sidekick-shared 0.18.5 → 0.19.1

package/README.md

@@ -31,13 +31,13 @@ npm install sidekick-shared
 | **Credentials** | Claude Max OAuth credential reading from `~/.claude/.credentials.json` |
 | **Quota** | Claude Max subscription quota fetching (5-hour and 7-day windows) and Codex rate-limit extraction from event streams |
 | **Provider Status** | API health checking via status.claude.com and status.openai.com (indicator, components, incidents) |
-| **Schemas** | Zod schemas for runtime JSONL event validation (`sessionEventSchema`, `messageUsageSchema`, `sessionMessageSchema`) |
+| **Schemas** | Zod schemas for runtime validation of data crossing process/IPC boundaries — JSONL session events (`sessionEventSchema`, `messageUsageSchema`, `sessionMessageSchema`), quota, account status, and quota history — plus `extractSessionEvents()` to unwrap `progress`-wrapped events. Also published fs-free via the [`sidekick-shared/schemas`](#supported-import-paths) subpath |
 | **Extractors** | Pure functions for single-event processing: `extractTokenUsage()`, `extractToolCall()` (top-level `tool_use`), `extractToolCalls()` (assistant content blocks) |
-| **Model Info & Pricing** | Model family parsing (Anthropic / OpenAI / Google, including legacy `claude-3-opus-…` and `claude-3-5-sonnet-…` IDs), context-window lookup (including Opus 4.7 / Sonnet 4.7 1M and GPT-5.x variants), pricing tables with optional LiteLLM hydration, null-aware cost (`calculateCost()`), provenance-preserving cost (`calculateCostWithProvenance()`, `mergeCostSources()`), and display helpers (`shortModelName()`, `getModelDisplayInfo()`, `compareModelIds()`, `sortModelIds()`, `formatCost()`) |
+| **Model Info & Pricing** | Model family parsing (Anthropic / OpenAI / Google, including legacy `claude-3-opus-…` and `claude-3-5-sonnet-…` IDs), context-window lookup (including Fable 5 / Opus 4.8 / Opus 4.7 / Sonnet 4.7 1M and GPT-5.x variants), pricing tables with optional LiteLLM hydration, null-aware cost (`calculateCost()`), provenance-preserving cost (`calculateCostWithProvenance()`, `mergeCostSources()`), and display helpers (`shortModelName()`, `getModelDisplayInfo()`, `compareModelIds()`, `sortModelIds()`, `formatCost()`) |
 | **Quota Polling** | `QuotaPoller` class with exponential backoff, active/idle intervals, and cached fallback |
 | **Multi-Provider Quota** | `MultiProviderQuotaService` orchestrates Claude polling + peak-hours + account labels + Codex quota updates behind one typed `{ claude?, codex? }` event stream. `CodexQuotaWatcher` watches the active Codex rollout for live rate limits with snapshot fallback |
 | **Accounts** | Multi-provider account registry (v2) with per-provider active account, save/switch/remove, v1 migration, `ensureDefaultAccounts()` for first-run bootstrap of the active system Claude/Codex credentials as a "Default" saved account, and `getActiveAccountStatus()` for a single-pass active-account read across providers |
-| **Codex Profiles** | Codex account lifecycle — prepare, finalize, switch, remove — with isolated `CODEX_HOME` directories and multi-home monitoring support |
+| **Codex Profiles** | Codex account lifecycle — prepare, finalize, switch, remove — switching atomically swaps the profile's backed-up credentials into the system `~/.codex/auth.json`, with rotated-token staleness protection, one-time dual-home migration, and legacy multi-home session monitoring |
 | **Quota Snapshots** | Persistent quota caching per provider/account for offline fallback |
 | **Phrases** | Curated humorous phrases for loading/idle states, available as a flat `ALL_PHRASES` array or grouped via `PHRASE_CATEGORIES` for category-aware UI |
 
@@ -54,6 +54,7 @@ npm install sidekick-shared
 | `sidekick-shared/modelContext`    | Any runtime                 | Direct access to the context-window module.                        |
 | `sidekick-shared/modelInfo`       | Any runtime                 | Direct access to model parsing and cost math.                      |
 | `sidekick-shared/formatting`      | Any runtime                 | Direct access to pure token and duration display helpers.           |
+| `sidekick-shared/schemas`         | Any runtime                 | Pure Zod boundary schemas (session events, quota, account status, quota history) — fs-free, no Node builtins. |
 
 ### Browser / webview runtimes
 
@@ -223,6 +224,8 @@ const parser = new JsonlParser(
 parser.processChunk(rawData);
 ```
 
+The boundary schemas — `sessionEventSchema` plus the quota, account-status, and quota-history schemas — are also importable fs-free from `sidekick-shared/schemas`, which keeps Zod out of bundles that only need the pure math/formatting helpers. `extractSessionEvents()` from the same subpath unwraps Claude Code `progress`-wrapped events into canonical `SessionEvent[]`.
+
 ### Tail raw JSONL events incrementally
 
 Use `createJsonlTail()` when a consumer needs raw parsed events and owns its own aggregation lifecycle. `onBatchComplete` fires once after each drained byte chunk, which lets callers defer expensive UI or metrics updates until parsing for that chunk is complete.

