claude-profile-switch 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Ashutosh Adhao
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,152 @@
+# claude-switch
+
+> npm package: **`claude-profile-switch`** · command: **`claude-switch`**
+
+Switch between multiple saved **Claude Code** accounts/sessions from one terminal —
+macOS, Linux, and Windows. Zero dependencies (just Node, which Claude Code already needs).
+
+## Why
+
+Claude Code keeps a single active session. If you use more than one account
+(personal / team / client), you'd normally have to re-`/login` every time you
+switch. `claude-switch` snapshots a session into a named profile and swaps it
+back in instantly.
+
+## What it saves
+
+A profile snapshots **both** halves of an account so the switch is clean:
+
+| Piece | Location (Linux/Windows) | Location (macOS) |
+|-------|--------------------------|------------------|
+| Session token | `~/.claude/.credentials.json` | login Keychain → service `Claude Code-credentials` |
+| Account identity (email, account/org UUID) | `~/.claude.json` → `oauthAccount` | same |
+
+Profiles live in `~/.claude-switch/profiles/<name>/` with `0600` permissions.
+
+## Install
+
+From npm (once published):
+
+```bash
+npm install -g claude-profile-switch
+```
+
+Or from a local clone of this directory:
+
+```bash
+npm install -g .
+# or, for a live-editable dev install:
+npm link
+```
+
+Either way you get the `claude-switch` command on your PATH on all three OSes.
+Verify with `claude-switch help`. (Requires Node ≥ 16.)
+
+## Commands
+
+```bash
+claude-switch save <profile>     # save the current session as <profile>
+claude-switch update [profile]   # re-sync a profile from the live session (default: active)
+claude-switch use <profile>      # switch to a saved profile
+claude-switch list               # list profiles; ● marks the active one
+claude-switch list --usage       # ...also show live quota for the active session
+claude-switch usage              # detailed usage limits for the current session
+claude-switch delete <profile>   # remove a saved profile (live login untouched)
+claude-switch whoami             # show current account + profile + token status
+claude-switch help
+```
+
+## Usage limits (`usage` / `list --usage`)
+
+Two different "time left" numbers exist — don't confuse them:
+
+- **Token expiry** — when the OAuth access token needs refreshing. Shown by
+  `list`/`whoami`, read locally from the credentials (free, instant).
+- **Usage window** — your plan's 5-hour and weekly quotas, and when they reset.
+  This is **server-side only** (not stored on disk), so it requires one tiny API
+  call (Haiku, `max_tokens:1` — negligible quota).
+
+```
+$ claude-switch usage
+Current session: you@example.com
+Token:           valid, 6h 6m left
+Usage limits:
+  5-hour  40% left  (60% used)  resets in 2h 13m (6/22/2026, 8:30:00 PM)
+  weekly  93% left  (7% used)   resets in 3d 2h  (6/25/2026, 8:30:00 PM)
+```
+
+Plain `list` stays offline/free; add `--usage` only when you want live quota, so
+listing never silently spends quota. Usage is fetched for the **active** session
+only (its token is the current one).
+
+### Typical flow
+
+> **Logging in:** there is no `claude login` command. Start Claude Code with
+> `claude`, then type the `/login` slash command inside the session, complete the
+> browser flow, and `/exit`. (`claude auth` is the CLI entry point for managing
+> authentication if you prefer staying in the shell.)
+
+```bash
+# Log in to account A:  run `claude`, type `/login`, then `/exit`. Snapshot it:
+claude-switch save work
+
+# Log in to account B (run `claude` → `/login` → `/exit`), then snapshot it:
+claude-switch save personal
+
+# Jump between them
+claude-switch use work
+claude-switch use personal
+```
+
+## Refreshing a token
+
+Tokens rotate / eventually expire. To refresh the one stored in a profile,
+re-authenticate inside Claude Code first, then re-sync:
+
+```bash
+claude                  # then type `/login`, complete the flow, and `/exit`
+claude-switch update    # re-sync the active profile from that live session
+```
+
+`update` with no argument targets whichever profile matches the current account,
+so you don't have to remember its name. Pass a name (`claude-switch update work`)
+to update a specific existing profile. (`save <name>` also overwrites — `update`
+is just the convenient "same account, refresh it" path.)
