qoder-autopilot 0.2.2__tar.gz → 0.3.1__tar.gz

{qoder_autopilot-0.2.2 → qoder_autopilot-0.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qoder-autopilot
-Version: 0.2.2
+Version: 0.3.1
 Summary: Automated Qoder account registration with anti-detect browser, captcha solving (AI + OpenCV), and 9Router OAuth integration.
 Project-URL: Homepage, https://github.com/Daivageralda/qoder-autopilot
 Project-URL: Repository, https://github.com/Daivageralda/qoder-autopilot
@@ -30,14 +30,17 @@ Requires-Dist: pydantic>=2.0
 Requires-Dist: python-dotenv>=1.0
 Requires-Dist: requests>=2.28
 Provides-Extra: all
+Requires-Dist: fastapi>=0.100; extra == 'all'
 Requires-Dist: numpy>=1.24; extra == 'all'
 Requires-Dist: openai>=1.0; extra == 'all'
 Requires-Dist: opencv-python-headless>=4.8; extra == 'all'
+Requires-Dist: uvicorn[standard]>=0.23; extra == 'all'
 Provides-Extra: captcha
 Requires-Dist: numpy>=1.24; extra == 'captcha'
 Requires-Dist: openai>=1.0; extra == 'captcha'
 Requires-Dist: opencv-python-headless>=4.8; extra == 'captcha'
 Provides-Extra: dev
+Requires-Dist: fastapi>=0.100; extra == 'dev'
 Requires-Dist: mypy>=1.0; extra == 'dev'
 Requires-Dist: numpy>=1.24; extra == 'dev'
 Requires-Dist: openai>=1.0; extra == 'dev'
@@ -46,6 +49,10 @@ Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
 Requires-Dist: pytest-cov>=4.0; extra == 'dev'
 Requires-Dist: pytest>=7.0; extra == 'dev'
 Requires-Dist: ruff>=0.4; extra == 'dev'
+Requires-Dist: uvicorn[standard]>=0.23; extra == 'dev'
+Provides-Extra: relay
+Requires-Dist: fastapi>=0.100; extra == 'relay'
+Requires-Dist: uvicorn[standard]>=0.23; extra == 'relay'
 Description-Content-Type: text/markdown
 
 # 🤖 Qoder Autopilot
@@ -55,11 +62,17 @@ Automated [Qoder](https://qoder.com) account registration with anti-detect brows
 > Register Qoder accounts → solve captchas → verify OTP → auto-connect to 9Router. All in one command.
 
 [![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
+[![PyPI version](https://img.shields.io/pypi/v/qoder-autopilot.svg)](https://pypi.org/project/qoder-autopilot/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Camoufox](https://img.shields.io/badge/browser-Camoufox-orange.svg)](https://camoufox.com/)
+[![Tests](https://github.com/Daivageralda/qoder-autopilot/actions/workflows/test.yml/badge.svg)](https://github.com/Daivageralda/qoder-autopilot/actions/workflows/test.yml)
 
 ---
 
+> **📦 Published on PyPI** — [pypi.org/project/qoder-autopilot](https://pypi.org/project/qoder-autopilot/)
+>
+> Install with `pip install qoder-autopilot` — no clone needed.
+
 ## ✨ Features
 
 - **🦊 Anti-detect Browser** — Uses [Camoufox](https://camoufox.com/) (stealth Firefox fork) with C++-level fingerprinting to bypass bot detection
@@ -76,13 +89,26 @@ Automated [Qoder](https://qoder.com) account registration with anti-detect brows
 
 ## 📦 Installation
 
-### From source (recommended)
+### Via pip (recommended)
+
+```bash
+# Basic install (manual captcha only)
+pip install qoder-autopilot
+
+# With AI captcha solver support
+pip install qoder-autopilot[captcha]
+
+# Full install with all extras
+pip install qoder-autopilot[full]
+```
+
+### From source (development)
 
 ```bash
 git clone https://github.com/Daivageralda/qoder-autopilot.git
 cd qoder-autopilot
 
-# Basic install (manual captcha only)
+# Basic install
 pip install -e .
 
 # With AI captcha solver
@@ -92,12 +118,6 @@ pip install -e ".[captcha]"
 pip install -e ".[dev]"
 ```
 
