cdx-manager 0.6.2 → 0.6.4

package/README.md

@@ -1,6 +1,6 @@
 # CDX Manager
 
-[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.6.2-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
+[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.6.4-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
 
 **Run multiple Codex, Claude, Antigravity, and Ollama sessions from one terminal. Switch between accounts instantly.**
 
@@ -134,7 +134,7 @@ For a specific version:
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/AlexAgo83/cdx-manager/main/install.sh -o install.sh
-CDX_VERSION=v0.6.2 sh install.sh
+CDX_VERSION=v0.6.4 sh install.sh
 ```
 
 From source:

package/changelogs/CHANGELOGS_0_6_3.md

@@ -0,0 +1,28 @@
+# Changelog (`0.6.2 -> 0.6.3`)
+
+Release date: 2026-05-29
+
+## Claude Authentication
+
+- Fixed Claude Code 2.1.145 isolated auth handling by using `ANTHROPIC_CONFIG_DIR` instead of the older `CLAUDE_CONFIG_DIR` override.
+- Removed leaked `CODEX_HOME` from Claude auth, launch, and status environments so Claude sessions do not write nested `.cdx` state inside isolated Claude homes.
+- Stopped running a destructive Claude logout before `cdx login <name>`, preserving existing credentials when reauthenticating a session.
+- Added profile email hints to Claude login so account-specific sessions open the expected Claude account in the browser.
+
+## Claude Token Fallback
+
+- Added automatic `claude setup-token` fallback when browser login completes but does not create isolated credentials.
+- Captured the one-time setup token through a temporary transcript, wrote it to `claude-home/credentials/default.json`, and removed the temporary transcript after extraction.
+- Added support for the new Anthropic `credentials/default.json` OAuth format during auth probes, launches, status refreshes, and auth bundle exports.
+
+## Release Metadata and Documentation
+
+- Updated package metadata, CLI version output, README badge, and pinned installer example to `v0.6.3`.
+
+## Validation and Regression Coverage
+
+- Added regression coverage for Claude login without pre-logout, email-hinted login, setup-token fallback, modern Anthropic credentials, and cleaned Claude environments.
+
+## Validation and Regression Evidence
+
+- `python3 -m unittest discover -s test -p 'test_*_py.py'`

package/changelogs/CHANGELOGS_0_6_4.md

@@ -0,0 +1,31 @@
+# Changelog (`0.6.3 -> 0.6.4`)
+
+Release date: 2026-05-29
+
+## Claude Multi-Account Authentication
+
+- Fixed Claude auth status reconciliation so `cdx status` no longer reports stale `authenticated` state after Claude CLI credentials are missing or logged out.
+- Stopped trusting `credentials/default.json` alone as proof of Claude login; cdx now validates real Claude CLI credentials or probes `claude auth status`.
+- Preferred Claude CLI credentials over setup-token fallback files for usage refreshes, avoiding HTTP 400 failures from stale or malformed fallback tokens.
+- Hardened setup-token extraction to ignore placeholder hints such as `CLAUDE_CODE_OAUTH_TOKEN=<token>` and continue scanning for the real `sk-ant-oat...` token.
+- Stripped terminal ANSI sequences from captured setup tokens before saving them.
+
+## Status Accuracy
+
+- Added an explicit `AUTH` column to `cdx status` and `auth_status` fields to JSON rows.
+- Marked Ollama and Antigravity authentication as `n/a` in the status table because cdx does not manage provider login for those sessions.
+- Excluded explicitly logged-out sessions from priority recommendations while still showing their cached quota rows.
+- Parsed Claude "No stats available yet" screens as a usable zero-usage status instead of leaving the row with unknown quota.
+
+## Release Metadata and Documentation
+
+- Updated package metadata, CLI version output, README badge, and pinned installer example to `v0.6.4`.
+
+## Validation and Regression Coverage
+
+- Added regression coverage for Claude setup-token placeholder extraction, malformed fallback tokens, CLI credential precedence, status auth rendering, and logged-out priority filtering.
