codexuse-cli 5.0.5 → 5.0.7

package/dist/index.js

@@ -2054,6 +2054,7 @@ var DEFAULT_AUTO_ROLL_ENABLED = false;
 var DEFAULT_AUTO_ROLL_REARM_REMAINING_THRESHOLD = 15;
 var DEFAULT_AUTO_ROLL_SWITCH_REMAINING_THRESHOLD = 5;
 var DEFAULT_LAUNCH_OFFICIAL_CODEX_WHEN_CLOSED_ON_AUTO_ROLL = false;
+var DEFAULT_HANDOFF_RUNNING_THREADS_ON_ACCOUNT_SWITCH = false;
 var DEFAULT_AUTO_ROLL_PRIORITY_ORDER = [];
 var DEFAULT_LOW_REMAINING_NOTIFICATION_ENABLED = false;
 var DEFAULT_LOW_REMAINING_NOTIFICATION_THRESHOLD = 1;
@@ -2157,6 +2158,7 @@ function normalizeAutoRollSettings(raw) {
     rearmRemainingThreshold: normalizedRearm,
     switchRemainingThreshold: normalizedSwitch,
     launchOfficialCodexWhenClosedOnAutoRoll: raw?.launchOfficialCodexWhenClosedOnAutoRoll === true ? true : DEFAULT_LAUNCH_OFFICIAL_CODEX_WHEN_CLOSED_ON_AUTO_ROLL,
+    handoffRunningThreadsOnAccountSwitch: raw?.handoffRunningThreadsOnAccountSwitch === true ? true : DEFAULT_HANDOFF_RUNNING_THREADS_ON_ACCOUNT_SWITCH,
     priorityOrder: sanitizeAutoRollPriorityOrder(raw?.priorityOrder),
     lowRemainingNotificationEnabled: raw?.lowRemainingNotificationEnabled === true ? true : DEFAULT_LOW_REMAINING_NOTIFICATION_ENABLED,
     lowRemainingNotificationThreshold: sanitizeLowRemainingNotificationThreshold(
@@ -2530,6 +2532,7 @@ function createDefaultAppState() {
       rearmRemainingThreshold: 15,
       switchRemainingThreshold: 5,
       launchOfficialCodexWhenClosedOnAutoRoll: false,
+      handoffRunningThreadsOnAccountSwitch: false,
       priorityOrder: [],
       lowRemainingNotificationEnabled: false,
       lowRemainingNotificationThreshold: 1
@@ -2613,13 +2616,15 @@ function createDefaultAppState() {
       lastPushAt: null,
       lastPullAt: null,
       lastError: null,
-      remoteUpdatedAt: null
+      remoteUpdatedAt: null,
+      remoteKind: "none"
     },
     analytics: {
       anonymousId: null,
       enabled: true,
       lastFlushAt: null,
-      lastError: null
+      lastError: null,
+      reportedNativeCrashIncidentIds: []
     },
     profilesByName: {}
   };
@@ -2631,6 +2636,20 @@ function asString(value) {
   const trimmed = value.trim();
   return trimmed.length > 0 ? trimmed : null;
 }
+function asStringArray(value) {
+  if (!Array.isArray(value)) {
+    return [];
+  }
+  const seen = /* @__PURE__ */ new Set();
+  return value.flatMap((entry) => {
+    const normalized = asString(entry);
+    if (!normalized || seen.has(normalized)) {
+      return [];
+    }
+    seen.add(normalized);
+    return [normalized];
+  });
+}
 function asNumberOrNull(value) {
   return typeof value === "number" && Number.isFinite(value) ? value : null;
 }
@@ -2954,7 +2973,10 @@ function normalizeAppState(raw) {
       sourceProfileKey: asString(debt.sourceProfileKey),
       decisionId: asString(debt.decisionId),
       attempts: asNumberOrNull(debt.attempts) ?? 0,
-      lastReason: asString(debt.lastReason)
+      lastReason: asString(debt.lastReason),
+      handoffReason: debt.handoffReason === "manual" || debt.handoffReason === "auto-roll" ? debt.handoffReason : null,
+      handoffThreadIds: asStringArray(debt.handoffThreadIds),
+      handoffSentThreadIds: asStringArray(debt.handoffSentThreadIds)
     } : null;
   } else {
     merged.officialCodex.pendingActivationDebt = null;
@@ -3183,6 +3205,9 @@ function normalizeAppState(raw) {
   merged.sync.lastPullAt = asString(merged.sync.lastPullAt);
   merged.sync.lastError = asString(merged.sync.lastError);
   merged.sync.remoteUpdatedAt = asString(merged.sync.remoteUpdatedAt);
+  if (merged.sync.remoteKind !== "legacy-plaintext" && merged.sync.remoteKind !== "encrypted") {
+    merged.sync.remoteKind = "none";
+  }
   if (!isRecord2(merged.analytics)) {
     merged.analytics = clone2(defaults.analytics);
   }
@@ -3192,6 +3217,9 @@ function normalizeAppState(raw) {
   }
   merged.analytics.lastFlushAt = asString(merged.analytics.lastFlushAt);
   merged.analytics.lastError = asString(merged.analytics.lastError);
+  merged.analytics.reportedNativeCrashIncidentIds = asStringArray(
+    merged.analytics.reportedNativeCrashIncidentIds
+  ).slice(-20);
   if ("telemetry" in merged) {
     delete merged.telemetry;
   }
@@ -3496,6 +3524,7 @@ async function writeCodexSettingsJsonRaw(payload) {
       rearmRemainingThreshold: autoRoll.rearmRemainingThreshold,
       switchRemainingThreshold: autoRoll.switchRemainingThreshold,
       launchOfficialCodexWhenClosedOnAutoRoll: autoRoll.launchOfficialCodexWhenClosedOnAutoRoll,
+      handoffRunningThreadsOnAccountSwitch: autoRoll.handoffRunningThreadsOnAccountSwitch,
       priorityOrder: autoRoll.priorityOrder,
       lowRemainingNotificationEnabled: autoRoll.lowRemainingNotificationEnabled,
       lowRemainingNotificationThreshold: autoRoll.lowRemainingNotificationThreshold
@@ -3927,7 +3956,7 @@ var import_node_crypto3 = require("crypto");
 var import_fs = require("fs");
 var import_path = __toESM(require("path"), 1);
 var import_path2 = require("path");
-var import_toml = __toESM(require_toml(), 1);
+var import_toml2 = __toESM(require_toml(), 1);
 
 // ../../packages/contracts/src/profiles/identity.ts
 function normalizeValue(value) {
@@ -3981,6 +4010,7 @@ var import_node_readline = __toESM(require("readline"), 1);
 var import_node_fs3 = require("fs");
 var import_node_os2 = __toESM(require("os"), 1);
 var import_node_path5 = __toESM(require("path"), 1);
+var import_toml = __toESM(require_toml(), 1);
 
