@imdeadpool/codex-account-switcher 0.1.11 → 0.1.15

package/README.md

@@ -25,6 +25,11 @@ During global install, the package asks for permission to add an optional shell
 (`~/.bashrc` or `~/.zshrc`) that auto-runs a silent snapshot sync after successful
 official `codex login`.
 
+On later global updates, if the hook is already installed, `codex-auth` refreshes the
+hook block automatically to the latest template (no manual remove/setup needed).
+The refreshed hook always wraps `codex` in your shell so sync/restore still run even if
+another shell config already defined `codex` as a function.
+
 - Choose `y` to enable fully automatic login snapshot capture.
 - Choose `n` (default) to skip.
 - Set `CODEX_AUTH_SKIP_POSTINSTALL=1` to always suppress this prompt.
@@ -123,7 +128,7 @@ codex-auth remove-login-hook
 - `codex-auth config auto ...` – Enables/disables managed auto-switch and updates threshold percentages.
 - `codex-auth config api enable|disable` – Chooses usage source mode (`api` or `local`).
 - `codex-auth daemon --once|--watch` – Runs the auto-switch loop once or continuously.
-- `codex-auth setup-login-hook [-f <path>]` – Installs an optional shell hook in your rc file to restore session-pinned snapshot before each `codex` run, refresh codex-auth session memory after each `codex` exit, and restore common terminal modes before returning to your prompt.
+- `codex-auth setup-login-hook [-f <path>]` – Installs or refreshes an optional shell hook in your rc file to restore session-pinned snapshot before each `codex` run, refresh codex-auth session memory after each `codex` exit, and restore common terminal modes before returning to your prompt.
 - `codex-auth hook-status [-f <path>]` – Shows whether the optional login auto-snapshot hook is installed for the selected rc file.
 - `codex-auth remove-login-hook [-f <path>]` – Removes the optional shell hook.
 
@@ -154,3 +159,4 @@ Notes:
 - Works on macOS/Linux/Windows (regular-file auth snapshot activation).
 - Requires Node 18+.
 - Running bare `codex-auth` shows the help screen and also displays an update notice when a newer npm release is available.
+- Running bare `codex-auth` now prompts to install updates immediately when a newer npm release is available (`[Y/n]`, Enter defaults to yes).

package/dist/commands/remove-login-hook.js

@@ -24,7 +24,7 @@ class RemoveLoginHookCommand extends base_command_1.BaseCommand {
         });
     }
 }
-RemoveLoginHookCommand.description = "Remove the shell hook that auto-syncs snapshots after `codex login`";
+RemoveLoginHookCommand.description = "Remove the shell hook that keeps terminal snapshot memory in sync";
 RemoveLoginHookCommand.flags = {
     shellRc: core_1.Flags.string({
         char: "f",

package/dist/commands/setup-login-hook.js

@@ -17,6 +17,9 @@ class SetupLoginHookCommand extends base_command_1.BaseCommand {
             if (result === "already-installed") {
                 this.log(`Login auto-snapshot hook is already installed in ${rcPath}.`);
             }
+            else if (result === "updated") {
+                this.log(`Updated login auto-snapshot hook in ${rcPath}.`);
+            }
             else {
                 this.log(`Installed login auto-snapshot hook in ${rcPath}.`);
             }
@@ -24,7 +27,7 @@ class SetupLoginHookCommand extends base_command_1.BaseCommand {
         });
     }
 }
-SetupLoginHookCommand.description = "Install a shell hook that auto-syncs snapshots after successful `codex login`";
+SetupLoginHookCommand.description = "Install or refresh a shell hook that keeps terminal snapshot memory in sync";
 SetupLoginHookCommand.flags = {
     shellRc: core_1.Flags.string({
         char: "f",

package/dist/hooks/init/update-notifier.js

@@ -1,5 +1,9 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const promises_1 = __importDefault(require("node:readline/promises"));
 const update_check_1 = require("../../lib/update-check");
 const hook = async function (options) {
     if (options.id)
@@ -18,6 +22,27 @@ const hook = async function (options) {
     if (summary.state !== "update-available")
         return;
     this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
-    this.log("Run `codex-auth self-update` to install the latest version.");
+    const rl = promises_1.default.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    let shouldUpdate = false;
+    try {
+        const answer = await rl.question("Install the update now? [Y/n] ");
+        shouldUpdate = (0, update_check_1.shouldProceedWithYesDefault)(answer);
+    }
+    finally {
+        rl.close();
+    }
+    if (!shouldUpdate) {
+        this.log("Skipped update. Run `codex-auth self-update` anytime.");
+        return;
+    }
+    const exitCode = await (0, update_check_1.runGlobalNpmInstall)(update_check_1.PACKAGE_NAME);
+    if (exitCode === 0) {
+        this.log(`✓ codex-auth updated to ${latestVersion}.`);
+        return;
+    }
+    this.log(`Update failed (exit code ${exitCode}). Run: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
 };
 exports.default = hook;

