v6.1.3

Summary

• Published oc-codex-multi-auth@6.1.3 to npm with the latest dist-tag.
• Added explicit GPT-5.5 Fast aliases and scoped GPT-5.5 -> GPT-5.4 auto-fallback.
• Removed GPT-5.5 Pro routing/config entries because GPT-5.5 Pro is ChatGPT-only, not Codex.
• Fixed unsupported-model pool exhaustion messaging and the Auth import typecheck regression.

Verification

• npm run typecheck
• npm publish
• PR #142 merged
• PR #143 merged

v6.1.2

GPT-5.5 Compatibility Patch

This release publishes the GPT-5.5 2026-04-23 compatibility update as version 6.1.2.

• Adds GPT-5.5 2026-04-23 release presets in the shipped OpenCode config templates.
• Activates GPT-5.5 2026-04-23 across runtime model routing.
• Aligns runtime model mapping with the new release family.
• Falls back cleanly when GPT-5.5 is unavailable upstream.

v6.1.1

Minor Compatibility and Stability Release

This release carries retry-path hardening for non-5xx upstream failures plus the release metadata required to publish the patch cleanly. Read the summary below before upgrading or publishing.

• Retries structured service_unavailable_error and server_is_overloaded payloads as server faults instead of misclassifying them as rate limits.
• Preserves overload retry_after backoff when the account pool is exhausted, including single-account configurations.
• Retries live upstream server_error payloads on non-5xx responses.
• Stabilizes merged retry regression coverage and publishes the resulting patch as 6.1.1.

Commit Summary

• 536bc49 chore(release): prepare v6.1.1
• c151a21 test(retry): reset module state between server retry regression cases
• 512a4da Merge branch pr-139-open into release/pr137-pr139
• 2fafba6 Merge branch pr-137-open into release/pr137-pr139

Thank you to 1 community contributor:

• @sdip15fa:
  • original structured overload retry lane merged through #137

v6.1.0

Minor Compatibility and Stability Release

This release carries 29 commits of audit-driven remediation across safety, architecture, DX, and new features, executed phase-by-phase with zero breaking changes to the public API. Read the summary below before upgrading.

• Safety: CRITICAL auth-failure race fixed (lib/accounts.ts), destructive defaults (importAccounts, exportAccounts, codex-remove) now require explicit opt-in, debounced saves flush on SIGINT/SIGTERM, V2 storage files no longer silently drop, schemaVersion > 3 now throws instead of discarding data.
• Architecture: index.ts down 43%, lib/storage.ts down 94%, lib/accounts.ts down 73% via RC-1..RC-9 refactors; typed error hierarchy in lib/errors.ts; all 18 tools extracted to lib/tools/*; AccountManager split into 4 domain services; circuit-breaker half-open gate wired into the request pipeline; Zod validation at remaining process boundaries.
• Dev & OSS hygiene: Dependabot + Scorecard workflows, commit-msg hook enforcing Conventional Commits, per-file coverage floor, CI matrix (Node 18/20/22 + Windows), release-please automation, Keep-a-Changelog format, README badges, CONTRIBUTING local-dev, chaos fault-injection test suite (20 scenarios), contract tests pinning OpenAI/Codex API shapes.
• New features: codex-diag redacted diagnostics snapshot tool, codex-diff redacted config comparator, codex-keychain opt-in OS-keychain backend (via CODEX_KEYCHAIN=1, macOS Keychain / Windows Credential Manager / Linux libsecret), multi-worktree collision detection + non-blocking warning, NO_COLOR/FORCE_COLOR support.

