Skip to content

Releases: ndycode/codex-multi-auth

1.3.1

Choose a tag to compare

@ndycode ndycode released this 24 Apr 02:58

Runtime Rotation

Features

  • Activated GPT-5.5 and GPT-5.5 Pro as first-attempt models on supported Codex runtimes while preserving deterministic fallback behavior for older runtimes and non-entitled accounts. (#435)

Bugfixes

  • Fixed unsupported-model retry handling so ChatGPT-backed Codex surfaces fall back to gpt-5.4 only after real upstream unsupported-model or no-access responses. (#435)

Core

Bugfixes

  • Hardened request, auth, account, recovery, storage, settings, UI, and shutdown behavior around rate-limit backoff, token redaction, SSE buffering, account removal, manual-paste state, import size caps, Q hotkeys, OAuth state checks, retry writes, and cleanup idempotency. (#414, #417, #418, #419, #420, #421, #423, #424, #425, #426, #427, #428, #429, #431, #432)

Release Hygiene

Improvements

  • Removed dead command modules and ghost tests, refreshed hybrid-selector coverage for the null contract, and rolled open fix PRs into a single review branch before the GPT-5.5 activation. (#416, #422, #432)
  • Validated the runtime rollout with build and focused model-map, transformer, wrapper, config, capability, fetch-helper, and plugin suites.

1.3.0

Choose a tag to compare

@ndycode ndycode released this 17 Apr 10:50

Diagnostics

Features

  • Added codex auth why-selected and codex auth verify --paths diagnostics for account-selection and path-safety inspection. (#410)

Runtime Rotation

Features

  • Added a feature-flagged routing mutex and SelectionRecord plumbing for safer concurrent account selection while keeping the legacy default. (#412)

Core

Bugfixes

  • Closed the Phase 1 post-audit hardening set across OAuth URL redaction, redirect URI single source of truth, hybrid-selector null handling, short-429 retry ordering, active-pointer normalization, recovery atomic writes, storage reset ordering, config-conflict surfacing, malformed SSE warnings, and account pointer cleanup. (#394, #395, #396, #397, #398, #399, #401, #402, #403, #404, #413)

Release Hygiene

Bugfixes

  • Fixed release hygiene so pack:check builds first and tests use os.tmpdir. (#400)

Improvements

  • Bumped security-sensitive dependency overrides, added audit-invariant regression coverage, moved storage JSON boundaries to Zod safeParseJson, split the settings hub into focused modules, and validated staging with 3529 passing tests plus real-install smoke. (#392, #407, #409, #411)

Documentation

Improvements

  • Added the 2026-04-17 master repository audit report/evidence and refreshed AGENTS, health, config, and command documentation for the post-audit state. (#393, #405, #406, #408)

1.2.7

Choose a tag to compare

@ndycode ndycode released this 16 Apr 09:54

CLI

Features

  • Added native official Codex CLI discovery on PATH so Homebrew and release-binary installs work alongside the existing npm launcher flow. (#391)

Bugfixes

  • Fixed wrapper launch behavior to distinguish JavaScript entrypoints from native executables and to avoid POSIX self-wrapper loops or Windows codex.exe precedence mistakes. (#391)
  • Hardened native resolver edge cases and stale test expectations around native Codex path handling. (#391)

Documentation

Improvements

  • Updated release notes and stable-history docs for the native Codex CLI compatibility release. (#391)

Release Hygiene

Improvements

  • Kept GitHub language statistics focused on TypeScript and expanded wrapper coverage for native discovery, direct native forwarding, Windows shim patterns, and path-patching guards. (#389, #391)

1.2.6

Choose a tag to compare

@ndycode ndycode released this 06 Apr 11:35

Runtime Rotation

Bugfixes

  • Fixed wrapped non-auth Codex commands so successful forwarded request traffic increments persisted runtime observability counters.
  • Added a wrapper fallback that records forwarded request metrics only when the child Codex process leaves the runtime snapshot unchanged, avoiding double-counting when plugin-side metrics already exist.
  • Preserved existing codex auth observability while making real codex exec smoke runs visible in codex auth status and codex auth report --json.

Documentation

Improvements

  • Clarified the v1.2.5 observability wording before shipping the forwarded-observability fix.

Release Hygiene

Improvements

  • Added regression coverage for missing-child-update and already-updated snapshot cases in the wrapper suite, then validated with build and real codex exec smoke checks.