package/dist/lib/accounts/account-service.d.ts

@@ -75,10 +75,14 @@ export declare class AccountService {
     private isExternalSyncForced;
     private resolveSessionScopeKey;
     private getSessionAccountName;
+    private getActiveSessionAccountName;
     private setSessionAccountName;
     private clearSessionAccountName;
     private readSessionMap;
     private writeSessionMap;
+    private isSessionPinnedToActiveCodex;
+    private readChildPids;
+    private isCodexProcess;
     private snapshotsShareIdentity;
     private renderSnapshotIdentity;
 }

package/dist/lib/accounts/account-service.js

@@ -16,6 +16,7 @@ const service_manager_1 = require("./service-manager");
 const ACCOUNT_NAME_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9._@+-]*$/;
 const EXTERNAL_SYNC_FORCE_ENV = "CODEX_AUTH_FORCE_EXTERNAL_SYNC";
 const SESSION_KEY_ENV = "CODEX_AUTH_SESSION_KEY";
+const SESSION_ACTIVE_OVERRIDE_ENV = "CODEX_AUTH_SESSION_ACTIVE_OVERRIDE";
 class AccountService {
     async syncExternalAuthSnapshotIfNeeded() {
         const authPath = (0, paths_1.resolveAuthPath)();
@@ -33,7 +34,7 @@ class AccountService {
                 autoSwitchDisabled: false,
             };
         }
-        const sessionAccountName = await this.getSessionAccountName();
+        const sessionAccountName = await this.getActiveSessionAccountName();
         if (sessionAccountName) {
             const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
             if (await this.pathExists(sessionSnapshotPath)) {
@@ -84,7 +85,7 @@ class AccountService {
         };
     }
     async restoreSessionSnapshotIfNeeded() {
-        const sessionAccountName = await this.getSessionAccountName();
+        const sessionAccountName = await this.getActiveSessionAccountName();
         if (!sessionAccountName) {
             return { restored: false };
         }
@@ -191,7 +192,7 @@ class AccountService {
         });
     }
     async getCurrentAccountName() {
-        const sessionAccountName = await this.getSessionAccountName();
+        const sessionAccountName = await this.getActiveSessionAccountName();
         if (sessionAccountName) {
             const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
             if (await this.pathExists(sessionSnapshotPath)) {
@@ -740,6 +741,16 @@ class AccountService {
             return null;
         }
     }
+    async getActiveSessionAccountName() {
+        const sessionAccountName = await this.getSessionAccountName();
+        if (!sessionAccountName)
+            return null;
+        const sessionIsActive = await this.isSessionPinnedToActiveCodex();
+        if (sessionIsActive)
+            return sessionAccountName;
+        await this.clearSessionAccountName();
+        return null;
+    }
     async setSessionAccountName(accountName) {
         const sessionKey = this.resolveSessionScopeKey();
         if (!sessionKey)
@@ -808,6 +819,70 @@ class AccountService {
         await this.ensureDir(node_path_1.default.dirname(sessionMapPath));
         await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify(sessionMap, null, 2)}\n`, "utf8");
     }
+    async isSessionPinnedToActiveCodex() {
+        var _a;
+        const override = (_a = process.env[SESSION_ACTIVE_OVERRIDE_ENV]) === null || _a === void 0 ? void 0 : _a.trim().toLowerCase();
+        if (override) {
+            if (["1", "true", "yes", "on"].includes(override))
+                return true;
+            if (["0", "false", "no", "off"].includes(override))
+                return false;
+        }
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return false;
+        if (sessionKey.startsWith("session:")) {
+            return true;
+        }
+        if (process.platform !== "linux") {
+            return true;
+        }
+        const ppidMatch = sessionKey.match(/^ppid:(\d+)$/);
+        if (!ppidMatch)
+            return false;
+        const parentPid = Number(ppidMatch[1]);
+        if (!Number.isFinite(parentPid) || parentPid <= 1)
+            return false;
+        const childPids = await this.readChildPids(parentPid);
+        if (childPids.length === 0)
+            return false;
+        for (const childPid of childPids) {
+            if (await this.isCodexProcess(childPid)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    async readChildPids(parentPid) {
+        try {
+            const childrenRaw = await promises_1.default.readFile(`/proc/${parentPid}/task/${parentPid}/children`, "utf8");
+            return childrenRaw
+                .split(/\s+/)
+                .map((value) => Number(value))
+                .filter((value) => Number.isInteger(value) && value > 1);
+        }
+        catch {
+            return [];
+        }
+    }
+    async isCodexProcess(pid) {
+        try {
+            const cmdline = await promises_1.default.readFile(`/proc/${pid}/cmdline`, "utf8");
+            const normalized = cmdline.replace(/\0/g, " ").trim();
+            if (!normalized)
+                return false;
+            if (/\bcodex-auth\b/.test(normalized))
+                return false;
+            if (/(^|\s|\/)codex(\s|$)/.test(normalized))
+                return true;
+            if (/(^|\s|\/)codex-linux-[^\s]*($|\s)/.test(normalized))
+                return true;
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
     snapshotsShareIdentity(a, b) {
         var _a, _b;
         if (a.authMode !== "chatgpt" || b.authMode !== "chatgpt") {

