@victor-software-house/pi-multicodex 1.0.6 → 1.0.8

package/README.md

@@ -6,6 +6,8 @@
 
 ## What it does
 
+- overrides the normal `openai-codex` path instead of requiring a separate provider to be selected
+- auto-imports pi's stored `openai-codex` auth when it is new or changed
 - rotates accounts on quota and rate-limit failures
 - prefers untouched accounts when usage data is available
 - otherwise prefers the account whose weekly window resets first
@@ -45,12 +47,11 @@ pi -e ./index.ts
 
 ## Commands
 
-- `/multicodex-login <email>`
-  - Add or update a Codex account in the rotation pool.
-- `/multicodex-use`
-  - Select an account manually for the current session.
+- `/multicodex-use [identifier]`
+  - Use an existing managed account, or start the Codex login flow when the account is missing or the stored auth is no longer valid.
+  - With no argument, opens an account picker.
 - `/multicodex-status`
-  - Show account state and cached usage information.
+  - Show managed account state and cached usage information.
 - `/multicodex-footer`
   - Open an interactive panel to configure footer fields and ordering.
 
@@ -68,12 +69,12 @@ Current direction:
 
 Current next step:
 
-- add active-account usage visibility in pi for this extension's managed Codex accounts
+- make MultiCodex own the normal `openai-codex` path directly
+- auto-import pi's existing `openai-codex` auth when it is new or changed
 - mirror the existing codex usage footer style, including support for displaying both reset countdowns
-- show footer usage only when the selected model uses the `multicodex` provider override
 - show the active account identifier beside the 5h and 7d usage metrics
-- configure footer fields and ordering through an interactive panel
-- refresh the footer from the active managed account without polling aggressively
+- keep footer configuration in an interactive panel
+- tighten footer updates so account switches and quota rotation are reflected immediately
 
 ## Release validation
 
@@ -91,6 +92,13 @@ Release flow:
 3. Create and push a matching `v*` tag.
 4. Let GitHub Actions publish through trusted publishing.
 
