cdx-manager 0.3.4 → 0.4.0

package/src/cli_commands.py

@@ -1,4 +1,5 @@
 import asyncio
+import getpass
 import json
 import os
 from datetime import datetime
@@ -6,10 +7,9 @@ from datetime import datetime
 from .claude_refresh import _refresh_claude_sessions
 from .cli_render import _dim, _info, _success, _warn
 from .errors import CdxError
-from .health import collect_health_report, format_health_report, health_json
+from .health import collect_health_report, format_health_report
 from .notify import (
     format_notify_event,
-    notify_json,
     parse_notify_args,
     send_desktop_notification,
     wait_for_notification_event,
@@ -19,25 +19,30 @@ from .provider_runtime import (
     _list_launch_transcript_paths,
     _run_interactive_provider_command,
 )
-from .repair import format_repair_report, repair_health, repair_json
+from .repair import format_repair_report, repair_health
+from .backup_bundle import read_bundle_meta
 from .status_view import _format_status_detail, _format_status_rows
 
 
 STATUS_USAGE = "Usage: cdx status [--json] [--refresh] | cdx status --small|-s [--refresh] | cdx status <name> [--json] [--refresh]"
 DOCTOR_USAGE = "Usage: cdx doctor [--json]"
 REPAIR_USAGE = "Usage: cdx repair [--dry-run] [--force] [--json]"
+EXPORT_USAGE = "Usage: cdx export <file> [--include-auth] [--force] [--json] [--sessions name1,name2] [--passphrase-env VAR]"
+IMPORT_USAGE = "Usage: cdx import <file> [--force] [--json] [--sessions name1,name2] [--passphrase-env VAR]"
+API_SCHEMA_VERSION = 1
 
 
 def _local_now_iso():
     return datetime.now().astimezone().isoformat()
 
 
-def _json_success(action, message, **extra):
+def _json_success(action, message, warnings=None, **extra):
     payload = {
+        "schema_version": API_SCHEMA_VERSION,
         "ok": True,
         "action": action,
         "message": message,
-        "warnings": [],
+        "warnings": warnings or [],
     }
     payload.update(extra)
     return payload
@@ -82,6 +87,142 @@ def _parse_remove_args(args):
     return {"name": names[0], "force": force}
 