+
+## Safety
+
+- `save`, `list`, `whoami` are **read-only** — they never modify your live login.
+- `delete` removes only the saved *copy*; your live session is untouched.
+- `use` is the only command that writes the live token, and it **backs up** the
+  current one to `~/.claude-switch/backups/credentials.last.json` first.
+
+## Verification after switching
+
+After `use`, the tool:
+
+1. Checks the token's `expiresAt` locally (instant, offline). If expired, it tells
+   you to re-`/login` and re-`save`.
+2. Runs a quick live `claude -p` call to confirm the session actually works.
+   Skip it with `--no-check`:
+
+   ```bash
+   claude-switch use work --no-check
+   ```
+
+If a token is expired:
+
+```
+⚠ This session's token expired 2h ago.
+⚠ Run `/login` inside `claude` to refresh it, then `claude-switch save work` to update this profile.
+```
+
+## Notes
+
+- **Token refresh:** Claude Code rotates tokens periodically. If a profile's token
+  has aged out, run `claude` → `/login` on that account, then `claude-switch update`
+  (or `save <name>`) to refresh the snapshot.
+- **macOS Keychain:** writing the credential may prompt for Keychain access the
+  first time — that's expected.
+- Uninstall with `npm uninstall -g claude-switch`. Remove data with
+  `rm -rf ~/.claude-switch`.
+```

package/claude-switch.js

@@ -0,0 +1,618 @@
+#!/usr/bin/env node
+'use strict';
+
+/*
+ * claude-switch — switch between saved Claude Code accounts/sessions.
+ *
+ * Cross-platform (macOS / Linux / Windows). Zero dependencies.
+ *
+ * Where Claude Code keeps things:
+ *   - Session token : ~/.claude/.credentials.json   (macOS: login Keychain, service "Claude Code-credentials")
+ *   - Account info  : ~/.claude.json  ->  oauthAccount { emailAddress, accountUuid, organizationUuid, ... }
+ *
+ * A "profile" snapshots BOTH so an account swap is clean (token + identity stay in sync).
+ */
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const https = require('https');
+const { spawnSync } = require('child_process');
+
+// ---------------------------------------------------------------------------
+// Paths & constants
+// ---------------------------------------------------------------------------
+
+const HOME = os.homedir();
+const IS_MAC = process.platform === 'darwin';
+const IS_WIN = process.platform === 'win32';
+
+const CLAUDE_DIR = path.join(HOME, '.claude');
+const CREDS_FILE = path.join(CLAUDE_DIR, '.credentials.json');
+const CLAUDE_JSON = path.join(HOME, '.claude.json');
+
+const KEYCHAIN_SERVICE = 'Claude Code-credentials';
+const KEYCHAIN_ACCOUNT = (os.userInfo().username || 'claude');
+
+const STORE_DIR = path.join(HOME, '.claude-switch');
+const PROFILES_DIR = path.join(STORE_DIR, 'profiles');
+const BACKUP_DIR = path.join(STORE_DIR, 'backups');
+
+// ---------------------------------------------------------------------------
+// Tiny output helpers
+// ---------------------------------------------------------------------------
+
+const useColor = process.stdout.isTTY && !process.env.NO_COLOR;
+const c = (code, s) => (useColor ? `[${code}m${s}` : s);
+const bold = (s) => c('1', s);
+const green = (s) => c('32', s);
+const yellow = (s) => c('33', s);
+const red = (s) => c('31', s);
+const dim = (s) => c('2', s);
+const cyan = (s) => c('36', s);
+
+function die(msg) {
+  console.error(red('✖ ') + msg);
+  process.exit(1);
+}
+function info(msg) { console.log(msg); }
+
+/** Transient status line on a TTY; no-op when output is piped. Returns a clear fn. */
+function spinner(text) {
+  if (!process.stdout.isTTY) return () => {};
+  process.stdout.write(dim(text));
+  return () => process.stdout.write('\r' + ' '.repeat(text.length) + '\r');
+}
+function ok(msg) { console.log(green('✔ ') + msg); }
+function warn(msg) { console.log(yellow('⚠ ') + msg); }
+
+// ---------------------------------------------------------------------------
+// Profile-name validation (it becomes a directory name)
+// ---------------------------------------------------------------------------
+
+function validName(name) {
+  if (!name) return false;
+  return /^[A-Za-z0-9._@-]+$/.test(name) && name !== '.' && name !== '..';
+}
+
+// ---------------------------------------------------------------------------
+// Credential read/write (abstracts macOS Keychain vs. plain file)
+// ---------------------------------------------------------------------------
+
+/** Returns the raw credentials JSON string, or null if none present. */
+function readLiveCredentials() {
+  if (IS_MAC) {
+    const r = spawnSync('security', [
+      'find-generic-password', '-s', KEYCHAIN_SERVICE, '-a', KEYCHAIN_ACCOUNT, '-w',
+    ], { encoding: 'utf8' });
+    if (r.status === 0 && r.stdout) return r.stdout.replace(/\n$/, '');
+    // Fall through to file in case this machine uses a file even on macOS.
