cdx-manager 0.7.3 → 0.7.4

package/README.md

@@ -1,6 +1,6 @@
 # CDX Manager
 
-[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.7.3-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
+[![License](https://img.shields.io/badge/license-MIT-4C8BF5)](LICENSE) ![Version](https://img.shields.io/badge/version-v0.7.4-4C8BF5) ![Python](https://img.shields.io/badge/python-3.9%2B-3776AB?logo=python&logoColor=white)
 
 **Run multiple Codex, Claude, Antigravity, and Ollama sessions from one terminal. Switch between accounts instantly.**
 
@@ -118,7 +118,8 @@ With the standalone PowerShell installer:
 
 ```powershell
 Invoke-WebRequest https://raw.githubusercontent.com/AlexAgo83/cdx-manager/main/install.ps1 -OutFile install.ps1
-# Optional: set CDX_SHA256 before running if you have a trusted checksum
+# Optional: set CDX_SHA256 before running if you have a trusted checksum.
+# Set CDX_ALLOW_UNVERIFIED=1 only if you intentionally accept an unverified archive.
 powershell -ExecutionPolicy Bypass -File .\install.ps1
 ```
 
@@ -126,7 +127,8 @@ With the standalone GitHub installer:
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/AlexAgo83/cdx-manager/main/install.sh -o install.sh
-# Optional: set CDX_SHA256 before running if you have a trusted checksum
+# Optional: set CDX_SHA256 before running if you have a trusted checksum.
+# Set CDX_ALLOW_UNVERIFIED=1 only if you intentionally accept an unverified archive.
 sh install.sh
 ```
 
@@ -134,7 +136,7 @@ For a specific version:
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/AlexAgo83/cdx-manager/main/install.sh -o install.sh
-CDX_VERSION=v0.7.3 sh install.sh
+CDX_VERSION=v0.7.4 sh install.sh
 ```
 
 From source:
@@ -183,6 +185,7 @@ Security note:
 
 - The standalone installers try to resolve official release checksums from `checksums/release-archives.json`.
 - You can still override verification explicitly through `CDX_SHA256`.
+- If no checksum is available, standalone installers fail closed unless `CDX_ALLOW_UNVERIFIED=1` is set.
 - Prefer `npm`, `pipx`, or `uv` when you want registry-backed install flows.
 - If you use the standalone script, download it first, inspect it, and prefer a release with an official checksum entry.
 
@@ -241,6 +244,9 @@ cdx work
 # Check usage across all sessions
 cdx status
 
+# Pick the best session using the same priority logic as status
+cdx next
+
 # Notify when the next cooling-down assistant is ready
 cdx ready
 ```
@@ -256,7 +262,7 @@ cdx ready --refresh
 
 ### Persistent Launch Settings
 
-By default, `cdx` launches provider CLIs without forcing model effort, permission mode, or fast behavior. Set only the values you want to pin:
+New sessions start with `power=medium` and `fast=off`, so launches are predictable without enabling fast mode. Set or override only the values you want to pin:
 
 ```bash
 cdx set work --power medium --permission full --fast off
@@ -269,9 +275,10 @@ cdx power all low
 cdx perm provider:claude review
 cdx model provider:ollama llama3.2
 cdx config work
+cdx configs
 ```
 
-Those values are stored on the session and reapplied every time you run `cdx work`. Remove overrides to return to provider defaults:
+Those values are stored on the session and reapplied every time you run `cdx work`. Remove overrides to return to provider-native defaults:
 
 ```bash
 cdx unset work --power
@@ -320,6 +327,7 @@ cdx history --summary --from 2026-05-01 --to 2026-05-28
 | `cdx disable <name> [--json]` | Disable a session without deleting it; disabled sessions stay visible and cannot launch |
 | `cdx enable <name> [--json]` | Re-enable a disabled session |
 | `cdx config <name> [--json]` | Show persistent launch settings for a session |
+| `cdx configs [--json]` | Show persistent launch settings for all sessions in one table |
 | `cdx power\|perm\|fast\|model <name\|all\|provider:PROVIDER\|a,b> <value\|default> [--json]` | Shortcut commands for setting or clearing one launch setting |
 | `cdx set <name>\|--sessions all\|a,b\|--provider PROVIDER [--power low\|medium\|high\|xhigh\|max] [--permission review\|default\|auto\|full] [--fast on\|off] [--rtk on\|off] [--model MODEL] [--priority 0..100] [--json]` | Persist launch settings for one or more sessions |
 | `cdx unset <name>\|--sessions all\|a,b\|--provider PROVIDER (--power\|--permission\|--fast\|--rtk\|--model\|--priority\|--all) [--json]` | Remove persisted launch settings and fall back to provider defaults |
@@ -338,6 +346,7 @@ cdx history --summary --from 2026-05-01 --to 2026-05-28
 | `cdx ready [--refresh] [--json]` | Schedule an OS notification for the next cooling-down assistant that becomes ready, then return immediately |
 | `cdx notify <name> --at-reset [--poll seconds] [--once] [--schedule] [--refresh] [--json]` | Wait for a session reset time or schedule an OS wake-up notification when due |
 | `cdx notify --next-ready [--poll seconds] [--once] [--schedule] [--refresh] [--json]` | Wait until the recommended session is usable, or schedule the next known reset notification |
+| `cdx next [--json] [--refresh]` | Select the best next assistant using the same priority logic as `cdx status` |
 | `cdx select --provider PROVIDER [--min-reasoning-effort low\|medium\|high] [--min-power low\|medium\|high] [--require-ready] [--refresh] --json` | Select a suitable session for headless automation |
 | `cdx run [session] --cwd PATH (--prompt-file PATH\|--prompt TEXT) [--provider PROVIDER] [--model MODEL] [--reasoning-effort low\|medium\|high] [--power low\|medium\|high] [--permission MODE] [--timeout-seconds N] --json` | Run one headless task and return a stable JSON result |
 | `cdx stats [name] [--since 7d\|today\|DATE] [--from DATE] [--to DATE] [--json]` | Aggregate launch counts, duration, and known headless token usage by session |