package/dist/lib/config/login-hook.d.ts

@@ -1,6 +1,6 @@
 export declare const LOGIN_HOOK_MARK_START = "# >>> codex-auth-login-auto-snapshot >>>";
 export declare const LOGIN_HOOK_MARK_END = "# <<< codex-auth-login-auto-snapshot <<<";
-export type HookInstallStatus = "installed" | "already-installed";
+export type HookInstallStatus = "installed" | "updated" | "already-installed";
 export type HookRemoveStatus = "removed" | "not-installed";
 export interface LoginHookStatus {
     installed: boolean;

package/dist/lib/config/login-hook.js

@@ -22,6 +22,10 @@ function hookBlockRegex() {
     const end = escapeRegex(exports.LOGIN_HOOK_MARK_END);
     return new RegExp(`\\n?${start}[\\s\\S]*?${end}\\n?`, "g");
 }
+function normalizeRcContents(contents) {
+    const collapsed = contents.replace(/\n{3,}/g, "\n\n");
+    return `${collapsed.replace(/\s*$/, "")}\n`;
+}
 function resolveDefaultShellRcPath() {
     var _a;
     const shell = ((_a = process.env.SHELL) !== null && _a !== void 0 ? _a : "").toLowerCase();
@@ -41,22 +45,20 @@ function renderLoginHookBlock() {
         "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
         "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
         "}",
-        "if ! typeset -f codex >/dev/null 2>&1; then",
-        "  codex() {",
-        "    if command -v codex-auth >/dev/null 2>&1; then",
-        "      command codex-auth restore-session >/dev/null 2>&1 || true",
-        "    fi",
-        "    command codex \"$@\"",
-        "    local __codex_exit=$?",
-        "    if command -v codex-auth >/dev/null 2>&1; then",
-        "      CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
-        "    fi",
-        "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
-        "      __codex_auth_restore_tty",
-        "    fi",
-        "    return $__codex_exit",
-        "  }",
-        "fi",
+        "codex() {",
+        "  if command -v codex-auth >/dev/null 2>&1; then",
+        "    command codex-auth restore-session >/dev/null 2>&1 || true",
+        "  fi",
+        "  command codex \"$@\"",
+        "  local __codex_exit=$?",
+        "  if command -v codex-auth >/dev/null 2>&1; then",
+        "    CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
+        "  fi",
+        "  if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+        "    __codex_auth_restore_tty",
+        "  fi",
+        "  return $__codex_exit",
+        "}",
         exports.LOGIN_HOOK_MARK_END,
     ].join("\n");
 }
@@ -72,9 +74,14 @@ async function installLoginHook(rcPath = resolveDefaultShellRcPath()) {
             throw error;
     }
     if (existing.includes(exports.LOGIN_HOOK_MARK_START) && existing.includes(exports.LOGIN_HOOK_MARK_END)) {
-        return "already-installed";
+        const refreshed = normalizeRcContents(existing.replace(hookBlockRegex(), `\n${renderLoginHookBlock()}\n`));
+        if (refreshed === normalizeRcContents(existing)) {
+            return "already-installed";
+        }
+        await promises_1.default.writeFile(rcPath, refreshed, "utf8");
+        return "updated";
     }
-    const next = `${existing.replace(/\s*$/, "")}\n\n${renderLoginHookBlock()}\n`;
+    const next = normalizeRcContents(`${existing}\n\n${renderLoginHookBlock()}\n`);
     await promises_1.default.writeFile(rcPath, next, "utf8");
     return "installed";
 }
@@ -95,7 +102,7 @@ async function removeLoginHook(rcPath = resolveDefaultShellRcPath()) {
     if (stripped === existing) {
         return "not-installed";
     }
-    await promises_1.default.writeFile(rcPath, stripped.replace(/\n{3,}/g, "\n\n"), "utf8");
+    await promises_1.default.writeFile(rcPath, normalizeRcContents(stripped), "utf8");
     return "removed";
 }
 async function getLoginHookStatus(rcPath = resolveDefaultShellRcPath()) {