+Local push protection:
+
+- `lefthook` runs `mise run pre-push`
+- the `pre-push` mise task runs the same core validations as the publish workflow:
+  - `pnpm check`
+  - `npm pack --dry-run`
+
 Prepare locally:
 
 ```bash

package/account-manager.ts

@@ -2,6 +2,7 @@ import {
 	type OAuthCredentials,
 	refreshOpenAICodexToken,
 } from "@mariozechner/pi-ai/oauth";
+import { loadImportedOpenAICodexAuth } from "./auth";
 import { isAccountAvailable, pickBestAccount } from "./selection";
 import {
 	type Account,
@@ -49,7 +50,14 @@ export class AccountManager {
 		this.warningHandler = handler;
 	}
 
-	addOrUpdateAccount(email: string, creds: OAuthCredentials): void {
+	addOrUpdateAccount(
+		email: string,
+		creds: OAuthCredentials,
+		options?: {
+			importSource?: "pi-openai-codex";
+			importFingerprint?: string;
+		},
+	): void {
 		const existing = this.getAccount(email);
 		const accountId =
 			typeof creds.accountId === "string" ? creds.accountId : undefined;
@@ -57,6 +65,8 @@ export class AccountManager {
 			existing.accessToken = creds.access;
 			existing.refreshToken = creds.refresh;
 			existing.expiresAt = creds.expires;
+			existing.importSource = options?.importSource;
+			existing.importFingerprint = options?.importFingerprint;
 			if (accountId) {
 				existing.accountId = accountId;
 			}
@@ -67,6 +77,8 @@ export class AccountManager {
 				refreshToken: creds.refresh,
 				expiresAt: creds.expires,
 				accountId,
+				importSource: options?.importSource,
+				importFingerprint: options?.importFingerprint,
 			});
 		}
 		this.setActiveAccount(email);
@@ -112,6 +124,38 @@ export class AccountManager {
 		this.manualEmail = undefined;
 	}
 
+	getImportedAccount(): Account | undefined {
+		return this.data.accounts.find(
+			(account) => account.importSource === "pi-openai-codex",
+		);
+	}
+
+	async syncImportedOpenAICodexAuth(): Promise<boolean> {
+		const imported = await loadImportedOpenAICodexAuth();
+		if (!imported) return false;
+
+		const existingImported = this.getImportedAccount();
+		if (
+			existingImported?.importFingerprint === imported.fingerprint &&
+			existingImported.email === imported.identifier
+		) {
+			return false;
+		}
+
+		if (existingImported && existingImported.email !== imported.identifier) {
+			const target = this.getAccount(imported.identifier);
+			if (!target) {
+				existingImported.email = imported.identifier;
+			}
+		}
+
+		this.addOrUpdateAccount(imported.identifier, imported.credentials, {
+			importSource: "pi-openai-codex",
+			importFingerprint: imported.fingerprint,
+		});
+		return true;
+	}
+
 	getAvailableManualAccount(options?: {
 		excludeEmails?: Set<string>;
 		now?: number;

package/auth.ts

@@ -0,0 +1,106 @@
+import { promises as fs } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import type { OAuthCredentials } from "@mariozechner/pi-ai/oauth";
+
+const AUTH_FILE = path.join(os.homedir(), ".pi", "agent", "auth.json");
+const IMPORTED_ACCOUNT_PREFIX = "OpenAI Codex";
+
+interface AuthEntry {
+	type?: string;
+	access?: string | null;
+	refresh?: string | null;
+	expires?: number | null;
+	accountId?: string | null;
+	account_id?: string | null;
+}
+
+export interface ImportedOpenAICodexAuth {
+	identifier: string;
+	fingerprint: string;
+	credentials: OAuthCredentials;
+}
+
+function asAuthEntry(value: unknown): AuthEntry | undefined {
+	if (!value || typeof value !== "object" || Array.isArray(value)) {
+		return undefined;
+	}
+	return value as AuthEntry;
+}
+
+function getAccountId(entry: AuthEntry): string | undefined {
+	const accountId = entry.accountId ?? entry.account_id;
+	return typeof accountId === "string" && accountId.trim()
+		? accountId.trim()
+		: undefined;
+}
+
+function getRequiredString(
+	value: string | null | undefined,
+): string | undefined {
+	return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+
+function createImportedIdentifier(accountId: string): string {
+	return `${IMPORTED_ACCOUNT_PREFIX} ${accountId.slice(0, 8)}`;
+}
+
+function createFingerprint(entry: {
+	access: string;
+	refresh: string;
+	expires: number;
+	accountId?: string;
+}): string {
+	return JSON.stringify({
+		access: entry.access,
+		refresh: entry.refresh,
+		expires: entry.expires,
+		accountId: entry.accountId ?? null,
+	});
+}
+
+export function parseImportedOpenAICodexAuth(
+	auth: Record<string, unknown>,
+): ImportedOpenAICodexAuth | undefined {
+	const entry = asAuthEntry(auth["openai-codex"]);
+	if (entry?.type !== "oauth") return undefined;
+
+	const access = getRequiredString(entry.access);
+	const refresh = getRequiredString(entry.refresh);
+	const accountId = getAccountId(entry);
+	const expires = entry.expires;
+	if (!access || !refresh || typeof expires !== "number") {
