@imdeadpool/codex-account-switcher 0.1.7 → 0.1.9

package/README.md

@@ -60,6 +60,12 @@ codex-auth list --details
 # show current account name
 codex-auth current
 
+# check for a newer release and update globally
+codex-auth self-update
+
+# check only (no install)
+codex-auth self-update --check
+
 # remove accounts (interactive multi-select)
 codex-auth remove
 
@@ -82,6 +88,11 @@ codex-auth config api disable
 # daemon runtime (internal/service use)
 codex-auth daemon --once
 codex-auth daemon --watch
+
+# optional shell hook helpers
+codex-auth setup-login-hook
+codex-auth hook-status
+codex-auth remove-login-hook
 ```
 
 ### Command reference
@@ -91,11 +102,15 @@ codex-auth daemon --watch
 - `codex-auth use [name]` – Accepts a name or launches an interactive selector with the current account pre-selected, writes `~/.codex/auth.json` as a regular file from the chosen snapshot, and records the active name.
 - `codex-auth list [--details]` – Lists all saved snapshots alphabetically and marks the active one with `*`. `--details` adds per-snapshot mapping metadata (email, account id, user id, and usage metadata) for easier session/account troubleshooting.
 - `codex-auth current` – Prints the active account name, or a friendly message if none is active.
+- `codex-auth self-update [--check]` – Checks npm for a newer release. Without flags, it installs the latest version globally when one is available.
 - `codex-auth remove [query|--all]` – Removes snapshots interactively or by selector. If the active account is removed, the best remaining account is activated automatically.
 - `codex-auth status` – Prints auto-switch state, managed service status, active thresholds, and usage mode.
 - `codex-auth config auto ...` – Enables/disables managed auto-switch and updates threshold percentages.
 - `codex-auth config api enable|disable` – Chooses usage source mode (`api` or `local`).
 - `codex-auth daemon --once|--watch` – Runs the auto-switch loop once or continuously.
+- `codex-auth setup-login-hook [-f <path>]` – Installs an optional shell hook in your rc file to auto-sync snapshots after successful official `codex login`.
+- `codex-auth hook-status [-f <path>]` – Shows whether the optional login auto-snapshot hook is installed for the selected rc file.
+- `codex-auth remove-login-hook [-f <path>]` – Removes the optional shell hook.
 
 ### Auto-switch behavior
 
@@ -123,3 +138,4 @@ Notes:
 
 - Works on macOS/Linux/Windows (regular-file auth snapshot activation).
 - Requires Node 18+.
+- Running bare `codex-auth` shows the help screen and also displays an update notice when a newer npm release is available.

package/dist/commands/hook-status.d.ts

@@ -0,0 +1,9 @@
+import { BaseCommand } from "../lib/base-command";
+export default class HookStatusCommand extends BaseCommand {
+    protected readonly syncExternalAuthBeforeRun = false;
+    static description: string;
+    static flags: {
+        readonly shellRc: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/hook-status.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const base_command_1 = require("../lib/base-command");
+const login_hook_1 = require("../lib/config/login-hook");
+class HookStatusCommand extends base_command_1.BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.syncExternalAuthBeforeRun = false;
+    }
+    async run() {
+        await this.runSafe(async () => {
+            var _a;
+            const { flags } = await this.parse(HookStatusCommand);
+            const rcPath = (_a = flags.shellRc) !== null && _a !== void 0 ? _a : (0, login_hook_1.resolveDefaultShellRcPath)();
+            const status = await (0, login_hook_1.getLoginHookStatus)(rcPath);
+            this.log(`login-hook: ${status.installed ? "installed" : "not-installed"}`);
+            this.log(`rc-file: ${status.rcPath}`);
+        });
+    }
+}
+HookStatusCommand.description = "Show whether the login auto-snapshot shell hook is installed";
+HookStatusCommand.flags = {
+    shellRc: core_1.Flags.string({
+        char: "f",
+        description: "Explicit shell rc file path (defaults to ~/.bashrc or ~/.zshrc)",
+        required: false,
+    }),
+};
