@imdeadpool/codex-account-switcher 0.1.13 → 0.1.15

package/README.md

@@ -27,6 +27,8 @@ official `codex login`.
 
 On later global updates, if the hook is already installed, `codex-auth` refreshes the
 hook block automatically to the latest template (no manual remove/setup needed).
+The refreshed hook always wraps `codex` in your shell so sync/restore still run even if
+another shell config already defined `codex` as a function.
 
 - Choose `y` to enable fully automatic login snapshot capture.
 - Choose `n` (default) to skip.

package/dist/lib/accounts/account-service.d.ts

@@ -75,10 +75,14 @@ export declare class AccountService {
     private isExternalSyncForced;
     private resolveSessionScopeKey;
     private getSessionAccountName;
+    private getActiveSessionAccountName;
     private setSessionAccountName;
     private clearSessionAccountName;
     private readSessionMap;
     private writeSessionMap;
+    private isSessionPinnedToActiveCodex;
+    private readChildPids;
+    private isCodexProcess;
     private snapshotsShareIdentity;
     private renderSnapshotIdentity;
 }

package/dist/lib/accounts/account-service.js

@@ -16,6 +16,7 @@ const service_manager_1 = require("./service-manager");
 const ACCOUNT_NAME_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9._@+-]*$/;
 const EXTERNAL_SYNC_FORCE_ENV = "CODEX_AUTH_FORCE_EXTERNAL_SYNC";
 const SESSION_KEY_ENV = "CODEX_AUTH_SESSION_KEY";
+const SESSION_ACTIVE_OVERRIDE_ENV = "CODEX_AUTH_SESSION_ACTIVE_OVERRIDE";
 class AccountService {
     async syncExternalAuthSnapshotIfNeeded() {
         const authPath = (0, paths_1.resolveAuthPath)();
@@ -33,7 +34,7 @@ class AccountService {
                 autoSwitchDisabled: false,
             };
         }
-        const sessionAccountName = await this.getSessionAccountName();
+        const sessionAccountName = await this.getActiveSessionAccountName();
         if (sessionAccountName) {
             const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
             if (await this.pathExists(sessionSnapshotPath)) {
@@ -84,7 +85,7 @@ class AccountService {
         };
     }
     async restoreSessionSnapshotIfNeeded() {
-        const sessionAccountName = await this.getSessionAccountName();
+        const sessionAccountName = await this.getActiveSessionAccountName();
         if (!sessionAccountName) {
             return { restored: false };
         }
@@ -191,7 +192,7 @@ class AccountService {
         });
     }
     async getCurrentAccountName() {
-        const sessionAccountName = await this.getSessionAccountName();
+        const sessionAccountName = await this.getActiveSessionAccountName();
         if (sessionAccountName) {
             const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
             if (await this.pathExists(sessionSnapshotPath)) {
@@ -740,6 +741,16 @@ class AccountService {
             return null;
         }
     }
+    async getActiveSessionAccountName() {
+        const sessionAccountName = await this.getSessionAccountName();
+        if (!sessionAccountName)
+            return null;
+        const sessionIsActive = await this.isSessionPinnedToActiveCodex();
+        if (sessionIsActive)
+            return sessionAccountName;
+        await this.clearSessionAccountName();
+        return null;
+    }
     async setSessionAccountName(accountName) {
         const sessionKey = this.resolveSessionScopeKey();
         if (!sessionKey)
@@ -808,6 +819,70 @@ class AccountService {
         await this.ensureDir(node_path_1.default.dirname(sessionMapPath));
         await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify(sessionMap, null, 2)}\n`, "utf8");
     }
+    async isSessionPinnedToActiveCodex() {
+        var _a;
+        const override = (_a = process.env[SESSION_ACTIVE_OVERRIDE_ENV]) === null || _a === void 0 ? void 0 : _a.trim().toLowerCase();
+        if (override) {
+            if (["1", "true", "yes", "on"].includes(override))
+                return true;
+            if (["0", "false", "no", "off"].includes(override))
+                return false;
+        }
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return false;
+        if (sessionKey.startsWith("session:")) {
+            return true;
+        }
+        if (process.platform !== "linux") {
+            return true;
+        }
+        const ppidMatch = sessionKey.match(/^ppid:(\d+)$/);
+        if (!ppidMatch)
+            return false;
+        const parentPid = Number(ppidMatch[1]);
+        if (!Number.isFinite(parentPid) || parentPid <= 1)
+            return false;
+        const childPids = await this.readChildPids(parentPid);
+        if (childPids.length === 0)
+            return false;
+        for (const childPid of childPids) {
+            if (await this.isCodexProcess(childPid)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    async readChildPids(parentPid) {
+        try {
+            const childrenRaw = await promises_1.default.readFile(`/proc/${parentPid}/task/${parentPid}/children`, "utf8");
+            return childrenRaw
+                .split(/\s+/)
+                .map((value) => Number(value))
+                .filter((value) => Number.isInteger(value) && value > 1);
+        }
+        catch {
+            return [];
+        }
+    }
+    async isCodexProcess(pid) {
+        try {
+            const cmdline = await promises_1.default.readFile(`/proc/${pid}/cmdline`, "utf8");
+            const normalized = cmdline.replace(/\0/g, " ").trim();
+            if (!normalized)
+                return false;
+            if (/\bcodex-auth\b/.test(normalized))
+                return false;
+            if (/(^|\s|\/)codex(\s|$)/.test(normalized))
+                return true;
+            if (/(^|\s|\/)codex-linux-[^\s]*($|\s)/.test(normalized))
+                return true;
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
     snapshotsShareIdentity(a, b) {
         var _a, _b;
         if (a.authMode !== "chatgpt" || b.authMode !== "chatgpt") {

