@victor-software-house/pi-multicodex 2.0.9 → 2.0.11

package/account-manager.ts

@@ -4,7 +4,10 @@ import {
 } from "@mariozechner/pi-ai/oauth";
 import { AuthStorage } from "@mariozechner/pi-coding-agent";
 import { normalizeUnknownError } from "pi-provider-utils/streams";
-import { loadImportedOpenAICodexAuth } from "./auth";
+import {
+	loadImportedOpenAICodexAuth,
+	writeActiveTokenToAuthJson,
+} from "./auth";
 import { isAccountAvailable, pickBestAccount } from "./selection";
 import {
 	type Account,
@@ -44,6 +47,19 @@ export class AccountManager {
 		}
 	}
 
+	/**
+	 * Write the active account's tokens to auth.json so pi's background features
+	 * (rename, compaction) can resolve a valid API key via AuthStorage.
+	 */
+	private syncActiveTokenToAuthJson(account: Account): void {
+		writeActiveTokenToAuthJson({
+			access: account.accessToken,
+			refresh: account.refreshToken,
+			expires: account.expiresAt,
+			accountId: account.accountId,
+		}).catch(() => {});
+	}
+
 	onStateChange(handler: StateChangeHandler): () => void {
 		this.stateChangeHandlers.add(handler);
 		return () => {
@@ -80,6 +96,7 @@ export class AccountManager {
 			existing.expiresAt = creds.expires;
 			existing.importSource = options?.importSource;
 			existing.importFingerprint = options?.importFingerprint;
+			existing.needsReauth = undefined;
 			if (accountId) {
 				existing.accountId = accountId;
 			}
@@ -231,10 +248,22 @@ export class AccountManager {
 		return this.usageCache.get(email);
 	}
 
+	getAccountsNeedingReauth(): Account[] {
+		return this.data.accounts.filter((a) => a.needsReauth);
+	}
+
+	private markNeedsReauth(account: Account): void {
+		account.needsReauth = true;
+		this.save();
+		this.notifyStateChanged();
+	}
+
 	async refreshUsageForAccount(
 		account: Account,
 		options?: { force?: boolean; signal?: AbortSignal },
 	): Promise<CodexUsageSnapshot | undefined> {
+		if (account.needsReauth) return this.usageCache.get(account.email);
+
 		const cached = this.usageCache.get(account.email);
 		const now = Date.now();
 		if (
@@ -340,7 +369,17 @@ export class AccountManager {
 	}
 
 	async ensureValidToken(account: Account): Promise<string> {
+		if (account.needsReauth) {
+			const hint = account.importSource
+				? "/login openai-codex"
+				: `/multicodex use ${account.email}`;
+			throw new Error(
+				`${account.email}: re-authentication required — run ${hint}`,
+			);
+		}
+
 		if (Date.now() < account.expiresAt - 5 * 60 * 1000) {
+			this.syncActiveTokenToAuthJson(account);
 			return account.accessToken;
 		}
 
@@ -368,7 +407,11 @@ export class AccountManager {
 				}
 				this.save();
 				this.notifyStateChanged();
+				this.syncActiveTokenToAuthJson(account);
 				return account.accessToken;
+			} catch (error) {
+				this.markNeedsReauth(account);
+				throw error;
 			} finally {
 				this.refreshPromises.delete(account.email);
 			}
@@ -410,11 +453,17 @@ export class AccountManager {
 
 		// Both our copy and auth.json are expired — let AuthStorage refresh with
 		// its file lock so only one caller (us or pi) fires the API call.
-		const authStorage = AuthStorage.create();
-		const apiKey = await authStorage.getApiKey("openai-codex");
+		let apiKey: string | undefined;
+		try {
+			const authStorage = AuthStorage.create();
+			apiKey = await authStorage.getApiKey("openai-codex");
+		} catch {
+			// AuthStorage refresh failed; mark for re-auth below.
+		}
 		if (!apiKey) {
+			this.markNeedsReauth(account);
 			throw new Error(
-				"OpenAI Codex: token refresh failed — please re-authenticate with /login",
+				`${account.email}: token refresh failed — run /login openai-codex to re-authenticate`,
 			);
 		}
 

package/auth.ts

@@ -85,6 +85,39 @@ export function parseImportedOpenAICodexAuth(
 	};
 }
 
+/**
+ * Write the active account's tokens to auth.json so pi's background features
+ * (rename, compaction, inline suggestions) can resolve a valid API key through
+ * the normal AuthStorage path.
+ */
+export async function writeActiveTokenToAuthJson(creds: {
+	access: string;
+	refresh: string;
+	expires: number;
+	accountId?: string;
+}): Promise<void> {
+	let auth: Record<string, unknown> = {};
+	try {
+		const raw = await fs.readFile(AUTH_FILE, "utf8");
+		const parsed = JSON.parse(raw) as unknown;
+		if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+			auth = parsed as Record<string, unknown>;
+		}
+	} catch {
+		// File missing or corrupt — start fresh.
+	}
+
+	auth["openai-codex"] = {
+		type: "oauth",
+		access: creds.access,
+		refresh: creds.refresh,
+		expires: creds.expires,
+		accountId: creds.accountId,
+	};
+
+	await fs.writeFile(AUTH_FILE, JSON.stringify(auth, null, 2));
+}
+
 export async function loadImportedOpenAICodexAuth(): Promise<
 	ImportedOpenAICodexAuth | undefined
 > {

package/commands.ts

@@ -80,11 +80,16 @@ function parseResetTarget(value: string): ResetTarget | undefined {
 	return undefined;
 }
 