+exports.default = HookStatusCommand;

package/dist/commands/list.d.ts

@@ -5,4 +5,5 @@ export default class ListCommand extends BaseCommand {
         readonly details: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
+    private maybeOfferGlobalUpdate;
 }

package/dist/commands/list.js

@@ -1,13 +1,19 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
+const prompts_1 = __importDefault(require("prompts"));
 const base_command_1 = require("../lib/base-command");
+const update_check_1 = require("../lib/update-check");
 class ListCommand extends base_command_1.BaseCommand {
     async run() {
         await this.runSafe(async () => {
             var _a, _b, _c, _d, _e, _f;
             const { flags } = await this.parse(ListCommand);
             const detailed = Boolean(flags.details);
+            await this.maybeOfferGlobalUpdate();
             if (!detailed) {
                 const accounts = await this.accounts.listAccountNames();
                 const current = await this.accounts.getCurrentAccountName();
@@ -34,6 +40,33 @@ class ListCommand extends base_command_1.BaseCommand {
             }
         });
     }
+    async maybeOfferGlobalUpdate() {
+        if (!process.stdin.isTTY || !process.stdout.isTTY)
+            return;
+        const currentVersion = this.config.version;
+        if (!currentVersion || typeof currentVersion !== "string")
+            return;
+        const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
+        if (!latestVersion || !(0, update_check_1.isVersionNewer)(currentVersion, latestVersion))
+            return;
+        this.log(`Update available for codex-auth: ${currentVersion} -> ${latestVersion}`);
+        const prompt = await (0, prompts_1.default)({
+            type: "confirm",
+            name: "install",
+            message: "Press Enter to update globally now",
+            initial: true,
+        });
+        if (!prompt.install) {
+            this.log(`Skipped update. Run manually: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
+            return;
+        }
+        const installExitCode = await (0, update_check_1.runGlobalNpmInstall)(update_check_1.PACKAGE_NAME);
+        if (installExitCode === 0) {
+            this.log("Global update completed.");
+            return;
+        }
+        this.warn(`Global update failed (exit code ${installExitCode}). Try: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
+    }
 }
 ListCommand.description = "List accounts managed under ~/.codex";
 ListCommand.flags = {

package/dist/commands/remove-login-hook.d.ts

@@ -0,0 +1,9 @@
+import { BaseCommand } from "../lib/base-command";
+export default class RemoveLoginHookCommand extends BaseCommand {
+    protected readonly syncExternalAuthBeforeRun = false;
+    static description: string;
+    static flags: {
+        readonly shellRc: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/remove-login-hook.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const base_command_1 = require("../lib/base-command");
+const login_hook_1 = require("../lib/config/login-hook");
+class RemoveLoginHookCommand extends base_command_1.BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.syncExternalAuthBeforeRun = false;
+    }
+    async run() {
+        await this.runSafe(async () => {
+            var _a;
+            const { flags } = await this.parse(RemoveLoginHookCommand);
+            const rcPath = (_a = flags.shellRc) !== null && _a !== void 0 ? _a : (0, login_hook_1.resolveDefaultShellRcPath)();
+            const result = await (0, login_hook_1.removeLoginHook)(rcPath);
+            if (result === "not-installed") {
+                this.log(`No login auto-snapshot hook found in ${rcPath}.`);
+            }
+            else {
+                this.log(`Removed login auto-snapshot hook from ${rcPath}.`);
+            }
+            this.log(`Reload your shell: source ${rcPath}`);
+        });
+    }
+}
+RemoveLoginHookCommand.description = "Remove the shell hook that auto-syncs snapshots after `codex login`";
+RemoveLoginHookCommand.flags = {
+    shellRc: core_1.Flags.string({
+        char: "f",