+  }
+  try {
+    return fs.readFileSync(CREDS_FILE, 'utf8');
+  } catch {
+    return null;
+  }
+}
+
+/** Writes the raw credentials JSON string back to wherever Claude Code reads it. */
+function writeLiveCredentials(raw) {
+  if (IS_MAC) {
+    // Update (or create) the keychain item. -U overwrites an existing item.
+    const r = spawnSync('security', [
+      'add-generic-password', '-U',
+      '-s', KEYCHAIN_SERVICE, '-a', KEYCHAIN_ACCOUNT,
+      '-w', raw,
+    ], { encoding: 'utf8' });
+    if (r.status !== 0) {
+      die('Failed to write to macOS Keychain: ' + (r.stderr || r.error || 'unknown error'));
+    }
+    return;
+  }
+  fs.mkdirSync(CLAUDE_DIR, { recursive: true });
+  fs.writeFileSync(CREDS_FILE, raw, { mode: 0o600 });
+  try { fs.chmodSync(CREDS_FILE, 0o600); } catch { /* best effort on Windows */ }
+}
+
+// ---------------------------------------------------------------------------
+// ~/.claude.json account block (read + patch in place, preserving everything)
+// ---------------------------------------------------------------------------
+
+function readClaudeJson() {
+  try {
+    return JSON.parse(fs.readFileSync(CLAUDE_JSON, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+/** Extract the identity bits we need to keep in sync with the token. */
+function extractAccount(claudeJson) {
+  if (!claudeJson) return null;
+  return {
+    oauthAccount: claudeJson.oauthAccount || null,
+    userID: claudeJson.userID || null,
+  };
+}
+
+/** Merge a saved account block back into ~/.claude.json without clobbering other state. */
+function patchClaudeJson(account) {
+  if (!account) return;
+  let data = readClaudeJson();
+  if (!data) {
+    // ~/.claude.json may legitimately not exist yet; create a minimal one.
