cdx-manager 0.5.3 → 0.5.5

package/README.md

@@ -1,6 +1,6 @@
 # CDX Manager
 
-[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.5.3-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
+[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.5.5-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
 
 **Run multiple Codex and Claude sessions from one terminal. Switch between accounts instantly.**
 
@@ -35,7 +35,7 @@ One command to launch any session. Zero auth juggling.
 - **Multiple accounts, one tool.** Register as many Codex or Claude sessions as you need. Each one gets its own isolated auth environment — no cross-contamination between accounts.
 - **Instant launch.** `cdx work` opens your "work" session. `cdx personal` opens another. No config files to edit mid-flow.
 - **Auth guardrails.** `cdx` checks authentication before launching. If a session is not logged in, it tells you exactly what to run — no silent failures.
-- **Usage at a glance.** `cdx status` shows token usage, 5-hour window quota, weekly quota, and last-updated timestamps for every session in one aligned table.
+- **Usage at a glance.** `cdx status` shows token usage, 5-hour window quota, weekly quota, last-updated timestamps, priority guidance, and the last launched session in one aligned table.
 - **Session control.** Disable a session without deleting it when an account is temporarily out of credits; disabled sessions remain visible and sort last.
 - **Shared handoff context.** Keep a per-workspace Markdown context, or build one from a source session transcript, and install it into another assistant session before switching providers or accounts.
 - **Passive status resolution.** Codex status is read from the local Codex app-server rate-limit API when available, with legacy transcript/history parsing kept as a fallback.
@@ -126,7 +126,7 @@ For a specific version:
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/AlexAgo83/cdx-manager/main/install.sh -o install.sh
-CDX_VERSION=v0.5.3 sh install.sh
+CDX_VERSION=v0.5.5 sh install.sh
 ```
 
 From source:
@@ -349,7 +349,7 @@ cdx import backup-auth.cdx --passphrase-env CDX_BUNDLE_PASSPHRASE
 
 Notes:
 
-- `--include-auth` is encrypted and requires a passphrase.
+- `--include-auth` is encrypted, requires a passphrase, and exports only provider credential files rather than full profile caches or logs.
 - Without `--passphrase-env`, `cdx` prompts in an interactive terminal.
 - `--sessions work,perso` exports or imports only a subset.
 - `--force` allows overwriting existing destination sessions during import or replacing an existing bundle file during export.

package/changelogs/CHANGELOGS_0_5_4.md

@@ -0,0 +1,49 @@
+# Changelog (`0.5.3 -> 0.5.4`)
+
+Release date: 2026-05-23
+
+## Major Highlights
+
+- Added a Logics ADR for the code quality, security, performance, and test coverage improvements completed after `0.5.3`.
+- Hardened bundle import path handling and launch prompt validation without changing CLI contracts or on-disk formats.
+- Improved status parsing and provider handling internals for safer future maintenance.
+- Added structured Codex app-server probe diagnostics while keeping the existing status API behavior compatible.
+
+## Security and Runtime Hardening
+
+- Hardened bundle relative path validation against traversal, absolute paths, and Windows drive paths.
+- Validated provider launch `initial_prompt` type and length before it is passed into subprocess arguments.
+- Replaced mutable signal-capture state with explicit `nonlocal` signal forwarding.
+- Added Linux `notify-send` support with backend timeout handling and shell-free notification arguments.
+
+## Status and Provider Internals
+
+- Moved status extraction regex compilation to module-level constants.
+- Added shared provider constants for Codex and Claude identity checks.
+- Improved Claude status refresh handling for sync and async refresh functions without per-thread event loops.
+- Added `fetch_codex_rate_limit_diagnostic()` to expose structured failure reasons such as missing auth home, initialize failure, app-server read failure, missing rate limits, and missing Codex CLI.
+
+## CLI Parser Maintenance
+
+- Factorized more CLI flag parsing through a shared flat-flag parser.
+- Added `--flag=value` support where appropriate, including `cdx notify --poll=<seconds>`.
+- Preserved existing usage errors and JSON/non-JSON output contracts.
+
+## Documentation
+
+- Added `logics/architecture/adr_001_code_quality_and_security_improvements.md` documenting the security, test, quality, and performance decisions.
+- Updated package metadata, CLI version output, README badge, and pinned installer example to `v0.5.4`.
+