+
+## Validation and Regression Evidence
+
+- `npm run lint`
+- `npm test`

package/checksums/release-archives.json

@@ -12,6 +12,14 @@
     "v0.6.1": {
       "github_tarball_sha256": "5ae4032894e1806ffb3a713e555c12b2faa3bfa6fd7c9fa468664a8577abe827",
       "github_zip_sha256": "7949e99dcfe21dc4e2b82f720b515aea8f0ac9f2059142032d488bcfbc4dfaf1"
+    },
+    "v0.6.2": {
+      "github_tarball_sha256": "0a00fba132453d265a72fa551bff750a9a400011f895d9da33149b335324e02e",
+      "github_zip_sha256": "424b1c9652da5054bdc4cf26f31764ea34ddc4609d6eb8075efbf8068112cd50"
+    },
+    "v0.6.3": {
+      "github_tarball_sha256": "539bc299fe2211cddcbe58db71a859ebbd1cb76aec254f6feef501fc038d7c62",
+      "github_zip_sha256": "138c7c67ea1b512d71ed745559f8eed395accb9a06b3ed9d82c3ccc454aba12b"
     }
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdx-manager",
-  "version": "0.6.2",
+  "version": "0.6.4",
   "description": "Terminal session manager for Codex and Claude accounts.",
   "license": "MIT",
   "author": "Alexandre Agostini",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cdx-manager"
-version = "0.6.2"
+version = "0.6.4"
 description = "Terminal session manager for Codex and Claude accounts."
 readme = "README.md"
 requires-python = ">=3.9"

package/src/claude_usage.py

@@ -1,5 +1,6 @@
 import json
 import os
+import re
 import subprocess
 import sys
 import urllib.request
@@ -14,20 +15,43 @@ CLAUDE_STATUS_PROBE_MODEL = os.environ.get("CDX_CLAUDE_STATUS_MODEL", "claude-ha
 CLAUDE_AUTH_STATUS_TIMEOUT_SECONDS = 15
 
 
+def _clean_oauth_token(token):
+    if not token:
+        return None
+    text = re.sub(r"\x1b\[[0-9;?]*[ -/]*[@-~]", "", str(token)).strip()
+    if not text or text.startswith("<") or any(ord(ch) < 32 or ord(ch) == 127 for ch in text):
+        return None
+    return text
+
+
 def _read_claude_credentials(auth_home):
     cred_path = os.path.join(auth_home, ".claude", ".credentials.json")
     try:
         with open(cred_path, "r", encoding="utf-8") as f:
             data = json.load(f)
-        return data.get("claudeAiOauth")
+        creds = data.get("claudeAiOauth") if isinstance(data, dict) else None
+        token = _clean_oauth_token(creds.get("accessToken")) if isinstance(creds, dict) else None
+        if token:
+            return {**creds, "accessToken": token}
     except (FileNotFoundError, json.JSONDecodeError, OSError):
-        return None
+        pass
+
+    anthropic_cred_path = os.path.join(auth_home, "credentials", "default.json")
+    try:
+        with open(anthropic_cred_path, "r", encoding="utf-8") as f:
+            data = json.load(f)
+        token = _clean_oauth_token(data.get("access_token") if isinstance(data, dict) else None)
+        if token:
+            return {"accessToken": token}
+    except (FileNotFoundError, json.JSONDecodeError, OSError):
+        pass
+    return None
 
 
 def _home_env_overrides(auth_home):
     overrides = {
         "HOME": auth_home,
-        "CLAUDE_CONFIG_DIR": auth_home,
+        "ANTHROPIC_CONFIG_DIR": auth_home,
         "CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS": "1",
     }
     if sys.platform == "win32":

package/src/cli.py

@@ -55,7 +55,7 @@ from .status_view import (
 )
