@imdeadpool/codex-account-switcher 0.1.9 → 0.1.11

package/README.md

@@ -9,6 +9,8 @@ A command-line tool that lets you manage and switch between multiple Codex accou
 
 Codex stores your authentication session in a single `auth.json` file. This tool works by creating named snapshots of that file for each of your accounts. When you want to switch, `codex-auth` swaps the active `~/.codex/auth.json` with the snapshot you select, instantly changing your logged-in account.
 
+`codex-auth` also keeps a lightweight per-terminal session memory (scoped by shell parent PID by default), so older terminals keep using their original snapshot even if a different terminal logs into another account later.
+
 ## Requirements
 
 - Node.js 18 or newer
@@ -26,6 +28,16 @@ official `codex login`.
 - Choose `y` to enable fully automatic login snapshot capture.
 - Choose `n` (default) to skip.
 - Set `CODEX_AUTH_SKIP_POSTINSTALL=1` to always suppress this prompt.
+- Set `CODEX_AUTH_SKIP_TTY_RESTORE=1` to keep the hook from restoring terminal modes after `codex` exits.
+- Set `CODEX_AUTH_SESSION_KEY=<id>` to explicitly scope session-memory identity (optional; default uses shell PPID).
+- For a calmer Codex footer, prefer a focused `[tui] status_line` such as:
+
+  ```toml
+  [tui]
+  status_line = ["model-with-reasoning", "git-branch", "context-remaining"]
+  ```
+
+  This remains a manual Codex config choice; `codex-auth` does not rewrite `~/.codex/config.toml`.
 
 ## Usage
 
@@ -66,6 +78,9 @@ codex-auth self-update
 # check only (no install)
 codex-auth self-update --check
 
+# reinstall latest even if already up to date
+codex-auth self-update --reinstall
+
 # remove accounts (interactive multi-select)
 codex-auth remove
 
@@ -102,13 +117,13 @@ codex-auth remove-login-hook
 - `codex-auth use [name]` – Accepts a name or launches an interactive selector with the current account pre-selected, writes `~/.codex/auth.json` as a regular file from the chosen snapshot, and records the active name.
 - `codex-auth list [--details]` – Lists all saved snapshots alphabetically and marks the active one with `*`. `--details` adds per-snapshot mapping metadata (email, account id, user id, and usage metadata) for easier session/account troubleshooting.
 - `codex-auth current` – Prints the active account name, or a friendly message if none is active.
-- `codex-auth self-update [--check]` – Checks npm for a newer release. Without flags, it installs the latest version globally when one is available.
+- `codex-auth self-update [--check] [--reinstall] [-y]` – Checks npm for newer release metadata. `--check` prints current/latest/status only. `--reinstall` forces reinstall even when already up to date. `-y` skips confirmation prompts.
 - `codex-auth remove [query|--all]` – Removes snapshots interactively or by selector. If the active account is removed, the best remaining account is activated automatically.
 - `codex-auth status` – Prints auto-switch state, managed service status, active thresholds, and usage mode.
 - `codex-auth config auto ...` – Enables/disables managed auto-switch and updates threshold percentages.
 - `codex-auth config api enable|disable` – Chooses usage source mode (`api` or `local`).
 - `codex-auth daemon --once|--watch` – Runs the auto-switch loop once or continuously.
-- `codex-auth setup-login-hook [-f <path>]` – Installs an optional shell hook in your rc file to auto-sync snapshots after successful official `codex login`.
+- `codex-auth setup-login-hook [-f <path>]` – Installs an optional shell hook in your rc file to restore session-pinned snapshot before each `codex` run, refresh codex-auth session memory after each `codex` exit, and restore common terminal modes before returning to your prompt.
 - `codex-auth hook-status [-f <path>]` – Shows whether the optional login auto-snapshot hook is installed for the selected rc file.
 - `codex-auth remove-login-hook [-f <path>]` – Removes the optional shell hook.
 

