@victor-software-house/pi-multicodex 2.1.5 → 2.2.1

package/account-manager.ts

@@ -2,12 +2,8 @@ import {
 	type OAuthCredentials,
 	refreshOpenAICodexToken,
 } from "@mariozechner/pi-ai/oauth";
-import { AuthStorage } from "@mariozechner/pi-coding-agent";
 import { normalizeUnknownError } from "pi-provider-utils/streams";
-import {
-	loadImportedOpenAICodexAuth,
-	writeActiveTokenToAuthJson,
-} from "./auth";
+import { loadImportedOpenAICodexAuth } from "./auth";
 import { isAccountAvailable, pickBestAccount } from "./selection";
 import {
 	type Account,
@@ -48,23 +44,6 @@ export class AccountManager {
 		}
 	}
 
-	/**
-	 * Write the active account's tokens to auth.json so pi's background features
-	 * (rename, compaction) can resolve a valid API key via AuthStorage.
-	 */
-	private syncActiveTokenToAuthJson(account: Account): void {
-		try {
-			writeActiveTokenToAuthJson({
-				access: account.accessToken,
-				refresh: account.refreshToken,
-				expires: account.expiresAt,
-				accountId: account.accountId,
-			});
-		} catch {
-			// Best-effort sync — do not block token resolution.
-		}
-	}
-
 	onStateChange(handler: StateChangeHandler): () => void {
 		this.stateChangeHandlers.add(handler);
 		return () => {
@@ -366,6 +345,17 @@ export class AccountManager {
 		return changed;
 	}
 
+	detachImportedAuth(email: string): boolean {
+		const account = this.getAccount(email);
+		if (!account) return false;
+		const changed = this.clearImportedLink(account);
+		if (changed) {
+			this.save();
+			this.notifyStateChanged();
+		}
+		return changed;
+	}
+
 	async syncImportedOpenAICodexAuth(): Promise<boolean> {
 		const imported = await loadImportedOpenAICodexAuth();
 		if (!imported) return false;
@@ -624,12 +614,11 @@ export class AccountManager {
 		}
 
 		if (Date.now() < account.expiresAt - 5 * 60 * 1000) {
-			this.syncActiveTokenToAuthJson(account);
 			return account.accessToken;
 		}
 
-		// For the imported pi account, delegate to AuthStorage so we share pi's
-		// file lock and never race with pi's own refresh path.
+		// Imported auth is read-only. MultiCodex never refreshes or writes
+		// auth.json and instead requires the user to repair pi auth explicitly.
 		if (account.importSource === "pi-openai-codex") {
 			return this.ensureValidTokenForImportedAccount(account);
 		}
@@ -652,7 +641,6 @@ export class AccountManager {
 				}
 				this.save();
 				this.notifyStateChanged();
-				this.syncActiveTokenToAuthJson(account);
 				return account.accessToken;
 			} catch (error) {
 				this.markNeedsReauth(account);
@@ -667,17 +655,14 @@ export class AccountManager {
 	}
 
 	/**
-	 * Refresh path for the imported pi account.
+	 * Read-only path for imported pi auth.
 	 *
-	 * Uses AuthStorage so our refresh is serialised by the same file lock that
-	 * pi's own credential refresh uses. This prevents "refresh_token_reused"
-	 * errors caused by pi and multicodex both refreshing the same token
-	 * simultaneously.
+	 * MultiCodex may read auth.json to mirror pi's currently active Codex auth,
+	 * but it must never refresh or write auth.json itself.
 	 */
 	private async ensureValidTokenForImportedAccount(
 		account: Account,
 	): Promise<string> {
-		// Check if pi already refreshed since our last sync.
 		const latest = await loadImportedOpenAICodexAuth();
 		if (latest && Date.now() < latest.credentials.expires - 5 * 60 * 1000) {
 			account.accessToken = latest.credentials.access;
@@ -696,40 +681,9 @@ export class AccountManager {
 			return account.accessToken;
 		}
 