 from .update_check import check_for_update
 
-VERSION = "0.6.2"
+VERSION = "0.6.4"
 
 
 # ---------------------------------------------------------------------------

package/src/cli_commands.py

@@ -9,7 +9,7 @@ from datetime import datetime, timedelta
 
 from .claude_refresh import _refresh_claude_sessions
 from .cli_render import _dim, _info, _success, _warn
-from .config import PROVIDER_ANTIGRAVITY, PROVIDER_CODEX, PROVIDER_OLLAMA, PROVIDERS
+from .config import PROVIDER_ANTIGRAVITY, PROVIDER_CLAUDE, PROVIDER_CODEX, PROVIDER_OLLAMA, PROVIDERS
 from .context_store import (
     clear_context,
     edit_context,
@@ -33,6 +33,7 @@ from .notify import (
 from .provider_runtime import (
     _ensure_session_authentication,
     _list_launch_transcript_paths,
+    _probe_provider_auth,
     _run_interactive_provider_command,
 )
 from .repair import format_repair_report, repair_health
@@ -837,6 +838,76 @@ def _resolve_confirmation(confirm_fn, name):
     return confirmed
 
 
+def _extract_claude_oauth_token(text):
+    if not text:
+        return None
+    text = re.sub(r"\x1b\[[0-9;?]*[ -/]*[@-~]", "", str(text))
+    patterns = [
+        r"CLAUDE_CODE_OAUTH_TOKEN=([^\s\"']+)",
+        r"(sk-ant-oat[0-9A-Za-z._-]+)",
+    ]
+    for pattern in patterns:
+        match = re.search(pattern, text)
+        if match:
+            token = match.group(1).strip()
+            if token.startswith("<") or any(ord(ch) < 32 or ord(ch) == 127 for ch in token):
+                continue
+            return token
+    return None
+
+
+def _write_claude_oauth_token(auth_home, token):
+    cred_dir = os.path.join(auth_home, "credentials")
+    os.makedirs(cred_dir, exist_ok=True)
+    cred_path = os.path.join(cred_dir, "default.json")
+    payload = {
+        "version": "1.0",
+        "type": "oauth_token",
+        "access_token": token,
+    }
+    with open(cred_path, "w", encoding="utf-8") as handle:
+        json.dump(payload, handle, indent=2)
+        handle.write("\n")
+    try:
+        os.chmod(cred_path, 0o600)
+    except OSError:
+        pass
+    return cred_path
+
+
+def _bootstrap_claude_setup_token(session, ctx):
+    ctx["out"](
+        "Claude login did not create isolated credentials; falling back to claude setup-token.\n"
+    )
+    run_info = _run_interactive_provider_command(
+        session,
+        "setup-token",
+        spawn=ctx.get("spawn"),
+        env_override=ctx.get("env"),
+        signal_emitter=ctx.get("signal_emitter"),
+    )
+    transcript_path = run_info.get("transcript_path")
+    if not transcript_path or not os.path.isfile(transcript_path):
+        raise CdxError(
+            "Claude setup-token completed, but cdx could not capture the token. "
+            "Run claude setup-token and save the token under credentials/default.json."
+        )
+    try:
+        with open(transcript_path, "r", encoding="utf-8", errors="replace") as handle:
+            transcript = handle.read()
+    finally:
+        try:
+            os.remove(transcript_path)
+        except OSError:
+            pass
+    token = _extract_claude_oauth_token(transcript)
+    if not token:
+        raise CdxError(
+            "Claude setup-token completed, but cdx could not find CLAUDE_CODE_OAUTH_TOKEN in the output."
