izteamslots 1.7.0 → 1.7.1

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [1.7.1](https://github.com/izzzzzi/izTeamSlots/compare/v1.7.0...v1.7.1) (2026-04-13)
+
+
+### Bug Fixes
+
+* **codex-switcher:** eliminate redundant _load_accounts calls in pick_first_ready ([1024e95](https://github.com/izzzzzi/izTeamSlots/commit/1024e9582137aeaaea43484c94002455160ed37d))
+* deduplicate _decode_jwt_payload — single canonical implementation in codex_switcher ([5e579fe](https://github.com/izzzzzi/izTeamSlots/commit/5e579fe44caccf381d47d43484c56b4242589f87))
+* **jobs:** move thread assignment inside lock to prevent race condition ([40a3be2](https://github.com/izzzzzi/izTeamSlots/commit/40a3be2ce0937ae6eeef72c508c820d5de2d1029))
+* **logger:** use UTC timestamps consistent with rest of codebase ([302dfa1](https://github.com/izzzzzi/izTeamSlots/commit/302dfa1c2c5348fcab11c5606c5eb916ff0b5d26))
+* remove redundant Mailbox creation in relogin_worker_email ([883af9b](https://github.com/izzzzzi/izTeamSlots/commit/883af9bd7650c887056885514329b38d6bd5acab))
+* **security:** set chmod 0600 on meta.json and index.json files ([08c27af](https://github.com/izzzzzi/izTeamSlots/commit/08c27af9b330fae9f9a6316fd0fc7c6d38813506))
+* **security:** strengthen API key masking — show at most 4 chars for long keys ([545ac15](https://github.com/izzzzzi/izTeamSlots/commit/545ac15c4505fa94aff59ef5f1ede2b11a8819c2))
+* **workspace-api:** add pagination to get_members and get_pending_invites ([48229d2](https://github.com/izzzzzi/izTeamSlots/commit/48229d209a20593be9693df18f504dba9ee18ddc))
+
 # [1.7.0](https://github.com/izzzzzi/izTeamSlots/compare/v1.6.1...v1.7.0) (2026-03-07)
 
 

package/README.md

@@ -38,6 +38,7 @@ izteamslots
 - Сохранение `codex-<email>-Team.json`.
 - Логи, локальные browser profiles и doctor-проверка.
 - Синхронизация workspace с локальными слотами.
+- Свитч Codex-аккаунтов: мониторинг usage, авто-ротация auth.json при достижении лимита.
 
 ## Ограничения
 
@@ -83,6 +84,22 @@ echo "BOOMLIFY_API_KEY=your_api_key" > "$env:USERPROFILE\.izteamslots\.env"
 | `BOOMLIFY_TIME` | `permanent` | Время жизни ящика |
 | `SLOT_MAIL_PROVIDER` | `boomlify` | Провайдер почты для слотов |
 | `MAIL_PROVIDER` | `trickads` | Провайдер почты для админов |
+| `CODEX_SWITCHER_ENABLED` | `false` | Включить автосвитч Codex-аккаунтов |
+| `CODEX_SWITCHER_INTERVAL_MINUTES` | `15` | Интервал фоновой проверки usage (минуты) |
+
+## Свитч Codex-аккаунтов
+
+Встроенный механизм ротации Codex-аккаунтов. Все codex-файлы из пула (`<DATA_ROOT>/codex`) отображаются в разделе **Свитч аккаунтов** главного меню.
+
+Что доступно:
+- **Таблица аккаунтов** — active-статус, primary usage %, reset time, состояние токена.
+- **Ручное обновление** — запросить usage по всем аккаунтам.
+- **Ручное переключение** — выбрать аккаунт и записать его в `auth.json`.
+- **Первый готовый** — автоматически выбрать первый аккаунт без near-limit.
+- **Автосвитч** — фоновый шедулер проверяет usage и переключает `auth.json`, если `primary_used_percent >= 90%`. Включается через настройку `CODEX_SWITCHER_ENABLED`.
+- **Авто-рефреш токенов** — если access token истекает, обновляется через OAuth.
+
+Путь к `auth.json` определяется через `CODEX_HOME` или `~/.codex/auth.json`.
 