package/dist/commands/list.js

@@ -47,9 +47,12 @@ class ListCommand extends base_command_1.BaseCommand {
         if (!currentVersion || typeof currentVersion !== "string")
             return;
         const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
-        if (!latestVersion || !(0, update_check_1.isVersionNewer)(currentVersion, latestVersion))
+        if (!latestVersion)
             return;
-        this.log(`Update available for codex-auth: ${currentVersion} -> ${latestVersion}`);
+        const summary = (0, update_check_1.getUpdateSummary)(currentVersion, latestVersion);
+        if (summary.state !== "update-available")
+            return;
+        this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
         const prompt = await (0, prompts_1.default)({
             type: "confirm",
             name: "install",

package/dist/commands/restore-session.d.ts

@@ -0,0 +1,7 @@
+import { BaseCommand } from "../lib/base-command";
+export default class RestoreSessionCommand extends BaseCommand {
+    protected readonly syncExternalAuthBeforeRun = false;
+    static hidden: boolean;
+    static description: string;
+    run(): Promise<void>;
+}

package/dist/commands/restore-session.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const base_command_1 = require("../lib/base-command");
+class RestoreSessionCommand extends base_command_1.BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.syncExternalAuthBeforeRun = false;
+    }
+    async run() {
+        await this.runSafe(async () => {
+            await this.accounts.restoreSessionSnapshotIfNeeded();
+        });
+    }
+}
+RestoreSessionCommand.hidden = true;
+RestoreSessionCommand.description = "Restore auth.json from the session-pinned snapshot (internal helper)";
+exports.default = RestoreSessionCommand;

package/dist/commands/self-update.d.ts

@@ -3,6 +3,8 @@ export default class SelfUpdateCommand extends BaseCommand {
     static description: string;
     static flags: {
         readonly check: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        readonly reinstall: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        readonly yes: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/dist/commands/self-update.js

@@ -1,6 +1,10 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
+const prompts_1 = __importDefault(require("prompts"));
 const base_command_1 = require("../lib/base-command");
 const update_check_1 = require("../lib/update-check");
 class SelfUpdateCommand extends base_command_1.BaseCommand {
@@ -13,17 +17,43 @@ class SelfUpdateCommand extends base_command_1.BaseCommand {
                 this.warn("Could not check npm for the latest release right now.");
                 return;
             }
-            if (!(0, update_check_1.isVersionNewer)(currentVersion, latestVersion)) {
-                this.log(`codex-auth is up to date (${currentVersion}).`);
+            const summary = (0, update_check_1.getUpdateSummary)(currentVersion, latestVersion);
+            const hasUpdate = summary.state === "update-available";
+            if (flags.check) {
+                for (const line of (0, update_check_1.formatUpdateSummaryCard)(summary)) {
+                    this.log(line);
+                }
+                if (hasUpdate) {
+                    this.log("Run `codex-auth self-update` to install the latest release.");
+                }
                 return;
             }
-            this.log(`Update available: ${currentVersion} -> ${latestVersion}`);
-            if (flags.check) {
+            if (!hasUpdate && !flags.reinstall) {
+                this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
+                this.log("Use `codex-auth self-update --reinstall` if you want to reinstall anyway.");
                 return;
             }
+            if (hasUpdate) {
+                this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
+            }
+            else {
+                this.log(`↺ Reinstall requested for latest version (${latestVersion}).`);
+            }
+            if (!flags.yes) {
+                const response = await (0, prompts_1.default)({
+                    type: "confirm",
+                    name: "proceed",
+                    message: "Proceed with global npm update now?",
+                    initial: true,
+                });
+                if (!response.proceed) {
+                    this.log("Update cancelled.");
+                    return;
+                }
+            }
             const exitCode = await (0, update_check_1.runGlobalNpmInstall)(update_check_1.PACKAGE_NAME);
             if (exitCode === 0) {
-                this.log("Global update completed.");
+                this.log(`✓ Global update completed (installed ${latestVersion}).`);
                 return;
             }
             this.warn(`Global update failed (exit code ${exitCode}). Run: npm i -g ${update_check_1.PACKAGE_NAME}@latest`);
@@ -36,5 +66,15 @@ SelfUpdateCommand.flags = {
         description: "Only check whether an update is available",
         default: false,
     }),
+    reinstall: core_1.Flags.boolean({
+        char: "r",
+        description: "Reinstall the latest version even when already up to date",
+        default: false,
+    }),
+    yes: core_1.Flags.boolean({
+        char: "y",
+        description: "Skip confirmation prompts",
+        default: false,
+    }),
 };
 exports.default = SelfUpdateCommand;

