1.3.2

Bug Fixes

• Fixed interactive forwarded Codex runs by preserving inherited terminal stdio for TTY-attached sessions. (#437)
• Kept non-TTY forwarded runs on captured output so unsupported-model fallback handling can still inspect downstream errors. (#437)
• Routed wrapper launch failures through the existing clean failure path even when spawn() throws synchronously on Windows. (#437)

Chores

• Added regression coverage for explicit no-capture forwarding, explicit capture forwarding, unsupported-model retries, and fixture-pinned CODEX_HOME isolation. (#437)
• Checked script syntax, install state, and whitespace; local Vitest execution was blocked by Windows sandbox spawn EPERM while starting esbuild.

Changelog

Full Changelog: v1.3.1...v1.3.2

• #437 fix: preserve tty when forwarding codex @ndycode

1.3.1

New Features

• Activated GPT-5.5 and GPT-5.5 Pro as first-attempt models on supported Codex runtimes while preserving deterministic fallback behavior for older runtimes and non-entitled accounts. (#435)

Bug Fixes

• Fixed unsupported-model retry handling so ChatGPT-backed Codex surfaces fall back to gpt-5.4 only after real upstream unsupported-model or no-access responses. (#435)
• Hardened request, auth, account, recovery, storage, settings, UI, and shutdown behavior around rate-limit backoff, token redaction, SSE buffering, account removal, manual-paste state, import size caps, Q hotkeys, OAuth state checks, retry writes, and cleanup idempotency. (#414, #417, #418, #419, #420, #421, #423, #424, #425, #426, #427, #428, #429, #431, #432)

Chores

• Removed dead command modules and ghost tests, refreshed hybrid-selector coverage for the null contract, and rolled open fix PRs into a single review branch before the GPT-5.5 activation. (#416, #422, #432)
• Validated the runtime rollout with build and focused model-map, transformer, wrapper, config, capability, fetch-helper, and plugin suites.

Changelog

Full Changelog: v1.3.0...v1.3.1

• #414 fix(request): remove double-exponential backoff in getRateLimitBackoffWithReason @ndycode
• #416 refactor(codex-manager): delete dead command modules and ghost tests @ndycode
• #417 fix(auth): redact opaque tokens from free-form log messages (LIB-HIGH-001) @ndycode
• #418 fix(request): linear SSE buffering with pre-append size check @ndycode
• #419 fix(accounts): invalidate runtime tracker key on removeAccount (HI-01) @ndycode
• #420 fix(accounts): signal removed-current instead of silent retarget (HI-04) @ndycode
• #421 fix(accounts): sync cursorByFamily in markSwitched (HI-02) @ndycode
• #422 test(rotation): update hybrid selector coverage to null contract (HI-05) @ndycode
• #423 fix(recovery): generate unique ids in prependThinkingPart (RPTU-001) @ndycode
• #424 fix(auth): require state in manual-paste callback flow @ndycode
• #425 fix(storage): cap import file size before readImportFile loads it (STORAGE-002) @ndycode
• #426 fix(settings): remove Atomics.wait from sync retry loops (LIB-HIGH-002) @ndycode
• #427 fix(ui): honor Q hotkey consistently in select/confirm (RPTU-003) @ndycode
• #428 fix(auth): enforce expectedState in OAuth server waitForCode (AUTH-HIGH-2) @ndycode
• #429 fix(settings): retry section writes against latest disk state (R-LOGIC-01) @ndycode
• #431 fix(shutdown): make runCleanup idempotent under concurrent calls (LIB-HIGH-003) @ndycode
• #432 rollup: integrate open fix PRs into a single review branch @ndycode
• #435 activate GPT-5.5 model release 20260423 @ndycode

1.3.0

New Features

• Added codex auth why-selected and codex auth verify --paths diagnostics for account-selection and path-safety inspection. (#410)
• Added a feature-flagged routing mutex and SelectionRecord plumbing for safer concurrent account selection while keeping the legacy default. (#412)

Bug Fixes

• Closed the Phase 1 post-audit hardening set across OAuth URL redaction, redirect URI single source of truth, hybrid-selector null handling, short-429 retry ordering, active-pointer normalization, recovery atomic writes, storage reset ordering, config-conflict surfacing, malformed SSE warnings, and account pointer cleanup. (#394, #395, #396, #397, #398, #399, #401, #402, #403, #404, #413)
• Fixed release hygiene so pack:check builds first and tests use os.tmpdir. (#400)

Documentation

• Added the 2026-04-17 master repository audit report/evidence and refreshed AGENTS, health, config, and command documentation for the post-audit state. (#393, #405, #406, #408)

Chores

• Bumped security-sensitive dependency overrides, added audit-invariant regression coverage, moved storage JSON boundaries to Zod safeParseJson, split the settings hub into focused modules, and validated staging with 3529 passing tests plus real-install smoke. (#392, #407, #409, #411)

