ndycode · ndycode · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
@@ -4,6 +4,7 @@ import { DESTRUCTIVE_ACTION_COPY } from "./destructive-actions.js";
 import type { AccountIdSource } from "./types.js";
 import {
 	type AccountStatus,
+	type AuthMenuReadOnlyRow,
 	isTTY,
 	showAccountDetails,
 	showAuthMenu,
@@ -94,6 +95,7 @@ export interface ExistingAccountInfo {
 
 export interface LoginMenuOptions {
 	flaggedCount?: number;
+	healthSummary?: AuthMenuReadOnlyRow;
 	statusMessage?: string | (() => string | undefined);
 }
 
@@ -270,6 +272,7 @@ export async function promptLoginMode(
 	while (true) {
 		const action = await showAuthMenu(existingAccounts, {
 			flaggedCount: options.flaggedCount ?? 0,
+			healthSummary: options.healthSummary,
 			statusMessage: options.statusMessage,
 		});
 

@@ -1,3 +1,4 @@
+import { createHash } from "node:crypto";
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { promises as fs, existsSync } from "node:fs";
@@ -90,6 +91,10 @@ import {
 	getCodexCliConfigPath,
 	loadCodexCliState,
 } from "./codex-cli/state.js";
+import {
+	getLastCodexCliSyncRun,
+	getLatestCodexCliSyncRollbackPlan,
+} from "./codex-cli/sync.js";
 import { setCodexCliActiveSelection } from "./codex-cli/writer.js";
 import { ANSI } from "./ui/ansi.js";
 import { confirm } from "./ui/confirm.js";
@@ -3350,6 +3355,17 @@ interface DoctorFixAction {
 	message: string;
 }
 
+interface DashboardHealthSummary {
+	label: string;
+	hint?: string;
+}
+
+interface DoctorReadOnlySummary {
+	severity: DoctorSeverity;
+	label: string;
+	hint: string;
+}
+
 function hasPlaceholderEmail(value: string | undefined): boolean {
 	if (!value) return false;
 	const email = value.trim().toLowerCase();
@@ -3392,6 +3408,14 @@ function getDoctorRefreshTokenKey(
 	return trimmed || undefined;
 }
 
+function getReadOnlyDoctorRefreshTokenFingerprint(
+	refreshToken: unknown,
+): string | undefined {
+	const token = getDoctorRefreshTokenKey(refreshToken);
+	if (!token) return undefined;
+	return createHash("sha256").update(token).digest("hex").slice(0, 12);
+}
+
 function applyDoctorFixes(storage: AccountStorageV3): { changed: boolean; actions: DoctorFixAction[] } {
 	let changed = false;
 	const actions: DoctorFixAction[] = [];
@@ -3925,6 +3949,300 @@ async function runDoctor(args: string[]): Promise<number> {
 	return summary.error > 0 ? 1 : 0;
 }
 