+        description: "Explicit shell rc file path (defaults to ~/.bashrc or ~/.zshrc)",
+        required: false,
+    }),
+};
+exports.default = RemoveLoginHookCommand;

package/dist/commands/self-update.d.ts

@@ -0,0 +1,8 @@
+import { BaseCommand } from "../lib/base-command";
+export default class SelfUpdateCommand extends BaseCommand {
+    static description: string;
+    static flags: {
+        readonly check: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/self-update.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const base_command_1 = require("../lib/base-command");
+const update_check_1 = require("../lib/update-check");
+class SelfUpdateCommand extends base_command_1.BaseCommand {
+    async run() {
+        await this.runSafe(async () => {
+            const { flags } = await this.parse(SelfUpdateCommand);
+            const currentVersion = this.config.version;
+            const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
+            if (!latestVersion) {
+                this.warn("Could not check npm for the latest release right now.");
+                return;
+            }
+            if (!(0, update_check_1.isVersionNewer)(currentVersion, latestVersion)) {
+                this.log(`codex-auth is up to date (${currentVersion}).`);
+                return;
+            }
+            this.log(`Update available: ${currentVersion} -> ${latestVersion}`);
+            if (flags.check) {
+                return;
+            }
+            const exitCode = await (0, update_check_1.runGlobalNpmInstall)(update_check_1.PACKAGE_NAME);
+            if (exitCode === 0) {
+                this.log("Global update completed.");
+                return;
+            }
+            this.warn(`Global update failed (exit code ${exitCode}). Run: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
+        });
+    }
+}
+SelfUpdateCommand.description = "Check for updates and upgrade codex-auth globally";
+SelfUpdateCommand.flags = {
+    check: core_1.Flags.boolean({
+        description: "Only check whether an update is available",
+        default: false,
+    }),
+};
+exports.default = SelfUpdateCommand;

package/dist/commands/setup-login-hook.d.ts

@@ -0,0 +1,9 @@
+import { BaseCommand } from "../lib/base-command";
+export default class SetupLoginHookCommand extends BaseCommand {
+    protected readonly syncExternalAuthBeforeRun = false;
+    static description: string;
+    static flags: {
+        readonly shellRc: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/setup-login-hook.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const base_command_1 = require("../lib/base-command");
+const login_hook_1 = require("../lib/config/login-hook");
+class SetupLoginHookCommand extends base_command_1.BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.syncExternalAuthBeforeRun = false;
+    }
+    async run() {
+        await this.runSafe(async () => {
+            var _a;
+            const { flags } = await this.parse(SetupLoginHookCommand);
+            const rcPath = (_a = flags.shellRc) !== null && _a !== void 0 ? _a : (0, login_hook_1.resolveDefaultShellRcPath)();
+            const result = await (0, login_hook_1.installLoginHook)(rcPath);
+            if (result === "already-installed") {
+                this.log(`Login auto-snapshot hook is already installed in ${rcPath}.`);
+            }
+            else {
+                this.log(`Installed login auto-snapshot hook in ${rcPath}.`);
+            }
+            this.log(`Reload your shell: source ${rcPath}`);
+        });
+    }
+}
+SetupLoginHookCommand.description = "Install a shell hook that auto-syncs snapshots after successful `codex login`";
+SetupLoginHookCommand.flags = {
+    shellRc: core_1.Flags.string({
+        char: "f",
+        description: "Explicit shell rc file path (defaults to ~/.bashrc or ~/.zshrc)",
+        required: false,
+    }),
+};
+exports.default = SetupLoginHookCommand;

package/dist/hooks/init/update-notifier.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from "@oclif/core";
+declare const hook: Hook.Init;
+export default hook;