package/dist/hooks/init/update-notifier.js

@@ -12,9 +12,12 @@ const hook = async function (options) {
     if (!currentVersion)
         return;
     const latestVersion = await (0, update_check_1.fetchLatestNpmVersion)(update_check_1.PACKAGE_NAME);
-    if (!latestVersion || !(0, update_check_1.isVersionNewer)(currentVersion, latestVersion))
+    if (!latestVersion)
         return;
-    this.log(`Update available for codex-auth: ${currentVersion} -> ${latestVersion}`);
+    const summary = (0, update_check_1.getUpdateSummary)(currentVersion, latestVersion);
+    if (summary.state !== "update-available")
+        return;
+    this.log((0, update_check_1.formatUpdateSummaryInline)(summary));
     this.log("Run `codex-auth self-update` to install the latest version.");
 };
 exports.default = hook;

package/dist/lib/accounts/account-service.d.ts

@@ -26,6 +26,10 @@ export interface ExternalAuthSyncResult {
 }
 export declare class AccountService {
     syncExternalAuthSnapshotIfNeeded(): Promise<ExternalAuthSyncResult>;
+    restoreSessionSnapshotIfNeeded(): Promise<{
+        restored: boolean;
+        accountName?: string;
+    }>;
     listAccountNames(): Promise<string[]>;
     listAccountChoices(): Promise<AccountChoice[]>;
     listAccountMappings(): Promise<AccountMapping[]>;
@@ -68,6 +72,13 @@ export declare class AccountService {
     private persistRegistry;
     private activateSnapshot;
     private clearActivePointers;
+    private isExternalSyncForced;
+    private resolveSessionScopeKey;
+    private getSessionAccountName;
+    private setSessionAccountName;
+    private clearSessionAccountName;
+    private readSessionMap;
+    private writeSessionMap;
     private snapshotsShareIdentity;
     private renderSnapshotIdentity;
 }