 ## Почтовые провайдеры
 

package/backend/account_store.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import json
+import os
 import shutil
 import threading
 import uuid
@@ -77,6 +78,8 @@ class AccountStore:
         tmp = path.with_suffix(".tmp")
         tmp.write_text(json.dumps(data, indent=2, ensure_ascii=False), encoding="utf-8")
         tmp.replace(path)
+        if os.name != "nt":
+            os.chmod(path, 0o600)
 
     # --- Admin CRUD ---
 

package/backend/chatgpt_workspace_api.py

@@ -91,20 +91,42 @@ class ChatGPTWorkspaceAPI:
         )
 
     def get_pending_invites(self) -> list[dict]:
-        """Получить список ожидающих инвайтов."""
-        data = self._request(
-            "GET",
-            f"/backend-api/accounts/{self.account_id}/invites?offset=0&limit=100",
+        """Получить список ожидающих инвайтов (с пагинацией)."""
+        return self._paginate(
+            f"/backend-api/accounts/{self.account_id}/invites",
+            items_key="invites",
         )
-        return data.get("invites", [])
 
     def get_members(self) -> list[dict]:
-        """Получить список участников workspace."""
-        data = self._request(
-            "GET",
-            f"/backend-api/accounts/{self.account_id}/users?offset=0&limit=100",
+        """Получить список участников workspace (с пагинацией)."""
+        return self._paginate(
+            f"/backend-api/accounts/{self.account_id}/users",
+            items_key="items",
+            fallback_key="users",
         )
-        return data.get("items", data.get("users", []))
+
+    def _paginate(
+        self,
+        path: str,
+        items_key: str,
+        fallback_key: str | None = None,
+        page_size: int = 100,
+        max_pages: int = 20,
+    ) -> list[dict]:
+        """Fetch all pages from a paginated endpoint."""
+        all_items: list[dict] = []
+        for page_num in range(max_pages):
+            offset = page_num * page_size
+            data = self._request("GET", f"{path}?offset={offset}&limit={page_size}")
+            items = data.get(items_key) or (data.get(fallback_key, []) if fallback_key else [])
+            all_items.extend(items)
+            if not data.get("has_more") and len(items) >= page_size:
+                continue
+            if len(items) < page_size:
+                break
+            if data.get("has_more") is False:
+                break
+        return all_items
 
     def delete_member(self, user_id: str) -> dict:
         """Удалить участника из workspace по user_id."""

package/backend/codex_switcher.py

@@ -45,7 +45,7 @@ def _parse_int(value: str | None, default: int) -> int:
     return parsed if parsed > 0 else default
 
 
-def _decode_jwt_payload(token: str) -> dict[str, Any]:
+def decode_jwt_payload(token: str) -> dict[str, Any]:
     if not token or "." not in token:
         return {}
     parts = token.split(".")
@@ -66,7 +66,7 @@ def _decode_jwt_payload(token: str) -> dict[str, Any]:
 
 
 def _parse_jwt_exp(token: str) -> datetime | None:
-    payload = _decode_jwt_payload(token)
+    payload = decode_jwt_payload(token)
     exp = payload.get("exp")
     if not isinstance(exp, (int, float)):
         return None
@@ -74,7 +74,7 @@ def _parse_jwt_exp(token: str) -> datetime | None:
 
 
 def _parse_id_token_claims(token: str) -> tuple[str | None, str | None]:
-    payload = _decode_jwt_payload(token)
+    payload = decode_jwt_payload(token)
     email = payload.get("email") if isinstance(payload.get("email"), str) else None
     auth_claims = payload.get("https://api.openai.com/auth")
     account_id = None
@@ -210,8 +210,7 @@ class CodexSwitcherService:
             if not target:
                 return {"active_email": active, "switched": False}
             self._activate_account(target)
-            rows = self._compose_rows(self._load_accounts())
-            active = self._detect_active_account(self._load_accounts())
+            active = self._detect_active_account(accounts)
             for row in rows:
                 row["is_active"] = row["email"] == active
             self._status["active_email"] = active

package/backend/file_logger.py

@@ -3,7 +3,7 @@ from __future__ import annotations
 import json
 import threading
 from dataclasses import dataclass
-from datetime import datetime
+from datetime import UTC, datetime
 from pathlib import Path
 from typing import Any
 