+        )
+    return _write_claude_oauth_token(session.get("authHome") or "", token)
+
+
 def handle_add(rest, ctx):
     json_flag, args = _parse_json_flag(rest)
     parsed = _parse_add_args(args)
@@ -1549,6 +1620,20 @@ def handle_status(rest, ctx):
         }
         for item in refresh_errors
     ]
+    auth_refresh = _refresh_claude_auth_states(
+        ctx["service"],
+        target_names=args if len(args) == 1 else None,
+        spawn_sync=ctx.get("spawn_sync"),
+        env_override=ctx.get("env"),
+    )
+    warnings.extend([
+        {
+            "code": "claude_auth_probe_failed",
+            "session": item.get("session") or "unknown",
+            "message": item.get("error") or "unknown error",
+        }
+        for item in auth_refresh.get("errors", [])
+    ])
     update_warning = _update_notice_warning(ctx)
     if update_warning:
         warnings.append(update_warning)
@@ -1579,6 +1664,38 @@ def handle_status(rest, ctx):
     return 0
 
 
+def _refresh_claude_auth_states(service, target_names=None, spawn_sync=None, env_override=None):
+    target_names = set(target_names or [])
+    errors = []
+    updated = []
+    for session in service["list_sessions"]():
+        if session["provider"] != PROVIDER_CLAUDE:
+            continue
+        if session.get("enabled", True) is False:
+            continue
+        if target_names and session["name"] not in target_names:
+            continue
+        if (session.get("auth") or {}).get("status") not in ("authenticated", "logged_out"):
+            continue
+        try:
+            authenticated = _probe_provider_auth(
+                session,
+                spawn_sync=spawn_sync,
+                env_override=env_override,
+            )
+            now = _local_now_iso()
+            service["update_auth_state"](session["name"], lambda auth: {
+                **auth,
+                "status": "authenticated" if authenticated else "logged_out",
+                "lastCheckedAt": now,
+                **({"lastAuthenticatedAt": now} if authenticated else {}),
+            })
+            updated.append(session["name"])
+        except Exception as error:
+            errors.append({"session": session["name"], "error": str(error)})
+    return {"updated": updated, "errors": errors}
+
+
 def _write_refresh_warnings(refresh_errors, ctx, stream="out"):
     write = ctx["err"] if stream == "err" and "err" in ctx else ctx["out"]
     for item in refresh_errors:
@@ -1666,7 +1783,7 @@ def handle_login(rest, ctx):
     session = ctx["service"]["get_session"](args[0])
     if not session:
         raise CdxError(f"Unknown session: {args[0]}")
-    if session["provider"] not in (PROVIDER_ANTIGRAVITY, PROVIDER_OLLAMA):
+    if session["provider"] == PROVIDER_CODEX:
         _run_interactive_provider_command(
             session, "logout", spawn=ctx.get("spawn"), env_override=ctx.get("env"),
             signal_emitter=ctx.get("signal_emitter")
@@ -1675,6 +1792,26 @@ def handle_login(rest, ctx):
         session, "login", spawn=ctx.get("spawn"), env_override=ctx.get("env"),
         signal_emitter=ctx.get("signal_emitter")
     )
+    auth_probe = _ensure_session_authentication(
+        session,
+        ctx["service"],
+        spawn_sync=ctx.get("spawn_sync"),
+        env_override=ctx.get("env"),
+        behavior="probe-only",
+    )
+    if not auth_probe.get("authenticated") and session["provider"] == PROVIDER_CLAUDE:
+        _bootstrap_claude_setup_token(session, ctx)
+        auth_probe = _ensure_session_authentication(
+            session,
+            ctx["service"],
+            spawn_sync=ctx.get("spawn_sync"),
+            env_override=ctx.get("env"),
+            behavior="probe-only",
+        )
+    if not auth_probe.get("authenticated"):
+        raise CdxError(
+            f"Login command completed, but session {session['name']} is still not authenticated."
+        )
     now = _local_now_iso()
     ctx["service"]["update_auth_state"](args[0], lambda auth: {
         **auth, "status": "authenticated",

package/src/provider_runtime.py

@@ -1,5 +1,6 @@
 import json
 import os
+import re
 import signal
 import shlex
 import shutil
@@ -31,13 +32,16 @@ LAUNCH_PERMISSION_ARGS = {
 def _home_env_overrides(auth_home):
     """Return env vars that point the claude CLI to the given home directory.
 
-    On Unix, only HOME is needed.  On Windows, Node.js resolves the home
-    directory via USERPROFILE (and falls back to HOMEDRIVE+HOMEPATH), so we
-    set all three to ensure profile isolation works regardless of the platform.
+    On Unix, only HOME is needed. Claude Code resolves its auth files relative
+    to HOME; forcing CLAUDE_CONFIG_DIR to this directory makes current Claude
+    Code builds ignore otherwise valid isolated credentials. On Windows, Node.js
+    resolves the home directory via USERPROFILE (and falls back to
+    HOMEDRIVE+HOMEPATH), so we set all three to ensure profile isolation works
+    regardless of the platform.
