cdx-manager 0.6.3 → 0.6.4

package/README.md

@@ -1,6 +1,6 @@
 # CDX Manager
 
-[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.6.3-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
+[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.6.4-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
 
 **Run multiple Codex, Claude, Antigravity, and Ollama sessions from one terminal. Switch between accounts instantly.**
 
@@ -134,7 +134,7 @@ For a specific version:
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/AlexAgo83/cdx-manager/main/install.sh -o install.sh
-CDX_VERSION=v0.6.3 sh install.sh
+CDX_VERSION=v0.6.4 sh install.sh
 ```
 
 From source:

package/changelogs/CHANGELOGS_0_6_4.md

@@ -0,0 +1,31 @@
+# Changelog (`0.6.3 -> 0.6.4`)
+
+Release date: 2026-05-29
+
+## Claude Multi-Account Authentication
+
+- Fixed Claude auth status reconciliation so `cdx status` no longer reports stale `authenticated` state after Claude CLI credentials are missing or logged out.
+- Stopped trusting `credentials/default.json` alone as proof of Claude login; cdx now validates real Claude CLI credentials or probes `claude auth status`.
+- Preferred Claude CLI credentials over setup-token fallback files for usage refreshes, avoiding HTTP 400 failures from stale or malformed fallback tokens.
+- Hardened setup-token extraction to ignore placeholder hints such as `CLAUDE_CODE_OAUTH_TOKEN=<token>` and continue scanning for the real `sk-ant-oat...` token.
+- Stripped terminal ANSI sequences from captured setup tokens before saving them.
+
+## Status Accuracy
+
+- Added an explicit `AUTH` column to `cdx status` and `auth_status` fields to JSON rows.
+- Marked Ollama and Antigravity authentication as `n/a` in the status table because cdx does not manage provider login for those sessions.
+- Excluded explicitly logged-out sessions from priority recommendations while still showing their cached quota rows.
+- Parsed Claude "No stats available yet" screens as a usable zero-usage status instead of leaving the row with unknown quota.
+
+## Release Metadata and Documentation
+
+- Updated package metadata, CLI version output, README badge, and pinned installer example to `v0.6.4`.
+
+## Validation and Regression Coverage
+
+- Added regression coverage for Claude setup-token placeholder extraction, malformed fallback tokens, CLI credential precedence, status auth rendering, and logged-out priority filtering.
+
+## Validation and Regression Evidence
+
+- `npm run lint`
+- `npm test`

package/checksums/release-archives.json

@@ -16,6 +16,10 @@
     "v0.6.2": {
       "github_tarball_sha256": "0a00fba132453d265a72fa551bff750a9a400011f895d9da33149b335324e02e",
       "github_zip_sha256": "424b1c9652da5054bdc4cf26f31764ea34ddc4609d6eb8075efbf8068112cd50"
+    },
+    "v0.6.3": {
+      "github_tarball_sha256": "539bc299fe2211cddcbe58db71a859ebbd1cb76aec254f6feef501fc038d7c62",
+      "github_zip_sha256": "138c7c67ea1b512d71ed745559f8eed395accb9a06b3ed9d82c3ccc454aba12b"
     }
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdx-manager",
-  "version": "0.6.3",
+  "version": "0.6.4",
   "description": "Terminal session manager for Codex and Claude accounts.",
   "license": "MIT",
   "author": "Alexandre Agostini",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cdx-manager"
-version = "0.6.3"
+version = "0.6.4"
 description = "Terminal session manager for Codex and Claude accounts."