@@ -11,7 +11,7 @@ from . import DATA_ROOT
 
 
 def _timestamp() -> str:
-    return datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+    return datetime.now(UTC).strftime("%Y-%m-%d %H:%M:%SZ")
 
 
 def _safe_title(value: str) -> str:
@@ -46,7 +46,7 @@ class FileLogger:
         self._append(self.app_log, lines)
 
     def create_job_logger(self, job_id: str, title: str) -> "JobFileLogger":
-        stamp = datetime.now().strftime("%Y%m%d-%H%M%S")
+        stamp = datetime.now(UTC).strftime("%Y%m%d-%H%M%S")
         filename = f"{stamp}-{job_id[:8]}-{_safe_title(title)}.log"
         path = self.jobs_dir / filename
         rel_path = path.relative_to(DATA_ROOT).as_posix()

package/backend/jobs.py

@@ -57,36 +57,36 @@ class JobManager:
             if self.busy:
                 raise RuntimeError(f"Задача уже выполняется: {self._active_job_id}")
 
-        job_id = uuid.uuid4().hex
-        job_logger = self._file_logger.create_job_logger(job_id, title)
-        self._emit("job.started", {"job_id": job_id, "title": title, "log_path": job_logger.rel_path})
+            job_id = uuid.uuid4().hex
+            job_logger = self._file_logger.create_job_logger(job_id, title)
+            self._emit("job.started", {"job_id": job_id, "title": title, "log_path": job_logger.rel_path})
 
-        def runner() -> None:
-            ctx = JobContext(job_id=job_id, _emit=self._emit, _logger=job_logger)
-            try:
-                result = handler(ctx)
-                job_logger.done(result)
-                self._emit("job.done", {"job_id": job_id, "result": result, "log_path": job_logger.rel_path})
-            except Exception as e:
-                message = str(e)
-                if len(message) > 1200:
-                    message = message[:1200] + "…"
-                tb = traceback.format_exc()
-                job_logger.error(message, traceback_text=tb)
-                self._emit(
-                    "job.error",
-                    {
-                        "job_id": job_id,
-                        "error": message,
-                        "log_path": job_logger.rel_path,
-                    },
-                )
+            def runner() -> None:
+                ctx = JobContext(job_id=job_id, _emit=self._emit, _logger=job_logger)
+                try:
+                    result = handler(ctx)
+                    job_logger.done(result)
+                    self._emit("job.done", {"job_id": job_id, "result": result, "log_path": job_logger.rel_path})
+                except Exception as e:
+                    message = str(e)
+                    if len(message) > 1200:
+                        message = message[:1200] + "…"
+                    tb = traceback.format_exc()
+                    job_logger.error(message, traceback_text=tb)
+                    self._emit(
+                        "job.error",
+                        {
+                            "job_id": job_id,
+                            "error": message,
+                            "log_path": job_logger.rel_path,
+                        },
+                    )
 
-        thread = threading.Thread(target=runner, daemon=True)
-        thread.start()
-        self._active_thread = thread
-        self._active_job_id = job_id
-        return job_id
+            thread = threading.Thread(target=runner, daemon=True)
+            thread.start()
+            self._active_thread = thread
+            self._active_job_id = job_id
+            return job_id
 
     def wait_all(self, timeout: float = 30) -> None:
         """Wait for the active job to finish."""

package/backend/openai_web_auth.py

@@ -25,6 +25,7 @@ from selenium.webdriver.support.ui import WebDriverWait
 from seleniumbase import Driver as create_driver
 
 from . import PROJECT_ROOT as _PROJECT_ROOT
+from .codex_switcher import CLIENT_ID, decode_jwt_payload
 from .mail import Mailbox, MailError, MailProvider
 
 LOGIN_URL = "https://chatgpt.com/auth/login_with"
@@ -706,18 +707,6 @@ def wait_for_browser_close(context: BrowserContext, log: Callable[[str], Any] |
     _log("Браузер закрыт")
 
