v4.6.0

v4.6.0 — Release Notes (since 4.5.25)

This release focuses on storage safety, quarantine behavior, and more deterministic multi‑account management.

Highlights

• Safer quarantine flow with lock‑aware salvage of valid accounts
• Identity‑based account management to avoid stale index toggles/removals

User-Facing Changes

Account & Selection

• Account toggle/remove now targets accountId+email+plan, preventing mis‑targeted actions
• Hybrid selection waits for token‑bucket availability when tokens are empty
• Auth failure toasts now include the account label

Quarantine & Repair

• Corrupt entries trigger quarantine snapshots while preserving valid accounts
• Legacy accounts are hydrated once and quarantined if still missing identity
• Quarantine pruning occurs only after successful writes (failures preserve files)

Reliability & Data Safety

Storage Integrity

• Quarantine writes and removals re‑read under lock to avoid overwriting concurrent updates
• Corrupt file quarantine runs under the same lock as storage reset

Docs

• Updated multi‑account quarantine/repair behavior documentation

Full Changelog: v4.5.25...v4.6.0

v4.5.25

v4.5.25 — Release Notes (since v4.5.21)

This release delivers a major codex-status UI refresh, new account tooling, and stronger request/streaming resilience across the FetchOrchestrator.

Highlights

• Obsidian-style codex-status dashboard with box-drawing layout and alignment fixes.
• New codex-remove-account tool plus rotation state persistence for stable switching.
• FetchOrchestrator extraction and hardening (timeouts, safe JSON, SSE buffering, 401 loop guard).

User-Facing Changes

Status UI & Tooling

• Rebuilt codex-status dashboard with precise grid alignment and improved readability.
• Added codex-remove-account tool for permanent account removal.

Account & Config Management

• Persist account rotation state to disk and add proactive refresh defaults.
• Standardized env vars to CODEX_AUTH_* with legacy aliases.

Reliability & Data Safety

Request/Stream Hardening

• Added a global request timeout to avoid hangs.
• Hardened SSE buffer truncation and empty cursor handling.
• Guarded against infinite 401 retry loops and fragile body parsing.
• Improved removeAccountByIndex ordering and precision.

Docs

• Release notes updates for v4.5.22, v4.5.23, and v4.5.25.

Full Changelog: v4.5.21...v4.5.25

v4.5.24

Full Changelog: v4.5.23...v4.5.24

v4.5.21

v4.5.21 — Release Notes (since v4.5.20)

Parallel Rotation Resilience release: atomic sync across multiple machine sessions.

Highlights

• Unauthorized Recovery: The main request loop now recovers from 401 errors by re-syncing with disk and retrying, matching Codex CLI robustness.
• Timestamp Arbitration: Prevents token overwrite races by ensuring the most recently active session wins during storage merges.

User-Facing Changes

Reliability

• Fixed "Ghost Rotations" where the codex-status tool would invalidate tokens for other active sessions.
• Strict accountId + email + plan identity matching ensures global uniqueness across different workspaces and subscriptions.

Reliability & Data Safety

Concurrency

• Implemented an atomic sync and recovery loop to ensure multi-process stability when running multiple terminals or tools on the same machine.

Full Changelog: v4.5.20...v4.5.21

v4.5.20

v4.5.20 — Release Notes (since v4.5.19)

Reliability & Identity Hardening release focused on making codex-status more resilient when accounts are rate-limited, and ensuring health/token tracking survives account reordering.

Highlights

• codex-status is now read-only and won't fail when all accounts are rate-limited
• Health and token bucket trackers use stable identity keys instead of array indices
• Memory leak in RateLimitTracker fixed with periodic cleanup
• Toast notifications when switching accounts due to rate limits

User-Facing Changes

codex-status Tool

• No longer forces token refresh when displaying status
• Uses existing valid tokens; falls back to cached snapshots on fetch failure
• Added debug logging for fetch failures (OPENCODE_OPENAI_AUTH_DEBUG=1)

Toast Notifications

• Shows debounced "Rate limited - switching account" warning when rotating
• Respects quietMode config option
• Uses configurable rateLimitToastDebounceMs (default 60s)

Slash Commands

• Command templates now output results exactly as returned by tools

Reliability & Data Safety

Identity-Based Tracking

• HealthScoreTracker and TokenBucketTracker now key on accountId|email|plan
• Scores persist correctly when accounts are reordered, removed, or merged
• Falls back to hashed refreshToken for legacy accounts without full identity

