codexuse-cli 2.4.17 → 2.4.19

package/dist/index.js

@@ -566,6 +566,10 @@ async function persistLicense(license) {
     }
   });
 }
+async function getStoredAutoRollSettings() {
+  const state = await getAppState();
+  return normalizeAutoRollSettings(state.autoRoll);
+}
 async function getCodexCliChannel() {
   const state = await getAppState();
   return normalizeCodexCliChannel(state.app.cliChannel);
@@ -1410,16 +1414,35 @@ var ProfileManager = class {
     if ("tokens" in data) {
       return data;
     }
-    return {
+    const lastRefresh = typeof data.last_refresh === "string" ? data.last_refresh.trim() : "";
+    let normalizedLastRefresh = lastRefresh.length > 0 ? lastRefresh : void 0;
+    if (!normalizedLastRefresh) {
+      const accessPayload = this.decodeJwtPayload(data.access_token);
+      const tokenIssuedAt = typeof accessPayload?.iat === "number" ? this.toIsoStringFromSeconds(accessPayload.iat) : void 0;
+      if (tokenIssuedAt) {
+        normalizedLastRefresh = tokenIssuedAt;
+      }
+    }
+    if (!normalizedLastRefresh) {
+      const createdAt = typeof data.created_at === "string" ? data.created_at.trim() : "";
+      if (createdAt) {
+        normalizedLastRefresh = createdAt;
+      }
+    }
+    const codexAuth = {
       OPENAI_API_KEY: null,
       tokens: {
         id_token: data.id_token,
         access_token: data.access_token,
         refresh_token: data.refresh_token,
-        account_id: data.account_id
-      },
-      last_refresh: (/* @__PURE__ */ new Date()).toISOString()
+        account_id: data.account_id,
+        ...normalizedLastRefresh ? { last_refresh: normalizedLastRefresh } : {}
+      }
     };
+    if (normalizedLastRefresh) {
+      codexAuth.last_refresh = normalizedLastRefresh;
+    }
+    return codexAuth;
   }
   /**
    * Normalize Codex auth data to flat profile format
@@ -1435,6 +1458,12 @@ var ProfileManager = class {
       refresh_token: tokens.refresh_token,
       account_id: tokens.account_id
     };
+    const tokenLastRefresh = typeof tokens.last_refresh === "string" ? tokens.last_refresh.trim() : "";
+    const rootLastRefresh = typeof data.last_refresh === "string" ? data.last_refresh.trim() : "";
+    const normalizedLastRefresh = tokenLastRefresh || rootLastRefresh;
+    if (normalizedLastRefresh) {
+      profile.last_refresh = normalizedLastRefresh;
+    }
     if (data.email) {
       profile.email = data.email;
     }
@@ -1470,7 +1499,14 @@ var ProfileManager = class {
     return { profile: merged, metadata };
   }
   hasTokenChanges(existing, incoming) {
-    const tokenKeys = ["id_token", "access_token", "refresh_token", "account_id", "workspace_id"];
+    const tokenKeys = [
+      "id_token",
+      "access_token",
+      "refresh_token",
+      "last_refresh",
+      "account_id",
+      "workspace_id"
+    ];
     return tokenKeys.some((key) => {
       const nextValue = incoming[key];
       if (typeof nextValue !== "string" || nextValue.length === 0) {
@@ -1479,12 +1515,12 @@ var ProfileManager = class {
       return nextValue !== existing[key];
     });
   }
-  async flagRefreshTokenRedeemed(name, reason, options) {
+  async flagAuthIssue(name, issue, reason, options) {
     await this.initialize();
     const profileName = this.normalizeProfileName(name);
     const record = await this.getProfileRowByName(profileName);
     if (!record) {
-      logWarn(`Cannot flag refresh token issue for missing profile '${profileName}'.`);
+      logWarn(`Cannot flag auth issue '${issue}' for missing profile '${profileName}'.`);
