Skip to content

Releases: 4LAU/codex-profile-switcher

v0.5.0

Choose a tag to compare

@4LAU 4LAU released this 24 Jun 21:10
0f4d6ac

What's new in 0.5.0

Added

  • codex-profile lease command for warm-session account rotation. lease begin|swap|end|gc reserves the best-quota profile and seeds a private throwaway CODEX_HOME for a long-lived (warm) Codex session, recording a TTL reservation so two concurrent runs never pick the same account. lease swap hot-rotates the credential to a fresh account in place when the current one hits a usage limit — without losing the warm session; lease end writes the refreshed credential back and tears the lease down (idempotent, trap-safe); lease gc reclaims expired or orphaned lease homes.
  • import-auth --non-interactive and --timeout <seconds> — the headless-safe credential write-back path used by lease end.

Fixed

  • Lease credential-safety under concurrency. Every read-modify-write of the shared usage cache now runs inside a cross-process lock, so a concurrent writer can no longer drop a just-committed lease. swap/end/gc preserve refreshed credentials, never strand a rotated token, and never resurrect or clobber a concurrent lease.

The notarized DMG is attached below. Homebrew users get the update automatically.

v0.4.1

Choose a tag to compare

@4LAU 4LAU released this 11 Jun 14:22
69d3fb3

Changed

  • Unsigned (ad-hoc) builds of the app and CLI no longer touch the macOS Keychain. Every rebuild of an unsigned binary has a new code identity, which made macOS show a consent prompt per saved profile after each rebuild. Unsigned builds now automatically use a separate file-based dev vault at ~/.codex-switcher/dev-auth-store with a one-line notice; signed builds (releases, make install-cli) keep using the Keychain unchanged.

See CHANGELOG.md for details.

v0.4.0

Choose a tag to compare

@4LAU 4LAU released this 11 Jun 13:22
1d8d343

Added

  • New codex-profile exec -- <command> [args...] command: runs any command with CODEX_HOME pointed at the best profile's credentials and automatically rotates to the next best profile when the command fails with a usage-limit error (--max-attempts, default 3). The exhausted profile is marked unavailable for an hour, refreshed tokens are written back to the profile afterwards, and the live ~/.codex is never touched. stdin/stdout pass through untouched; the child's exit code is passed through on non-retryable failures.

See CHANGELOG.md for details.

v0.3.0

Choose a tag to compare

@4LAU 4LAU released this 10 Jun 17:08
fce5ba4

Added

  • best-auth now fetches live usage (Codex app-server, bounded concurrency) before ranking, instead of relying on the menu bar app's cached usage file. When the app isn't running it no longer silently picks alphabetically off a stale/empty cache. Per-profile fetch failures fall back to the cached snapshot, and fresh snapshots are merged back into the cache.
  • best-auth --json emits a stable machine-readable report (selected, tier, score, candidates[], fetched). status --json and list --json emit structured output too. Default (non-JSON) best-auth output is unchanged: the bare selected profile ID.
  • best-auth now has documented, stable exit codes: 0 selected, 2 no eligible profile, 3 no profiles configured, 4 usage data unavailable, 6 keychain interaction required, 7 watchdog timeout.

Changed

  • Usage polling now uses Codex's app-server exclusively; removes the reverse-engineered usage API client and OAuth refresh-on-poll.
  • best-auth and import-auth are now official supported commands. import-auth exits 5 only on an identity mismatch (a refreshed credential belonging to a different account) and 1 for other failures.

Fixed

  • Fixed false "re-auth needed" status for profiles with valid tokens (bare 401/403 substrings false-positived on unrelated error messages such as port numbers).
  • Fixed best-auth reporting a different tier/score from what was used for selection when a rate-limit reset boundary was crossed between the ranking and report steps.
  • Fixed a potential data race between background usage refreshes and profile state.
  • best-auth no longer hangs forever in non-interactive shells (CI, command substitution, background tasks). When stdin is not a terminal (or --non-interactive is passed), a Keychain read that needs interactive consent now exits with a clear message (code 6) instead of blocking on a modal prompt with no UI. A global watchdog (--timeout, default 30s, exit 7) guarantees the command always terminates.

v0.2.1

Choose a tag to compare

@4LAU 4LAU released this 04 Jun 17:43
942ad03

Fixed

  • Reduced Keychain password prompts from 36 to 12 (one per profile, one-time after binary change) by eliminating redundant reads during save and refresh
  • ACL repair now retries on next launch if any profiles were denied — previously a partial failure was treated as complete
  • Added crash-window recovery files so credentials survive a process kill during repair
  • CLI auto-repair runs before auth-reading commands (best-auth, status, import-auth, login, app) — no longer requires explicit keychain-repair

v0.2.0

Choose a tag to compare

@4LAU 4LAU released this 02 Jun 21:19
2b2fdd0

Breaking

  • Existing profiles stored in the data protection Keychain are no longer accessible — re-login each profile with codex-profile login <name>

Changed

  • Switched from data protection Keychain to legacy ACL Keychain — swift build now produces a fully working binary without entitlements or provisioning profiles
  • Removed migrate CLI command and all migration machinery

Removed

  • Data protection Keychain backend (DataProtectionKeychainAuthVault)
  • Dual-backend migration wrapper (MigratingAuthVault)
  • Provisioning profile discovery and embedding
  • "Migration needed" profile status in the UI

v0.1.12

Choose a tag to compare

@4LAU 4LAU released this 31 May 01:32
f7a9ef6

Added

  • best-auth CLI command — selects the least-used configured profile and exports its credentials to a temp directory for codex exec --ephemeral
  • mark-exhausted CLI command — flags a profile as rate-limited so best-auth skips it
  • import-auth CLI command — imports refreshed credentials back from a temp directory with identity verification

Fixed

  • GUI app now preserves CLI-written exhaustion overrides when saving the usage cache
  • Profile removal and auth clearing now clean up exhaustion overrides

v0.1.11

Choose a tag to compare

@4LAU 4LAU released this 29 May 20:50
df2e8d1

Added

  • Show "Update to vX.Y.Z — restart now?" inline in the menu when a new version is downloaded, instead of requiring a manual check

v0.1.10

Choose a tag to compare

@4LAU 4LAU released this 29 May 20:26
95ad73a

Fixed

  • Fix "Unable to find Electron app" error when relaunching Codex Desktop after a profile switch (compatibility with Codex CLI 0.134+)

v0.1.9

Choose a tag to compare

@4LAU 4LAU released this 22 May 00:59
7d16314

Changed

  • Reduce polite quit window from 15s to 5s before escalating to SIGTERM, making profile switches faster