 
+def _read_option_value(args, index, usage):
+    if index + 1 >= len(args):
+        raise CdxError(usage)
+    return args[index + 1], index + 2
+
+
+def _parse_session_names(value):
+    if value is None:
+        return None
+    names = [item.strip() for item in value.split(",") if item.strip()]
+    if not names:
+        raise CdxError("At least one session name is required in --sessions.")
+    return names
+
+
+def _parse_export_args(args):
+    parsed = {
+        "file_path": None,
+        "include_auth": False,
+        "force": False,
+        "json": False,
+        "session_names": None,
+        "passphrase_env": None,
+    }
+    index = 0
+    while index < len(args):
+        arg = args[index]
+        if arg == "--include-auth":
+            parsed["include_auth"] = True
+            index += 1
+            continue
+        if arg == "--force":
+            parsed["force"] = True
+            index += 1
+            continue
+        if arg == "--json":
+            parsed["json"] = True
+            index += 1
+            continue
+        if arg == "--sessions":
+            value, index = _read_option_value(args, index, EXPORT_USAGE)
+            parsed["session_names"] = _parse_session_names(value)
+            continue
+        if arg.startswith("--sessions="):
+            parsed["session_names"] = _parse_session_names(arg.split("=", 1)[1])
+            index += 1
+            continue
+        if arg == "--passphrase-env":
+            value, index = _read_option_value(args, index, EXPORT_USAGE)
+            parsed["passphrase_env"] = value
+            continue
+        if arg.startswith("--passphrase-env="):
+            parsed["passphrase_env"] = arg.split("=", 1)[1]
+            index += 1
+            continue
+        if arg.startswith("-"):
+            raise CdxError(EXPORT_USAGE)
+        if parsed["file_path"] is not None:
+            raise CdxError(EXPORT_USAGE)
+        parsed["file_path"] = arg
+        index += 1
+
+    if not parsed["file_path"]:
+        raise CdxError(EXPORT_USAGE)
+    if parsed["passphrase_env"] and not parsed["include_auth"]:
+        raise CdxError("--passphrase-env requires --include-auth for export.")
+    return parsed
+
+
+def _parse_import_args(args):
+    parsed = {
+        "file_path": None,
+        "force": False,
+        "json": False,
+        "session_names": None,
+        "passphrase_env": None,
+    }
+    index = 0
+    while index < len(args):
+        arg = args[index]
+        if arg == "--force":
+            parsed["force"] = True
+            index += 1
+            continue
+        if arg == "--json":
+            parsed["json"] = True
+            index += 1
+            continue
+        if arg == "--sessions":
+            value, index = _read_option_value(args, index, IMPORT_USAGE)
+            parsed["session_names"] = _parse_session_names(value)
+            continue
+        if arg.startswith("--sessions="):
+            parsed["session_names"] = _parse_session_names(arg.split("=", 1)[1])
+            index += 1
+            continue
+        if arg == "--passphrase-env":
+            value, index = _read_option_value(args, index, IMPORT_USAGE)
+            parsed["passphrase_env"] = value
+            continue
+        if arg.startswith("--passphrase-env="):
+            parsed["passphrase_env"] = arg.split("=", 1)[1]
+            index += 1
+            continue
+        if arg.startswith("-"):
+            raise CdxError(IMPORT_USAGE)
+        if parsed["file_path"] is not None:
+            raise CdxError(IMPORT_USAGE)
+        parsed["file_path"] = arg
+        index += 1
+
+    if not parsed["file_path"]:
+        raise CdxError(IMPORT_USAGE)
+    return parsed
+
+
+def _resolve_bundle_passphrase(ctx, env_var, prompt, confirm=False):
+    env = ctx.get("env", {})
+    if env_var:
+        passphrase = env.get(env_var)
+        if not passphrase:
+            raise CdxError(f"Environment variable {env_var} is empty or unset.")
+        return passphrase
+    if not ctx["stdin_is_tty"]:
+        raise CdxError("Encrypted bundle export/import requires an interactive terminal or --passphrase-env.")
+    getpass_fn = ctx["options"].get("getpass") or getpass.getpass
+    passphrase = getpass_fn(prompt)
+    if not passphrase:
+        raise CdxError("Bundle passphrase cannot be empty.")
+    if confirm:
+        confirmation = getpass_fn("Confirm bundle passphrase: ")
+        if passphrase != confirmation:
+            raise CdxError("Bundle passphrase confirmation does not match.")
+    return passphrase
+
+
 def _confirm_removal(name):
     answer = input(f"Remove session {name}? [y/N] ")
     return answer.strip().lower() in ("y", "yes")
@@ -269,7 +410,7 @@ def handle_doctor(rest, ctx):
         env=ctx.get("env"),
     )
     if json_flag:
-        ctx["out"](f"{health_json(report)}\n")
+        _write_json(ctx, _json_success("doctor", "Collected health report", report=report))
     else:
         ctx["out"](f"{format_health_report(report, use_color=ctx['use_color'])}\n")
     return 0
@@ -291,7 +432,7 @@ def handle_repair(rest, ctx):
         force=force,
     )
     if json_flag:
-        ctx["out"](f"{repair_json(report)}\n")
+        _write_json(ctx, _json_success("repair", "Collected repair report", report=report))
     else:
         ctx["out"](f"{format_repair_report(report, use_color=ctx['use_color'])}\n")
         if dry_run:
@@ -318,7 +459,7 @@ def handle_notify(rest, ctx):
         now_fn=ctx["options"].get("now"),
     )
     if parsed["json"]:
-        ctx["out"](f"{notify_json(event)}\n")
+        _write_json(ctx, _json_success("notify", "Resolved notification event", event=event))
     else:
         ctx["out"](f"{format_notify_event(event)}\n")
     return 0
@@ -349,12 +490,19 @@ def handle_status(rest, ctx):
         }
         for item in refresh_result.get("errors", [])
     ]
+    warnings = [
+        {
+            "code": "claude_refresh_failed",
+            "session": item.get("session") or "unknown",
+            "message": item.get("error") or "unknown error",
+        }
+        for item in refresh_errors
+    ]
 