Commit Summary

• e19c645 fix(keychain): F1 LOW + NIT polish from post-merge review (#134)
• f17ff0d fix(keychain): address F1 post-merge review findings (1 HIGH + 3 MEDIUM) (#133)
• ae75093 feat(security): opt-in OS-keychain credential backend via CODEX_KEYCHAIN=1 (#132)
• 514b7aa test(contracts): pin external API shapes (OAuth + Codex chat + SSE) (#131)
• dba4b26 feat: Phase 4 F2 - multi-worktree collision detection (#130)
• 10acf92 feat(tools): add codex-diff redacted config comparison tool (#129)
• 9115f4d test(batch-e): real fault-injection chaos tests (8 scenarios) (#128)
• d8fdd74 ci(batch-d): release-please automation (node release type, Conventional Commits, Keep-a-Changelog) (#127)
• 6ba5df1 feat: Phase 3 Batch C - NO_COLOR + codex-diag diagnostics snapshot (#126)
• 921d095 docs(batch-b): README badges + CONTRIBUTING local-dev + Keep-a-Changelog + ARCHITECTURE v6 refresh (#124)
• 11995a5 ci(batch-a): dependabot + scorecard + commit-msg hook + per-file coverage floor (#125)
• 158c764 refactor(rc-8): wire circuit-breaker half-open gate into request pipeline (#123)
• ef35af8 refactor(rc-7): split AccountManager into state/persistence/rotation/recovery services (#122)
• 6c1598b refactor(rc-1): extract remaining 15 tools to lib/tools/* (#121)
• 69f85ba refactor(rc-1): hoist closure-free helpers to lib/runtime.ts and scaffold lib/tools/ (#115)
• 5a7eb75 refactor(rc-3): typed error hierarchy in lib/errors.ts (#120)
• a41cb1b refactor(rc-9): zod-validate remaining process boundaries (#119)
• 7ad3cfc refactor(rc-6): split runtime-contracts into oauth-constants + error-sentinels (#118)
• c6bbb93 refactor(rc-4): consolidate recovery module layout (#117)
• ac2f4d8 refactor(rc-2): split lib/storage.ts into purpose-specific modules under lib/storage/ (#116)
• cfd093f fix(installer): deep-merge provider.openai + --dry-run preview (#114)
• 42ebfd2 fix(storage): handle V2 schema (migrate or explicit reject) (#113)
• e14f37e fix(security): strict nullish merge + loopback URI + CLI zod + token redaction (#112)
• 0014f5a fix(reliability): shutdown flush + forward-compat schema guard (#110)
• fbd2efc refactor(dead-code): remove unused auth-rate-limit + audit modules (#109)
• 7bf8827 fix(safety): serialize auth-failure increment + flip destructive defaults (#108)
• da308d4 docs(audits): full-repository audit v1 for v6.0.0 (SHA d92a8ee) (#107)
• b7b0e08 ci: add quality gates matrix (typecheck/lint/test/build + prod audit) (#111)
• d92a8ee deps: patch all open Dependabot advisories (#106)

v6.0.0

Major Rebrand and Beginner Operations Release

This release introduces the oc-codex-multi-auth package line and beginner-focused operations tooling. Read the migration notes before upgrading or publishing.

• Breaking rebrand: the plugin, repo, installer, and package surfaces now use oc-codex-multi-auth instead of oc-chatgpt-multi-auth.
• Runtime account storage now writes oc-codex-multi-auth-accounts.json and oc-codex-multi-auth-flagged-accounts.json, with automatic migration from legacy file names on first load.
• Beginner operations: added codex-help, codex-setup (wizard/fallback), codex-doctor fix, codex-next, codex-tag, codex-note, interactive pickers, startup preflight summary, and safer export/import flows.
• Operational hardening: improved non-interactive guidance, zero-account import handling, and installer cache cleanup during the package cutover.

Breaking Changes

• Update your OpenCode plugin entry from oc-chatgpt-multi-auth to oc-codex-multi-auth.
• The package, repo, plugin manifest, installer surface, and public docs now all use the new oc-codex-multi-auth name.
• Existing storage migrates automatically; no manual account export/import is required for the rename itself.

Added

• Beginner operations toolkit: codex-help, codex-setup, codex-doctor fix, and codex-next.
• Account metadata commands: codex-tag and codex-note, plus tag filtering in codex-list.
• Interactive account pickers for codex-switch, codex-label, and codex-remove when the terminal supports them.
• Safer backup/import controls: timestamped export paths, codex-import dry-run preview, and automatic pre-import backup on apply.
• Beginner safe mode via beginnerSafeMode and CODEX_AUTH_BEGINNER_SAFE_MODE.
• One-time startup preflight summary with recommended next action.