package/dist/hooks/init/update-notifier.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const update_check_1 = require("../../lib/update-check");
+const hook = async function (options) {
+    if (options.id)
+        return;
+    if (options.argv.length > 0)
+        return;
+    if (!process.stdin.isTTY || !process.stdout.isTTY)
+        return;
+    const currentVersion = options.config.version;
+    if (!currentVersion)
+        return;
+    const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
+    if (!latestVersion || !(0, update_check_1.isVersionNewer)(currentVersion, latestVersion))
+        return;
+    this.log(`Update available for codex-auth: ${currentVersion} -> ${latestVersion}`);
+    this.log("Run `codex-auth self-update` to install the latest version.");
+};
+exports.default = hook;

package/dist/lib/accounts/account-service.d.ts

@@ -61,6 +61,7 @@ export declare class AccountService {
     private writeCurrentName;
     private readCurrentNameFile;
     private pathExists;
+    private filesMatch;
     private hydrateSnapshotMetadata;
     private resolveUniqueInferredName;
     private loadReconciledRegistry;

package/dist/lib/accounts/account-service.js

@@ -31,16 +31,26 @@ class AccountService {
                 autoSwitchDisabled: false,
             };
         }
+        const resolvedName = await this.resolveLoginAccountNameFromCurrentAuth();
         const activeName = await this.getCurrentAccountName();
         if (activeName) {
             const activeSnapshotPath = this.accountFilePath(activeName);
             if (await this.pathExists(activeSnapshotPath)) {
                 const activeSnapshot = await (0, auth_parser_1.parseAuthSnapshotFile)(activeSnapshotPath);
                 if (this.snapshotsShareIdentity(activeSnapshot, incomingSnapshot)) {
-                    return {
-                        synchronized: false,
-                        autoSwitchDisabled: false,
-                    };
+                    if (activeName === resolvedName.name) {
+                        return {
+                            synchronized: false,
+                            autoSwitchDisabled: false,
+                        };
+                    }
+                    const authMatchesActiveSnapshot = await this.filesMatch(authPath, activeSnapshotPath);
+                    if (authMatchesActiveSnapshot) {
+                        return {
+                            synchronized: false,
+                            autoSwitchDisabled: false,
+                        };
+                    }
                 }
             }
         }
@@ -49,7 +59,6 @@ class AccountService {
         if (autoSwitchDisabled) {
             await this.setAutoSwitchEnabled(false);
         }
-        const resolvedName = await this.resolveLoginAccountNameFromCurrentAuth();
         const savedName = await this.saveAccount(resolvedName.name);
         return {
             synchronized: true,
@@ -550,6 +559,15 @@ class AccountService {
             return false;
         }
     }
+    async filesMatch(firstPath, secondPath) {
+        try {
+            const [first, second] = await Promise.all([promises_1.default.readFile(firstPath), promises_1.default.readFile(secondPath)]);
+            return first.equals(second);
+        }
+        catch {
+            return false;
+        }
+    }
     async hydrateSnapshotMetadata(registry, accountName) {
         var _a;
         const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(this.accountFilePath(accountName));

package/dist/lib/config/login-hook.d.ts

@@ -0,0 +1,13 @@
+export declare const LOGIN_HOOK_MARK_START = "# >>> codex-auth-login-auto-snapshot >>>";
+export declare const LOGIN_HOOK_MARK_END = "# <<< codex-auth-login-auto-snapshot <<<";
+export type HookInstallStatus = "installed" | "already-installed";
+export type HookRemoveStatus = "removed" | "not-installed";
+export interface LoginHookStatus {
+    installed: boolean;
+    rcPath: string;
+}
+export declare function resolveDefaultShellRcPath(): string;
+export declare function renderLoginHookBlock(): string;
+export declare function installLoginHook(rcPath?: string): Promise<HookInstallStatus>;