     rows = ctx["service"]["get_status_rows"]()
     if len(args) == 0:
         if json_flag:
-            ctx["out"](f"{json.dumps(rows, indent=2)}\n")
-            _write_refresh_warnings(refresh_errors, ctx, stream="err")
+            _write_json(ctx, _json_success("status", "Collected session status rows", warnings=warnings, rows=rows))
             return 0
         ctx["out"](f"{_format_status_rows(rows, use_color=ctx['use_color'], small=small_flag)}\n")
         _write_refresh_warnings(refresh_errors, ctx)
@@ -364,8 +512,7 @@ def handle_status(rest, ctx):
     if not row:
         raise CdxError(f"Unknown session: {args[0]}")
     if json_flag:
-        ctx["out"](f"{json.dumps(row, indent=2)}\n")
-        _write_refresh_warnings(refresh_errors, ctx, stream="err")
+        _write_json(ctx, _json_success("status", f"Collected status for {args[0]}", warnings=warnings, session=row))
         return 0
     ctx["out"](f"{_format_status_detail(row, use_color=ctx['use_color'])}\n")
     _write_refresh_warnings(refresh_errors, ctx)
@@ -380,6 +527,74 @@ def _write_refresh_warnings(refresh_errors, ctx, stream="out"):
         write(f"{_warn(f'Warning: Claude refresh failed for {session}: {error}', ctx['use_color'])}\n")
 
 
+def handle_export(rest, ctx):
+    parsed = _parse_export_args(rest)
+    passphrase = None
+    if parsed["include_auth"]:
+        passphrase = _resolve_bundle_passphrase(
+            ctx,
+            parsed["passphrase_env"],
+            "Bundle passphrase: ",
+            confirm=True,
+        )
+    result = ctx["service"]["export_bundle"](
+        parsed["file_path"],
+        include_auth=parsed["include_auth"],
+        session_names=parsed["session_names"],
+        passphrase=passphrase,
+        force=parsed["force"],
+    )
+    session_count = len(result["session_names"])
+    auth_suffix = " with auth" if result["include_auth"] else ""
+    message = f"Exported {session_count} session{'s' if session_count != 1 else ''}{auth_suffix} to {result['path']}"
+    payload = _json_success(
+        "export",
+        message,
+        bundle=result,
+    )
+    if parsed["json"]:
+        _write_json(ctx, payload)
+        return 0
+    ctx["out"](f"{_success(message, ctx['use_color'])}\n")
+    return 0
+
+
+def handle_import(rest, ctx):
+    parsed = _parse_import_args(rest)
+    passphrase = None
+    try:
+        with open(parsed["file_path"], "rb") as handle:
+            meta = read_bundle_meta(handle.read())
+    except OSError as error:
+        raise CdxError(f"Bundle file not found: {parsed['file_path']}") from error
+    if meta.get("encrypted"):
+        passphrase = _resolve_bundle_passphrase(
+            ctx,
+            parsed["passphrase_env"],
+            "Bundle passphrase: ",
+            confirm=False,
+        )
+    result = ctx["service"]["import_bundle"](
+        parsed["file_path"],
+        passphrase=passphrase,
+        session_names=parsed["session_names"],
+        force=parsed["force"],
+    )
+    session_count = len(result["session_names"])
+    auth_suffix = " with auth" if result["include_auth"] else ""
+    message = f"Imported {session_count} session{'s' if session_count != 1 else ''}{auth_suffix} from {result['path']}"
+    payload = _json_success(
+        "import",
+        message,
+        bundle=result,
+    )
+    if parsed["json"]:
+        _write_json(ctx, payload)
+        return 0
+    ctx["out"](f"{_success(message, ctx['use_color'])}\n")
+    return 0
+
+
 def handle_login(rest, ctx):
     json_flag, args = _parse_json_flag(rest)
     if len(args) != 1:
@@ -436,6 +651,15 @@ def handle_logout(rest, ctx):
 
