@imdeadpool/codex-account-switcher 0.1.8 → 0.1.10

package/README.md

@@ -9,6 +9,8 @@ A command-line tool that lets you manage and switch between multiple Codex accou
 
 Codex stores your authentication session in a single `auth.json` file. This tool works by creating named snapshots of that file for each of your accounts. When you want to switch, `codex-auth` swaps the active `~/.codex/auth.json` with the snapshot you select, instantly changing your logged-in account.
 
+`codex-auth` also keeps a lightweight per-terminal session memory (scoped by shell parent PID by default), so older terminals keep using their original snapshot even if a different terminal logs into another account later.
+
 ## Requirements
 
 - Node.js 18 or newer
@@ -26,6 +28,16 @@ official `codex login`.
 - Choose `y` to enable fully automatic login snapshot capture.
 - Choose `n` (default) to skip.
 - Set `CODEX_AUTH_SKIP_POSTINSTALL=1` to always suppress this prompt.
+- Set `CODEX_AUTH_SKIP_TTY_RESTORE=1` to keep the hook from restoring terminal modes after `codex` exits.
+- Set `CODEX_AUTH_SESSION_KEY=<id>` to explicitly scope session-memory identity (optional; default uses shell PPID).
+- For a calmer Codex footer, prefer a focused `[tui] status_line` such as:
+
+  ```toml
+  [tui]
+  status_line = ["model-with-reasoning", "git-branch", "context-remaining"]
+  ```
+
+  This remains a manual Codex config choice; `codex-auth` does not rewrite `~/.codex/config.toml`.
 
 ## Usage
 
@@ -60,6 +72,15 @@ codex-auth list --details
 # show current account name
 codex-auth current
 
+# check for a newer release and update globally
+codex-auth self-update
+
+# check only (no install)
+codex-auth self-update --check
+
+# reinstall latest even if already up to date
+codex-auth self-update --reinstall
+
 # remove accounts (interactive multi-select)
 codex-auth remove
 
@@ -96,12 +117,13 @@ codex-auth remove-login-hook
 - `codex-auth use [name]` – Accepts a name or launches an interactive selector with the current account pre-selected, writes `~/.codex/auth.json` as a regular file from the chosen snapshot, and records the active name.
 - `codex-auth list [--details]` – Lists all saved snapshots alphabetically and marks the active one with `*`. `--details` adds per-snapshot mapping metadata (email, account id, user id, and usage metadata) for easier session/account troubleshooting.
 - `codex-auth current` – Prints the active account name, or a friendly message if none is active.
+- `codex-auth self-update [--check] [--reinstall] [-y]` – Checks npm for newer release metadata. `--check` prints current/latest/status only. `--reinstall` forces reinstall even when already up to date. `-y` skips confirmation prompts.
 - `codex-auth remove [query|--all]` – Removes snapshots interactively or by selector. If the active account is removed, the best remaining account is activated automatically.
 - `codex-auth status` – Prints auto-switch state, managed service status, active thresholds, and usage mode.
 - `codex-auth config auto ...` – Enables/disables managed auto-switch and updates threshold percentages.
 - `codex-auth config api enable|disable` – Chooses usage source mode (`api` or `local`).
 - `codex-auth daemon --once|--watch` – Runs the auto-switch loop once or continuously.
-- `codex-auth setup-login-hook [-f <path>]` – Installs an optional shell hook in your rc file to auto-sync snapshots after successful official `codex login`.
+- `codex-auth setup-login-hook [-f <path>]` – Installs an optional shell hook in your rc file to restore session-pinned snapshot before each `codex` run, auto-sync snapshots after successful official `codex login`, and restore common terminal modes before returning to your prompt.
 - `codex-auth hook-status [-f <path>]` – Shows whether the optional login auto-snapshot hook is installed for the selected rc file.
 - `codex-auth remove-login-hook [-f <path>]` – Removes the optional shell hook.
 
@@ -131,3 +153,4 @@ Notes:
 
 - Works on macOS/Linux/Windows (regular-file auth snapshot activation).
 - Requires Node 18+.
+- Running bare `codex-auth` shows the help screen and also displays an update notice when a newer npm release is available.

package/dist/commands/list.d.ts

@@ -5,4 +5,5 @@ export default class ListCommand extends BaseCommand {
         readonly details: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
+    private maybeOfferGlobalUpdate;
 }

