chore: add a tuned knip config and drop the unused @fast-check/vitest

[ndycode]

Summary

Follow-up to #554: makes dead-code detection repeatable instead of a one-off manual audit. Raw knip output on this repo was untrustworthy — it flagged lib/index.ts itself as unused because nothing declared the entry points — which is exactly why #554 needed every finding hand-verified.

Stacked on #554 (claude/audit-37-dead-code). Merge #554 first; this PR then shows only the config commit. (The runtime/session-affinity.ts orphan this config surfaced was added to #554, where it belongs thematically.)

Changes

• knip.json (new): declares the real entry points — the plugin-host index.ts, the lib/index.ts facade, the auth/, request/, codex-cli/, ui/ subpath index files that back package.json exports, the scripts/ bins, and the test suites; ignores bench/, vendor/, dist/, docs/; ignores the host-resolved @openai/codex peer, the editor-only typescript-language-server, and the platform clipboard/locator binaries; downgrades export-level findings to warnings, so the blocking signal is unused files and dependencies only. With this config, knip exits clean on the current tree (94 unused-export warnings remain as an explicit pruning backlog rather than noise).
• @fast-check/vitest removed from devDependencies: zero imports anywhere — the property/chaos suites import fast-check directly, which stays. Both package.json and the tab-indented package-lock.json were edited surgically; the lockfile diff is exactly the one removed entry (24 lines), no formatting churn.

Deliberately no npm script: knip is not a devDependency, and whether to add and pin it (this repo SHA-pins its CI actions) is a maintainer decision. Until then it runs via npx knip and picks the config up automatically.

Validation

• npx knip exits 0 with zero error-level findings on this tree
• npm ci --dry-run validates the hand-edited lockfile
• npm run typecheck; the fast-check property suite still passes (4/4)

Risk / Rollback

Tooling config + one unused devDependency; revert the single commit.

https://claude.ai/code/session_01XNtnkLbBiXZxfQQYLMpucB

---

Generated by Claude Code

note: greptile review for oc-chatgpt-multi-auth. cite files like lib/foo.ts:123. confirm regression tests + windows concurrency/token redaction coverage.

Greptile Summary

this pr adds a knip.jsonc config that declares entry points and demotes export-level findings to warnings, and removes the @fast-check/vitest devDependency which has zero imports across the repo (property tests use fast-check directly).

• knip.jsonc: pins entry points for the plugin-host, lib facade, subpath exports, scripts, and test suites; ignores bench/, vendor/, dist/, docs/; lists platform-specific binaries (powershell.exe, pbcopy, where) and runtime-resolved deps (@openai/codex, typescript-language-server) explicitly; keeps files/dependencies at error severity.
• @fast-check/vitest removal: confirmed unused — all property and chaos test files import from fast-check directly; both package.json and package-lock.json are updated surgically with no collateral formatting churn.

Confidence Score: 5/5

safe to merge — tooling config and one unused devDependency removal, no runtime code touched

the change is entirely in tooling config and lockfile; all declared entry points were verified to exist on disk; @fast-check/vitest has zero imports across the codebase; the lockfile diff is surgical with no collateral churn

no files require special attention

Important Files Changed

Filename	Overview
knip.jsonc	new knip config — entry points verified against repo structure; ignoreBinaries covers windows/mac platform binaries; schema pinned to 6.16.1; no issues found
package.json	removes @fast-check/vitest from devDependencies — confirmed no imports anywhere in the codebase
package-lock.json	removes the single @fast-check/vitest lockfile entry (24 lines); no formatting churn; lockfile remains consistent

_{Reviews (3): Last reviewed commit: "chore: convert the knip config to jsonc ..." | Re-trigger Greptile}

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[coderabbitai]

📝 Walkthrough

Walkthrough

pr adds knip static analysis configuration to detect unused code and exports, and removes the now-unused @fast-check/vitest plugin from dev dependencies.