 // ../../packages/runtime-codex/src/codex/cli.ts
 var import_node_fs2 = require("fs");
@@ -4206,6 +4236,12 @@ var ACTIVATION_MODEL = "gpt-5.1-codex-mini";
 var MAX_STDERR_CAPTURE_CHARS = 32768;
 var REFRESH_TOKEN_REDEEMED_SNIPPET = "refresh token was already used";
 var authFileCache = /* @__PURE__ */ new Map();
+var CODEX_OAUTH_REFRESH_URL = "https://auth.openai.com/oauth/token";
+var CODEX_OAUTH_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+var CODEX_OAUTH_REFRESH_MAX_AGE_MS = 8 * 24 * 60 * 60 * 1e3;
+var CODEX_OAUTH_ACCESS_TOKEN_REFRESH_SKEW_MS = 2 * 60 * 1e3;
+var CODEX_USAGE_DEFAULT_BASE_URL = "https://chatgpt.com/backend-api";
+var CODEX_USAGE_TIMEOUT_MS = 3e4;
 function isRecord4(value) {
   return Boolean(value && typeof value === "object" && !Array.isArray(value));
 }
@@ -4429,6 +4465,17 @@ function extractJwtIssuedAtMs(token) {
   }
   return issuedAt * 1e3;
 }
+function extractJwtExpiresAtMs(token) {
+  const payload = decodeJwtPayload(token);
+  if (!payload) {
+    return null;
+  }
+  const expiresAt = payload["exp"];
+  if (typeof expiresAt !== "number" || !Number.isFinite(expiresAt)) {
+    return null;
+  }
+  return expiresAt * 1e3;
+}
 function parseAuthRecord(content) {
   try {
     const parsed = JSON.parse(content);
@@ -4517,6 +4564,353 @@ async function writeAuthFileCached(filePath, content) {
     authFileCache.delete(filePath);
   }
 }
+function nonEmptyString(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function resolveCodexAuthPathForEnv(envOverride) {
+  return envOverride?.CODEX_HOME ? import_node_path5.default.join(envOverride.CODEX_HOME, "auth.json") : import_node_path5.default.join(
+    envOverride?.HOME ?? process.env.HOME ?? import_node_os2.default.homedir(),
+    ".codex",
+    "auth.json"
+  );
+}
+function parseCodexOAuthCredentials(content) {
+  const parsed = parseAuthRecord(content);
+  if (!parsed) {
+    return null;
+  }
+  const tokens = isRecord4(parsed.tokens) ? parsed.tokens : {};
+  const accessToken = nonEmptyString(tokens.access_token) ?? nonEmptyString(parsed.access_token);
+  const refreshToken = nonEmptyString(tokens.refresh_token) ?? nonEmptyString(parsed.refresh_token);
+  if (!accessToken && !refreshToken) {
+    return null;
+  }
+  return {
+    accessToken: accessToken ?? "",
+    refreshToken: refreshToken ?? "",
+    idToken: nonEmptyString(tokens.id_token) ?? nonEmptyString(parsed.id_token),
+    accountId: nonEmptyString(tokens.account_id) ?? nonEmptyString(parsed.account_id),
+    lastRefreshMs: parseTimestamp2(tokens.last_refresh) ?? parseTimestamp2(parsed.last_refresh)
+  };
+}
+function shouldRefreshCodexOAuthToken(credentials) {
+  if (!credentials.refreshToken) {
+    return false;
+  }
+  const accessExpiresAt = extractJwtExpiresAtMs(credentials.accessToken);
+  if (accessExpiresAt !== null && accessExpiresAt - Date.now() <= CODEX_OAUTH_ACCESS_TOKEN_REFRESH_SKEW_MS) {
+    return true;
+  }
+  if (credentials.lastRefreshMs === null) {
+    return true;
+  }
+  return Date.now() - credentials.lastRefreshMs > CODEX_OAUTH_REFRESH_MAX_AGE_MS;
+}
+async function writeCodexOAuthCredentials(authPath, content, credentials) {
+  let json = {};
+  try {
+    const parsed = JSON.parse(content);
+    if (isRecord4(parsed)) {
+      json = { ...parsed };
+    }
+  } catch {
+    json = {};
+  }
+  const existingTokens = isRecord4(json.tokens) ? json.tokens : {};
+  json.tokens = {
+    ...existingTokens,
+    access_token: credentials.accessToken,
+    refresh_token: credentials.refreshToken,
+    ...credentials.idToken ? { id_token: credentials.idToken } : {},
+    ...credentials.accountId ? { account_id: credentials.accountId } : {},
+    last_refresh: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  json.last_refresh = (/* @__PURE__ */ new Date()).toISOString();
+  await writeAuthFileCached(authPath, `${JSON.stringify(json, null, 2)}
+`);
+}
+async function refreshCodexOAuthCredentials(credentials) {
+  if (!credentials.refreshToken) {
+    return credentials;
+  }
+  const response = await fetch(CODEX_OAUTH_REFRESH_URL, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    signal: AbortSignal.timeout(CODEX_USAGE_TIMEOUT_MS),
+    body: JSON.stringify({
+      client_id: CODEX_OAUTH_CLIENT_ID,
+      grant_type: "refresh_token",
+      refresh_token: credentials.refreshToken,
+      scope: "openid profile email"
+    })
+  });
+  const body = await response.text();
+  if (!response.ok) {
+    let code = "";
+    try {
+      const parsed2 = JSON.parse(body);
+      if (isRecord4(parsed2)) {
+        const error = isRecord4(parsed2.error) ? parsed2.error : {};
+        code = nonEmptyString(error.code) ?? nonEmptyString(parsed2.error) ?? nonEmptyString(parsed2.code) ?? "";
+      }
+    } catch {
+      code = "";
+    }
+    if (code === "refresh_token_reused") {
+      throw new Error("refresh token was already used");
+    }
+    if (code === "refresh_token_expired") {
+      throw new Error("refresh token expired");
+    }
+    if (code === "invalid_grant" || code === "refresh_token_invalidated") {
+      throw new Error("refresh token was revoked");
+    }
+    throw new Error(`Codex OAuth refresh failed HTTP ${response.status}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(body);
+  } catch {
+    throw new Error("Codex OAuth refresh returned invalid JSON");
+  }
+  if (!isRecord4(parsed)) {
+    throw new Error("Codex OAuth refresh returned invalid data");
+  }
+  return {
+    accessToken: nonEmptyString(parsed.access_token) ?? credentials.accessToken,
+    refreshToken: nonEmptyString(parsed.refresh_token) ?? credentials.refreshToken,
+    idToken: nonEmptyString(parsed.id_token) ?? credentials.idToken,
+    accountId: credentials.accountId,
+    lastRefreshMs: Date.now()
+  };
+}
+async function loadCodexConfigContents(envOverride) {
+  const codexHome = envOverride?.CODEX_HOME?.trim();
+  const root = codexHome || import_node_path5.default.join(envOverride?.HOME ?? process.env.HOME ?? import_node_os2.default.homedir(), ".codex");
+  try {
+    return await import_node_fs3.promises.readFile(import_node_path5.default.join(root, "config.toml"), "utf8");
+  } catch {
+    return null;
+  }
+}
+function parseChatGPTBaseUrl(contents) {
+  if (!contents) {
+    return CODEX_USAGE_DEFAULT_BASE_URL;
+  }
+  try {
+    const parsed = (0, import_toml.parse)(contents);
+    if (isRecord4(parsed)) {
+      return nonEmptyString(parsed.chatgpt_base_url) ?? CODEX_USAGE_DEFAULT_BASE_URL;
+    }
+  } catch {
+    return CODEX_USAGE_DEFAULT_BASE_URL;
+  }
+  return CODEX_USAGE_DEFAULT_BASE_URL;
+}
+async function resolveCodexUsageUrl(envOverride) {
+  let base = parseChatGPTBaseUrl(await loadCodexConfigContents(envOverride));
+  while (base.endsWith("/")) {
+    base = base.slice(0, -1);
+  }
+  if ((base.startsWith("https://chatgpt.com") || base.startsWith("https://chat.openai.com")) && !base.includes("/backend-api")) {
+    base += "/backend-api";
+  }
+  return `${base}${base.includes("/backend-api") ? "/wham/usage" : "/api/codex/usage"}`;
+}
+function numberFromUnknown(value) {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value;
+  }
+  if (typeof value === "string" && value.trim()) {
+    const parsed = Number(value.trim());
+    return Number.isFinite(parsed) ? parsed : null;
+  }
+  return null;
+}
+function toOAuthWindow(window) {
+  if (!window) {
+    return void 0;
+  }
+  const usedPercent = numberFromUnknown(window.used_percent);
+  const resetAt = numberFromUnknown(window.reset_at);
+  const limitWindowSeconds = numberFromUnknown(window.limit_window_seconds);
+  if (usedPercent === null && resetAt === null && limitWindowSeconds === null) {
+    return void 0;
+  }
+  const result = {};
+  if (usedPercent !== null) {
+    result.usedPercent = Math.max(0, Math.min(100, usedPercent));
+  }
+  if (limitWindowSeconds !== null) {
+    result.windowMinutes = Math.round(limitWindowSeconds / 60);
+  }
+  if (resetAt !== null) {
+    const resetMs = resetAt > 1e10 ? resetAt : resetAt * 1e3;
+    result.resetsAt = new Date(resetMs).toISOString();
+    result.resetsInSeconds = Math.max(0, Math.round((resetMs - Date.now()) / 1e3));
+  }
+  return result;
+}
+function firstNonEmptyString(...values) {
+  for (const value of values) {
+    const text = nonEmptyString(value);
+    if (text) {
+      return text;
+    }
+  }
+  return null;
+}
+function slugForRateLimitId(value) {
+  return value.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+}
+function isSparkRateLimit(limitName, meteredFeature) {
+  return [limitName, meteredFeature].filter((value) => Boolean(value)).some((value) => value.toLowerCase().includes("spark"));
+}
+function sparkWindowIdentity(window, fallback) {
+  const limitWindowSeconds = numberFromUnknown(window.limit_window_seconds);
+  const windowMinutes = limitWindowSeconds !== null ? Math.round(limitWindowSeconds / 60) : null;
+  const kind = windowMinutes !== null && windowMinutes > 0 && windowMinutes <= 6 * 60 ? "five-hour" : windowMinutes !== null && windowMinutes >= 6 * 24 * 60 ? "weekly" : fallback;
+  return kind === "weekly" ? { id: "codex-spark-weekly", label: "Codex Spark Weekly" } : { id: "codex-spark", label: "Codex Spark 5-hour" };
+}
+function toExtraRateLimitWindow(args) {
+  const window = toOAuthWindow(args.window);
+  if (!window) {
+    return null;
+  }
+  return {
+    id: args.id,
+    label: args.label,
+    ...args.meteredFeature ? { meteredFeature: args.meteredFeature } : {},
+    ...window
+  };
+}
+function parseExtraRateLimitWindows(additionalRateLimits) {
+  if (!Array.isArray(additionalRateLimits)) {
+    return [];
+  }
+  const usedIds = /* @__PURE__ */ new Set();
+  const extraWindows = [];
+  for (const entry of additionalRateLimits) {
+    if (!isRecord4(entry)) {
+      continue;
+    }
+    const limitName = firstNonEmptyString(entry.limit_name);
+    const meteredFeature = firstNonEmptyString(entry.metered_feature);
+    const rateLimit = isRecord4(entry.rate_limit) ? entry.rate_limit : null;
+    if (!rateLimit) {
+      continue;
+    }
+    const primary = isRecord4(rateLimit.primary_window) ? rateLimit.primary_window : null;
+    const secondary = isRecord4(rateLimit.secondary_window) ? rateLimit.secondary_window : null;
+    if (isSparkRateLimit(limitName, meteredFeature)) {
+      const candidates = [
+        { window: primary, fallback: "five-hour" },
+        { window: secondary, fallback: "weekly" }
+      ];
+      for (const candidate of candidates) {
+        if (!candidate.window) {
+          continue;
+        }
+        const identity = sparkWindowIdentity(candidate.window, candidate.fallback);
+        if (usedIds.has(identity.id)) {
+          continue;
+        }
+        const extraWindow2 = toExtraRateLimitWindow({
+          ...identity,
+          meteredFeature,
+          window: candidate.window
+        });
+        if (extraWindow2) {
+          usedIds.add(identity.id);
+          extraWindows.push(extraWindow2);
+        }
+      }
+      continue;
+    }
+    const idSource = firstNonEmptyString(meteredFeature, limitName);
+    const slug = idSource ? slugForRateLimitId(idSource) : "";
+    if (!slug) {
+      continue;
+    }
+    const id = `codex-${slug}`;
+    if (usedIds.has(id)) {
+      continue;
+    }
+    const extraWindow = toExtraRateLimitWindow({
+      id,
+      label: firstNonEmptyString(limitName, meteredFeature) ?? "Codex extra limit",
+      meteredFeature,
+      window: primary ?? secondary
+    });
+    if (extraWindow) {
+      usedIds.add(id);
+      extraWindows.push(extraWindow);
+    }
+  }
+  return extraWindows;
+}
+function parseRateLimitSnapshotFromOAuthUsage(value) {
+  if (!isRecord4(value)) {
+    throw new Error("Codex usage API returned invalid data");
+  }
+  const usage = value;
+  const primary = toOAuthWindow(usage.rate_limit?.primary_window ?? null);
+  const secondary = toOAuthWindow(usage.rate_limit?.secondary_window ?? null);
+  const extraWindows = parseExtraRateLimitWindows(usage.additional_rate_limits);
+  if (!primary && !secondary && extraWindows.length === 0) {
+    return null;
+  }
+  return {
+    lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
+    source: "codex-oauth",
+    ...primary ? { primary } : {},
+    ...secondary ? { secondary } : {},
+    ...extraWindows.length > 0 ? { extraWindows } : {}
+  };
+}
+async function fetchRateLimitsViaOAuth(envOverride) {
+  const authPath = resolveCodexAuthPathForEnv(envOverride);
+  const authContent = await readAuthFileCached(authPath);
+  if (!authContent) {
+    return null;
+  }
+  let credentials = parseCodexOAuthCredentials(authContent);
+  if (!credentials) {
+    return null;
+  }
+  if (shouldRefreshCodexOAuthToken(credentials)) {
+    credentials = await refreshCodexOAuthCredentials(credentials);
+    await writeCodexOAuthCredentials(authPath, authContent, credentials);
+  }
+  if (!credentials.accessToken) {
+    return null;
+  }
+  const usageUrl = await resolveCodexUsageUrl(envOverride);
+  const response = await fetch(usageUrl, {
+    method: "GET",
+    headers: {
+      Authorization: `Bearer ${credentials.accessToken}`,
+      Accept: "application/json",
+      "User-Agent": "CodexUse",
+      ...credentials.accountId ? { "ChatGPT-Account-Id": credentials.accountId } : {}
+    },
+    signal: AbortSignal.timeout(CODEX_USAGE_TIMEOUT_MS)
+  });
+  const body = await response.text();
+  if (response.status === 401 || response.status === 403) {
+    throw new Error(`Codex OAuth usage failed HTTP ${response.status} (${usageUrl})`);
+  }
+  if (!response.ok) {
+    throw new Error(`Codex usage API failed HTTP ${response.status} (${usageUrl}): ${body.slice(0, 500)}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(body);
+  } catch {
+    throw new Error("Codex usage API returned invalid JSON");
+  }
+  return parseRateLimitSnapshotFromOAuthUsage(parsed);
+}
 function inferRefreshFailureHint(stderrOutput) {
   if (!stderrOutput) {
     return null;
@@ -6129,7 +6523,7 @@ var ProfileManager = class {
     }
     let parsed;
     try {
-      parsed = (0, import_toml.parse)(raw);
+      parsed = (0, import_toml2.parse)(raw);
     } catch (error) {
       logWarn(`Failed to parse config.toml for profile home '${profileHome}':`, error);
       return;
@@ -6139,7 +6533,7 @@ var ProfileManager = class {
     }
     delete parsed["model_reasoning_effort"];
     const sanitized = this.ensureTrailingNewline(
-      (0, import_toml.stringify)(parsed)
+      (0, import_toml2.stringify)(parsed)
     );
     try {
       await import_fs.promises.writeFile(configPath, sanitized, "utf8");
@@ -6503,7 +6897,16 @@ var ProfileManager = class {
         profileName,
         () => this.runWithPreparedProfileHome(
           profileName,
-          (env) => fetchRateLimitsViaRpc(env, { codexPath: options.codexPath }),
+          async (env) => {
+            try {
+              const oauthSnapshot = await fetchRateLimitsViaOAuth(env);
+              if (oauthSnapshot) {
+                return oauthSnapshot;
+              }
+            } catch {
+            }
+            return fetchRateLimitsViaRpc(env, { codexPath: options.codexPath });
+          },
           { syncFromActiveAuthBeforeAction: false }
         )
       );
@@ -6899,8 +7302,8 @@ Usage:
   codexuse license activate <license-key>
 