package/dist/commands/list.js

@@ -1,13 +1,19 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
+const prompts_1 = __importDefault(require("prompts"));
 const base_command_1 = require("../lib/base-command");
+const update_check_1 = require("../lib/update-check");
 class ListCommand extends base_command_1.BaseCommand {
     async run() {
         await this.runSafe(async () => {
             var _a, _b, _c, _d, _e, _f;
             const { flags } = await this.parse(ListCommand);
             const detailed = Boolean(flags.details);
+            await this.maybeOfferGlobalUpdate();
             if (!detailed) {
                 const accounts = await this.accounts.listAccountNames();
                 const current = await this.accounts.getCurrentAccountName();
@@ -34,6 +40,36 @@ class ListCommand extends base_command_1.BaseCommand {
             }
         });
     }
+    async maybeOfferGlobalUpdate() {
+        if (!process.stdin.isTTY || !process.stdout.isTTY)
+            return;
+        const currentVersion = this.config.version;
+        if (!currentVersion || typeof currentVersion !== "string")
+            return;
+        const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
+        if (!latestVersion)
+            return;
+        const summary = (0, update_check_1.getUpdateSummary)(currentVersion, latestVersion);
+        if (summary.state !== "update-available")
+            return;
+        this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
+        const prompt = await (0, prompts_1.default)({
+            type: "confirm",
+            name: "install",
+            message: "Press Enter to update globally now",
+            initial: true,
+        });
+        if (!prompt.install) {
+            this.log(`Skipped update. Run manually: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
+            return;
+        }
+        const installExitCode = await (0, update_check_1.runGlobalNpmInstall)(update_check_1.PACKAGE_NAME);
+        if (installExitCode === 0) {
+            this.log("Global update completed.");
+            return;
+        }
+        this.warn(`Global update failed (exit code ${installExitCode}). Try: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
+    }
 }
 ListCommand.description = "List accounts managed under ~/.codex";
 ListCommand.flags = {

package/dist/commands/restore-session.d.ts

@@ -0,0 +1,7 @@
+import { BaseCommand } from "../lib/base-command";
+export default class RestoreSessionCommand extends BaseCommand {
+    protected readonly syncExternalAuthBeforeRun = false;
+    static hidden: boolean;
+    static description: string;
+    run(): Promise<void>;
+}

package/dist/commands/restore-session.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const base_command_1 = require("../lib/base-command");
+class RestoreSessionCommand extends base_command_1.BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.syncExternalAuthBeforeRun = false;
+    }
+    async run() {
+        await this.runSafe(async () => {
+            await this.accounts.restoreSessionSnapshotIfNeeded();
+        });
+    }
+}
+RestoreSessionCommand.hidden = true;
+RestoreSessionCommand.description = "Restore auth.json from the session-pinned snapshot (internal helper)";
+exports.default = RestoreSessionCommand;

package/dist/commands/self-update.d.ts

@@ -0,0 +1,10 @@
+import { BaseCommand } from "../lib/base-command";
+export default class SelfUpdateCommand extends BaseCommand {
+    static description: string;
+    static flags: {
+        readonly check: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        readonly reinstall: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        readonly yes: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/self-update.js

@@ -0,0 +1,80 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const prompts_1 = __importDefault(require("prompts"));
+const base_command_1 = require("../lib/base-command");
+const update_check_1 = require("../lib/update-check");
+class SelfUpdateCommand extends base_command_1.BaseCommand {
+    async run() {
+        await this.runSafe(async () => {
+            const { flags } = await this.parse(SelfUpdateCommand);
+            const currentVersion = this.config.version;
+            const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
+            if (!latestVersion) {
+                this.warn("Could not check npm for the latest release right now.");
+                return;
+            }
+            const summary = (0, update_check_1.getUpdateSummary)(currentVersion, latestVersion);
+            const hasUpdate = summary.state === "update-available";
+            if (flags.check) {
+                for (const line of (0, update_check_1.formatUpdateSummaryCard)(summary)) {
+                    this.log(line);
+                }
+                if (hasUpdate) {
+                    this.log("Run `codex-auth self-update` to install the latest release.");
+                }
+                return;
+            }
+            if (!hasUpdate && !flags.reinstall) {
+                this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
+                this.log("Use `codex-auth self-update --reinstall` if you want to reinstall anyway.");
+                return;
+            }
+            if (hasUpdate) {
+                this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
+            }
+            else {
+                this.log(`↺ Reinstall requested for latest version (${latestVersion}).`);
+            }
+            if (!flags.yes) {
+                const response = await (0, prompts_1.default)({
+                    type: "confirm",
+                    name: "proceed",
+                    message: "Proceed with global npm update now?",
+                    initial: true,
+                });
+                if (!response.proceed) {
+                    this.log("Update cancelled.");
+                    return;
+                }
+            }
+            const exitCode = await (0, update_check_1.runGlobalNpmInstall)(update_check_1.PACKAGE_NAME);
+            if (exitCode === 0) {
+                this.log(`✓ Global update completed (installed ${latestVersion}).`);
+                return;
+            }
+            this.warn(`Global update failed (exit code ${exitCode}). Run: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
+        });
+    }
+}
+SelfUpdateCommand.description = "Check for updates and upgrade codex-auth globally";
+SelfUpdateCommand.flags = {
+    check: core_1.Flags.boolean({
+        description: "Only check whether an update is available",
+        default: false,
+    }),
+    reinstall: core_1.Flags.boolean({
+        char: "r",
+        description: "Reinstall the latest version even when already up to date",
+        default: false,
+    }),
+    yes: core_1.Flags.boolean({
+        char: "y",
+        description: "Skip confirmation prompts",
+        default: false,
+    }),
+};
+exports.default = SelfUpdateCommand;

package/dist/hooks/init/update-notifier.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from "@oclif/core";
+declare const hook: Hook.Init;
+export default hook;