package/dist/lib/update-check.d.ts

@@ -10,5 +10,6 @@ export declare function isVersionNewer(currentVersion: string, latestVersion: st
 export declare function getUpdateSummary(currentVersion: string, latestVersion: string): UpdateSummary;
 export declare function formatUpdateSummaryCard(summary: UpdateSummary): string[];
 export declare function formatUpdateSummaryInline(summary: UpdateSummary): string;
+export declare function shouldProceedWithYesDefault(answer: string): boolean;
 export declare function fetchLatestNpmVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
 export declare function runGlobalNpmInstall(packageName: string, version?: "latest" | string): Promise<number>;

package/dist/lib/update-check.js

@@ -6,6 +6,7 @@ exports.isVersionNewer = isVersionNewer;
 exports.getUpdateSummary = getUpdateSummary;
 exports.formatUpdateSummaryCard = formatUpdateSummaryCard;
 exports.formatUpdateSummaryInline = formatUpdateSummaryInline;
+exports.shouldProceedWithYesDefault = shouldProceedWithYesDefault;
 exports.fetchLatestNpmVersion = fetchLatestNpmVersion;
 exports.runGlobalNpmInstall = runGlobalNpmInstall;
 const node_child_process_1 = require("node:child_process");
@@ -68,6 +69,16 @@ function formatUpdateSummaryInline(summary) {
     }
     return `ℹ Update status unknown (current: ${summary.currentVersion}, latest: ${summary.latestVersion})`;
 }
+function shouldProceedWithYesDefault(answer) {
+    const normalized = answer.trim().toLowerCase();
+    if (!normalized)
+        return true;
+    if (normalized === "y" || normalized === "yes")
+        return true;
+    if (normalized === "n" || normalized === "no")
+        return false;
+    return false;
+}
 async function fetchLatestNpmVersion(packageName, timeoutMs = 2500) {
     return new Promise((resolve) => {
         const child = (0, node_child_process_1.spawn)("npm", ["view", packageName, "version", "--json"], {

package/dist/tests/login-hook.test.js

@@ -38,6 +38,24 @@ async function withTempRcFile(t, fn) {
         strict_1.default.equal(startCount, 1);
     });
 });
+(0, node_test_1.default)("installLoginHook refreshes an existing legacy hook block", async (t) => {
+    await withTempRcFile(t, async (rcPath) => {
+        const legacyBlock = [
+            login_hook_1.LOGIN_HOOK_MARK_START,
+            "# legacy",
+            login_hook_1.LOGIN_HOOK_MARK_END,
+        ].join("\n");
+        await promises_1.default.writeFile(rcPath, `# test bashrc\n\n${legacyBlock}\n`, "utf8");
+        const result = await (0, login_hook_1.installLoginHook)(rcPath);
+        strict_1.default.equal(result, "updated");
+        const contents = await promises_1.default.readFile(rcPath, "utf8");
+        strict_1.default.ok(contents.includes("command codex-auth restore-session"));
+        strict_1.default.ok(contents.includes("CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status"));
+        strict_1.default.ok(!contents.includes("# legacy"));
+        const startCount = contents.split(login_hook_1.LOGIN_HOOK_MARK_START).length - 1;
+        strict_1.default.equal(startCount, 1);
+    });
+});
 (0, node_test_1.default)("removeLoginHook removes installed marker block", async (t) => {
     await withTempRcFile(t, async (rcPath) => {
         await (0, login_hook_1.installLoginHook)(rcPath);
@@ -68,9 +86,11 @@ async function withTempRcFile(t, fn) {
 (0, node_test_1.default)("renderLoginHookBlock includes terminal-mode restore guard", () => {
     const hook = (0, login_hook_1.renderLoginHookBlock)();
     strict_1.default.ok(hook.includes("__codex_auth_restore_tty"));
+    strict_1.default.ok(hook.includes("codex() {"));
     strict_1.default.ok(hook.includes("command codex-auth restore-session"));
     strict_1.default.ok(hook.includes("CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status"));
     strict_1.default.ok(!hook.includes("__first_non_flag"));
+    strict_1.default.ok(!hook.includes("if ! typeset -f codex"));
     strict_1.default.ok(hook.includes("\\033[>4m"));
     strict_1.default.ok(hook.includes("\\033[<u"));
     strict_1.default.ok(hook.includes("\\033[?2026l"));