       return;
     }
     const observedAt = options?.observedAt ? Date.parse(options.observedAt) : null;
@@ -1495,9 +1531,9 @@ var ProfileManager = class {
     const data = record.data;
     const trimmedReason = typeof reason === "string" && reason.trim().length > 0 ? reason.trim() : void 0;
     const normalized = trimmedReason?.toLowerCase() ?? "";
-    const storedReason = normalized.includes(REFRESH_TOKEN_REDEEMED_SNIPPET) ? REFRESH_TOKEN_REDEEMED_REASON : trimmedReason ?? REFRESH_TOKEN_REDEEMED_REASON;
+    const storedReason = issue === "refresh-redeemed" ? normalized.includes(REFRESH_TOKEN_REDEEMED_SNIPPET) ? REFRESH_TOKEN_REDEEMED_REASON : trimmedReason ?? REFRESH_TOKEN_REDEEMED_REASON : trimmedReason;
     const alert = {
-      issue: "refresh-redeemed",
+      issue,
       reason: storedReason,
       recordedAt: (/* @__PURE__ */ new Date()).toISOString()
     };
@@ -1509,6 +1545,9 @@ var ProfileManager = class {
       logError(`Failed to persist token alert for profile '${profileName}':`, error);
     }
   }
+  async flagRefreshTokenRedeemed(name, reason, options) {
+    await this.flagAuthIssue(name, "refresh-redeemed", reason, options);
+  }
   async syncProfileTokensFromActiveAuth(profileName, baselineProfile, authPath) {
     const targetPath = authPath ?? this.activeAuth;
     try {
@@ -1791,7 +1830,12 @@ var ProfileManager = class {
       if (!record) {
         throw new Error(`Profile '${profileName}' not found!`);
       }
-      const profileData = record.data;
+      let profileData = record.data;
+      await this.syncProfileTokensFromActiveAuth(profileName, profileData);
+      const updatedRecord = await this.getProfileRowByName(profileName);
+      if (updatedRecord) {
+        profileData = updatedRecord.data;
+      }
       const profileHome = this.getProfileHomePath(profileName);
       await import_fs.promises.mkdir(profileHome, { recursive: true });
       if (profileData.auth_method && profileData.auth_method !== "codex-cli") {
@@ -4017,7 +4061,6 @@ async function runCodexLogin(mode) {
 // ../../lib/codex-rpc.ts
 var import_node_child_process3 = require("child_process");
 var import_node_readline = __toESM(require("readline"));
-var import_node_events = require("events");
 var import_node_fs6 = require("fs");
 var import_node_os2 = __toESM(require("os"));
 var import_node_path8 = __toESM(require("path"));
@@ -4026,20 +4069,50 @@ async function sendPayload(child, payload) {
   child.stdin?.write(JSON.stringify(payload));
   child.stdin?.write("\n");
 }
-async function readMessage(rl, timeoutMs) {
-  const timeout = new Promise((_, reject) => {
+function isRpcResponseForRequest(message, requestId) {
+  if (message.id !== requestId) {
+    return false;
+  }
+  return Object.prototype.hasOwnProperty.call(message, "result") || Object.prototype.hasOwnProperty.call(message, "error");
+}
+async function readRpcResponseById(rl, requestId, timeoutMs) {
+  return new Promise((resolve, reject) => {
     const timer = setTimeout(() => {
-      clearTimeout(timer);
+      cleanup();
       reject(new Error("codex RPC timed out"));
-    }, timeoutMs);
+    }, Math.max(1, timeoutMs));
+    const cleanup = () => {
+      clearTimeout(timer);
+      rl.off("line", onLine);
+      rl.off("close", onClose);
+    };
+    const onClose = () => {
+      cleanup();
+      reject(new Error("codex RPC stream closed before response"));
+    };
+    const onLine = (line) => {
+      let parsed;
+      try {
+        parsed = JSON.parse(line);
