swapdex reads and writes the OAuth credential files that Claude Code and Codex use to authenticate. It is a local, single-user tool. This document states its trust model and how to report an issue.
- Local only. swapdex makes no network calls. The switching binary has no HTTP client in its dependency graph, and CI asserts this on every commit.
- Your accounts only. It manages the logins already present on your machine. It never creates, shares, or transmits credentials.
- The store holds plaintext refresh tokens.
~/.local/share/swapdexis as sensitive as the live login, times the number of saved accounts. Protect it like~/.ssh. Do not sync it across machines.
- Credential files written by swapdex are mode
0600; the store dir is0700. - Writes are atomic: the temp file is created
0600in the destination's own directory and renamed into place; a cross-filesystem rename fails loudly rather than falling back to a non-atomic copy. - Symlinked credential destinations are refused; running as root for a credential operation is refused.
usebacks up and verifies the current login before overwriting it.- Credential bytes live only inside a
Secrettype that redacts onDebug/Displayand zeroizes on drop. No command prints a token or a home path; the MCP surface is read-only with a field allowlist.
Please open a private security advisory on the GitHub repository (Security -> Report a vulnerability) rather than a public issue. Include the version, platform, and reproduction steps. We aim to acknowledge within a few days.
Reports in these areas get the fastest turnaround:
- Any way a command or the MCP server prints or exfiltrates a credential byte.
- Any way a switch can corrupt, half-write, or lose a login (bypassing the backup-then-apply order or the atomic writes).
- Symlink/ownership/permission games around
~/.claude,~/.codex, or the store. - Anything that would make the binary act as a network client.
Verified issues are fixed in a patch release across all four channels (crates.io, npm, Homebrew, GitHub binaries) and credited in the CHANGELOG unless you prefer otherwise.
- The security of Claude Code / Codex themselves (report to Anthropic/OpenAI).
- Attacks requiring root or an already-compromised user account (swapdex refuses to run as root; a same-user attacker already owns the credential files it manages).