package/dist/lib/config/login-hook.js

@@ -45,22 +45,20 @@ function renderLoginHookBlock() {
         "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
         "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
         "}",
-        "if ! typeset -f codex >/dev/null 2>&1; then",
-        "  codex() {",
-        "    if command -v codex-auth >/dev/null 2>&1; then",
-        "      command codex-auth restore-session >/dev/null 2>&1 || true",
-        "    fi",
-        "    command codex \"$@\"",
-        "    local __codex_exit=$?",
-        "    if command -v codex-auth >/dev/null 2>&1; then",
-        "      CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
-        "    fi",
-        "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
-        "      __codex_auth_restore_tty",
-        "    fi",
-        "    return $__codex_exit",
-        "  }",
-        "fi",
+        "codex() {",
+        "  if command -v codex-auth >/dev/null 2>&1; then",
+        "    command codex-auth restore-session >/dev/null 2>&1 || true",
+        "  fi",
+        "  command codex \"$@\"",
+        "  local __codex_exit=$?",
+        "  if command -v codex-auth >/dev/null 2>&1; then",
+        "    CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
+        "  fi",
+        "  if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+        "    __codex_auth_restore_tty",
+        "  fi",
+        "  return $__codex_exit",
+        "}",
         exports.LOGIN_HOOK_MARK_END,
     ].join("\n");
 }

package/dist/tests/login-hook.test.js

@@ -86,9 +86,11 @@ async function withTempRcFile(t, fn) {
 (0, node_test_1.default)("renderLoginHookBlock includes terminal-mode restore guard", () => {
     const hook = (0, login_hook_1.renderLoginHookBlock)();
     strict_1.default.ok(hook.includes("__codex_auth_restore_tty"));
+    strict_1.default.ok(hook.includes("codex() {"));
     strict_1.default.ok(hook.includes("command codex-auth restore-session"));
     strict_1.default.ok(hook.includes("CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status"));
     strict_1.default.ok(!hook.includes("__first_non_flag"));
+    strict_1.default.ok(!hook.includes("if ! typeset -f codex"));
     strict_1.default.ok(hook.includes("\\033[>4m"));
     strict_1.default.ok(hook.includes("\\033[<u"));
     strict_1.default.ok(hook.includes("\\033[?2026l"));

