codex-quota 1.0.0__tar.gz

codex_quota-1.0.0/.gitignore

@@ -0,0 +1,221 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#   Usually these files are written by a python script from a template
+#   before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+# Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+# uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+# poetry.lock
+# poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#   JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#   and can be added to the global gitignore or merged into this file.  For a more nuclear
+#   option (not recommended) you can uncomment the following to ignore the entire idea folder.
+# .idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer,
+#   you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+# Temporary file for partial code execution
+tempCodeRunnerFile.py
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml
+
+# System files
+.DS_Store

codex_quota-1.0.0/CHANGELOG.md

@@ -0,0 +1,93 @@
+# Changelog
+
+## 1.0.0 - 2026-06-04
+
+### Added
+
+- `codex-quota login <profile> --device-auth` for device-code login on headless or remote machines.
+- `codex-quota profile add <profile> --login --device-auth` to create and authenticate a profile in one step.
+- TUI support for `login <profile> --device-auth`.
+
+### Fixed
+
+- `profile add --device-auth` without `--login` now exits with a clear user-facing error.
+- POSIX profile/config directories are now created and tightened with `0700` permissions.
+- `exec` now respects user Codex config and rules by default.
+- Hardened profile discovery so symlinked directories cannot be treated as external `CODEX_HOME` locations.
+- Safe-by-default JSON status output avoids leaking path and quota metadata into CI logs.
+
+## 0.3.0 - 2026-06-03
+
+### Added
+
+- Filesystem-based profile discovery under `~/.codex-quota/profiles`.
+- Profile management commands: `profile list`, `profile add`, `profile remove`, and `profile path`.
+- `codex-quota login <profile> --create`.
+- `codex-quota init --verify`.
+- Dedicated profile and App Server modules for safer path handling and quota reads.
+- Stable `ok` field in JSON status output.
+
+### Changed
+
+- `~/.codex-quota/profiles/<profile>/` became the source of truth for profile existence.
+- Config no longer stores a static profile registry.
+- `codex-quota init` now bootstraps and validates the environment only.
+- status and check dynamically discover profiles from the filesystem.
+- Config loading preserves unknown legacy keys while ignoring old profile registry data for discovery.
+- TUI now uses dynamic profile discovery and shared service logic.
+
+### Fixed
+
+- Long-path wrapping in profile path output.
+- macOS temp-path and symlink-sensitive profile path handling.
+- Per-profile status collection now continues when one profile fails.
+- Missing Codex binary is represented as a per-profile status error where appropriate.
+- Malformed config JSON now raises a clear config error.
+- Malformed App Server responses now raise a clear app-server error.
+
+## 0.2.0 - 2026-06-03
+
+### Added
+
+- Textual-based fullscreen TUI.
+- `Refreshed at HH:MM DD.MM.YYYY` timestamp above the status table.
+- `codex_ok` field in JSON status output.
+- Safer unknown-profile validation for `status` and `check`.
+- User-facing refresh/loading messages in TUI.
+- Scroll-safe TUI input handling through Textual widgets.
+
+### Changed
+
+- Replaced the old Rich `Live` + manual prompt TUI with Textual.
+- Improved status table formatting, colors, widths, and percentage display.
+- `service.collect_statuses()` now distinguishes missing Codex binary from profile/auth failures.
+- TUI refresh now runs asynchronously and does not block the command input field.
+- Manual refresh no longer leaves a persistent `Refreshed.` panel.
+
+### Fixed
+
+- Mouse wheel escape-sequence pollution in the TUI command input.
+- Refresh message panel persisting after manual refresh.
+- Possible `KeyError` for unknown profile names in `status` and `check`.
+- Date formatting from `DD:MM:YYYY` to `DD.MM.YYYY`.
+
+### Removed
+
+- Old Rich `Live` fullscreen TUI implementation.
+- Manual raw terminal input handling with `select` / `read(1)`.
+
+## 0.1.0 - 2026-06-03
+
+Initial preview release.
+
+### Added
+
+- Python package under `src/codex_quota`.
+- Multi-profile config stored separately from Codex homes.
+- Profile directory initialization.
+- Official Codex login delegation per profile via `CODEX_HOME`.
+- App Server JSON-RPC quota reader for `account/rateLimits/read`.
+- Human-readable status table and JSON output.
+- Automation-friendly `check` command.
+- Minimal low-reasoning `codex exec` wrapper.
+- Simple Rich-based TUI with refresh, login, exec, and quit commands.