+    data = {};
+  }
+  if (account.oauthAccount) data.oauthAccount = account.oauthAccount;
+  if (account.userID) data.userID = account.userID;
+  fs.mkdirSync(path.dirname(CLAUDE_JSON), { recursive: true });
+  fs.writeFileSync(CLAUDE_JSON, JSON.stringify(data, null, 2), { mode: 0o600 });
+  try { fs.chmodSync(CLAUDE_JSON, 0o600); } catch { /* best effort */ }
+}
+
+// ---------------------------------------------------------------------------
+// Credential parsing helpers
+// ---------------------------------------------------------------------------
+
+function parseOauth(rawCreds) {
+  try {
+    const j = JSON.parse(rawCreds);
+    return j.claudeAiOauth || j; // tolerate either shape
+  } catch {
+    return null;
+  }
+}
+
+function expiryInfo(oauth) {
+  const exp = oauth && oauth.expiresAt;
+  if (!exp) return { known: false };
+  const now = Date.now();
+  return {
+    known: true,
+    expired: exp <= now,
+    at: new Date(exp),
+    msLeft: exp - now,
+  };
+}
+
+function humanDuration(ms) {
+  const abs = Math.abs(ms);
+  const d = Math.floor(abs / 86400000);
+  const h = Math.floor((abs % 86400000) / 3600000);
+  const m = Math.floor((abs % 3600000) / 60000);
+  if (d > 0) return `${d}d ${h}h`;
+  if (h > 0) return `${h}h ${m}m`;
+  return `${m}m`;
+}
+
+// ---------------------------------------------------------------------------
+// Profile storage
+// ---------------------------------------------------------------------------
+
+function profilePath(name) { return path.join(PROFILES_DIR, name); }
+
+function listProfiles() {
+  try {
+    return fs.readdirSync(PROFILES_DIR, { withFileTypes: true })
+      .filter((e) => e.isDirectory())
+      .map((e) => e.name)
+      .sort();
+  } catch {
+    return [];
+  }
+}
+
+function readProfile(name) {
+  const dir = profilePath(name);
+  const out = { name, dir };
+  try { out.credentials = fs.readFileSync(path.join(dir, 'credentials.json'), 'utf8'); } catch { out.credentials = null; }
+  try { out.account = JSON.parse(fs.readFileSync(path.join(dir, 'account.json'), 'utf8')); } catch { out.account = null; }
+  try { out.meta = JSON.parse(fs.readFileSync(path.join(dir, 'meta.json'), 'utf8')); } catch { out.meta = {}; }
+  return out;
+}
+
+/** The account currently live on this machine (uuid + email), from ~/.claude.json. */
+function liveAccountIdentity() {
+  const cj = readClaudeJson();
+  const oa = cj && cj.oauthAccount;
+  return {
+    uuid: oa && oa.accountUuid,
+    email: oa && oa.emailAddress,
+  };
+}
+
+/** Which saved profile (if any) matches the live account? Matched by stable accountUuid. */
+function activeProfileName() {
+  const live = liveAccountIdentity();
+  if (!live.uuid) return null;
+  for (const name of listProfiles()) {
+    const p = readProfile(name);
+    const uuid = p.account && p.account.oauthAccount && p.account.oauthAccount.accountUuid;
+    if (uuid && uuid === live.uuid) return name;
+  }
+  return null;
+}
+
+// ---------------------------------------------------------------------------
+// Live usage / rate-limit windows
+//
+// Usage left is NOT stored on disk — it's server-side, returned as
+// `anthropic-ratelimit-unified-*` response headers. We make a single tiny
+// request (Haiku, max_tokens:1 — negligible quota) and read those headers.
+// ---------------------------------------------------------------------------
+
+function fetchLiveUsage(accessToken) {
+  return new Promise((resolve) => {
+    if (!accessToken) { resolve({ ok: false, reason: 'nocreds' }); return; }
+    const body = JSON.stringify({
+      model: 'claude-haiku-4-5-20251001',
+      max_tokens: 1,
+      messages: [{ role: 'user', content: 'hi' }],
+    });
+    const req = https.request({
+      hostname: 'api.anthropic.com',
+      path: '/v1/messages',
+      method: 'POST',
+      timeout: 15000,
+      headers: {
+        'authorization': 'Bearer ' + accessToken,
+        'anthropic-version': '2023-06-01',
+        'anthropic-beta': 'oauth-2025-04-20',
+        'content-type': 'application/json',
+        'content-length': Buffer.byteLength(body),
+      },
+    }, (res) => {