package/dist/lib/accounts/account-service.js

@@ -14,6 +14,8 @@ const registry_1 = require("./registry");
 const usage_1 = require("./usage");
 const service_manager_1 = require("./service-manager");
 const ACCOUNT_NAME_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9._@+-]*$/;
+const EXTERNAL_SYNC_FORCE_ENV = "CODEX_AUTH_FORCE_EXTERNAL_SYNC";
+const SESSION_KEY_ENV = "CODEX_AUTH_SESSION_KEY";
 class AccountService {
     async syncExternalAuthSnapshotIfNeeded() {
         const authPath = (0, paths_1.resolveAuthPath)();
@@ -31,6 +33,21 @@ class AccountService {
                 autoSwitchDisabled: false,
             };
         }
+        const sessionAccountName = await this.getSessionAccountName();
+        if (sessionAccountName) {
+            const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
+            if (await this.pathExists(sessionSnapshotPath)) {
+                const sessionSnapshot = await (0, auth_parser_1.parseAuthSnapshotFile)(sessionSnapshotPath);
+                if (sessionSnapshot.authMode === "chatgpt" &&
+                    !this.snapshotsShareIdentity(sessionSnapshot, incomingSnapshot) &&
+                    !this.isExternalSyncForced()) {
+                    return {
+                        synchronized: false,
+                        autoSwitchDisabled: false,
+                    };
+                }
+            }
+        }
         const resolvedName = await this.resolveLoginAccountNameFromCurrentAuth();
         const activeName = await this.getCurrentAccountName();
         if (activeName) {
@@ -66,14 +83,50 @@ class AccountService {
             autoSwitchDisabled,
         };
     }
+    async restoreSessionSnapshotIfNeeded() {
+        const sessionAccountName = await this.getSessionAccountName();
+        if (!sessionAccountName) {
+            return { restored: false };
+        }
+        const snapshotPath = this.accountFilePath(sessionAccountName);
+        if (!(await this.pathExists(snapshotPath))) {
+            await this.clearSessionAccountName();
+            return { restored: false };
+        }
+        const authPath = (0, paths_1.resolveAuthPath)();
+        if (await this.pathExists(authPath)) {
+            const [sessionSnapshot, activeSnapshot] = await Promise.all([
+                (0, auth_parser_1.parseAuthSnapshotFile)(snapshotPath),
+                (0, auth_parser_1.parseAuthSnapshotFile)(authPath),
+            ]);
+            if (this.snapshotsShareIdentity(sessionSnapshot, activeSnapshot)) {
+                return {
+                    restored: false,
+                    accountName: sessionAccountName,
+                };
+            }
+        }
+        await this.activateSnapshot(sessionAccountName);
+        return {
+            restored: true,
+            accountName: sessionAccountName,
+        };
+    }
     async listAccountNames() {
         const accountsDir = (0, paths_1.resolveAccountsDir)();
         if (!(await this.pathExists(accountsDir))) {
             return [];
         }
+        const sessionMapPath = (0, paths_1.resolveSessionMapPath)();
+        const sessionMapBasename = node_path_1.default.dirname(sessionMapPath) === accountsDir
+            ? node_path_1.default.basename(sessionMapPath)
+            : undefined;
         const entries = await promises_1.default.readdir(accountsDir, { withFileTypes: true });
         return entries
-            .filter((entry) => entry.isFile() && entry.name.endsWith(".json") && entry.name !== "registry.json")
+            .filter((entry) => entry.isFile() &&
+            entry.name.endsWith(".json") &&
+            entry.name !== "registry.json" &&
+            entry.name !== sessionMapBasename)
             .map((entry) => entry.name.replace(/\.json$/i, ""))
             .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: "base" }));
     }
@@ -138,10 +191,20 @@ class AccountService {
         });
     }
     async getCurrentAccountName() {
+        const sessionAccountName = await this.getSessionAccountName();
+        if (sessionAccountName) {
+            const sessionSnapshotPath = this.accountFilePath(sessionAccountName);
+            if (await this.pathExists(sessionSnapshotPath)) {
+                return sessionAccountName;
+            }
+            await this.clearSessionAccountName();
+        }
         const currentNamePath = (0, paths_1.resolveCurrentNamePath)();
         const currentName = await this.readCurrentNameFile(currentNamePath);
-        if (currentName)
+        if (currentName) {
+            await this.setSessionAccountName(currentName);
             return currentName;
+        }
         const authPath = (0, paths_1.resolveAuthPath)();
         if (!(await this.pathExists(authPath)))
             return null;
@@ -157,7 +220,9 @@ class AccountService {
         const base = node_path_1.default.basename(resolvedTarget);