   codexuse sync status
-  codexuse sync pull
-  codexuse sync push
+  codexuse sync pull [--passphrase-stdin]
+  codexuse sync push [--passphrase-stdin]
 
 Flags:
   -h, --help       Show help
@@ -6918,7 +7321,9 @@ Flags:
   --profile=NAME   Run Codex with one saved profile
   --runtime=NAME   Accounts Pool runtime store: desktop
   --state-dir=PATH Override the runtime state dir for Accounts Pool inspection
+  --passphrase-stdin Read Cloud Sync passphrase from stdin
 Note: profile autoroll requires Pro.
+Cloud Sync: set CODEXUSE_SYNC_PASSPHRASE or use --passphrase-stdin unless the passphrase is saved in Keychain.
 `);
 }
 
@@ -7877,7 +8282,8 @@ function maxUsedPercent(snapshot) {
   }
   const candidates = [
     snapshot.primary?.usedPercent,
-    snapshot.secondary?.usedPercent
+    snapshot.secondary?.usedPercent,
+    ...(snapshot.extraWindows ?? []).map((window) => window.usedPercent)
   ].filter((value) => typeof value === "number" && Number.isFinite(value));
   if (candidates.length === 0) {
     return null;
@@ -8006,7 +8412,8 @@ function formatUsagePercent(value) {
 function snapshotResetSeconds(snapshot) {
   const values = [
     snapshot?.primary?.resetsInSeconds,
-    snapshot?.secondary?.resetsInSeconds
+    snapshot?.secondary?.resetsInSeconds,
+    ...(snapshot?.extraWindows ?? []).map((window) => window.resetsInSeconds)
   ].filter((value) => typeof value === "number" && Number.isFinite(value));
   return values.length > 0 ? Math.min(...values) : null;
 }
@@ -9147,7 +9554,7 @@ function buildInCodexStatusOverlayCssRules() {
     `${id}[data-open='false']:not([data-collapsed='true']):hover .codexuse-status-trigger{padding:8px 10px;gap:8px;}`,
     `${id}[data-open='false']:not([data-collapsed='true']):hover .codexuse-status-label{max-width:160px;font-size:12px;}`,
     `${id}[data-open='false']:not([data-collapsed='true']):hover .codexuse-status-chip{display:inline-flex;}`,
-    `${id} .codexuse-action-menu{display:none;position:absolute;right:0;bottom:calc(100% + 8px);width:min(280px,calc(100vw - 24px));border:1px solid var(--cu-border);border-radius:12px;background:var(--cu-popover);padding:6px;box-shadow:0 12px 36px rgba(0,0,0,.32);}`,
+    `${id} .codexuse-action-menu{display:none;position:absolute;right:0;bottom:calc(100% + 8px);width:min(280px,calc(100vw - 24px));max-height:min(420px,calc(100vh - 32px));overflow-y:auto;border:1px solid var(--cu-border);border-radius:12px;background:var(--cu-popover);padding:6px;box-shadow:0 12px 36px rgba(0,0,0,.32);}`,
     `${id}[data-drop='down'] .codexuse-action-menu{bottom:auto;top:calc(100% + 8px);}`,
     `${id}[data-open='true'] .codexuse-action-menu{display:flex;flex-direction:column;gap:2px;}`,
     `${id} .codexuse-target-list{display:flex;max-height:210px;flex-direction:column;gap:2px;overflow-y:auto;}`,
@@ -9169,10 +9576,10 @@ function buildInCodexStatusOverlayCssRules() {
     `${id} .codexuse-intro-detail{margin-top:2px;font-size:10px;color:var(--cu-muted);}`,
     `${id} .codexuse-decision-secondary{border:1px solid var(--cu-border)!important;color:var(--cu-muted)!important;}`,
     `${id} .codexuse-menu-divider{height:1px;margin:4px 2px;background:var(--cu-border);}`,
-    `${id} .codexuse-command-row{display:flex;width:100%;align-items:center;justify-content:space-between;gap:10px;padding:6px 9px;border-radius:8px;cursor:pointer;text-align:left;transition:background 120ms ease-out;}`,
-    `${id} .codexuse-command-row:hover{background:var(--cu-hover);}`,
     `${id} .codexuse-setting-row{display:flex;width:100%;align-items:center;justify-content:space-between;gap:10px;padding:6px 9px;border-radius:8px;cursor:pointer;text-align:left;transition:background 120ms ease-out;}`,
     `${id} .codexuse-setting-row:hover{background:var(--cu-hover);}`,
+    `${id} .codexuse-setting-copy{display:flex;min-width:0;flex:1;flex-direction:column;gap:1px;}`,
+    `${id} .codexuse-setting-copy .codexuse-target-detail{min-width:0;flex-shrink:1;overflow:hidden;text-overflow:ellipsis;}`,
     `${id} .codexuse-toggle{position:relative;flex-shrink:0;width:26px;height:15px;border-radius:999px;background:var(--cu-border);transition:background 120ms ease-out;}`,
     `${id} .codexuse-toggle::after{content:'';position:absolute;left:2px;top:2px;width:11px;height:11px;border-radius:50%;background:var(--cu-fg,#ececf1);transition:transform 120ms ease-out;}`,
     `${id} .codexuse-setting-row[data-on='true'] .codexuse-toggle{background:var(--cu-accent);}`,
@@ -9181,13 +9588,17 @@ function buildInCodexStatusOverlayCssRules() {
     `${id} .codexuse-action-status{min-width:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;color:var(--cu-muted);font-size:10px;}`,
     `${id} .codexuse-overlay-hide{flex-shrink:0;padding:2px 6px;border-radius:6px;color:var(--cu-muted);font-size:10px;cursor:pointer;}`,
     `${id} .codexuse-overlay-hide:hover{background:var(--cu-hover);color:var(--cu-fg,#ececf1);}`,
-    `${chip}{${palette}position:fixed;z-index:2147483001;display:inline-flex;align-items:center;gap:6px;padding:5px 10px;border-radius:999px;border:1px solid var(--cu-border);background:var(--cu-surface);color:var(--cu-fg,#ececf1);font-family:inherit;font-size:11px;font-weight:600;line-height:1.2;cursor:pointer;box-shadow:0 4px 16px rgba(0,0,0,.2);transition:background 120ms ease-out;}`,
-    `${chip}:hover{background:var(--cu-hover);}`,
-    `${chip}:disabled{opacity:.6;cursor:default;}`,
+    `${chip}{${palette}position:fixed;z-index:2147483002;display:inline-flex;align-items:center;gap:4px;border-radius:999px;border:1px solid var(--cu-border);background:var(--cu-surface);color:var(--cu-fg,#ececf1);font-family:inherit;font-size:11px;font-weight:600;line-height:1.2;white-space:nowrap;box-shadow:0 4px 16px rgba(0,0,0,.2);transition:background 120ms ease-out;pointer-events:auto;user-select:none;-webkit-user-select:none;}`,
+    `${chip}:hover,${chip}[data-open='true']{background:var(--cu-hover);}`,
+    `${chip}[data-disabled='true']{opacity:.6;}`,
+    `${chip} button{font:inherit;font-family:inherit;color:inherit;border:0;background:transparent;}`,
+    `${chip} .codexuse-handoff-main{display:inline-flex;align-items:center;padding:5px 8px 5px 10px;border-radius:999px;cursor:pointer;}`,
+    `${chip} .codexuse-handoff-hide{display:inline-flex;width:20px;height:20px;align-items:center;justify-content:center;margin-right:3px;border-radius:50%;color:var(--cu-muted);cursor:pointer;font-size:12px;line-height:1;}`,
+    `${chip} .codexuse-handoff-hide:hover{background:var(--cu-border);color:var(--cu-fg,#ececf1);}`,
     // Hand-off account picker is a standalone body child (not inside the pill),
     // so the pill-scoped popover rules don't reach it — give it its own palette
     // + popover styling, mirroring the chip.
-    `${picker}{${palette}position:fixed;z-index:2147483001;display:flex;flex-direction:column;gap:2px;width:min(280px,calc(100vw - 24px));max-height:240px;overflow-y:auto;border:1px solid var(--cu-border);border-radius:12px;background:var(--cu-popover);color:var(--cu-fg,#ececf1);font-family:inherit;font-size:12px;line-height:1.4;padding:6px;box-shadow:0 12px 36px rgba(0,0,0,.32);}`,
+    `${picker}{${palette}position:fixed;z-index:2147483003;display:flex;flex-direction:column;gap:2px;width:min(280px,calc(100vw - 24px));max-height:240px;overflow-y:auto;border:1px solid var(--cu-border);border-radius:12px;background:var(--cu-popover);color:var(--cu-fg,#ececf1);font-family:inherit;font-size:12px;line-height:1.4;padding:6px;box-shadow:0 12px 36px rgba(0,0,0,.32);pointer-events:auto;}`,
     `${picker} button{font:inherit;font-family:inherit;color:inherit;border:0;background:transparent;}`,
     `${picker} .codexuse-target-list{display:flex;flex-direction:column;gap:2px;}`,
     `${picker} .codexuse-target-row{display:flex;width:100%;align-items:center;justify-content:space-between;gap:10px;padding:7px 9px;border-radius:8px;cursor:pointer;text-align:left;transition:background 120ms ease-out;}`,
@@ -9219,6 +9630,9 @@ function createBridgeApplyQolExpression(settings) {
   )};
     const overlayAutoRollEnabled = ${JSON.stringify(
     typeof settings.overlayAutoRollEnabled === "boolean" ? settings.overlayAutoRollEnabled : null
+  )};
+    const overlayRunningThreadHandoffEnabled = ${JSON.stringify(
+    typeof settings.overlayRunningThreadHandoffEnabled === "boolean" ? settings.overlayRunningThreadHandoffEnabled : null
   )};
     const versions = {
       wideView: "3",
@@ -9560,6 +9974,8 @@ function createBridgeApplyQolExpression(settings) {
     const overlayHiddenKey = "codexuse:overlay:hidden";
     const overlayIntroKey = "codexuse:overlay:intro-shown";
     const overlayPosKey = "codexuse:overlay:pos";
+    const handoffHiddenKey = "codexuse:handoff:hidden";
+    const handoffPosKey = "codexuse:handoff:pos:v2";
     const readOverlayStore = (key) => {
       try {
         return window.localStorage.getItem(key);
@@ -9658,6 +10074,41 @@ function createBridgeApplyQolExpression(settings) {
       const y = Math.max(72, Math.min(140, Math.round(window.innerHeight * 0.16)));
       placeOverlay(pill, x, y);
     };
+    const rectsOverlap = (a, b, gap = 0) =>
+      a.left < b.right + gap &&
+      a.right > b.left - gap &&
+      a.top < b.bottom + gap &&
+      a.bottom > b.top - gap;
+    const positionedRect = (rect, pos) => ({
+      left: pos.x,
+      top: pos.y,
+      right: pos.x + rect.width,
+      bottom: pos.y + rect.height
+    });
+    const placeInitialHandoffPosition = (chip, anchorRect = null) => {
+      const rect = chip.getBoundingClientRect();
+      if (anchorRect && rect.width > 0 && rect.height > 0) {
+        const gap = 8;
+        const middleY = Math.round(anchorRect.top + (anchorRect.height - rect.height) / 2);
+        const candidates = [
+          { x: anchorRect.right + gap, y: middleY },
+          { x: anchorRect.left - rect.width - gap, y: middleY },
+          { x: anchorRect.right - rect.width, y: anchorRect.top - rect.height - gap },
+          { x: anchorRect.left, y: anchorRect.top - rect.height - gap },
+          { x: anchorRect.right - rect.width, y: anchorRect.bottom + gap }
+        ];
+        for (const candidate of candidates) {
+          const next = clampOverlayXY(chip, candidate.x, candidate.y);
+          if (!rectsOverlap(positionedRect(rect, next), anchorRect, 6)) {
+            placeOverlay(chip, next.x, next.y);
+            return;
+          }
+        }
+      }
+      const x = Math.max(8, window.innerWidth - rect.width - 16);
+      const y = Math.max(64, Math.min(128, Math.round(window.innerHeight * 0.14)));
+      placeOverlay(chip, x, y);
+    };
     const setOverlayMessage = (value) => {
       const node = document.querySelector("#" + statusId + " [data-codexuse-action-status]");
       if (node) node.textContent = value || "";
@@ -9701,7 +10152,7 @@ function createBridgeApplyQolExpression(settings) {
         state.lastActionRequest = payload;
         setOverlayMessage(
           action === "switch" ? "Switching\u2026"
-            : action === "continue" ? "Handing off\u2026"
+            : action === "continue" ? "Continuing in another account\u2026"
             : action === "auto-roll-accept" ? "Switching\u2026"
             : action === "auto-roll-cancel" ? "Staying here"
             : action === "restart" ? "Waiting to restart; keeping draft\u2026"
@@ -9862,7 +10313,7 @@ function createBridgeApplyQolExpression(settings) {
         introTitle.textContent = "CodexUse controls";
         const introDetail = document.createElement("div");
         introDetail.className = "codexuse-intro-detail";
-        introDetail.textContent = "Switch accounts, restart Codex, and confirm auto-roll from here. Drag to move, or Hide to dismiss.";
+        introDetail.textContent = "Switch accounts, tune CodexUse controls, and confirm Auto-roll from here. Drag to move, or Hide to dismiss.";
         intro.appendChild(introTitle);
         intro.appendChild(introDetail);
         menu.appendChild(intro);
@@ -9986,34 +10437,92 @@ function createBridgeApplyQolExpression(settings) {
         empty.textContent = "No other account ready";
         menu.appendChild(empty);
       }
-      const restartRow = document.createElement("button");
-      restartRow.type = "button";
-      restartRow.className = "codexuse-command-row";
-      restartRow.title = "Restart Official Codex";
-      const restartLabel = document.createElement("span");
-      restartLabel.textContent = "Restart Codex";
-      restartRow.appendChild(restartLabel);
-      const restartDetail = document.createElement("span");
-      restartDetail.className = "codexuse-target-detail";
-      restartDetail.textContent = "Keeps draft when possible";
-      restartRow.appendChild(restartDetail);
-      restartRow.addEventListener("click", (event) => {
-        event.preventDefault();
-        event.stopPropagation();
-        pill.dataset.open = "false";
-        state.overlayMenuOpen = false;
-        requestAction("restart");
-      }, true);
-      menu.appendChild(restartRow);
-      // In-app tweaks (auto-roll, wide view, scroll restore, timeline, hand-off)
-      // are configured in the CodexUse cockpit's Advanced section, not here \u2014
-      // the overlay stays focused on account status, switching, and recovery.
+      const appendSettingRow = (item) => {
+        const row = document.createElement("button");
+        row.type = "button";
+        row.className = "codexuse-setting-row";
+        row.dataset.key = item.key;
+        row.dataset.on = item.enabled ? "true" : "false";
+        row.title = item.detail;
+        const copy = document.createElement("span");
+        copy.className = "codexuse-setting-copy";
+        const label = document.createElement("span");
+        label.className = "codexuse-target-label";
+        label.textContent = item.label;
+        copy.appendChild(label);
+        const detail = document.createElement("span");
+        detail.className = "codexuse-target-detail";
+        detail.textContent = item.detail;
+        copy.appendChild(detail);
+        const toggle = document.createElement("span");
+        toggle.className = "codexuse-toggle";
+        row.appendChild(copy);
+        row.appendChild(toggle);
+        row.addEventListener("click", (event) => {
+          event.preventDefault();
+          event.stopPropagation();
+          const next = row.dataset.on !== "true";
+          row.dataset.on = next ? "true" : "false";
+          requestAction("setting", null, { key: item.key, value: next });
+        }, true);
+        menu.appendChild(row);
+      };
+      const settingRows = [