+      res.resume(); // drain body; we only want headers
+      if (res.statusCode === 401 || res.statusCode === 403) { resolve({ ok: false, reason: 'auth' }); return; }
+      const parsed = parseUsageHeaders(res.headers);
+      if (!parsed) { resolve({ ok: false, reason: 'noheaders', httpStatus: res.statusCode }); return; }
+      resolve({ ok: true, ...parsed });
+    });
+    req.on('timeout', () => { req.destroy(); resolve({ ok: false, reason: 'timeout' }); });
+    req.on('error', (e) => resolve({ ok: false, reason: 'network', error: e.message }));
+    req.write(body);
+    req.end();
+  });
+}
+
+function parseUsageHeaders(h) {
+  const win = (prefix, label) => {
+    const u = h['anthropic-ratelimit-unified-' + prefix + '-utilization'];
+    if (u === undefined) return null;
+    const r = h['anthropic-ratelimit-unified-' + prefix + '-reset'];
+    const used = parseFloat(u);
+    return {
+      label,
+      usedPct: Math.round(used * 100),
+      leftPct: Math.max(0, Math.round((1 - used) * 100)),
+      resetAt: r ? new Date(parseInt(r, 10) * 1000) : null,
+    };
+  };
+  const windows = [win('5h', '5-hour'), win('7d', 'weekly')].filter(Boolean);
+  if (!windows.length) return null;
+  return { overall: h['anthropic-ratelimit-unified-status'] || null, windows };
+}
+
+function usageColor(leftPct) {
+  return leftPct <= 10 ? red : leftPct <= 30 ? yellow : green;
+}
+
+/** One-line summary per window, e.g. "43% left (5-hour, resets in 2h 10m)". */
+function renderUsageInline(u) {
+  if (!u.ok) {
+    if (u.reason === 'auth') return yellow('session invalid/expired — run ') + cyan('claude') + cyan(' → /login');
+    if (u.reason === 'timeout') return dim('usage check timed out');
+    if (u.reason === 'network') return dim('offline');
+    if (u.reason === 'nocreds') return dim('no token');
+    return dim('usage unavailable');
+  }
+  return u.windows.map((w) => {
+    const resets = w.resetAt ? `, resets in ${humanDuration(w.resetAt.getTime() - Date.now())}` : '';
+    return usageColor(w.leftPct)(`${w.leftPct}% left`) + dim(` (${w.label}${resets})`);
+  }).join('  ·  ');
+}
+
+// ---------------------------------------------------------------------------
+// Commands
+// ---------------------------------------------------------------------------
+
+/** Write the live session (token + account identity) into profile <name>. */
+function persistProfile(name) {
+  const raw = readLiveCredentials();
+  if (!raw) {
+    die(`No active Claude Code session found.\n  Looked in ${IS_MAC ? 'Keychain "' + KEYCHAIN_SERVICE + '"' : CREDS_FILE}.\n  Run ${cyan('claude') + ' → ' + cyan('/login')} first.`);
+  }
+  const oauth = parseOauth(raw);
+  const account = extractAccount(readClaudeJson());
+  const email = account && account.oauthAccount && account.oauthAccount.emailAddress;
+
+  const dir = profilePath(name);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(path.join(dir, 'credentials.json'), raw, { mode: 0o600 });
+  fs.writeFileSync(path.join(dir, 'account.json'), JSON.stringify(account, null, 2), { mode: 0o600 });
+
+  const meta = {
+    name,
+    email: email || null,
+    subscriptionType: oauth && oauth.subscriptionType || null,
+    expiresAt: oauth && oauth.expiresAt || null,
+    savedAt: Date.now(),
+    platform: process.platform,
+  };
+  fs.writeFileSync(path.join(dir, 'meta.json'), JSON.stringify(meta, null, 2), { mode: 0o600 });
+
+  return { email, exp: expiryInfo(oauth) };
+}
+
+function cmdSave(name) {
+  if (!validName(name)) die(`Invalid profile name. Use letters, digits, and . _ @ -`);
+  if (fs.existsSync(profilePath(name))) warn(`Overwriting existing profile "${name}".`);
+
+  const { email, exp } = persistProfile(name);
+  ok(`Saved profile ${bold(name)}${email ? dim(' (' + email + ')') : ''}.`);
+  if (exp.known && exp.expired) {
+    warn(`Heads up: this token is already expired. Run ${cyan('claude') + ' → ' + cyan('/login')} and re-save.`);
+  }
+}
+
+/**
+ * Re-sync a profile from the current live session — use after re-authenticating (`claude` → `/login`)
+ * refreshes the token. With no argument, updates whichever profile is active.