codex_quota-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ssh-den
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

codex_quota-1.0.0/PKG-INFO

@@ -0,0 +1,389 @@
+Metadata-Version: 2.4
+Name: codex-quota
+Version: 1.0.0
+Summary: Multi-profile Codex CLI quota monitor with CLI and TUI
+Project-URL: Homepage, https://github.com/ssh-den/codex-quota
+Project-URL: Repository, https://github.com/ssh-den/codex-quota
+Project-URL: Issues, https://github.com/ssh-den/codex-quota/issues
+Project-URL: Changelog, https://github.com/ssh-den/codex-quota/blob/main/CHANGELOG.md
+Author: ssh-den
+License: MIT
+License-File: LICENSE
+Keywords: cli,codex,monitoring,quota,tui
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: System :: Monitoring
+Classifier: Topic :: Utilities
+Requires-Python: >=3.11
+Requires-Dist: rich>=13.7.1
+Requires-Dist: textual>=3.5.0
+Requires-Dist: typer>=0.12.5
+Provides-Extra: dev
+Requires-Dist: mypy>=1.11; extra == 'dev'
+Requires-Dist: pylint>=3.2; extra == 'dev'
+Requires-Dist: pytest-cov>=5.0; extra == 'dev'
+Requires-Dist: pytest>=8.2; extra == 'dev'
+Requires-Dist: ruff>=0.6; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# codex-quota
+
+A utility for managing isolated Codex CLI profiles and monitoring quota usage across multiple Codex environments.
+
+Includes JSON output for automation and a live terminal dashboard.
+
+> **Note:** This is an independent community tool. It is not affiliated with or endorsed by OpenAI.
+
+---
+
+## Requirements
+
+- Python 3.11+
+- Official Codex CLI available as `codex`
+
+Install Codex CLI:
+
+```bash
+npm install -g @openai/codex
+```
+
+or
+
+```bash
+brew install codex
+```
+
+Tested with `codex-cli 0.136.0`.
+
+---
+
+## Installation
+
+Install from PyPI:
+
+```bash
+pip install codex-quota
+```
+
+Install from source:
+
+```bash
+git clone https://github.com/ssh-den/codex-quota.git
+cd codex-quota
+python -m venv .venv
+source .venv/bin/activate  # Windows: .venv\Scripts\activate
+pip install -e .
+```
+
+---
+
+## Quick Start
+
+```bash
+# Initialize (creates config and profiles directory)
+codex-quota init
+
+# Add a profile and log in
+codex-quota profile add personal --login
+
+# Check quota status
+codex-quota status
+
+# Launch the live terminal dashboard
+codex-quota tui
+```
+
+---
+
+## Security
+
+Authentication is fully delegated to the official Codex CLI. `codex-quota` never reads, stores, or transmits credentials. It sets `CODEX_HOME` and calls `codex` on your behalf.
+
+Profile and config directories are created with `0700` permissions on POSIX systems so `auth.json` and related state are not exposed by a weak `umask` on multi-user machines.
+
+---
+
+## Script filesystem layout
+
+```
+~/.codex-quota/profiles/
+├── personal/
+├── work/
+└── testing/
+
+~/.config/codex-quota/
+└── config.json
+```
+
+The filesystem is the source of truth. Profiles are discovered dynamically. The configuration file stores application settings only and does not maintain a profile registry.
+
+---
+
+## Configuration
+
+Default configuration:
+
+```json
+{
+  "profiles_dir": "~/.codex-quota/profiles",
+  "codex_bin": "codex",
+  "default_model": "gpt-5.4-mini",
+  "reasoning_effort": "low",
+  "refresh_seconds": 30.0
+}
+```
+
+Edit `~/.config/codex-quota/config.json` to change model defaults or reasoning effort.
+
+---
+
+## Initialization
+
+```bash
+codex-quota init
+```
+
+Behavior:
+
+- Create config directory if missing
+- Create profiles directory if missing
+- Create `config.json` if missing
+- Preserve existing configuration
+- Verify Codex CLI installation
+- Print detected Codex version
+- Discover existing profiles by scanning `~/.codex-quota/profiles/*`