Changelog

Full Changelog: v1.2.7...v1.3.0

• #392 security(deps): bump hono to 4.12.14 and vite override to ^7.3.2 @ndycode
• #393 docs(audit): add master repository audit report and evidence @ndycode
• #394 fix(phase1): reject resolvePath lookalike-prefix paths + restore auth list reset message @ndycode
• #395 fix(auth): redact OAuth URL in user-facing login output @ndycode
• #396 refactor(auth): introduce AUTH_REDIRECT single source of truth @ndycode
• #397 fix(routing): hybrid selector returns null when no accounts are available @ndycode
• #398 fix(routing): mark account unavailable before short-429 retry sleep @ndycode
• #399 fix(accounts): normalize active pointer when the active account is disabled @ndycode
• #400 fix(release): pack:check builds first + tests use os.tmpdir @ndycode
• #401 fix(recovery): atomic writes + retry-safe deletes for recovery storage (R6) @ndycode
• #402 fix(storage): write reset marker before deletions + retry EPERM on read @ndycode
• #403 fix(routing): surface the per-project vs CLI-sync config conflict @ndycode
• #404 fix(request): surface malformed SSE JSON chunks as structured warnings @ndycode
• #405 docs: truthup AGENTS.md staleness + deriveProjectKey typo @ndycode
• #406 chore(config): document dual-linter scope + husky prepare-hook side effect @ndycode
• #407 test(audit): add Phase 1 regression suite locking in audit invariants @ndycode
• #408 docs(health): document field-name drift vs ManagedAccount (AUDIT-M08) @ndycode
• #409 refactor(types): add Zod safeParseJson at storage JSON boundaries @ndycode
• #410 feat(cli): add codex auth why-selected and verify --paths commands @ndycode
• #411 refactor(codex-manager): split settings-hub.ts into 5 sub-concern files @ndycode
• #412 refactor(routing): add feature-flagged routing mutex and SelectionRecord @ndycode
• #413 fix(accounts): harden removeAccount pointer normalization @ndycode

1.2.7

New Features

• Added native official Codex CLI discovery on PATH so Homebrew and release-binary installs work alongside the existing npm launcher flow. (#391)

Bug Fixes

• Fixed wrapper launch behavior to distinguish JavaScript entrypoints from native executables and to avoid POSIX self-wrapper loops or Windows codex.exe precedence mistakes. (#391)
• Hardened native resolver edge cases and stale test expectations around native Codex path handling. (#391)

Documentation

• Updated release notes and stable-history docs for the native Codex CLI compatibility release. (#391)

Chores

• Kept GitHub language statistics focused on TypeScript and expanded wrapper coverage for native discovery, direct native forwarding, Windows shim patterns, and path-patching guards. (#389, #391)

Changelog

Full Changelog: v1.2.6...v1.2.7

• #389 keep GitHub language stats focused on TypeScript @ndycode
• #391 support native Codex CLI installs @ndycode

1.2.6

Bug Fixes

• Fixed wrapped non-auth Codex commands so successful forwarded request traffic increments persisted runtime observability counters.
• Added a wrapper fallback that records forwarded request metrics only when the child Codex process leaves the runtime snapshot unchanged, avoiding double-counting when plugin-side metrics already exist.
• Preserved existing codex auth observability while making real codex exec smoke runs visible in codex auth status and codex auth report --json.

Documentation

• Clarified the v1.2.5 observability wording before shipping the forwarded-observability fix.

Chores

• Added regression coverage for missing-child-update and already-updated snapshot cases in the wrapper suite, then validated with build and real codex exec smoke checks.

Changelog

Full Changelog: v1.2.5...v1.2.6

• a76b67c docs: clarify v1.2.5 observability wording @ndycode
• e99d641 release: ship v1.2.6 forwarded observability fix @ndycode

1.2.5

New Features

• Added runtime counters, cooldown state, selection reason, and storage-health observability to codex auth status and codex auth report --json. (#387)
• Added safer live report controls with --max-accounts, --max-probes, and --cached-only for inspecting state without probing the full pool. (#387)

Bug Fixes

• Disabled default whole-pool replay when every account is rate-limited and capped outbound request attempts per prompt to prevent runaway cross-account retries. (#387)
• Tightened retry and failover behavior for 429s, upstream 5xx bursts, empty responses, stream replay, quota deferral, cooldown drift, and 404 usage-limit remapping. (#387)
• Hardened Windows and storage safety with storage-health inspection, atomic cache/runtime snapshot writes, quieter WAL recovery checks, retried EBUSY/EPERM cleanup, and safer live-sync/session-affinity writes. (#387)

Chores

• Rebuilt the open main PR wave with review fixes and expanded regression coverage across retry, observability, storage, and concurrency edge cases. (#387)
• Validated the release with publish checks, npm version verification, lint, typecheck, and build.