+ */
+function cmdUpdate(name) {
+  if (name) {
+    if (!validName(name)) die(`Invalid profile name.`);
+    if (!fs.existsSync(profilePath(name))) {
+      die(`Profile "${name}" not found. Create it with ${cyan('claude-switch save ' + name)}.`);
+    }
+  } else {
+    name = activeProfileName();
+    if (!name) {
+      const live = liveAccountIdentity();
+      die(`No saved profile matches the current account${live.email ? ' (' + live.email + ')' : ''}.\n  Save it first with ${cyan('claude-switch save <name>')}.`);
+    }
+  }
+
+  const { email, exp } = persistProfile(name);
+  ok(`Updated profile ${bold(name)}${email ? dim(' (' + email + ')') : ''} from the live session.`);
+  if (exp.known) {
+    if (exp.expired) warn(`The live token is expired. Run ${cyan('claude') + ' → ' + cyan('/login')} first, then update again.`);
+    else info(dim(`  Token now valid for ~${humanDuration(exp.msLeft)}.`));
+  }
+}
+
+function cmdUse(name, opts) {
+  if (!validName(name)) die(`Invalid profile name.`);
+  const p = readProfile(name);
+  if (!p.credentials) {
+    const have = listProfiles();
+    die(`Profile "${name}" not found.` + (have.length ? `\n  Available: ${have.join(', ')}` : `\n  No profiles saved yet — use ${cyan('claude-switch save <name>')}.`));
+  }
+
+  // Back up whatever is currently live, so a bad switch is recoverable.
+  const current = readLiveCredentials();
+  if (current) {
+    fs.mkdirSync(BACKUP_DIR, { recursive: true });
+    fs.writeFileSync(path.join(BACKUP_DIR, 'credentials.last.json'), current, { mode: 0o600 });
+  }
+
+  // Swap in the token + the matching account identity.
+  writeLiveCredentials(p.credentials);
+  patchClaudeJson(p.account);
+
+  const email = p.meta && p.meta.email;
+  ok(`Switched to ${bold(name)}${email ? dim(' (' + email + ')') : ''}.`);
+
+  // --- Verify the session ---------------------------------------------------
+  const oauth = parseOauth(p.credentials);
+  const exp = expiryInfo(oauth);
+  if (exp.known) {
+    if (exp.expired) {
+      warn(`This session's token expired ${humanDuration(exp.msLeft)} ago (${exp.at.toLocaleString()}).`);
+      warn(`Run ${cyan('claude') + ' → ' + cyan('/login')} to refresh it, then ${cyan('claude-switch save ' + name)} to update this profile.`);
+      return;
+    }
+    info(dim(`  Token valid for ~${humanDuration(exp.msLeft)} (until ${exp.at.toLocaleString()}).`));
+  }
+
+  if (opts.noCheck) return;
+  liveCheck(name);
+}
+
+/** Quick live check: ask Claude Code to confirm the session works end-to-end. */
+function liveCheck(name) {
+  const claude = findClaude();
+  if (!claude) {
+    info(dim('  Skipping live check: `claude` not found on PATH.'));
+    return;
+  }
+  process.stdout.write(dim('  Verifying session with a quick `claude` call... '));
+  const r = spawnSync(claude, ['-p', 'Reply with exactly: OK'], {
+    encoding: 'utf8',
+    timeout: 45000,
+    shell: IS_WIN, // Windows resolves claude.cmd via the shell
+  });
+
+  const out = ((r.stdout || '') + (r.stderr || '')).toLowerCase();
+  const authProblem = /401|403|unauthor|expired|invalid.*token|authentication|please run .*login|not logged in/.test(out);
+
+  if (r.error && r.error.code === 'ETIMEDOUT') {
+    process.stdout.write('\n');
+    warn('Live check timed out (network slow?). Token looks valid locally; try `claude` manually.');
+    return;
+  }
+  if (r.status === 0 && !authProblem) {
+    process.stdout.write(green('OK\n'));
+    return;
+  }
+  process.stdout.write(red('failed\n'));
+  if (authProblem) {
+    warn(`Session appears invalid/expired. Run ${cyan('claude') + ' → ' + cyan('/login')}, then ${cyan('claude-switch save ' + name)} to refresh this profile.`);
+  } else {
+    warn(`Could not confirm the session (exit ${r.status}). Run ${cyan('claude')} manually to check.`);
+    if (r.stderr) info(dim('  ' + r.stderr.trim().split('\n')[0]));
+  }
+}
+
+function findClaude() {
+  const probe = IS_WIN
+    ? spawnSync('where', ['claude'], { encoding: 'utf8', shell: true })
+    : spawnSync('command', ['-v', 'claude'], { encoding: 'utf8', shell: '/bin/sh' });
+  if (probe.status === 0 && probe.stdout.trim()) {
+    return probe.stdout.trim().split(/\r?\n/)[0];
+  }
+  return null;
+}
+
+async function cmdList(opts) {
+  const profiles = listProfiles();
+  const active = activeProfileName();
+  const live = liveAccountIdentity();
+
+  if (!profiles.length) {
+    info(`No profiles saved yet.`);
+    if (live.email) info(dim(`Current live session: ${live.email} — save it with `) + cyan('claude-switch save <name>'));
+    return;
+  }
+
+  // Live usage applies to the active session only (its token is the current one).