-### Via pip
-
-```bash
-pip install qoder-autopilot
-```
-
 ### Post-install
 
 ```bash
@@ -213,7 +233,7 @@ qoder-autopilot config reset
 | `otp-timeout` | Max seconds to wait for OTP | `20` |
 | `captcha-timeout` | Max seconds for manual captcha | `120` |
 | `parallel-delay` | Delay between parallel accounts (sec) | `30` |
-| `ninerouter-db` | Path to 9Router SQLite DB | `~/.9router/db/data.sqlite` |
+| `ninerouter-db` | Path to 9Router SQLite DB | OS-aware: `~/.9router/db/data.sqlite` (macOS/Linux), `%APPDATA%/9router/db/data.sqlite` (Windows) |
 
 ### Via environment variables
 
@@ -285,6 +305,22 @@ qoder-autopilot/
 └── README.md
 ```
 
+## 🔒 Security
+
+qoder-autopilot takes security seriously:
+
+- **Credential files** — `qoder_accounts.json` saved with `chmod 600` (owner-only)
+- **Config files** — `~/.qoder-autopilot/config.json` and `relay.json` restricted to `600`
+- **Password masking** — passwords never logged to stdout (masked as `••••••••`)
+- **Sensitive field masking** — `config show` masks API keys, tokens, and passwords
+- **File locking** — concurrent credential writes are atomic (safe in `--parallel` mode)
+- **Timing-safe auth** — relay token comparison uses `hmac.compare_digest()`
+- **Rate limiting** — relay server limits to 30 requests/60s per IP
+- **Secure default binding** — relay defaults to `127.0.0.1` (localhost only)
+- **HTTPS warning** — startup warns when relay runs without TLS
+
+> **Recommendation:** For production relay deployments, always use a reverse proxy with HTTPS (nginx/caddy) or an SSH tunnel.
+
 ## 🔗 Related
 
 - [**cf-mail-worker**](https://github.com/Daivageralda/cf-mail-worker) — Self-hosted temp mail API (Cloudflare Workers + D1)

{qoder_autopilot-0.2.2 → qoder_autopilot-0.3.1}/README.md

@@ -5,11 +5,17 @@ Automated [Qoder](https://qoder.com) account registration with anti-detect brows
 > Register Qoder accounts → solve captchas → verify OTP → auto-connect to 9Router. All in one command.
 
 [![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
+[![PyPI version](https://img.shields.io/pypi/v/qoder-autopilot.svg)](https://pypi.org/project/qoder-autopilot/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Camoufox](https://img.shields.io/badge/browser-Camoufox-orange.svg)](https://camoufox.com/)
+[![Tests](https://github.com/Daivageralda/qoder-autopilot/actions/workflows/test.yml/badge.svg)](https://github.com/Daivageralda/qoder-autopilot/actions/workflows/test.yml)
 
 ---
 
+> **📦 Published on PyPI** — [pypi.org/project/qoder-autopilot](https://pypi.org/project/qoder-autopilot/)
+>
+> Install with `pip install qoder-autopilot` — no clone needed.
+
 ## ✨ Features
 
 - **🦊 Anti-detect Browser** — Uses [Camoufox](https://camoufox.com/) (stealth Firefox fork) with C++-level fingerprinting to bypass bot detection
@@ -26,13 +32,26 @@ Automated [Qoder](https://qoder.com) account registration with anti-detect brows
 
 ## 📦 Installation
 
-### From source (recommended)
+### Via pip (recommended)
+
+```bash
+# Basic install (manual captcha only)
+pip install qoder-autopilot
+
+# With AI captcha solver support
+pip install qoder-autopilot[captcha]
+
+# Full install with all extras
+pip install qoder-autopilot[full]
+```
+
+### From source (development)
 
 ```bash
 git clone https://github.com/Daivageralda/qoder-autopilot.git
 cd qoder-autopilot
 
-# Basic install (manual captcha only)
+# Basic install
 pip install -e .
 
 # With AI captcha solver
@@ -42,12 +61,6 @@ pip install -e ".[captcha]"
 pip install -e ".[dev]"
 ```
 
-### Via pip
-
-```bash
-pip install qoder-autopilot
-```
-
 ### Post-install
 
 ```bash
@@ -163,7 +176,7 @@ qoder-autopilot config reset
 | `otp-timeout` | Max seconds to wait for OTP | `20` |
 | `captcha-timeout` | Max seconds for manual captcha | `120` |
 | `parallel-delay` | Delay between parallel accounts (sec) | `30` |
-| `ninerouter-db` | Path to 9Router SQLite DB | `~/.9router/db/data.sqlite` |
+| `ninerouter-db` | Path to 9Router SQLite DB | OS-aware: `~/.9router/db/data.sqlite` (macOS/Linux), `%APPDATA%/9router/db/data.sqlite` (Windows) |
 
 ### Via environment variables
 
@@ -235,6 +248,22 @@ qoder-autopilot/
 └── README.md
 ```
 