+		return undefined;
+	}
+
+	const credentials: OAuthCredentials = {
+		access,
+		refresh,
+		expires,
+		accountId,
+	};
+	return {
+		identifier: createImportedIdentifier(accountId ?? "default"),
+		fingerprint: createFingerprint({ access, refresh, expires, accountId }),
+		credentials,
+	};
+}
+
+export async function loadImportedOpenAICodexAuth(): Promise<
+	ImportedOpenAICodexAuth | undefined
+> {
+	try {
+		const raw = await fs.readFile(AUTH_FILE, "utf8");
+		const parsed = JSON.parse(raw) as unknown;
+		if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+			return undefined;
+		}
+		return parseImportedOpenAICodexAuth(parsed as Record<string, unknown>);
+	} catch (error) {
+		const withCode = error as Error & { code?: string };
+		if (withCode.code === "ENOENT") {
+			return undefined;
+		}
+		throw error;
+	}
+}

package/commands.ts

@@ -13,59 +13,85 @@ function getErrorMessage(error: unknown): string {
 	return typeof error === "string" ? error : JSON.stringify(error);
 }
 
+async function loginAndActivateAccount(
+	pi: ExtensionAPI,
+	ctx: ExtensionCommandContext,
+	accountManager: AccountManager,
+	identifier: string,
+): Promise<boolean> {
+	try {
+		ctx.ui.notify(
+			`Starting login for ${identifier}... Check your browser.`,
+			"info",
+		);
+
+		const creds = await loginOpenAICodex({
+			onAuth: ({ url }) => {
+				void openLoginInBrowser(pi, ctx, url);
+				ctx.ui.notify(`Please open this URL to login: ${url}`, "info");
+				console.log(`[multicodex] Login URL: ${url}`);
+			},
+			onPrompt: async ({ message }) => (await ctx.ui.input(message)) || "",
+		});
+
+		accountManager.addOrUpdateAccount(identifier, creds);
+		accountManager.setManualAccount(identifier);
+		ctx.ui.notify(`Now using ${identifier}`, "info");
+		return true;
+	} catch (error) {
+		ctx.ui.notify(`Login failed: ${getErrorMessage(error)}`, "error");
+		return false;
+	}
+}
+
+async function useOrLoginAccount(
+	pi: ExtensionAPI,
+	ctx: ExtensionCommandContext,
+	accountManager: AccountManager,
+	identifier: string,
+): Promise<void> {
+	const existing = accountManager.getAccount(identifier);
+	if (existing) {
+		try {
+			await accountManager.ensureValidToken(existing);
+			accountManager.setManualAccount(identifier);
+			ctx.ui.notify(`Now using ${identifier}`, "info");
+			return;
+		} catch {
+			ctx.ui.notify(
+				`Stored auth for ${identifier} is no longer valid. Starting login again.`,
+				"warning",
+			);
+		}
+	}
+
+	await loginAndActivateAccount(pi, ctx, accountManager, identifier);
+}
+
 export function registerCommands(
 	pi: ExtensionAPI,
 	accountManager: AccountManager,
 	statusController: ReturnType<typeof createUsageStatusController>,
 ): void {
-	pi.registerCommand("multicodex-login", {
-		description: "Login to an OpenAI Codex account for the rotation pool",
+	pi.registerCommand("multicodex-use", {
+		description:
+			"Use an existing Codex account, or log in when the identifier is missing",
 		handler: async (
 			args: string,
 			ctx: ExtensionCommandContext,
 		): Promise<void> => {
-			const email = args.trim();
-			if (!email) {
-				ctx.ui.notify(
-					"Please provide an email/identifier: /multicodex-login my@email.com",
-					"error",
-				);
+			const identifier = args.trim();
+			if (identifier) {
+				await useOrLoginAccount(pi, ctx, accountManager, identifier);
+				await statusController.refreshFor(ctx);
 				return;
 			}
 
-			try {
-				ctx.ui.notify(
-					`Starting login for ${email}... Check your browser.`,
-					"info",
-				);
-
-				const creds = await loginOpenAICodex({
-					onAuth: ({ url }) => {
-						void openLoginInBrowser(pi, ctx, url);
-						ctx.ui.notify(`Please open this URL to login: ${url}`, "info");
-						console.log(`[multicodex] Login URL: ${url}`);
-					},
-					onPrompt: async ({ message }) => (await ctx.ui.input(message)) || "",
-				});
-
-				accountManager.addOrUpdateAccount(email, creds);
-				ctx.ui.notify(`Successfully logged in as ${email}`, "info");
-			} catch (error) {
-				ctx.ui.notify(`Login failed: ${getErrorMessage(error)}`, "error");
-			}
-		},
-	});
-
-	pi.registerCommand("multicodex-use", {
-		description: "Switch active Codex account for this session",
-		handler: async (
-			_args: string,
-			ctx: ExtensionCommandContext,
-		): Promise<void> => {
+			await accountManager.syncImportedOpenAICodexAuth();
 			const accounts = accountManager.getAccounts();
 			if (accounts.length === 0) {
 				ctx.ui.notify(
-					"No accounts logged in. Use /multicodex-login first.",
+					"No managed accounts found. Use /login or /multicodex-use <identifier> first.",
 					"warning",
 				);
 				return;
@@ -82,9 +108,10 @@ export function registerCommands(
 			const selected = await ctx.ui.select("Select Account", options);