 
-def _decode_jwt_payload(token: str) -> dict | None:
-    try:
-        parts = token.split(".")
-        if len(parts) < 2:
-            return None
-        payload = parts[1]
-        payload += "=" * (4 - len(payload) % 4)
-        decoded = base64.urlsafe_b64decode(payload)
-        return json.loads(decoded)
-    except Exception:
-        return None
-
 
 def _activate_best_tab(driver: Any, preferred_url_parts: list[str] | None = None) -> None:
     preferred = [part for part in (preferred_url_parts or []) if part]
@@ -834,7 +823,7 @@ def _prepare_oauth_authorize_url() -> tuple[str, HTTPServer, dict[str, str | Non
 
     server, redirect_uri, holder = _start_callback_server(state)
     params = urllib.parse.urlencode({
-        "client_id": "app_EMoamEEZ73f0CkXaXp7hrann",
+        "client_id": CLIENT_ID,
         "response_type": "code",
         "redirect_uri": redirect_uri,
         "scope": "openid email profile offline_access",
@@ -852,7 +841,7 @@ def _prepare_oauth_authorize_url() -> tuple[str, HTTPServer, dict[str, str | Non
 def _exchange_oauth_code(auth_code: str, redirect_uri: str, code_verifier: str) -> dict[str, Any]:
     token_data = {
         "grant_type": "authorization_code",
-        "client_id": "app_EMoamEEZ73f0CkXaXp7hrann",
+        "client_id": CLIENT_ID,
         "code": auth_code,
         "redirect_uri": redirect_uri,
         "code_verifier": code_verifier,
@@ -878,7 +867,7 @@ def _exchange_oauth_code(auth_code: str, redirect_uri: str, code_verifier: str)
         "refresh_token": refresh_token,
     }
 
-    jwt_data = _decode_jwt_payload(id_token or access_token)
+    jwt_data = decode_jwt_payload(id_token or access_token)
     if jwt_data:
         auth_info = jwt_data.get("https://api.openai.com/auth", {})
         session_result["account_id"] = auth_info.get("chatgpt_account_id")

package/backend/rpc_server.py

@@ -80,7 +80,9 @@ class RPCServer:
         if not value:
             return ""
         if "KEY" in key:
-            return value[:4] + "***" + value[-4:] if len(value) > 12 else "***"
+            if len(value) <= 16:
+                return "***"
+            return value[:2] + "***" + value[-2:]
         return value
 
     def _set_setting(self, key: str, value: str) -> None:

package/backend/slot_orchestrator.py

@@ -95,6 +95,10 @@ class SlotManager:
                 pass
             self._admin_page = None
 
+    def close_admin_page(self) -> None:
+        """Закрыть браузер админа (публичный интерфейс)."""
+        self._close_admin_page()
+
     def _get_api(self, page: Page) -> ChatGPTWorkspaceAPI:
         """Создать ChatGPTWorkspaceAPI с привязкой к странице браузера."""
         if not self.account_id or not self.access_token:

package/backend/ui_facade.py

@@ -277,7 +277,7 @@ class UIFacade:
                     log("Слот создан без OAuth-токена — нужен перелогин")
             except Exception as e:
                 log(f"Ошибка: {e}")
-        manager._close_admin_page()
+        manager.close_admin_page()
         log(f"Готово: {ok}/{count} слотов")
         self.sync_codex_files()
         return {"ok": ok, "total": count}
@@ -291,9 +291,9 @@ class UIFacade:
             log(f"{email} — нет openai_password")
             return False
 
