Adds a read-only dashboard surface for the codex-auth profile registry.
Power users can see which profile is active and its decoded email/plan
without leaving the browser; mutations stay CLI-only.
- codex-auth-dashboard-service: builds the response shape (active +
default + profiles[]), reads each profile's auth.json, decodes id_token
via Phase 1 decoder (nested URI claims per C1), 5s in-memory single-key
cache plus exported invalidateCodexAuthProfilesCache() hook for
in-process Phase 2 callers (D7); strict field whitelist — id_token /
access_token / refresh_token NEVER appear in response body or logs
- GET /api/codex/profiles registered INSIDE the
requireLocalAccessWhenAuthDisabled middleware (H6) — emails are PII
and must not leak when dashboard is exposed remotely; integration
test asserts 403 from non-localhost origin
- NEW Auth Profiles tab (D5) in ui/src/pages/codex.tsx — distinct from
the existing codex-profiles-card (which edits config.toml [profiles],
a different concept); active profile + email + plan tier highlighted,
table of all profiles below, disabled Switch/Remove buttons redirect
to terminal commands
- accountId returned by API for power users (curl) but hidden from
the default UI (D6)
- 11 service unit tests + 4 endpoint integration tests, all green