package/dist/accounts.d.ts

@@ -22,6 +22,7 @@ export interface ActiveAccountInfo {
 export interface AccountManagerResult {
     success: boolean;
     error?: string;
+    warning?: string;
     needsLogin?: boolean;
     profileId?: string;
     codexHome?: string;

package/dist/codexProfiles.d.ts

@@ -14,6 +14,7 @@ export declare function getActiveCodexAccount(): SavedAccountProfile | null;
 export declare function resolveSidekickCodexHome(): string;
 export declare function getCodexExecutionEnv(baseEnv?: NodeJS.ProcessEnv): NodeJS.ProcessEnv;
 export declare function prepareCodexAccount(label: string): CodexAccountManagerResult;
-export declare function finalizeCodexAccount(profileId: string): AccountManagerResult;
-export declare function switchToCodexAccount(profileId: string): AccountManagerResult;
+export declare function finalizeCodexAccount(profileId: string): CodexAccountManagerResult;
+export declare function switchToCodexAccount(profileId: string): CodexAccountManagerResult;
+export declare function reconcileCodexAuthState(): void;
 export declare function removeCodexAccount(profileId: string): AccountManagerResult;

package/dist/codexProfiles.js

@@ -44,6 +44,7 @@ exports.getCodexExecutionEnv = getCodexExecutionEnv;
 exports.prepareCodexAccount = prepareCodexAccount;
 exports.finalizeCodexAccount = finalizeCodexAccount;
 exports.switchToCodexAccount = switchToCodexAccount;
+exports.reconcileCodexAuthState = reconcileCodexAuthState;
 exports.removeCodexAccount = removeCodexAccount;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
@@ -51,6 +52,9 @@ const path = __importStar(require("path"));
 const child_process_1 = require("child_process");
 const crypto_1 = require("crypto");
 const accountRegistry_1 = require("./accountRegistry");
+// Codex refreshes OAuth tokens at most every 8 days; a stored refresh token
+// older than that may already be rejected by the auth server.
+const STALE_AUTH_THRESHOLD_MS = 8 * 24 * 60 * 60 * 1000;
 function getDefaultSystemCodexHome() {
     return path.join(os.homedir(), '.codex');
 }
@@ -77,12 +81,15 @@ function getCodexMonitoringHomes() {
     const explicitHome = getExplicitCodexHome();
     if (explicitHome)
         return [explicitHome];
-    const homes = [];
-    const active = getActiveCodexAccount();
-    if (active) {
-        homes.push(getCodexProfileHome(active.id));
+    // The system home is the single live home; profile homes only matter for
+    // sessions recorded back when they doubled as live CODEX_HOMEs.
+    const homes = [getDefaultSystemCodexHome()];
+    for (const profile of listCodexAccounts()) {
+        const profileHome = getCodexProfileHome(profile.id);
+        if (fs.existsSync(path.join(profileHome, 'sessions'))) {
+            homes.push(profileHome);
+        }
     }
-    homes.push(getDefaultSystemCodexHome());
     return dedupePaths(homes);
 }
 function getCodexProfilesDir() {
@@ -104,8 +111,43 @@ function atomicWriteJson(filePath, data, mode = 0o600) {
     const tmp = filePath + '.tmp';
     const json = JSON.stringify(data, null, 2);
     JSON.parse(json);
-    fs.writeFileSync(tmp, json, { encoding: 'utf8', mode });
-    fs.renameSync(tmp, filePath);
+    try {
+        fs.writeFileSync(tmp, json, { encoding: 'utf8', mode });
+        fs.renameSync(tmp, filePath);
+    }
+    catch (err) {
+        try {
+            fs.unlinkSync(tmp);
+        }
+        catch { /* nothing to clean up */ }
+        throw err;
+    }
+}
+// auth.json must be copied byte-for-byte: re-serializing would drop fields
+// added by newer codex versions, and the rotated refresh token inside is
+// only valid in its freshest form.
+function atomicWriteFile(filePath, content, mode = 0o600) {
+    fs.mkdirSync(path.dirname(filePath), { recursive: true, mode: 0o700 });
+    const tmp = filePath + '.tmp';
+    try {
+        fs.writeFileSync(tmp, content, { encoding: 'utf8', mode });
+        fs.renameSync(tmp, filePath);
+    }
+    catch (err) {
+        try {
+            fs.unlinkSync(tmp);
+        }
+        catch { /* nothing to clean up */ }
+        throw err;
+    }
+}
+function readFileOrNull(filePath) {
+    try {
+        return fs.readFileSync(filePath, 'utf8');
+    }
+    catch {
+        return null;
+    }
 }
 function readPendingProfile(profileId) {
     try {
@@ -146,40 +188,65 @@ function parseJwtPayload(jwt) {
         return null;
     }
 }
-function readMetadataFromAuthJson(codexHome) {
-    const authPath = path.join(codexHome, 'auth.json');
-    if (!fs.existsSync(authPath))
-        return {};
+function parseAuthJson(raw) {
+    if (!raw)
+        return null;
     try {
-        const parsed = JSON.parse(fs.readFileSync(authPath, 'utf8'));
-        const idToken = parsed.tokens?.id_token;
-        const claims = idToken ? parseJwtPayload(idToken) : null;
-        const profileClaims = claims?.['https://api.openai.com/profile'];
-        const authClaims = claims?.['https://api.openai.com/auth'];
-        const email = typeof claims?.email === 'string'
-            ? claims.email
-            : typeof profileClaims?.email === 'string'
-                ? profileClaims.email
-                : undefined;
-        const workspaceId = typeof authClaims?.chatgpt_account_id === 'string'
-            ? authClaims.chatgpt_account_id
-            : parsed.tokens?.account_id;
-        const planType = typeof authClaims?.chatgpt_plan_type === 'string'
-            ? authClaims.chatgpt_plan_type
-            : undefined;
-        const authMode = parsed.OPENAI_API_KEY || parsed.auth_mode === 'api_key'
-            ? 'api-key'
-            : 'chatgpt';
-        return {
-            email,
-            workspaceId,
-            planType,
-            authMode,
-        };
+        return JSON.parse(raw);
     }
     catch {
-        return {};
+        return null;
+    }
+}
+function readAuthIdentityFromRaw(raw) {
+    const parsed = parseAuthJson(raw);