+function formatCountNoun(
+	count: number,
+	singular: string,
+	plural = `${singular}s`,
+): string {
+	return `${count} ${count === 1 ? singular : plural}`;
+}
+
+function summarizeLatestCodexCliSyncState(): {
+	label: string;
+	hint: string;
+} {
+	const latestRun = getLastCodexCliSyncRun();
+	if (!latestRun) {
+		return {
+			label: "none",
+			hint: "No Codex CLI sync result recorded yet.",
+		};
+	}
+
+	const outcomeLabel =
+		latestRun.outcome === "changed"
+			? "changed"
+			: latestRun.outcome === "noop"
+				? "noop"
+				: latestRun.outcome === "disabled"
+					? "disabled"
+					: latestRun.outcome === "unavailable"
+						? "unavailable"
+						: "error";
+	const when = formatRelativeDateShort(latestRun.runAt);
+	const counts = [
+		latestRun.summary.addedAccountCount > 0
+			? `add ${latestRun.summary.addedAccountCount}`
+			: null,
+		latestRun.summary.updatedAccountCount > 0
+			? `update ${latestRun.summary.updatedAccountCount}`
+			: null,
+		latestRun.summary.destinationOnlyPreservedCount > 0
+			? `preserve ${latestRun.summary.destinationOnlyPreservedCount}`
+			: null,
+		latestRun.summary.selectionChanged ? "selection changed" : null,
+	].filter((value): value is string => value !== null);
+	const hintParts = [
+		`Latest sync ${outcomeLabel}${when ? ` ${when}` : ""}`,
+		counts.length > 0 ? counts.join(" | ") : "no account deltas recorded",
+		latestRun.message?.trim() || undefined,
+	].filter((value): value is string => Boolean(value));
+
+	return {
+		label: `${outcomeLabel}${when ? ` ${when}` : ""}`,
+		hint: hintParts.join(" | "),
+	};
+}
+
+function summarizeReadOnlyDoctorState(
+	storage: AccountStorageV3 | null,
+): DoctorReadOnlySummary {
+	if (!storage || storage.accounts.length === 0) {
+		return {
+			severity: "warn",
+			label: "setup pending",
+			hint: "No accounts are configured yet.",
+		};
+	}
+
+	const warnings: string[] = [];
+	const errors: string[] = [];
+	const rawActiveCandidate =
+		storage.activeIndexByFamily?.codex ?? storage.activeIndex;
+	const normalizedActiveCandidate = Number.isFinite(rawActiveCandidate)
+		? Math.trunc(rawActiveCandidate)
+		: Number.NaN;
+	const activeExists =
+		normalizedActiveCandidate >= 0 &&
+		normalizedActiveCandidate < storage.accounts.length;
+	if (!activeExists) {
+		errors.push("active index is out of range");
+	}
+
+	const disabledCount = storage.accounts.filter(
+		(account) => account.enabled === false,
+	).length;
+	if (disabledCount >= storage.accounts.length) {
+		errors.push("all accounts are disabled");
+	} else if (disabledCount > 0) {
+		warnings.push(`${disabledCount} disabled`);
+	}
+
+	const seenRefreshTokens = new Set<string>();
+	let duplicateTokenCount = 0;
+	let placeholderEmailCount = 0;
+	let likelyInvalidRefreshTokenCount = 0;
+	for (const account of storage.accounts) {
+		const token = getReadOnlyDoctorRefreshTokenFingerprint(
+			account.refreshToken,
+		);
+		if (token) {
+			if (seenRefreshTokens.has(token)) {
+				duplicateTokenCount += 1;
+			} else {
+				seenRefreshTokens.add(token);
+			}
+		}
+		if (hasPlaceholderEmail(account.email)) {
+			placeholderEmailCount += 1;
+		}
+		if (hasLikelyInvalidRefreshToken(account.refreshToken)) {
+			likelyInvalidRefreshTokenCount += 1;
+		}
+	}
+	if (duplicateTokenCount > 0) {
+		warnings.push(formatCountNoun(duplicateTokenCount, "duplicate token"));
+	}
+	if (placeholderEmailCount > 0) {
+		warnings.push(formatCountNoun(placeholderEmailCount, "placeholder email"));
+	}
+	if (likelyInvalidRefreshTokenCount > 0) {
+		warnings.push(
+			formatCountNoun(likelyInvalidRefreshTokenCount, "invalid refresh token"),
+		);
+	}
+
+	if (errors.length > 0) {
+		return {
+			severity: "error",
+			label: formatCountNoun(errors.length, "error"),
+			hint: errors.concat(warnings).join(" | "),
+		};
+	}
+	if (warnings.length > 0) {
+		return {
+			severity: "warn",
+			label: formatCountNoun(warnings.length, "warning"),
+			hint: warnings.join(" | "),
+		};
+	}
+	return {
+		severity: "ok",
+		label: "ok",
+		hint: "No read-only doctor issues detected.",
+	};
+}
+
+function logLoginMenuHealthSummaryWarning(
+	context: string,
+	error: unknown,
+): void {
+	const errorLabel = getRedactedFilesystemErrorLabel(error);
+	log.warn(`${context} [${errorLabel}]`);
+}
+
+function formatLoginMenuRollbackHint(
+	rollbackPlan: Awaited<ReturnType<typeof getLatestCodexCliSyncRollbackPlan>>,
+	rollbackPlanLoadFailed = false,
+): string {
+	if (rollbackPlanLoadFailed) {
+		return "rollback state unavailable";
+	}
+	if (rollbackPlan.status === "ready") {
+		const accountCount = rollbackPlan.accountCount;
+		if (
+			typeof accountCount === "number" &&