 def handle_launch(command, ctx):
     json_flag = "--json" in ctx["options"].get("raw_args", [])
+    update_notice = ctx.get("update_notice")
+    warnings = []
+    if update_notice:
+        warnings.append({
+            "code": "update_available",
+            "message": f"Update available: cdx-manager {update_notice['latest_version']}",
+            "latest_version": update_notice["latest_version"],
+            "url": update_notice.get("url"),
+        })
     session = ctx["service"]["launch_session"](command)
     _ensure_session_authentication(
         session,
@@ -450,6 +674,11 @@ def handle_launch(command, ctx):
     message = f"Launching {session['provider']} session {session['name']}"
     if not json_flag:
         ctx["out"](f"{_info(message, ctx['use_color'])}\n")
+        if update_notice:
+            text = f"Update available: cdx-manager {update_notice['latest_version']} (current version installed may be older)."
+            if update_notice.get("url"):
+                text = f"{text} {update_notice['url']}"
+            ctx["out"](f"{_warn(text, ctx['use_color'])}\n")
     if session["provider"] == "codex":
         if not json_flag:
             ctx["out"](f"{_dim('Tip: run /status once the Codex session opens.', ctx['use_color'])}\n")
@@ -458,5 +687,5 @@ def handle_launch(command, ctx):
         signal_emitter=ctx.get("signal_emitter")
     )
     if json_flag:
-        _write_json(ctx, _json_success("launch", message, session=ctx["service"]["get_session"](session["name"])))
+        _write_json(ctx, _json_success("launch", message, warnings=warnings, session=ctx["service"]["get_session"](session["name"])))
     return 0

package/src/session_service.py

@@ -2,10 +2,12 @@ import os
 import shutil
 import json
 import base64
+import sys
 import tempfile
 from datetime import datetime, timezone
 from urllib.parse import quote
 
+from .backup_bundle import decode_bundle, encode_bundle
 from .config import get_cdx_home
 from .errors import CdxError
 from .session_store import create_session_store
@@ -13,12 +15,15 @@ from .status_source import find_latest_status_artifact
 
 DEFAULT_PROVIDER = "codex"
 ALLOWED_PROVIDERS = {"codex", "claude"}
+MAX_SESSION_NAME_LENGTH = 64
 RESERVED_SESSION_NAMES = {
     "add",
     "clean",
     "cp",
     "doctor",
+    "export",
     "help",
+    "import",
     "login",
     "logout",
     "mv",
@@ -40,10 +45,27 @@ def _encode(name):
     return quote(name, safe="")
 
 
+def _ensure_private_dir(path):
+    os.makedirs(path, exist_ok=True)
+    if sys.platform == "win32":
+        return
+    try:
+        os.chmod(path, 0o700)
+    except OSError:
+        pass
+
+
 def _local_now_iso():
     return datetime.now().astimezone().isoformat()
 
 
+def _safe_relpath(path):
+    normalized = str(path or "").replace("\\", "/").strip("/")
+    if not normalized or normalized.startswith("../") or "/../" in f"/{normalized}/":
+        raise CdxError("Bundle contains an unsafe file path.")
+    return normalized
+
+
 def _to_local_iso(value):
     if not value:
         return value
@@ -222,15 +244,65 @@ def create_session_service(options=None):
     def _validate_new_session_name(name):
         if not name:
             raise CdxError("Session name is required")
+        if str(name) != str(name).strip():
+            raise CdxError("Session name cannot start or end with whitespace")
+        if len(str(name)) > MAX_SESSION_NAME_LENGTH:
+            raise CdxError(f"Session name is too long (max {MAX_SESSION_NAME_LENGTH} characters)")
+        if any(ord(ch) < 32 or ord(ch) == 127 for ch in str(name)):
+            raise CdxError("Session name cannot contain control characters")
         if name in RESERVED_SESSION_NAMES:
             raise CdxError(f"Session name is reserved: {name}")
 