package/dist/hooks/init/update-notifier.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const update_check_1 = require("../../lib/update-check");
+const hook = async function (options) {
+    if (options.id)
+        return;
+    if (options.argv.length > 0)
+        return;
+    if (!process.stdin.isTTY || !process.stdout.isTTY)
+        return;
+    const currentVersion = options.config.version;
+    if (!currentVersion)
+        return;
+    const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
+    if (!latestVersion)
+        return;
+    const summary = (0, update_check_1.getUpdateSummary)(currentVersion, latestVersion);
+    if (summary.state !== "update-available")
+        return;
+    this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
+    this.log("Run `codex-auth self-update` to install the latest version.");
+};
+exports.default = hook;

package/dist/lib/accounts/account-service.d.ts

@@ -26,6 +26,10 @@ export interface ExternalAuthSyncResult {
 }
 export declare class AccountService {
     syncExternalAuthSnapshotIfNeeded(): Promise<ExternalAuthSyncResult>;
+    restoreSessionSnapshotIfNeeded(): Promise<{
+        restored: boolean;
+        accountName?: string;
+    }>;
     listAccountNames(): Promise<string[]>;
     listAccountChoices(): Promise<AccountChoice[]>;
     listAccountMappings(): Promise<AccountMapping[]>;
@@ -61,12 +65,20 @@ export declare class AccountService {
     private writeCurrentName;
     private readCurrentNameFile;
     private pathExists;
+    private filesMatch;
     private hydrateSnapshotMetadata;
     private resolveUniqueInferredName;
     private loadReconciledRegistry;
     private persistRegistry;
     private activateSnapshot;
     private clearActivePointers;
+    private isExternalSyncForced;
+    private resolveSessionScopeKey;
+    private getSessionAccountName;
+    private setSessionAccountName;
+    private clearSessionAccountName;
+    private readSessionMap;
+    private writeSessionMap;
     private snapshotsShareIdentity;
     private renderSnapshotIdentity;
 }