+## 🔒 Security
+
+qoder-autopilot takes security seriously:
+
+- **Credential files** — `qoder_accounts.json` saved with `chmod 600` (owner-only)
+- **Config files** — `~/.qoder-autopilot/config.json` and `relay.json` restricted to `600`
+- **Password masking** — passwords never logged to stdout (masked as `••••••••`)
+- **Sensitive field masking** — `config show` masks API keys, tokens, and passwords
+- **File locking** — concurrent credential writes are atomic (safe in `--parallel` mode)
+- **Timing-safe auth** — relay token comparison uses `hmac.compare_digest()`
+- **Rate limiting** — relay server limits to 30 requests/60s per IP
+- **Secure default binding** — relay defaults to `127.0.0.1` (localhost only)
+- **HTTPS warning** — startup warns when relay runs without TLS
+
+> **Recommendation:** For production relay deployments, always use a reverse proxy with HTTPS (nginx/caddy) or an SSH tunnel.
+
 ## 🔗 Related
 
 - [**cf-mail-worker**](https://github.com/Daivageralda/cf-mail-worker) — Self-hosted temp mail API (Cloudflare Workers + D1)

{qoder_autopilot-0.2.2 → qoder_autopilot-0.3.1}/pyproject.toml

@@ -9,7 +9,7 @@ build-backend = "hatchling.build"
 # ── Project Metadata ──────────────────────────────
 [project]
 name = "qoder-autopilot"
-version = "0.2.2"
+version = "0.3.1"
 description = "Automated Qoder account registration with anti-detect browser, captcha solving (AI + OpenCV), and 9Router OAuth integration."
 readme = "README.md"
 license = "MIT"
@@ -53,9 +53,14 @@ captcha = [
     "numpy>=1.24",
     "openai>=1.0",
 ]
+# Relay server for remote 9Router integration
+relay = [
+    "fastapi>=0.100",
+    "uvicorn[standard]>=0.23",
+]
 # Install everything
 all = [
-    "qoder-autopilot[captcha]",
+    "qoder-autopilot[captcha,relay]",
 ]
 # Development dependencies
 dev = [
@@ -122,6 +127,10 @@ known-first-party = ["qoder_autopilot"]
 [tool.pytest.ini_options]
 testpaths = ["tests"]
 asyncio_mode = "auto"
+norecursedirs = ["src", "node_modules", ".venv", "*.egg-info"]
+python_files = ["test_*.py"]
+python_classes = ["Test*"]
+python_functions = ["test_*"]
 markers = [
     "slow: marks tests as slow (deselect with '-m \"not slow\"')",
     "integration: marks tests that require external services",

{qoder_autopilot-0.2.2 → qoder_autopilot-0.3.1}/src/qoder_autopilot/__init__.py

@@ -12,7 +12,7 @@ Quick start::
     result = asyncio.run(run_one(manual_captcha=True))
 """
 
-__version__ = "0.1.0"
+__version__ = "0.3.1"
 