     """
     overrides = {
         "HOME": auth_home,
-        "CLAUDE_CONFIG_DIR": auth_home,
+        "ANTHROPIC_CONFIG_DIR": auth_home,
         "CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS": "1",
     }
     if sys.platform == "win32":
@@ -47,6 +51,65 @@ def _home_env_overrides(auth_home):
     return overrides
 
 
+def _anthropic_profile_name():
+    return "default"
+
+
+def _anthropic_credentials_path(auth_home):
+    return os.path.join(auth_home, "credentials", f"{_anthropic_profile_name()}.json")
+
+
+def _clean_oauth_token(token):
+    if not token:
+        return None
+    text = re.sub(r"\x1b\[[0-9;?]*[ -/]*[@-~]", "", str(token)).strip()
+    if not text or text.startswith("<") or any(ord(ch) < 32 or ord(ch) == 127 for ch in text):
+        return None
+    return text
+
+
+def _claude_env(base_env, auth_home):
+    env = {**base_env, **_home_env_overrides(auth_home)}
+    env.pop("CLAUDE_CONFIG_DIR", None)
+    env.pop("CODEX_HOME", None)
+    env.setdefault("ANTHROPIC_PROFILE", _anthropic_profile_name())
+    return env
+
+
+def _read_anthropic_oauth_token(auth_home):
+    try:
+        with open(_anthropic_credentials_path(auth_home), "r", encoding="utf-8") as handle:
+            credentials = json.load(handle)
+    except (FileNotFoundError, OSError, json.JSONDecodeError):
+        return None
+    token = credentials.get("access_token") if isinstance(credentials, dict) else None
+    return _clean_oauth_token(token)
+
+
+def _has_local_claude_auth(auth_home):
+    try:
+        with open(os.path.join(auth_home, ".claude", ".credentials.json"), "r", encoding="utf-8") as handle:
+            credentials = json.load(handle)
+    except (FileNotFoundError, OSError, json.JSONDecodeError):
+        return False
+    oauth = credentials.get("claudeAiOauth") if isinstance(credentials, dict) else None
+    return bool(isinstance(oauth, dict) and _clean_oauth_token(oauth.get("accessToken")))
+
+
+def _read_claude_account_email(auth_home):
+    config_path = os.path.join(auth_home, ".claude.json")
+    try:
+        with open(config_path, "r", encoding="utf-8") as handle:
+            config = json.load(handle)
+    except (FileNotFoundError, OSError, json.JSONDecodeError):
+        return None
+    account = config.get("oauthAccount") if isinstance(config, dict) else None
+    email = account.get("emailAddress") if isinstance(account, dict) else None
+    if not email:
+        return None
+    return str(email).strip()
+
+
 def _antigravity_env_overrides(auth_home):
     overrides = {"HOME": auth_home}
     if sys.platform == "win32":
@@ -187,12 +250,17 @@ def _build_launch_spec(session, cwd=None, env_override=None, initial_prompt=None
         args = ["--name", session["name"]] + _launch_config_args(session)
         if initial_prompt:
             args.append(initial_prompt)
+        auth_home = _get_auth_home(session)
+        claude_env = _claude_env(env, auth_home)
+        oauth_token = _read_anthropic_oauth_token(auth_home)
+        if oauth_token:
+            claude_env["CLAUDE_CODE_OAUTH_TOKEN"] = oauth_token
         return _wrap_launch_with_transcript(session, {
             "command": "claude",
             "args": args,
             "options": {
                 "cwd": cwd,
-                "env": {**env, **_home_env_overrides(_get_auth_home(session))},
+                "env": claude_env,
             },
             "label": "claude",
         }, env=env)
@@ -241,7 +309,11 @@ def _build_launch_spec(session, cwd=None, env_override=None, initial_prompt=None
 def _build_login_status_spec(session, env_override=None):
     env = {**os.environ, **(env_override or {})}
     if session["provider"] == PROVIDER_CLAUDE:
-        env.update(_home_env_overrides(_get_auth_home(session)))
+        auth_home = _get_auth_home(session)
+        env = _claude_env(env, auth_home)
+        oauth_token = _read_anthropic_oauth_token(auth_home)
+        if oauth_token:
+            env["CLAUDE_CODE_OAUTH_TOKEN"] = oauth_token
 
         def parser(output):
             try:
@@ -273,9 +345,20 @@ def _build_auth_action_spec(session, action, cwd=None, env_override=None):
     cwd = cwd or os.getcwd()
     env = {**os.environ, **(env_override or {})}
     if session["provider"] == PROVIDER_CLAUDE:
-        env.update(_home_env_overrides(_get_auth_home(session)))
-        return {"command": "claude", "args": ["auth", action],
-                "options": {"cwd": cwd, "env": env}, "label": f"claude auth {action}"}
+        auth_home = _get_auth_home(session)
+        env = _claude_env(env, auth_home)