Changed

• V3 account metadata now includes optional accountTags and accountNote.
• README, docs portal, FAQ, and development docs now reflect the codex-first operational flow and the rebranded package line.
• Public package metadata, plugin manifest, installer scripts, and setup skill now match oc-codex-multi-auth.
• Test coverage now includes beginner helpers, safe-fix diagnostics, tag/note behavior, and timestamped backup/import utilities.

Fixed

• Optional-index commands now give clear usage guidance when interactive menus are unavailable.
• codex-doctor fix now reports a clean non-crashing result when no eligible account exists for auto-switch.
• codex-import no longer fails on empty storage when no backup is available to export first.
• Installer cache cleanup now removes both the old and new package names so stale cached artifacts do not survive the cutover.

Commit Summary

• a7a24ee Keep repository language stats aligned with TypeScript source (#105)
• 4ba99b2 chore: align repo ownership metadata to ndycode
• 8b1fab5 docs: remove legacy package name from public docs
• 2f5f5d6 Merge pull request #104 from ndycode/git-plan/oc-codex-multi-auth-rebrand
• 965eb4a docs: refresh codex-first rebrand and cutover notes
• 6140ee1 feat!: rename package and migrate runtime storage
• 4bef594 Add Codex plugin manifest and setup skill

Full Changelog: v5.4.9...v6.0.0

v5.4.9

Minor Compatibility and Stability Release

This release carries compatibility-facing behavior changes and operational hardening. Read the summary below before upgrading or publishing.

• Makes the installer default to a merged full catalog so new installs expose both modern base models and the full explicit preset catalog without hand-editing opencode.json.
• Keeps --modern and --legacy as explicit opt-outs while hardening installer writes with atomic temp-file persistence, Windows EPERM/EBUSY retry handling, and redacted error logging.
• Fixes --help to short-circuit before conflicting mode validation and preserves the full-catalog merge path with regression coverage.

Commit Summary

• f88fcc1 docs: clarify modern model preset catalog
• 000cf1f fix: default installer to full model catalog
• c1b4e6b fix: address pr review follow-ups
• 335362f fix: harden installer writes and test full mode
• ff25f75 Merge branch 'main' into fix/issue-98-model-catalog-docs
• 5ba83ff fix: unpin cached plugin without clearing cache
• fcbf613 fix: harden full catalog installer safeguards
• 1347126 Guard full template provider spreads
• eee2374 Merge pull request #100 from ndycode/fix/issue-98-model-catalog-docs
• e3df6f2 Release v5.4.9

v5.4.8

Minor Compatibility and Stability Release

This release carries compatibility-facing behavior changes and operational hardening. Read the summary below before upgrading or publishing.

• Adds JSON output support and routing visibility for read-only Codex ops so automation can inspect status, metrics, dashboard, and doctor flows without scraping text output.
• Adds a first-party ChatGPT device-code login flow for SSH, WSL, and other headless environments, and unifies login finalization across browser, manual, and device-code auth paths.
• Hardens runtime and account handling around storage import parity, deactivated-workspace rotation, and dependency-audit cleanup for the shipped package.

Commit Summary

• 3b88601 add json ops output and routing visibility
• f1c62c1 tighten json ops docs and routing selection
• a0b1a5f fix: tighten json ops routing visibility
• eae34e9 Merge pull request #92 from ndycode/feat/codex-ops-json-visibility
• 3111667 refactor(auth): extract shared login runner
• 9968199 feat(auth): add device code login flow
• a56cb2c test(auth): cover device code login
• 890f122 fix(auth): redact device-code logs
• e359d02 Merge pull request #93 from ndycode/feat/device-code-auth
• 5a6d594 refactor: unify login finalization across auth flows
• eb44872 fix: tighten storage identity and persistence contracts
• b6ae45f refactor: harden runtime error contracts

v5.4.7

Minor Compatibility and Stability Release

This release carries compatibility-facing behavior changes and operational hardening. Read the summary below before upgrading or publishing.