package/changelogs/CHANGELOGS_0_7_4.md

@@ -0,0 +1,45 @@
+# Changelog (`0.7.3 -> 0.7.4`)
+
+Release date: 2026-06-02
+
+## Security and Privacy
+
+- Rejected `.` and `..` as session names so profile and state paths cannot escape their managed directories.
+- Added import-bundle regression coverage for unsafe dot-path session names.
+- Redacted headless `cdx run` prompt arguments before persisting launch history while keeping provider execution unchanged.
+- Made headless `cdx run` perform a live provider auth probe instead of trusting only local credential files.
+- Hardened Claude auth invalidation so invalid Claude credentials are recorded as logged out during refresh and status handling.
+
+## Installer Integrity
+
+- Changed standalone Unix and PowerShell installers to fail closed when no official checksum is available.
+- Added the explicit `CDX_ALLOW_UNVERIFIED=1` override for users who intentionally accept an unverified archive.
+- Updated README security guidance for standalone installer checksum behavior.
+
+## Headless and Selection Behavior
+
+- Added the next-assistant recommendation command and improved resolved run reasoning-effort reporting.
+- Preserved stable provider-specific launch metadata while adding stricter headless auth validation.
+
+## Maintainability
+
+- Extracted headless run prompt, error-code, and JSON payload helpers into `src/run_command.py`.
+- Reduced the size of `src/cli_commands.py` without changing the public `cdx run --json` contract.
+
+## Coverage and Tests
+
+- Added regression coverage for dot-path session names, unsafe imported sessions, redacted headless history prompts, forced live auth probes, and unauthenticated headless runs.
+- Increased the Python test suite to 276 tests.
+
+## Release Metadata
+
+- Updated package metadata, CLI version output, README badge, pinned installer example, and release changelog to `v0.7.4`.
+
+## Validation and Regression Evidence
+
+- `npm run lint`
+- `npm test`
+- `npm audit --omit=dev --json`
+- `sh -n install.sh`
+- PowerShell parser check for `install.ps1`
+- `python3 -m logics_manager lint --require-status`

package/checksums/release-archives.json

@@ -40,6 +40,10 @@
     "v0.7.2": {
       "github_tarball_sha256": "9e993b15386c7b47895cfaca9c7e92165967ef34ecf8337c64823a5b0f9eb9e0",
       "github_zip_sha256": "1e5fd926a16811f84137636830e0b27776b9f8f8d2eb8953b620023c8bfe6fdd"
+    },
+    "v0.7.3": {
+      "github_tarball_sha256": "f68ac90a51c723eef9ae2b66106baa954f2fff8129fb5353e8eeb26b258b06c9",
+      "github_zip_sha256": "dde2512701808450b39c5c4431317d95d017f9944435db83ac4497b645feb719"
     }
   }
 }

package/install.ps1

@@ -62,7 +62,11 @@ try {
             throw "cdx install: checksum mismatch for $tag`nexpected: $Sha256`nactual:   $actualSha256"
         }
     } else {
-        Write-Warning "No official checksum available for $tag; continuing without verification."
+        if ($env:CDX_ALLOW_UNVERIFIED -eq "1") {
+            Write-Warning "No official checksum available for $tag; continuing because CDX_ALLOW_UNVERIFIED=1."
+        } else {
+            throw "cdx install: no official checksum available for $tag. Set CDX_ALLOW_UNVERIFIED=1 to install without checksum verification."
+        }
     }
     Expand-Archive -Path $archivePath -DestinationPath $extractRoot -Force
 

package/install.sh

@@ -86,7 +86,13 @@ if [ -n "$EXPECTED_SHA256" ]; then
     exit 1
   fi
 else
-  echo "cdx install: warning: no official checksum available for $TAG; continuing without verification" >&2
+  if [ "${CDX_ALLOW_UNVERIFIED:-}" = "1" ]; then
+    echo "cdx install: warning: no official checksum available for $TAG; continuing because CDX_ALLOW_UNVERIFIED=1" >&2
+  else
+    echo "cdx install: no official checksum available for $TAG" >&2
+    echo "Set CDX_ALLOW_UNVERIFIED=1 to install without checksum verification." >&2
+    exit 1
+  fi
 fi
 
 tar -xzf "$TMP_DIR/cdx-manager.tar.gz" -C "$TMP_DIR"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdx-manager",
-  "version": "0.7.3",
+  "version": "0.7.4",
   "description": "Terminal session manager for Codex and Claude accounts.",
   "license": "MIT",
   "author": "Alexandre Agostini",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cdx-manager"
-version = "0.7.3"
+version = "0.7.4"
 description = "Terminal session manager for Codex and Claude accounts."
 readme = "README.md"
 requires-python = ">=3.9"

package/src/claude_refresh.py

@@ -2,7 +2,7 @@ import inspect
 import threading
 from datetime import datetime, timezone
 
-from .claude_usage import refresh_claude_session_status
+from .claude_usage import ClaudeAuthInvalidError, refresh_claude_session_status
 from .config import PROVIDER_CLAUDE
 from .errors import CdxError
 
@@ -83,6 +83,24 @@ def _refresh_claude_sessions(service, refresh_fn=None, target_names=None, force=
         for t in threads:
             t.join(timeout=10)
 
+    invalid_auth = sorted({
+        item.get("session")
+        for item in errors
+        if item.get("session") and isinstance(item.get("error"), ClaudeAuthInvalidError)
+    })
+    if invalid_auth and service.get("update_auth_state"):
+        now = datetime.now(timezone.utc).astimezone().isoformat()
+        for name in invalid_auth:
+            try:
+                service["update_auth_state"](name, lambda auth: {
+                    **auth,
+                    "status": "logged_out",
+                    "lastCheckedAt": now,
+                    "lastLoggedOutAt": now,
+                })
+            except CdxError:
+                pass
+
     for name, usage in results.items():
         try:
             service["record_status"](name, usage)

package/src/claude_usage.py

@@ -15,6 +15,10 @@ CLAUDE_STATUS_PROBE_MODEL = os.environ.get("CDX_CLAUDE_STATUS_MODEL", "claude-ha
 CLAUDE_AUTH_STATUS_TIMEOUT_SECONDS = 15
 
