release: ship v1.2.6 forwarded observability fix

Record forwarded Codex request traffic in runtime observability when the child process leaves the snapshot unchanged, and publish the 1.2.6 release notes and version metadata.

Author: ndycode

README.md

@@ -321,8 +321,8 @@ codex auth doctor --json
 
 ## Release Notes
 
-- Current stable: [docs/releases/v1.2.5.md](docs/releases/v1.2.5.md)
-- Recent patch release: [docs/releases/v1.2.4.md](docs/releases/v1.2.4.md)
+- Current stable: [docs/releases/v1.2.6.md](docs/releases/v1.2.6.md)
+- Recent patch release: [docs/releases/v1.2.5.md](docs/releases/v1.2.5.md)
 - Previous stable: [docs/releases/v1.2.2.md](docs/releases/v1.2.2.md)
 - Earlier stable: [docs/releases/v1.2.1.md](docs/releases/v1.2.1.md)
 - Archived prerelease: [docs/releases/v0.1.0-beta.0.md](docs/releases/v0.1.0-beta.0.md)

docs/README.md

@@ -23,8 +23,9 @@ Public documentation for `codex-multi-auth`.
 | [configuration.md](configuration.md) | Stable defaults, precedence, and environment overrides |
 | [architecture.md](architecture.md) | Public system overview of the wrapper, storage, and optional plugin runtime |
 | [privacy.md](privacy.md) | Data handling and local storage behavior |
-| [releases/v1.2.5.md](releases/v1.2.5.md) | Stable release notes |
-| [releases/v1.2.4.md](releases/v1.2.4.md) | Previous stable release notes |
+| [releases/v1.2.6.md](releases/v1.2.6.md) | Stable release notes |
+| [releases/v1.2.5.md](releases/v1.2.5.md) | Previous stable release notes |
+| [releases/v1.2.4.md](releases/v1.2.4.md) | Earlier stable release notes |
 | [releases/v1.2.2.md](releases/v1.2.2.md) | Earlier stable release notes |
 | [releases/v1.2.1.md](releases/v1.2.1.md) | Earlier stable release notes |
 | [releases/v1.2.0.md](releases/v1.2.0.md) | Archived stable release notes |
@@ -53,7 +54,7 @@ Public documentation for `codex-multi-auth`.
 | [reference/storage-paths.md](reference/storage-paths.md) | Canonical and compatibility storage paths |
 | [reference/public-api.md](reference/public-api.md) | Public API stability and semver contract |
 | [reference/error-contracts.md](reference/error-contracts.md) | CLI, JSON, and helper error semantics |
-| [releases/v1.2.5.md](releases/v1.2.5.md) | Current stable release notes |
+| [releases/v1.2.6.md](releases/v1.2.6.md) | Current stable release notes |
 | [releases/v0.1.0-beta.0.md](releases/v0.1.0-beta.0.md) | Archived prerelease reference |
 | [Daily Use release notes](#daily-use) | Stable, previous, and archived release notes |
 | [releases/legacy-pre-0.1-history.md](releases/legacy-pre-0.1-history.md) | Archived pre-0.1 changelog history |

docs/releases/v1.2.6.md

@@ -0,0 +1,29 @@
+# Release v1.2.6
+
+Release line: `stable`
+
+This patch release fixes forwarded `codex exec` runtime observability so real wrapped Codex requests are reflected in `codex auth status` and `codex auth report --json` even when the downstream Codex runtime does not update the snapshot itself.
+
+## Scope
+
+- Published package version: `1.2.6`
+- Previous stable release: `v1.2.5`
+
+## What Changed
+
+- fixed wrapped non-auth Codex commands so successful forwarded request traffic increments persisted runtime observability counters
+- added a wrapper fallback path that records forwarded request metrics only when the child Codex process leaves the runtime snapshot unchanged, avoiding double-counting when plugin-side metrics are present
+- preserved the existing `codex auth` observability behavior while making real `codex exec` smoke runs visible in `codex auth status` and `codex auth report --json`
+- added regression coverage for both missing-child-update and already-updated snapshot cases in the wrapper test suite
+
+## Validation
+
+- `npm test -- test/codex-bin-wrapper.test.ts`
+- `npm run build`
+- `codex -a never exec --sandbox read-only --color never -o "$env:TEMP\\codex-smoke-last.txt" "Reply with exactly OK and nothing else."`
+- `codex auth status`
+- `codex auth report --json`
+
+## Related
+
+- Previous release notes: `docs/releases/v1.2.5.md`