• Corrects GPT-5 legacy alias routing so gpt-5-mini and gpt-5-nano normalize to the proper GPT-5.4 Mini/Nano families, adds first-class gpt-5.4-nano support, and tightens GPT-5.4 Pro reasoning coercion/validation.
• Refreshes shipped config metadata for the GPT-5.4 family and Codex models, including the current context-window values, new GPT-5.4 Pro/Nano entries, and updated config template guidance.
• Preserves caller-supplied max_output_tokens in transformed Responses requests instead of silently clearing explicit output budgets.
• Treats built-in Responses tools as first-class bridge/runtime entries and expands passthrough coverage for newer Responses API request fields.

Commit Summary

• 821678b fix: tighten workspace identity follow-ups
• d9beaab test: close pr86 greptile follow-ups
• f9db58f Merge pull request #86 from ndycode/fix/pr85-greptile-followups
• f7d203b fix: correct model alias mapping, add gpt-5.4-nano, validate Pro reasoning
• be7a969 fix: update config metadata for gpt-5.4 family and Codex context windows
• 5657d20 fix: preserve max_output_tokens in transformed requests
• 4de1a27 feat: treat built-in Responses tools as first-class bridge entries
• 6411373 feat: add prompt cache diagnostics to codex-doctor
• a9453ac fix: redact prompt cache keys in doctor output
• 902194e fix: align prompt cache metrics with fetch attempts
• 4445528 fix: clarify gpt-5 alias comments and pro coercion logs
• cd6cbc7 docs: clarify max output token passthrough safety

v5.4.6

Minor Compatibility and Stability Release

This release carries compatibility-facing behavior changes and operational hardening. Read the summary below before upgrading or publishing.

• Gracefully handles deactivated_workspace responses by removing and flagging only the dead workspace entry instead of dropping healthy siblings that share the same user or refresh token.
• Preserves workspace identity during doctor/health cleanup and keeps deactivated workspaces out of verify-flagged restore and quota-probe paths so the wrong account is not restored or removed.
• Expands regression coverage for deactivated-workspace detection, org-scoped cleanup, and flagged-account restore behavior.

Commit Summary

• 8cd8574 docs: refresh config guidance for current main structure
• f667464 fix: gracefully handle deactivated_workspace by removing only the dead workspace entry
• de8615b fix: preserve workspace identity in flagged cleanup
• c0b51aa fix: keep deactivated workspaces out of restore flow
• 85877c1 Merge pull request #85 from dengerouzzz/main
• 0c8f64a chore(release): v5.4.6

v5.4.5

Minor Compatibility and Stability Release

This release carries compatibility-facing behavior changes and operational hardening. Read the summary below before upgrading or publishing.

• Added first-class gpt-5.4-mini support across model normalization, prompt-family routing, shipped config templates, and configuration docs.
• Expanded regression coverage for GPT-5.4 Mini model mapping, prompt-cache isolation, request transformation, and reasoning behavior while preserving legacy gpt-5-mini / gpt-5-nano alias semantics.
• Refreshed the README/docs presentation and repository metadata surfaces for the current operational workflow.
• Added anti-slop PR screening guardrails via the repository PR template and quality workflow.

Commit Summary

• 7fd7017 Refresh docs and repo presentation
• 4b4ef5f chore: add anti-slop PR screening workflow (#81)
• 7ae7cb8 feat(models): phase 1 - add gpt-5.4-mini core normalization
• d218dd0 feat(models): phase 2 - wire gpt-5.4-mini family surfaces
• 2b18fe7 test(models): phase 3 - cover gpt-5.4-mini behavior
• 6a0bea3 fix(models): preserve legacy lightweight reasoning behavior
• 621e80e Potential fix for pull request finding
• e9197f9 fix(models): address PR review feedback for gpt-5.4-mini
• d8e0e36 Merge branch 'pr-83-release-validate' into release/pr83-validate
• ef44165 chore(release): v5.4.5