package/dist/tests/save-account-safety.test.js

@@ -51,6 +51,7 @@ async function withIsolatedCodexDir(t, fn) {
         CODEX_AUTH_ACCOUNTS_DIR: process.env.CODEX_AUTH_ACCOUNTS_DIR,
         CODEX_AUTH_JSON_PATH: process.env.CODEX_AUTH_JSON_PATH,
         CODEX_AUTH_CURRENT_PATH: process.env.CODEX_AUTH_CURRENT_PATH,
+        CODEX_AUTH_SESSION_ACTIVE_OVERRIDE: process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE,
     };
     process.env.CODEX_AUTH_CODEX_DIR = codexDir;
     delete process.env.CODEX_AUTH_ACCOUNTS_DIR;
@@ -61,6 +62,7 @@ async function withIsolatedCodexDir(t, fn) {
         process.env.CODEX_AUTH_ACCOUNTS_DIR = previousEnv.CODEX_AUTH_ACCOUNTS_DIR;
         process.env.CODEX_AUTH_JSON_PATH = previousEnv.CODEX_AUTH_JSON_PATH;
         process.env.CODEX_AUTH_CURRENT_PATH = previousEnv.CODEX_AUTH_CURRENT_PATH;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = previousEnv.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE;
         await promises_1.default.rm(codexDir, { recursive: true, force: true });
     });
     await fn({ codexDir, accountsDir, authPath });
@@ -426,12 +428,42 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(authStat.isSymbolicLink(), false);
     });
 });
-(0, node_test_1.default)("getCurrentAccountName prefers session-scoped snapshot over global current pointer", async (t) => {
+(0, node_test_1.default)("getCurrentAccountName falls back to global current pointer when codex is not active in this terminal", async (t) => {
     await withIsolatedCodexDir(t, async ({ codexDir, accountsDir }) => {
         const service = new account_service_1.AccountService();
         const currentPath = node_path_1.default.join(codexDir, "current");
         const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
         const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "0";
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        const active = await service.getCurrentAccountName();
+        strict_1.default.equal(active, "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("getCurrentAccountName prefers session-scoped snapshot when codex is active in this terminal", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "1";
         await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
             accountId: "acct-odin",
             userId: "user-odin",
@@ -454,12 +486,49 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(active, "odin@megkapja.hu");
     });
 });
-(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded ignores external login from another terminal when session snapshot differs", async (t) => {
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded follows global sync when codex is not active in this terminal", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "0";
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(currentPath, "odin@megkapja.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: true,
+            savedName: "lajos@edix.hu",
+            autoSwitchDisabled: false,
+        });
+        const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"));
+        strict_1.default.equal(parsed.email, "lajos@edix.hu");
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded ignores external login from another terminal when codex remains active in this terminal", async (t) => {
     await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
         const service = new account_service_1.AccountService();
         const currentPath = node_path_1.default.join(codexDir, "current");
         const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
         const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "1";
         await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
             accountId: "acct-odin",
             userId: "user-odin",
@@ -525,12 +594,51 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
     });
 });
-(0, node_test_1.default)("restoreSessionSnapshotIfNeeded re-activates the session-pinned snapshot when auth.json drifts", async (t) => {
+(0, node_test_1.default)("restoreSessionSnapshotIfNeeded skips restore when codex is not active in this terminal", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "0";
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const restored = await service.restoreSessionSnapshotIfNeeded();
+        strict_1.default.deepEqual(restored, {
+            restored: false,
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
+        const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(authPath);
+        strict_1.default.equal(parsed.email, "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("restoreSessionSnapshotIfNeeded re-activates the session-pinned snapshot while codex stays active in this terminal", async (t) => {
     await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
         const service = new account_service_1.AccountService();
         const currentPath = node_path_1.default.join(codexDir, "current");
         const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
         const sessionKey = `ppid:${process.ppid}`;
+        process.env.CODEX_AUTH_SESSION_ACTIVE_OVERRIDE = "1";
         await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
             accountId: "acct-odin",
             userId: "user-odin",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imdeadpool/codex-account-switcher",
-  "version": "0.1.13",
+  "version": "0.1.15",
   "description": "A command-line tool that lets you manage and switch between multiple Codex accounts instantly, no more constant logins and logouts.",
   "license": "MIT",
   "bin": {
@@ -44,11 +44,11 @@
   "dependencies": {
     "@oclif/core": "^3.0.0",
     "prompts": "^2.4.2",
-    "tslib": "^2.8.1"
+    "tslib": "^2.8.1",
+    "typescript": "^5.6.3"
   },
   "devDependencies": {
-    "@types/prompts": "^2.4.9",
-    "typescript": "^5.6.3"
+    "@types/prompts": "^2.4.9"
   },
   "oclif": {
     "bin": "codex-auth",