package/dist/lib/accounts/account-service.js

@@ -14,6 +14,8 @@ const registry_1 = require("./registry");
 const usage_1 = require("./usage");
 const service_manager_1 = require("./service-manager");
 const ACCOUNT_NAME_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9._@+-]*$/;
+const EXTERNAL_SYNC_FORCE_ENV = "CODEX_AUTH_FORCE_EXTERNAL_SYNC";
+const SESSION_KEY_ENV = "CODEX_AUTH_SESSION_KEY";
 class AccountService {
     async syncExternalAuthSnapshotIfNeeded() {
         const authPath = (0, paths_1.resolveAuthPath)();
@@ -31,16 +33,41 @@ class AccountService {
                 autoSwitchDisabled: false,
             };
         }
+        const sessionAccountName = await this.getSessionAccountName();
+        if (sessionAccountName) {
+            const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
+            if (await this.pathExists(sessionSnapshotPath)) {
+                const sessionSnapshot = await (0, auth_parser_1.parseAuthSnapshotFile)(sessionSnapshotPath);
+                if (sessionSnapshot.authMode === "chatgpt" &&
+                    !this.snapshotsShareIdentity(sessionSnapshot, incomingSnapshot) &&
+                    !this.isExternalSyncForced()) {
+                    return {
+                        synchronized: false,
+                        autoSwitchDisabled: false,
+                    };
+                }
+            }
+        }
+        const resolvedName = await this.resolveLoginAccountNameFromCurrentAuth();
         const activeName = await this.getCurrentAccountName();
         if (activeName) {
             const activeSnapshotPath = this.accountFilePath(activeName);
             if (await this.pathExists(activeSnapshotPath)) {
                 const activeSnapshot = await (0, auth_parser_1.parseAuthSnapshotFile)(activeSnapshotPath);
                 if (this.snapshotsShareIdentity(activeSnapshot, incomingSnapshot)) {
-                    return {
-                        synchronized: false,
-                        autoSwitchDisabled: false,
-                    };
+                    if (activeName === resolvedName.name) {
+                        return {
+                            synchronized: false,
+                            autoSwitchDisabled: false,
+                        };
+                    }
+                    const authMatchesActiveSnapshot = await this.filesMatch(authPath, activeSnapshotPath);
+                    if (authMatchesActiveSnapshot) {
+                        return {
+                            synchronized: false,
+                            autoSwitchDisabled: false,
+                        };
+                    }
                 }
             }
         }
@@ -49,7 +76,6 @@ class AccountService {
         if (autoSwitchDisabled) {
             await this.setAutoSwitchEnabled(false);
         }
-        const resolvedName = await this.resolveLoginAccountNameFromCurrentAuth();
         const savedName = await this.saveAccount(resolvedName.name);
         return {
             synchronized: true,
@@ -57,14 +83,50 @@ class AccountService {
             autoSwitchDisabled,
         };
     }
+    async restoreSessionSnapshotIfNeeded() {
+        const sessionAccountName = await this.getSessionAccountName();
+        if (!sessionAccountName) {
+            return { restored: false };
+        }
+        const snapshotPath = this.accountFilePath(sessionAccountName);
+        if (!(await this.pathExists(snapshotPath))) {
+            await this.clearSessionAccountName();
+            return { restored: false };
+        }
+        const authPath = (0, paths_1.resolveAuthPath)();
+        if (await this.pathExists(authPath)) {
+            const [sessionSnapshot, activeSnapshot] = await Promise.all([
+                (0, auth_parser_1.parseAuthSnapshotFile)(snapshotPath),
+                (0, auth_parser_1.parseAuthSnapshotFile)(authPath),
+            ]);
+            if (this.snapshotsShareIdentity(sessionSnapshot, activeSnapshot)) {
+                return {
+                    restored: false,
+                    accountName: sessionAccountName,
+                };
+            }
+        }
+        await this.activateSnapshot(sessionAccountName);
+        return {
+            restored: true,
+            accountName: sessionAccountName,
+        };
+    }
     async listAccountNames() {
         const accountsDir = (0, paths_1.resolveAccountsDir)();
         if (!(await this.pathExists(accountsDir))) {
             return [];
         }
+        const sessionMapPath = (0, paths_1.resolveSessionMapPath)();
+        const sessionMapBasename = node_path_1.default.dirname(sessionMapPath) === accountsDir
+            ? node_path_1.default.basename(sessionMapPath)
+            : undefined;
         const entries = await promises_1.default.readdir(accountsDir, { withFileTypes: true });
         return entries
-            .filter((entry) => entry.isFile() && entry.name.endsWith(".json") && entry.name !== "registry.json")
+            .filter((entry) => entry.isFile() &&
+            entry.name.endsWith(".json") &&
+            entry.name !== "registry.json" &&
+            entry.name !== sessionMapBasename)
             .map((entry) => entry.name.replace(/\.json$/i, ""))
             .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: "base" }));
     }
@@ -129,10 +191,20 @@ class AccountService {
         });
     }
     async getCurrentAccountName() {
+        const sessionAccountName = await this.getSessionAccountName();
+        if (sessionAccountName) {
+            const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
+            if (await this.pathExists(sessionSnapshotPath)) {
+                return sessionAccountName;
+            }
+            await this.clearSessionAccountName();
+        }
         const currentNamePath = (0, paths_1.resolveCurrentNamePath)();
         const currentName = await this.readCurrentNameFile(currentNamePath);
-        if (currentName)
+        if (currentName) {
+            await this.setSessionAccountName(currentName);
             return currentName;
+        }
         const authPath = (0, paths_1.resolveAuthPath)();
         if (!(await this.pathExists(authPath)))
             return null;
@@ -148,7 +220,9 @@ class AccountService {
         const base = node_path_1.default.basename(resolvedTarget);
         if (!base.endsWith(".json") || base === "registry.json")
             return null;
-        return base.replace(/\.json$/i, "");
+        const resolvedName = base.replace(/\.json$/i, "");
+        await this.setSessionAccountName(resolvedName);
+        return resolvedName;
     }
     async saveAccount(rawName, options) {
         const name = this.normalizeAccountName(rawName);
@@ -526,6 +600,7 @@ class AccountService {
         const currentNamePath = (0, paths_1.resolveCurrentNamePath)();
         await this.ensureDir(node_path_1.default.dirname(currentNamePath));
         await promises_1.default.writeFile(currentNamePath, `${name}\n`, "utf8");
+        await this.setSessionAccountName(name);
     }
     async readCurrentNameFile(currentNamePath) {
         try {
@@ -550,6 +625,15 @@ class AccountService {
             return false;
         }
     }
+    async filesMatch(firstPath, secondPath) {
+        try {
+            const [first, second] = await Promise.all([promises_1.default.readFile(firstPath), promises_1.default.readFile(secondPath)]);
+            return first.equals(second);
+        }
+        catch {
+            return false;
+        }
+    }
     async hydrateSnapshotMetadata(registry, accountName) {
         var _a;
         const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(this.accountFilePath(accountName));
@@ -618,6 +702,111 @@ class AccountService {
         const authPath = (0, paths_1.resolveAuthPath)();
         await this.removeIfExists(currentPath);
         await this.removeIfExists(authPath);
+        await this.clearSessionAccountName();
+    }
+    isExternalSyncForced() {
+        const raw = process.env[EXTERNAL_SYNC_FORCE_ENV];
+        if (!raw)
+            return false;
+        const normalized = raw.trim().toLowerCase();
+        if (!normalized)
+            return false;
+        return !["0", "false", "no", "off"].includes(normalized);
+    }
+    resolveSessionScopeKey() {
+        var _a;
+        const explicit = (_a = process.env[SESSION_KEY_ENV]) === null || _a === void 0 ? void 0 : _a.trim();
+        if (explicit) {
+            const sanitized = explicit.replace(/\s+/g, " ").slice(0, 160);
+            return `session:${sanitized}`;
+        }
+        if (typeof process.ppid === "number" && process.ppid > 1) {
+            return `ppid:${process.ppid}`;
+        }
+        return null;
+    }
+    async getSessionAccountName() {
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return null;
+        const sessionMap = await this.readSessionMap();
+        const entry = sessionMap.sessions[sessionKey];
+        if (!(entry === null || entry === void 0 ? void 0 : entry.accountName))
+            return null;
+        try {
+            return this.normalizeAccountName(entry.accountName);
+        }
+        catch {
+            return null;
+        }
+    }
+    async setSessionAccountName(accountName) {
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return;
+        const sessionMap = await this.readSessionMap();
+        sessionMap.sessions[sessionKey] = {
+            accountName,
+            updatedAt: new Date().toISOString(),
+        };
+        await this.writeSessionMap(sessionMap);
+    }
+    async clearSessionAccountName() {
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return;
+        const sessionMap = await this.readSessionMap();
+        if (!sessionMap.sessions[sessionKey])
+            return;
+        delete sessionMap.sessions[sessionKey];
+        await this.writeSessionMap(sessionMap);
+    }
+    async readSessionMap() {
+        const sessionMapPath = (0, paths_1.resolveSessionMapPath)();
+        try {
+            const raw = await promises_1.default.readFile(sessionMapPath, "utf8");
+            const parsed = JSON.parse(raw);
+            if (!parsed || typeof parsed !== "object") {
+                return {
+                    version: 1,
+                    sessions: {},
+                };
+            }
+            const root = parsed;
+            const sessionsRaw = root.sessions && typeof root.sessions === "object"
+                ? root.sessions
+                : {};
+            const sessions = {};
+            for (const [key, value] of Object.entries(sessionsRaw)) {
+                if (!value || typeof value !== "object")
+                    continue;
+                const rawEntry = value;
+                const accountName = typeof rawEntry.accountName === "string" ? rawEntry.accountName.trim() : "";
+                if (!accountName)
+                    continue;
+                sessions[key] = {
+                    accountName,
+                    updatedAt: typeof rawEntry.updatedAt === "string" && rawEntry.updatedAt.length > 0
+                        ? rawEntry.updatedAt
+                        : new Date().toISOString(),
+                };
+            }
+            return {
+                version: 1,
+                sessions,
+            };
+        }
+        catch {
+            return {
+                version: 1,
+                sessions: {},
+            };
+        }
+    }
+    async writeSessionMap(sessionMap) {
+        const sessionMapPath = (0, paths_1.resolveSessionMapPath)();
+        await this.ensureDir(node_path_1.default.dirname(sessionMapPath));
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify(sessionMap, null, 2)}\n`, "utf8");
     }
     snapshotsShareIdentity(a, b) {
         var _a, _b;