1.2.5

Choose a tag to compare

@ndycode ndycode released this 06 Apr 10:41

Storage

Bugfixes

  • Hardened Windows and storage safety with storage-health inspection, atomic cache/runtime snapshot writes, quieter WAL recovery checks, retried EBUSY/EPERM cleanup, and safer live-sync/session-affinity writes. (#387)

Runtime Rotation

Bugfixes

  • Disabled default whole-pool replay when every account is rate-limited and capped outbound request attempts per prompt to prevent runaway cross-account retries. (#387)
  • Tightened retry and failover behavior for 429s, upstream 5xx bursts, empty responses, stream replay, quota deferral, cooldown drift, and 404 usage-limit remapping. (#387)

CLI

Features

  • Added runtime counters, cooldown state, selection reason, and storage-health observability to codex auth status and codex auth report --json. (#387)
  • Added safer live report controls with --max-accounts, --max-probes, and --cached-only for inspecting state without probing the full pool. (#387)

Release Hygiene

Improvements

  • Rebuilt the open main PR wave with review fixes and expanded regression coverage across retry, observability, storage, and concurrency edge cases. (#387)
  • Validated the release with publish checks, npm version verification, lint, typecheck, and build.

1.2.4

Choose a tag to compare

@ndycode ndycode released this 05 Apr 13:30

Storage

Bugfixes

  • Fixed flagged-account backup and legacy-read retry regressions so transient Windows EBUSY locks remain covered. (#356)
  • Fixed failed backup persistence so persistRecoveredBackup -> false cannot report a false successful recovery. (#356)

Release Hygiene

Bugfixes

  • Fixed test cleanup and wrapper mutator behavior by restoring fs.readFile spies from finally and removing a dead inline return. (#356)

Improvements

  • Merged the post-merge review-fix branch, ran focused storage and wrapper suites, repo hygiene, lint, typecheck, build, and the full dot-reporter test suite. (#356)

1.2.2

Choose a tag to compare

@ndycode ndycode released this 01 Apr 13:29
b9c9273

Auth

Bugfixes

  • Hardened fast-expiry refresh persistence so refreshed token and account state survive account-pool writes. (#323)
  • Tightened stable identity reconciliation for guardian refresh outcomes, runtime tracker state, fresh-family selection, and expired CLI cache hydration. (#325, #326, #328)

Runtime Rotation

Bugfixes

  • Realigned account-pool health handling across success healing, guardian penalties, circuit-breaker penalties, reason-scoped rate limiting, and stale cooldown metadata. (#324, #329)

Release Hygiene

Improvements

  • Aligned main with the published 1.2.2 package and added the stable docs anchor used by the README/docs portal. (#336)

1.2.1

Choose a tag to compare

@ndycode ndycode released this 23 Mar 15:19

Storage

Bugfixes

  • Carried forward remaining non-dev storage/settings hardening work onto fresh main. (#319)

Quota & Forecast

Features

  • Added codex auth forecast --explain support and related regression coverage. (#299)

Documentation

Improvements

  • Simplified beginner onboarding, added maintainer runbooks, and refreshed command guidance. (#141, #300)

Release Hygiene

Features

  • Added package subpath exports and tightened shipped config/public API coverage. (#298, #303)

Improvements

  • Merged the current main-target PR set and expanded benchmark, renderer, wrapper, runtime, and refactor-guardrail coverage. (#149, #263, #302, #304, #306, #307, #308, #318)

Core

Features

  • Aligned GPT-5 model routing with current OpenAI defaults. (#309)

Bugfixes

  • Fixed codex-multi-auth wrapper version flags, storage export behavior for empty current pools, CLI manual-login test isolation, and wait-utils fake-timer regressions. (#140, #320, #321)

1.2.0

Choose a tag to compare

@ndycode ndycode released this 20 Mar 13:22

Auth

Features

  • Added headless-friendly manual login mode for environments where browser launch or the local callback listener is unavailable. (#132)

Bugfixes

  • Honored explicit no-browser environment toggles and skipped callback waiting in manual login mode. (#132)

Runtime Rotation

Features

  • Added proxy-compatible upstream transport, workspace-disabled/expired auto-rotation, onboarding restore from the latest saved backup, and restored experimental settings hotkeys. (#136, #137, #138)

Bugfixes

  • Preserved selected workspace routing across retries and fallback paths instead of collapsing back to mutable token-derived identity. (#136)

Release Hygiene

Improvements

  • Normalized dependency lockfile state and expanded auth/runtime token identity and browser suppression coverage before the stable release.

1.1.11

Choose a tag to compare

@ndycode ndycode released this 18 Mar 14:42
b918aac

Quota & Forecast

Bugfixes

  • Fixed quota-cache key collisions for multi-workspace accounts that share the same email. (#122)
  • Kept live quota fallback state distinct after auth check and auth fix refreshes change shared-workspace identity fields. (#122)
  • Hardened live quota cache persistence so failed saves do not mutate the loaded cache object during forecast, check, or fix flows. (#122)