 from .captcha import CaptchaSolver
 from .cli import run_one

qoder_autopilot-0.3.1/src/qoder_autopilot/browser/window_tiler.py

@@ -0,0 +1,246 @@
+"""
+Qoder Autopilot — Window Grid Tiling
+======================================
+Tile Camoufox browser windows into a 2×2 grid layout.
+Supports macOS (AppleScript) and Windows (Win32 API via ctypes).
+
+Grid layout:
+    ┌──────────┬──────────┐
+    │  Slot 1  │  Slot 2  │  (top row)
+    ├──────────┼──────────┤
+    │  Slot 3  │  Slot 4  │  (bottom row)
+    └──────────┴──────────┘
+
+Windows cycle through slots: 5th window → slot 1, 6th → slot 2, etc.
+"""
+
+import platform
+import subprocess
+
+from ..logger import log
+
+_screen_size_cache: tuple[int, int] | None = None
+
+
+def get_screen_size() -> tuple[int, int]:
+    """Get main screen dimensions (cached).
+
+    macOS: Uses AppleScript (osascript).
+    Windows: Uses ctypes Win32 API (GetSystemMetrics).
+    Linux: Falls back to 1920×1080.
+
+    Returns:
+        Tuple of (width, height) in pixels.
+    """
+    global _screen_size_cache
+    if _screen_size_cache:
+        return _screen_size_cache
+
+    system = platform.system()
+
+    if system == "Darwin":
+        try:
+            result = subprocess.run(
+                [
+                    "osascript",
+                    "-e",
+                    'tell application "Finder" to get bounds of window of desktop',
+                ],
+                capture_output=True,
+                text=True,
+                timeout=5,
+            )
+            parts = [int(x.strip()) for x in result.stdout.strip().split(",")]
+            _screen_size_cache = (parts[2], parts[3])
+        except Exception:
+            _screen_size_cache = (1920, 1080)
+
+    elif system == "Windows":
+        try:
+            import ctypes
+
+            user32 = ctypes.windll.user32  # type: ignore[attr-defined]
+            SM_CXSCREEN = 0  # noqa: N806
+            SM_CYSCREEN = 1  # noqa: N806
+            w = user32.GetSystemMetrics(SM_CXSCREEN)
+            h = user32.GetSystemMetrics(SM_CYSCREEN)
+            _screen_size_cache = (w, h)
+        except Exception:
+            _screen_size_cache = (1920, 1080)
+
+    else:
+        # Linux / other — fallback
+        _screen_size_cache = (1920, 1080)
+
+    return _screen_size_cache
+
+
+def _tile_macos(sw: int, sh: int) -> None:
+    """Tile Camoufox windows on macOS using AppleScript."""
+    half_w = sw // 2
+    half_h = sh // 2
+    menubar = 25
+
+    # Grid positions: (left, top, right, bottom)
+    g = [
+        (0, menubar, half_w, half_h + menubar),
+        (half_w, menubar, sw, half_h + menubar),
+        (0, half_h + menubar, half_w, sh),
+        (half_w, half_h + menubar, sw, sh),
+    ]
+
+    grid_str = (
+        "{"
+        + "{"
+        + f"{g[0][0]}, {g[0][1]}, {g[0][2]}, {g[0][3]}"
+        + "}, "
+        + "{"
+        + f"{g[1][0]}, {g[1][1]}, {g[1][2]}, {g[1][3]}"
+        + "}, "
+        + "{"
+        + f"{g[2][0]}, {g[2][1]}, {g[2][2]}, {g[2][3]}"
+        + "}, "
+        + "{"
+        + f"{g[3][0]}, {g[3][1]}, {g[3][2]}, {g[3][3]}"
+        + "}"
+        + "}"
+    )
+
+    script = f"""
+    tell application "camoufox"
+        set winCount to count of windows
+        set grid to {grid_str}
+        repeat with i from 1 to winCount
+            set posIdx to ((i - 1) mod 4) + 1
+            set bounds of window i to item posIdx of grid
+        end repeat
+        return winCount
+    end tell
+    """
+
+    try:
+        result = subprocess.run(
+            ["osascript", "-e", script],
+            capture_output=True,
+            text=True,
+            timeout=10,
+        )