package/dist/lib/config/login-hook.js

@@ -34,8 +34,18 @@ function renderLoginHookBlock() {
     return [
         exports.LOGIN_HOOK_MARK_START,
         "# Auto-sync codex-auth snapshots after successful official `codex login`.",
+        "# Also restore common terminal modes to avoid leaked escape sequences after codex exits.",
+        "__codex_auth_restore_tty() {",
+        "  [[ -t 1 ]] || return 0",
+        "  local __tty_target=/dev/tty",
+        "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
+        "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
+        "}",
         "if ! typeset -f codex >/dev/null 2>&1; then",
         "  codex() {",
+        "    if command -v codex-auth >/dev/null 2>&1; then",
+        "      command codex-auth restore-session >/dev/null 2>&1 || true",
+        "    fi",
         "    command codex \"$@\"",
         "    local __codex_exit=$?",
         "    if [[ $__codex_exit -eq 0 ]]; then",
@@ -49,9 +59,12 @@ function renderLoginHookBlock() {
         "        esac",
         "      done",
         "      if [[ \"$__first_non_flag\" == \"login\" ]] && command -v codex-auth >/dev/null 2>&1; then",
-        "        command codex-auth status >/dev/null 2>&1 || true",
+        "        CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
         "      fi",
         "    fi",
+        "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+        "      __codex_auth_restore_tty",
+        "    fi",
         "    return $__codex_exit",
         "  }",
         "fi",

package/dist/lib/config/paths.d.ts

@@ -3,8 +3,10 @@ export declare function resolveAccountsDir(): string;
 export declare function resolveAuthPath(): string;
 export declare function resolveCurrentNamePath(): string;
 export declare function resolveRegistryPath(): string;
+export declare function resolveSessionMapPath(): string;
 export declare const codexDir: string;
 export declare const accountsDir: string;
 export declare const authPath: string;
 export declare const currentNamePath: string;
 export declare const registryPath: string;
+export declare const sessionMapPath: string;

package/dist/lib/config/paths.js

@@ -3,12 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.registryPath = exports.currentNamePath = exports.authPath = exports.accountsDir = exports.codexDir = void 0;
+exports.sessionMapPath = exports.registryPath = exports.currentNamePath = exports.authPath = exports.accountsDir = exports.codexDir = void 0;
 exports.resolveCodexDir = resolveCodexDir;
 exports.resolveAccountsDir = resolveAccountsDir;
 exports.resolveAuthPath = resolveAuthPath;
 exports.resolveCurrentNamePath = resolveCurrentNamePath;
 exports.resolveRegistryPath = resolveRegistryPath;
+exports.resolveSessionMapPath = resolveSessionMapPath;
 const node_os_1 = __importDefault(require("node:os"));
 const node_path_1 = __importDefault(require("node:path"));
 function resolvePath(raw) {
@@ -46,8 +47,16 @@ function resolveCurrentNamePath() {
 function resolveRegistryPath() {
     return node_path_1.default.join(resolveAccountsDir(), "registry.json");
 }
+function resolveSessionMapPath() {
+    const envPath = process.env.CODEX_AUTH_SESSION_MAP_PATH;
+    if (envPath && envPath.trim().length > 0) {
+        return resolvePath(envPath.trim());
+    }
+    return node_path_1.default.join(resolveAccountsDir(), "sessions.json");
+}
 exports.codexDir = resolveCodexDir();
 exports.accountsDir = resolveAccountsDir();
 exports.authPath = resolveAuthPath();
 exports.currentNamePath = resolveCurrentNamePath();
 exports.registryPath = resolveRegistryPath();
+exports.sessionMapPath = resolveSessionMapPath();