+  let liveUsage = null;
+  if (opts && opts.usage && active) {
+    const done = spinner('Fetching live usage for the active session...');
+    liveUsage = await fetchLiveUsage((parseOauth(readLiveCredentials() || '{}') || {}).accessToken);
+    done();
+  }
+
+  info(bold('Saved Claude Code profiles:\n'));
+  for (const name of profiles) {
+    const p = readProfile(name);
+    const isActive = name === active;
+    const marker = isActive ? green('● ') : '  ';
+    const oauth = parseOauth(p.credentials || '{}');
+    const exp = expiryInfo(oauth);
+
+    let status;
+    if (!exp.known) status = dim('expiry unknown');
+    else if (exp.expired) status = red(`expired ${humanDuration(exp.msLeft)} ago`);
+    else status = green(`valid ${humanDuration(exp.msLeft)} left`);
+
+    const email = (p.meta && p.meta.email) || (p.account && p.account.oauthAccount && p.account.oauthAccount.emailAddress) || dim('unknown account');
+    const sub = p.meta && p.meta.subscriptionType ? dim(` [${p.meta.subscriptionType}]`) : '';
+    const tag = isActive ? green(' (active)') : '';
+
+    info(`${marker}${bold(name)}${tag}`);
+    info(`    ${email}${sub}  ${dim('token:')} ${status}`);
+    if (isActive && liveUsage) {
+      info(`    ${dim('usage:')} ${renderUsageInline(liveUsage)}`);
+    }
+  }
+  if (!active && live.email) {
+    info('\n' + dim(`Live session (${live.email}) doesn't match any saved profile — save it with `) + cyan('claude-switch save <name>'));
+  }
+  if (!(opts && opts.usage)) {
+    info('\n' + dim('Tip: ') + cyan('claude-switch list --usage') + dim(' shows live quota (1 tiny API call).'));
+  }
+}
+
+async function cmdUsage() {
+  const raw = readLiveCredentials();
+  if (!raw) die(`No active session. Run ${cyan('claude') + ' → ' + cyan('/login')}.`);
+  const oauth = parseOauth(raw) || {};
+  const live = liveAccountIdentity();
+  const exp = expiryInfo(oauth);
+
+  info(`${bold('Current session:')} ${live.email || dim('unknown')}`);
+  if (exp.known) {
+    info(`${bold('Token:')}           ${exp.expired ? red('expired') : green('valid, ' + humanDuration(exp.msLeft) + ' left')}`);
+  }
+
+  const done = spinner('Fetching live usage...');
+  const u = await fetchLiveUsage(oauth.accessToken);
+  done();
+
+  if (!u.ok) {
+    if (u.reason === 'auth') { warn(`Session invalid/expired. Run ${cyan('claude') + ' → ' + cyan('/login')} and re-save.`); return; }
+    warn(`Couldn't fetch usage (${u.reason}${u.error ? ': ' + u.error : ''}).`);
+    return;
+  }
+  info(bold('Usage limits:'));
+  for (const w of u.windows) {
+    const col = usageColor(w.leftPct);
+    const resets = w.resetAt
+      ? dim(`resets in ${humanDuration(w.resetAt.getTime() - Date.now())} (${w.resetAt.toLocaleString()})`)
+      : '';
+    info(`  ${w.label.padEnd(7)} ${col((w.leftPct + '% left').padEnd(9))} ${dim('(' + w.usedPct + '% used)')}  ${resets}`);
+  }
+}
+
+function cmdDelete(name) {
+  if (!validName(name)) die(`Invalid profile name.`);
+  const dir = profilePath(name);
+  if (!fs.existsSync(dir)) die(`Profile "${name}" not found.`);
+  fs.rmSync(dir, { recursive: true, force: true });
+  ok(`Deleted profile ${bold(name)}.`);
+  info(dim('  (Your live session is unchanged.)'));