 
+class ClaudeAuthInvalidError(CdxError):
+    pass
+
+
 def _clean_oauth_token(token):
     if not token:
         return None
@@ -142,6 +146,10 @@ def fetch_claude_rate_limit_headers(access_token):
             headers = {k.lower(): v for k, v in resp.getheaders()}
     except urllib.error.HTTPError as e:
         headers = {k.lower(): v for k, v in e.headers.items()}
+        if e.code == 401:
+            message = _read_http_error_message(e)
+            suffix = f": {message}" if message else ""
+            raise ClaudeAuthInvalidError(f"Claude usage unavailable (HTTP {e.code}{suffix})") from e
         if (
             "anthropic-ratelimit-unified-5h-utilization" not in headers
             and "anthropic-ratelimit-unified-7d-utilization" not in headers

package/src/cli.py

@@ -10,6 +10,7 @@ from .cli_commands import (
     handle_add,
     handle_clean,
     handle_config,
+    handle_configs,
     handle_context,
     handle_copy,
     handle_doctor,
@@ -25,6 +26,7 @@ from .cli_commands import (
     handle_logout,
     handle_launch_setting_alias,
     handle_notify,
+    handle_next,
     handle_remove,
     handle_repair,
     handle_rename,
@@ -58,7 +60,7 @@ from .status_view import (
 )
 from .update_check import check_for_update
 
-VERSION = "0.7.3"
+VERSION = "0.7.4"
 
 
 # ---------------------------------------------------------------------------
@@ -75,10 +77,12 @@ def _print_help(use_color=False):
         f"  {_style('cdx status [--json] [--refresh]', '36', use_color)}",
         f"  {_style('cdx status --small|-s [--refresh]', '36', use_color)}",
         f"  {_style('cdx status <name> [--json] [--refresh]', '36', use_color)}",
+        f"  {_style('cdx next [--json] [--refresh]', '36', use_color)}",
         f"  {_style('cdx select --provider PROVIDER [--min-reasoning-effort low|medium|high] [--min-power low|medium|high] [--require-ready] [--refresh] --json', '36', use_color)}",
         f"  {_style('cdx run [session] --cwd PATH (--prompt-file PATH|--prompt TEXT) [--provider PROVIDER] [--model MODEL] [--reasoning-effort low|medium|high] [--power low|medium|high] [--permission review|default|auto|full|workspace-write|read-only|danger-full-access] [--timeout-seconds N] --json', '36', use_color)}",
         f"  {_style('cdx context show|path|init|edit|clear|set [text...] [--json]', '36', use_color)}",
         f"  {_style('cdx config <name> [--json]', '36', use_color)}",
+        f"  {_style('cdx configs [--json]', '36', use_color)}",
         f"  {_style('cdx power|perm|fast|model <name|all|provider:PROVIDER|a,b> <value|default> [--json]', '36', use_color)}",
         f"  {_style('cdx set <name>|--sessions all|a,b|--provider PROVIDER [--power low|medium|high|xhigh|max] [--permission review|default|auto|full] [--fast on|off] [--rtk on|off] [--model MODEL] [--priority 0..100] [--json]', '36', use_color)}",
         f"  {_style('cdx unset <name>|--sessions all|a,b|--provider PROVIDER (--power|--permission|--fast|--rtk|--model|--priority|--all) [--json]', '36', use_color)}",
@@ -240,7 +244,7 @@ def main(argv, options=None):
         "version": VERSION,
         "cwd": options.get("cwd") or os.getcwd(),
         "update_notice": _get_update_notice(service, env, options) if command not in (
-            "add", "cp", "ren", "rename", "mv", "rmv", "clean", "doctor", "repair", "update", "ready", "notify", "context", "config", "set", "unset", "power", "perm", "fast", "model", "history", "stats", "handoff", "login", "logout", "disable", "enable", "export", "import", "select", "run", "help", "version"
+            "add", "cp", "ren", "rename", "mv", "rmv", "clean", "doctor", "repair", "update", "ready", "notify", "next", "context", "config", "configs", "set", "unset", "power", "perm", "fast", "model", "history", "stats", "handoff", "login", "logout", "disable", "enable", "export", "import", "select", "run", "help", "version"
         ) else None,
         "use_color": use_color,
     }
@@ -289,12 +293,18 @@ def main(argv, options=None):
     if command == "notify":
         return handle_notify(rest, ctx)
 
+    if command == "next":
+        return handle_next(rest, ctx)
+
     if command == "context":
         return handle_context(rest, ctx)
 
     if command == "config":
         return handle_config(rest, ctx)
 
+    if command == "configs":
+        return handle_configs(rest, ctx)
+
     if command == "set":
         return handle_set(rest, ctx)
 

package/src/cli_commands.py

@@ -40,8 +40,9 @@ from .provider_runtime import (
 )
 from .repair import format_repair_report, repair_health
 from .backup_bundle import read_bundle_meta
-from .run_usage import empty_usage, extract_run_usage
-from .status_view import _format_status_detail, _format_status_rows
+from .run_usage import extract_run_usage
+from .run_command import read_run_prompt, run_cdx_error_code, run_result_payload
+from .status_view import _format_status_detail, _format_status_rows, format_priority_instruction, recommend_priority_rows
 from .update_check import LatestReleaseCheckError, fetch_latest_release, fetch_latest_release_or_raise, is_newer_version
 from .update_manager import build_update_plan, format_update_failure, run_update_plan, verify_updated_command
 