-        mail = create_provider_for_mailbox(Mailbox(email=worker.email, password=worker.password))
+        mailbox = Mailbox(email=worker.email, password=worker.password)
+        mail = create_provider_for_mailbox(mailbox)
         try:
-            mailbox = Mailbox(email=worker.email, password=worker.password)
             profile_dir = self.store.get_worker_profile_dir(worker)
 
             page, session = oauth_login(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "izteamslots",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "description": "ChatGPT Team slot management — automated invite, register, OAuth login & codex token pipeline",
   "bin": {
     "izteamslots": "bin/izteamslots.mjs"

package/requirements.txt

@@ -1,3 +1,3 @@
-python-dotenv~=1.0
+python-dotenv~=1.2
 requests~=2.31
-seleniumbase~=4.32
+seleniumbase~=4.47

package/tests/test_account_store.py

@@ -1,6 +1,8 @@
 from __future__ import annotations
 
 import json
+import os
+import stat
 import tempfile
 import unittest
 from pathlib import Path
@@ -84,3 +86,27 @@ class TestAccountStore(unittest.TestCase):
         self.assertEqual(rebuilt["email"], "slot@example.com")
         self.assertEqual(rebuilt["status"], "created")
         self.assertTrue(any("meta.json отсутствовал" in fix for fix in fixes))
+
+
+class TestAccountStorePermissions(unittest.TestCase):
+    def setUp(self) -> None:
+        self.temp_dir = tempfile.TemporaryDirectory()
+        self.base_dir = Path(self.temp_dir.name) / "accounts"
+        self.store = AccountStore(self.base_dir)
+
+    def tearDown(self) -> None:
+        self.temp_dir.cleanup()
+
+    @unittest.skipIf(os.name == "nt", "chmod not meaningful on Windows")
+    def test_meta_json_has_restrictive_permissions(self) -> None:
+        admin = self.store.add_admin("admin@example.com", "secret-password")
+        meta_path = self.store.admin_dir / admin.id / "meta.json"
+        mode = stat.S_IMODE(meta_path.stat().st_mode)
+        self.assertEqual(mode, 0o600, f"Expected 0600, got {oct(mode)}")
+
+    @unittest.skipIf(os.name == "nt", "chmod not meaningful on Windows")
+    def test_index_json_has_restrictive_permissions(self) -> None:
+        self.store.add_admin("admin@example.com", "pw")
+        index_path = self.store.admin_dir / "index.json"
+        mode = stat.S_IMODE(index_path.stat().st_mode)
+        self.assertEqual(mode, 0o600, f"Expected 0600, got {oct(mode)}")

package/tests/test_codex_switcher.py

@@ -375,6 +375,43 @@ class CodexSwitcherServiceTests(unittest.TestCase):
         codex_data = json.loads((self.codex_dir / "codex-retry.json").read_text(encoding="utf-8"))
         self.assertEqual(codex_data["access_token"], new_access)
 
+    def test_pick_first_ready_returns_consistent_state_after_switch(self) -> None:
+        """After switching, returned active_email must match the auth.json on disk."""
+        token_a = make_jwt({"exp": 4102444800})
+        token_b = make_jwt({"exp": 4102444800})
+        write_codex(self.codex_dir / "codex-a.json", "a@example.com", "acc-a", token_a, "rt-a")
+        write_codex(self.codex_dir / "codex-b.json", "b@example.com", "acc-b", token_b, "rt-b")
+        write_auth(self.auth_path, "acc-a", token_a, "a@example.com")
+
+        usage = {
+            "acc-a": {"plan_type": "team", "rate_limit": {
+                "primary_window": {"used_percent": 10, "reset_at": "2026-03-07T05:00:00Z"},
+                "secondary_window": {"used_percent": 5, "reset_at": "2026-03-08T05:00:00Z"},
+            }},
+            "acc-b": {"plan_type": "team", "rate_limit": {
+                "primary_window": {"used_percent": 20, "reset_at": "2026-03-07T05:00:00Z"},
+                "secondary_window": {"used_percent": 5, "reset_at": "2026-03-08T05:00:00Z"},
+            }},
+        }
+        service = CodexSwitcherService(
+            codex_dir=self.codex_dir,
+            auth_path=self.auth_path,
+            session_factory=lambda: FakeSession(usage),
+        )
+
+        result = service.pick_first_ready()
+
+        self.assertTrue(result["switched"])
+        auth_data = json.loads(self.auth_path.read_text(encoding="utf-8"))
+        auth_account_id = auth_data["tokens"]["account_id"]
+        for path in self.codex_dir.glob("codex-*.json"):
+            codex = json.loads(path.read_text(encoding="utf-8"))
+            if codex.get("account_id") == auth_account_id:
+                self.assertEqual(result["active_email"], codex["email"])
+                break
+        else:
+            self.fail(f"No codex file found with account_id={auth_account_id}")
+
     def test_no_switch_when_active_below_threshold(self) -> None:
         token_a = make_jwt({"exp": 4102444800})
         token_b = make_jwt({"exp": 4102444800})
@@ -405,5 +442,34 @@ class CodexSwitcherServiceTests(unittest.TestCase):
         self.assertEqual(auth_data["tokens"]["account_id"], "acc-a")
 