+    def _build_export_session_record(session):
+        return {
+            "name": session["name"],
+            "provider": session["provider"],
+            "createdAt": session.get("createdAt"),
+            "updatedAt": session.get("updatedAt"),
+            "lastLaunchedAt": session.get("lastLaunchedAt"),
+            "lastStatusAt": session.get("lastStatusAt"),
+            "lastStatus": session.get("lastStatus"),
+            "auth": session.get("auth"),
+        }
+
+    def _collect_profile_files(session_root):
+        excluded_dirs = {"log", "tmp", "cache", "__pycache__", "shell_snapshots"}
+        files = []
+        if not os.path.isdir(session_root):
+            return files
+        for dirpath, dirnames, filenames in os.walk(session_root):
+            dirnames[:] = [name for name in dirnames if name not in excluded_dirs]
+            for filename in filenames:
+                full_path = os.path.join(dirpath, filename)
+                if not os.path.isfile(full_path):
+                    continue
+                rel_path = os.path.relpath(full_path, session_root)
+                with open(full_path, "rb") as handle:
+                    content = base64.b64encode(handle.read()).decode("ascii")
+                files.append({"path": rel_path.replace(os.sep, "/"), "data_b64": content})
+        return files
+
+    def _resolve_session_subset(session_names):
+        if not session_names:
+            return list_sessions()
+        by_name = {session["name"]: session for session in list_sessions()}
+        selected = []
+        for name in session_names:
+            session = by_name.get(name)
+            if not session:
+                raise CdxError(f"Unknown session: {name}")
+            selected.append(session)
+        return selected
+
     def create_session(name, provider=DEFAULT_PROVIDER):
         _validate_new_session_name(name)
         normalized_provider = _normalize_provider(provider)
         session_root = _get_session_root(name)
         auth_home = _get_session_auth_home(name, normalized_provider)
-        os.makedirs(auth_home, exist_ok=True)
+        _ensure_private_dir(base_dir)
+        _ensure_private_dir(os.path.join(base_dir, "profiles"))
+        _ensure_private_dir(session_root)
+        _ensure_private_dir(auth_home)
         now = _local_now_iso()
         session = {
             "name": name,
@@ -514,7 +586,6 @@ def create_session_service(options=None):
             rows.append({
                 "session_name": s["name"],
                 "provider": s["provider"],
-                "auth_home": s.get("authHome") or _get_session_auth_home(s["name"], s["provider"]),
                 "remaining_5h_pct": status.get("remaining_5h_pct") if status else None,
                 "remaining_week_pct": status.get("remaining_week_pct") if status else None,
                 "credits": status.get("credits") if status else None,
@@ -543,6 +614,116 @@ def create_session_service(options=None):
     def get_session_root(name):
         return _get_session_root(name)
 