+    if (!parsed)
+        return null;
+    const idToken = parsed.tokens?.id_token;
+    const claims = idToken ? parseJwtPayload(idToken) : null;
+    const profileClaims = claims?.['https://api.openai.com/profile'];
+    const authClaims = claims?.['https://api.openai.com/auth'];
+    const email = typeof claims?.email === 'string'
+        ? claims.email
+        : typeof profileClaims?.email === 'string'
+            ? profileClaims.email
+            : undefined;
+    const workspaceId = typeof authClaims?.chatgpt_account_id === 'string'
+        ? authClaims.chatgpt_account_id
+        : parsed.tokens?.account_id;
+    const planType = typeof authClaims?.chatgpt_plan_type === 'string'
+        ? authClaims.chatgpt_plan_type
+        : undefined;
+    const authMode = parsed.OPENAI_API_KEY || parsed.auth_mode === 'api_key'
+        ? 'api-key'
+        : 'chatgpt';
+    return { email, workspaceId, planType, authMode };
+}
+function readLastRefresh(raw, fallbackPath) {
+    const parsed = parseAuthJson(raw);
+    if (parsed?.last_refresh) {
+        const ts = Date.parse(parsed.last_refresh);
+        if (!Number.isNaN(ts))
+            return ts;
     }
+    if (fallbackPath) {
+        try {
+            return fs.statSync(fallbackPath).mtimeMs;
+        }
+        catch { /* fall through */ }
+    }
+    return null;
+}
+function readMetadataFromAuthJson(codexHome) {
+    const identity = readAuthIdentityFromRaw(readFileOrNull(path.join(codexHome, 'auth.json')));
+    if (!identity)
+        return {};
+    return {
+        email: identity.email,
+        workspaceId: identity.workspaceId,
+        planType: identity.planType,
+        authMode: identity.authMode,
+    };
 }
 function readMetadataFromLegacyCredentials(codexHome) {
     const legacyPath = path.join(codexHome, '.credentials.json');
@@ -219,6 +286,16 @@ function getCodexLoginStatus(codexHome) {
     }
     return { loggedIn: false };
 }
+function detectRunningCodexProcess() {
+    if (process.platform === 'win32')
+        return false;
+    try {
+        return (0, child_process_1.spawnSync)('pgrep', ['-x', 'codex'], { encoding: 'utf8' }).status === 0;
+    }
+    catch {
+        return false;
+    }
+}
 function readCodexAccountMetadata(codexHome) {
     const fromAuth = readMetadataFromAuthJson(codexHome);
     if (fromAuth.email || fromAuth.workspaceId || fromAuth.planType || fromAuth.authMode) {
@@ -256,15 +333,8 @@ function getActiveCodexAccount() {
     return (0, accountRegistry_1.getActiveSavedAccount)('codex');
 }
 function resolveSidekickCodexHome() {
-    const explicitHome = process.env.CODEX_HOME;
-    if (explicitHome)
-        return explicitHome;
-    const active = getActiveCodexAccount();
-    if (active) {
-        const managedHome = getCodexProfileHome(active.id);
-        if (fs.existsSync(managedHome))
-            return managedHome;
-    }
+    // Account switching swaps auth.json inside the system home, so the system
+    // home (or an explicit CODEX_HOME) is always the single live home.
     return getSystemCodexHome();
 }
 function getCodexExecutionEnv(baseEnv = process.env) {
@@ -318,24 +388,284 @@ function finalizeCodexAccount(profileId) {
         return { success: false, error: 'Codex profile is not authenticated yet.' };
     }
     const metadata = readCodexAccountMetadata(codexHome);
-    (0, accountRegistry_1.upsertSavedAccountProfile)({
+    const profile = {
         id: profileId,
         providerId: 'codex',
         label: pending.label,
         email: metadata.email,
         addedAt: pending.addedAt,
         metadata,
-    });
-    (0, accountRegistry_1.setActiveSavedAccount)('codex', profileId);
-    return { success: true };
+    };
+    (0, accountRegistry_1.upsertSavedAccountProfile)(profile);
+    const hasCredentialFiles = fs.existsSync(path.join(codexHome, 'auth.json')) ||
+        fs.existsSync(path.join(codexHome, '.credentials.json'));
+    if (!hasCredentialFiles) {
+        // Authenticated via the OS keyring — there are no credential files to
+        // swap, so the registry pointer is all we can update.
+        (0, accountRegistry_1.setActiveSavedAccount)('codex', profileId);
+        return {
+            success: true,
+            warning: 'Codex stores credentials in the OS keyring; sidekick cannot swap them per account, so `codex` keeps using the keyring credentials.',
+        };
+    }
+    return performCodexAuthSwap(profile);
+}
+function getCodexStashDir() {
+    return path.join((0, accountRegistry_1.getAccountsDir)(), 'codex', 'stash');
+}
+function stashLiveCodexAuth(liveAuthRaw, liveLegacyRaw) {
+    try {
+        const stamp = new Date().toISOString().replace(/[:.]/g, '-');
+        let stashPath = null;
+        if (liveAuthRaw) {
+            stashPath = path.join(getCodexStashDir(), `auth-${stamp}.json`);
+            atomicWriteFile(stashPath, liveAuthRaw);
+        }
+        if (liveLegacyRaw) {
+            const legacyStashPath = path.join(getCodexStashDir(), `credentials-${stamp}.json`);
+            atomicWriteFile(legacyStashPath, liveLegacyRaw);
+            stashPath = stashPath ?? legacyStashPath;
+        }
+        return stashPath;
+    }
+    catch {
+        return null;
+    }
+}
+function findProfileForIdentity(identity) {
+    const profiles = listCodexAccounts();
+    if (identity?.workspaceId) {
+        const byWorkspace = profiles.find(profile => profile.metadata?.workspaceId === identity.workspaceId);
+        if (byWorkspace)
+            return byWorkspace;
+    }
+    if (identity?.email) {
+        const byEmail = profiles.find(profile => (profile.email ?? profile.metadata?.email) === identity.email);
+        if (byEmail)
+            return byEmail;
+    }
+    if (!identity?.workspaceId && !identity?.email) {
+        // API-key auth or unparseable tokens carry no identity; assume the live
+        // file belongs to whichever account the registry says is active.