@@ -58,10 +59,12 @@ SET_USAGE = "Usage: cdx set <name>|--sessions all|a,b|--provider PROVIDER [--pow
 UNSET_USAGE = "Usage: cdx unset <name>|--sessions all|a,b|--provider PROVIDER (--power|--permission|--fast|--rtk|--model|--priority|--all) [--json]"
 SETTING_ALIAS_USAGE = "Usage: cdx power|perm|fast|model <name|all|provider:PROVIDER|a,b> <value|default> [--json]"
 CONFIG_USAGE = "Usage: cdx config <name> [--json]"
+CONFIGS_USAGE = "Usage: cdx configs [--json]"
 HISTORY_USAGE = "Usage: cdx history [name] [--limit N] [--summary] [--since 7d|today|DATE] [--from DATE] [--to DATE] [--json]"
 STATS_USAGE = "Usage: cdx stats [name] [--since 7d|today|DATE] [--from DATE] [--to DATE] [--json]"
 LAST_USAGE = "Usage: cdx last [--json]"
 SELECT_USAGE = "Usage: cdx select --provider PROVIDER [--min-reasoning-effort low|medium|high] [--min-power low|medium|high] [--require-ready] [--refresh] --json"
+NEXT_USAGE = "Usage: cdx next [--json] [--refresh]"
 RUN_USAGE = "Usage: cdx run [session] --cwd PATH (--prompt-file PATH|--prompt TEXT) [--provider PROVIDER] [--model MODEL] [--reasoning-effort low|medium|high] [--power low|medium|high] [--permission review|default|auto|full|workspace-write|read-only|danger-full-access] [--timeout-seconds N] --json"
 API_SCHEMA_VERSION = 1
 HANDOFF_TRANSCRIPT_CHARS = 120000
@@ -598,6 +601,13 @@ def _parse_config_args(args):
     return {"name": parsed["names"][0], "json": parsed["json"]}
 
 
+def _parse_configs_args(args):
+    parsed = _parse_flag_args(args, {
+        "--json": {"key": "json", "type": "bool", "default": False},
+    }, CONFIGS_USAGE)
+    return {"json": parsed["json"]}
+
+
 def _parse_select_args(args):
     parsed = _parse_flag_args(args, {
         "--provider": {"key": "provider", "type": "str", "default": None, "transform": lambda value: _parse_provider_filter(value, SELECT_USAGE)},
@@ -623,6 +633,14 @@ def _parse_select_args(args):
     }
 
 
+def _parse_next_args(args):
+    parsed = _parse_flag_args(args, {
+        "--refresh": {"key": "refresh", "type": "bool", "default": False},
+        "--json": {"key": "json", "type": "bool", "default": False},
+    }, NEXT_USAGE)
+    return {"json": parsed["json"], "refresh": parsed["refresh"]}
+
+
 def _parse_timeout_seconds(value):
     try:
         parsed = float(value)
@@ -1229,70 +1247,73 @@ def handle_select(rest, ctx):
     return 0
 
 
-def _read_run_prompt(parsed):
-    if parsed.get("prompt") is not None:
-        return parsed["prompt"]
-    try:
-        with open(parsed["prompt_file"], "r", encoding="utf-8") as handle:
-            return handle.read()
-    except OSError as error:
-        raise CdxError(f"Unable to read prompt file: {parsed['prompt_file']}") from error
-
-
-def _run_cdx_error_code(error):
-    message = str(error)
-    if message.startswith("Usage:"):
-        return "invalid_request"
-    if message.startswith("Invalid cwd:"):
-        return "invalid_cwd"
-    if message.startswith("Session is disabled:"):
-        return "session_disabled"
-    if "CLI not found on PATH" in message:
-        return "provider_cli_not_found"
-    if message.startswith("Failed to start "):
-        return "provider_start_failed"
-    if (
-        message.startswith("Unsupported reasoning effort:")
-        or message.startswith("Unsupported power:")
-        or "--reasoning-effort and --power must match" in message
-    ):
-        return "invalid_reasoning_effort"
-    return "cdx_error"
-
-
-def _run_result_payload(ok, parsed, session, run_info=None, error=None, error_source=None, error_code=None):
-    run_info = run_info or {}
-    usage = run_info.get("usage") if isinstance(run_info.get("usage"), dict) else (
-        extract_run_usage(session.get("provider"), run_info.get("stdout_path"))
-        if session else
-        empty_usage()
-    )
-    return {
-        "schema_version": API_SCHEMA_VERSION,
-        "ok": bool(ok),
-        "action": "run",
-        "launcher": "cdx",
-        "session": session.get("name") if session else None,
-        "provider": session.get("provider") if session else parsed.get("provider"),
-        "model": parsed.get("model") or ((session.get("launch") or {}).get("model") if session else None),
-        "reasoning_effort": parsed.get("reasoning_effort") or ((session.get("launch") or {}).get("reasoning_effort") if session else None),
-        "power": parsed.get("power") or ((session.get("launch") or {}).get("power") if session else None),
-        "cwd": os.path.abspath(parsed.get("cwd") or os.getcwd()),
-        "run_id": run_info.get("run_id"),
-        "exit_code": run_info.get("returncode"),
-        "duration_seconds": (run_info.get("duration_ms") / 1000.0) if run_info.get("duration_ms") is not None else None,
-        "transcript_path": run_info.get("transcript_path"),
-        "stdout_path": run_info.get("stdout_path"),
-        "stderr_path": run_info.get("stderr_path"),
-        "usage": usage,
-        "warnings": [],
-        "error": None if ok else {
-            "source": error_source or "cdx",
-            "code": error_code or "cdx_error",
-            "message": str(error) if error else "Run failed.",
-            "provider_code": run_info.get("returncode") if error_source == "provider" else None,
-        },
-    }
+def _format_next_pct(value):
+    return "n/a" if value is None else f"{value}%"
+
+
+def _next_action(row):
+    instruction = format_priority_instruction(row, "first")
+    return "refresh" if instruction.startswith("refresh ") else "use"
+
+
+def _format_next_selection(session, row, use_color=False):
+    from .cli_render import _pad_table
+
+    action = _next_action(row)
+    command = f"cdx status {session['name']} --refresh" if action == "refresh" else f"cdx {session['name']}"
+    rows = [[_style(value, "1", use_color) for value in ["SESSION", "PROVIDER", "OK", "5H", "WEEK", "REASON"]]]
+    rows.append([
+        _style(session["name"], "36", use_color),
+        _dim(session.get("provider") or "-", use_color),
+        _format_next_pct(row.get("available_pct")),
+        _format_next_pct(row.get("remaining_5h_pct")),
+        _format_next_pct(row.get("remaining_week_pct")),
+        format_priority_instruction(row, "first"),
+    ])
+    return "\n".join([
+        _style("Next assistant:", "1", use_color),
+        _pad_table(rows),
+        "",
+        f"{_style('Run:', '1', use_color)} {_style(command, '36', use_color)}",
+    ])
+
+
+def handle_next(rest, ctx):
+    parsed = _parse_next_args(rest)
+    rows = ctx["service"]["get_status_rows"](force_refresh=parsed["refresh"])
+    priority = recommend_priority_rows(rows)
+    if not priority:
+        message = "No usable session status yet."
+        if parsed["json"]:
+            _write_json(ctx, _json_failure("next", "no_suitable_session", message, selection_policy="status_priority"))
+            return 1
+        ctx["out"](f"{_warn(message, ctx['use_color'])}\n")
+        return 1
+    row = priority[0]
+    session_name = row.get("session_name")
+    session = ctx["service"]["get_session"](session_name)
+    if not session:
+        message = f"Selected status row has no matching session: {session_name}"
+        if parsed["json"]:
+            _write_json(ctx, _json_failure("next", "missing_session", message, selection_policy="status_priority", row=row))
+            return 1
+        raise CdxError(message)
+    action = _next_action(row)
+    message = f"Selected next session {session['name']}"
+    if parsed["json"]:
+        _write_json(ctx, _json_success(
+            "next",
+            message,
+            session=session,
+            row=row,
+            recommended_action=action,
+            command=f"cdx status {session['name']} --refresh" if action == "refresh" else f"cdx {session['name']}",
+            reason=format_priority_instruction(row, "first"),
+            selection_policy="status_priority",
+        ))
+        return 0
+    ctx["out"](f"{_format_next_selection(session, row, ctx['use_color'])}\n")
+    return 0
 