package/dist/tests/save-account-safety.test.js

@@ -51,6 +51,7 @@ async function withIsolatedCodexDir(t, fn) {
         CODEX_AUTH_ACCOUNTS_DIR: process.env.CODEX_AUTH_ACCOUNTS_DIR,
         CODEX_AUTH_JSON_PATH: process.env.CODEX_AUTH_JSON_PATH,
         CODEX_AUTH_CURRENT_PATH: process.env.CODEX_AUTH_CURRENT_PATH,
+        CODEX_AUTH_SESSION_ACTIVE_OVERRIDE: process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE,
     };
     process.env.CODEX_AUTH_CODEX_DIR = codexDir;
     delete process.env.CODEX_AUTH_ACCOUNTS_DIR;
@@ -61,6 +62,7 @@ async function withIsolatedCodexDir(t, fn) {
         process.env.CODEX_AUTH_ACCOUNTS_DIR = previousEnv.CODEX_AUTH_ACCOUNTS_DIR;
         process.env.CODEX_AUTH_JSON_PATH = previousEnv.CODEX_AUTH_JSON_PATH;
         process.env.CODEX_AUTH_CURRENT_PATH = previousEnv.CODEX_AUTH_CURRENT_PATH;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = previousEnv.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE;
         await promises_1.default.rm(codexDir, { recursive: true, force: true });
     });
     await fn({ codexDir, accountsDir, authPath });
@@ -426,12 +428,42 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(authStat.isSymbolicLink(), false);
     });
 });
-(0, node_test_1.default)("getCurrentAccountName prefers session-scoped snapshot over global current pointer", async (t) => {
+(0, node_test_1.default)("getCurrentAccountName falls back to global current pointer when codex is not active in this terminal", async (t) => {
     await withIsolatedCodexDir(t, async ({ codexDir, accountsDir }) => {
         const service = new account_service_1.AccountService();
         const currentPath = node_path_1.default.join(codexDir, "current");
         const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
         const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "0";
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        const active = await service.getCurrentAccountName();
+        strict_1.default.equal(active, "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("getCurrentAccountName prefers session-scoped snapshot when codex is active in this terminal", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "1";
         await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
             accountId: "acct-odin",
             userId: "user-odin",
@@ -454,12 +486,49 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(active, "odin@megkapja.hu");
     });
 });
-(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded ignores external login from another terminal when session snapshot differs", async (t) => {
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded follows global sync when codex is not active in this terminal", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "0";
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(currentPath, "odin@megkapja.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: true,
+            savedName: "lajos@edix.hu",
+            autoSwitchDisabled: false,
+        });
+        const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"));
+        strict_1.default.equal(parsed.email, "lajos@edix.hu");
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded ignores external login from another terminal when codex remains active in this terminal", async (t) => {
     await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
         const service = new account_service_1.AccountService();
         const currentPath = node_path_1.default.join(codexDir, "current");
         const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
         const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "1";
         await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
             accountId: "acct-odin",
             userId: "user-odin",
@@ -525,12 +594,51 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
     });
 });
-(0, node_test_1.default)("restoreSessionSnapshotIfNeeded re-activates the session-pinned snapshot when auth.json drifts", async (t) => {
+(0, node_test_1.default)("restoreSessionSnapshotIfNeeded skips restore when codex is not active in this terminal", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "0";
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const restored = await service.restoreSessionSnapshotIfNeeded();
+        strict_1.default.deepEqual(restored, {
+            restored: false,
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
+        const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(authPath);
+        strict_1.default.equal(parsed.email, "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("restoreSessionSnapshotIfNeeded re-activates the session-pinned snapshot while codex stays active in this terminal", async (t) => {
     await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
         const service = new account_service_1.AccountService();
         const currentPath = node_path_1.default.join(codexDir, "current");
         const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
         const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "1";
         await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
             accountId: "acct-odin",
             userId: "user-odin",