+        return getActiveCodexAccount();
+    }
+    return null;
+}
+// Codex rotates the refresh token whenever it refreshes auth.json, so the
+// live file is always the freshest copy of its account. Before replacing it,
+// preserve it in the matching profile's backup — or stash it if it belongs to
+// no saved account. Best-effort: never throws.
+function syncBackLiveCodexAuth(liveAuthRaw, liveLegacyRaw) {
+    if (!liveAuthRaw && !liveLegacyRaw)
+        return {};
+    try {
+        const identity = readAuthIdentityFromRaw(liveAuthRaw);
+        const profile = findProfileForIdentity(identity);
+        if (!profile) {
+            const stashPath = stashLiveCodexAuth(liveAuthRaw, liveLegacyRaw);
+            return {
+                stashPath: stashPath ?? undefined,
+                warning: stashPath
+                    ? `Live Codex credentials did not match any saved account; stashed at ${stashPath}.`
+                    : 'Live Codex credentials did not match any saved account and could not be stashed.',
+            };
+        }
+        const profileHome = getCodexProfileHome(profile.id);
+        if (liveAuthRaw)
+            atomicWriteFile(path.join(profileHome, 'auth.json'), liveAuthRaw);
+        if (liveLegacyRaw)
+            atomicWriteFile(path.join(profileHome, '.credentials.json'), liveLegacyRaw);
+        try {
+            const metadata = readCodexAccountMetadata(profileHome);
+            (0, accountRegistry_1.upsertSavedAccountProfile)({
+                ...profile,
+                email: metadata.email ?? profile.email,
+                metadata: { ...profile.metadata, ...metadata },
+            });
+        }
+        catch { /* metadata refresh is best-effort */ }
+        return { syncedProfileId: profile.id };
+    }
+    catch (err) {
+        return { warning: `Could not back up live Codex credentials: ${err}` };
+    }
+}
+function performCodexAuthSwap(target) {
+    const systemHome = getSystemCodexHome();
+    const liveAuthPath = path.join(systemHome, 'auth.json');
+    const liveLegacyPath = path.join(systemHome, '.credentials.json');
+    const liveAuthRaw = readFileOrNull(liveAuthPath);
+    const liveLegacyRaw = readFileOrNull(liveLegacyPath);
+    if (!liveAuthRaw && !liveLegacyRaw && getCodexLoginStatus(systemHome).loggedIn) {
+        return {
+            success: false,
+            error: 'Codex stores credentials in the OS keyring; file-based account switching is not supported. Set `cli_auth_credentials_store = "file"` in ~/.codex/config.toml and run `codex login` again.',
+        };
+    }
+    const profileHome = getCodexProfileHome(target.id);
+    const targetAuthPath = path.join(profileHome, 'auth.json');
+    const targetAuthRaw = readFileOrNull(targetAuthPath);
+    const targetLegacyRaw = readFileOrNull(path.join(profileHome, '.credentials.json'));
+    const targetName = target.label ?? target.email ?? target.id;
+    if (!targetAuthRaw && !targetLegacyRaw) {
+        return { success: false, error: `No stored credentials for "${targetName}". Remove and re-add this account.` };
+    }
+    if (targetAuthRaw && !parseAuthJson(targetAuthRaw)) {
+        return { success: false, error: `Stored credentials for "${targetName}" are corrupted. Remove and re-add this account.` };
+    }
+    const warnings = [];
+    if (detectRunningCodexProcess()) {
+        warnings.push('A codex process appears to be running; restart codex sessions so they pick up the switched account.');
+    }
+    // If the live file already belongs to the target account it is the freshest
+    // copy (rotated refresh token included) — never replace it with a staler
+    // backup, which would permanently invalidate the login. Just refresh the
+    // backup and the registry pointer.