package/scripts/postinstall-login-hook.cjs

@@ -1,8 +1,10 @@
 #!/usr/bin/env node
 
 const fs = require("node:fs/promises");
+const fsSync = require("node:fs");
 const os = require("node:os");
 const path = require("node:path");
+const { spawnSync } = require("node:child_process");
 const readline = require("node:readline/promises");
 
 const MARK_START = "# >>> codex-auth-login-auto-snapshot >>>";
@@ -29,22 +31,20 @@ function renderHookBlock() {
     "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
     "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
     "}",
-    "if ! typeset -f codex >/dev/null 2>&1; then",
-    "  codex() {",
-    "    if command -v codex-auth >/dev/null 2>&1; then",
-    "      command codex-auth restore-session >/dev/null 2>&1 || true",
-    "    fi",
-    "    command codex \"$@\"",
-    "    local __codex_exit=$?",
-    "    if command -v codex-auth >/dev/null 2>&1; then",
-    "      CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
-    "    fi",
-    "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
-    "      __codex_auth_restore_tty",
-    "    fi",
-    "    return $__codex_exit",
-    "  }",
-    "fi",
+    "codex() {",
+    "  if command -v codex-auth >/dev/null 2>&1; then",
+    "    command codex-auth restore-session >/dev/null 2>&1 || true",
+    "  fi",
+    "  command codex \"$@\"",
+    "  local __codex_exit=$?",
+    "  if command -v codex-auth >/dev/null 2>&1; then",
+    "    CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
+    "  fi",
+    "  if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+    "    __codex_auth_restore_tty",
+    "  fi",
+    "  return $__codex_exit",
+    "}",
     MARK_END,
   ].join("\n");
 }
@@ -64,6 +64,43 @@ function normalizeRcContents(contents) {
   return `${collapsed.replace(/\s*$/, "")}\n`;
 }
 
+function ensureBuiltDist() {
+  const projectRoot = path.resolve(__dirname, "..");
+  const distEntry = path.join(projectRoot, "dist", "index.js");
+  if (fsSync.existsSync(distEntry)) return;
+
+  const tscPath = path.join(projectRoot, "node_modules", "typescript", "bin", "tsc");
+  if (fsSync.existsSync(tscPath)) {
+    const result = spawnSync(process.execPath, [tscPath, "-p", "tsconfig.json"], {
+      cwd: projectRoot,
+      stdio: "inherit",
+    });
+    if (result.status !== 0) {
+      throw new Error(`TypeScript build failed with exit code ${result.status ?? "unknown"}.`);
+    }
+    return;
+  }
+
+  const npmBinary = process.platform === "win32" ? "npm.cmd" : "npm";
+  const fallback = spawnSync(
+    npmBinary,
+    ["exec", "--yes", "--package", "typescript@5.6.3", "--", "tsc", "-p", "tsconfig.json"],
+    {
+      cwd: projectRoot,
+      stdio: "inherit",
+    },
+  );
+  if (fallback.status !== 0) {
+    throw new Error(
+      `Missing TypeScript compiler for git install bootstrap (fallback exit ${fallback.status ?? "unknown"}).`,
+    );
+  }
+
+  if (!fsSync.existsSync(distEntry)) {
+    throw new Error("TypeScript build completed but dist/index.js is still missing.");
+  }
+}
+
 async function maybeInstallHook() {
   if (process.env.npm_config_global !== "true") return;
   if (isTruthy(process.env.CODEX_AUTH_SKIP_POSTINSTALL)) return;
@@ -110,7 +147,15 @@ async function maybeInstallHook() {
   process.stdout.write(`\nInstalled shell hook in ${rcPath}. Restart terminal or run: source ${rcPath}\n`);
 }
 
-maybeInstallHook().catch((error) => {
-  const message = error instanceof Error ? error.message : String(error);
-  process.stderr.write(`\n[codex-auth postinstall] Failed to install login hook: ${message}\n`);
-});
+function runPostinstall() {
+  ensureBuiltDist();
+  return maybeInstallHook();
+}
+
+Promise.resolve()
+  .then(() => runPostinstall())
+  .catch((error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`\n[codex-auth postinstall] Failed: ${message}\n`);
+    process.exitCode = 1;
+  });