package/dist/tests/update-check.test.js

@@ -65,3 +65,14 @@ const update_check_1 = require("../lib/update-check");
     strict_1.default.equal(lines[0], "┌─ codex-auth update");
     strict_1.default.equal(lines[3], "└─ status : update available");
 });
+(0, node_test_1.default)("shouldProceedWithYesDefault accepts enter and yes responses", () => {
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)(""), true);
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)("   "), true);
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)("y"), true);
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)("Yes"), true);
+});
+(0, node_test_1.default)("shouldProceedWithYesDefault rejects no and unknown responses", () => {
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)("n"), false);
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)("No"), false);
+    strict_1.default.equal((0, update_check_1.shouldProceedWithYesDefault)("later"), false);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imdeadpool/codex-account-switcher",
-  "version": "0.1.11",
+  "version": "0.1.15",
   "description": "A command-line tool that lets you manage and switch between multiple Codex accounts instantly, no more constant logins and logouts.",
   "license": "MIT",
   "bin": {
@@ -44,11 +44,11 @@
   "dependencies": {
     "@oclif/core": "^3.0.0",
     "prompts": "^2.4.2",
-    "tslib": "^2.8.1"
+    "tslib": "^2.8.1",
+    "typescript": "^5.6.3"
   },
   "devDependencies": {
-    "@types/prompts": "^2.4.9",
-    "typescript": "^5.6.3"
+    "@types/prompts": "^2.4.9"
   },
   "oclif": {
     "bin": "codex-auth",

package/scripts/postinstall-login-hook.cjs

@@ -1,8 +1,10 @@
 #!/usr/bin/env node
 
 const fs = require("node:fs/promises");
+const fsSync = require("node:fs");
 const os = require("node:os");
 const path = require("node:path");
+const { spawnSync } = require("node:child_process");
 const readline = require("node:readline/promises");
 
 const MARK_START = "# >>> codex-auth-login-auto-snapshot >>>";
@@ -21,7 +23,7 @@ function targetShellRc() {
 function renderHookBlock() {
   return [
     MARK_START,
-    "# Auto-sync codex-auth snapshots after successful official `codex login`.",
+    "# Keep terminal-scoped snapshot memory in sync before/after each `codex` run.",
     "# Also restore common terminal modes to avoid leaked escape sequences after codex exits.",
     "__codex_auth_restore_tty() {",
     "  [[ -t 1 ]] || return 0",
@@ -29,39 +31,81 @@ function renderHookBlock() {
     "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
     "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
     "}",
-    "if ! typeset -f codex >/dev/null 2>&1; then",
-    "  codex() {",
-    "    command codex \"$@\"",
-    "    local __codex_exit=$?",
-    "    if [[ $__codex_exit -eq 0 ]]; then",
-    "      local __first_non_flag=\"\"",
-    "      local __arg",
-    "      for __arg in \"$@\"; do",
-    "        case \"$__arg\" in",
-    "          --) break ;;",
-    "          -*) ;;",
-    "          *) __first_non_flag=\"$__arg\"; break ;;",
-    "        esac",
-    "      done",
-    "      if [[ \"$__first_non_flag\" == \"login\" ]] && command -v codex-auth >/dev/null 2>&1; then",
-    "        command codex-auth status >/dev/null 2>&1 || true",
-    "      fi",
-    "    fi",
-    "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
-    "      __codex_auth_restore_tty",
-    "    fi",
-    "    return $__codex_exit",
-    "  }",
-    "fi",
+    "codex() {",
+    "  if command -v codex-auth >/dev/null 2>&1; then",
+    "    command codex-auth restore-session >/dev/null 2>&1 || true",
+    "  fi",
+    "  command codex \"$@\"",
+    "  local __codex_exit=$?",
+    "  if command -v codex-auth >/dev/null 2>&1; then",
+    "    CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
+    "  fi",
+    "  if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+    "    __codex_auth_restore_tty",
+    "  fi",
+    "  return $__codex_exit",
+    "}",
     MARK_END,
   ].join("\n");
 }
 