+      } catch {
+        cleanup();
+        reject(new Error("codex RPC returned malformed JSON"));
+        return;
+      }
+      if (!isRpcResponseForRequest(parsed, requestId)) {
+        return;
+      }
+      cleanup();
+      resolve(parsed);
+    };
+    rl.on("line", onLine);
+    rl.on("close", onClose);
   });
-  const linePromise = (0, import_node_events.once)(rl, "line").then((args) => args[0]);
-  const line = await Promise.race([linePromise, timeout]);
-  try {
-    return JSON.parse(line);
-  } catch {
-    throw new Error("codex RPC returned malformed JSON");
-  }
+}
+function formatRpcError(method, error) {
+  const codeText = typeof error.code === "number" ? ` (code ${error.code})` : "";
+  const message = typeof error.message === "string" && error.message.trim().length > 0 ? error.message.trim() : "Unknown RPC error";
+  return `${method} failed${codeText}: ${message}`;
 }
 function toWindow(rpc) {
   if (!rpc) return void 0;
@@ -4070,9 +4143,33 @@ function toWindow(rpc) {
   }
   return window;
 }
+function parseRateLimitSnapshotFromRpcMessage(message) {
+  if (message.error) {
+    throw new Error(formatRpcError("account/rateLimits/read", message.error));
+  }
+  const result = message.result;
+  const limits = result?.rateLimits;
+  const primary = toWindow(limits?.primary ?? null);
+  const secondary = toWindow(limits?.secondary ?? null);
+  if (!primary && !secondary) {
+    return null;
+  }
+  const snapshot = {
+    lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
+    source: "codex-rpc"
+  };
+  if (primary) {
+    snapshot.primary = primary;
+  }
+  if (secondary) {
+    snapshot.secondary = secondary;
+  }
+  return snapshot;
+}
 async function fetchRateLimitsViaRpc(envOverride, options = {}) {
   const binaryPath = options.codexPath ?? await requireCodexCli();
   const tempHome = await import_node_fs6.promises.mkdtemp(import_node_path8.default.join(import_node_os2.default.tmpdir(), "codex-rpc-"));
+  const tempAuthPath = import_node_path8.default.join(tempHome, "auth.json");
   const sourceAuthPath = options.authPath ?? (envOverride?.CODEX_HOME ? import_node_path8.default.join(envOverride.CODEX_HOME, "auth.json") : import_node_path8.default.join(
     envOverride?.HOME ?? process.env.HOME ?? process.env.USERPROFILE ?? import_node_os2.default.homedir(),
     ".codex",
@@ -4083,7 +4180,7 @@ async function fetchRateLimitsViaRpc(envOverride, options = {}) {
     if (!authContent) {
       return null;
     }
-    await import_node_fs6.promises.writeFile(import_node_path8.default.join(tempHome, "auth.json"), authContent, "utf8");
+    await import_node_fs6.promises.writeFile(tempAuthPath, authContent, "utf8");
   } catch {
     await import_node_fs6.promises.rm(tempHome, { recursive: true, force: true }).catch(() => {
     });
@@ -4111,31 +4208,24 @@ async function fetchRateLimitsViaRpc(envOverride, options = {}) {
       method: "initialize",
       params: { clientInfo: { name: "codexuse", version: "0.0.0" } }
     });
-    await readMessage(rl, RPC_TIMEOUT_MS);
+    const initializeResponse = await readRpcResponseById(rl, 1, RPC_TIMEOUT_MS);
+    if (initializeResponse.error) {
+      throw new Error(formatRpcError("initialize", initializeResponse.error));
+    }
     await sendPayload(child, { method: "initialized", params: {} });
     await sendPayload(child, { id: 2, method: "account/rateLimits/read", params: {} });
-    const message = await readMessage(rl, RPC_TIMEOUT_MS);
-    const result = message.result;
-    const limits = result?.rateLimits;