+    const liveIdentity = readAuthIdentityFromRaw(liveAuthRaw);
+    const targetIdentity = readAuthIdentityFromRaw(targetAuthRaw);
+    const targetWorkspaceId = target.metadata?.workspaceId ?? targetIdentity?.workspaceId;
+    const targetEmail = target.email ?? target.metadata?.email ?? targetIdentity?.email;
+    const liveMatchesTarget = Boolean((liveIdentity?.workspaceId && targetWorkspaceId && liveIdentity.workspaceId === targetWorkspaceId) ||
+        (liveIdentity?.email && targetEmail && liveIdentity.email === targetEmail) ||
+        (liveAuthRaw !== null && liveAuthRaw === targetAuthRaw) ||
+        (!liveAuthRaw && !targetAuthRaw && liveLegacyRaw !== null && liveLegacyRaw === targetLegacyRaw));
+    if (liveMatchesTarget) {
+        try {
+            if (liveAuthRaw)
+                atomicWriteFile(targetAuthPath, liveAuthRaw);
+            if (liveLegacyRaw)
+                atomicWriteFile(path.join(profileHome, '.credentials.json'), liveLegacyRaw);
+            const metadata = readCodexAccountMetadata(profileHome);
+            (0, accountRegistry_1.upsertSavedAccountProfile)({
+                ...target,
+                email: metadata.email ?? target.email,
+                metadata: { ...target.metadata, ...metadata },
+            });
+        }
+        catch { /* backup refresh is best-effort */ }
+        (0, accountRegistry_1.setActiveSavedAccount)('codex', target.id);
+        return { success: true, warning: warnings.length ? warnings.join(' ') : undefined };
+    }
+    const targetLastRefresh = readLastRefresh(targetAuthRaw, targetAuthPath);
+    if (targetLastRefresh !== null && Date.now() - targetLastRefresh > STALE_AUTH_THRESHOLD_MS) {
+        warnings.push(`Stored credentials for "${targetName}" have not been refreshed in over 8 days; codex may ask you to log in again.`);
+    }
+    const syncBack = syncBackLiveCodexAuth(liveAuthRaw, liveLegacyRaw);
+    if (syncBack.warning)
+        warnings.push(syncBack.warning);
+    const restoreLiveFiles = () => {
+        try {
+            if (liveAuthRaw)
+                atomicWriteFile(liveAuthPath, liveAuthRaw);
+            else
+                fs.rmSync(liveAuthPath, { force: true });
+            if (liveLegacyRaw)
+                atomicWriteFile(liveLegacyPath, liveLegacyRaw);
+            else
+                fs.rmSync(liveLegacyPath, { force: true });
+        }
+        catch { /* rollback is best-effort */ }
+    };
+    try {
+        if (targetAuthRaw) {
+            atomicWriteFile(liveAuthPath, targetAuthRaw);
+            if (targetLegacyRaw)
+                atomicWriteFile(liveLegacyPath, targetLegacyRaw);
+            else if (liveLegacyRaw)
+                fs.rmSync(liveLegacyPath, { force: true });
+        }
+        else {
+            atomicWriteFile(liveLegacyPath, targetLegacyRaw);
+            if (liveAuthRaw)
+                fs.rmSync(liveAuthPath, { force: true });
+        }
+    }
+    catch (err) {
+        restoreLiveFiles();
+        return { success: false, error: `Failed to write Codex credentials: ${err}` };
+    }
+    try {
+        (0, accountRegistry_1.setActiveSavedAccount)('codex', target.id);
+    }
+    catch (err) {
+        restoreLiveFiles();
+        return { success: false, error: `Failed to update account registry: ${err}` };
+    }
+    return { success: true, warning: warnings.length ? warnings.join(' ') : undefined };
 }
 function switchToCodexAccount(profileId) {
     const target = listCodexAccounts().find(account => account.id === profileId);
     if (!target) {
         return { success: false, error: `Codex account ${profileId} not found.` };
     }
-    (0, accountRegistry_1.setActiveSavedAccount)('codex', profileId);
-    return { success: true };
+    return performCodexAuthSwap(target);
+}
+// One-time migration for installs created when profile homes doubled as live
+// CODEX_HOMEs: the active profile's auth.json may hold a fresher rotated
+// refresh token than the system home. Best-effort: never throws.
+function reconcileCodexAuthState() {
+    try {
+        const markerPath = path.join((0, accountRegistry_1.getAccountsDir)(), 'codex', '.live-auth-migrated-v1');
+        if (fs.existsSync(markerPath))
+            return;
+        const writeMarker = () => atomicWriteFile(markerPath, new Date().toISOString() + '\n');
+        const active = getActiveCodexAccount();
+        if (!active) {
+            writeMarker();
+            return;
+        }
+        const profileHome = getCodexProfileHome(active.id);
+        const profileAuthPath = path.join(profileHome, 'auth.json');
+        const profileAuthRaw = readFileOrNull(profileAuthPath);
+        if (!profileAuthRaw) {
+            writeMarker();
+            return;
+        }
+        const systemHome = getSystemCodexHome();
+        const liveAuthPath = path.join(systemHome, 'auth.json');
+        const liveAuthRaw = readFileOrNull(liveAuthPath);
+        if (!liveAuthRaw) {
+            // No live credentials (account was added via isolated login and never
+            // promoted). Promote the active profile's copy unless codex is logged
+            // in through the OS keyring.
+            if (!getCodexLoginStatus(systemHome).loggedIn) {
+                atomicWriteFile(liveAuthPath, profileAuthRaw);
+            }
+            writeMarker();
+            return;
+        }
+        const liveIdentity = readAuthIdentityFromRaw(liveAuthRaw);
+        const profileIdentity = readAuthIdentityFromRaw(profileAuthRaw);
+        const sameIdentity = Boolean((liveIdentity?.workspaceId && profileIdentity?.workspaceId && liveIdentity.workspaceId === profileIdentity.workspaceId) ||
+            (liveIdentity?.email && liveIdentity.email === profileIdentity?.email));
+        if (sameIdentity) {
+            const liveRefresh = readLastRefresh(liveAuthRaw, liveAuthPath);
+            const profileRefresh = readLastRefresh(profileAuthRaw, profileAuthPath);
+            if (profileRefresh !== null && (liveRefresh === null || profileRefresh > liveRefresh)) {
+                // The profile copy was the live home under the old model and holds
+                // the valid rotated refresh token — promote it.
+                stashLiveCodexAuth(liveAuthRaw, null);
+                atomicWriteFile(liveAuthPath, profileAuthRaw);
+            }
+            else {
+                atomicWriteFile(profileAuthPath, liveAuthRaw);
+            }
+        }
+        else {
+            // The live credentials belong to a different account; the live state
+            // wins — point the registry at the matching saved profile if there is
+            // one, and refresh its backup.