-		// Both our copy and auth.json are expired — let AuthStorage refresh with
-		// its file lock so only one caller (us or pi) fires the API call.
-		let apiKey: string | undefined;
-		try {
-			const authStorage = AuthStorage.create();
-			apiKey = await authStorage.getApiKey("openai-codex");
-		} catch {
-			// AuthStorage refresh failed; mark for re-auth below.
-		}
-		if (!apiKey) {
-			this.markNeedsReauth(account);
-			throw new Error(
-				`${account.email}: token refresh failed — run /login openai-codex to re-authenticate`,
-			);
-		}
-
-		// Read the refreshed tokens back from auth.json.
-		const refreshed = await loadImportedOpenAICodexAuth();
-		if (refreshed) {
-			account.accessToken = refreshed.credentials.access;
-			account.refreshToken = refreshed.credentials.refresh;
-			account.expiresAt = refreshed.credentials.expires;
-			account.importFingerprint = refreshed.fingerprint;
-			const accountId =
-				typeof refreshed.credentials.accountId === "string"
-					? refreshed.credentials.accountId
-					: undefined;
-			if (accountId) {
-				account.accountId = accountId;
-			}
-			this.save();
-			this.notifyStateChanged();
-		}
-
-		return apiKey;
+		this.markNeedsReauth(account);
+		throw new Error(
+			`${account.email}: imported pi auth is expired — run /login openai-codex to re-authenticate`,
+		);
 	}
 }

package/auth.ts

@@ -1,9 +1,4 @@
-import {
-	existsSync,
-	promises as fs,
-	readFileSync,
-	writeFileSync,
-} from "node:fs";
+import { promises as fs } from "node:fs";
 import type { OAuthCredentials } from "@mariozechner/pi-ai/oauth";
 import { getAgentAuthPath } from "pi-provider-utils/agent-paths";
 
@@ -127,47 +122,6 @@ export function parseImportedOpenAICodexAuth(
 	};
 }
 
-/**
- * Write the active account's tokens to auth.json so pi's background features
- * (rename, compaction, inline suggestions) can resolve a valid API key through
- * the normal AuthStorage path.
- */
-/**
- * Synchronously write the active account's tokens to auth.json so pi's
- * background features (rename, compaction) can resolve a valid API key.
- *
- * Uses synchronous I/O to avoid interleaved writes with pi's own code.
- */
-export function writeActiveTokenToAuthJson(creds: {
-	access: string;
-	refresh: string;
-	expires: number;
-	accountId?: string;
-}): void {
-	let auth: Record<string, unknown> = {};
-	try {
-		if (existsSync(AUTH_FILE)) {
-			const raw = readFileSync(AUTH_FILE, "utf8");
-			const parsed = JSON.parse(raw) as unknown;
-			if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
-				auth = parsed as Record<string, unknown>;
-			}
-		}
-	} catch {
-		// File missing or corrupt — start fresh.
-	}
-
-	auth["openai-codex"] = {
-		type: "oauth",
-		access: creds.access,
-		refresh: creds.refresh,
-		expires: creds.expires,
-		accountId: creds.accountId,
-	};
-
-	writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2));
-}
-
 export async function loadImportedOpenAICodexAuth(): Promise<
 	ImportedOpenAICodexAuth | undefined
 > {

package/commands.ts

@@ -5,22 +5,22 @@ import type {
 	ExtensionAPI,
 	ExtensionCommandContext,
 } from "@mariozechner/pi-coding-agent";
-import { getSelectListTheme } from "@mariozechner/pi-coding-agent";
+import { DynamicBorder, rawKeyHint } from "@mariozechner/pi-coding-agent";
 import {
 	type AutocompleteItem,
 	Container,
-	Key,
+	getKeybindings,
 	matchesKey,
-	SelectList,
-	Text,
+	Spacer,
+	truncateToWidth,
+	visibleWidth,
 } from "@mariozechner/pi-tui";
 import { getAgentSettingsPath } from "pi-provider-utils/agent-paths";
 import { normalizeUnknownError } from "pi-provider-utils/streams";
 import type { AccountManager } from "./account-manager";
-import { writeActiveTokenToAuthJson } from "./auth";
 import { openLoginInBrowser } from "./browser";
 import type { createUsageStatusController } from "./status";
-import { STORAGE_FILE } from "./storage";
+import { type Account, STORAGE_FILE } from "./storage";
 import { formatResetAt, isUsageUntouched } from "./usage";
 
 const SETTINGS_FILE = getAgentSettingsPath();
@@ -87,35 +87,42 @@ function parseResetTarget(value: string): ResetTarget | undefined {
 	return undefined;
 }
 