+export declare function removeLoginHook(rcPath?: string): Promise<HookRemoveStatus>;
+export declare function getLoginHookStatus(rcPath?: string): Promise<LoginHookStatus>;

package/dist/lib/config/login-hook.js

@@ -0,0 +1,119 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LOGIN_HOOK_MARK_END = exports.LOGIN_HOOK_MARK_START = void 0;
+exports.resolveDefaultShellRcPath = resolveDefaultShellRcPath;
+exports.renderLoginHookBlock = renderLoginHookBlock;
+exports.installLoginHook = installLoginHook;
+exports.removeLoginHook = removeLoginHook;
+exports.getLoginHookStatus = getLoginHookStatus;
+const promises_1 = __importDefault(require("node:fs/promises"));
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+exports.LOGIN_HOOK_MARK_START = "# >>> codex-auth-login-auto-snapshot >>>";
+exports.LOGIN_HOOK_MARK_END = "# <<< codex-auth-login-auto-snapshot <<<";
+function escapeRegex(input) {
+    return input.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function hookBlockRegex() {
+    const start = escapeRegex(exports.LOGIN_HOOK_MARK_START);
+    const end = escapeRegex(exports.LOGIN_HOOK_MARK_END);
+    return new RegExp(`\\n?${start}[\\s\\S]*?${end}\\n?`, "g");
+}
+function resolveDefaultShellRcPath() {
+    var _a;
+    const shell = ((_a = process.env.SHELL) !== null && _a !== void 0 ? _a : "").toLowerCase();
+    if (shell.includes("zsh")) {
+        return node_path_1.default.join(node_os_1.default.homedir(), ".zshrc");
+    }
+    return node_path_1.default.join(node_os_1.default.homedir(), ".bashrc");
+}
+function renderLoginHookBlock() {
+    return [
+        exports.LOGIN_HOOK_MARK_START,
+        "# Auto-sync codex-auth snapshots after successful official `codex login`.",
+        "if ! typeset -f codex >/dev/null 2>&1; then",
+        "  codex() {",
+        "    command codex \"$@\"",
+        "    local __codex_exit=$?",
+        "    if [[ $__codex_exit -eq 0 ]]; then",
+        "      local __first_non_flag=\"\"",
+        "      local __arg",
+        "      for __arg in \"$@\"; do",
+        "        case \"$__arg\" in",
+        "          --) break ;;",
+        "          -*) ;;",
+        "          *) __first_non_flag=\"$__arg\"; break ;;",
+        "        esac",
+        "      done",
+        "      if [[ \"$__first_non_flag\" == \"login\" ]] && command -v codex-auth >/dev/null 2>&1; then",
+        "        command codex-auth status >/dev/null 2>&1 || true",
+        "      fi",
+        "    fi",
+        "    return $__codex_exit",
+        "  }",
+        "fi",
+        exports.LOGIN_HOOK_MARK_END,
+    ].join("\n");
+}
+async function installLoginHook(rcPath = resolveDefaultShellRcPath()) {
+    await promises_1.default.mkdir(node_path_1.default.dirname(rcPath), { recursive: true });
+    let existing = "";
+    try {
+        existing = await promises_1.default.readFile(rcPath, "utf8");
+    }
+    catch (error) {
+        const err = error;
+        if (err.code !== "ENOENT")
+            throw error;
+    }
+    if (existing.includes(exports.LOGIN_HOOK_MARK_START) && existing.includes(exports.LOGIN_HOOK_MARK_END)) {
+        return "already-installed";
+    }
+    const next = `${existing.replace(/\s*$/, "")}\n\n${renderLoginHookBlock()}\n`;
+    await promises_1.default.writeFile(rcPath, next, "utf8");
+    return "installed";
+}
+async function removeLoginHook(rcPath = resolveDefaultShellRcPath()) {
+    let existing = "";
+    try {
+        existing = await promises_1.default.readFile(rcPath, "utf8");
+    }
+    catch (error) {
+        const err = error;
+        if (err.code === "ENOENT") {
+            return "not-installed";
+        }
+        throw error;
+    }
+    const regex = hookBlockRegex();
+    const stripped = existing.replace(regex, "\n");
+    if (stripped === existing) {
+        return "not-installed";
+    }
+    await promises_1.default.writeFile(rcPath, stripped.replace(/\n{3,}/g, "\n\n"), "utf8");
+    return "removed";
+}
+async function getLoginHookStatus(rcPath = resolveDefaultShellRcPath()) {
+    let existing = "";
+    try {
+        existing = await promises_1.default.readFile(rcPath, "utf8");
+    }
+    catch (error) {
