release: ship v1.2.0

Author: ndycode

README.md

@@ -291,9 +291,9 @@ codex auth doctor --json
 
 ## Release Notes
 
-- Current stable: [docs/releases/v1.1.10.md](docs/releases/v1.1.10.md)
-- Previous stable: [docs/releases/v0.1.9.md](docs/releases/v0.1.9.md)
-- Earlier stable: [docs/releases/v0.1.8.md](docs/releases/v0.1.8.md)
+- Current stable: [docs/releases/v1.2.0.md](docs/releases/v1.2.0.md)
+- Previous stable: [docs/releases/v1.1.10.md](docs/releases/v1.1.10.md)
+- Earlier stable: [docs/releases/v0.1.9.md](docs/releases/v0.1.9.md)
 - Archived prerelease: [docs/releases/v0.1.0-beta.0.md](docs/releases/v0.1.0-beta.0.md)
 
 ## License

docs/README.md

@@ -26,9 +26,9 @@ Public documentation for `codex-multi-auth`.
 | [troubleshooting.md](troubleshooting.md) | Recovery playbooks for install, login, switching, and stale state |
 | [privacy.md](privacy.md) | Data handling and local storage behavior |
 | [upgrade.md](upgrade.md) | Migration from legacy package and path history |
-| [releases/v1.1.10.md](releases/v1.1.10.md) | Stable release notes |
-| [releases/v0.1.9.md](releases/v0.1.9.md) | Previous stable release notes |
-| [releases/v0.1.8.md](releases/v0.1.8.md) | Earlier stable release notes |
+| [releases/v1.2.0.md](releases/v1.2.0.md) | Stable release notes |
+| [releases/v1.1.10.md](releases/v1.1.10.md) | Previous stable release notes |
+| [releases/v0.1.9.md](releases/v0.1.9.md) | Earlier stable release notes |
 | [releases/v0.1.7.md](releases/v0.1.7.md) | Archived stable release notes |
 | [releases/v0.1.6.md](releases/v0.1.6.md) | Archived stable release notes |
 | [releases/v0.1.5.md](releases/v0.1.5.md) | Archived stable release notes |
@@ -45,7 +45,7 @@ Public documentation for `codex-multi-auth`.
 | [reference/storage-paths.md](reference/storage-paths.md) | Canonical and compatibility storage paths |
 | [reference/public-api.md](reference/public-api.md) | Public API stability and semver contract |
 | [reference/error-contracts.md](reference/error-contracts.md) | CLI, JSON, and helper error semantics |
-| [releases/v1.1.10.md](releases/v1.1.10.md) | Current stable release notes |
+| [releases/v1.2.0.md](releases/v1.2.0.md) | Current stable release notes |
 | [releases/v0.1.0-beta.0.md](releases/v0.1.0-beta.0.md) | Archived prerelease reference |
 | [User Guides release notes](#user-guides) | Stable, previous, and archived release notes |
 | [releases/legacy-pre-0.1-history.md](releases/legacy-pre-0.1-history.md) | Archived pre-0.1 changelog history |

docs/releases/v1.2.0.md

@@ -0,0 +1,82 @@
+# Release v1.2.0
+
+Release date: 2026-03-20
+Channel: `latest`
+
+## Highlights
+
+- Added manual login fallback for headless or browser-suppressed auth flows.
+- Preserved selected workspace identity through request routing, refresh, and failover retries.
+- Added proxy-compatible upstream transport plus automatic workspace rotation on disabled or expired workspace errors.
+- Added onboarding restore from the latest saved backup and restored experimental settings hotkeys in the TUI.
+
+## Install
+
+```bash
+npm i -g @openai/codex
+npm i -g codex-multi-auth
+```
+
+## Core Operations
+
+```bash
+codex auth login
+codex auth list
+codex auth status
+codex auth forecast --live
+codex auth fix --live
+```
+
+## Validation Snapshot
+
+Release gate commands:
+
+- `npm run clean:repo:check`
+- `npm run typecheck`
+- `npm run build`
+- `npm run lint`
+- `npm test -- --run test/documentation.test.ts`
+- `npm test`
+
+Broad validation result:
+
+- `repo-hygiene check passed`
+- `npm run typecheck` passed
+- `npm run build` passed
+- `npm run lint` passed
+- `19/19` documentation integrity tests passed
+- `106/106` test files passed on the integrated `v1.2.0` release branch
+- `2640/2640` tests passed on the integrated `v1.2.0` release branch
+
+## Merged PRs
+
+- `#132` `add manual login mode for headless auth flows`
+- `#133` `preserve selected workspace in request routing`
+- `#134` `add proxy-compatible upstream transport`
+- `#136` `feat: auto-rotate on disabled/expired workspace errors`
+- `#137` `add onboarding restore for latest saved backup`
+- `#138` `fix experimental settings tui hotkeys`
+
+## Commits
+
+- PR `#132` adds manual browser-free login support and the related CLI and docs coverage.
+- PR `#133` keeps stored workspace identity stable through refresh and retry paths instead of collapsing back to token-derived IDs.
+- PR `#134` adds proxy-aware upstream transport handling without widening into auth or quota probe traffic.
+- PR `#136` rotates to successor workspaces when the active workspace is disabled or expired, while preserving the non-workspace fallback path.
+- PR `#137` adds empty-pool onboarding restore from named backups and keeps restore state stable across backup scan races.
+- PR `#138` restores experimental settings hotkeys and the matching help text, docs, and regression coverage.
+- The release bump in this branch promotes `1.2.0` in package metadata and refreshes the stable release-note links in the root docs surfaces.
+
+## Notes
+
+- `codex auth login` now supports manual OAuth completion when browser launch or the local callback listener is unavailable.
+- Request routing preserves explicit workspace selections across failover and token refresh, and upstream requests now honor standard proxy environment variables.
+- Disabled or expired workspace responses now rotate within the current account before falling back to another account.
+- First-run onboarding can restore the latest saved backup before new sign-in, and the experimental settings screens once again honor their documented hotkeys.
+
+## Related
+
+- [../getting-started.md](../getting-started.md)
+- [../upgrade.md](../upgrade.md)
+- [../reference/commands.md](../reference/commands.md)
+- [../reference/settings.md](../reference/settings.md)