-function formatAccountStatusLine(
+function isPlaceholderAccount(account: Account): boolean {
+	return (
+		!account.accessToken || !account.refreshToken || account.expiresAt <= 0
+	);
+}
+
+function getAccountTags(
 	accountManager: AccountManager,
-	email: string,
-): string {
-	const account = accountManager.getAccount(email);
-	if (!account) return email;
+	account: Account,
+): string[] {
 	const usage = accountManager.getCachedUsage(account.email);
 	const active = accountManager.getActiveAccount();
 	const manual = accountManager.getManualAccount();
 	const quotaHit =
 		account.quotaExhaustedUntil && account.quotaExhaustedUntil > Date.now();
-	const untouched = isUsageUntouched(usage) ? "untouched" : null;
 	const imported = account.importSource
 		? account.importMode === "synthetic"
 			? "pi auth only"
 			: "pi auth"
 		: null;
-	const reauth = account.needsReauth ? "needs reauth" : null;
-	const tags = [
+	return [
 		active?.email === account.email ? "active" : null,
 		manual?.email === account.email ? "manual" : null,
-		reauth,
+		account.needsReauth ? "needs reauth" : null,
+		isPlaceholderAccount(account) ? "placeholder" : null,
 		quotaHit ? "quota" : null,
-		untouched,
+		isUsageUntouched(usage) ? "untouched" : null,
 		imported,
-	]
-		.filter(Boolean)
-		.join(", ");
-	const suffix = tags ? ` (${tags})` : "";
+	].filter((value): value is string => Boolean(value));
+}
+
+function formatUsageSummary(
+	accountManager: AccountManager,
+	account: Account,
+): string {
+	const usage = accountManager.getCachedUsage(account.email);
 	const primaryUsed = usage?.primary?.usedPercent;
 	const secondaryUsed = usage?.secondary?.usedPercent;
 	const primaryReset = usage?.primary?.resetAt;
@@ -124,8 +131,18 @@ function formatAccountStatusLine(
 		primaryUsed === undefined ? "unknown" : `${Math.round(primaryUsed)}%`;
 	const secondaryLabel =
 		secondaryUsed === undefined ? "unknown" : `${Math.round(secondaryUsed)}%`;
-	const usageSummary = `5h ${primaryLabel} reset:${formatResetAt(primaryReset)} | weekly ${secondaryLabel} reset:${formatResetAt(secondaryReset)}`;
-	return `${account.email}${suffix} - ${usageSummary}`;
+	return `5h ${primaryLabel} reset:${formatResetAt(primaryReset)} | weekly ${secondaryLabel} reset:${formatResetAt(secondaryReset)}`;
+}
+
+function formatAccountStatusLine(
+	accountManager: AccountManager,
+	email: string,
+): string {
+	const account = accountManager.getAccount(email);
+	if (!account) return email;
+	const tags = getAccountTags(accountManager, account).join(", ");
+	const suffix = tags ? ` (${tags})` : "";
+	return `${account.email}${suffix} - ${formatUsageSummary(accountManager, account)}`;
 }
 
 function getSubcommandCompletions(prefix: string): AutocompleteItem[] | null {
@@ -228,16 +245,10 @@ async function loginAndActivateAccount(
 			onPrompt: async ({ message }) => (await ctx.ui.input(message)) || "",
 		});
 
+		const existing = accountManager.getAccount(identifier);
 		const account = accountManager.addOrUpdateAccount(identifier, creds);
-		if (account.importSource) {
-			writeActiveTokenToAuthJson({
-				access: creds.access,
-				refresh: creds.refresh,
-				expires: creds.expires,
-				accountId:
-					typeof creds.accountId === "string" ? creds.accountId : undefined,
-			});
-			await accountManager.syncImportedOpenAICodexAuth();
+		if (existing?.importSource) {
+			accountManager.detachImportedAuth(account.email);
 		}
 		accountManager.setManualAccount(account.email);
 		ctx.ui.notify(`Now using ${account.email}`, "info");
@@ -344,58 +355,234 @@ async function openAccountManagementPanel(
 	accountManager: AccountManager,
 ): Promise<AccountPanelResult> {
 	const accounts = accountManager.getAccounts();
-	const items = accounts.map((account) => ({
-		value: account.email,
-		label: formatAccountStatusLine(accountManager, account.email),
-	}));
 