+        const err = error;
+        if (err.code === "ENOENT") {
+            return {
+                installed: false,
+                rcPath,
+            };
+        }
+        throw error;
+    }
+    const installed = existing.includes(exports.LOGIN_HOOK_MARK_START) && existing.includes(exports.LOGIN_HOOK_MARK_END);
+    return {
+        installed,
+        rcPath,
+    };
+}

package/dist/lib/update-check.d.ts

@@ -0,0 +1,5 @@
+export declare const PACKAGE_NAME = "@imdeadpool/codex-account-switcher";
+export declare function parseVersionTriplet(version: string): [number, number, number] | null;
+export declare function isVersionNewer(currentVersion: string, latestVersion: string): boolean;
+export declare function fetchLatestNpmVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
+export declare function runGlobalNpmInstall(packageName: string, version?: "latest" | string): Promise<number>;

package/dist/lib/update-check.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PACKAGE_NAME = void 0;
+exports.parseVersionTriplet = parseVersionTriplet;
+exports.isVersionNewer = isVersionNewer;
+exports.fetchLatestNpmVersion = fetchLatestNpmVersion;
+exports.runGlobalNpmInstall = runGlobalNpmInstall;
+const node_child_process_1 = require("node:child_process");
+const SEMVER_TRIPLET = /^v?(\d+)\.(\d+)\.(\d+)(?:[-+].*)?$/;
+exports.PACKAGE_NAME = "@imdeadpool/codex-account-switcher";
+function parseVersionTriplet(version) {
+    const match = version.trim().match(SEMVER_TRIPLET);
+    if (!match)
+        return null;
+    return [Number(match[1]), Number(match[2]), Number(match[3])];
+}
+function isVersionNewer(currentVersion, latestVersion) {
+    const current = parseVersionTriplet(currentVersion);
+    const latest = parseVersionTriplet(latestVersion);
+    if (!current || !latest)
+        return false;
+    for (let i = 0; i < 3; i += 1) {
+        if (latest[i] > current[i])
+            return true;
+        if (latest[i] < current[i])
+            return false;
+    }
+    return false;
+}
+async function fetchLatestNpmVersion(packageName, timeoutMs = 2500) {
+    return new Promise((resolve) => {
+        const child = (0, node_child_process_1.spawn)("npm", ["view", packageName, "version", "--json"], {
+            stdio: ["ignore", "pipe", "ignore"],
+        });
+        let output = "";
+        const timeout = setTimeout(() => {
+            child.kill("SIGTERM");
+            resolve(null);
+        }, timeoutMs);
+        child.stdout.on("data", (chunk) => {
+            output += chunk.toString();
+        });
+        child.on("error", () => {
+            clearTimeout(timeout);
+            resolve(null);
+        });
+        child.on("exit", (code) => {
+            clearTimeout(timeout);
+            if (code !== 0) {
+                resolve(null);
+                return;
+            }
+            const trimmed = output.trim();
+            if (!trimmed) {
+                resolve(null);
+                return;
+            }
+            try {
+                const parsed = JSON.parse(trimmed);
+                if (typeof parsed === "string" && parsed.trim().length > 0) {
+                    resolve(parsed.trim());
+                    return;
+                }
+            }
+            catch {
+                // fall through
+            }
+            resolve(trimmed.replace(/^"+|"+$/g, ""));
+        });
+    });
+}
+async function runGlobalNpmInstall(packageName, version = "latest") {
+    return new Promise((resolve) => {
+        const child = (0, node_child_process_1.spawn)("npm", ["i", "-g", `${packageName}@${version}`], {
+            stdio: "inherit",
+        });
+        child.on("error", () => {
+            resolve(1);
+        });
+        child.on("exit", (code) => {
+            resolve(typeof code === "number" ? code : 1);
+        });
+    });
+}

package/dist/tests/login-hook.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tests/login-hook.test.js

@@ -0,0 +1,67 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = __importDefault(require("node:test"));
+const strict_1 = __importDefault(require("node:assert/strict"));
