Release v4.13.0 with Codex parity improvements

Author: ndycode

.github/workflows/ci.yml

@@ -60,3 +60,23 @@ jobs:
 
       - name: Run ESLint
         run: npm run lint
+
+  codex-compat:
+    name: Codex Compatibility Smoke
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run Codex compatibility tests
+        run: npm run test -- test/codex.test.ts test/opencode-codex.test.ts test/request-transformer.test.ts test/fetch-helpers.test.ts

CHANGELOG.md

@@ -2,6 +2,24 @@
 
 all notable changes to this project. dates are ISO format (YYYY-MM-DD).
 
+## [4.13.0] - 2026-02-04
+
+### added
+
+- **runtime metrics tool**: added `codex-metrics` to inspect live request/error/latency counters for the current plugin process.
+- **401 diagnostics payload**: normalized 401 errors now include `diagnostics` (for example `requestId`, `cfRay`, `correlationId`, `threadId`) to speed up debugging.
+- **stream watchdog controls**: new `fetchTimeoutMs` and `streamStallTimeoutMs` config options (and env overrides) for upstream timeout tuning.
+
+### changed
+
+- **request correlation**: each upstream fetch now sets a correlation id, reuses `CODEX_THREAD_ID`/`prompt_cache_key` when available, and clears scope after each request.
+- **plan-mode tool gating**: `request_user_input` is automatically stripped from tool definitions when collaboration mode is Default (kept in Plan mode).
+- **safety prompt hardening**: bridge/remap prompts now explicitly block destructive git commands unless the user asks for them.
+
+### fixed
+
+- **non-stream SSE hangs**: non-streaming SSE parsing now aborts stalled reads instead of waiting indefinitely.
+
 ## [4.12.5] - 2026-02-04
 
 ### changed

README.md

@@ -319,6 +319,27 @@ OpenAI Account Status:
 
 ---
 
+### codex-metrics
+
+Show live runtime metrics (request counts, latency, errors, rotations) for the current plugin process.
+
+```
+codex-metrics
+```
+
+**Output:**
+```
+Codex Plugin Metrics:
+
+Uptime: 12m
+Total upstream requests: 84
+Successful responses: 77
+Failed responses: 7
+Average successful latency: 842ms
+```
+
+---
+
 ### codex-health
 
 Check if all account tokens are still valid (read-only check).
@@ -419,6 +440,7 @@ Total accounts: 4
 | `codex-list` | List all accounts | "list my accounts" |
 | `codex-switch` | Switch active account | "switch to account 2" |
 | `codex-status` | Show rate limits & health | "show account status" |
+| `codex-metrics` | Show runtime metrics | "show plugin metrics" |
 | `codex-health` | Validate tokens (read-only) | "check account health" |
 | `codex-refresh` | Refresh & save tokens | "refresh my tokens" |
 | `codex-remove` | Remove an account | "remove account 3" |
@@ -645,6 +667,8 @@ Create `~/.opencode/openai-codex-auth-config.json` for optional settings:
 | `retryAllAccountsRateLimited` | `true` | Wait and retry when all accounts are rate-limited |
 | `retryAllAccountsMaxWaitMs` | `0` | Max wait time (0 = unlimited) |
 | `retryAllAccountsMaxRetries` | `Infinity` | Max retry attempts |
+| `fetchTimeoutMs` | `60000` | Request timeout to Codex backend (ms) |
+| `streamStallTimeoutMs` | `45000` | Abort non-stream parsing if SSE stalls (ms) |
 
 ### Environment Variables
 
@@ -653,6 +677,8 @@ DEBUG_CODEX_PLUGIN=1 opencode                    # Enable debug logging
 ENABLE_PLUGIN_REQUEST_LOGGING=1 opencode         # Log all API requests
 CODEX_PLUGIN_LOG_LEVEL=debug opencode            # Set log level (debug|info|warn|error)
 CODEX_MODE=0 opencode                            # Temporarily disable bridge prompt
+CODEX_AUTH_FETCH_TIMEOUT_MS=120000 opencode      # Override request timeout
+CODEX_AUTH_STREAM_STALL_TIMEOUT_MS=60000 opencode # Override SSE stall timeout
 ```
 
 For all options, see [docs/configuration.md](docs/configuration.md).
@@ -700,4 +726,3 @@ By using this plugin, you acknowledge:
 - "ChatGPT", "GPT-5", "Codex", and "OpenAI" are trademarks of OpenAI, L.L.C.
 
 </details>
-

docs/configuration.md

@@ -112,6 +112,8 @@ advanced settings go in `~/.opencode/openai-codex-auth-config.json`:
 | `autoResume` | `true` | auto-resume after thinking block recovery |
 | `tokenRefreshSkewMs` | `60000` | refresh tokens this many ms before expiry |
 | `rateLimitToastDebounceMs` | `60000` | debounce rate limit toasts |
+| `fetchTimeoutMs` | `60000` | upstream fetch timeout in ms |
+| `streamStallTimeoutMs` | `45000` | max time to wait for next SSE chunk before aborting |
 
 ### environment variables
 
@@ -129,6 +131,8 @@ override any config with env vars:
 | `CODEX_AUTH_RETRY_ALL_MAX_WAIT_MS=30000` | set max wait time |
 | `CODEX_AUTH_RETRY_ALL_MAX_RETRIES=1` | set max retries |
 | `CODEX_AUTH_ACCOUNT_ID=acc_xxx` | force specific workspace id |
+| `CODEX_AUTH_FETCH_TIMEOUT_MS=120000` | override fetch timeout |
+| `CODEX_AUTH_STREAM_STALL_TIMEOUT_MS=60000` | override SSE stall timeout |
 
 ---
 

docs/troubleshooting.md

@@ -109,6 +109,10 @@ Failed to access Codex API
    date +%s000  # Compare to current timestamp
    ```
 
+4. **Collect diagnostics from the error payload:**
+   - Newer versions include `diagnostics` on 401 responses (for example `requestId` and `cfRay`).
+   - Share those IDs when filing an issue so upstream auth failures are easier to trace.
+
 </details>
 
 <details>