+            const matching = findProfileForIdentity(liveIdentity);
+            if (matching && matching.id !== active.id) {
+                atomicWriteFile(path.join(getCodexProfileHome(matching.id), 'auth.json'), liveAuthRaw);
+                (0, accountRegistry_1.setActiveSavedAccount)('codex', matching.id);
+            }
+        }
+        writeMarker();
+    }
+    catch {
+        // Reconciliation must never break startup.
+    }
 }
 function removeCodexAccount(profileId) {
     const removed = (0, accountRegistry_1.removeSavedAccountProfile)('codex', profileId);

package/dist/ensureDefaultAccounts.js

@@ -96,5 +96,11 @@ function ensureDefaultCodexAccount(options) {
 async function ensureDefaultAccounts(options) {
     const claude = await ensureDefaultClaudeAccount(options);
     const codex = ensureDefaultCodexAccount(options);
+    try {
+        (0, codexProfiles_1.reconcileCodexAuthState)();
+    }
+    catch (error) {
+        logFailure(options, 'Codex auth reconciliation failed.', error);
+    }
     return { claude, codex };
 }

package/dist/index.d.ts

@@ -122,7 +122,10 @@ export { hydratePricingCatalog, normalizeLiteLlmCatalog, LITELLM_CATALOG_URL } f
 export type { HydrateOptions, HydrateResult } from './pricingCatalog';
 export { extractTokenUsage } from './extractors/tokenUsage';
 export { extractToolCall, extractToolCalls } from './extractors/toolCall';
-export { messageUsageSchema, sessionMessageSchema, sessionEventSchema, permissionModeSchema, } from './schemas/sessionEvent';
+export { messageUsageSchema, sessionMessageSchema, sessionEventSchema, permissionModeSchema, extractSessionEvents, } from './schemas/sessionEvent';
+export { quotaWindowSchema, quotaStateSchema, quotaFailureKindSchema, quotaProviderIdSchema, quotaSourceSchema, peakHoursStateSchema, quotaFailureDescriptorSchema, runtimeQuotaProviderSchema, providerQuotaStateSchema, claudeProviderQuotaStateSchema, codexProviderQuotaStateSchema, providerQuotaMapSchema, } from './schemas/quota';
+export { quotaHistoryRuntimeProviderSchema, quotaHistorySampleSchema, quotaHistoryDailyBucketSchema, } from './schemas/quotaHistory';
+export { activeProviderAccountStatusSchema, activeAccountStatusSchema, } from './schemas/accountStatus';
 export { fetchProviderStatus, fetchOpenAIStatus } from './providerStatus';
 export type { ProviderStatusState } from './providerStatus';
 export { createPeakHoursNotApplicableState, fetchPeakHoursStatus, isClaudeCodeSessionProvider, scopePeakHoursToSessionProvider, } from './peakHours';

package/dist/index.js

@@ -6,7 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.findActiveClaudeSession = exports.discoverSessionDirectory = exports.getClaudeSessionDirectory = exports.encodeClaudeWorkspacePath = exports.detectSessionActivity = exports.extractTaskInfo = exports.scanSubagentDir = exports.normalizeCodexToolInput = exports.normalizeCodexToolName = exports.extractPatchFilePaths = exports.CodexRolloutParser = exports.parseDbPartData = exports.parseDbMessageData = exports.convertOpenCodeMessage = exports.detectPlanModeFromText = exports.normalizeToolInput = exports.normalizeToolName = exports.TRUNCATION_PATTERNS = exports.JsonlParser = exports.CodexProvider = exports.OpenCodeProvider = exports.ClaudeCodeProvider = exports.getAllDetectedProviders = exports.detectProvider = exports.readClaudeCodePlanFiles = exports.getPlanAnalytics = exports.writePlans = exports.getLatestPlan = exports.readPlans = exports.readLatestHandoff = exports.readHistory = exports.readNotes = exports.readDecisions = exports.readTasks = exports.getProjectSlugRaw = exports.getProjectSlug = exports.encodeWorkspacePath = exports.getGlobalDataPath = exports.getProjectDataPath = exports.getConfigDir = exports.MAX_PLANS_PER_PROJECT = exports.PLAN_SCHEMA_VERSION = exports.createEmptyTokenTotals = exports.HISTORICAL_DATA_SCHEMA_VERSION = exports.STALENESS_THRESHOLDS = exports.IMPORTANCE_DECAY_FACTORS = exports.KNOWLEDGE_NOTE_SCHEMA_VERSION = exports.DECISION_LOG_SCHEMA_VERSION = exports.normalizeTaskStatus = exports.TASK_PERSISTENCE_SCHEMA_VERSION = void 0;
 exports.EventAggregator = exports.getRandomPhrase = exports.PHRASE_CATEGORIES = exports.ALL_PHRASES = exports.HIGHLIGHT_CSS = exports.clearHighlightCache = exports.highlightEvent = exports.formatSessionJson = exports.formatSessionMarkdown = exports.formatSessionText = exports.classifyNoise = exports.shouldMergeWithPrevious = exports.classifyFollowEvent = exports.classifyMessage = exports.getSoftNoiseReason = exports.isHardNoiseFollowEvent = exports.isHardNoise = exports.formatToolSummary = exports.formatTokenCount = exports.formatDurationMs = exports.createJsonlTail = exports.toFollowEvents = exports.createWatcher = exports.parseChangelog = exports.extractProposedPlanShared = exports.parsePlanMarkdownShared = exports.PlanExtractor = exports.readSessionContextSnapshot = exports.createSessionContextProjector = exports.calculateSessionContextPressure = exports.buildSessionContextSnapshot = exports.composeContext = exports.FilterEngine = exports.searchSessions = exports.CodexDatabase = exports.OpenCodeDatabase = exports.discoverDebugLogs = exports.collapseDuplicates = exports.filterByLevel = exports.parseDebugLog = exports.scanSubagentTraces = exports.findAllSessionsWithWorktrees = exports.discoverWorktreeSiblings = exports.resolveWorktreeMainRepo = exports.getAllClaudeProjectFolders = exports.decodeEncodedPath = exports.getMostRecentlyActiveSessionDir = exports.findSubdirectorySessionDirs = exports.findSessionsInDirectory = exports.findAllClaudeSessions = void 0;