-    const primary = toWindow(limits?.primary ?? null);
-    const secondary = toWindow(limits?.secondary ?? null);
-    if (!primary && !secondary) {
-      return null;
-    }
-    const snapshot = {
-      lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
-      source: "codex-rpc"
-    };
-    if (primary) {
-      snapshot.primary = primary;
-    }
-    if (secondary) {
-      snapshot.secondary = secondary;
-    }
-    return snapshot;
+    const message = await readRpcResponseById(rl, 2, RPC_TIMEOUT_MS);
+    return parseRateLimitSnapshotFromRpcMessage(message);
   } finally {
     child.kill();
     rl.close();
+    try {
+      const updatedAuth = await import_node_fs6.promises.readFile(tempAuthPath, "utf8");
+      if (updatedAuth.trim().length > 0) {
+        await import_node_fs6.promises.writeFile(sourceAuthPath, updatedAuth, "utf8");
+      }
+    } catch {
+    }
     await import_node_fs6.promises.rm(tempHome, { recursive: true, force: true }).catch(() => {
     });
   }
@@ -4920,7 +5010,7 @@ async function importLegacyLocalStorageOnce(payload) {
 }
 
 // src/index.ts
-var VERSION = true ? "2.4.17" : "0.0.0";
+var VERSION = true ? "2.4.19" : "0.0.0";
 var cliStorageReadyPromise = null;
 async function ensureCliStorageReady() {
   if (cliStorageReadyPromise) {
@@ -4935,7 +5025,7 @@ async function ensureCliStorageReady() {
     const state = await getAppState();
     if (state.migration.status !== "complete") {
       throw new Error(
-        `Storage migration is not complete (status: ${state.migration.status}). Open CodexUse desktop once and try again.`
+        `Storage migration is not complete (status: ${state.migration.status}). CLI cannot continue until migration succeeds.`
       );
     }
   })().catch((error) => {
@@ -4953,6 +5043,7 @@ Usage:
   codexuse profile add <name> [--skip-login] [--device-auth] [--login=browser|device]
   codexuse profile refresh <name> [--skip-login] [--device-auth] [--login=browser|device]
   codexuse profile switch <name>
+  codexuse profile autoroll [--threshold=50-100] [--dry-run] [--watch] [--interval=seconds]
   codexuse profile delete <name>
   codexuse profile rename <old> <new>
 
@@ -4970,6 +5061,10 @@ Flags:
   --compact        Names only
   --device-auth    Use device auth for Codex login
   --login=MODE     Login mode: browser | device
+  --threshold=NN   Auto-roll switch threshold percent (50-100)
+  --watch          Keep checking and auto-switch when threshold is reached
+  --interval=SEC   Watch interval in seconds (default: 30)
+  --dry-run        Print planned switch without changing active profile
 `);
 }
 function hasFlag(args, flag) {
@@ -4988,6 +5083,26 @@ function parseLoginMode(flags) {
   }
   return null;
 }
+var DEFAULT_AUTOROLL_INTERVAL_SECONDS = 30;
+var DEFAULT_AUTOROLL_THRESHOLD = 95;
+function parseNumericFlag(flags, name) {
+  const explicit = flags.find((flag) => flag.startsWith(`${name}=`));
+  if (!explicit) {
+    return null;
+  }
+  const raw = explicit.slice(`${name}=`.length);
+  const value = Number.parseFloat(raw);
+  return Number.isFinite(value) ? value : Number.NaN;
+}
+function parseIntegerFlag(flags, name) {
+  const explicit = flags.find((flag) => flag.startsWith(`${name}=`));
+  if (!explicit) {
+    return null;
+  }
+  const raw = explicit.slice(`${name}=`.length);
+  const value = Number.parseInt(raw, 10);
+  return Number.isFinite(value) ? value : Number.NaN;
+}
 function formatProfileLabel(name, displayName) {
   if (displayName && displayName.trim() && displayName !== name) {