+        {
+          key: "autoRoll",
+          label: "Auto-roll",
+          detail: "Switch when quota is low",
+          enabled: overlayAutoRollEnabled === true,
+        },
+        {
+          key: "runningThreadHandoff",
+          label: "Continue running threads",
+          detail: "Beta \xB7 after account switch",
+          enabled: overlayRunningThreadHandoffEnabled === true,
+        },
+        {
+          key: "wideView",
+          label: "Wide conversations",
+          detail: "More message room",
+          enabled: wideViewEnabled,
+        },
+        {
+          key: "scrollRestore",
+          label: "Remember position",
+          detail: "Return to last spot",
+          enabled: scrollRestoreEnabled,
+        },
+        {
+          key: "conversationTimeline",
+          label: "Jump to user turns",
+          detail: "Show turn markers",
+          enabled: conversationTimelineEnabled,
+        },
+      ];
+      const divider = document.createElement("div");
+      divider.className = "codexuse-menu-divider";
+      menu.appendChild(divider);
+      settingRows.forEach(appendSettingRow);
       const footer = document.createElement("div");
       footer.className = "codexuse-menu-footer";
       const actionStatus = document.createElement("span");
       actionStatus.className = "codexuse-action-status";
       actionStatus.setAttribute("data-codexuse-action-status", "true");
       footer.appendChild(actionStatus);
+      if (handoffChipEnabled && readOverlayStore(handoffHiddenKey) === "1") {
+        const showHandoff = document.createElement("button");
+        showHandoff.type = "button";
+        showHandoff.className = "codexuse-overlay-hide";
+        showHandoff.textContent = "Show handoff";
+        showHandoff.addEventListener("click", (event) => {
+          event.preventDefault();
+          event.stopPropagation();
+          writeOverlayStore(handoffHiddenKey, null);
+          renderStatus();
+          renderHandoff();
+        }, true);
+        footer.appendChild(showHandoff);
+      }
       const hide = document.createElement("button");
       hide.type = "button";
       hide.className = "codexuse-overlay-hide";
@@ -10039,7 +10548,7 @@ function createBridgeApplyQolExpression(settings) {
       }
       return true;
     };
-    // Thread-scoped hand-off control: pinned to the composer, only shown when
+    // Thread-scoped hand-off control: separate draggable chip, only shown when
     // a conversation is on screen and another account is ready to take over.
     // Log the hand-off chip's visibility gate only when it CHANGES \u2014 this runs
     // on every mutation tick, and the reason is the first question every
@@ -10049,9 +10558,17 @@ function createBridgeApplyQolExpression(settings) {
       state.lastHandoffReason = reason;
       cuLog("handoff.render", { reason, targets: switchable.length });
     };
+    let cleanupHandoffPicker = null;
     const renderHandoff = () => {
-      document.getElementById(handoffId)?.remove();
+      const previous = document.getElementById(handoffId);
+      if (previous?.dataset.dragging === "true") return true;
+      const wasOpen = previous?.dataset.open === "true";
+      previous?.remove();
       document.getElementById(handoffPickerId)?.remove();
+      if (typeof cleanupHandoffPicker === "function") {
+        cleanupHandoffPicker();
+        cleanupHandoffPicker = null;
+      }
       if (!inCodexStatusEnabled || !handoffChipEnabled) {
         reportHandoff("disabled");
         return false;
@@ -10060,6 +10577,10 @@ function createBridgeApplyQolExpression(settings) {
         reportHandoff("overlay-hidden");
         return false;
       }
+      if (readOverlayStore(handoffHiddenKey) === "1") {
+        reportHandoff("handoff-hidden");
+        return false;
+      }
       // Codex desktop marks turns with data-turn-key / data-user-message-bubble;
       // the ChatGPT-style selectors are kept as a fallback.
       const inThread = Boolean(domActiveThreadId() || document.querySelector(
@@ -10076,22 +10597,28 @@ function createBridgeApplyQolExpression(settings) {
         reportHandoff("no-composer");
         return false;
       }
-      const composer = textbox.closest("form,[class*='composer'],[data-testid*='composer']") || textbox;
-      const rect = composer.getBoundingClientRect();
+      const rect = textbox.getBoundingClientRect();
       if (rect.width <= 0 || rect.height <= 0) {
         reportHandoff("composer-hidden");
         return false;
       }
-      const chipTop = Math.max(8, rect.top - 36);
-      const chipRight = Math.max(8, window.innerWidth - rect.right);
-      const chip = document.createElement("button");
-      chip.type = "button";
+      const chip = document.createElement("div");
       chip.id = handoffId;
       applyOverlayTheme(chip);
-      chip.textContent = "Continue there";
-      chip.title = "Continue this thread on another account";
-      chip.style.top = chipTop + "px";
-      chip.style.right = chipRight + "px";
+      chip.title = "Choose an account, then continue this thread there";
+      chip.dataset.open = wasOpen ? "true" : "false";
+      const chipMain = document.createElement("button");
+      chipMain.type = "button";
+      chipMain.className = "codexuse-handoff-main";
+      chipMain.textContent = "Continue in another account";
+      const chipHide = document.createElement("button");
+      chipHide.type = "button";
+      chipHide.className = "codexuse-handoff-hide";
+      chipHide.textContent = "x";
+      chipHide.title = "Hide Continue in another account";
+      chipHide.setAttribute("aria-label", "Hide Continue in another account");
+      chip.appendChild(chipMain);
+      chip.appendChild(chipHide);
       // Hand off needs BOTH a thread (this chip only shows in-thread) and a
       // target account. Clicking opens a picker of ready accounts; the chosen
       // account becomes the explicit continue target (the request also carries
@@ -10099,26 +10626,47 @@ function createBridgeApplyQolExpression(settings) {
       // the "continue" message is auto-sent there).
       const closePicker = () => {
         document.getElementById(handoffPickerId)?.remove();
+        if (typeof cleanupHandoffPicker === "function") {
+          cleanupHandoffPicker();
+          cleanupHandoffPicker = null;
+        }
         chip.dataset.open = "false";
       };
       const handOffTo = (target) => {
         closePicker();
-        chip.disabled = true;
-        chip.textContent = "Handing off\u2026";
+        chip.dataset.disabled = "true";
+        chipMain.textContent = "Continuing...";
         requestAction("continue", target);
       };
+      const placePicker = (picker) => {
+        const chipRect = chip.getBoundingClientRect();
+        const pickerRect = picker.getBoundingClientRect();
+        const width = pickerRect.width || Math.min(280, window.innerWidth - 24);
+        const height = pickerRect.height || 120;
+        const left = Math.min(
+          Math.max(8, chipRect.right - width),
+          Math.max(8, window.innerWidth - width - 8)
+        );
+        const below = chipRect.bottom + 6;
+        const above = chipRect.top - height - 6;
+        const top = below + height <= window.innerHeight - 8
+          ? below
+          : Math.max(8, above);
+        picker.style.left = left + "px";
+        picker.style.top = Math.min(top, Math.max(8, window.innerHeight - height - 8)) + "px";
+        picker.style.right = "auto";
+        picker.style.bottom = "auto";
+      };
       const openPicker = (skipRefresh = false) => {
         document.getElementById(handoffPickerId)?.remove();
+        if (typeof cleanupHandoffPicker === "function") {
+          cleanupHandoffPicker();
+          cleanupHandoffPicker = null;
+        }
         const picker = document.createElement("div");
         picker.id = handoffPickerId;
         picker.className = "codexuse-action-menu";
         applyOverlayTheme(picker);
-        picker.style.position = "fixed";
-        picker.style.right = chipRight + "px";
-        picker.style.bottom = Math.max(8, window.innerHeight - chipTop + 4) + "px";
-        picker.style.maxHeight = "240px";
-        picker.style.overflowY = "auto";
-        picker.style.zIndex = "2147483647";
         const list = document.createElement("div");
         list.className = "codexuse-target-list";
         if (switchable.length === 0) {
@@ -10131,7 +10679,7 @@ function createBridgeApplyQolExpression(settings) {
           const row = document.createElement("button");
           row.type = "button";
           row.className = "codexuse-target-row";
-          row.title = "Continue this thread on " + (target.label || "account");
+          row.title = "Continue this thread in " + (target.label || "account");
           const label = document.createElement("span");
           label.className = "codexuse-target-label";
           label.textContent = typeof target.label === "string" && target.label.trim() ? target.label.trim() : "Account";
@@ -10145,12 +10693,14 @@ function createBridgeApplyQolExpression(settings) {
           row.addEventListener("click", (event) => {
             event.preventDefault();
             event.stopPropagation();
+            event.stopImmediatePropagation?.();
             handOffTo(target);
           }, true);
           list.appendChild(row);
         });
         picker.appendChild(list);
         document.body.appendChild(picker);
+        placePicker(picker);
         chip.dataset.open = "true";
         // Rebuild the open picker once fresh targets arrive; skipRefresh stops
         // the rebuilt picker from requesting again in a loop.
@@ -10161,14 +10711,56 @@ function createBridgeApplyQolExpression(settings) {
         }
         const onDocPointer = (event) => {
           if (picker.contains(event.target) || chip.contains(event.target)) return;
-          document.removeEventListener("pointerdown", onDocPointer, true);
           closePicker();
         };
+        const onKeyDown = (event) => {
+          if (event.key === "Escape") closePicker();
+        };
         document.addEventListener("pointerdown", onDocPointer, true);
+        document.addEventListener("keydown", onKeyDown, true);
+        cleanupHandoffPicker = () => {
+          document.removeEventListener("pointerdown", onDocPointer, true);
+          document.removeEventListener("keydown", onKeyDown, true);
+        };
       };
-      chip.addEventListener("click", (event) => {
+      let dragMoved = false;
+      chip.addEventListener("pointerdown", (event) => {
+        if (event.button !== 0 || event.target?.closest?.(".codexuse-handoff-hide")) return;
+        event.stopPropagation();
+        event.stopImmediatePropagation?.();
+        const startX = event.clientX;
+        const startY = event.clientY;
+        const startRect = chip.getBoundingClientRect();
+        const offsetX = startX - startRect.left;
+        const offsetY = startY - startRect.top;
+        dragMoved = false;
+        const onMove = (moveEvent) => {
+          if (!dragMoved && Math.hypot(moveEvent.clientX - startX, moveEvent.clientY - startY) < 4) return;
+          dragMoved = true;
+          chip.dataset.dragging = "true";
+          closePicker();
+          placeOverlay(chip, moveEvent.clientX - offsetX, moveEvent.clientY - offsetY);
+        };
+        const onUp = () => {
+          window.removeEventListener("pointermove", onMove, true);
+          window.removeEventListener("pointerup", onUp, true);
+          if (chip.dataset.dragging === "true") {
+            delete chip.dataset.dragging;
+            const chipRect = chip.getBoundingClientRect();
+            writeOverlayStore(handoffPosKey, JSON.stringify({ x: chipRect.left, y: chipRect.top }));
+          }
+        };
+        window.addEventListener("pointermove", onMove, true);
+        window.addEventListener("pointerup", onUp, true);
+      }, true);
+      chipMain.addEventListener("click", (event) => {
         event.preventDefault();
         event.stopPropagation();
+        event.stopImmediatePropagation?.();
+        if (dragMoved || chip.dataset.disabled === "true") {
+          dragMoved = false;
+          return;
+        }
         // Always make the user pick the destination account explicitly \u2014 never
         // auto-hand-off to a server-chosen account (which could be out of quota).
         if (chip.dataset.open === "true") {
@@ -10177,7 +10769,38 @@ function createBridgeApplyQolExpression(settings) {
           openPicker();
         }
       }, true);
+      chipHide.addEventListener("click", (event) => {
+        event.preventDefault();
+        event.stopPropagation();
+        event.stopImmediatePropagation?.();
+        writeOverlayStore(handoffHiddenKey, "1");
+        closePicker();
+        renderHandoff();
+        renderStatus();
+      }, true);
       document.body.appendChild(chip);
+      const rawPos = readOverlayStore(handoffPosKey);
+      if (rawPos) {
+        try {
+          const pos = JSON.parse(rawPos);
+          if (typeof pos?.x === "number" && typeof pos?.y === "number") {
+            const next = clampOverlayXY(chip, pos.x, pos.y);
+            const chipRect = chip.getBoundingClientRect();
+            if (rectsOverlap(positionedRect(chipRect, next), rect, 6)) {
+              placeInitialHandoffPosition(chip, rect);
+            } else {
+              placeOverlay(chip, next.x, next.y);
+            }
+          } else {
+            placeInitialHandoffPosition(chip, rect);
+          }
+        } catch {
+          placeInitialHandoffPosition(chip, rect);
+        }
+      } else {
+        placeInitialHandoffPosition(chip, rect);
+      }
+      if (wasOpen) openPicker();
       reportHandoff("rendered");
       return true;
     };
@@ -10229,12 +10852,16 @@ function createBridgeApplyQolExpression(settings) {
         clearTimelineTargets();
         document.getElementById(statusId)?.remove();
         document.getElementById(handoffId)?.remove();
+        document.getElementById(handoffPickerId)?.remove();
+        if (typeof cleanupHandoffPicker === "function") cleanupHandoffPicker();
       };
     } else {
       document.querySelectorAll("." + timelineClass).forEach((node) => node.remove());
       clearTimelineTargets();
       document.getElementById(statusId)?.remove();
       document.getElementById(handoffId)?.remove();
+      document.getElementById(handoffPickerId)?.remove();
+      if (typeof cleanupHandoffPicker === "function") cleanupHandoffPicker();
     }
 