+function escapeRegex(input) {
+  return input.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+function hookBlockRegex() {
+  const start = escapeRegex(MARK_START);
+  const end = escapeRegex(MARK_END);
+  return new RegExp(`\\n?${start}[\\s\\S]*?${end}\\n?`, "g");
+}
+
+function normalizeRcContents(contents) {
+  const collapsed = contents.replace(/\n{3,}/g, "\n\n");
+  return `${collapsed.replace(/\s*$/, "")}\n`;
+}
+
+function ensureBuiltDist() {
+  const projectRoot = path.resolve(__dirname, "..");
+  const distEntry = path.join(projectRoot, "dist", "index.js");
+  if (fsSync.existsSync(distEntry)) return;
+
+  const tscPath = path.join(projectRoot, "node_modules", "typescript", "bin", "tsc");
+  if (fsSync.existsSync(tscPath)) {
+    const result = spawnSync(process.execPath, [tscPath, "-p", "tsconfig.json"], {
+      cwd: projectRoot,
+      stdio: "inherit",
+    });
+    if (result.status !== 0) {
+      throw new Error(`TypeScript build failed with exit code ${result.status ?? "unknown"}.`);
+    }
+    return;
+  }
+
+  const npmBinary = process.platform === "win32" ? "npm.cmd" : "npm";
+  const fallback = spawnSync(
+    npmBinary,
+    ["exec", "--yes", "--package", "typescript@5.6.3", "--", "tsc", "-p", "tsconfig.json"],
+    {
+      cwd: projectRoot,
+      stdio: "inherit",
+    },
+  );
+  if (fallback.status !== 0) {
+    throw new Error(
+      `Missing TypeScript compiler for git install bootstrap (fallback exit ${fallback.status ?? "unknown"}).`,
+    );
+  }
+
+  if (!fsSync.existsSync(distEntry)) {
+    throw new Error("TypeScript build completed but dist/index.js is still missing.");
+  }
+}
+
 async function maybeInstallHook() {
   if (process.env.npm_config_global !== "true") return;
   if (isTruthy(process.env.CODEX_AUTH_SKIP_POSTINSTALL)) return;
   if (isTruthy(process.env.CI)) return;
-  if (!process.stdin.isTTY || !process.stdout.isTTY) return;
+  const canPrompt = process.stdin.isTTY && process.stdout.isTTY;
 
   const rcPath = targetShellRc();
   await fs.mkdir(path.dirname(rcPath), { recursive: true });
@@ -73,7 +117,16 @@ async function maybeInstallHook() {
     if (error && error.code !== "ENOENT") throw error;
   }
 
-  if (rc.includes(MARK_START) && rc.includes(MARK_END)) return;
+  if (rc.includes(MARK_START) && rc.includes(MARK_END)) {
+    const refreshed = normalizeRcContents(rc.replace(hookBlockRegex(), `\n${renderHookBlock()}\n`));
+    if (refreshed !== normalizeRcContents(rc)) {
+      await fs.writeFile(rcPath, refreshed, "utf8");
+      process.stdout.write(`\nUpdated shell hook in ${rcPath}. Restart terminal or run: source ${rcPath}\n`);
+    }
+    return;
+  }
+
+  if (!canPrompt) return;
 
   const rl = readline.createInterface({
     input: process.stdin,
@@ -89,12 +142,20 @@ async function maybeInstallHook() {
     rl.close();
   }
 
-  const next = `${rc.replace(/\s*$/, "")}\n\n${renderHookBlock()}\n`;
+  const next = normalizeRcContents(`${rc}\n\n${renderHookBlock()}\n`);
   await fs.writeFile(rcPath, next, "utf8");
   process.stdout.write(`\nInstalled shell hook in ${rcPath}. Restart terminal or run: source ${rcPath}\n`);
 }
 
-maybeInstallHook().catch((error) => {
-  const message = error instanceof Error ? error.message : String(error);
-  process.stderr.write(`\n[codex-auth postinstall] Failed to install login hook: ${message}\n`);
-});
+function runPostinstall() {
+  ensureBuiltDist();
+  return maybeInstallHook();
+}
+
+Promise.resolve()
+  .then(() => runPostinstall())
+  .catch((error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`\n[codex-auth postinstall] Failed: ${message}\n`);
+    process.exitCode = 1;
+  });