+    def export_bundle(file_path, include_auth=False, session_names=None, passphrase=None, force=False):
+        if not file_path:
+            raise CdxError("Export path is required.")
+        if os.path.exists(file_path) and not force:
+            raise CdxError(f"Export path already exists: {file_path}")
+
+        sessions = _resolve_session_subset(session_names)
+        payload = {
+            "schema_version": 1,
+            "created_at": _local_now_iso(),
+            "include_auth": bool(include_auth),
+            "sessions": [],
+            "states": {},
+            "profiles": {},
+        }
+        for session in sessions:
+            payload["sessions"].append(_build_export_session_record(session))
+            state = store["read_session_state"](session["name"])
+            if state is not None:
+                payload["states"][session["name"]] = state
+            if include_auth:
+                session_root = session.get("sessionRoot") or _get_session_root(session["name"])
+                payload["profiles"][session["name"]] = _collect_profile_files(session_root)
+
+        bundle_bytes = encode_bundle(payload, include_auth=include_auth, passphrase=passphrase)
+        _ensure_private_dir(os.path.dirname(os.path.abspath(file_path)) or ".")
+        with open(file_path, "wb") as handle:
+            handle.write(bundle_bytes)
+        if sys.platform != "win32":
+            try:
+                os.chmod(file_path, 0o600)
+            except OSError:
+                pass
+        return {
+            "path": file_path,
+            "include_auth": include_auth,
+            "session_names": [session["name"] for session in sessions],
+        }
+
+    def import_bundle(file_path, passphrase=None, session_names=None, force=False):
+        if not file_path or not os.path.isfile(file_path):
+            raise CdxError(f"Bundle file not found: {file_path}")
+        with open(file_path, "rb") as handle:
+            decoded = decode_bundle(handle.read(), passphrase=passphrase)
+        payload = decoded["payload"]
+        imported_sessions = payload.get("sessions") or []
+        if payload.get("schema_version") != 1:
+            raise CdxError("Unsupported bundle payload schema version.")
+
+        selected_names = set(session_names or [])
+        if selected_names:
+            imported_sessions = [item for item in imported_sessions if item["name"] in selected_names]
+            missing_names = sorted(selected_names - {item["name"] for item in imported_sessions})
+            if missing_names:
+                raise CdxError(f"Bundle does not contain requested sessions: {', '.join(missing_names)}")
+        names = [item["name"] for item in imported_sessions]
+
+        existing = {session["name"] for session in list_sessions()}
+        conflicts = [name for name in names if name in existing]
+        if conflicts and not force:
+            raise CdxError(f"Import would overwrite existing sessions: {', '.join(conflicts)}")
+
+        for session_payload in imported_sessions:
+            name = session_payload["name"]
+            _validate_new_session_name(name)
+            provider = _normalize_provider(session_payload["provider"])
+            if name in existing:
+                remove_session(name)
+
+            session_root = _get_session_root(name)
+            auth_home = _get_session_auth_home(name, provider)
+            _ensure_private_dir(base_dir)
+            _ensure_private_dir(os.path.join(base_dir, "profiles"))
+            _ensure_private_dir(session_root)
+            _ensure_private_dir(auth_home)
+
+            session_record = {
+                **session_payload,
+                "provider": provider,
+                "sessionRoot": session_root,
+                "authHome": auth_home,
+            }
+            store["replace_session"](name, session_record)
+
+            state = (payload.get("states") or {}).get(name)
+            if state is not None:
+                store["write_session_state"](name, state)
+
+            for item in (payload.get("profiles") or {}).get(name, []):
+                rel_path = _safe_relpath(item.get("path"))
+                try:
+                    content = base64.b64decode(item.get("data_b64", "").encode("ascii"))
+                except (AttributeError, ValueError, UnicodeEncodeError) as error:
+                    raise CdxError(f"Bundle contains invalid file data for session {name}: {rel_path}") from error
+                dest_path = os.path.join(session_root, rel_path)
+                _ensure_private_dir(os.path.dirname(dest_path))
+                with open(dest_path, "wb") as handle:
+                    handle.write(content)
+                if sys.platform != "win32":
+                    try:
+                        os.chmod(dest_path, 0o600)
+                    except OSError:
+                        pass
+
+        return {
+            "path": file_path,
+            "session_names": names,
+            "include_auth": bool(decoded["meta"].get("include_auth")),
+        }
+
     return {
         "create_session": create_session,
         "remove_session": remove_session,
@@ -558,6 +739,8 @@ def create_session_service(options=None):
         "format_list_rows": format_list_rows,
         "get_session_auth_home": get_session_auth_home,
         "get_session_root": get_session_root,
+        "export_bundle": export_bundle,
+        "import_bundle": import_bundle,
         "base_dir": base_dir,
         "normalize_provider": _normalize_provider,
     }

package/src/session_store.py

@@ -1,5 +1,6 @@
 import json
 import os
+import sys
 import tempfile
 from contextlib import contextmanager
 from pathlib import Path
@@ -9,6 +10,16 @@ from .errors import CdxError
 
 def _ensure_dir(path):
     Path(path).mkdir(parents=True, exist_ok=True)
+    _restrict_dir_permissions(path)
+
+
+def _restrict_dir_permissions(path):
+    if sys.platform == "win32":
+        return
+    try:
+        os.chmod(path, 0o700)
+    except OSError:
+        pass
 
 
 def _read_json(file_path, fallback):

package/src/status_source.py

@@ -119,7 +119,9 @@ def _extract_status_blocks_from_text(text, provider=None, source_ref=None, times
                 r"^To continue this session\b", r"^╰",
             ]],
             context_pattern=re.compile(
-                r"^\s*$|^\s*(?:[│|]\s*)?(?:╭|Visit\b|information\b|Model:|Directory:|Permissions:|Agents\.md:|Account:|Collaboration mode:|Session:)",
+                r"^\s*$"
+                r"|^\s*[│|](?:\s|[│|])*$"
+                r"|^\s*(?:[│|]\s*)?(?:╭|Visit\b|information\b|Model:|Directory:|Permissions:|Agents\.md:|Account:|Collaboration mode:|Session:)",
                 re.I,
             ),
             context_stop_patterns=[