 			if (!selected) return;
 
-			const email = selected.split(" ")[0];
+			const email = selected.split(" (")[0] ?? selected;
 			accountManager.setManualAccount(email);
-			ctx.ui.notify(`Switched to ${email}`, "info");
+			ctx.ui.notify(`Now using ${email}`, "info");
+			await statusController.refreshFor(ctx);
 		},
 	});
 
@@ -94,11 +121,12 @@ export function registerCommands(
 			_args: string,
 			ctx: ExtensionCommandContext,
 		): Promise<void> => {
+			await accountManager.syncImportedOpenAICodexAuth();
 			await accountManager.refreshUsageForAllAccounts();
 			const accounts = accountManager.getAccounts();
 			if (accounts.length === 0) {
 				ctx.ui.notify(
-					"No accounts logged in. Use /multicodex-login first.",
+					"No managed accounts found. Use /login or /multicodex-use <identifier> first.",
 					"warning",
 				);
 				return;
@@ -112,10 +140,12 @@ export function registerCommands(
 					account.quotaExhaustedUntil &&
 					account.quotaExhaustedUntil > Date.now();
 				const untouched = isUsageUntouched(usage) ? "untouched" : null;
+				const imported = account.importSource ? "imported" : null;
 				const tags = [
 					isActive ? "active" : null,
 					quotaHit ? "quota" : null,
 					untouched,
+					imported,
 				]
 					.filter(Boolean)
 					.join(", ");

package/hooks.ts

@@ -3,6 +3,7 @@ import type { AccountManager } from "./account-manager";
 async function refreshAndActivateBestAccount(
 	accountManager: AccountManager,
 ): Promise<void> {
+	await accountManager.syncImportedOpenAICodexAuth();
 	await accountManager.refreshUsageForAllAccounts({ force: true });
 	const manual = accountManager.getAvailableManualAccount();
 	if (manual) return;

package/index.ts

@@ -1,4 +1,8 @@
 export { AccountManager } from "./account-manager";
+export {
+	loadImportedOpenAICodexAuth,
+	parseImportedOpenAICodexAuth,
+} from "./auth";
 export { default } from "./extension";
 export {
 	buildMulticodexProviderConfig,

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@victor-software-house/pi-multicodex",
-	"version": "1.0.6",
+	"version": "1.0.8",
 	"description": "Codex account rotation extension for pi",
 	"license": "MIT",
 	"type": "module",
@@ -32,6 +32,7 @@
 	"files": [
 		"abort-utils.ts",
 		"account-manager.ts",
+		"auth.ts",
 		"browser.ts",
 		"commands.ts",
 		"extension.ts",
@@ -60,15 +61,25 @@
 	},
 	"peerDependencies": {
 		"@mariozechner/pi-ai": "*",
-		"@mariozechner/pi-coding-agent": "*"
+		"@mariozechner/pi-coding-agent": "*",
+		"@mariozechner/pi-tui": "*"
 	},
-	"dependencies": {
-		"@mariozechner/pi-tui": "^0.58.1"
+	"peerDependenciesMeta": {
+		"@mariozechner/pi-ai": {
+			"optional": true
+		},
+		"@mariozechner/pi-coding-agent": {
+			"optional": true
+		},
+		"@mariozechner/pi-tui": {
+			"optional": true
+		}
 	},
 	"devDependencies": {
 		"@biomejs/biome": "^2.4.7",
 		"@mariozechner/pi-ai": "^0.58.1",
 		"@mariozechner/pi-coding-agent": "^0.58.1",
+		"@mariozechner/pi-tui": "^0.58.1",
 		"@types/node": "^25.5.0",
 		"@typescript/native-preview": "7.0.0-dev.20260314.1",
 		"typescript": "^5.9.3",

package/provider.ts

@@ -10,7 +10,7 @@ import {
 import type { AccountManager } from "./account-manager";
 import { createStreamWrapper } from "./stream-wrapper";
 
-export const PROVIDER_ID = "multicodex";
+export const PROVIDER_ID = "openai-codex";
 
 export interface ProviderModelDef {
 	id: string;

package/status.ts

@@ -335,7 +335,11 @@ export function createUsageStatusController(accountManager: AccountManager) {
 			return;
 		}
 
-		const activeAccount = accountManager.getActiveAccount();
+		let activeAccount = accountManager.getActiveAccount();
+		if (!activeAccount) {
+			await accountManager.syncImportedOpenAICodexAuth();
+			activeAccount = accountManager.getActiveAccount();
+		}
 		if (!activeAccount) {
 			ctx.ui.setStatus(
 				STATUS_KEY,

package/storage.ts

@@ -10,6 +10,8 @@ export interface Account {
 	accountId?: string;
 	lastUsed?: number;
 	quotaExhaustedUntil?: number;
+	importSource?: "pi-openai-codex";
+	importFingerprint?: string;
 }
 
 export interface StorageData {

package/stream-wrapper.ts

@@ -80,6 +80,7 @@ export function createStreamWrapper(
 
 		(async () => {
 			try {
+				await accountManager.syncImportedOpenAICodexAuth();
 				const excludedEmails = new Set<string>();
 				for (let attempt = 0; attempt <= MAX_ROTATION_RETRIES; attempt++) {
 					const now = Date.now();
@@ -100,7 +101,7 @@ export function createStreamWrapper(
 					}
 					if (!account) {
 						throw new Error(
-							"No available Multicodex accounts. Please use /multicodex-login.",
+							"No available Multicodex accounts. Please use /multicodex-use <identifier>.",
 						);
 					}