feat(acc-ui): Group export to a unified dialog like export oauth

[huzky-v]

Summary

Unifies the two separate Export buttons (Codex format and OpenCode auth) on the Accounts page into a single "Export" button that opens a modal with a format-mode dropdown selector. The backend gets a new combined endpoint POST /api/accounts/{id}/export/auth returning structured tokens plus both Codex and OpenCode auth.json payloads in one response.

Type of change

• feat: — new user-facing feature or capability

Linked issue:

OpenSpec

• This PR includes / updates an OpenSpec change
• Not applicable — bug fix that matches the existing spec
• Not applicable — docs / CI / chore only
• This PR touches a codex-faithful path (image pipeline, request/response
  shape, SSE framing, OAuth flow) and preserves upstream-equivalent behavior

Change directory: openspec/changes/unify-auth-export/

Changes

• Backend: New POST /api/accounts/{id}/export/auth endpoint returning structured tokens (id_token, access_token, refresh_token, expires_at_ms) plus both codexAuthJson and opencodeAuthJson objects in one response
• Backend: New AccountAuthExportTokens, AccountAuthExportResponse, CodexAuthTokens, CodexAuthJson schemas in app/modules/accounts/schemas.py
• Backend: New export_auth() service method combining logic from export_account and export_opencode_auth
• Frontend: New AuthExportDialog component (derived from OpenCodeAuthExportDialog) with mode dropdown ("codex" / "opencode", default "codex"), Codex-mode token previews (id_token / access_token / refresh_token), context-aware auth.json block, and no-re-fetch mode switching
• Frontend: New AccountAuthExportResponseSchema and related sub-schemas in schemas.ts
• Frontend: New exportAccountAuth() API function and exportAuthMutation replacing exportMutation and exportOpenCodeAuthMutation
• Frontend: AccountActions collapsed to single "Export" button; AccountDetail and AccountsPage props simplified
• Deprecation: Old POST /export and POST /export/opencode-auth endpoints retained for backward compatibility, no frontend consumers

Test plan

# Backend integration tests
uv run pytest tests/integration/test_account_auth_export.py -v
============================== 2 passed in 0.34s ==============================

# Frontend tests (all 77 files, 452 tests pass)
cd frontend && npx vitest run
# Test Files  77 passed (77)
#      Tests  452 passed (452)

Checklist

• Title is in Conventional Commits format (<type>(<scope>)?: <subject>).
• Linked the related issue / discussion above.
• Added or updated tests covering the change.
• Ran uv run pre-commit run local-ci --hook-stage manual --all-files or the relevant make <target> subset locally.
• If touching specs: openspec validate --specs passes and /opsx:verify is clean.
• CHANGELOG is not edited by hand (release-please handles it).

[Soju06]

@codex review

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

[huzky-v]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 63d3a98296

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[huzky-v]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 48377d398d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[huzky-v]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c20c5706ac

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[huzky-v]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Breezy!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[DongwonTTuna]

Code review notes (analysis only — no approval/changes-requested). Four points below: 2 medium dead-code cleanups and 2 low-severity notes.

[huzky-v]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Chef's kiss.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Komzpa]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. You're on a roll.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Soju06]

Hermes owner-review follow-up: I still see two merge-blocking issues on the current head (94e529b4):

1. OpenSpec/API contract mismatch: openspec/changes/unify-auth-export/specs/unified-auth-export/spec.md says the combined endpoint's top-level tokens response includes id_token, access_token, refresh_token, and expires_at_ms, but the actual dashboard response serializes AccountAuthExportTokens through DashboardModel as idToken, accessToken, refreshToken, and expiresAtMs (app/modules/accounts/schemas.py, confirmed by tests/integration/test_account_auth_export.py). Either update the OpenSpec delta to document the camelCase dashboard response, or add explicit aliases if snake_case is intended.

2. Privacy mode is still bypassed in the new dialog: frontend/src/features/accounts/components/auth-export-dialog.tsx renders exportData.account.email directly in the modal. The Accounts list/detail paths use usePrivacyStore + privacy-blur for account emails, so users who enabled Hide emails can still leak the account email when opening the now-default Export flow. The earlier Codex thread was resolved, but current head does not appear to implement an equivalent blur/follow-up.

Everything else I checked looked healthy: strict OpenSpec validation, focused backend/frontend tests, frontend typecheck/lint/build, and a local current-main merge probe all passed. Please fix or explicitly record the intended maintainer waiver/follow-up before merge.

[Komzpa]

Folded into #865, which is now rebuilt on main at 031df675dd8dfb3bffa80203b994177fda6d0f4b.

Current #865 status:

• CI is green for the current head.
• The current-head Codex review is clean.
• The folded accounts-identity branch now carries this PR's reviewable scope together with the related account/workspace identity repairs.

Closing this PR to keep the remaining merge queue main-based and non-overlapping.