codex-slot 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 bk
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,148 @@
+# codex-slot
+
+`codex-slot` is a local multi-account / multi-workspace switcher for Codex.
+
+[中文文档](./docs/zh-CN.md)
+
+## Features
+
+- Reuse the official `~/.codex` login state
+- Manage multiple accounts or workspaces as separate slots
+- Refresh and cache the latest usage from the official usage endpoint
+- Expose a local provider endpoint for Codex
+- Apply local block rules for temporary, 5-hour, and weekly limits
+- Automatically switch `~/.codex/config.toml` to the `cslot` provider while the local proxy is running (and restore it on stop)
+
+## Installation
+
+```bash
+npm i -g codex-slot
+```
+
+Verify:
+
+```bash
+codex-slot --help
+```
+
+This repository is the source repository.
+GitHub installation from the repository URL is not supported.
+
+## Quick Start
+
+Import your current Codex login state:
+
+```bash
+codex-slot import current ~
+```
+
+`import` copies the official login state into `~/.cslot/homes/<name>` instead of referencing the source HOME directly.
+
+Check latest usage:
+
+```bash
+codex-slot status
+```
+
+By default, `status` will:
+
+- Refresh usage for all managed accounts
+- Render a compact table with:
+  - Remaining 5-hour / weekly quotas
+  - Reset times
+  - A status column with local block reasons and countdowns (for example: `5h_limited(2h27m)`)
+- Enter an interactive mode where you can toggle `enabled` for accounts:
+  - Up/Down: move selection
+  - Space: toggle `[x]` enabled / `[ ]` disabled and save immediately
+  - Enter / `q`: exit the interactive mode
+
+If you only want a non-interactive snapshot of the current state:
+
+```bash
+codex-slot status --no-interactive
+```
+
+Start the local proxy:
+
+```bash
+codex-slot start
+codex-slot start --port 4399
+```
+
+`start` will automatically write the required provider config into `~/.codex/config.toml`:
+
+```bash
+codex-slot start
+```
+
+## Commands
+
+```bash
+codex-slot add <name>
+codex-slot del <name>
+codex-slot import <name> [HOME]
+codex-slot status
+codex-slot start [--port <port>]
+codex-slot stop
+```
+
+## How `status` Works
+
+`codex-slot status` does not render stale data from the official `registry.json` cache.
+
+Instead it:
+
+1. Reads `access_token`, `refresh_token`, and `account_id` from the official Codex login state
+2. Requests `https://chatgpt.com/backend-api/wham/usage`
+3. Stores the latest result in `~/.cslot/state.json`
+4. Renders the latest local cache
+
+## Managed Codex Config
+
+`codex-slot start` writes or updates a provider block like this, based on the current `~/.cslot/config.yaml`:
+
+```toml
+[model_providers.cslot]
+name = "cslot"
+base_url = "http://127.0.0.1:4389/v1"
+http_headers = { Authorization = "Bearer cslot-defaultkey" }
+wire_api = "responses"
+```
+
+Behavior:
+
+- If global `model_provider` or `# model_provider = ...` exists, it is normalized to `model_provider = "cslot"`
+- If `[model_providers.cslot]` already exists, only that provider block is replaced with the fresh one above
+- Other providers and settings in `config.toml` are left untouched
+- If you start with `--port`, the port is saved to `~/.cslot/config.yaml`
+- `cslot stop` comments out the active `model_provider = "cslot"` line and keeps the rest of the file unchanged
+
+## Data Directory
+
+`codex-slot` uses:
+
+- `~/.cslot/config.yaml`
+- `~/.cslot/state.json`
+- `~/.cslot/cslot.pid`
+- `~/.cslot/logs/service.log`
+
+If you previously used `~/.codexsw`, it is migrated automatically.