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "codex-multi-auth",
-	"version": "1.2.5",
+	"version": "1.2.6",
 	"description": "Multi-account OAuth manager and codex auth wrapper for the official @openai/codex CLI, with switching, health checks, and recovery tools",
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",

package.json

@@ -661,6 +661,189 @@ function resolveOriginalMultiAuthDir(env) {
 	return undefined;
 }
 
+async function loadRuntimeObservabilityModule() {
+	try {
+		const mod = await import("../dist/lib/runtime/runtime-observability.js");
+		if (
+			typeof mod.loadPersistedRuntimeObservabilitySnapshot !== "function" ||
+			typeof mod.mutateRuntimeObservabilitySnapshot !== "function"
+		) {
+			return null;
+		}
+		return mod;
+	} catch (error) {
+		if (
+			error &&
+			typeof error === "object" &&
+			"code" in error &&
+			error.code === "ERR_MODULE_NOT_FOUND"
+		) {
+			return null;
+		}
+		throw error;
+	}
+}
+
+function isPureHelpOrVersionArgs(rawArgs) {
+	if (!Array.isArray(rawArgs) || rawArgs.length === 0) {
+		return false;
+	}
+	return rawArgs.every((arg) =>
+		typeof arg === "string" && ["--help", "-h", "--version", "-V"].includes(arg),
+	);
+}
+
+function consumesNextArg(arg) {
+	return new Set([
+		"-c",
+		"--config",
+		"--enable",
+		"--disable",
+		"--remote",
+		"--remote-auth-token-env",
+		"-i",
+		"--image",
+		"-m",
+		"--model",
+		"--local-provider",
+		"-p",
+		"--profile",
+		"-s",
+		"--sandbox",
+		"-a",
+		"--ask-for-approval",
+		"-C",
+		"--cd",
+		"--add-dir",
+		"--output-schema",
+		"--color",
+		"-o",
+		"--output-last-message",
+	]).has(arg);
+}
+
+function shouldTrackForwardedRuntimeObservability(rawArgs) {
+	if (!Array.isArray(rawArgs) || rawArgs.length === 0) {
+		return true;
+	}
+	if (isPureHelpOrVersionArgs(rawArgs)) {
+		return false;
+	}
+
+	const requestCommands = new Set(["exec", "review", "resume", "fork"]);
+	const nonRequestCommands = new Set([
+		"help",
+		"completion",
+		"login",
+		"logout",
+		"mcp",
+		"mcp-server",
+		"app-server",
+		"sandbox",
+		"debug",
+		"apply",
+		"cloud",
+		"features",
+		"auth",
+	]);
+
+	for (let i = 0; i < rawArgs.length; i += 1) {
+		const arg = rawArgs[i];
+		if (typeof arg !== "string" || arg.length === 0) continue;
+		if (arg === "--") {
+			return i + 1 < rawArgs.length;
+		}
+		if (arg.startsWith("--config=")) {
+			continue;
+		}
+		if (arg.startsWith("--") || (arg.startsWith("-") && arg !== "-")) {
+			if (consumesNextArg(arg)) {
+				i += 1;
+			}
+			continue;
+		}
+		if (requestCommands.has(arg)) {
+			return true;
+		}
+		if (nonRequestCommands.has(arg)) {
+			return false;
+		}
+		return true;
+	}
+
+	return true;
+}
+
+function createRuntimeSnapshotChangeToken(snapshot) {
+	return JSON.stringify({
+		updatedAt: snapshot?.updatedAt ?? null,
+		responsesRequests: snapshot?.responsesRequests ?? null,