     return `${displayName} (${name})`;
@@ -5099,14 +5214,99 @@ function formatWindowUsage(window) {
     reset: resetText ? `reset ${resetText}` : null
   };
 }
+var EMPTY_USAGE_SUMMARY = {
+  windowKey: "primary",
+  usagePercent: 0,
+  hasUsage: false,
+  resetsInSeconds: null,
+  windowMinutes: null
+};
+function toFiniteNumberOrNull(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : null;
+}
+function summarizeRateLimitSnapshot(snapshot) {
+  if (!snapshot) {
+    return { ...EMPTY_USAGE_SUMMARY };
+  }
+  const entries = [
+    { key: "primary", window: snapshot.primary },
+    { key: "secondary", window: snapshot.secondary }
+  ];
+  let summary = { ...EMPTY_USAGE_SUMMARY };
+  let initialized = false;
+  for (const entry of entries) {
+    if (!entry.window) {
+      continue;
+    }
+    const usageValueRaw = toFiniteNumberOrNull(entry.window.usedPercent);
+    const usageValue = usageValueRaw === null ? 0 : Math.max(0, Math.min(100, usageValueRaw));
+    const hasUsage = usageValueRaw !== null;
+    const resetsInSeconds = toFiniteNumberOrNull(entry.window.resetsInSeconds);
+    const windowMinutes = toFiniteNumberOrNull(entry.window.windowMinutes);
+    if (!initialized) {
+      initialized = true;
+      summary = {
+        windowKey: entry.key,
+        usagePercent: usageValue,
+        hasUsage,
+        resetsInSeconds,
+        windowMinutes
+      };
+      continue;
+    }
+    if (hasUsage && summary.hasUsage && usageValue > summary.usagePercent) {
+      summary = {
+        windowKey: entry.key,
+        usagePercent: usageValue,
+        hasUsage,
+        resetsInSeconds,
+        windowMinutes
+      };
+      continue;
+    }
+    if (!hasUsage && !summary.hasUsage && summary.resetsInSeconds !== null) {
+      if (resetsInSeconds !== null && resetsInSeconds < summary.resetsInSeconds) {
+        summary = {
+          windowKey: entry.key,
+          usagePercent: usageValue,
+          hasUsage,
+          resetsInSeconds,
+          windowMinutes
+        };
+      }
+      continue;
+    }
+    if (!hasUsage && !summary.hasUsage && summary.resetsInSeconds === null && resetsInSeconds !== null) {
+      summary = {
+        windowKey: entry.key,
+        usagePercent: usageValue,
+        hasUsage,
+        resetsInSeconds,
+        windowMinutes
+      };
+      continue;
+    }
+    if (hasUsage && !summary.hasUsage) {
+      summary = {
+        windowKey: entry.key,
+        usagePercent: usageValue,
+        hasUsage,
+        resetsInSeconds,
+        windowMinutes
+      };
+    }
+  }
+  return summary;
+}
 function fallbackUsage(profile) {
+  const usageSummary = summarizeRateLimitSnapshot(profile.rateLimit ?? null);
   if (!profile.isValid) {
-    return { summary: "invalid", rows: null };
+    return { summary: "invalid", rows: null, usageSummary };
   }
   if (profile.tokenStatus?.requiresUserAction) {
-    return { summary: "auth required", rows: null };
+    return { summary: "auth required", rows: null, usageSummary };
   }
-  return { summary: "n/a", rows: null };
+  return { summary: "n/a", rows: null, usageSummary };
 }
 async function resolveProfileUsage(manager, profile, codexPath) {
   if (!profile.isValid || profile.tokenStatus?.requiresUserAction) {
@@ -5118,7 +5318,8 @@ async function resolveProfileUsage(manager, profile, codexPath) {
       (env) => fetchRateLimitsViaRpc(env, { codexPath })
     );
     if (!snapshot) {
-      return { summary: "n/a", rows: null };