+
+## Limit Handling
+
+- Weekly limit: blocked until the weekly reset time
+- 5-hour limit: blocked until the 5-hour reset time
+- Temporary limit: blocked for 5 minutes
+
+## Repository
+
+- GitHub: https://github.com/openxiaobu/cslot
+- Issues: https://github.com/openxiaobu/cslot/issues
+
+## Development
+
+```bash
+npm install
+npm run build
+npm run check
+```

package/dist/account-store.js

@@ -0,0 +1,207 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCodexDataDir = getCodexDataDir;
+exports.readRegistry = readRegistry;
+exports.readAuthFile = readAuthFile;
+exports.cloneCodexAuthState = cloneCodexAuthState;
+exports.hasCompleteCodexAuthState = hasCompleteCodexAuthState;
+exports.writeAuthFile = writeAuthFile;
+exports.resolvePrimaryRegistryAccount = resolvePrimaryRegistryAccount;
+exports.registerManagedAccount = registerManagedAccount;
+exports.removeManagedAccount = removeManagedAccount;
+exports.findManagedAccount = findManagedAccount;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const config_1 = require("./config");
+/**
+ * 读取指定账号 HOME 下的 `.codex` 目录。
+ *
+ * @param codexHome 账号独立 HOME 目录。
+ * @returns `.codex` 目录绝对路径。
+ */
+function getCodexDataDir(codexHome) {
+    return node_path_1.default.join((0, config_1.expandHome)(codexHome), ".codex");
+}
+/**
+ * 读取某账号对应的 `registry.json`。
+ *
+ * @param codexHome 账号独立 HOME 目录。
+ * @returns 解析后的 registry；不存在时返回 `null`。
+ */
+function readRegistry(codexHome) {
+    const registryPath = node_path_1.default.join(getCodexDataDir(codexHome), "accounts", "registry.json");
+    if (!node_fs_1.default.existsSync(registryPath)) {
+        return null;
+    }
+    return JSON.parse(node_fs_1.default.readFileSync(registryPath, "utf8"));
+}
+/**
+ * 读取账号目录下当前激活凭据文件。
+ *
+ * @param codexHome 账号独立 HOME 目录。
+ * @returns 解析后的 auth.json；不存在时返回 `null`。
+ */
+function readAuthFile(codexHome) {
+    const authPath = node_path_1.default.join(getCodexDataDir(codexHome), "auth.json");
+    if (!node_fs_1.default.existsSync(authPath)) {
+        return null;
+    }
+    return JSON.parse(node_fs_1.default.readFileSync(authPath, "utf8"));
+}
+/**
+ * 从 `id_token` 中解析邮箱。
+ *
+ * @param auth 认证文件对象。
+ * @returns 邮箱地址；缺失或解析失败时返回 `undefined`。
+ */
+function resolveEmailFromAuth(auth) {
+    const idToken = auth?.tokens?.id_token;
+    if (!idToken) {
+        return undefined;
+    }
+    try {
+        const payload = JSON.parse(Buffer.from(idToken.split(".")[1] ?? "", "base64url").toString("utf8"));
+        return payload.email;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * 将来源 HOME 下的官方 `.codex` 登录态复制到目标 HOME。
+ *
+ * 只复制认证和账号元数据所需文件，不复制历史日志、缓存等无关内容。
+ *
+ * @param sourceHome 来源 HOME 目录。
+ * @param targetHome 目标 HOME 目录。
+ * @returns 无返回值。
+ * @throws 当来源目录缺少关键认证文件时抛出错误。
+ */
+function cloneCodexAuthState(sourceHome, targetHome) {
+    const sourceCodexDir = getCodexDataDir(sourceHome);
+    const targetCodexDir = getCodexDataDir(targetHome);
+    const sourceAuthPath = node_path_1.default.join(sourceCodexDir, "auth.json");
+    const sourceAccountsDir = node_path_1.default.join(sourceCodexDir, "accounts");
+    const sourceRegistryPath = node_path_1.default.join(sourceAccountsDir, "registry.json");
+    if (!node_fs_1.default.existsSync(sourceAuthPath)) {
+        throw new Error(`来源目录缺少 auth.json: ${sourceAuthPath}`);
+    }
+    if (!node_fs_1.default.existsSync(sourceRegistryPath)) {
+        throw new Error(`来源目录缺少 registry.json: ${sourceRegistryPath}`);
+    }
+    node_fs_1.default.mkdirSync(targetCodexDir, { recursive: true });
+    node_fs_1.default.mkdirSync(node_path_1.default.join(targetCodexDir, "accounts"), { recursive: true });
