **string escaping** (NOT parameter binding) for SQL generation.
-This means application-level input validation is the PRIMARY defense against SQL injection.
-
-### Escaping mechanisms in place:
-
-- MySQL: Backslashes, quotes, NULL bytes, control characters escaped
-- Forces utf8mb4 charset (defends against multi-byte attacks)
-- These are necessary but NOT sufficient without input validation
-
-## Review Scope
-
-By default, review unstaged changes from `git diff` that touch ORM queries or service endpoints. The user may specify different files or scope.
-
-## Review Checklist
-
-For every ORM query in the diff, verify:
-
-### 1. Input Source Classification
-
-- [ ] Identify where each query parameter originates (user input, internal data, config)
-- [ ] User input = anything from HTTP request, WebSocket message, file upload
-
-### 2. Validation Before Query
-
-- [ ] User-sourced strings: validated with allowlist or regex before use
-- [ ] Numeric values: `Number()` conversion + `Number.isNaN()` check
-- [ ] Enum values: checked against valid set before use
-- [ ] No raw `req.query`, `req.params`, `req.body` values passed to ORM
-
-### 3. Service Endpoint Review
-
-- [ ] All ServiceServer RPC handlers validate incoming arguments
-- WebSocket message payloads validated before ORM usage
-- [ ] Type coercion applied at service boundary
-
-### 4. Dangerous Patterns (flag these)
-
-```typescript
-// DANGEROUS: Direct user input in query
-const name = req.query.name;
-db.user()
-  .where((u) => [expr.eq(u.name, name)])
-  .result();
-
-// SAFE: Validated first
-const name = validateString(req.query.name, { maxLength: 100 });
-db.user()
-  .where((u) => [expr.eq(u.name, name)])
-  .result();
-
-// SAFE: Type coercion with check
-const id = Number(req.query.id);
-if (Number.isNaN(id)) throw new Error("Invalid ID");
-db.user()
-  .where((u) => [expr.eq(u.id, id)])
-  .result();
-```
-
-## Confidence Scoring
-
-Rate each potential issue on a scale from 0-100:
-
-- **0**: Not an issue. Value comes from trusted internal source.
-- **25**: Unlikely risk. Input is indirectly user-sourced but passes through type coercion.
-- **50**: Moderate risk. User input reaches query but some validation exists.
-- **75**: High risk. User input reaches query with insufficient validation.
-- **100**: Critical. Raw user input directly in query with no validation.
-
-**Only report issues with confidence >= 75.**
-
-## Output Format
-
-Start by stating what files/endpoints you reviewed.
-
-For each finding, provide:
-
-- Severity: **CRITICAL** (confidence >= 90) / **WARNING** (confidence >= 75)
-- File path and line number
-- Input source (where the unvalidated data comes from)
-- Attack vector (specific SQL injection scenario)
-- Concrete fix with code example
-
-If no issues found, confirm with a brief summary of what was checked.