         if (!base.endsWith(".json") || base === "registry.json")
             return null;
-        return base.replace(/\.json$/i, "");
+        const resolvedName = base.replace(/\.json$/i, "");
+        await this.setSessionAccountName(resolvedName);
+        return resolvedName;
     }
     async saveAccount(rawName, options) {
         const name = this.normalizeAccountName(rawName);
@@ -535,6 +600,7 @@ class AccountService {
         const currentNamePath = (0, paths_1.resolveCurrentNamePath)();
         await this.ensureDir(node_path_1.default.dirname(currentNamePath));
         await promises_1.default.writeFile(currentNamePath, `${name}\n`, "utf8");
+        await this.setSessionAccountName(name);
     }
     async readCurrentNameFile(currentNamePath) {
         try {
@@ -636,6 +702,111 @@ class AccountService {
         const authPath = (0, paths_1.resolveAuthPath)();
         await this.removeIfExists(currentPath);
         await this.removeIfExists(authPath);
+        await this.clearSessionAccountName();
+    }
+    isExternalSyncForced() {
+        const raw = process.env[EXTERNAL_SYNC_FORCE_ENV];
+        if (!raw)
+            return false;
+        const normalized = raw.trim().toLowerCase();
+        if (!normalized)
+            return false;
+        return !["0", "false", "no", "off"].includes(normalized);
+    }
+    resolveSessionScopeKey() {
+        var _a;
+        const explicit = (_a = process.env[SESSION_KEY_ENV]) === null || _a === void 0 ? void 0 : _a.trim();
+        if (explicit) {
+            const sanitized = explicit.replace(/\s+/g, " ").slice(0, 160);
+            return `session:${sanitized}`;
+        }
+        if (typeof process.ppid === "number" && process.ppid > 1) {
+            return `ppid:${process.ppid}`;
+        }
+        return null;
+    }
+    async getSessionAccountName() {
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return null;
+        const sessionMap = await this.readSessionMap();
+        const entry = sessionMap.sessions[sessionKey];
+        if (!(entry === null || entry === void 0 ? void 0 : entry.accountName))
+            return null;
+        try {
+            return this.normalizeAccountName(entry.accountName);
+        }
+        catch {
+            return null;
+        }
+    }
+    async setSessionAccountName(accountName) {
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return;
+        const sessionMap = await this.readSessionMap();
+        sessionMap.sessions[sessionKey] = {
+            accountName,
+            updatedAt: new Date().toISOString(),
+        };
+        await this.writeSessionMap(sessionMap);
+    }
+    async clearSessionAccountName() {
+        const sessionKey = this.resolveSessionScopeKey();
+        if (!sessionKey)
+            return;
+        const sessionMap = await this.readSessionMap();
+        if (!sessionMap.sessions[sessionKey])
+            return;
+        delete sessionMap.sessions[sessionKey];
+        await this.writeSessionMap(sessionMap);
+    }
+    async readSessionMap() {
+        const sessionMapPath = (0, paths_1.resolveSessionMapPath)();
+        try {
+            const raw = await promises_1.default.readFile(sessionMapPath, "utf8");
+            const parsed = JSON.parse(raw);
+            if (!parsed || typeof parsed !== "object") {
+                return {
+                    version: 1,
+                    sessions: {},
+                };
+            }
+            const root = parsed;
+            const sessionsRaw = root.sessions && typeof root.sessions === "object"
+                ? root.sessions
+                : {};
+            const sessions = {};
+            for (const [key, value] of Object.entries(sessionsRaw)) {
+                if (!value || typeof value !== "object")
+                    continue;
+                const rawEntry = value;
+                const accountName = typeof rawEntry.accountName === "string" ? rawEntry.accountName.trim() : "";
+                if (!accountName)
+                    continue;
+                sessions[key] = {
+                    accountName,
+                    updatedAt: typeof rawEntry.updatedAt === "string" && rawEntry.updatedAt.length > 0
+                        ? rawEntry.updatedAt
+                        : new Date().toISOString(),
+                };
+            }
+            return {
+                version: 1,
+                sessions,
+            };
+        }
+        catch {
+            return {
+                version: 1,
+                sessions: {},
+            };
+        }
+    }
+    async writeSessionMap(sessionMap) {
+        const sessionMapPath = (0, paths_1.resolveSessionMapPath)();
+        await this.ensureDir(node_path_1.default.dirname(sessionMapPath));
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify(sessionMap, null, 2)}\n`, "utf8");
     }
     snapshotsShareIdentity(a, b) {
         var _a, _b;