+      const usageSummary = summarizeRateLimitSnapshot(profile.rateLimit ?? null);
+      return { summary: "n/a", rows: null, usageSummary };
     }
     const rows = [];
     if (snapshot.primary) {
@@ -5131,10 +5332,61 @@ async function resolveProfileUsage(manager, profile, codexPath) {
     }
     const maxPercent = maxUsedPercent(snapshot);
     const summary = typeof maxPercent === "number" ? `${Math.round(maxPercent)}%` : "n/a";
-    return { summary, rows: rows.length > 0 ? rows : null };
+    return { summary, rows: rows.length > 0 ? rows : null, usageSummary: summarizeRateLimitSnapshot(snapshot) };
   } catch {
-    return { summary: "n/a", rows: null };
+    return fallbackUsage(profile);
+  }
+}
+function compareAutoRollCandidates(a, b) {
+  if (a.usageSummary.usagePercent !== b.usageSummary.usagePercent) {
+    return a.usageSummary.usagePercent - b.usageSummary.usagePercent;
+  }
+  const aReset = a.usageSummary.resetsInSeconds ?? Number.POSITIVE_INFINITY;
+  const bReset = b.usageSummary.resetsInSeconds ?? Number.POSITIVE_INFINITY;
+  if (aReset !== bReset) {
+    return aReset - bReset;
+  }
+  return a.profile.name.localeCompare(b.profile.name);
+}
+function computeAutoRollCandidate(profiles, usageMap, currentProfileName, currentSummary, switchThreshold) {
+  const candidates = profiles.filter((profile) => profile.name !== currentProfileName && profile.isValid && !profile.tokenStatus?.requiresUserAction).map((profile) => ({
+    profile,
+    usageSummary: usageMap.get(profile.name)?.usageSummary ?? summarizeRateLimitSnapshot(profile.rateLimit ?? null)
+  }));
+  if (candidates.length === 0) {
+    return null;
   }
+  const belowThreshold = candidates.filter((candidate) => candidate.usageSummary.hasUsage && candidate.usageSummary.usagePercent < switchThreshold).sort(compareAutoRollCandidates);
+  let selected = belowThreshold[0] ?? null;
+  if (!selected) {
+    selected = candidates.filter((candidate) => candidate.usageSummary.hasUsage).sort(compareAutoRollCandidates)[0] ?? null;
+  }
+  if (!selected) {
+    selected = candidates.filter((candidate) => !candidate.usageSummary.hasUsage).sort((a, b) => {
+      const aReset = a.usageSummary.resetsInSeconds ?? Number.POSITIVE_INFINITY;
+      const bReset = b.usageSummary.resetsInSeconds ?? Number.POSITIVE_INFINITY;
+      if (aReset !== bReset) {
+        return aReset - bReset;
+      }
+      return a.profile.name.localeCompare(b.profile.name);
+    })[0] ?? null;
+  }
+  if (!selected) {
+    return null;
+  }
+  if (selected.usageSummary.hasUsage && currentSummary.hasUsage) {
+    if (selected.usageSummary.usagePercent > currentSummary.usagePercent) {
+      return null;
+    }
+    if (selected.usageSummary.usagePercent === currentSummary.usagePercent) {
+      const selectedReset = selected.usageSummary.resetsInSeconds ?? Number.POSITIVE_INFINITY;
+      const currentReset = currentSummary.resetsInSeconds ?? Number.POSITIVE_INFINITY;
+      if (selectedReset >= currentReset) {
+        return null;
+      }
+    }
+  }
+  return selected;
 }
 function formatPlan(profile) {
   const metadata = profile.metadata;
@@ -5210,6 +5462,118 @@ async function mapWithConcurrency(items, limit, fn) {
   await Promise.all(workers);
   return results;
 }
+function parseAutoRollThreshold(flags, fallbackThreshold) {
+  const explicitThreshold = parseNumericFlag(flags, "--threshold");
+  if (explicitThreshold === null) {
+    return fallbackThreshold;
+  }
+  if (Number.isNaN(explicitThreshold)) {
+    throw new Error("Invalid --threshold value. Use --threshold=50-100.");