 
 def handle_run(rest, ctx):
@@ -1327,7 +1348,7 @@ def handle_run(rest, ctx):
         cwd = os.path.abspath(parsed["cwd"])
         if not os.path.isdir(cwd):
             raise CdxError(f"Invalid cwd: {parsed['cwd']}")
-        prompt = _read_run_prompt(parsed)
+        prompt = read_run_prompt(parsed)
         launch_updates = {}
         if parsed.get("model"):
             launch_updates["model"] = parsed["model"]
@@ -1352,6 +1373,7 @@ def handle_run(rest, ctx):
             stdin_is_tty=False,
             behavior="launch",
             signal_emitter=ctx.get("signal_emitter"),
+            trust_local_credentials=False,
         )
         run_info = _run_headless_provider_command(
             run_session,
@@ -1371,7 +1393,7 @@ def handle_run(rest, ctx):
                 "exit_code": 0,
                 **run_info,
             })
-            _write_json(ctx, _run_result_payload(True, parsed, run_session, run_info=run_info))
+            _write_json(ctx, run_result_payload(API_SCHEMA_VERSION, True, parsed, run_session, run_info=run_info))
             return 0
         message = "Provider process timed out." if run_info.get("timed_out") else "Provider process exited with a non-zero status."
         error = CdxError(message, run_info.get("returncode") or 1)
@@ -1382,7 +1404,8 @@ def handle_run(rest, ctx):
             "exit_code": error.exit_code,
             **run_info,
         })
-        _write_json(ctx, _run_result_payload(
+        _write_json(ctx, run_result_payload(
+            API_SCHEMA_VERSION,
             False,
             parsed,
             run_session,
@@ -1394,28 +1417,102 @@ def handle_run(rest, ctx):
         return error.exit_code or 1
     except CdxError as error:
         run_info = getattr(error, "run_info", None)
-        _write_json(ctx, _run_result_payload(
+        _write_json(ctx, run_result_payload(
+            API_SCHEMA_VERSION,
             False,
             locals().get("parsed", {}) or {},
             locals().get("session"),
             run_info=run_info,
             error=error,
             error_source="cdx",
-            error_code=_run_cdx_error_code(error),
+            error_code=run_cdx_error_code(error),
         ))
         return error.exit_code
 
 
-def _format_launch_config(session):
+def _format_launch_config(session, use_color=False):
+    from .cli_render import _dim, _pad_table, _style
+
     launch = session.get("launch") or {}
+    rows = [[_style("SETTING", "1", use_color), _style("VALUE", "1", use_color)]]
+    for key, label in [
+        ("power", "Power"),
+        ("permission", "Permission"),
+        ("fast", "Fast"),
+        ("rtk", "RTK"),
+        ("model", "Model"),
+        ("priority", "Priority"),
+    ]:
+        rows.append([
+            _dim(label, use_color),
+            _format_launch_setting_value(launch, key, use_color=use_color),
+        ])
+    provider_label = f"({session['provider']})"
     return "\n".join([
-        f"{session['name']} ({session['provider']})",
-        f"power:      {launch.get('power') or 'default'}",
-        f"permission: {launch.get('permission') or 'default'}",
-        f"fast:       {'on' if launch.get('fast') is True else 'off' if launch.get('fast') is False else 'default'}",
-        f"rtk:        {'on' if launch.get('rtk') is True else 'off' if launch.get('rtk') is False else 'default'}",
-        f"model:      {launch.get('model') or 'default'}",
-        f"priority:   {launch.get('priority') if launch.get('priority') is not None else 'default'}",
+        _style("Launch settings:", "1", use_color),
+        f"{_style(session['name'], '36', use_color)} {_dim(provider_label, use_color)}",
+        _pad_table(rows),
+        "",
+        _dim(_format_launch_settings_hint(session["name"]), use_color),
+    ])
+
+
+def _format_launch_settings_hint(name="<name>"):
+    return (
+        f"Set a value: cdx set {name} --power medium --permission auto "
+        "--fast on --rtk on --model MODEL --priority 80"
+    )
+
+
+def _format_launch_setting_value(launch, key, use_color=False):
+    if key == "fast" or key == "rtk":
+        if launch.get(key) is True:
+            return _style("on", "32", use_color)
+        if launch.get(key) is False:
+            return _style("off", "2", use_color)
+        return _dim("default", use_color)
+    value = launch.get(key)
+    if value is None or value == "":
+        return _dim("default", use_color)
+    if key == "priority":
+        return _style(str(value), "33", use_color)
+    if key == "power":
+        return _style(str(value), "96", use_color)
+    if key == "permission":
+        return _style(str(value), "32", use_color)
+    return str(value)
+
+
+def _format_launch_configs(sessions, use_color=False):
+    from .cli_render import _dim, _pad_table, _style
+
+    if not sessions:
+        return "\n".join([
+            _style("Launch settings:", "1", use_color),
+            "No sessions.",
+            "",
+            _dim(_format_launch_settings_hint(), use_color),
+        ])
+    rows = [[_style(value, "1", use_color) for value in [
+        "SESSION", "PROVIDER", "POWER", "PERMISSION", "FAST", "RTK", "MODEL", "PRIORITY"
+    ]]]
+    for session in sessions:
+        launch = session.get("launch") or {}
+        rows.append([
+            _style(session["name"], "36", use_color),
+            _dim(session.get("provider") or "-", use_color),
+            _format_launch_setting_value(launch, "power", use_color),
+            _format_launch_setting_value(launch, "permission", use_color),
+            _format_launch_setting_value(launch, "fast", use_color),
+            _format_launch_setting_value(launch, "rtk", use_color),
+            _format_launch_setting_value(launch, "model", use_color),
+            _format_launch_setting_value(launch, "priority", use_color),
+        ])
+    return "\n".join([
+        _style("Launch settings:", "1", use_color),
+        _pad_table(rows),
+        "",
+        _dim(_format_launch_settings_hint(), use_color),
     ])
 