-function getAccountLabel(email: string, quotaExhaustedUntil?: number): string {
-	if (!quotaExhaustedUntil || quotaExhaustedUntil <= Date.now()) {
-		return email;
-	}
-	return `${email} (Quota)`;
+function getAccountLabel(
+	email: string,
+	options?: { quotaExhaustedUntil?: number; needsReauth?: boolean },
+): string {
+	const tags: string[] = [];
+	if (options?.needsReauth) tags.push("Reauth");
+	if (options?.quotaExhaustedUntil && options.quotaExhaustedUntil > Date.now())
+		tags.push("Quota");
+	if (tags.length === 0) return email;
+	return `${email} (${tags.join(", ")})`;
 }
 
 function formatAccountStatusLine(
@@ -100,9 +105,11 @@ function formatAccountStatusLine(
 		account.quotaExhaustedUntil && account.quotaExhaustedUntil > Date.now();
 	const untouched = isUsageUntouched(usage) ? "untouched" : null;
 	const imported = account.importSource ? "imported" : null;
+	const reauth = account.needsReauth ? "needs reauth" : null;
 	const tags = [
 		active?.email === account.email ? "active" : null,
 		manual?.email === account.email ? "manual" : null,
+		reauth,
 		quotaHit ? "quota" : null,
 		untouched,
 		imported,
@@ -234,7 +241,10 @@ async function openAccountSelectionPanel(
 	const accounts = accountManager.getAccounts();
 	const items = accounts.map((account) => ({
 		value: account.email,
-		label: getAccountLabel(account.email, account.quotaExhaustedUntil),
+		label: getAccountLabel(account.email, {
+			quotaExhaustedUntil: account.quotaExhaustedUntil,
+			needsReauth: account.needsReauth,
+		}),
 	}));
 
 	return ctx.ui.custom<AccountPanelResult>((_tui, theme, _kb, done) => {

package/extension.ts

@@ -28,7 +28,7 @@ export default function multicodexExtension(pi: ExtensionAPI) {
 
 	pi.on("session_start", (_event: unknown, ctx: ExtensionContext) => {
 		lastContext = ctx;
-		handleSessionStart(accountManager);
+		handleSessionStart(accountManager, (msg) => ctx.ui.notify(msg, "warning"));
 		statusController.startAutoRefresh();
 		void (async () => {
 			await statusController.loadPreferences(ctx);
@@ -41,7 +41,9 @@ export default function multicodexExtension(pi: ExtensionAPI) {
 		(event: { reason?: string }, ctx: ExtensionContext) => {
 			lastContext = ctx;
 			if (event.reason === "new") {
-				handleNewSessionSwitch(accountManager);
+				handleNewSessionSwitch(accountManager, (msg) =>
+					ctx.ui.notify(msg, "warning"),
+				);
 			}
 			void statusController.refreshFor(ctx);
 		},

package/hooks.ts

@@ -1,10 +1,27 @@
 import type { AccountManager } from "./account-manager";
 
+type WarningHandler = (message: string) => void;
+
 async function refreshAndActivateBestAccount(
 	accountManager: AccountManager,
+	warningHandler?: WarningHandler,
 ): Promise<void> {
 	await accountManager.syncImportedOpenAICodexAuth();
 	await accountManager.refreshUsageForAllAccounts({ force: true });
+
+	const needsReauth = accountManager.getAccountsNeedingReauth();
+	if (needsReauth.length > 0) {
+		const hints = needsReauth.map((a) => {
+			const cmd = a.importSource
+				? "/login openai-codex"
+				: `/multicodex use ${a.email}`;
+			return `${a.email} (${cmd})`;
+		});
+		warningHandler?.(
+			`Multicodex: ${needsReauth.length} account(s) need re-authentication: ${hints.join(", ")}`,
+		);
+	}
+
 	const manual = accountManager.getAvailableManualAccount();
 	if (manual) return;
 	if (accountManager.hasManualAccount()) {
@@ -13,11 +30,17 @@ async function refreshAndActivateBestAccount(
 	await accountManager.activateBestAccount();
 }
 
-export function handleSessionStart(accountManager: AccountManager): void {
+export function handleSessionStart(
+	accountManager: AccountManager,
+	warningHandler?: WarningHandler,
+): void {
 	if (accountManager.getAccounts().length === 0) return;
-	void refreshAndActivateBestAccount(accountManager);
+	void refreshAndActivateBestAccount(accountManager, warningHandler);
 }
 
-export function handleNewSessionSwitch(accountManager: AccountManager): void {
-	void refreshAndActivateBestAccount(accountManager);
+export function handleNewSessionSwitch(
+	accountManager: AccountManager,
+	warningHandler?: WarningHandler,
+): void {
+	void refreshAndActivateBestAccount(accountManager, warningHandler);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@victor-software-house/pi-multicodex",
-	"version": "2.0.9",
+	"version": "2.0.11",
 	"description": "Codex account rotation extension for pi",
 	"license": "MIT",
 	"type": "module",

package/selection.ts

@@ -6,6 +6,7 @@ import {
 } from "./usage";
 
 export function isAccountAvailable(account: Account, now: number): boolean {
+	if (account.needsReauth) return false;
 	return !account.quotaExhaustedUntil || account.quotaExhaustedUntil <= now;
 }
 

package/storage.ts

@@ -12,6 +12,7 @@ export interface Account {
 	quotaExhaustedUntil?: number;
 	importSource?: "pi-openai-codex";
 	importFingerprint?: string;
+	needsReauth?: boolean;
 }
 
 export interface StorageData {