-	return ctx.ui.custom<AccountPanelResult>((_tui, theme, _kb, done) => {
-		const container = new Container();
-		container.addChild(
-			new Text(theme.fg("accent", theme.bold("MultiCodex Accounts")), 1, 0),
-		);
-		container.addChild(
-			new Text(
-				theme.fg(
-					"dim",
-					"enter: use  u: refresh  r: re-auth  n: add  backspace: remove  esc: cancel",
-				),
-				1,
-				0,
-			),
-		);
+	return ctx.ui.custom<AccountPanelResult>((tui, theme, _kb, done) => {
+		const kb = getKeybindings();
+		let selectedIndex = 0;
+		const maxVisible = 12;
+
+		function getSelectedAccount(): Account | undefined {
+			return accounts[selectedIndex];
+		}
+
+		function findNextIndex(from: number, direction: number): number {
+			if (accounts.length === 0) return 0;
+			return Math.max(0, Math.min(accounts.length - 1, from + direction));
+		}
+
+		function renderTag(text: string): string {
+			if (text === "active") {
+				return theme.fg("accent", `[${text}]`);
+			}
+			if (text === "manual") {
+				return theme.fg("warning", `[${text}]`);
+			}
+			if (text === "needs reauth") {
+				return theme.fg("error", `[${text}]`);
+			}
+			if (text === "placeholder") {
+				return theme.fg("warning", `[${text}]`);
+			}
+			if (text === "quota") {
+				return theme.fg("warning", `[${text}]`);
+			}
+			if (text === "pi auth" || text === "pi auth only") {
+				return theme.fg("success", `[${text}]`);
+			}
+			return theme.fg("muted", `[${text}]`);
+		}
 
-		const selectList = new SelectList(items, 12, getSelectListTheme());
-		selectList.onSelect = (item) => {
-			done({ action: "select", email: item.value });
+		function renderRow(
+			account: Account,
+			selected: boolean,
+			width: number,
+		): string[] {
+			const cursor = selected ? theme.fg("accent", ">") : theme.fg("dim", " ");
+			const name = selected ? theme.bold(account.email) : account.email;
+			const tags = getAccountTags(accountManager, account)
+				.map((tag) => renderTag(tag))
+				.join(" ");
+			const primary = truncateToWidth(
+				`${cursor} ${name}${tags ? ` ${tags}` : ""}`,
+				width,
+				"",
+			);
+			const summaryColor = account.needsReauth
+				? "warning"
+				: isPlaceholderAccount(account)
+					? "muted"
+					: "dim";
+			const secondary = theme.fg(
+				summaryColor,
+				formatUsageSummary(accountManager, account),
+			);
+			return [primary, truncateToWidth(`  ${secondary}`, width, "")];
+		}
+
+		const header = {
+			invalidate() {},
+			render(width: number): string[] {
+				const title = theme.bold("MultiCodex Accounts");
+				const sep = theme.fg("muted", " · ");
+				const hints = [
+					rawKeyHint("enter", "use"),
+					rawKeyHint("u", "refresh"),
+					rawKeyHint("r", "reauth"),
+					rawKeyHint("n", "add"),
+					rawKeyHint("backspace", "remove"),
+					rawKeyHint("esc", "close"),
+				].join(sep);
+				const spacing = Math.max(
+					1,
+					width - visibleWidth(title) - visibleWidth(hints),
+				);
+				const reauthCount = accountManager.getAccountsNeedingReauth().length;
+				const placeholderCount = accounts.filter((account) =>
+					isPlaceholderAccount(account),
+				).length;
+				const status = [
+					`${accounts.length} account${accounts.length === 1 ? "" : "s"}`,
+					reauthCount > 0 ? `${reauthCount} need reauth` : undefined,
+					placeholderCount > 0
+						? `${placeholderCount} placeholder${placeholderCount === 1 ? "" : "s"}`
+						: undefined,
+				]
+					.filter(Boolean)
+					.join(" · ");
+				return [
+					truncateToWidth(`${title}${" ".repeat(spacing)}${hints}`, width, ""),
+					theme.fg("muted", status),
+				];
+			},
 		};
-		selectList.onCancel = () => done(undefined);
-		container.addChild(selectList);
+
+		const list = {
+			invalidate() {},
+			render(width: number): string[] {
+				const lines: string[] = [];
+				if (accounts.length === 0) {
+					return [theme.fg("muted", "  No managed accounts")];
+				}
+
+				const visibleRows = Math.max(1, Math.floor(maxVisible / 2));
+				const startIndex = Math.max(
+					0,
+					Math.min(
+						selectedIndex - Math.floor(visibleRows / 2),
+						Math.max(0, accounts.length - visibleRows),
+					),
+				);
+				const endIndex = Math.min(accounts.length, startIndex + visibleRows);
+
+				for (let index = startIndex; index < endIndex; index++) {
+					const account = accounts[index];
+					if (!account) continue;
+					lines.push(...renderRow(account, index === selectedIndex, width));
+					if (index < endIndex - 1) {
+						lines.push("");
+					}
+				}
+
+				const selected = getSelectedAccount();
+				if (selected) {
+					lines.push("");
+					const detail = isPlaceholderAccount(selected)
+						? `selected: ${selected.email} · restored placeholder, re-auth required`
+						: `selected: ${selected.email}`;
+					lines.push(truncateToWidth(theme.fg("dim", detail), width, ""));
+				}
+
+				const current = selectedIndex + 1;
+				lines.push(
+					theme.fg(
+						"dim",
+						`  ${current}/${accounts.length} visible account rows`,
+					),
+				);
+				return lines;
+			},
+		};
+
+		const container = new Container();
+		container.addChild(new Spacer(1));
+		container.addChild(new DynamicBorder());
+		container.addChild(new Spacer(1));
+		container.addChild(header);
+		container.addChild(new Spacer(1));
+		container.addChild(list);
+		container.addChild(new Spacer(1));
+		container.addChild(new DynamicBorder());
 