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "codex-multi-auth",
-	"version": "1.1.10",
+	"version": "1.2.0",
 	"description": "Multi-account OAuth manager and codex auth wrapper for the official @openai/codex CLI, with switching, health checks, and recovery tools",
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",

package.json

@@ -3073,22 +3073,6 @@ describe("codex manager cli commands", () => {
 		expect(storageState.accounts).toHaveLength(1);
 	});
 
-	it("supports interactive manual login selection without waiting for a callback", async () => {
-		setInteractiveTTY(true);
-		const now = Date.now();
-		let storageState = {
-			version: 3 as const,
-			activeIndex: 0,
-			activeIndexByFamily: { codex: 0 },
-			accounts: [] as Array<Record<string, unknown>>,
-		};
-		loadAccountsMock.mockImplementation(async () => structuredClone(storageState));
-		saveAccountsMock.mockImplementation(async (nextStorage) => {
-			storageState = structuredClone(nextStorage);
-		});
-		promptLoginModeMock.mockResolvedValueOnce({ mode: "cancel" });
-		promptAddAnotherAccountMock.mockResolvedValue(false);
-
 	it("restores the latest named backup from onboarding when no accounts exist", async () => {
 		const now = Date.now();
 		setInteractiveTTY(true);

test/codex-manager-cli.test.ts

@@ -23,8 +23,8 @@ function createMockAccount(
 		index: 0,
 		accountId: "account-1",
 		email: "user@example.com",
-		refreshToken: "refresh-token",
-		access: "access-token",
+		refreshToken: "refresh-token-account-1",
+		access: "access-token-account-1",
 		expires: Date.now() + 60_000,
 		addedAt: Date.now(),
 		lastUsed: Date.now(),
@@ -100,6 +100,8 @@ vi.mock("../lib/accounts.js", async () => {
 	const tokenUtils = await vi.importActual("../lib/auth/token-utils.js");
 	const tokenUtilsModule = tokenUtils as typeof import("../lib/auth/token-utils.js");
 	class AccountManager {
+		private currentAuthAccount: Record<string, any> | null = null;
+
 		static async loadFromDisk() {
 			return new AccountManager();
 		}
@@ -133,14 +135,29 @@ vi.mock("../lib/accounts.js", async () => {
 
 		recordFailure() {}
 
-	toAuthDetails() {
-		return {
-			type: "oauth",
-			access: "access-token",
-			refresh: "refresh-token",
-			expires: Date.now() + 60_000,
-		};
-	}
+		toAuthDetails(account?: Record<string, any>) {
+			const resolvedAccount =
+				account ??
+				this.currentAuthAccount ??
+				accountManagerState.accounts[0] ??
+				createMockAccount();
+			this.currentAuthAccount = resolvedAccount;
+			return {
+				type: "oauth",
+				access: String(
+					resolvedAccount.access ?? `access-token-${resolvedAccount.accountId ?? "account-1"}`,
+				),
+				refresh: String(
+					resolvedAccount.refreshToken ??
+						`refresh-token-${resolvedAccount.accountId ?? "account-1"}`,
+				),
+				expires: Number(resolvedAccount.expires ?? Date.now() + 60_000),
+				idToken:
+					typeof resolvedAccount.idToken === "string"
+						? resolvedAccount.idToken
+						: undefined,
+			};
+		}
 
 	hasRefreshToken(_token: string) {
 		return true;
@@ -252,8 +269,17 @@ vi.mock("../lib/accounts.js", async () => {
 
 	return {
 		AccountManager,
-		extractAccountEmail: () => "user@example.com",
-		extractAccountId: () => "account-1",
+		extractAccountEmail: (accessToken?: string) => {
+			if (!accessToken) {
+				return "user@example.com";
+			}
+			const match = /account-(\d+)/.exec(accessToken);
+			return match ? `user${match[1]}@example.com` : "user@example.com";
+		},
+		extractAccountId: (accessToken?: string) => {
+			const match = accessToken ? /account-\d+/.exec(accessToken) : null;
+			return match?.[0] ?? "account-1";
+		},
 		selectBestAccountCandidate: (candidates: Array<{ accountId: string }>) => candidates[0] ?? null,
 		resolveRuntimeRequestIdentity: ({
 			storedAccountId,
@@ -268,7 +294,9 @@ vi.mock("../lib/accounts.js", async () => {
 			accessToken?: string;
 			idToken?: string;
 		}) => {
-			const tokenAccountId = accessToken ? "account-1" : undefined;
+			const tokenAccountId = accessToken
+				? tokenUtilsModule.extractAccountId(accessToken)
+				: undefined;
 			const tokenEmail = tokenUtilsModule.sanitizeEmail(
 				tokenUtilsModule.extractAccountEmail(accessToken, idToken),
 			);