     state.wideViewEnabled = wideViewEnabled;
@@ -11529,7 +12156,8 @@ function normalizeOfficialCodexQolSettings2(value) {
     actionTargets,
     canonicalSyncLine: typeof value.canonicalSyncLine === "string" && value.canonicalSyncLine.trim() ? value.canonicalSyncLine.trim().slice(0, 40) : null,
     autoRollDecision: normalizeOverlayAutoRollDecision(value.autoRollDecision),
-    overlayAutoRollEnabled: typeof value.overlayAutoRollEnabled === "boolean" ? value.overlayAutoRollEnabled : null
+    overlayAutoRollEnabled: typeof value.overlayAutoRollEnabled === "boolean" ? value.overlayAutoRollEnabled : null,
+    overlayRunningThreadHandoffEnabled: typeof value.overlayRunningThreadHandoffEnabled === "boolean" ? value.overlayRunningThreadHandoffEnabled : null
   };
 }
 function hasActiveQolSettings(settings) {
@@ -12356,7 +12984,7 @@ function startOfficialCodexBridgeActionListener(args) {
       if (!action) {
         return;
       }
-      const settingKey = payload.settingKey === "autoRoll" || payload.settingKey === "wideView" || payload.settingKey === "scrollRestore" || payload.settingKey === "conversationTimeline" || payload.settingKey === "handoffChip" ? payload.settingKey : null;
+      const settingKey = payload.settingKey === "autoRoll" || payload.settingKey === "runningThreadHandoff" || payload.settingKey === "wideView" || payload.settingKey === "scrollRestore" || payload.settingKey === "conversationTimeline" || payload.settingKey === "handoffChip" ? payload.settingKey : null;
       const settingValue = typeof payload.settingValue === "boolean" ? payload.settingValue : null;
       if (action === "setting" && (!settingKey || settingValue === null)) {
         return;
@@ -12743,9 +13371,12 @@ function isMainProcessRow(row, candidate) {
 }
 function findAppServerPid(rows, mainPid) {
   return rows.find(
-    (row) => row.ppid === mainPid && row.args.includes("/Contents/Resources/codex app-server")
+    (row) => row.ppid === mainPid && isAppServerProcessRow(row)
   )?.pid ?? null;
 }
+function isAppServerProcessRow(row) {
+  return row.args.includes("/Contents/Resources/codex app-server");
+}
 async function processMatchesProfileHome(pid, profileHome) {
   const result = await runCommand2(
     "/bin/ps",
@@ -12759,7 +13390,7 @@ async function processMatchesProfileHome(pid, profileHome) {
 }
 async function findAppServerPidForProfile(rows, mainPid, profileHome) {
   const candidates = rows.filter(
-    (row) => row.ppid === mainPid && row.args.includes("/Contents/Resources/codex app-server")
+    (row) => row.ppid === mainPid && isAppServerProcessRow(row)
   );
   for (const row of candidates) {
     if (row.args.includes(profileHome) || await processMatchesProfileHome(row.pid, profileHome)) {
@@ -12768,6 +13399,19 @@ async function findAppServerPidForProfile(rows, mainPid, profileHome) {
   }
   return null;
 }
+async function resolveStoredAppServerPid(instance, rows) {
+  if (!instance.appServerPid) {
+    return null;
+  }
+  const row = rows.find((entry) => entry.pid === instance.appServerPid);
+  if (!row || !isAppServerProcessRow(row)) {
+    return null;
+  }
+  if (instance.profileHome && !row.args.includes(instance.profileHome) && !await processMatchesProfileHome(row.pid, instance.profileHome)) {
+    return null;
+  }
+  return row.pid;
+}
 function parseRemoteDebuggingPort(args) {
   const match = args.match(/--remote-debugging-port(?:=|\s+)(\d{2,5})\b/);
   const port = Number(match?.[1]);
@@ -12896,11 +13540,27 @@ async function readManagedInstance(profileName) {
 async function resolveInstanceRuntimeState(args) {
   const pid = args.instance.pid;
   if (!pid) {
-    return { running: false, appServerPid: null, startedAt: null };
+    const appServerPid2 = await resolveStoredAppServerPid(
+      args.instance,
+      args.rows
+    );
+    return {
+      running: appServerPid2 !== null,
+      appServerPid: appServerPid2,
+      startedAt: null
+    };
   }
   const mainRow = args.rows.find((row) => row.pid === pid);
   if (!mainRow || !isMainProcessRow(mainRow, args.candidate)) {
-    return { running: false, appServerPid: null, startedAt: null };
+    const appServerPid2 = await resolveStoredAppServerPid(
+      args.instance,
+      args.rows
+    );
+    return {
+      running: appServerPid2 !== null,
+      appServerPid: appServerPid2,
+      startedAt: null
+    };
   }
   const appServerPid = args.instance.profileHome ? await findAppServerPidForProfile(args.rows, pid, args.instance.profileHome) : findAppServerPid(args.rows, pid);
   if (args.instance.profileHome && appServerPid === null) {
@@ -13813,8 +14473,8 @@ function formatResetText(window) {
   if (durationText === "now") return "now";
   return `in ${durationText}`;
 }
-function formatWindowUsage(window) {
-  const label = formatWindowLabel(window.windowMinutes) ?? "window";
+function formatWindowUsage(window, labelOverride) {
+  const label = labelOverride ?? formatWindowLabel(window.windowMinutes) ?? "window";
   const usedPercent = typeof window.usedPercent === "number" && Number.isFinite(window.usedPercent) ? `${Math.round(Math.max(0, Math.min(100, window.usedPercent)))}%` : "n/a";
   const resetText = formatResetText(window);
   return {
@@ -13943,6 +14603,10 @@ async function resolveProfileUsage(manager, profile, codexPath) {
       const row = formatWindowUsage(snapshot.secondary);
       if (row) rows.push(row);
     }
+    for (const window of snapshot.extraWindows ?? []) {
+      const row = formatWindowUsage(window, window.label);
+      if (row) rows.push(row);
+    }
     const maxPercent = maxUsedPercent(snapshot);
     const summary = typeof maxPercent === "number" ? `${Math.round(maxPercent)}%` : "n/a";
     return { summary, rows: rows.length > 0 ? rows : null, usageSummary: summarizeRateLimitSnapshot(snapshot) };
@@ -14685,7 +15349,8 @@ async function handleProfileCommand(args, version) {
 }
 
