codex-switch manages local Codex/ChatGPT auth files. Treat the data below as sensitive:
~/.codex-switch/state.jsonstores account labels, email metadata, and usage snapshots.~/.codex-switch/profiles/<account-id>/auth.jsonstores per-account Codex auth tokens.~/.codex-switch/backups/stores backups of replaced~/.codex/auth.jsonfiles.
On supported POSIX systems, the app creates managed directories with 0700 permissions and writes or copies managed state/auth files with 0600 permissions. Existing managed files are tightened the next time the app reads, writes, or copies them.
Do not commit ~/.codex/auth.json, ~/.codex-switch/, or any copied auth.json files. If an auth file is exposed, revoke or refresh that Codex/ChatGPT session before continuing to use the account.
The CLI reads local Codex auth data and calls OpenAI/ChatGPT usage endpoints to show rate-limit status. If live usage calls fail, it may read local Codex session logs to display the most recent available usage snapshot.
Please do not include tokens, auth files, or private account data in public issues. Use GitHub private vulnerability reporting for this repository when available, or open a minimal public issue asking for a private contact path.