+
+Overwrite configuration:
+
+```bash
+codex-quota init --overwrite-config
+```
+
+Run bootstrap plus quota verification (`--check` is an alias):
+
+```bash
+codex-quota init --verify
+```
+
+---
+
+## Profile management
+
+List profiles:
+
+```bash
+codex-quota profile list
+```
+
+Add profile:
+
+```bash
+codex-quota profile add personal
+```
+
+Create and login immediately:
+
+```bash
+codex-quota profile add personal --login
+```
+
+Create and force device-code auth on headless or remote machines:
+
+```bash
+codex-quota profile add personal --login --device-auth
+```
+
+Print profile path:
+
+```bash
+codex-quota profile path personal
+```
+
+Remove profile:
+
+```bash
+codex-quota profile remove personal
+```
+
+Force remove (non-interactive):
+
+```bash
+codex-quota profile remove personal --yes
+```
+
+Profile names are validated. Path traversal, path separators, absolute paths, whitespace, and suspicious characters are rejected.
+
+---
+
+## Login
+
+```bash
+codex-quota login personal
+```
+
+Equivalent to:
+
+```bash
+CODEX_HOME="$HOME/.codex-quota/profiles/personal" codex login
+```
+
+Use device authorization instead of the local browser callback flow:
+
+```bash
+codex-quota login personal --device-auth
+```
+
+Create the profile automatically if missing:
+
+```bash
+codex-quota login personal --create
+```
+
+Combine both when bootstrapping a remote profile in one step:
+
+```bash
+codex-quota login personal --create --device-auth
+```
+
+---
+
+## Status
+
+All profiles:
+
+```bash
+codex-quota status
+```
+
+Single profile:
+
+```bash
+codex-quota status personal
+```
+
+JSON output:
+
+```bash
+codex-quota status --json
+```
+
+Example human-readable output:
+
+```
+Profile   Status   5h Left   Week Left
+personal  OK       99%       69%
+work      OK       74%       52%
+```
+
+Default JSON is safe for CI logs and automation:
+
+- No absolute profile paths
+- No raw `rateLimits` payload
+- No plan or credits metadata unless explicitly requested
+
+Opt in to the extra fields only when you need them:
+
+```bash
+codex-quota status --json --json-paths --json-raw
+```
+
+Quota lockout detection uses `rateLimitReachedType != null`. The tool does not infer lockout solely from `usedPercent == 100`.
+
+---
+
+## Check command
+
+Automation-oriented health check:
+
+```bash
+codex-quota check
+```
+
+Single profile:
+
+```bash
+codex-quota check personal
+```
+
+Exit codes:
+
+| Code | Meaning |
+|------|---------|
+| 0 | Selected profiles are authenticated, readable, and not quota-blocked |
+| 2 | Codex missing, auth missing/expired, app-server failure, quota block, or no selected profiles found |
+
+---
+
+## Exec
+
+Run Codex under a selected profile:
+
+```bash
+codex-quota exec personal "Reply with exactly: ok"
+```
+
+Disable forced JSON output:
+
+```bash
+codex-quota exec personal "Say hello" --raw
+```
+
+`exec` now respects the user's existing Codex config and rules by default instead of disabling them.
+
+---
+
+## TUI
+
+Launch:
+
+```bash
+codex-quota tui
+```
+
+Custom refresh interval:
+
+```bash
+codex-quota tui --refresh 15
+```
+
+The TUI uses Textual and dynamically discovers profiles from the filesystem.
+
+Available commands:
+
+```
+refresh
+login <profile> [--device-auth]
+exec <profile> <prompt>
+quit
+```
+
+---
+
+## Internal quota API
+
+Status collection launches:
+
+```bash
+CODEX_HOME=<profile-home> codex app-server --stdio
+```
+
+Then performs the following JSON-RPC sequence:
+
+```
+1. initialize
+2. initialized
+3. account/rateLimits/read
+```
+
+Responses are normalized for display and safe JSON output. Raw API values are available only through explicit `--json-raw`.
+
+## License
+
+MIT License