+        count = result.stdout.strip()
+        log(f"   🪟 Tiled {count} Camoufox windows into 2×2 grid")
+    except Exception as e:
+        log(f"   ⚠️ Grid tiling failed: {e}", "WARN")
+
+
+def _tile_windows(sw: int, sh: int) -> None:
+    """Tile Camoufox windows on Windows using Win32 API via ctypes.
+
+    Enumerates all top-level windows, filters by title containing 'camoufox'
+    or 'firefox' (Camoufox is Firefox-based), then positions them in a 2×2 grid.
+    """
+    import ctypes
+    from ctypes import wintypes
+
+    user32 = ctypes.windll.user32  # type: ignore[attr-defined]
+
+    # Win32 constants
+    SWP_NOZORDER = 0x0004  # noqa: N806
+    SWP_NOACTIVATE = 0x0010  # noqa: N806
+    GW_OWNER = 4  # noqa: N806
+    WS_VISIBLE = 0x10000000  # noqa: N806
+
+    # Grid positions
+    half_w = sw // 2
+    half_h = sh // 2
+    taskbar_h = 48  # approximate Windows taskbar height
+
+    grid = [
+        (0, 0, half_w, half_h),  # top-left
+        (half_w, 0, half_w, half_h),  # top-right
+        (0, half_h, half_w, half_h - taskbar_h),  # bottom-left
+        (half_w, half_h, half_w, half_h - taskbar_h),  # bottom-right
+    ]
+
+    # Callback type for EnumWindows
+    WNDENUMPROC = ctypes.WINFUNCTYPE(  # type: ignore[attr-defined]  # noqa: N806
+        wintypes.BOOL,
+        wintypes.HWND,
+        wintypes.LPARAM,
+    )
+
+    found_windows: list[int] = []
+
+    def enum_callback(hwnd: int, _lparam: int) -> bool:
+        """Collect visible top-level windows with Camoufox/Firefox in title."""
+        # Skip invisible windows
+        style = user32.GetWindowLongW(hwnd, -16)  # GWL_STYLE
+        if not (style & WS_VISIBLE):
+            return True
+
+        # Skip child/owned windows (only want top-level)
+        owner = user32.GetWindow(hwnd, GW_OWNER)
+        if owner:
+            return True
+
+        # Get window title
+        length = user32.GetWindowTextLengthW(hwnd)
+        if length == 0:
+            return True
+        buf = ctypes.create_unicode_buffer(length + 1)
+        user32.GetWindowTextW(hwnd, buf, length + 1)
+        title = buf.value.lower()
+
+        # Match Camoufox windows (title contains 'camoufox' or 'firefox')
+        if "camoufox" in title or "firefox" in title:
+            found_windows.append(hwnd)
+
+        return True
+
+    try:
+        # Enumerate all windows
+        user32.EnumWindows(WNDENUMPROC(enum_callback), 0)
+
+        if not found_windows:
+            log("   ⚠️ No Camoufox windows found for tiling", "WARN")
+            return
+
+        # Position each window in the grid
+        count = 0
+        for i, hwnd in enumerate(found_windows):
+            slot = i % 4
+            x, y, w, h = grid[slot]
+
+            # SetWindowPos: move and resize
+            user32.SetWindowPos(
+                hwnd,
+                None,
+                x,
+                y,
+                w,
+                h,
+                SWP_NOZORDER | SWP_NOACTIVATE,
+            )
+            count += 1
+
+        log(f"   🪟 Tiled {count} Camoufox windows into 2×2 grid (Windows)")
+
+    except Exception as e:
+        log(f"   ⚠️ Windows grid tiling failed: {e}", "WARN")
+
+
+def tile_all_camoufox_windows() -> None:
+    """Tile ALL open Camoufox windows into a 2×2 grid.
+
+    Call this after all browsers have been launched.
+    Supports macOS (AppleScript) and Windows (Win32 API).
+    Linux is not supported (falls back to no-op).
+    """
+    system = platform.system()
+    if system not in ("Darwin", "Windows"):
+        return
+
+    sw, sh = get_screen_size()
+
+    if system == "Darwin":
+        _tile_macos(sw, sh)
+    elif system == "Windows":
+        _tile_windows(sw, sh)