+		authRefreshRequests: snapshot?.authRefreshRequests ?? null,
+		diagnosticProbeRequests: snapshot?.diagnosticProbeRequests ?? null,
+		totalRequests: snapshot?.runtimeMetrics?.totalRequests ?? null,
+		successfulRequests: snapshot?.runtimeMetrics?.successfulRequests ?? null,
+		failedRequests: snapshot?.runtimeMetrics?.failedRequests ?? null,
+		lastRequestAt: snapshot?.runtimeMetrics?.lastRequestAt ?? null,
+	});
+}
+
+async function loadRuntimeSnapshotWithRetry(runtimeObservabilityModule) {
+	let snapshot = null;
+	for (let attempt = 0; attempt < 5; attempt += 1) {
+		snapshot =
+			(await runtimeObservabilityModule.loadPersistedRuntimeObservabilitySnapshot()) ??
+			null;
+		if (snapshot) {
+			return snapshot;
+		}
+		if (attempt < 4) {
+			await new Promise((resolve) => setTimeout(resolve, 20));
+		}
+	}
+	return snapshot;
+}
+
+async function withForwardedRuntimeObservability(rawArgs, runForwardedCommand) {
+	if (!shouldTrackForwardedRuntimeObservability(rawArgs)) {
+		return runForwardedCommand();
+	}
+
+	const runtimeObservabilityModule = await loadRuntimeObservabilityModule();
+	if (!runtimeObservabilityModule) {
+		return runForwardedCommand();
+	}
+
+	const beforeSnapshot = await loadRuntimeSnapshotWithRetry(runtimeObservabilityModule);
+	const beforeToken = createRuntimeSnapshotChangeToken(beforeSnapshot);
+	const startedAt = Date.now();
+	const exitCode = await runForwardedCommand();
+	const afterSnapshot = await loadRuntimeSnapshotWithRetry(runtimeObservabilityModule);
+	const afterToken = createRuntimeSnapshotChangeToken(afterSnapshot);
+	if (afterToken !== beforeToken) {
+		return exitCode;
+	}
+
+	runtimeObservabilityModule.mutateRuntimeObservabilitySnapshot((snapshot) => {
+		snapshot.currentRequestId = null;
+		snapshot.responsesRequests += 1;
+		snapshot.runtimeMetrics.totalRequests += 1;
+		snapshot.runtimeMetrics.responsesRequests += 1;
+		snapshot.runtimeMetrics.cumulativeLatencyMs += Math.max(0, Date.now() - startedAt);
+		snapshot.runtimeMetrics.lastRequestAt = Date.now();
+		if (!snapshot.runtimeMetrics.startedAt) {
+			snapshot.runtimeMetrics.startedAt = startedAt;
+		}
+		if (exitCode === 0) {
+			snapshot.runtimeMetrics.successfulRequests += 1;
+			snapshot.runtimeMetrics.lastError = null;
+		} else {
+			snapshot.runtimeMetrics.failedRequests += 1;
+			snapshot.runtimeMetrics.lastError = `forwarded-codex-exit:${exitCode}`;
+		}
+	});
+	return exitCode;
+}
+
 function createCompatibilityCodexHome(
 	processedArgs,
 	requestedModel,
@@ -1149,11 +1332,13 @@ async function main() {
 		forwardArgs,
 		requestedModel,
 	);
-	return forwardToRealCodex(
-		realCodexBin,
-		compatibility.args,
-		compatibility.env,
-		compatibility.cleanup,
+	return withForwardedRuntimeObservability(rawArgs, () =>
+		forwardToRealCodex(
+			realCodexBin,
+			compatibility.args,
+			compatibility.env,
+			compatibility.cleanup,
+		),
 	);
 }