+			Number.isFinite(accountCount) &&
+			accountCount >= 0
+		) {
+			return `checkpoint ready for ${Math.trunc(accountCount)} account(s)`;
+		}
+		return "checkpoint ready";
+	}
+	const reason = collapseWhitespace(rollbackPlan.reason);
+	if (reason.toLowerCase().includes("unavailable")) {
+		return reason;
+	}
+	return rollbackPlan.snapshot ? "checkpoint unavailable" : "no rollback checkpoint available";
+}
+
+async function buildLoginMenuHealthSummary(
+	storage: AccountStorageV3,
+): Promise<DashboardHealthSummary | null> {
+	if (storage.accounts.length === 0) {
+		return null;
+	}
+	const enabledCount = storage.accounts.filter(
+		(account) => account.enabled !== false,
+	).length;
+	const disabledCount = storage.accounts.length - enabledCount;
+	let actionableRestores: Awaited<
+		ReturnType<typeof getActionableNamedBackupRestores>
+	> = {
+		assessments: [],
+		allAssessments: [],
+		totalBackups: 0,
+	};
+	let rollbackPlan: Awaited<
+		ReturnType<typeof getLatestCodexCliSyncRollbackPlan>
+	> = {
+		status: "unavailable",
+		reason: "rollback state unavailable",
+		snapshot: null,
+	};
+	let rollbackPlanLoadFailed = false;
+	let restoreStateUnavailable = false;
+	let syncSummary = {
+		label: "unknown",
+		hint: "Sync state unavailable.",
+	};
+	let doctorSummary: DoctorReadOnlySummary = {
+		severity: "warn",
+		label: "unknown",
+		hint: "Doctor state unavailable.",
+	};
+	const [restoresResult, rollbackResult] = await Promise.allSettled([
+		getActionableNamedBackupRestores({
+			currentStorage: storage,
+		}),
+		getLatestCodexCliSyncRollbackPlan(),
+	]);
+	if (restoresResult.status === "fulfilled") {
+		actionableRestores = restoresResult.value;
+	} else {
+		restoreStateUnavailable = true;
+		logLoginMenuHealthSummaryWarning(
+			"Failed to load login menu restore health summary state",
+			restoresResult.reason,
+		);
+	}
+	if (rollbackResult.status === "fulfilled") {
+		rollbackPlan = rollbackResult.value;
+	} else {
+		rollbackPlanLoadFailed = true;
+		logLoginMenuHealthSummaryWarning(
+			"Failed to load login menu rollback health summary state",
+			rollbackResult.reason,
+		);
+	}
+	try {
+		syncSummary = summarizeLatestCodexCliSyncState();
+	} catch (error) {
+		logLoginMenuHealthSummaryWarning(
+			"Failed to summarize login menu sync state",
+			error,
+		);
+	}
+	try {
+		doctorSummary = summarizeReadOnlyDoctorState(storage);
+	} catch (error) {
+		logLoginMenuHealthSummaryWarning(
+			"Failed to summarize login menu doctor state",
+			error,
+		);
+	}
+	const rollbackHint = formatLoginMenuRollbackHint(
+		rollbackPlan,
+		rollbackPlanLoadFailed,
+	);
+	const rollbackUnavailable =
+		rollbackPlanLoadFailed ||
+		rollbackPlan.snapshot !== null ||
+		collapseWhitespace(rollbackPlan.reason).toLowerCase().includes("unavailable");
+	const restoreLabel =
+		restoreStateUnavailable
+			? "unavailable"
+			: actionableRestores.totalBackups > 0
+			? `${actionableRestores.assessments.length}/${actionableRestores.totalBackups} ready`
+			: "none";
+	const rollbackLabel =
+		rollbackPlan.status === "ready"
+			? "ready"
+			: rollbackUnavailable
+				? "unavailable"
+				: "none";
+	const accountLabel =
+		disabledCount > 0
+			? `${enabledCount}/${storage.accounts.length} enabled`
+			: `${storage.accounts.length} active`;
+	const hintParts = [
+		`Accounts: ${enabledCount} enabled / ${disabledCount} disabled / ${storage.accounts.length} total`,
+		`Sync: ${syncSummary.hint}`,
+		restoreStateUnavailable
+			? "Restore backups: state unavailable"
+			: `Restore backups: ${actionableRestores.assessments.length} actionable of ${actionableRestores.totalBackups} total`,
+		`Rollback: ${rollbackHint}`,
+		`Doctor: ${doctorSummary.hint}`,
+	];
+
+	return {
+		label:
+			`Pool ${accountLabel} | Sync ${syncSummary.label} | Restore ${restoreLabel} | ` +
+			`Rollback ${rollbackLabel} | Doctor ${doctorSummary.label}`,
+		hint: hintParts.join(" | "),
+	};
+}
+
 async function handleManageAction(
 	storage: AccountStorageV3,
 	menuResult: Awaited<ReturnType<typeof promptLoginMode>>,
@@ -4061,12 +4379,16 @@ async function runAuthLogin(): Promise<number> {
 							});
 					}
 				}
-			const flaggedStorage = await loadFlaggedAccounts();
+			const [flaggedStorage, healthSummary] = await Promise.all([
+				loadFlaggedAccounts(),
+				buildLoginMenuHealthSummary(currentStorage),
+			]);
 
 			const menuResult = await promptLoginMode(
 				toExistingAccountInfo(currentStorage, quotaCache, displaySettings),
 				{
 					flaggedCount: flaggedStorage.accounts.length,
+					healthSummary: healthSummary ?? undefined,
 					statusMessage: showFetchStatus ? () => menuQuotaRefreshStatus : undefined,
 				},
 			);