 exports.fetchQuota = exports.removeCodexAccount = exports.switchToCodexAccount = exports.finalizeCodexAccount = exports.prepareCodexAccount = exports.getCodexExecutionEnv = exports.resolveSidekickCodexHome = exports.getActiveCodexAccount = exports.listCodexAccounts = exports.getSystemCodexHome = exports.getCodexMonitoringHomes = exports.getCodexProfileHome = exports.getCodexProfilesDir = exports.getActiveAccountStatus = exports.removeSavedAccountProfile = exports.replaceSavedAccountProfiles = exports.setActiveSavedAccount = exports.upsertSavedAccountProfile = exports.getActiveSavedAccount = exports.listSavedAccountProfiles = exports.writeSavedAccountRegistry = exports.readSavedAccountRegistry = exports.getAccountsDir = exports.isMultiAccountEnabled = exports.getActiveAccount = exports.listAccounts = exports.removeAccount = exports.switchToAccount = exports.addCurrentAccount = exports.readActiveClaudeAccount = exports.writeAccountRegistry = exports.readAccountRegistry = exports.ensureDefaultAccounts = exports.readClaudeMaxAccessTokenSync = exports.readClaudeMaxCredentials = exports.writeActiveCredentials = exports.readActiveCredentials = exports.openInBrowser = exports.parseTranscriptFromEvents = exports.parseTranscript = exports.generateHtmlReport = exports.PatternExtractor = exports.HeatmapTracker = exports.FrequencyTracker = exports.getSnapshotPath = exports.isSnapshotValid = exports.deleteSnapshot = exports.loadSnapshot = exports.saveSnapshot = exports.parseTodoDependencies = void 0;
-exports.scopePeakHoursToSessionProvider = exports.isClaudeCodeSessionProvider = exports.fetchPeakHoursStatus = exports.createPeakHoursNotApplicableState = exports.fetchOpenAIStatus = exports.fetchProviderStatus = exports.permissionModeSchema = exports.sessionEventSchema = exports.sessionMessageSchema = exports.messageUsageSchema = exports.extractToolCalls = exports.extractToolCall = exports.extractTokenUsage = exports.LITELLM_CATALOG_URL = exports.normalizeLiteLlmCatalog = exports.hydratePricingCatalog = exports.formatCost = exports.sortModelIds = exports.compareModelIds = exports.getModelDisplayInfo = exports.shortModelName = exports.mergeCostSources = exports.calculateCostWithProvenance = exports.calculateCostWithPricing = exports.calculateCost = exports.getModelInfo = exports.getModelPricing = exports.parseModelId = exports.DEFAULT_CONTEXT_WINDOW = exports.getModelContextWindowSize = exports.MultiProviderQuotaService = exports.CodexQuotaWatcher = exports.resolveCodexQuotaFromLocalSources = exports.resolveCodexQuota = exports.readLatestCodexQuotaFromRollouts = exports.quotaFromCodexRateLimits = exports.fetchCodexQuotaFromApi = exports.getWorkspaceIdFromPath = exports.pruneQuotaHistory = exports.readQuotaHistoryDailyBuckets = exports.readQuotaHistoryRange = exports.appendQuotaHistorySample = exports.writeQuotaSnapshot = exports.readQuotaSnapshot = exports.QuotaPoller = exports.describeQuotaFailure = void 0;
+exports.providerQuotaStateSchema = exports.runtimeQuotaProviderSchema = exports.quotaFailureDescriptorSchema = exports.peakHoursStateSchema = exports.quotaSourceSchema = exports.quotaProviderIdSchema = exports.quotaFailureKindSchema = exports.quotaStateSchema = exports.quotaWindowSchema = exports.extractSessionEvents = exports.permissionModeSchema = exports.sessionEventSchema = exports.sessionMessageSchema = exports.messageUsageSchema = exports.extractToolCalls = exports.extractToolCall = exports.extractTokenUsage = exports.LITELLM_CATALOG_URL = exports.normalizeLiteLlmCatalog = exports.hydratePricingCatalog = exports.formatCost = exports.sortModelIds = exports.compareModelIds = exports.getModelDisplayInfo = exports.shortModelName = exports.mergeCostSources = exports.calculateCostWithProvenance = exports.calculateCostWithPricing = exports.calculateCost = exports.getModelInfo = exports.getModelPricing = exports.parseModelId = exports.DEFAULT_CONTEXT_WINDOW = exports.getModelContextWindowSize = exports.MultiProviderQuotaService = exports.CodexQuotaWatcher = exports.resolveCodexQuotaFromLocalSources = exports.resolveCodexQuota = exports.readLatestCodexQuotaFromRollouts = exports.quotaFromCodexRateLimits = exports.fetchCodexQuotaFromApi = exports.getWorkspaceIdFromPath = exports.pruneQuotaHistory = exports.readQuotaHistoryDailyBuckets = exports.readQuotaHistoryRange = exports.appendQuotaHistorySample = exports.writeQuotaSnapshot = exports.readQuotaSnapshot = exports.QuotaPoller = exports.describeQuotaFailure = void 0;
