chore(release): bump version to 0.1.9 and publish notes

Author: ndycode

README.md

@@ -278,9 +278,9 @@ codex auth doctor --json
 
 ## Release Notes
 
-- Current stable: [docs/releases/v0.1.5.md](docs/releases/v0.1.5.md)
-- Previous stable: [docs/releases/v0.1.4.md](docs/releases/v0.1.4.md)
-- Earlier stable: [docs/releases/v0.1.3.md](docs/releases/v0.1.3.md)
+- Current stable: [docs/releases/v0.1.9.md](docs/releases/v0.1.9.md)
+- Previous stable: [docs/releases/v0.1.8.md](docs/releases/v0.1.8.md)
+- Earlier stable: [docs/releases/v0.1.7.md](docs/releases/v0.1.7.md)
 - Archived prerelease: [docs/releases/v0.1.0-beta.0.md](docs/releases/v0.1.0-beta.0.md)
 
 ## License

docs/README.md

@@ -26,9 +26,10 @@ Public documentation for `codex-multi-auth`.
 | [troubleshooting.md](troubleshooting.md) | Recovery playbooks for install, login, switching, and stale state |
 | [privacy.md](privacy.md) | Data handling and local storage behavior |
 | [upgrade.md](upgrade.md) | Migration from legacy package and path history |
-| [releases/v0.1.8.md](releases/v0.1.8.md) | Stable release notes |
-| [releases/v0.1.7.md](releases/v0.1.7.md) | Previous stable release notes |
-| [releases/v0.1.6.md](releases/v0.1.6.md) | Earlier stable release notes |
+| [releases/v0.1.9.md](releases/v0.1.9.md) | Stable release notes |
+| [releases/v0.1.8.md](releases/v0.1.8.md) | Previous stable release notes |
+| [releases/v0.1.7.md](releases/v0.1.7.md) | Earlier stable release notes |
+| [releases/v0.1.6.md](releases/v0.1.6.md) | Archived stable release notes |
 | [releases/v0.1.5.md](releases/v0.1.5.md) | Archived stable release notes |
 | [releases/v0.1.0-beta.0.md](releases/v0.1.0-beta.0.md) | Archived prerelease notes |
 
@@ -43,7 +44,7 @@ Public documentation for `codex-multi-auth`.
 | [reference/storage-paths.md](reference/storage-paths.md) | Canonical and compatibility storage paths |
 | [reference/public-api.md](reference/public-api.md) | Public API stability and semver contract |
 | [reference/error-contracts.md](reference/error-contracts.md) | CLI, JSON, and helper error semantics |
-| [releases/v0.1.8.md](releases/v0.1.8.md) | Current stable release notes |
+| [releases/v0.1.9.md](releases/v0.1.9.md) | Current stable release notes |
 | [releases/v0.1.0-beta.0.md](releases/v0.1.0-beta.0.md) | Archived prerelease reference |
 | [User Guides release notes](#user-guides) | Stable, previous, and archived release notes |
 | [releases/legacy-pre-0.1-history.md](releases/legacy-pre-0.1-history.md) | Archived pre-0.1 changelog history |

docs/releases/v0.1.9.md

@@ -0,0 +1,71 @@
+# Release v0.1.9
+
+Release date: 2026-03-13
+Channel: `latest`
+
+## Highlights
+
+- Preserved distinct business accounts that share a workspace `accountId` so no-email login, refresh, and restore paths stop overwriting sibling seats.
+- Aligned guarded identity matching across runtime login, CLI recovery, storage normalization, import preview/apply, and entitlement tracking.
+- Hardened rollback and regression coverage for concurrent persistence, flagged-account recovery, malformed-token rows, and shared-workspace edge cases.
+
+## Install
+
+```bash
+npm i -g @openai/codex
+npm i -g codex-multi-auth
+```
+
+## Core Operations
+
+```bash
+codex auth login
+codex auth list
+codex auth status
+codex auth check
+codex auth forecast --live
+```
+
+## Validation Snapshot
+
+Release gate commands:
+
+- `npm run clean:repo:check`
+- `npm run audit:ci`
+- `npm run lint`
+- `npm test -- test/documentation.test.ts`
+- `npm test -- test/accounts.test.ts test/oc-chatgpt-import-adapter.test.ts test/index.test.ts test/storage.test.ts test/codex-manager-cli.test.ts test/entitlement-cache.test.ts`
+
+Broad validation result:
+
+- `repo-hygiene check passed`
+- `npm run audit:ci` passed at the configured high-severity threshold; the remaining `hono` advisory stayed below that gate
+- `npm run lint` passed
+- `19/19` documentation integrity tests passed after promoting the new stable release notes
+- `6/6` targeted shared-account regression suites passed (`405/405` tests)
+
+Known baseline blockers observed during release validation:
+
+- `npm run typecheck` fails on both `origin/main` and this release branch because the workspace cannot currently resolve `@codex-ai/plugin/tool` and already carries unrelated TypeScript errors outside `#90`
+- `npm run build` remains blocked by the same pre-existing typecheck baseline
+
+## Merged PRs
+
+- `#90` `fix: preserve business accounts that share a workspace accountId`
+
+## Commits
+
+- PR `#90` carries the guarded account-identity matching fixes and regression coverage that preserve shared-workspace business accounts across login, import, flagged recovery, storage normalization, and entitlement tracking.
+- The release bump in this branch promotes `0.1.9` in package metadata and refreshes the stable release-note links in the root docs surfaces.
+
+## Notes
+
+- Bare `accountId` fallback now only applies when the no-email case is unambiguous.
+- Entitlement cache identity now prefers the fresh email resolved from the latest token material and avoids refresh-token-derived keys.
+- CLI and runtime persistence paths now share the same guarded account matching behavior for shared-workspace business accounts.
+
+## Related
+
+- [../getting-started.md](../getting-started.md)
+- [../upgrade.md](../upgrade.md)
+- [../reference/commands.md](../reference/commands.md)

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "codex-multi-auth",
-	"version": "0.1.8",
+	"version": "0.1.9",
 	"description": "Multi-account OAuth manager and codex auth wrapper for the official @openai/codex CLI, with switching, health checks, and recovery tools",
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",