Changelog

Full Changelog: v1.2.4...v1.2.5

• #387 release: rebuild open main PR wave with review fixes @ndycode

1.2.4

Bug Fixes

• Fixed flagged-account backup and legacy-read retry regressions so transient Windows EBUSY locks remain covered. (#356)
• Fixed failed backup persistence so persistRecoveredBackup -> false cannot report a false successful recovery. (#356)
• Fixed test cleanup and wrapper mutator behavior by restoring fs.readFile spies from finally and removing a dead inline return. (#356)

Chores

• Merged the post-merge review-fix branch, ran focused storage and wrapper suites, repo hygiene, lint, typecheck, build, and the full dot-reporter test suite. (#356)

Changelog

Full Changelog: v1.2.3...v1.2.4

• #356 release: patch post-merge review fixes for v1.2.4 @ndycode

1.2.2

Bug Fixes

• Hardened fast-expiry refresh persistence so refreshed token and account state survive account-pool writes. (#323)
• Realigned account-pool health handling across success healing, guardian penalties, circuit-breaker penalties, reason-scoped rate limiting, and stale cooldown metadata. (#324, #329)
• Tightened stable identity reconciliation for guardian refresh outcomes, runtime tracker state, fresh-family selection, and expired CLI cache hydration. (#325, #326, #328)

Chores

• Aligned main with the published 1.2.2 package and added the stable docs anchor used by the README/docs portal. (#336)

Changelog

Full Changelog: v1.2.1...v1.2.2

• #323 fix fast-expiry token refresh persistence in account pool @ndycode
• #324 fix stale account pool penalties after successful requests @ndycode
• #325 fix: reconcile guardian refresh outcomes by stable identity @ndycode
• #326 fix: prefer fresh access tokens during account selection @ndycode
• #328 fix: hydrate newer refresh tokens from expired cli cache @ndycode
• #329 fix: graduate refresh guardian failure penalties @ndycode
• #336 release: align main with published 1.2.2 @ndycode

1.2.1

New Features

• Added codex auth forecast --explain support and related regression coverage. (#299)
• Added package subpath exports and tightened shipped config/public API coverage. (#298, #303)
• Aligned GPT-5 model routing with current OpenAI defaults. (#309)

Bug Fixes

• Fixed codex-multi-auth wrapper version flags, storage export behavior for empty current pools, CLI manual-login test isolation, and wait-utils fake-timer regressions. (#140, #320, #321)
• Carried forward remaining non-dev storage/settings hardening work onto fresh main. (#319)

Documentation

• Simplified beginner onboarding, added maintainer runbooks, and refreshed command guidance. (#141, #300)

Chores

• Merged the current main-target PR set and expanded benchmark, renderer, wrapper, runtime, and refactor-guardrail coverage. (#149, #263, #302, #304, #306, #307, #308, #318)

Changelog

Full Changelog: v1.2.0...v1.2.1

• #140 fix(wrapper): support codex-multi-auth version flags @ndycode
• #141 docs: simplify beginner onboarding and command guidance @ndycode
• #149 test: add refactor guardrails @ndycode
• #263 test: add refactor guardrails @ndycode
• #298 refactor: add package subpath exports @ndycode
• #299 feat: add forecast explain output @ndycode
• #300 docs: add maintainer runbooks @ndycode
• #302 test: cover benchmark dashboard renderer @ndycode
• #303 test: validate shipped config templates @ndycode
• #304 test: cover runtime benchmark script @ndycode
• #306 test: cover bench format renderer @ndycode
• #307 test: cover codex-multi-auth wrapper @ndycode
• #308 test: cover runtime benchmark script @ndycode
• #309 align GPT-5 model routing with current OpenAI defaults @ndycode
• #318 release: merge current main-target PR set @ndycode
• #319 carry forward remaining unique non-dev PR work @ndycode
• #320 fix(storage): fail export when current pool is empty @ndycode
• #321 test: harden codex manager cli isolation @ndycode

1.2.0

New Features

• Added headless-friendly manual login mode for environments where browser launch or the local callback listener is unavailable. (#132)
• Added proxy-compatible upstream transport, workspace-disabled/expired auto-rotation, onboarding restore from the latest saved backup, and restored experimental settings hotkeys. (#136, #137, #138)

Bug Fixes

• Preserved selected workspace routing across retries and fallback paths instead of collapsing back to mutable token-derived identity. (#136)
• Honored explicit no-browser environment toggles and skipped callback waiting in manual login mode. (#132)

Chores

• Normalized dependency lockfile state and expanded auth/runtime token identity and browser suppression coverage before the stable release.

Changelog

Full Changelog: v1.1.11...v1.2.0

• #132 add manual login mode for headless auth flows @ndycode
• #136 feat: auto-rotate on disabled/expired workspace errors @Microck
• #137 add onboarding restore for latest saved backup @ndycode
• #138 fix experimental settings tui hotkeys @ndycode