+        args = ["auth", action]
+        label = f"claude auth {action}"
+        if action == "setup-token":
+            spec = {"command": "claude", "args": ["setup-token"],
+                    "options": {"cwd": cwd, "env": env}, "label": "claude setup-token"}
+            return _wrap_launch_with_transcript(session, spec, env=env)
+        if action == "login":
+            email = _read_claude_account_email(auth_home)
+            if email:
+                args += ["--email", email]
+        return {"command": "claude", "args": args,
+                "options": {"cwd": cwd, "env": env}, "label": label}
     if session["provider"] == PROVIDER_ANTIGRAVITY:
         if action == "logout":
             raise CdxError("Antigravity logout is managed inside agy. Launch the session and run /logout.")
@@ -312,6 +395,8 @@ def _resolve_command(command, env=None):
 def _probe_provider_auth(session, spawn_sync=None, env_override=None):
     spawn_sync = spawn_sync or subprocess.run
     spec = _build_login_status_spec(session, env_override)
+    if session.get("provider") == PROVIDER_CLAUDE and _has_local_claude_auth(_get_auth_home(session)):
+        return True
     if session.get("provider") == PROVIDER_CODEX:
         auth_path = os.path.join(_get_auth_home(session), "auth.json")
         if os.path.isfile(auth_path):

package/src/session_service.py

@@ -433,6 +433,8 @@ def create_session_service(options=None):
     def _auth_bundle_paths(provider):
         if provider == PROVIDER_CLAUDE:
             return [
+                "claude-home/configs/default.json",
+                "claude-home/credentials/default.json",
                 "claude-home/.claude/.credentials.json",
                 "claude-home/.claude.json",
                 "claude-home/auth.json",
@@ -959,6 +961,8 @@ def create_session_service(options=None):
                 "enabled": enabled,
                 "active": bool(_session_runtime(s["name"])) if enabled else False,
                 "status": "enabled" if enabled else "disabled",
+                "auth_status": (s.get("auth") or {}).get("status") or "unknown",
+                "auth_checked_at": _to_local_iso((s.get("auth") or {}).get("lastCheckedAt")),
                 "remaining_5h_pct": row_status.get("remaining_5h_pct") if row_status else None,
                 "remaining_week_pct": row_status.get("remaining_week_pct") if row_status else None,
                 "credits": row_status.get("credits") if row_status else None,

package/src/status_source.py

@@ -212,6 +212,14 @@ def _extract_status_blocks_from_text(text, provider=None, source_ref=None, times
             ]],
         ):
             items.append({"source_ref": source_ref, "timestamp": timestamp, "text": block})
+        for block in collect_blocks(
+            re.compile(r"No stats available yet\.?\s+Start using Claude Code", re.I),
+            [re.compile(p, re.I) for p in [
+                r"^Esc to cancel\b", r"^To continue this session\b", r"^╰",
+            ]],
+            max_span=40,
+        ):
+            items.append({"source_ref": source_ref, "timestamp": timestamp, "text": block})
 
     if provider != PROVIDER_CLAUDE:
         for block in collect_blocks(
@@ -457,6 +465,11 @@ def extract_named_statuses_from_text(text):
         if "remaining_week_pct" not in result and week_used is not None:
             result["remaining_week_pct"] = max(0, 100 - week_used)
 
+    if re.search(r"No stats available yet\.?\s+Start using Claude Code", normalized, re.I):
+        result.setdefault("usage_pct", 0)
+        result.setdefault("remaining_5h_pct", 100)
+        result.setdefault("remaining_week_pct", 100)
+
     # Table header row
     header_idx = next(
         (i for i, l in enumerate(lines)

package/src/status_view.py

@@ -66,27 +66,40 @@ def _format_status_rows(rows, use_color=False, small=False):
     if small:
         headers = ["SESSION", "STATUS", "OK", "5H", "WEEK", "RESET 5H", "RESET WEEK"]
     elif has_provider:
-        headers = ["SESSION", "PROV.", "STATUS", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
+        headers = ["SESSION", "PROV.", "STATUS", "AUTH", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
     else:
-        headers = ["SESSION", "STATUS", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
+        headers = ["SESSION", "STATUS", "AUTH", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
     if not rows:
         if small:
             return "SESSION  STATUS  OK  5H  WEEK  RESET 5H  RESET WEEK\nNo saved sessions yet."