Memory Safety

• RateLimitTracker: periodic cleanup (every 60s) removes entries older than resetMs
• HealthScoreTracker: auto-prunes entries inactive for 24 hours
• TokenBucketTracker: auto-prunes entries inactive for 1 hour

Logging

• New logCritical() function for always-visible errors
• Migrated console.error calls to logWarn to respect debug settings
• Prevents TUI corruption from unexpected console output

Docs

• Updated CHANGELOG with v4.5.19 and v4.5.20 entries
• Added staleAfterMs config to tracker documentation

Full Changelog: v4.5.19...v4.5.20

v4.5.19

v4.5.19 — Release Notes (since v4.5.18)

This release fixes an issue where the consolidated codex-* tools were not appearing in the OpenCode TUI's slash command menu.

Highlights

• Explicit Slash Command Registration: Implemented the config hook to dynamically register /codex-status, /codex-switch-accounts, and /codex-toggle-account within the OpenCode TUI environment.
• Improved Tool Visibility: Tools are now correctly promoted as "primary tools" to ensure they appear at the top of the command list and are always available for the main agent session.

User-Facing Changes

• /codex-status, /codex-switch-accounts, and /codex-toggle-account now appear in the TUI menu when typing /.
• Each command includes a descriptive label and clear instructions for use.

Full Changelog: v4.5.18...v4.5.19

v4.5.18

v4.5.18 — Release Notes (since v4.5.17)

This release completes the authoritative Codex Status overhaul, providing perfect parity with official OpenAI Codex CLI tooling while implementing critical security hardening for account storage and logs.

Highlights

• Consolidated Codex Namespace: Renamed all account and status tools to the codex-* namespace for better discoverability and protocol alignment.
• Race-Free Security Hardening: Eliminated a potential window for world-readable sensitive files by enforcing 0o600 permissions at the exact moment of file creation.
• Performance Optimization: Implemented "Lazy Refresh" for tool-based status checks, significantly reducing network latency by skipping redundant token rotations.

User-Facing Changes

Tooling & Slash Commands

• Renamed /openai-accounts and /status-codex to a single authoritative /codex-status command.
• Renamed /openai-accounts-switch to /codex-switch-accounts.
• Renamed /openai-accounts-toggle to /codex-toggle-account.
• All tools are now automatically registered as slash commands in the OpenCode TUI.

UI Refinement

• Standardized all status labels to "5 hour limit:" and "Weekly limit:" to match codex-rs.
• Improved horizontal alignment and padding for the status table to ensure UI stability across different account states.

Reliability & Data Safety

Security Hardening

• Restricted Creation Mode: Updated lib/storage.ts and lib/logger.ts to use restricted 0600 modes inside writeFile and writeFileSync calls, ensuring that refresh tokens and user code are never world-readable even on systems with loose umask settings.
• Atomic Persistence: Refactored the core storage engine to use a unified saveAccountsWithLock pipeline, guaranteeing atomic tmp + chmod + rename operations for every write.

Concurrency & Robustness

• Merge Safety: Optimized the lock-reload-merge-write loop to prevent lost updates during high-concurrency scenarios (e.g., parallel agents updating status snapshots).
• SSE Memory Guard: Added a 1MB safety buffer to the SSE stream processor to prevent memory exhaustion from malformed or excessive backend responses.

Docs

• Comprehensive update of all troubleshooting, multi-account, and architectural documentation to reflect the new codex-* tool names and security model.

Full Changelog: v4.5.17...v4.5.18

v4.5.17

v4.5.17 — Release Notes (since v4.5.16)

Authoritative Status release: active fetching from official OpenAI usage endpoints and perfect protocol alignment.

Highlights

• Active Usage Fetching: Tools now actively fetch real-time rate limit data from https://chatgpt.com/backend-api/wham/usage (ChatGPT plans) and https://api.openai.com/api/codex/usage (API plans). This replaces the fragile SSE/Header capture fallbacks with a reliable direct connection to the source of truth.
• Inverted Usage Display: Status bars now correctly show "% left" instead of "% used", perfectly matching the official Codex CLI (codex-rs v0.92.0). The ASCII bars fill to represent remaining quota (█ for left, ░ for used).
• Protocol & Label Alignment: Refactored window labels to "5 hour limit:" and "Weekly limit:" (with mandatory colons) and ensured all vertical alignment remains stable across your account list.
• Detailed Reset Dates: Long-term window resets (Weekly) now display the full date and time (e.g., resets 18:10 on 5 Feb) when the reset is more than 24 hours away.
• Security & Concurrency Hardening: Implemented SHA-256 hashing for snapshot identifiers to protect sensitive tokens and enforced restrictive 0600 permissions across all account and cache files.