 
@@ -1825,7 +1922,7 @@ def _apply_launch_settings(parsed, ctx, action="set"):
         return 0
     ctx["out"](f"{_success(message, ctx['use_color'])}\n")
     if len(sessions) == 1:
-        ctx["out"](f"{_format_launch_config(sessions[0])}\n")
+        ctx["out"](f"{_format_launch_config(sessions[0], ctx['use_color'])}\n")
     return 0
 
 
@@ -1853,7 +1950,7 @@ def _clear_launch_settings(parsed, ctx, action="unset"):
         return 0
     ctx["out"](f"{_success(message, ctx['use_color'])}\n")
     if len(sessions) == 1:
-        ctx["out"](f"{_format_launch_config(sessions[0])}\n")
+        ctx["out"](f"{_format_launch_config(sessions[0], ctx['use_color'])}\n")
     return 0
 
 
@@ -1881,7 +1978,18 @@ def handle_config(rest, ctx):
     if parsed["json"]:
         _write_json(ctx, _json_success("config", message, session=session, launch=session.get("launch") or {}))
         return 0
-    ctx["out"](f"{_format_launch_config(session)}\n")
+    ctx["out"](f"{_format_launch_config(session, ctx['use_color'])}\n")
+    return 0
+
+
+def handle_configs(rest, ctx):
+    parsed = _parse_configs_args(rest)
+    sessions = ctx["service"]["list_sessions"]()
+    message = f"Listed launch settings for {len(sessions)} session{'s' if len(sessions) != 1 else ''}"
+    if parsed["json"]:
+        _write_json(ctx, _json_success("configs", message, count=len(sessions), sessions=sessions))
+        return 0
+    ctx["out"](f"{_format_launch_configs(sessions, ctx['use_color'])}\n")
     return 0
 
 

package/src/cli_render.py

@@ -146,6 +146,9 @@ def _format_sessions(service, use_color=False):
     lines += [
         _style("Next actions:", "1", use_color),
         f"  {_style('cdx status', '36', use_color)}",
+        f"  {_style('cdx next', '36', use_color)}",
+        f"  {_style('cdx configs', '36', use_color)}",
+        f"  {_style('cdx stats', '36', use_color)}",
         f"  {_style('cdx ready', '36', use_color)}",
         f"  {_style('cdx perm all default', '36', use_color)}",
         f"  {_style('cdx handoff <source> <target>', '36', use_color)}",

package/src/provider_runtime.py

@@ -39,6 +39,7 @@ HEADLESS_CODEX_PERMISSION_ARGS = {
     "auto": ["-s", "workspace-write", "-c", 'approval_policy="never"'],
     "full": ["--dangerously-bypass-approvals-and-sandbox"],
 }
+REDACTED_PROMPT_ARG = "[prompt redacted]"
 
 
 def _home_env_overrides(auth_home):
@@ -108,6 +109,12 @@ def _has_local_claude_auth(auth_home):
     return bool(isinstance(oauth, dict) and _clean_oauth_token(oauth.get("accessToken")))
 
 
+def _read_claude_launch_oauth_token(auth_home):
+    if _has_local_claude_auth(auth_home):
+        return None
+    return _read_anthropic_oauth_token(auth_home)
+
+
 def _has_local_codex_auth(auth_home):
     try:
         with open(os.path.join(auth_home, "auth.json"), "r", encoding="utf-8") as handle:
@@ -312,7 +319,7 @@ def _build_launch_spec(session, cwd=None, env_override=None, initial_prompt=None
             args.append(initial_prompt)
         auth_home = _get_auth_home(session)
         claude_env = _claude_env(env, auth_home)
-        oauth_token = _read_anthropic_oauth_token(auth_home)
+        oauth_token = _read_claude_launch_oauth_token(auth_home)
         if oauth_token:
             claude_env["CLAUDE_CODE_OAUTH_TOKEN"] = oauth_token
         return _wrap_launch_with_transcript(session, {
@@ -393,7 +400,7 @@ def _build_headless_launch_spec(session, cwd=None, env_override=None, initial_pr
             args.append(initial_prompt)
         auth_home = _get_auth_home(session)
         claude_env = _claude_env(env, auth_home)
-        oauth_token = _read_anthropic_oauth_token(auth_home)
+        oauth_token = _read_claude_launch_oauth_token(auth_home)
         if oauth_token:
             claude_env["CLAUDE_CODE_OAUTH_TOKEN"] = oauth_token
         return {
@@ -401,6 +408,7 @@ def _build_headless_launch_spec(session, cwd=None, env_override=None, initial_pr
             "args": args,
             "options": {"cwd": cwd, "env": claude_env},
             "label": "claude",
+            "sensitive_args": [initial_prompt] if initial_prompt else [],
         }
 