+  }
+  if (explicitThreshold < 50 || explicitThreshold > 100) {
+    throw new Error("Invalid --threshold value. Use a number between 50 and 100.");
+  }
+  return Math.round(explicitThreshold);
+}
+function parseAutoRollIntervalSeconds(flags) {
+  const explicitInterval = parseIntegerFlag(flags, "--interval");
+  if (explicitInterval === null) {
+    return DEFAULT_AUTOROLL_INTERVAL_SECONDS;
+  }
+  if (Number.isNaN(explicitInterval) || explicitInterval <= 0) {
+    throw new Error("Invalid --interval value. Use --interval=<seconds> with a positive integer.");
+  }
+  return explicitInterval;
+}
+async function collectUsageMap(manager, profiles, codexPath) {
+  const usageMap = /* @__PURE__ */ new Map();
+  const limitEnv = Number.parseInt(process.env.CODEXUSE_CLI_USAGE_CONCURRENCY ?? "3", 10);
+  const limit = Number.isFinite(limitEnv) && limitEnv > 0 ? limitEnv : 3;
+  const results = await mapWithConcurrency(
+    profiles,
+    limit,
+    (profile) => resolveProfileUsage(manager, profile, codexPath)
+  );
+  for (const [index, profile] of profiles.entries()) {
+    usageMap.set(profile.name, results[index]);
+  }
+  return usageMap;
+}
+async function runAutoRollPass(manager, options) {
+  const profiles = await manager.listProfiles();
+  if (!profiles.length) {
+    return { switched: false, message: "No profiles found.", source: null, target: null };
+  }
+  const current = await manager.getCurrentProfile();
+  if (!current.name) {
+    return { switched: false, message: "No active profile.", source: null, target: null };
+  }
+  const codexPath = resolveCodexBinary();
+  if (!codexPath) {
+    throw new Error("Codex CLI binary not found on PATH. Auto-roll requires codex for live rate limits.");
+  }
+  const usageMap = await collectUsageMap(manager, profiles, codexPath);
+  const currentProfile = profiles.find((profile) => profile.name === current.name);
+  if (!currentProfile) {
+    return {
+      switched: false,
+      message: `Current profile '${current.name}' is missing from saved profiles.`,
+      source: current.name,
+      target: null
+    };
+  }
+  const currentUsage = usageMap.get(current.name)?.usageSummary ?? summarizeRateLimitSnapshot(currentProfile.rateLimit ?? null);
+  if (!currentUsage.hasUsage) {
+    return {
+      switched: false,
+      message: `No live rate-limit usage for '${current.name}'. Skipping auto-roll.`,
+      source: current.name,
+      target: null
+    };
+  }
+  if (currentUsage.usagePercent < options.threshold) {
+    return {
+      switched: false,
+      message: `'${current.name}' at ${Math.round(currentUsage.usagePercent)}%, below threshold ${options.threshold}%.`,
+      source: current.name,
+      target: null
+    };
+  }
+  const candidate = computeAutoRollCandidate(
+    profiles,
+    usageMap,
+    current.name,
+    currentUsage,
+    options.threshold
+  );
+  if (!candidate) {
+    return {
+      switched: false,
+      message: `No eligible profile to switch from '${current.name}' at ${Math.round(currentUsage.usagePercent)}%.`,
+      source: current.name,
+      target: null
+    };
+  }
+  const candidateUsage = candidate.usageSummary.hasUsage ? `${Math.round(candidate.usageSummary.usagePercent)}%` : "n/a";
+  if (options.dryRun) {
+    return {
+      switched: false,
+      message: `[dry-run] Would switch '${current.name}' (${Math.round(currentUsage.usagePercent)}%) -> '${candidate.profile.name}' (${candidateUsage}).`,
+      source: current.name,
+      target: candidate.profile.name
+    };
+  }