Changes

Tooling and dependency updates

Layer / File(s)	Summary
Knip static analysis configuration knip.json	introduces knip configuration targeting index.ts, lib/**, scripts, and test entry points. ignores bench/vendor/dist/docs directories and specific binary commands (powershell.exe, pbcopy, where). excludes typescript-language-server and @openai/codex from analysis. sets exports, types, nsExports, nsTypes, duplicates, and enumMembers to warning level.
Remove unused vitest plugin package.json	deletes @fast-check/vitest from devDependencies, suggesting the property-based testing framework is no longer integrated with vitest.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	title follows conventional commits format (chore: summary), is 69 chars (<=72), uses lowercase imperative voice, and accurately describes both main changes: adding knip config and removing unused @fast-check/vitest.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	pr description covers summary, changes, and validation checklist; however, it lacks the structured docs/governance and risk/rollback sections from the template.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/audit-38-knip-config

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch claude/audit-38-knip-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@knip.json`:
- Around line 35-42: Add an inline comment inside the "rules" object explaining
that the listed keys ("exports", "types", "nsExports", "nsTypes", "duplicates",
"enumMembers") are intentionally set to "warn" to support an incremental
export/type cleanup strategy (e.g., to allow ongoing PRs to gradually resolve
~94 warnings) rather than failing CI; place the comment above the "rules" block
and briefly state the purpose, scope, and when/how to escalate to "error".
- Around line 31-34: Add a short inline comment next to the "ignoreDependencies"
entry explaining why "`@openai/codex`" is excluded (e.g., this repo wraps the
official Codex CLI but does not directly depend on it; dependency is documented
as a peer in the README) so future maintainers understand the intentional
exclusion; update the comment near the ignoreDependencies array and reference
"`@openai/codex`" explicitly.
- Around line 1-43: Add an npm script named "knip" that runs the knip CLI using
the knip.json config, update CI workflow(s) to add a non-concurrent step that
runs the "knip" script before any steps that mutate build output (e.g.,
before/dist creation or "build" steps) so it won't race with dist writes, and
ensure the CI step uses a windows-safe invocation (npm run knip or node -e with
globs quoted) and not a concurrent task; then update the test expectations in
test/ci-workflows.test.ts to assert the "knip" script is invoked in both the
linux validate and the windows scripts expectations (alongside existing
"release-harness"/"validate" and "scripts-windows" checks) and use globs that
are safe on Windows.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5f61c4e5-0dc8-40c2-b6f9-c4ac55957861

📥 Commits

Reviewing files that changed from the base of the PR and between 1f249c2 and e1fa83f.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• knip.json
• package.json

💤 Files with no reviewable changes (1)

• package.json

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Greptile Review

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

**: # PROJECT KNOWLEDGE BASE

Generated: 2026-04-25
Commit: a87e005
Validated: 2026-06-10 against commit 98d9819 (repo audit; claims re-checked against the tree, content not regenerated)
Branch: main
Package version: 2.3.0-beta.1

OVERVIEW

codex-multi-auth is a Codex CLI-first OAuth account manager and optional forwarding wrapper for the official Codex CLI. The installed codex-multi-auth entrypoint handles account-management commands locally, codex-multi-auth-codex forwards official Codex commands through this package's wrapper when explicitly used, and runtime rotation can route live Responses traffic through a localhost account-rotation proxy by default. The plugin-host entrypoint remains exported for compatibility, but the primary product surface is the account manager, optional wrapper, storage, runtime proxy, and repair tooling.

STRUCTURE

./
├── scripts/
│   ├── codex.js              # codex-multi-auth-codex wrapper, official CLI forwarder, shadow CODEX_HOME/runtime proxy setup
│   ├── codex-multi-auth.js   # standalone package CLI entrypoint
│   ├── codex-routing.js      # auth command and compatibility alias routing
│   ├── codex-bin-resolver.js # official Codex binary discovery
│   ├── codex-app-router.js   # persistent localhost router for packaged Codex app bind
│   └── codex-app-launcher.js # reversible user-level app launcher routing helper
├── index.ts                  # optional plugin-host runtime entry
├── lib/                      # core runtime logic (see lib/AGENTS.md)
│   ├── auth/                 # OAuth flow, PKCE, callback server
│   ├── runtime/              # Codex CLI/app integration helpers, app bind, live sync, runtime observability
│   ├── request/              # request transform, SSE, failover, backoff
│   ├── storage/              # path resolution, migrations, backups, restore, import/export
│   ├── codex-cli/            # Codex CLI state sync and writer helpers
│   ├── codex-manager/        # command modules and...

Files:

• knip.json

🔇 Additional comments (5)

knip.json (5)

3-13: LGTM!

---

14-19: LGTM!

---

20-25: LGTM!

---

26-30: LGTM!

---

1-2: knip $schema pin matches current knip version

knip.json pins the schema to knip@6.16.1, and npx knip --version resolves to 6.16.1, so the schema/CLI drift concern is moot.