 readme = "README.md"
 requires-python = ">=3.9"

package/src/claude_usage.py

@@ -1,5 +1,6 @@
 import json
 import os
+import re
 import subprocess
 import sys
 import urllib.request
@@ -14,24 +15,37 @@ CLAUDE_STATUS_PROBE_MODEL = os.environ.get("CDX_CLAUDE_STATUS_MODEL", "claude-ha
 CLAUDE_AUTH_STATUS_TIMEOUT_SECONDS = 15
 
 
+def _clean_oauth_token(token):
+    if not token:
+        return None
+    text = re.sub(r"\x1b\[[0-9;?]*[ -/]*[@-~]", "", str(token)).strip()
+    if not text or text.startswith("<") or any(ord(ch) < 32 or ord(ch) == 127 for ch in text):
+        return None
+    return text
+
+
 def _read_claude_credentials(auth_home):
-    anthropic_cred_path = os.path.join(auth_home, "credentials", "default.json")
+    cred_path = os.path.join(auth_home, ".claude", ".credentials.json")
     try:
-        with open(anthropic_cred_path, "r", encoding="utf-8") as f:
+        with open(cred_path, "r", encoding="utf-8") as f:
             data = json.load(f)
-        token = data.get("access_token") if isinstance(data, dict) else None
+        creds = data.get("claudeAiOauth") if isinstance(data, dict) else None
+        token = _clean_oauth_token(creds.get("accessToken")) if isinstance(creds, dict) else None
         if token:
-            return {"accessToken": token}
+            return {**creds, "accessToken": token}
     except (FileNotFoundError, json.JSONDecodeError, OSError):
         pass
 
-    cred_path = os.path.join(auth_home, ".claude", ".credentials.json")
+    anthropic_cred_path = os.path.join(auth_home, "credentials", "default.json")
     try:
-        with open(cred_path, "r", encoding="utf-8") as f:
+        with open(anthropic_cred_path, "r", encoding="utf-8") as f:
             data = json.load(f)
-        return data.get("claudeAiOauth")
+        token = _clean_oauth_token(data.get("access_token") if isinstance(data, dict) else None)
+        if token:
+            return {"accessToken": token}
     except (FileNotFoundError, json.JSONDecodeError, OSError):
-        return None
+        pass
+    return None
 
 
 def _home_env_overrides(auth_home):

package/src/cli.py

@@ -55,7 +55,7 @@ from .status_view import (
 )
 from .update_check import check_for_update
 
-VERSION = "0.6.3"
+VERSION = "0.6.4"
 
 
 # ---------------------------------------------------------------------------

package/src/cli_commands.py

@@ -33,6 +33,7 @@ from .notify import (
 from .provider_runtime import (
     _ensure_session_authentication,
     _list_launch_transcript_paths,
+    _probe_provider_auth,
     _run_interactive_provider_command,
 )
 from .repair import format_repair_report, repair_health
@@ -840,6 +841,7 @@ def _resolve_confirmation(confirm_fn, name):
 def _extract_claude_oauth_token(text):
     if not text:
         return None
+    text = re.sub(r"\x1b\[[0-9;?]*[ -/]*[@-~]", "", str(text))
     patterns = [
         r"CLAUDE_CODE_OAUTH_TOKEN=([^\s\"']+)",
         r"(sk-ant-oat[0-9A-Za-z._-]+)",
@@ -847,7 +849,10 @@ def _extract_claude_oauth_token(text):
     for pattern in patterns:
         match = re.search(pattern, text)
         if match:
-            return match.group(1).strip()
+            token = match.group(1).strip()
+            if token.startswith("<") or any(ord(ch) < 32 or ord(ch) == 127 for ch in token):
+                continue
+            return token
     return None
 
 
@@ -1615,6 +1620,20 @@ def handle_status(rest, ctx):
         }
         for item in refresh_errors
     ]
+    auth_refresh = _refresh_claude_auth_states(
+        ctx["service"],
+        target_names=args if len(args) == 1 else None,
+        spawn_sync=ctx.get("spawn_sync"),
+        env_override=ctx.get("env"),
+    )
+    warnings.extend([
+        {
+            "code": "claude_auth_probe_failed",
+            "session": item.get("session") or "unknown",
+            "message": item.get("error") or "unknown error",
+        }
+        for item in auth_refresh.get("errors", [])
+    ])
     update_warning = _update_notice_warning(ctx)
     if update_warning:
         warnings.append(update_warning)
@@ -1645,6 +1664,38 @@ def handle_status(rest, ctx):
     return 0
 
 
+def _refresh_claude_auth_states(service, target_names=None, spawn_sync=None, env_override=None):
+    target_names = set(target_names or [])
+    errors = []
+    updated = []
+    for session in service["list_sessions"]():
+        if session["provider"] != PROVIDER_CLAUDE:
+            continue
+        if session.get("enabled", True) is False:
+            continue
+        if target_names and session["name"] not in target_names:
+            continue
+        if (session.get("auth") or {}).get("status") not in ("authenticated", "logged_out"):
+            continue
+        try:
+            authenticated = _probe_provider_auth(
+                session,
+                spawn_sync=spawn_sync,
+                env_override=env_override,
+            )
+            now = _local_now_iso()
+            service["update_auth_state"](session["name"], lambda auth: {
+                **auth,
+                "status": "authenticated" if authenticated else "logged_out",
+                "lastCheckedAt": now,
+                **({"lastAuthenticatedAt": now} if authenticated else {}),
+            })