User-Facing Changes

Authoritative Codex Status

• Tools now display a professional, perfectly aligned table:
  5 hour limit: [████████████████████] 100% left (resets 07:45)
• Fixed all horizontal "jitter" and vertical shifting issues.

Authoritative Identity Management

• Status tools now proactively hydrate and repair account identities by forcing a background token refresh before the usage fetch.

Reliability & Data Safety

• Memory Safety: Added a 1MB length guard to the SSE stream buffer in index.ts to prevent memory exhaustion from malformed backend responses.
• Project-Wide Consistency: Standardized proper-lockfile usage and atomic write patterns across the entire repository.
• Test Integrity: Unit tests now strictly use repository fixtures for identities, snapshots, and raw WHAM response data.

Docs

• Finalized ARCHITECTURE.md to document the authoritative status protocol and multi-process state management strategy.

Full Changelog: v4.5.16...v4.5.17

v4.5.16

v4.5.16 — Release Notes (since v4.5.15)

Proactive Hydration, 5h Limit Correction, and Perfect UI Alignment.

Highlights

• Proactive Hydration: Tool calls (openai-accounts, status-codex) now explicitly trigger identity recovery. If an account is missing its email/plan/ID but has a valid refresh token, the tool will automatically repair it, ensuring your account list is always complete.
• 5h Limit Correction: Updated all labels and documentation to correctly reflect the actual 5h (300-minute) Primary rate limit window instead of the incorrect 3h label.
• Reset Dates (>24h): Long-term window resets (Weekly/7d) now display the full date (Month/Day) and time (e.g., reset 2/7 14:30), providing better visibility for subscription-level resets.
• Perfect ASCII Alignment: Refactored the table rendering to use fixed-width padding for all columns (Index, Account, Plan, and Status). This prevents the layout from shifting horizontally when status values or plan names vary in length.
• Layout Consistency: Both Primary and Weekly status bars are now always displayed for every account (showing unknown if no data has been captured yet), ensuring identical vertical spacing across your entire account list.

User-Facing Changes

Enhanced Status Tools

• Tools now display a professional table header:
  # Account Plan Status
• Fixed column "jitter" when subscription limits change or accounts have different plan types (e.g., Plus vs Enterprise).

Automatic Identity Repair

• Checking your status now doubles as a maintenance tool. Legacy or partially hydrated accounts are repaired automatically during the tool execution.

Reliability & Data Safety

• Identity Key Normalization: Hardened the snapshot key generation logic to ensure perfect matching between the proxy (capture) and CLI tools (display).
• Tool Registration Fix: Resolved a critical registration issue in index.ts that could cause tools to be missing from the OpenCode environment.

Docs

• Corrected technical documentation in ARCHITECTURE.md regarding OpenAI's rate limit window durations.

Full Changelog: v4.5.15...v4.5.16

v4.5.15

v4.5.15 — Release Notes (since v4.5.14)

7-Day Reset Dates, Snapshot Retention, and Debug Diagnostics.

Highlights

• 7-Day Reset Dates: Long-term window resets (Weekly/7d) now display the full date (Month/Day) instead of just the time if the reset is more than 24 hours away.
• Snapshot Retention: Implemented automatic pruning for snapshots. Data older than 7 days is now removed from the cache file during saves to prevent accumulation of dead data.
• Debug Diagnostics: Added diagnostic logging (enabled via OPENCODE_OPENAI_AUTH_DEBUG=1) for identity key generation and raw header parsing to help troubleshoot hydration issues.

User-Facing Changes

Reset Dates

• Reset strings for weekly limits now look like (reset 2/7 14:30) instead of just (reset 14:30).

Cache Maintenance

• Fixed an issue where fake or contaminated snapshot data could persist indefinitely. Stale snapshots are now pruned automatically.

Reliability & Data Safety

• Identity Matching Verification: Added logging to verify that account identities (accountId + email + plan) are generating matching keys between the proxy and CLI tools.
• Async Robustness: The pruning and merging logic remains non-blocking and lock-safe.

Full Changelog: v4.5.14...v4.5.15