{qoder_autopilot-0.2.2 → qoder_autopilot-0.3.1}/src/qoder_autopilot/cli.py

@@ -70,7 +70,7 @@ async def run_one(
     # 2. Generate identity
     log("📋 Step 2/4: Generating identity...")
     ident = gen_identity()
-    log_ok(f"{ident['display_name']} | pw: {ident['password']}")
+    log_ok(f"{ident['display_name']} | pw: {'•' * 8}")
 
     # 3. Register + verify
     log("📋 Step 3/4: OAuth register + device token flow...")
@@ -266,6 +266,10 @@ def main() -> None:
             deploy_worker()
             return
 
+        if sub == "relay":
+            _handle_relay_command(sys.argv[2:])
+            return
+
     # ── First-run wizard ──
     from .first_run import is_first_run, run_first_run_wizard
 
@@ -375,8 +379,10 @@ def _handle_config_command(argv: list[str]) -> None:
             else:
                 source = "default"
             val_str = str(current) if current else "(empty)"
-            if key.endswith("api_key") and val_str and val_str != "(empty)":
-                val_str = val_str[:8] + "..." + val_str[-4:] if len(val_str) > 12 else "***"
+            # Mask sensitive fields (API keys, tokens, passwords)
+            sensitive_suffixes = ("api_key", "token", "password", "secret")
+            if any(key.endswith(s) for s in sensitive_suffixes) and val_str not in ("(empty)", ""):
+                val_str = val_str[:4] + "••••" + val_str[-4:] if len(val_str) > 8 else "***"
             print(f"  {info['cli_flag']:<23} {val_str:<50} {source}")
         print()
         print(f"Config file: {CONFIG_FILE}")
@@ -429,3 +435,49 @@ def _handle_config_command(argv: list[str]) -> None:
         print(f"❌ Unknown command: {cmd}")
         print("Run 'qoder-autopilot config --help' for usage")
         sys.exit(1)
+
+
+def _handle_relay_command(argv: list[str]) -> None:
+    """Handle 'qoder-autopilot relay' subcommand."""
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        prog="qoder-autopilot relay",
+        description="Start relay server for remote 9Router integration",
+    )
+    parser.add_argument(
+        "--host",
+        default="127.0.0.1",
+        help="Bind host (default: 127.0.0.1 — use 0.0.0.0 for external access)",
+    )
+    parser.add_argument(
+        "--port",
+        type=int,
+        default=8765,
+        help="Bind port (default: 8765)",
+    )
+    parser.add_argument(
+        "--token",
+        default=None,
+        help="Custom auth token (default: auto-generate)",
+    )
+    parser.add_argument(
+        "--db",
+        default=None,
+        help="Custom 9Router DB path (default: auto-detect)",
+    )
+
+    if argv and argv[0] in ("-h", "--help"):
+        parser.print_help()
+        return
+
+    args = parser.parse_args(argv)
+
+    from .relay import start_relay
+
+    start_relay(
+        host=args.host,
+        port=args.port,
+        custom_token=args.token,
+        custom_db_path=args.db,
+    )

{qoder_autopilot-0.2.2 → qoder_autopilot-0.3.1}/src/qoder_autopilot/config.py

@@ -150,6 +150,14 @@ class Settings(BaseSettings):
         default_factory=_default_ninerouter_db,
         description="Path to 9Router SQLite database (OS-aware default)",
     )
+    ninerouter_relay_url: str = Field(
+        default="",
+        description="Remote relay server URL (e.g., http://myvps:8765)",
+    )
+    ninerouter_relay_token: str = Field(
+        default="",
+        description="Auth token for relay server",
+    )
 
     # ── AI Captcha (optional) ─────────────────────────────────────────────
     ai_api_key: str = Field(
@@ -203,6 +211,11 @@ class Settings(BaseSettings):
         db_path = os.path.expanduser(self.ninerouter_db)
         return os.path.exists(db_path)
 
+    @property
+    def has_relay(self) -> bool:
+        """Check if remote relay is configured."""
+        return bool(self.ninerouter_relay_url and self.ninerouter_relay_token)
+
     @property
     def ninerouter_db_path(self) -> str:
         """Expanded path to 9Router SQLite database."""

qoder_autopilot-0.3.1/src/qoder_autopilot/credentials.py

@@ -0,0 +1,77 @@
+"""
+Qoder Autopilot — Credential Storage
+======================================
+Save and load registered account credentials to/from JSON.
+
+Security:
+    - File permissions restricted to owner-only (chmod 600)
+    - File locking for concurrent writes in parallel mode
+"""
+
+import fcntl
+import json
+import os
+import stat
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+from . import config
+from .logger import log
+
+
+def save_creds(data: dict[str, Any], path: Path | None = None) -> None:
+    """Append account credentials to the JSON storage file.
+
+    Uses file locking to prevent corruption in parallel mode.
+    File is saved with owner-only permissions (600).
+    """
+    path = path or config.CREDENTIALS_FILE
+
+    # Ensure parent directory exists
+    path.parent.mkdir(parents=True, exist_ok=True)
+
+    # Atomic read-modify-write with file locking
+    with open(path, "a+") as f:
+        fcntl.flock(f, fcntl.LOCK_EX)
+        try:
+            f.seek(0)
+            content = f.read()
+            accounts: list[dict] = []
+            if content:
+                try:
+                    accounts = json.loads(content)
+                except json.JSONDecodeError:
+                    accounts = []
+
+            accounts.append(
+                {
+                    **data,
+                    "created_at": datetime.now(timezone.utc).isoformat(),
+                }
+            )
+
+            f.seek(0)
+            f.truncate()
+            f.write(json.dumps(accounts, indent=2))
+        finally:
+            fcntl.flock(f, fcntl.LOCK_UN)
+
+    # Restrict file permissions: owner read/write only
+    try:
+        os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)  # 0o600
+    except OSError:
+        pass  # Windows may not support
+
+    log(f"   💾 Saved to {path}")
+
+
+def load_creds(path: Path | None = None) -> list[dict[str, Any]]:
+    """Load all stored credentials from the JSON file."""
+    path = path or config.CREDENTIALS_FILE
+    if not path.exists():
+        return []
+    try:
+        return json.loads(path.read_text())
+    except (json.JSONDecodeError, OSError):
+        return []