+            updated.append(session["name"])
+        except Exception as error:
+            errors.append({"session": session["name"], "error": str(error)})
+    return {"updated": updated, "errors": errors}
+
+
 def _write_refresh_warnings(refresh_errors, ctx, stream="out"):
     write = ctx["err"] if stream == "err" and "err" in ctx else ctx["out"]
     for item in refresh_errors:

package/src/provider_runtime.py

@@ -1,5 +1,6 @@
 import json
 import os
+import re
 import signal
 import shlex
 import shutil
@@ -58,6 +59,15 @@ def _anthropic_credentials_path(auth_home):
     return os.path.join(auth_home, "credentials", f"{_anthropic_profile_name()}.json")
 
 
+def _clean_oauth_token(token):
+    if not token:
+        return None
+    text = re.sub(r"\x1b\[[0-9;?]*[ -/]*[@-~]", "", str(token)).strip()
+    if not text or text.startswith("<") or any(ord(ch) < 32 or ord(ch) == 127 for ch in text):
+        return None
+    return text
+
+
 def _claude_env(base_env, auth_home):
     env = {**base_env, **_home_env_overrides(auth_home)}
     env.pop("CLAUDE_CONFIG_DIR", None)
@@ -73,9 +83,17 @@ def _read_anthropic_oauth_token(auth_home):
     except (FileNotFoundError, OSError, json.JSONDecodeError):
         return None
     token = credentials.get("access_token") if isinstance(credentials, dict) else None
-    if not token:
-        return None
-    return str(token)
+    return _clean_oauth_token(token)
+
+
+def _has_local_claude_auth(auth_home):
+    try:
+        with open(os.path.join(auth_home, ".claude", ".credentials.json"), "r", encoding="utf-8") as handle:
+            credentials = json.load(handle)
+    except (FileNotFoundError, OSError, json.JSONDecodeError):
+        return False
+    oauth = credentials.get("claudeAiOauth") if isinstance(credentials, dict) else None
+    return bool(isinstance(oauth, dict) and _clean_oauth_token(oauth.get("accessToken")))
 
 
 def _read_claude_account_email(auth_home):
@@ -377,6 +395,8 @@ def _resolve_command(command, env=None):
 def _probe_provider_auth(session, spawn_sync=None, env_override=None):
     spawn_sync = spawn_sync or subprocess.run
     spec = _build_login_status_spec(session, env_override)
+    if session.get("provider") == PROVIDER_CLAUDE and _has_local_claude_auth(_get_auth_home(session)):
+        return True
     if session.get("provider") == PROVIDER_CODEX:
         auth_path = os.path.join(_get_auth_home(session), "auth.json")
         if os.path.isfile(auth_path):

package/src/session_service.py

@@ -961,6 +961,8 @@ def create_session_service(options=None):
                 "enabled": enabled,
                 "active": bool(_session_runtime(s["name"])) if enabled else False,
                 "status": "enabled" if enabled else "disabled",
+                "auth_status": (s.get("auth") or {}).get("status") or "unknown",
+                "auth_checked_at": _to_local_iso((s.get("auth") or {}).get("lastCheckedAt")),
                 "remaining_5h_pct": row_status.get("remaining_5h_pct") if row_status else None,
                 "remaining_week_pct": row_status.get("remaining_week_pct") if row_status else None,
                 "credits": row_status.get("credits") if row_status else None,

package/src/status_source.py

@@ -212,6 +212,14 @@ def _extract_status_blocks_from_text(text, provider=None, source_ref=None, times
             ]],
         ):
             items.append({"source_ref": source_ref, "timestamp": timestamp, "text": block})
+        for block in collect_blocks(
+            re.compile(r"No stats available yet\.?\s+Start using Claude Code", re.I),
+            [re.compile(p, re.I) for p in [
+                r"^Esc to cancel\b", r"^To continue this session\b", r"^╰",
+            ]],
+            max_span=40,
+        ):
+            items.append({"source_ref": source_ref, "timestamp": timestamp, "text": block})
 
     if provider != PROVIDER_CLAUDE:
         for block in collect_blocks(
@@ -457,6 +465,11 @@ def extract_named_statuses_from_text(text):
         if "remaining_week_pct" not in result and week_used is not None:
             result["remaining_week_pct"] = max(0, 100 - week_used)
 
+    if re.search(r"No stats available yet\.?\s+Start using Claude Code", normalized, re.I):
+        result.setdefault("usage_pct", 0)
+        result.setdefault("remaining_5h_pct", 100)
+        result.setdefault("remaining_week_pct", 100)
+
     # Table header row
     header_idx = next(
         (i for i, l in enumerate(lines)

package/src/status_view.py

@@ -66,27 +66,40 @@ def _format_status_rows(rows, use_color=False, small=False):
     if small:
         headers = ["SESSION", "STATUS", "OK", "5H", "WEEK", "RESET 5H", "RESET WEEK"]
     elif has_provider:
-        headers = ["SESSION", "PROV.", "STATUS", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
+        headers = ["SESSION", "PROV.", "STATUS", "AUTH", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
     else:
-        headers = ["SESSION", "STATUS", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
+        headers = ["SESSION", "STATUS", "AUTH", "OK", "5H", "WEEK", "BLOCK", "CR", "RESET 5H", "RESET WEEK", "UPDATED"]
     if not rows:
         if small:
             return "SESSION  STATUS  OK  5H  WEEK  RESET 5H  RESET WEEK\nNo saved sessions yet."