+exports.scopePeakHoursToSessionProvider = exports.isClaudeCodeSessionProvider = exports.fetchPeakHoursStatus = exports.createPeakHoursNotApplicableState = exports.fetchOpenAIStatus = exports.fetchProviderStatus = exports.activeAccountStatusSchema = exports.activeProviderAccountStatusSchema = exports.quotaHistoryDailyBucketSchema = exports.quotaHistorySampleSchema = exports.quotaHistoryRuntimeProviderSchema = exports.providerQuotaMapSchema = exports.codexProviderQuotaStateSchema = exports.claudeProviderQuotaStateSchema = void 0;
 var taskPersistence_1 = require("./types/taskPersistence");
 Object.defineProperty(exports, "TASK_PERSISTENCE_SCHEMA_VERSION", { enumerable: true, get: function () { return taskPersistence_1.TASK_PERSISTENCE_SCHEMA_VERSION; } });
 Object.defineProperty(exports, "normalizeTaskStatus", { enumerable: true, get: function () { return taskPersistence_1.normalizeTaskStatus; } });
@@ -295,6 +296,30 @@ Object.defineProperty(exports, "messageUsageSchema", { enumerable: true, get: fu
 Object.defineProperty(exports, "sessionMessageSchema", { enumerable: true, get: function () { return sessionEvent_1.sessionMessageSchema; } });
 Object.defineProperty(exports, "sessionEventSchema", { enumerable: true, get: function () { return sessionEvent_1.sessionEventSchema; } });
 Object.defineProperty(exports, "permissionModeSchema", { enumerable: true, get: function () { return sessionEvent_1.permissionModeSchema; } });
+Object.defineProperty(exports, "extractSessionEvents", { enumerable: true, get: function () { return sessionEvent_1.extractSessionEvents; } });
+// Schemas — Zod runtime validation for quota / provider quota / peak hours
+var quota_2 = require("./schemas/quota");
+Object.defineProperty(exports, "quotaWindowSchema", { enumerable: true, get: function () { return quota_2.quotaWindowSchema; } });
+Object.defineProperty(exports, "quotaStateSchema", { enumerable: true, get: function () { return quota_2.quotaStateSchema; } });
+Object.defineProperty(exports, "quotaFailureKindSchema", { enumerable: true, get: function () { return quota_2.quotaFailureKindSchema; } });
+Object.defineProperty(exports, "quotaProviderIdSchema", { enumerable: true, get: function () { return quota_2.quotaProviderIdSchema; } });
+Object.defineProperty(exports, "quotaSourceSchema", { enumerable: true, get: function () { return quota_2.quotaSourceSchema; } });
+Object.defineProperty(exports, "peakHoursStateSchema", { enumerable: true, get: function () { return quota_2.peakHoursStateSchema; } });
+Object.defineProperty(exports, "quotaFailureDescriptorSchema", { enumerable: true, get: function () { return quota_2.quotaFailureDescriptorSchema; } });
+Object.defineProperty(exports, "runtimeQuotaProviderSchema", { enumerable: true, get: function () { return quota_2.runtimeQuotaProviderSchema; } });
+Object.defineProperty(exports, "providerQuotaStateSchema", { enumerable: true, get: function () { return quota_2.providerQuotaStateSchema; } });
+Object.defineProperty(exports, "claudeProviderQuotaStateSchema", { enumerable: true, get: function () { return quota_2.claudeProviderQuotaStateSchema; } });
+Object.defineProperty(exports, "codexProviderQuotaStateSchema", { enumerable: true, get: function () { return quota_2.codexProviderQuotaStateSchema; } });
+Object.defineProperty(exports, "providerQuotaMapSchema", { enumerable: true, get: function () { return quota_2.providerQuotaMapSchema; } });
+// Schemas — Zod runtime validation for quota history
+var quotaHistory_2 = require("./schemas/quotaHistory");
+Object.defineProperty(exports, "quotaHistoryRuntimeProviderSchema", { enumerable: true, get: function () { return quotaHistory_2.quotaHistoryRuntimeProviderSchema; } });
+Object.defineProperty(exports, "quotaHistorySampleSchema", { enumerable: true, get: function () { return quotaHistory_2.quotaHistorySampleSchema; } });
+Object.defineProperty(exports, "quotaHistoryDailyBucketSchema", { enumerable: true, get: function () { return quotaHistory_2.quotaHistoryDailyBucketSchema; } });
+// Schemas — Zod runtime validation for account status
+var accountStatus_2 = require("./schemas/accountStatus");
+Object.defineProperty(exports, "activeProviderAccountStatusSchema", { enumerable: true, get: function () { return accountStatus_2.activeProviderAccountStatusSchema; } });
+Object.defineProperty(exports, "activeAccountStatusSchema", { enumerable: true, get: function () { return accountStatus_2.activeAccountStatusSchema; } });
 // Provider Status
 var providerStatus_1 = require("./providerStatus");
 Object.defineProperty(exports, "fetchProviderStatus", { enumerable: true, get: function () { return providerStatus_1.fetchProviderStatus; } });

package/dist/modelContext.d.ts

@@ -7,6 +7,9 @@ export declare const DEFAULT_CONTEXT_WINDOW = 200000;
 /**
  * Returns the context window size for a model ID.
  *
+ * Input is trimmed and lowercased before lookup, so padded or mixed-case
+ * IDs (e.g. "Claude-Opus-4-8 ") resolve without caller-side normalization.
+ *
  * Lookup order:
  * 1. Explicit "[1m]" suffix (Claude Code's 1M-variant marker) → 1_000_000
  * 2. Exact match against MODEL_CONTEXT_SIZES