package/dist/lib/update-check.d.ts

@@ -0,0 +1,14 @@
+export declare const PACKAGE_NAME = "@imdeadpool/codex-account-switcher";
+export type UpdateState = "update-available" | "up-to-date" | "unknown";
+export interface UpdateSummary {
+    currentVersion: string;
+    latestVersion: string;
+    state: UpdateState;
+}
+export declare function parseVersionTriplet(version: string): [number, number, number] | null;
+export declare function isVersionNewer(currentVersion: string, latestVersion: string): boolean;
+export declare function getUpdateSummary(currentVersion: string, latestVersion: string): UpdateSummary;
+export declare function formatUpdateSummaryCard(summary: UpdateSummary): string[];
+export declare function formatUpdateSummaryInline(summary: UpdateSummary): string;
+export declare function fetchLatestNpmVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
+export declare function runGlobalNpmInstall(packageName: string, version?: "latest" | string): Promise<number>;

package/dist/lib/update-check.js

@@ -0,0 +1,125 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PACKAGE_NAME = void 0;
+exports.parseVersionTriplet = parseVersionTriplet;
+exports.isVersionNewer = isVersionNewer;
+exports.getUpdateSummary = getUpdateSummary;
+exports.formatUpdateSummaryCard = formatUpdateSummaryCard;
+exports.formatUpdateSummaryInline = formatUpdateSummaryInline;
+exports.fetchLatestNpmVersion = fetchLatestNpmVersion;
+exports.runGlobalNpmInstall = runGlobalNpmInstall;
+const node_child_process_1 = require("node:child_process");
+const SEMVER_TRIPLET = /^v?(\d+)\.(\d+)\.(\d+)(?:[-+].*)?$/;
+exports.PACKAGE_NAME = "@imdeadpool/codex-account-switcher";
+function parseVersionTriplet(version) {
+    const match = version.trim().match(SEMVER_TRIPLET);
+    if (!match)
+        return null;
+    return [Number(match[1]), Number(match[2]), Number(match[3])];
+}
+function isVersionNewer(currentVersion, latestVersion) {
+    const current = parseVersionTriplet(currentVersion);
+    const latest = parseVersionTriplet(latestVersion);
+    if (!current || !latest)
+        return false;
+    for (let i = 0; i < 3; i += 1) {
+        if (latest[i] > current[i])
+            return true;
+        if (latest[i] < current[i])
+            return false;
+    }
+    return false;
+}
+function getUpdateSummary(currentVersion, latestVersion) {
+    const current = parseVersionTriplet(currentVersion);
+    const latest = parseVersionTriplet(latestVersion);
+    if (!current || !latest) {
+        return {
+            currentVersion,
+            latestVersion,
+            state: "unknown",
+        };
+    }
+    return {
+        currentVersion,
+        latestVersion,
+        state: isVersionNewer(currentVersion, latestVersion) ? "update-available" : "up-to-date",
+    };
+}
+function formatUpdateSummaryCard(summary) {
+    const statusLabel = summary.state === "update-available"
+        ? "update available"
+        : summary.state === "up-to-date"
+            ? "up to date"
+            : "unknown";
+    return [
+        "┌─ codex-auth update",
+        `│  current: ${summary.currentVersion}`,
+        `│  latest : ${summary.latestVersion}`,
+        `└─ status : ${statusLabel}`,
+    ];
+}
+function formatUpdateSummaryInline(summary) {
+    if (summary.state === "update-available") {
+        return `⬆ Update available: ${summary.currentVersion} -> ${summary.latestVersion}`;
+    }
+    if (summary.state === "up-to-date") {
+        return `✓ Up to date: ${summary.currentVersion}`;
+    }
+    return `ℹ Update status unknown (current: ${summary.currentVersion}, latest: ${summary.latestVersion})`;
+}
+async function fetchLatestNpmVersion(packageName, timeoutMs = 2500) {
+    return new Promise((resolve) => {
+        const child = (0, node_child_process_1.spawn)("npm", ["view", packageName, "version", "--json"], {
+            stdio: ["ignore", "pipe", "ignore"],
+        });
+        let output = "";
+        const timeout = setTimeout(() => {
+            child.kill("SIGTERM");
+            resolve(null);
+        }, timeoutMs);
+        child.stdout.on("data", (chunk) => {
+            output += chunk.toString();
+        });
+        child.on("error", () => {
+            clearTimeout(timeout);
+            resolve(null);
+        });
+        child.on("exit", (code) => {
+            clearTimeout(timeout);
+            if (code !== 0) {
+                resolve(null);
+                return;
+            }
+            const trimmed = output.trim();
+            if (!trimmed) {
+                resolve(null);
+                return;
+            }
+            try {
+                const parsed = JSON.parse(trimmed);
+                if (typeof parsed === "string" && parsed.trim().length > 0) {
+                    resolve(parsed.trim());
+                    return;
+                }
+            }
+            catch {
+                // fall through
+            }
+            resolve(trimmed.replace(/^"+|"+$/g, ""));
+        });
+    });
+}
+async function runGlobalNpmInstall(packageName, version = "latest") {
+    return new Promise((resolve) => {
+        const child = (0, node_child_process_1.spawn)("npm", ["i", "-g", `${packageName}@${version}`], {
+            stdio: "inherit",
+        });
+        child.on("error", () => {
+            resolve(1);
+        });
+        child.on("exit", (code) => {
+            resolve(typeof code === "number" ? code : 1);
+        });
+    });
+}