         return "SESSION  STATUS  OK  5H  WEEK  BLOCK  CR  RESET 5H  RESET WEEK  UPDATED\nNo saved sessions yet."
     headers = [_style(header, "1", use_color) for header in headers]
     active_rows = [r for r in rows if r.get("enabled", True) is not False]
+    priority_candidates = [
+        r for r in active_rows
+        if _format_auth_status(r) != "logged out"
+    ]
     disabled_rows = sorted(
         [r for r in rows if r.get("enabled", True) is False],
         key=lambda r: r.get("session_name") or "",
     )
-    priority = _recommend_priority_sessions(active_rows)
+    priority = _recommend_priority_sessions(priority_candidates)
+    priority_names = {r.get("session_name") for r in priority}
+    non_priority_active = [
+        r for r in active_rows
+        if r.get("session_name") not in priority_names
+    ]
     table_rows = []
-    for r in priority + disabled_rows:
+    for r in priority + non_priority_active + disabled_rows:
         base = [_format_session_name(r)]
         if has_provider:
             base.append(r.get("provider") or "n/a")
         status = r.get("status") or ("enabled" if r.get("enabled", True) else "disabled")
         base.append(_style(status, "2" if status == "disabled" else "32", use_color))
+        if not small:
+            auth = _format_auth_status(r)
+            auth_color = "32" if auth == "logged" else "31" if auth == "logged out" else "2"
+            base.append(_style(auth, auth_color, use_color))
         if r.get("enabled", True) is False:
             usage_columns = [_style("-", "2", use_color)] * 5
         else:
@@ -142,6 +155,19 @@ def _format_session_name(row):
     return f"{row['session_name']}*" if row.get("active") else row["session_name"]
 
 
+def _format_auth_status(row):
+    if row.get("enabled", True) is False:
+        return "-"
+    if row.get("provider") in ("antigravity", "ollama"):
+        return "n/a"
+    status = str(row.get("auth_status") or "").strip().lower()
+    if status == "authenticated":
+        return "logged"
+    if status == "logged_out":
+        return "logged out"
+    return "unknown"
+
+
 def _recommend_priority_sessions(rows):
     if not rows:
         return []
@@ -295,10 +321,13 @@ def _now_timestamp():
 
 
 def _format_status_detail(row, use_color=False):
+    auth = _format_auth_status(row)
+    auth_color = "32" if auth == "logged" else "31" if auth == "logged out" else "2"
     lines = [
         f"{_style('Session:', '1', use_color)} {_format_session_name(row)}",
         f"{_style('Provider:', '1', use_color)} {row.get('provider') or 'n/a'}",
         f"{_style('Status:', '1', use_color)} {_style(row.get('status') or ('enabled' if row.get('enabled', True) else 'disabled'), '2' if row.get('enabled', True) is False else '32', use_color)}",
+        f"{_style('Auth:', '1', use_color)} {_style(auth, auth_color, use_color)}",
         f"{_style('Available:', '1', use_color)} {_style_pct(row.get('available_pct'), use_color)}",
         f"{_style('5h left:', '1', use_color)} {_style_pct(row.get('remaining_5h_pct'), use_color)}",
         f"{_style('Week left:', '1', use_color)} {_style_pct(row.get('remaining_week_pct'), use_color)}",