 // ../../packages/contracts/src/cloud-sync/types.ts
-var CLOUD_SYNC_SCHEMA_VERSION = 1;
+var CLOUD_SYNC_PLAINTEXT_SCHEMA_VERSION = 1;
+var CLOUD_SYNC_ENCRYPTED_SCHEMA_VERSION = 2;
 
 // ../../packages/shared/src/core/type-guards.ts
 function isRecord6(value) {
@@ -14725,6 +15390,12 @@ function buildSyncUrl(pathname) {
   const normalizedPath = pathname.startsWith("/") ? pathname : `/${pathname}`;
   return `${baseUrl}${normalizedPath}`;
 }
+function normalizeSnapshotKind(value) {
+  if (value === "encrypted" || value === "legacy-plaintext") {
+    return value;
+  }
+  return "none";
+}
 function normalizeSnapshot(value) {
   if (!isRecord6(value)) {
     return null;
@@ -14734,7 +15405,37 @@ function normalizeSnapshot(value) {
     return null;
   }
   const schemaVersion = Number(value.schemaVersion);
-  if (!Number.isFinite(schemaVersion) || schemaVersion !== CLOUD_SYNC_SCHEMA_VERSION) {
+  if (schemaVersion === CLOUD_SYNC_ENCRYPTED_SCHEMA_VERSION) {
+    if (!isRecord6(value.encryption)) {
+      return null;
+    }
+    const encryption = value.encryption;
+    const params = isRecord6(encryption.kdfParams) ? encryption.kdfParams : null;
+    if (!params) {
+      return null;
+    }
+    const N = Number(params.N);
+    const r = Number(params.r);
+    const p = Number(params.p);
+    const keyLength = Number(params.keyLength);
+    if (encryption.cipher !== "aes-256-gcm" || encryption.kdf !== "scrypt" || !Number.isSafeInteger(N) || !Number.isSafeInteger(r) || !Number.isSafeInteger(p) || !Number.isSafeInteger(keyLength) || keyLength !== 32 || typeof encryption.salt !== "string" || typeof encryption.iv !== "string" || typeof encryption.tag !== "string" || typeof encryption.ciphertext !== "string") {
+      return null;
+    }
+    return {
+      schemaVersion: CLOUD_SYNC_ENCRYPTED_SCHEMA_VERSION,
+      updatedAt,
+      encryption: {
+        cipher: "aes-256-gcm",
+        kdf: "scrypt",
+        kdfParams: { N, r, p, keyLength },
+        salt: encryption.salt,
+        iv: encryption.iv,
+        tag: encryption.tag,
+        ciphertext: encryption.ciphertext
+      }
+    };
+  }
+  if (schemaVersion !== CLOUD_SYNC_PLAINTEXT_SCHEMA_VERSION) {
     return null;
   }
   const rawProfiles = Array.isArray(value.profiles) ? value.profiles : [];
@@ -14758,7 +15459,7 @@ function normalizeSnapshot(value) {
   const rawSettings = value.settingsJson;
   const settingsJson = isRecord6(rawSettings) ? rawSettings : null;
   return {
-    schemaVersion: CLOUD_SYNC_SCHEMA_VERSION,
+    schemaVersion: CLOUD_SYNC_PLAINTEXT_SCHEMA_VERSION,
     updatedAt,
     profiles,
     configTomlContent: typeof value.configTomlContent === "string" ? value.configTomlContent : null,
@@ -14810,7 +15511,12 @@ async function fetchRemoteSnapshotMeta(licenseKey) {
     "/v1/sync/snapshot/meta",
     licenseKey
   );
-  return toIsoOrNull(response.updatedAt);
+  const updatedAt = toIsoOrNull(response.updatedAt);
+  const snapshotKind = normalizeSnapshotKind(response.snapshotKind);
+  return {
+    updatedAt,
+    snapshotKind: updatedAt && response.snapshotKind === void 0 ? "legacy-plaintext" : snapshotKind
+  };
 }
 async function pushRemoteSnapshot(licenseKey, snapshot, options) {
   const serializedSnapshot = typeof options?.serializedSnapshot === "string" ? options.serializedSnapshot : JSON.stringify(snapshot);
@@ -14833,7 +15539,7 @@ async function pushRemoteSnapshot(licenseKey, snapshot, options) {
 }
 