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+const promises_1 = __importDefault(require("node:fs/promises"));
+const login_hook_1 = require("../lib/config/login-hook");
+async function withTempRcFile(t, fn) {
+    const tempDir = await promises_1.default.mkdtemp(node_path_1.default.join(node_os_1.default.tmpdir(), "codex-auth-hook-"));
+    const rcPath = node_path_1.default.join(tempDir, ".bashrc");
+    await promises_1.default.writeFile(rcPath, "# test bashrc\n", "utf8");
+    t.after(async () => {
+        await promises_1.default.rm(tempDir, { recursive: true, force: true });
+    });
+    await fn(rcPath);
+}
+(0, node_test_1.default)("installLoginHook writes marker block when missing", async (t) => {
+    await withTempRcFile(t, async (rcPath) => {
+        const result = await (0, login_hook_1.installLoginHook)(rcPath);
+        strict_1.default.equal(result, "installed");
+        const contents = await promises_1.default.readFile(rcPath, "utf8");
+        strict_1.default.ok(contents.includes(login_hook_1.LOGIN_HOOK_MARK_START));
+        strict_1.default.ok(contents.includes(login_hook_1.LOGIN_HOOK_MARK_END));
+    });
+});
+(0, node_test_1.default)("installLoginHook is idempotent", async (t) => {
+    await withTempRcFile(t, async (rcPath) => {
+        const first = await (0, login_hook_1.installLoginHook)(rcPath);
+        const second = await (0, login_hook_1.installLoginHook)(rcPath);
+        strict_1.default.equal(first, "installed");
+        strict_1.default.equal(second, "already-installed");
+        const contents = await promises_1.default.readFile(rcPath, "utf8");
+        const startCount = contents.split(login_hook_1.LOGIN_HOOK_MARK_START).length - 1;
+        strict_1.default.equal(startCount, 1);
+    });
+});
+(0, node_test_1.default)("removeLoginHook removes installed marker block", async (t) => {
+    await withTempRcFile(t, async (rcPath) => {
+        await (0, login_hook_1.installLoginHook)(rcPath);
+        const result = await (0, login_hook_1.removeLoginHook)(rcPath);
+        strict_1.default.equal(result, "removed");
+        const contents = await promises_1.default.readFile(rcPath, "utf8");
+        strict_1.default.ok(!contents.includes(login_hook_1.LOGIN_HOOK_MARK_START));
+        strict_1.default.ok(!contents.includes(login_hook_1.LOGIN_HOOK_MARK_END));
+    });
+});
+(0, node_test_1.default)("removeLoginHook returns not-installed when hook is absent", async (t) => {
+    await withTempRcFile(t, async (rcPath) => {
+        const result = await (0, login_hook_1.removeLoginHook)(rcPath);
+        strict_1.default.equal(result, "not-installed");
+    });
+});
+(0, node_test_1.default)("getLoginHookStatus reflects installed state", async (t) => {
+    await withTempRcFile(t, async (rcPath) => {
+        const before = await (0, login_hook_1.getLoginHookStatus)(rcPath);
+        strict_1.default.equal(before.installed, false);
+        strict_1.default.equal(before.rcPath, rcPath);
+        await (0, login_hook_1.installLoginHook)(rcPath);
+        const after = await (0, login_hook_1.getLoginHookStatus)(rcPath);
+        strict_1.default.equal(after.installed, true);
+        strict_1.default.equal(after.rcPath, rcPath);
+    });
+});

package/dist/tests/save-account-safety.test.js

@@ -19,9 +19,10 @@ function encodeBase64Url(input) {
         .replace(/=+$/g, "");
 }
 function buildAuthPayload(email, options) {
-    var _a, _b;
+    var _a, _b, _c;
     const accountId = (_a = options === null || options === void 0 ? void 0 : options.accountId) !== null && _a !== void 0 ? _a : "acct-1";
     const userId = (_b = options === null || options === void 0 ? void 0 : options.userId) !== null && _b !== void 0 ? _b : "user-1";
+    const tokenSeed = (_c = options === null || options === void 0 ? void 0 : options.tokenSeed) !== null && _c !== void 0 ? _c : email;
     const idTokenPayload = {
         email,
         "https://api.openai.com/auth": {
@@ -33,8 +34,8 @@ function buildAuthPayload(email, options) {
     const idToken = `${encodeBase64Url(JSON.stringify({ alg: "none" }))}.${encodeBase64Url(JSON.stringify(idTokenPayload))}.sig`;
     return JSON.stringify({