     if session["provider"] == PROVIDER_CODEX:
@@ -418,6 +426,7 @@ def _build_headless_launch_spec(session, cwd=None, env_override=None, initial_pr
             "args": args,
             "options": {"cwd": cwd, "env": {**env, "CODEX_HOME": _get_auth_home(session)}},
             "label": "codex",
+            "sensitive_args": [initial_prompt] if initial_prompt else [],
         }
 
     return _build_launch_spec(
@@ -468,7 +477,7 @@ def _headless_run_info(paths, spec, start_time, returncode):
         "ended_at": end_time.isoformat().replace("+00:00", "Z"),
         "duration_ms": int((end_time - start_time).total_seconds() * 1000),
         "command": spec.get("command"),
-        "args": list(spec.get("args") or []),
+        "args": _redact_sensitive_args(spec),
         "label": spec.get("label"),
         "pid": None,
         "returncode": returncode,
@@ -476,6 +485,14 @@ def _headless_run_info(paths, spec, start_time, returncode):
     }
 
 
+def _redact_sensitive_args(spec):
+    args = list(spec.get("args") or [])
+    sensitive = {value for value in (spec.get("sensitive_args") or []) if value}
+    if not sensitive:
+        return args
+    return [REDACTED_PROMPT_ARG if arg in sensitive else arg for arg in args]
+
+
 def _run_headless_provider_command(session, cwd=None, env_override=None, initial_prompt=None,
                                    timeout_seconds=None, spawn=None, run_id=None):
     spawn = spawn or subprocess.Popen
@@ -545,7 +562,7 @@ def _run_headless_provider_command(session, cwd=None, env_override=None, initial
         "ended_at": end_time.isoformat().replace("+00:00", "Z"),
         "duration_ms": int((end_time - start_time).total_seconds() * 1000),
         "command": spec.get("command"),
-        "args": list(spec.get("args") or []),
+        "args": _redact_sensitive_args(spec),
         "label": spec.get("label"),
         "pid": getattr(child, "pid", None),
         "returncode": returncode,
@@ -558,7 +575,7 @@ def _build_login_status_spec(session, env_override=None):
     if session["provider"] == PROVIDER_CLAUDE:
         auth_home = _get_auth_home(session)
         env = _claude_env(env, auth_home)
-        oauth_token = _read_anthropic_oauth_token(auth_home)
+        oauth_token = _read_claude_launch_oauth_token(auth_home)
         if oauth_token:
             env["CLAUDE_CODE_OAUTH_TOKEN"] = oauth_token
 
@@ -639,13 +656,14 @@ def _resolve_command(command, env=None):
     return shutil.which(command, path=env.get("PATH")) or command
 
 
-def _probe_provider_auth(session, spawn_sync=None, env_override=None):
+def _probe_provider_auth(session, spawn_sync=None, env_override=None, trust_local_credentials=True):
     spawn_sync = spawn_sync or subprocess.run
     spec = _build_login_status_spec(session, env_override)
-    if session.get("provider") == PROVIDER_CLAUDE and _has_local_claude_auth(_get_auth_home(session)):
-        return True
-    if session.get("provider") == PROVIDER_CODEX and _has_local_codex_auth(_get_auth_home(session)):
-        return True
+    if trust_local_credentials:
+        if session.get("provider") == PROVIDER_CLAUDE and _has_local_claude_auth(_get_auth_home(session)):
+            return True
+        if session.get("provider") == PROVIDER_CODEX and _has_local_codex_auth(_get_auth_home(session)):
+            return True
     try:
         if spawn_sync is subprocess.run:
             command = _resolve_command(spec["command"], spec["env"])
@@ -830,8 +848,17 @@ def _should_retry_without_transcript(spec):
 
 def _ensure_session_authentication(session, service, spawn=None, spawn_sync=None,
                                    stdin_is_tty=True, env_override=None, behavior="launch",
-                                   signal_emitter=None):
-    is_authenticated = _probe_provider_auth(session, spawn_sync=spawn_sync, env_override=env_override)
+                                   signal_emitter=None, trust_local_credentials=True):
+    if behavior == "launch" and (session.get("auth") or {}).get("status") == "logged_out":
+        raise CdxError(
+            f"Session {session['name']} is not authenticated. Run: cdx login {session['name']}"
+        )
+    is_authenticated = _probe_provider_auth(
+        session,
+        spawn_sync=spawn_sync,
+        env_override=env_override,
+        trust_local_credentials=trust_local_credentials,
+    )
     if is_authenticated:
         return {"authenticated": True, "checked": True}
     if behavior == "probe-only":