+}
+
+function cmdWhoami() {
+  const live = liveAccountIdentity();
+  const raw = readLiveCredentials();
+  const exp = expiryInfo(parseOauth(raw || '{}'));
+  if (!raw) { info('No active Claude Code session.'); return; }
+  const active = activeProfileName();
+  info(`${bold('Account:')} ${live.email || dim('unknown')}`);
+  if (active) info(`${bold('Profile:')} ${green(active)}`);
+  else info(`${bold('Profile:')} ${dim('not saved')}`);
+  if (exp.known) info(`${bold('Token:  ')} ${exp.expired ? red('expired') : green('valid, ' + humanDuration(exp.msLeft) + ' left')}`);
+}
+
+// ---------------------------------------------------------------------------
+// CLI
+// ---------------------------------------------------------------------------
+
+function usage() {
+  console.log(`${bold('claude-switch')} — switch between saved Claude Code accounts
+
+${bold('Usage:')}
+  claude-switch save <profile>     Save the current session as <profile>
+  claude-switch update [profile]   Re-sync a profile from the live session  ${dim('(default: active profile)')}
+  claude-switch use <profile>      Switch to a saved profile  ${dim('(--no-check to skip live verify)')}
+  claude-switch list               List profiles and show which is active  ${dim('(--usage for live quota)')}
+  claude-switch usage              Show live usage limits for the current session
+  claude-switch delete <profile>   Delete a saved profile
+  claude-switch whoami             Show the current account/profile
+  claude-switch help               Show this help
+
+${dim('Profiles are stored in')} ${STORE_DIR}
+`);
+}
+
+async function main() {
+  const argv = process.argv.slice(2);
+  const cmd = argv[0];
+  const rest = argv.slice(1);
+  const flags = new Set(rest.filter((a) => a.startsWith('--')));
+  const args = rest.filter((a) => !a.startsWith('--'));
+  const opts = { noCheck: flags.has('--no-check'), usage: flags.has('--usage') };
+
+  switch (cmd) {
+    case 'save':   return cmdSave(args[0]);
+    case 'update':
+    case 'refresh': return cmdUpdate(args[0]);
+    case 'use':    return cmdUse(args[0], opts);
+    case 'list':
+    case 'ls':     return cmdList(opts);
+    case 'usage':  return cmdUsage();
+    case 'delete':
+    case 'rm':     return cmdDelete(args[0]);
+    case 'whoami': return cmdWhoami();
+    case 'help':
+    case '--help':
+    case '-h':
+    case undefined: return usage();
+    default:
+      die(`Unknown command "${cmd}". Run ${cyan('claude-switch help')}.`);
+  }
+}
+
+main().catch((e) => die(e && e.message ? e.message : String(e)));

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "claude-profile-switch",
+  "version": "1.0.0",
+  "description": "Switch between multiple saved Claude Code accounts/sessions, with live usage limits. Installs the `claude-switch` command (macOS, Linux, Windows).",
+  "bin": {
+    "claude-switch": "claude-switch.js"
+  },
+  "files": [
+    "claude-switch.js",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=16"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "account",
+    "profile",
+    "switcher",
+    "session",
+    "cli",
+    "anthropic"
+  ],
+  "author": "Ashutosh Adhao <adhaoashutosh@gmail.com>",
+  "license": "MIT"
+}