         return "SESSION  STATUS  OK  5H  WEEK  BLOCK  CR  RESET 5H  RESET WEEK  UPDATED\nNo saved sessions yet."
     headers = [_style(header, "1", use_color) for header in headers]
     active_rows = [r for r in rows if r.get("enabled", True) is not False]
+    priority_candidates = [
+        r for r in active_rows
+        if _format_auth_status(r) != "logged out"
+    ]
     disabled_rows = sorted(
         [r for r in rows if r.get("enabled", True) is False],
         key=lambda r: r.get("session_name") or "",
     )
-    priority = _recommend_priority_sessions(active_rows)
+    priority = _recommend_priority_sessions(priority_candidates)
+    priority_names = {r.get("session_name") for r in priority}
+    non_priority_active = [
+        r for r in active_rows
+        if r.get("session_name") not in priority_names
+    ]
     table_rows = []
-    for r in priority + disabled_rows:
+    for r in priority + non_priority_active + disabled_rows:
         base = [_format_session_name(r)]
         if has_provider:
             base.append(r.get("provider") or "n/a")
         status = r.get("status") or ("enabled" if r.get("enabled", True) else "disabled")
         base.append(_style(status, "2" if status == "disabled" else "32", use_color))
+        if not small:
+            auth = _format_auth_status(r)
+            auth_color = "32" if auth == "logged" else "31" if auth == "logged out" else "2"
+            base.append(_style(auth, auth_color, use_color))
         if r.get("enabled", True) is False:
             usage_columns = [_style("-", "2", use_color)] * 5
         else:
@@ -142,6 +155,19 @@ def _format_session_name(row):
     return f"{row['session_name']}*" if row.get("active") else row["session_name"]
 
 
+def _format_auth_status(row):
+    if row.get("enabled", True) is False:
+        return "-"
+    if row.get("provider") in ("antigravity", "ollama"):
+        return "n/a"
+    status = str(row.get("auth_status") or "").strip().lower()
+    if status == "authenticated":
+        return "logged"
+    if status == "logged_out":
+        return "logged out"
+    return "unknown"
+
+
 def _recommend_priority_sessions(rows):
     if not rows:
         return []
@@ -295,10 +321,13 @@ def _now_timestamp():
 
 
 def _format_status_detail(row, use_color=False):
+    auth = _format_auth_status(row)
+    auth_color = "32" if auth == "logged" else "31" if auth == "logged out" else "2"
     lines = [
         f"{_style('Session:', '1', use_color)} {_format_session_name(row)}",
         f"{_style('Provider:', '1', use_color)} {row.get('provider') or 'n/a'}",
         f"{_style('Status:', '1', use_color)} {_style(row.get('status') or ('enabled' if row.get('enabled', True) else 'disabled'), '2' if row.get('enabled', True) is False else '32', use_color)}",
+        f"{_style('Auth:', '1', use_color)} {_style(auth, auth_color, use_color)}",
         f"{_style('Available:', '1', use_color)} {_style_pct(row.get('available_pct'), use_color)}",
         f"{_style('5h left:', '1', use_color)} {_style_pct(row.get('remaining_5h_pct'), use_color)}",
         f"{_style('Week left:', '1', use_color)} {_style_pct(row.get('remaining_week_pct'), use_color)}",