package/src/run_command.py

@@ -0,0 +1,83 @@
+import os
+
+from .errors import CdxError
+from .run_usage import empty_usage, extract_run_usage
+
+
+def read_run_prompt(parsed):
+    if parsed.get("prompt") is not None:
+        return parsed["prompt"]
+    try:
+        with open(parsed["prompt_file"], "r", encoding="utf-8") as handle:
+            return handle.read()
+    except OSError as error:
+        raise CdxError(f"Unable to read prompt file: {parsed['prompt_file']}") from error
+
+
+def run_cdx_error_code(error):
+    message = str(error)
+    if message.startswith("Usage:"):
+        return "invalid_request"
+    if message.startswith("Invalid cwd:"):
+        return "invalid_cwd"
+    if message.startswith("Session is disabled:"):
+        return "session_disabled"
+    if "CLI not found on PATH" in message:
+        return "provider_cli_not_found"
+    if message.startswith("Failed to start "):
+        return "provider_start_failed"
+    if (
+        message.startswith("Unsupported reasoning effort:")
+        or message.startswith("Unsupported power:")
+        or "--reasoning-effort and --power must match" in message
+    ):
+        return "invalid_reasoning_effort"
+    return "cdx_error"
+
+
+def run_payload_reasoning_effort(parsed, session):
+    launch = (session.get("launch") or {}) if session else {}
+    return (
+        parsed.get("reasoning_effort")
+        or parsed.get("power")
+        or launch.get("reasoning_effort")
+        or launch.get("reasoningEffort")
+        or launch.get("power")
+        or ("low" if launch.get("fast") is True else None)
+    )
+
+
+def run_result_payload(api_schema_version, ok, parsed, session, run_info=None,
+                       error=None, error_source=None, error_code=None):
+    run_info = run_info or {}
+    usage = run_info.get("usage") if isinstance(run_info.get("usage"), dict) else (
+        extract_run_usage(session.get("provider"), run_info.get("stdout_path"))
+        if session else
+        empty_usage()
+    )
+    return {
+        "schema_version": api_schema_version,
+        "ok": bool(ok),
+        "action": "run",
+        "launcher": "cdx",
+        "session": session.get("name") if session else None,
+        "provider": session.get("provider") if session else parsed.get("provider"),
+        "model": parsed.get("model") or ((session.get("launch") or {}).get("model") if session else None),
+        "reasoning_effort": run_payload_reasoning_effort(parsed, session),
+        "power": parsed.get("power") or ((session.get("launch") or {}).get("power") if session else None),
+        "cwd": os.path.abspath(parsed.get("cwd") or os.getcwd()),
+        "run_id": run_info.get("run_id"),
+        "exit_code": run_info.get("returncode"),
+        "duration_seconds": (run_info.get("duration_ms") / 1000.0) if run_info.get("duration_ms") is not None else None,
+        "transcript_path": run_info.get("transcript_path"),
+        "stdout_path": run_info.get("stdout_path"),
+        "stderr_path": run_info.get("stderr_path"),
+        "usage": usage,
+        "warnings": [],
+        "error": None if ok else {
+            "source": error_source or "cdx",
+            "code": error_code or "cdx_error",
+            "message": str(error) if error else "Run failed.",
+            "provider_code": run_info.get("returncode") if error_source == "provider" else None,
+        },
+    }

package/src/session_service.py

@@ -23,19 +23,26 @@ RESERVED_SESSION_NAMES = {
     "add",
     "clean",
     "context",
+    "configs",
     "cp",
     "disable",
     "doctor",
     "enable",
     "export",
+    "fast",
     "help",
     "handoff",
     "history",
     "import",
+    "last",
     "login",
     "logout",
+    "model",
     "mv",
+    "next",
     "notify",
+    "perm",
+    "power",
     "ready",
     "repair",
     "ren",
@@ -45,6 +52,7 @@ RESERVED_SESSION_NAMES = {
     "select",
     "config",
     "set",
+    "stats",
     "status",
     "unset",
     "update",
@@ -63,6 +71,10 @@ LAUNCH_PERMISSION_VALUES = {"review", "default", "auto", "full"}
 MAX_LAUNCH_MODEL_LENGTH = 128
 MIN_LAUNCH_PRIORITY = 0
 MAX_LAUNCH_PRIORITY = 100
+DEFAULT_LAUNCH_SETTINGS = {
+    "power": "medium",
+    "fast": False,
+}
 
 
 def _encode(name):
@@ -450,6 +462,8 @@ def create_session_service(options=None):
             raise CdxError("Session name is required")
         if str(name) != str(name).strip():
             raise CdxError("Session name cannot start or end with whitespace")
+        if str(name) in (".", ".."):
+            raise CdxError("Session name cannot be . or ..")
         if len(str(name)) > MAX_SESSION_NAME_LENGTH:
             raise CdxError(f"Session name is too long (max {MAX_SESSION_NAME_LENGTH} characters)")
         if any(ord(ch) < 32 or ord(ch) == 127 for ch in str(name)):
@@ -544,6 +558,7 @@ def create_session_service(options=None):
             "lastLaunchedAt": None,
             "lastStatusAt": None,
             "lastStatus": None,
+            "launch": dict(DEFAULT_LAUNCH_SETTINGS),
             "auth": {
                 "status": "unknown",
                 "lastCheckedAt": None,
@@ -1117,7 +1132,7 @@ def create_session_service(options=None):
         bundle_bytes = encode_bundle(payload, include_auth=include_auth, passphrase=passphrase)
         if progress_callback:
             progress_callback({"event": "writing_started", "path": file_path, "bundle_size_bytes": len(bundle_bytes)})
-        _ensure_private_dir(os.path.dirname(os.path.abspath(file_path)) or ".")
+        os.makedirs(os.path.dirname(os.path.abspath(file_path)) or ".", exist_ok=True)
         with open(file_path, "wb") as handle:
             handle.write(bundle_bytes)
         if sys.platform != "win32":

package/src/status_view.py

@@ -87,15 +87,11 @@ def _format_status_rows(rows, use_color=False, small=False):
         return "SESSION  STATUS  OK  5H  WEEK  BLOCK  CR  RESET 5H  RESET WEEK  UPDATED\nNo saved sessions yet."
     headers = [_style(header, "1", use_color) for header in headers]
     active_rows = [r for r in rows if r.get("enabled", True) is not False]
-    priority_candidates = [
-        r for r in active_rows
-        if _format_auth_status(r) != "logged out"
-    ]
+    priority = recommend_priority_rows(rows)
     disabled_rows = sorted(
         [r for r in rows if r.get("enabled", True) is False],
         key=lambda r: r.get("session_name") or "",
     )
-    priority = _recommend_priority_sessions(priority_candidates)
     priority_names = {r.get("session_name") for r in priority}
     non_priority_active = [
         r for r in active_rows
@@ -180,6 +176,19 @@ def _format_auth_status(row):
     return "unknown"
 
 
+def recommend_priority_rows(rows):
+    active_rows = [r for r in rows if r.get("enabled", True) is not False]
+    priority_candidates = [
+        r for r in active_rows
+        if _format_auth_status(r) != "logged out"
+    ]
+    return _recommend_priority_sessions(priority_candidates)
+
+
+def format_priority_instruction(row, position="first"):
+    return _priority_instruction(row, position)
+
+
 def _recommend_priority_sessions(rows):
     if not rows:
         return []