 
+class TestDecodeJwtPayload(unittest.TestCase):
+    def test_valid_jwt_returns_payload(self) -> None:
+        from backend.codex_switcher import decode_jwt_payload
+
+        token = make_jwt({"sub": "user123", "exp": 4102444800})
+        result = decode_jwt_payload(token)
+        self.assertEqual(result["sub"], "user123")
+
+    def test_empty_string_returns_empty_dict(self) -> None:
+        from backend.codex_switcher import decode_jwt_payload
+
+        self.assertEqual(decode_jwt_payload(""), {})
+
+    def test_malformed_token_returns_empty_dict(self) -> None:
+        from backend.codex_switcher import decode_jwt_payload
+
+        self.assertEqual(decode_jwt_payload("not.a.jwt"), {})
+        self.assertEqual(decode_jwt_payload("only-one-part"), {})
+
+    def test_non_dict_payload_returns_empty_dict(self) -> None:
+        from backend.codex_switcher import decode_jwt_payload
+
+        array_payload = base64.urlsafe_b64encode(b'[1,2,3]').decode().rstrip("=")
+        header = base64.urlsafe_b64encode(b'{"alg":"none"}').decode().rstrip("=")
+        sig = base64.urlsafe_b64encode(b'sig').decode().rstrip("=")
+        token = f"{header}.{array_payload}.{sig}"
+        self.assertEqual(decode_jwt_payload(token), {})
+
+
 if __name__ == "__main__":
     unittest.main()

package/tests/test_jobs.py

@@ -74,3 +74,35 @@ class TestJobManager(unittest.TestCase):
         finally:
             release.set()
             manager.wait_all()
+
+    def test_start_is_thread_safe_under_contention(self) -> None:
+        """Ensure only one job starts even with concurrent start() calls."""
+        manager = JobManager(self.emit, file_logger=self.logger)
+        barrier = threading.Barrier(10)
+        release = threading.Event()
+        results: list[str | None] = [None] * 10
+        errors: list[str | None] = [None] * 10
+
+        def handler(_ctx):
+            release.wait(timeout=5)
+
+        def try_start(index: int) -> None:
+            barrier.wait()
+            try:
+                job_id = manager.start(f"job-{index}", handler)
+                results[index] = job_id
+            except RuntimeError as e:
+                errors[index] = str(e)
+
+        threads = [threading.Thread(target=try_start, args=(i,)) for i in range(10)]
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join(timeout=5)
+        release.set()
+        manager.wait_all()
+
+        started = [r for r in results if r is not None]
+        failed = [e for e in errors if e is not None]
+        self.assertEqual(len(started), 1, f"Expected exactly 1 job to start, got {len(started)}")
+        self.assertEqual(len(failed), 9, f"Expected 9 rejections, got {len(failed)}")

package/tests/test_rpc_protocol.py

@@ -3,6 +3,7 @@ from __future__ import annotations
 import unittest
 
 from backend.rpc_protocol import RPCError, make_error_response, make_event, make_success_response, parse_request
+from backend.rpc_server import RPCServer
 