package/dist/tests/login-hook.test.js

@@ -65,3 +65,17 @@ async function withTempRcFile(t, fn) {
         strict_1.default.equal(after.rcPath, rcPath);
     });
 });
+(0, node_test_1.default)("renderLoginHookBlock includes terminal-mode restore guard", () => {
+    const hook = (0, login_hook_1.renderLoginHookBlock)();
+    strict_1.default.ok(hook.includes("__codex_auth_restore_tty"));
+    strict_1.default.ok(hook.includes("command codex-auth restore-session"));
+    strict_1.default.ok(hook.includes("CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status"));
+    strict_1.default.ok(hook.includes("\\033[>4m"));
+    strict_1.default.ok(hook.includes("\\033[<u"));
+    strict_1.default.ok(hook.includes("\\033[?2026l"));
+    strict_1.default.ok(hook.includes("\\033[?1004l"));
+    strict_1.default.ok(hook.includes("\\033[?2004l"));
+    strict_1.default.ok(hook.includes("\\033[0m"));
+    strict_1.default.ok(hook.includes("\\033[?25h"));
+    strict_1.default.ok(hook.includes("CODEX_AUTH_SKIP_TTY_RESTORE"));
+});

package/dist/tests/save-account-safety.test.js

@@ -19,9 +19,10 @@ function encodeBase64Url(input) {
         .replace(/=+$/g, "");
 }
 function buildAuthPayload(email, options) {
-    var _a, _b;
+    var _a, _b, _c;
     const accountId = (_a = options === null || options === void 0 ? void 0 : options.accountId) !== null && _a !== void 0 ? _a : "acct-1";
     const userId = (_b = options === null || options === void 0 ? void 0 : options.userId) !== null && _b !== void 0 ? _b : "user-1";
+    const tokenSeed = (_c = options === null || options === void 0 ? void 0 : options.tokenSeed) !== null && _c !== void 0 ? _c : email;
     const idTokenPayload = {
         email,
         "https://api.openai.com/auth": {
@@ -33,8 +34,8 @@ function buildAuthPayload(email, options) {
     const idToken = `${encodeBase64Url(JSON.stringify({ alg: "none" }))}.${encodeBase64Url(JSON.stringify(idTokenPayload))}.sig`;
     return JSON.stringify({
         tokens: {
-            access_token: `token-${email}`,
-            refresh_token: `refresh-${email}`,
+            access_token: `token-${tokenSeed}`,
+            refresh_token: `refresh-${tokenSeed}`,
             id_token: idToken,
             account_id: accountId,
         },
@@ -362,6 +363,34 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(registry.autoSwitch.enabled, false);
     });
 });
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded re-keys active alias to inferred email name when external login identity matches", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const activeAlias = "team-primary";
+        const incomingEmail = "admin@kozpontihusbolt.hu";
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, `${activeAlias}.json`), buildAuthPayload(incomingEmail, {
+            accountId: "acct-team",
+            userId: "user-team",
+            tokenSeed: "pre-login",
+        }), "utf8");
+        await promises_1.default.writeFile(currentPath, `${activeAlias}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload(incomingEmail, {
+            accountId: "acct-team",
+            userId: "user-team",
+            tokenSeed: "post-login",
+        }), "utf8");
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: true,
+            savedName: incomingEmail,
+            autoSwitchDisabled: false,
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), incomingEmail);
+        const inferredSnapshot = await (0, auth_parser_1.parseAuthSnapshotFile)(node_path_1.default.join(accountsDir, `${incomingEmail}.json`));
+        strict_1.default.equal(inferredSnapshot.email, incomingEmail);
+    });
+});
 (0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded materializes auth symlink so external codex login can no longer overwrite snapshot files", async (t) => {
     if (process.platform === "win32") {
         t.skip("symlink conversion behavior is Unix-specific in this test");
@@ -397,3 +426,140 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(authStat.isSymbolicLink(), false);
     });
 });
+(0, node_test_1.default)("getCurrentAccountName prefers session-scoped snapshot over global current pointer", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        const active = await service.getCurrentAccountName();
+        strict_1.default.equal(active, "odin@megkapja.hu");
+    });
+});
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded ignores external login from another terminal when session snapshot differs", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(currentPath, "odin@megkapja.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: false,
+            autoSwitchDisabled: false,
+        });
+        await strict_1.default.rejects(() => promises_1.default.access(node_path_1.default.join(accountsDir, "lajos@edix.hu.json")));
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "odin@megkapja.hu");
+    });
+});
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded can be forced for explicit in-terminal codex login sync", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        const previousFlag = process.env.CODEX_AUTH_FORCE_EXTERNAL_SYNC;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(currentPath, "odin@megkapja.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        process.env.CODEX_AUTH_FORCE_EXTERNAL_SYNC = "1";
+        t.after(() => {
+            process.env.CODEX_AUTH_FORCE_EXTERNAL_SYNC = previousFlag;
+        });
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: true,
+            savedName: "lajos@edix.hu",
+            autoSwitchDisabled: false,
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("restoreSessionSnapshotIfNeeded re-activates the session-pinned snapshot when auth.json drifts", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const restored = await service.restoreSessionSnapshotIfNeeded();
+        strict_1.default.deepEqual(restored, {
+            restored: true,
+            accountName: "odin@megkapja.hu",
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "odin@megkapja.hu");
+        const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(authPath);
+        strict_1.default.equal(parsed.email, "odin@megkapja.hu");
+    });
+});

package/dist/tests/update-check.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tests/update-check.test.js