+  await manager.switchToProfile(candidate.profile.name);
+  return {
+    switched: true,
+    message: `Auto-rolled '${current.name}' (${Math.round(currentUsage.usagePercent)}%) -> '${candidate.profile.name}' (${candidateUsage}).`,
+    source: current.name,
+    target: candidate.profile.name
+  };
+}
+function delay(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
 async function handleProfile(args) {
   const flags = args.filter((arg) => arg.startsWith("-"));
   const params = stripFlags(args);
@@ -5231,24 +5595,18 @@ async function handleProfile(args) {
       const withUsage = !hasFlag(flags, "--no-usage");
       let usageMap = null;
       if (withUsage) {
-        usageMap = /* @__PURE__ */ new Map();
         const codexPath = resolveCodexBinary();
-        const codexAvailable = Boolean(codexPath);
-        if (!codexAvailable || !codexPath) {
+        if (!codexPath) {
+          usageMap = /* @__PURE__ */ new Map();
           for (const profile of profiles) {
-            usageMap.set(profile.name, { summary: "codex cli missing", rows: null });
+            usageMap.set(profile.name, {
+              summary: "codex cli missing",
+              rows: null,
+              usageSummary: summarizeRateLimitSnapshot(profile.rateLimit ?? null)
+            });
           }
         } else {
-          const limitEnv = Number.parseInt(process.env.CODEXUSE_CLI_USAGE_CONCURRENCY ?? "3", 10);
-          const limit = Number.isFinite(limitEnv) && limitEnv > 0 ? limitEnv : 3;
-          const results = await mapWithConcurrency(
-            profiles,
-            limit,
-            (profile) => resolveProfileUsage(manager, profile, codexPath)
-          );
-          for (const [index, profile] of profiles.entries()) {
-            usageMap.set(profile.name, results[index]);
-          }
+          usageMap = await collectUsageMap(manager, profiles, codexPath);
         }
       }
       for (const [index, profile] of profiles.entries()) {
@@ -5312,6 +5670,38 @@ async function handleProfile(args) {
       console.log(`Switched to profile: ${name}`);
       return;
     }
+    case "autoroll":
+    case "auto-roll": {
+      const watch = hasFlag(flags, "--watch");
+      const dryRun = hasFlag(flags, "--dry-run");
+      const settings = await getStoredAutoRollSettings().catch(() => null);
+      const fallbackThreshold = typeof settings?.switchThreshold === "number" && Number.isFinite(settings.switchThreshold) ? Math.round(settings.switchThreshold) : DEFAULT_AUTOROLL_THRESHOLD;
+      const threshold = parseAutoRollThreshold(flags, fallbackThreshold);
+      const intervalSeconds = parseAutoRollIntervalSeconds(flags);
+      if (watch) {
+        console.log(`Auto-roll watch: threshold ${threshold}% | interval ${intervalSeconds}s${dryRun ? " | dry-run" : ""}`);
+        let stop = false;
+        process.on("SIGINT", () => {
+          stop = true;
+        });
+        process.on("SIGTERM", () => {
+          stop = true;
+        });
+        while (!stop) {
+          const result2 = await runAutoRollPass(manager, { threshold, dryRun });
+          console.log(result2.message);
+          if (stop) {
+            break;
+          }
+          await delay(intervalSeconds * 1e3);
+        }
+        console.log("Auto-roll watch stopped.");
+        return;
+      }
+      const result = await runAutoRollPass(manager, { threshold, dryRun });
+      console.log(result.message);
+      return;
+    }
     case "delete": {
       const name = params[1];
       if (!name) {