+    node_fs_1.default.copyFileSync(sourceAuthPath, node_path_1.default.join(targetCodexDir, "auth.json"));
+    node_fs_1.default.copyFileSync(sourceRegistryPath, node_path_1.default.join(targetCodexDir, "accounts", "registry.json"));
+    for (const entry of node_fs_1.default.readdirSync(sourceAccountsDir, { withFileTypes: true })) {
+        if (!entry.isFile()) {
+            continue;
+        }
+        if (!entry.name.endsWith(".auth.json")) {
+            continue;
+        }
+        node_fs_1.default.copyFileSync(node_path_1.default.join(sourceAccountsDir, entry.name), node_path_1.default.join(targetCodexDir, "accounts", entry.name));
+    }
+}
+/**
+ * 检查某个 HOME 下的官方登录态是否完整。
+ *
+ * 完整标准：
+ * 1. 存在 `.codex/auth.json`
+ * 2. `auth.json` 中存在 `access_token`
+ * 3. `auth.json` 中存在 `refresh_token`
+ * 4. `auth.json` 中存在 `account_id`
+ *
+ * @param codexHome 待检查的 HOME 目录。
+ * @returns 为 `true` 表示登录态完整，可用于调度；否则为 `false`。
+ */
+function hasCompleteCodexAuthState(codexHome) {
+    const auth = readAuthFile(codexHome);
+    return Boolean(auth?.tokens?.access_token &&
+        auth?.tokens?.refresh_token &&
+        auth?.tokens?.account_id);
+}
+/**
+ * 将最新认证信息回写到指定账号的 `auth.json`。
+ *
+ * @param codexHome 账号独立 HOME 目录。
+ * @param auth 最新认证信息。
+ * @returns 无返回值。
+ */
+function writeAuthFile(codexHome, auth) {
+    const authPath = node_path_1.default.join(getCodexDataDir(codexHome), "auth.json");
+    node_fs_1.default.mkdirSync(node_path_1.default.dirname(authPath), { recursive: true });
+    node_fs_1.default.writeFileSync(authPath, `${JSON.stringify(auth, null, 2)}\n`, "utf8");
+}
+/**
+ * 根据当前账号目录中的 registry 推断主账号信息。
+ *
+ * @param codexHome 账号独立 HOME 目录。
+ * @returns 当前活跃账号元数据；无可用账号时返回 `null`。
+ */
+function resolvePrimaryRegistryAccount(codexHome) {
+    const registry = readRegistry(codexHome);
+    if (!registry || registry.accounts.length === 0) {
+        return null;
+    }
+    if (registry.active_email) {
+        const active = registry.accounts.find((item) => item.email === registry.active_email);
+        if (active) {
+            return active;
+        }
+    }
+    return registry.accounts[0] ?? null;
+}
+/**
+ * 将账号注册到 cslot 配置中，并为其准备独立 HOME 目录。
+ *
+ * @param accountId 本地账号标识。
+ * @param codexHome 可选的自定义 HOME 目录；未提供时使用默认路径。
+ * @returns 写入后的账号配置。
+ */
+function registerManagedAccount(accountId, codexHome) {
+    const home = codexHome ? (0, config_1.expandHome)(codexHome) : (0, config_1.getManagedHome)(accountId);
+    // 预先创建账号隔离目录，方便后续直接执行 codex login。
+    node_fs_1.default.mkdirSync(home, { recursive: true });
+    const primary = resolvePrimaryRegistryAccount(home);
+    const auth = readAuthFile(home);
+    const account = {
+        id: accountId,
+        name: accountId,
+        codex_home: home,
+        email: primary?.email ?? resolveEmailFromAuth(auth),
+        enabled: true,
+        imported_at: new Date().toISOString()
+    };
+    (0, config_1.upsertAccount)(account);
+    return account;
+}
+/**
+ * 从配置中删除指定账号；默认仅删除配置项，不主动删除本地 HOME 目录。
+ *
+ * @param accountId 本地账号标识。
+ * @returns 被删除的账号配置；未命中时返回 `null`。
+ */
+function removeManagedAccount(accountId) {
+    const config = (0, config_1.loadConfig)();
+    const index = config.accounts.findIndex((item) => item.id === accountId);
+    if (index < 0) {
+        return null;
+    }
+    const [removed] = config.accounts.splice(index, 1);
+    (0, config_1.saveConfig)(config);
+    return removed ?? null;
+}
+/**
+ * 根据账号标识读取配置中的账号项。
+ *
+ * @param accountId 本地账号标识。
+ * @returns 命中的账号配置；未命中时返回 `null`。
+ */
+function findManagedAccount(accountId) {
+    const config = (0, config_1.loadConfig)();
+    return config.accounts.find((item) => item.id === accountId) ?? null;
+}