@@ -0,0 +1,67 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = __importDefault(require("node:test"));
+const strict_1 = __importDefault(require("node:assert/strict"));
+const update_check_1 = require("../lib/update-check");
+(0, node_test_1.default)("parseVersionTriplet parses standard semver triplets", () => {
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("0.1.9"), [0, 1, 9]);
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("v1.20.3"), [1, 20, 3]);
+});
+(0, node_test_1.default)("parseVersionTriplet supports pre-release/build suffixes", () => {
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("1.2.3-beta.1"), [1, 2, 3]);
+    strict_1.default.deepEqual((0, update_check_1.parseVersionTriplet)("1.2.3+build"), [1, 2, 3]);
+});
+(0, node_test_1.default)("parseVersionTriplet rejects non-triplet versions", () => {
+    strict_1.default.equal((0, update_check_1.parseVersionTriplet)("1.2"), null);
+    strict_1.default.equal((0, update_check_1.parseVersionTriplet)("latest"), null);
+});
+(0, node_test_1.default)("isVersionNewer compares semver triplets correctly", () => {
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.8", "0.1.9"), true);
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.9", "0.1.9"), false);
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.2.0", "0.1.9"), false);
+});
+(0, node_test_1.default)("isVersionNewer returns false when either version is invalid", () => {
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("latest", "0.1.9"), false);
+    strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.8", "nightly"), false);
+});
+(0, node_test_1.default)("getUpdateSummary returns update-available state", () => {
+    const summary = (0, update_check_1.getUpdateSummary)("0.1.8", "0.1.9");
+    strict_1.default.deepEqual(summary, {
+        currentVersion: "0.1.8",
+        latestVersion: "0.1.9",
+        state: "update-available",
+    });
+});
+(0, node_test_1.default)("getUpdateSummary returns up-to-date state", () => {
+    const summary = (0, update_check_1.getUpdateSummary)("0.1.9", "0.1.9");
+    strict_1.default.deepEqual(summary, {
+        currentVersion: "0.1.9",
+        latestVersion: "0.1.9",
+        state: "up-to-date",
+    });
+});
+(0, node_test_1.default)("formatUpdateSummaryInline renders human-friendly states", () => {
+    strict_1.default.equal((0, update_check_1.formatUpdateSummaryInline)({
+        currentVersion: "0.1.8",
+        latestVersion: "0.1.9",
+        state: "update-available",
+    }), "⬆ Update available: 0.1.8 -> 0.1.9");
+    strict_1.default.equal((0, update_check_1.formatUpdateSummaryInline)({
+        currentVersion: "0.1.9",
+        latestVersion: "0.1.9",
+        state: "up-to-date",
+    }), "✓ Up to date: 0.1.9");
+});
+(0, node_test_1.default)("formatUpdateSummaryCard renders a stable 4-line card", () => {
+    const lines = (0, update_check_1.formatUpdateSummaryCard)({
+        currentVersion: "0.1.9",
+        latestVersion: "0.1.10",
+        state: "update-available",
+    });
+    strict_1.default.equal(lines.length, 4);
+    strict_1.default.equal(lines[0], "┌─ codex-auth update");
+    strict_1.default.equal(lines[3], "└─ status : update available");
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imdeadpool/codex-account-switcher",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "A command-line tool that lets you manage and switch between multiple Codex accounts instantly, no more constant logins and logouts.",
   "license": "MIT",
   "bin": {
@@ -52,6 +52,9 @@
   },
   "oclif": {
     "bin": "codex-auth",
-    "commands": "./dist/commands"
+    "commands": "./dist/commands",
+    "hooks": {
+      "init": "./dist/hooks/init/update-notifier"
+    }
   }
 }

package/scripts/postinstall-login-hook.cjs

@@ -22,6 +22,13 @@ function renderHookBlock() {
   return [
     MARK_START,
     "# Auto-sync codex-auth snapshots after successful official `codex login`.",
+    "# Also restore common terminal modes to avoid leaked escape sequences after codex exits.",
+    "__codex_auth_restore_tty() {",
+    "  [[ -t 1 ]] || return 0",
+    "  local __tty_target=/dev/tty",
+    "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
+    "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
+    "}",
     "if ! typeset -f codex >/dev/null 2>&1; then",
     "  codex() {",
     "    command codex \"$@\"",
@@ -40,6 +47,9 @@ function renderHookBlock() {
     "        command codex-auth status >/dev/null 2>&1 || true",
     "      fi",
     "    fi",
+    "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+    "      __codex_auth_restore_tty",
+    "    fi",
     "    return $__codex_exit",
     "  }",
     "fi",