 // ../../packages/runtime-codex/src/codex/config.ts
-var import_toml2 = __toESM(require_toml(), 1);
+var import_toml3 = __toESM(require_toml(), 1);
 
 // ../../packages/runtime-codex/src/codex/config-metadata.ts
 var import_node_child_process6 = require("child_process");
@@ -15472,7 +16178,7 @@ function formatUserFacingError(error, options = {}) {
 // ../../packages/runtime-codex/src/codex/config.ts
 function tryParseToml(content) {
   try {
-    const parsed = (0, import_toml2.parse)(content);
+    const parsed = (0, import_toml3.parse)(content);
     return { data: parsed ?? {}, error: null };
   } catch (error) {
     const maybe = error;
@@ -15791,6 +16497,170 @@ async function saveCodexConfigContent(content, options) {
   return buildSnapshot(normalized, true, options);
 }
 
+// ../../packages/runtime-profiles/src/cloud-sync/encryption.ts
+var import_node_child_process7 = require("child_process");
+var import_node_crypto6 = require("crypto");
+var KEYCHAIN_SERVICE = "CODEXUSE_CLOUD_SYNC_PASSPHRASE";
+var KEYCHAIN_ACCOUNT_PREFIX = "license-sha256:";
+var ENCRYPTION_AAD = Buffer.from("codexuse-cloud-sync-v2", "utf8");
+var SCRYPT_PARAMS = {
+  N: 32768,
+  r: 8,
+  p: 1,
+  keyLength: 32
+};
+function normalizePassphrase(value) {
+  if (typeof value !== "string" || value.length === 0) {
+    return null;
+  }
+  return value;
+}
+function requireCloudSyncPassphrase(value) {
+  const normalized = normalizePassphrase(value);
+  if (!normalized) {
+    throw new Error("Cloud Sync passphrase is required.");
+  }
+  return normalized;
+}
+async function deriveKey(passphrase, salt, params = SCRYPT_PARAMS) {
+  return new Promise((resolve, reject) => {
+    (0, import_node_crypto6.scrypt)(passphrase, salt, params.keyLength, {
+      N: params.N,
+      r: params.r,
+      p: params.p,
+      maxmem: 64 * 1024 * 1024
+    }, (error, key) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      resolve(Buffer.from(key));
+    });
+  });
+}
+function toBase64(value) {
+  return value.toString("base64");
+}
+function fromBase64(value) {
+  return Buffer.from(value, "base64");
+}
+function normalizeDecryptedSnapshot(value) {
+  if (!isRecord6(value) || Number(value.schemaVersion) !== CLOUD_SYNC_PLAINTEXT_SCHEMA_VERSION) {
+    throw new Error("Cloud Sync snapshot payload is invalid.");
+  }
+  const updatedAt = toIsoOrNull(value.updatedAt);
+  if (!updatedAt) {
+    throw new Error("Cloud Sync snapshot timestamp is invalid.");
+  }
+  return {
+    schemaVersion: CLOUD_SYNC_PLAINTEXT_SCHEMA_VERSION,
+    updatedAt,
+    profiles: Array.isArray(value.profiles) ? value.profiles : [],
+    configTomlContent: typeof value.configTomlContent === "string" ? value.configTomlContent : null,
+    settingsJson: isRecord6(value.settingsJson) ? value.settingsJson : null
+  };
+}
+async function encryptCloudSyncSnapshot(snapshot, passphrase) {
+  const salt = (0, import_node_crypto6.randomBytes)(16);
+  const iv = (0, import_node_crypto6.randomBytes)(12);
+  const key = await deriveKey(requireCloudSyncPassphrase(passphrase), salt);
+  const cipher = (0, import_node_crypto6.createCipheriv)("aes-256-gcm", key, iv);
+  cipher.setAAD(ENCRYPTION_AAD);
+  const plaintext = Buffer.from(JSON.stringify(snapshot), "utf8");
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  const encryption = {
+    cipher: "aes-256-gcm",
+    kdf: "scrypt",
+    kdfParams: SCRYPT_PARAMS,
+    salt: toBase64(salt),
+    iv: toBase64(iv),
+    tag: toBase64(tag),
+    ciphertext: toBase64(ciphertext)
+  };
+  return {
+    schemaVersion: CLOUD_SYNC_ENCRYPTED_SCHEMA_VERSION,
+    updatedAt: snapshot.updatedAt,
+    encryption
+  };
+}
+async function decryptCloudSyncSnapshot(snapshot, passphrase) {
+  try {
+    const salt = fromBase64(snapshot.encryption.salt);
+    const iv = fromBase64(snapshot.encryption.iv);
+    const tag = fromBase64(snapshot.encryption.tag);
+    const ciphertext = fromBase64(snapshot.encryption.ciphertext);
+    const key = await deriveKey(requireCloudSyncPassphrase(passphrase), salt, snapshot.encryption.kdfParams);
+    const decipher = (0, import_node_crypto6.createDecipheriv)("aes-256-gcm", key, iv);
+    decipher.setAAD(ENCRYPTION_AAD);
+    decipher.setAuthTag(tag);
+    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return normalizeDecryptedSnapshot(JSON.parse(plaintext.toString("utf8")));
+  } catch (error) {
+    if (error instanceof Error && error.message === "Cloud Sync passphrase is required.") {
+      throw error;
+    }
+    const wrapped = new Error("Cloud Sync passphrase is incorrect or snapshot is corrupted.");
+    wrapped.cause = error;
+    throw wrapped;
+  }
+}
+function keychainAccountForLicense(licenseKey) {
+  const digest = (0, import_node_crypto6.createHash)("sha256").update(licenseKey).digest("hex");
+  return KEYCHAIN_ACCOUNT_PREFIX + digest;
+}
+function runSecurityCommand(args) {
+  return new Promise((resolve, reject) => {
+    const child = (0, import_node_child_process7.spawn)("security", args, { stdio: ["ignore", "pipe", "ignore"] });
+    let stdout = "";
+    child.stdout?.on("data", (chunk) => {
+      stdout += String(chunk);
+    });
+    child.on("error", () => {
+      reject(new Error("keychain-command-failed"));
+    });
+    child.on("close", (code) => {
+      resolve({ code, stdout });
+    });
+  });
+}
+async function readRememberedCloudSyncPassphrase(licenseKey) {
+  if (process.platform !== "darwin") {
+    return null;
+  }
+  const result = await runSecurityCommand([
+    "find-generic-password",
+    "-a",
+    keychainAccountForLicense(licenseKey),
+    "-s",
+    KEYCHAIN_SERVICE,
+    "-w"
+  ]);
+  if (result.code !== 0) {
+    return null;
+  }
+  return result.stdout.length > 0 ? result.stdout.replace(/\n$/, "") : null;
+}
+async function writeRememberedCloudSyncPassphrase(licenseKey, passphrase) {
+  if (process.platform !== "darwin") {
+    throw new Error("keychain-unsupported");
+  }
+  const value = requireCloudSyncPassphrase(passphrase);
+  const result = await runSecurityCommand([
+    "add-generic-password",
+    "-U",
+    "-a",
+    keychainAccountForLicense(licenseKey),
+    "-s",
+    KEYCHAIN_SERVICE,
+    "-w",
+    value
+  ]);
+  if (result.code !== 0) {
+    throw new Error("keychain-write-failed");
+  }
+}
+
 // ../../packages/runtime-profiles/src/cloud-sync/service.ts
 var SYNC_SIZE_WARN_BYTES = 1 * 1024 * 1024;
 var SYNC_SIZE_MAX_BYTES = 5 * 1024 * 1024;
@@ -15843,7 +16713,8 @@ async function readState() {
     lastPushAt: state.sync.lastPushAt ?? void 0,
     lastPullAt: state.sync.lastPullAt ?? void 0,
     lastError: state.sync.lastError ?? void 0,
-    remoteUpdatedAt: state.sync.remoteUpdatedAt ?? void 0
+    remoteUpdatedAt: state.sync.remoteUpdatedAt ?? void 0,
+    remoteKind: state.sync.remoteKind ?? "none"
   };
 }
 async function writeState(patch) {
@@ -15852,7 +16723,8 @@ async function writeState(patch) {
       ...typeof patch.lastPushAt === "string" ? { lastPushAt: patch.lastPushAt } : {},
       ...typeof patch.lastPullAt === "string" ? { lastPullAt: patch.lastPullAt } : {},
       ...typeof patch.lastError === "string" ? { lastError: patch.lastError } : patch.lastError === void 0 ? { lastError: null } : {},
-      ...typeof patch.remoteUpdatedAt === "string" ? { remoteUpdatedAt: patch.remoteUpdatedAt } : {}
+      ...typeof patch.remoteUpdatedAt === "string" ? { remoteUpdatedAt: patch.remoteUpdatedAt } : patch.remoteUpdatedAt === void 0 ? {} : { remoteUpdatedAt: null },
+      ...patch.remoteKind ? { remoteKind: patch.remoteKind } : {}
     }
   });
 }
@@ -15905,7 +16777,7 @@ async function buildLocalSnapshot(profileManager, options = {}) {
     throw new Error("Refusing to push an empty cloud sync snapshot.");
   }
   const snapshot = {
-    schemaVersion: CLOUD_SYNC_SCHEMA_VERSION,
+    schemaVersion: CLOUD_SYNC_PLAINTEXT_SCHEMA_VERSION,
     updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
     profiles,
     configTomlContent: config.exists ? config.content : null,
@@ -15930,6 +16802,34 @@ async function applyRemoteSnapshot(profileManager, snapshot) {
     await writeCodexSettingsJsonRaw({});
   }
 }
+function getSnapshotKind(snapshot) {
+  if (!snapshot) {
+    return "none";
+  }
+  return snapshot.schemaVersion === CLOUD_SYNC_ENCRYPTED_SCHEMA_VERSION ? "encrypted" : "legacy-plaintext";
+}
+async function resolvePassphrase(licenseKey, options) {