 		return {
-			render: (width: number) => container.render(width),
-			invalidate: () => container.invalidate(),
-			handleInput: (data: string) => {
+			render(width: number) {
+				return container.render(width);
+			},
+			invalidate() {
+				container.invalidate();
+			},
+			handleInput(data: string) {
+				if (kb.matches(data, "tui.select.up")) {
+					selectedIndex = findNextIndex(selectedIndex, -1);
+					tui.requestRender();
+					return;
+				}
+				if (kb.matches(data, "tui.select.down")) {
+					selectedIndex = findNextIndex(selectedIndex, 1);
+					tui.requestRender();
+					return;
+				}
+				if (kb.matches(data, "tui.select.pageUp")) {
+					selectedIndex = findNextIndex(selectedIndex, -5);
+					tui.requestRender();
+					return;
+				}
+				if (kb.matches(data, "tui.select.pageDown")) {
+					selectedIndex = findNextIndex(selectedIndex, 5);
+					tui.requestRender();
+					return;
+				}
+				if (
+					kb.matches(data, "tui.select.cancel") ||
+					matchesKey(data, "ctrl+c")
+				) {
+					done(undefined);
+					return;
+				}
+				if (
+					data === "\r" ||
+					data === "\n" ||
+					kb.matches(data, "tui.select.confirm")
+				) {
+					const selected = getSelectedAccount();
+					if (selected) {
+						done({ action: "select", email: selected.email });
+					}
+					return;
+				}
 				if (data.toLowerCase() === "n") {
 					done({ action: "add" });
 					return;
 				}
-				const selected = selectList.getSelectedItem();
-				if (selected && data.toLowerCase() === "u") {
-					done({ action: "refresh", email: selected.value });
+				if (data.toLowerCase() === "u") {
+					const selected = getSelectedAccount();
+					if (selected) {
+						done({ action: "refresh", email: selected.email });
+					}
 					return;
 				}
-				if (selected && data.toLowerCase() === "r") {
-					done({ action: "reauth", email: selected.value });
+				if (data.toLowerCase() === "r") {
+					const selected = getSelectedAccount();
+					if (selected) {
+						done({ action: "reauth", email: selected.email });
+					}
 					return;
 				}
-				if (matchesKey(data, Key.backspace)) {
+				if (matchesKey(data, "backspace")) {
+					const selected = getSelectedAccount();
 					if (selected) {
-						done({ action: "remove", email: selected.value });
+						done({ action: "remove", email: selected.email });
 					}
-					return;
 				}
-				selectList.handleInput(data);
 			},
 		};
 	});

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@victor-software-house/pi-multicodex",
-	"version": "2.1.5",
+	"version": "2.2.1",
 	"description": "Codex account rotation extension for pi",
 	"license": "MIT",
 	"type": "module",

package/provider.ts

@@ -53,8 +53,7 @@ function getActiveApiKey(accountManager: AccountManager): string {
 			return account.accessToken;
 		}
 	}
-	// Placeholder — AuthStorage will override on every actual API call
-	// as long as auth.json has valid tokens.
+	// Fallback placeholder until MultiCodex resolves a usable managed account.
 	return "pending-login";
 }