+## Validation and Regression Coverage
+
+- Added direct session-store rollback tests for add, remove, rename, and replace failure paths.
+- Added status-source tests for key-value, Codex block, Claude block, artifact selection, reset timestamp parsing, and safe relative paths.
+- Added notification tests for macOS, Linux, backend fallback, timeout, and argument handling.
+- Added CLI parser tests for update, status, repair, export/import subsets, corrupt bundles, and clean behavior with and without logs.
+- Added Codex app-server diagnostic tests for success and failure cases.
+
+## Validation and Regression Evidence
+
+- `npm test`
+- `npm run lint`
+- `python logics/skills/logics.py lint --require-status`

package/changelogs/CHANGELOGS_0_5_5.md

@@ -0,0 +1,48 @@
+# Changelog (`0.5.4 -> 0.5.5`)
+
+Release date: 2026-05-24
+
+## Major Highlights
+
+- Fixed Claude usage probing for OAuth credentials by using bearer-token authentication.
+- Improved `cdx status` guidance with progress output, conservative reset timing, near-empty account handling, and last-launched session context.
+- Made encrypted auth exports lightweight by backing up provider credential files instead of full profile caches, logs, and runtime artifacts.
+
+## Usage and Status
+
+- Added progress output while `cdx status` resolves session statuses in text mode, while keeping `--json` output clean.
+- Added a `Current:` line under the priority recommendation showing the last launched session, useful before running a handoff.
+- Removed the older status tip line now that status output carries actionable priority and current-session context.
+- Treated sessions with `5%` or less availability as empty for priority recommendations, while preserving the true percentage in the table.
+- Added a conservative one-minute reset countdown margin so users are less likely to switch back before a reset is usable.
+
+## Claude Usage Handling
+
+- Fixed the Claude rate-limit probe to send OAuth access tokens as `Authorization: Bearer ...`.
+- Surfaced Claude HTTP failures without rate-limit headers as structured refresh warnings, including API error text when available.
+- Preserved existing fallback behavior for unavailable network probes and historical status data.
+
+## Export and Backup
+
+- Limited `cdx export --include-auth` to provider credential files:
+  - Codex: `auth.json`
+  - Claude: `claude-home/.claude/.credentials.json`, `claude-home/.claude.json`, and legacy `claude-home/auth.json`
+- Excluded profile caches, logs, SQLite usage databases, temporary files, and provider runtime artifacts from auth bundles.
+- Added export progress output in text mode and a final summary with bundle size, auth file count, and auth data size.
+- Kept `cdx export --json` clean and added bundle metrics to its JSON payload.
+
+## Documentation
+
+- Updated package metadata, CLI version output, README badge, and pinned installer example to `v0.5.5`.
+- Clarified that encrypted auth exports include credential files rather than full profile caches or logs.
+
+## Validation and Regression Coverage
+
+- Added regression coverage for Claude HTTP failures without usage headers.
+- Added status rendering tests for progress output, last-launched context, near-empty priority handling, and removed tip text.
+- Added export/import tests proving auth bundles exclude non-auth profile files such as `logs_2.sqlite`.
+
+## Validation and Regression Evidence
+
+- `python3 -m pytest test/test_cli_py.py test/test_session_service_py.py`
+- `python3 -m pytest test/test_runtime_py.py test/test_cli_py.py test/test_status_source_py.py`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdx-manager",
-  "version": "0.5.3",
+  "version": "0.5.5",
   "description": "Terminal session manager for Codex and Claude accounts.",
   "license": "MIT",
   "author": "Alexandre Agostini",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cdx-manager"
-version = "0.5.3"
+version = "0.5.5"
 description = "Terminal session manager for Codex and Claude accounts."
 readme = "README.md"
 requires-python = ">=3.9"

package/src/claude_refresh.py

@@ -3,6 +3,7 @@ import threading
 from datetime import datetime, timezone
 
 from .claude_usage import refresh_claude_session_status
+from .config import PROVIDER_CLAUDE
 from .errors import CdxError
 
 CLAUDE_REFRESH_TTL_SECONDS = 10 * 60
@@ -35,7 +36,7 @@ def _refresh_claude_sessions(service, refresh_fn=None, target_names=None, force=
     sessions = service["list_sessions"]()
     claude_sessions = [
         s for s in sessions
-        if s["provider"] == "claude"
+        if s["provider"] == PROVIDER_CLAUDE
         and s.get("enabled", True) is not False
         and (not target_names or s["name"] in target_names)