 
 class TestRPCProtocol(unittest.TestCase):
@@ -31,3 +32,25 @@ class TestRPCProtocol(unittest.TestCase):
         self.assertEqual(make_success_response("1", {"ok": True})["ok"], True)
         self.assertEqual(make_error_response("1", err)["error"]["message"], "boom")
         self.assertEqual(make_event("job.done", {"id": "1"})["type"], "event")
+
+
+class TestMaskSettingValue(unittest.TestCase):
+    def test_empty_value_returns_empty(self) -> None:
+        self.assertEqual(RPCServer._mask_setting_value("BOOMLIFY_API_KEY", ""), "")
+
+    def test_short_key_fully_masked(self) -> None:
+        self.assertEqual(RPCServer._mask_setting_value("BOOMLIFY_API_KEY", "abc123"), "***")
+
+    def test_long_key_shows_only_first_and_last_two(self) -> None:
+        key = "sk-abcdefghijklmnop"  # 18 chars
+        masked = RPCServer._mask_setting_value("BOOMLIFY_API_KEY", key)
+        self.assertEqual(masked, "sk***op")
+        self.assertNotIn("abcdef", masked)
+
+    def test_medium_key_fully_masked(self) -> None:
+        key = "1234567890123"  # 13 chars
+        masked = RPCServer._mask_setting_value("BOOMLIFY_API_KEY", key)
+        self.assertEqual(masked, "***")
+
+    def test_non_key_setting_not_masked(self) -> None:
+        self.assertEqual(RPCServer._mask_setting_value("BOOMLIFY_DOMAIN", "example.com"), "example.com")

package/tests/test_workspace_api.py

@@ -0,0 +1,90 @@
+from __future__ import annotations
+
+import json
+import unittest
+from typing import Any
+
+
+class FakePage:
+    """Minimal Page stub that returns canned responses from page.evaluate."""
+
+    def __init__(self, responses: list[dict[str, Any]]) -> None:
+        self._responses = list(responses)
+        self._call_index = 0
+
+    def evaluate(self, script: str, args: Any = None) -> Any:
+        if self._call_index >= len(self._responses):
+            raise RuntimeError("No more canned responses")
+        resp = self._responses[self._call_index]
+        self._call_index += 1
+        return resp
+
+
+class TestChatGPTWorkspaceAPIPagination(unittest.TestCase):
+    def _make_api(self, page: FakePage):
+        from backend.chatgpt_workspace_api import ChatGPTWorkspaceAPI
+        return ChatGPTWorkspaceAPI(page, "acc-123", "token-123")
+
+    def test_get_members_fetches_all_pages(self) -> None:
+        page1_body = json.dumps({
+            "items": [{"id": f"u{i}", "email": f"u{i}@x.com"} for i in range(100)],
+            "has_more": True,
+        })
+        page2_body = json.dumps({
+            "items": [{"id": f"u{i}", "email": f"u{i}@x.com"} for i in range(100, 130)],
+            "has_more": False,
+        })
+        page = FakePage([
+            {"status": 200, "body": page1_body},
+            {"status": 200, "body": page2_body},
+        ])
+        api = self._make_api(page)
+
+        members = api.get_members()
+
+        self.assertEqual(len(members), 130)
+
+    def test_get_members_single_page(self) -> None:
+        body = json.dumps({
+            "items": [{"id": "u1", "email": "u1@x.com"}],
+        })
+        page = FakePage([{"status": 200, "body": body}])
+        api = self._make_api(page)
+
+        members = api.get_members()
+
+        self.assertEqual(len(members), 1)
+
+    def test_get_pending_invites_fetches_all_pages(self) -> None:
+        page1_body = json.dumps({
+            "invites": [{"email": f"i{i}@x.com"} for i in range(100)],
+            "has_more": True,
+        })
+        page2_body = json.dumps({
+            "invites": [{"email": f"i{i}@x.com"} for i in range(100, 110)],
+            "has_more": False,
+        })
+        page = FakePage([
+            {"status": 200, "body": page1_body},
+            {"status": 200, "body": page2_body},
+        ])
+        api = self._make_api(page)
+
+        invites = api.get_pending_invites()
+
+        self.assertEqual(len(invites), 110)
+
+    def test_get_pending_invites_single_page(self) -> None:
+        body = json.dumps({
+            "invites": [{"email": "i1@x.com"}],
+        })
+        page = FakePage([{"status": 200, "body": body}])
+        api = self._make_api(page)
+
+        invites = api.get_pending_invites()
+
+        self.assertEqual(len(invites), 1)
+
+
+if __name__ == "__main__":
+    unittest.main()