+  if (typeof options?.passphrase === "string" && options.passphrase.length > 0) {
+    return { value: requireCloudSyncPassphrase(options.passphrase), source: "input" };
+  }
+  const remembered = await readRememberedCloudSyncPassphrase(licenseKey);
+  if (remembered) {
+    return { value: remembered, source: "keychain" };
+  }
+  throw new Error("Cloud Sync passphrase is required.");
+}
+async function rememberPassphraseIfRequested(licenseKey, options, passphrase) {
+  if (options?.rememberPassphrase !== true || passphrase.source !== "input") {
+    return;
+  }
+  try {
+    await writeRememberedCloudSyncPassphrase(licenseKey, passphrase.value);
+  } catch (error) {
+    logWarn("[cloud-sync] failed to remember passphrase in keychain", {
+      error: error instanceof Error ? error.message : String(error)
+    });
+  }
+}
 function toRunError(mode, error) {
   const message = formatUserFacingError(error, {
     fallback: `Cloud sync ${mode} failed.`
@@ -15946,14 +16846,23 @@ async function getCloudSyncStatus() {
   const eligibility = await resolveEligibility();
   const state = await readState();
   let remoteUpdatedAt = state.remoteUpdatedAt ?? null;
+  let remoteKind = state.remoteKind ?? "none";
+  let hasRememberedPassphrase = false;
   if (eligibility.canSync && eligibility.licenseKey) {
+    hasRememberedPassphrase = Boolean(
+      await readRememberedCloudSyncPassphrase(eligibility.licenseKey).catch(() => null)
+    );
     try {
-      remoteUpdatedAt = await fetchRemoteSnapshotMeta(eligibility.licenseKey);
+      const remoteMeta = await fetchRemoteSnapshotMeta(eligibility.licenseKey);
+      remoteUpdatedAt = remoteMeta.updatedAt;
+      remoteKind = remoteMeta.snapshotKind;
+      await writeState({ remoteUpdatedAt, remoteKind });
     } catch (error) {
       if (error instanceof CloudSyncClientError && error.status === 404) {
         try {
           const remote = await fetchRemoteSnapshot(eligibility.licenseKey);
           remoteUpdatedAt = remote?.updatedAt ?? null;
+          remoteKind = getSnapshotKind(remote);
         } catch {
         }
       }
@@ -15964,13 +16873,15 @@ async function getCloudSyncStatus() {
     reason: eligibility.reason,
     licenseState: eligibility.licenseState,
     hasLicenseKey: Boolean(eligibility.licenseKey),
+    hasRememberedPassphrase,
     lastPushAt: state.lastPushAt ?? null,
     lastPullAt: state.lastPullAt ?? null,
     lastError: state.lastError ?? null,
-    remoteUpdatedAt
+    remoteUpdatedAt,
+    remoteKind
   };
 }
-async function pushCloudSync() {
+async function pushCloudSync(options = {}) {
   const eligibility = await resolveEligibility();
   if (!eligibility.canSync || !eligibility.licenseKey) {
     return {
@@ -15985,7 +16896,9 @@ async function pushCloudSync() {
   try {
     await profileManager.initialize();
     const localSnapshot = await buildLocalSnapshot(profileManager, { enforcePushGuards: true });
-    const serializedSnapshot = JSON.stringify(localSnapshot);
+    const passphrase = await resolvePassphrase(eligibility.licenseKey, options);
+    const encryptedSnapshot = await encryptCloudSyncSnapshot(localSnapshot, passphrase.value);
+    const serializedSnapshot = JSON.stringify(encryptedSnapshot);
     const snapshotBytes = Buffer.byteLength(serializedSnapshot, "utf8");
     if (snapshotBytes > SYNC_SIZE_WARN_BYTES) {
       logWarn("[cloud-sync] push snapshot is large", {
@@ -16001,12 +16914,14 @@ async function pushCloudSync() {
     if (process.env.NODE_ENV !== "production") {
       logInfo("[cloud-sync] push snapshot summary", summarizeSnapshot(localSnapshot));
     }
-    const remote = await pushRemoteSnapshot(eligibility.licenseKey, localSnapshot, {
+    const remote = await pushRemoteSnapshot(eligibility.licenseKey, encryptedSnapshot, {
       serializedSnapshot
     });
+    const remoteKind = getSnapshotKind(remote.snapshot);
     await writeState({
       lastPushAt: (/* @__PURE__ */ new Date()).toISOString(),
       remoteUpdatedAt: remote.snapshot.updatedAt,
+      remoteKind,
       lastError: void 0
     });
     if (remote.status === "stale") {
@@ -16018,6 +16933,7 @@ async function pushCloudSync() {
         remoteUpdatedAt: remote.snapshot.updatedAt
       };
     }
+    await rememberPassphraseIfRequested(eligibility.licenseKey, options, passphrase);
     return {
       mode: "push",
       status: "applied",
@@ -16032,7 +16948,7 @@ async function pushCloudSync() {
     return result;
   }
 }
-async function pullCloudSync() {
+async function pullCloudSync(options = {}) {
   const eligibility = await resolveEligibility();
   if (!eligibility.canSync || !eligibility.licenseKey) {
     return {
@@ -16048,6 +16964,7 @@ async function pullCloudSync() {
     await profileManager.initialize();
     const remote = await fetchRemoteSnapshot(eligibility.licenseKey);
     if (!remote) {
+      await writeState({ remoteUpdatedAt: null, remoteKind: "none" });
       return {
         mode: "pull",
         status: "skipped",
@@ -16056,17 +16973,30 @@ async function pullCloudSync() {
         remoteUpdatedAt: null
       };
     }
-    await applyRemoteSnapshot(profileManager, remote);
+    const remoteKind = getSnapshotKind(remote);
+    let passphrase = null;
+    let plainSnapshot;
+    if (remote.schemaVersion === CLOUD_SYNC_ENCRYPTED_SCHEMA_VERSION) {
+      passphrase = await resolvePassphrase(eligibility.licenseKey, options);
+      plainSnapshot = await decryptCloudSyncSnapshot(remote, passphrase.value);
+    } else {
+      plainSnapshot = remote;
+    }
+    await applyRemoteSnapshot(profileManager, plainSnapshot);
     await writeState({
       lastPullAt: (/* @__PURE__ */ new Date()).toISOString(),
       remoteUpdatedAt: remote.updatedAt,
+      remoteKind,
       lastError: void 0
     });
+    if (passphrase) {
+      await rememberPassphraseIfRequested(eligibility.licenseKey, options, passphrase);
+    }
     return {
       mode: "pull",
       status: "applied",
-      message: "Cloud sync pull completed.",
-      localUpdatedAt: remote.updatedAt,
+      message: remoteKind === "legacy-plaintext" ? "Legacy cloud sync pull completed. Push again to encrypt the remote snapshot." : "Cloud sync pull completed.",
+      localUpdatedAt: plainSnapshot.updatedAt,
       remoteUpdatedAt: remote.updatedAt
     };
   } catch (error) {
@@ -16078,6 +17008,20 @@ async function pullCloudSync() {
 }
 
 // src/commands/sync.ts
+async function readPassphraseFromStdin() {
+  let value = "";
+  for await (const chunk of process.stdin) {
+    value += String(chunk);
+  }
+  return value.replace(/\r?\n$/, "");
+}
+async function resolvePassphraseOptions(flags) {
+  if (hasFlag(flags, "--passphrase-stdin")) {
+    return { passphrase: await readPassphraseFromStdin() };
+  }
+  const fromEnv = process.env.CODEXUSE_SYNC_PASSPHRASE;
+  return { passphrase: typeof fromEnv === "string" && fromEnv.length > 0 ? fromEnv : null };
+}
 function printSyncResult(result) {
   console.log(result.message);
   if (result.localUpdatedAt) {
@@ -16109,6 +17053,8 @@ async function handleSync(args, version) {
       if (status.remoteUpdatedAt) {
         console.log(`Remote snapshot: ${status.remoteUpdatedAt}`);
       }
+      console.log(`Remote kind: ${status.remoteKind}`);
+      console.log(`Remembered passphrase: ${status.hasRememberedPassphrase ? "yes" : "no"}`);
       if (status.lastPushAt) {
         console.log(`Last push: ${status.lastPushAt}`);
       }
@@ -16121,7 +17067,7 @@ async function handleSync(args, version) {
       return;
     }
     case "pull": {
-      const result = await pullCloudSync();
+      const result = await pullCloudSync(await resolvePassphraseOptions(flags));
       printSyncResult(result);
       if (result.status === "error") {
         process.exitCode = 1;
@@ -16129,7 +17075,7 @@ async function handleSync(args, version) {
       return;
     }
     case "push": {
-      const result = await pushCloudSync();
+      const result = await pushCloudSync(await resolvePassphraseOptions(flags));
       printSyncResult(result);
       if (result.status === "error") {
         process.exitCode = 1;
@@ -16157,7 +17103,7 @@ async function ensureCliStorageReady() {
 }
 
 // src/app/main.ts
-var VERSION = true ? "5.0.5" : "0.0.0";
+var VERSION = true ? "5.0.7" : "0.0.0";
 async function runCli() {
   const args = process.argv.slice(2);
   if (args.length === 0) {