         and (force or _is_stale(s, ttl_seconds=ttl_seconds))
@@ -45,25 +46,41 @@ def _refresh_claude_sessions(service, refresh_fn=None, target_names=None, force=
 
     errors = []
     results = {}
-    threads = []
 
-    def fetch(s):
-        try:
-            usage = refresh_fn(s)
-            if inspect.isawaitable(usage):
-                import asyncio
-                usage = asyncio.run(usage)
-            if usage:
-                results[s["name"]] = usage
-        except Exception as e:
-            errors.append({"session": s["name"], "error": e})
-
-    for s in claude_sessions:
-        t = threading.Thread(target=fetch, args=(s,))
-        threads.append(t)
-        t.start()
-    for t in threads:
-        t.join()
+    if inspect.iscoroutinefunction(refresh_fn):
+        import asyncio
+
+        async def fetch_all():
+            async def fetch_async(s):
+                try:
+                    usage = await refresh_fn(s)
+                    if usage:
+                        results[s["name"]] = usage
+                except Exception as e:
+                    errors.append({"session": s["name"], "error": e})
+
+            await asyncio.gather(*(fetch_async(s) for s in claude_sessions))
+
+        asyncio.run(fetch_all())
+    else:
+        threads = []
+
+        def fetch(s):
+            try:
+                usage = refresh_fn(s)
+                if inspect.isawaitable(usage):
+                    raise CdxError("Claude refresh function returned an awaitable from a sync callable.")
+                if usage:
+                    results[s["name"]] = usage
+            except Exception as e:
+                errors.append({"session": s["name"], "error": e})
+
+        for s in claude_sessions:
+            t = threading.Thread(target=fetch, args=(s,), daemon=True)
+            threads.append(t)
+            t.start()
+        for t in threads:
+            t.join(timeout=10)
 
     for name, usage in results.items():
         try:

package/src/claude_usage.py

@@ -4,6 +4,8 @@ import urllib.request
 import urllib.error
 from datetime import datetime, timezone
 
+from .errors import CdxError
+
 MONTH_ABBR = ["Jan", "Feb", "Mar", "Apr", "May", "Jun",
               "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"]
 CLAUDE_STATUS_PROBE_MODEL = os.environ.get("CDX_CLAUDE_STATUS_MODEL", "claude-haiku-4-5-20251001")
@@ -24,6 +26,29 @@ def _format_reset_date(unix_seconds):
     return f"{MONTH_ABBR[dt.month - 1]} {dt.day} {str(dt.hour).zfill(2)}:{str(dt.minute).zfill(2)}"
 
 
+def _read_http_error_message(error):
+    try:
+        body = error.read().decode("utf-8", errors="replace")
+    except (AttributeError, OSError, UnicodeDecodeError):
+        body = ""
+    if not body:
+        return ""
+    try:
+        payload = json.loads(body)
+    except json.JSONDecodeError:
+        return body.strip()
+    detail = payload.get("error") if isinstance(payload, dict) else None
+    if isinstance(detail, dict):
+        message = detail.get("message") or detail.get("type")
+        if message:
+            return str(message)
+    if isinstance(payload, dict):
+        message = payload.get("message") or payload.get("detail")
+        if message:
+            return str(message)
+    return body.strip()
+
+
 def fetch_claude_rate_limit_headers(access_token):
     body = json.dumps({
         "model": CLAUDE_STATUS_PROBE_MODEL,
@@ -35,7 +60,7 @@ def fetch_claude_rate_limit_headers(access_token):
         "https://api.anthropic.com/v1/messages",
         data=body,
         headers={
-            "x-api-key": access_token,
+            "Authorization": f"Bearer {access_token}",
             "anthropic-version": "2023-06-01",
             "content-type": "application/json",
         },
@@ -47,6 +72,13 @@ def fetch_claude_rate_limit_headers(access_token):
             headers = {k.lower(): v for k, v in resp.getheaders()}
     except urllib.error.HTTPError as e:
         headers = {k.lower(): v for k, v in e.headers.items()}
+        if (
+            "anthropic-ratelimit-unified-5h-utilization" not in headers
+            and "anthropic-ratelimit-unified-7d-utilization" not in headers
+        ):
+            message = _read_http_error_message(e)
+            suffix = f": {message}" if message else ""
+            raise CdxError(f"Claude usage unavailable (HTTP {e.code}{suffix})") from e
     except urllib.error.URLError:
         return None
 

package/src/cli.py

@@ -49,7 +49,7 @@ from .status_view import (
 )
 from .update_check import check_for_update
 
-VERSION = "0.5.3"
+VERSION = "0.5.5"
 
 
 # ---------------------------------------------------------------------------