         tokens: {
-            access_token: `token-${email}`,
-            refresh_token: `refresh-${email}`,
+            access_token: `token-${tokenSeed}`,
+            refresh_token: `refresh-${tokenSeed}`,
             id_token: idToken,
             account_id: accountId,
         },
@@ -362,6 +363,34 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(registry.autoSwitch.enabled, false);
     });
 });
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded re-keys active alias to inferred email name when external login identity matches", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const activeAlias = "team-primary";
+        const incomingEmail = "admin@kozpontihusbolt.hu";
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, `${activeAlias}.json`), buildAuthPayload(incomingEmail, {
+            accountId: "acct-team",
+            userId: "user-team",
+            tokenSeed: "pre-login",
+        }), "utf8");
+        await promises_1.default.writeFile(currentPath, `${activeAlias}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload(incomingEmail, {
+            accountId: "acct-team",
+            userId: "user-team",
+            tokenSeed: "post-login",
+        }), "utf8");
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: true,
+            savedName: incomingEmail,
+            autoSwitchDisabled: false,
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), incomingEmail);
+        const inferredSnapshot = await (0, auth_parser_1.parseAuthSnapshotFile)(node_path_1.default.join(accountsDir, `${incomingEmail}.json`));
+        strict_1.default.equal(inferredSnapshot.email, incomingEmail);
+    });
+});
 (0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded materializes auth symlink so external codex login can no longer overwrite snapshot files", async (t) => {
     if (process.platform === "win32") {
         t.skip("symlink conversion behavior is Unix-specific in this test");

package/dist/tests/update-check.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tests/update-check.test.js

@@ -0,0 +1,29 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = __importDefault(require("node:test"));
+const strict_1 = __importDefault(require("node:assert/strict"));
+const update_check_1 = require("../lib/update-check");
+(0, node_test_1.default)("parseVersionTriplet parses standard semver triplets", () => {
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("0.1.9"), [0, 1, 9]);
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("v1.20.3"), [1, 20, 3]);
+});
+(0, node_test_1.default)("parseVersionTriplet supports pre-release/build suffixes", () => {
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("1.2.3-beta.1"), [1, 2, 3]);
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("1.2.3+build"), [1, 2, 3]);
+});
+(0, node_test_1.default)("parseVersionTriplet rejects non-triplet versions", () => {
+    strict_1.default.equal((0, update_check_1.parseVersionTriplet)("1.2"), null);
+    strict_1.default.equal((0, update_check_1.parseVersionTriplet)("latest"), null);
+});
+(0, node_test_1.default)("isVersionNewer compares semver triplets correctly", () => {
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.8", "0.1.9"), true);
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.9", "0.1.9"), false);
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.2.0", "0.1.9"), false);
+});
+(0, node_test_1.default)("isVersionNewer returns false when either version is invalid", () => {
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("latest", "0.1.9"), false);
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.8", "nightly"), false);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imdeadpool/codex-account-switcher",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "A command-line tool that lets you manage and switch between multiple Codex accounts instantly, no more constant logins and logouts.",
   "license": "MIT",
   "bin": {
@@ -52,6 +52,9 @@
   },
   "oclif": {
     "bin": "codex-auth",
-    "commands": "./dist/commands"
+    "commands": "./dist/commands",
+    "hooks": {
+      "init": "./dist/hooks/init/update-notifier"
+    }
   }
 }