package/dist/lib/config/login-hook.js

@@ -33,24 +33,26 @@ function resolveDefaultShellRcPath() {
 function renderLoginHookBlock() {
     return [
         exports.LOGIN_HOOK_MARK_START,
-        "# Auto-sync codex-auth snapshots after successful official `codex login`.",
+        "# Keep terminal-scoped snapshot memory in sync before/after each `codex` run.",
+        "# Also restore common terminal modes to avoid leaked escape sequences after codex exits.",
+        "__codex_auth_restore_tty() {",
+        "  [[ -t 1 ]] || return 0",
+        "  local __tty_target=/dev/tty",
+        "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
+        "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
+        "}",
         "if ! typeset -f codex >/dev/null 2>&1; then",
         "  codex() {",
+        "    if command -v codex-auth >/dev/null 2>&1; then",
+        "      command codex-auth restore-session >/dev/null 2>&1 || true",
+        "    fi",
         "    command codex \"$@\"",
         "    local __codex_exit=$?",
-        "    if [[ $__codex_exit -eq 0 ]]; then",
-        "      local __first_non_flag=\"\"",
-        "      local __arg",
-        "      for __arg in \"$@\"; do",
-        "        case \"$__arg\" in",
-        "          --) break ;;",
-        "          -*) ;;",
-        "          *) __first_non_flag=\"$__arg\"; break ;;",
-        "        esac",
-        "      done",
-        "      if [[ \"$__first_non_flag\" == \"login\" ]] && command -v codex-auth >/dev/null 2>&1; then",
-        "        command codex-auth status >/dev/null 2>&1 || true",
-        "      fi",
+        "    if command -v codex-auth >/dev/null 2>&1; then",
+        "      CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status >/dev/null 2>&1 || true",
+        "    fi",
+        "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+        "      __codex_auth_restore_tty",
         "    fi",
         "    return $__codex_exit",
         "  }",

package/dist/lib/config/paths.d.ts

@@ -3,8 +3,10 @@ export declare function resolveAccountsDir(): string;
 export declare function resolveAuthPath(): string;
 export declare function resolveCurrentNamePath(): string;
 export declare function resolveRegistryPath(): string;
+export declare function resolveSessionMapPath(): string;
 export declare const codexDir: string;
 export declare const accountsDir: string;
 export declare const authPath: string;
 export declare const currentNamePath: string;
 export declare const registryPath: string;
+export declare const sessionMapPath: string;

package/dist/lib/config/paths.js

@@ -3,12 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.registryPath = exports.currentNamePath = exports.authPath = exports.accountsDir = exports.codexDir = void 0;
+exports.sessionMapPath = exports.registryPath = exports.currentNamePath = exports.authPath = exports.accountsDir = exports.codexDir = void 0;
 exports.resolveCodexDir = resolveCodexDir;
 exports.resolveAccountsDir = resolveAccountsDir;
 exports.resolveAuthPath = resolveAuthPath;
 exports.resolveCurrentNamePath = resolveCurrentNamePath;
 exports.resolveRegistryPath = resolveRegistryPath;
+exports.resolveSessionMapPath = resolveSessionMapPath;
 const node_os_1 = __importDefault(require("node:os"));
 const node_path_1 = __importDefault(require("node:path"));
 function resolvePath(raw) {
@@ -46,8 +47,16 @@ function resolveCurrentNamePath() {
 function resolveRegistryPath() {
     return node_path_1.default.join(resolveAccountsDir(), "registry.json");
 }
+function resolveSessionMapPath() {
+    const envPath = process.env.CODEX_AUTH_SESSION_MAP_PATH;
+    if (envPath && envPath.trim().length > 0) {
+        return resolvePath(envPath.trim());
+    }
+    return node_path_1.default.join(resolveAccountsDir(), "sessions.json");
+}
 exports.codexDir = resolveCodexDir();
 exports.accountsDir = resolveAccountsDir();
 exports.authPath = resolveAuthPath();
 exports.currentNamePath = resolveCurrentNamePath();
 exports.registryPath = resolveRegistryPath();
+exports.sessionMapPath = resolveSessionMapPath();

package/dist/lib/update-check.d.ts

@@ -1,5 +1,14 @@
 export declare const PACKAGE_NAME = "@imdeadpool/codex-account-switcher";
+export type UpdateState = "update-available" | "up-to-date" | "unknown";
+export interface UpdateSummary {
+    currentVersion: string;
+    latestVersion: string;
+    state: UpdateState;
+}
 export declare function parseVersionTriplet(version: string): [number, number, number] | null;
 export declare function isVersionNewer(currentVersion: string, latestVersion: string): boolean;
+export declare function getUpdateSummary(currentVersion: string, latestVersion: string): UpdateSummary;
+export declare function formatUpdateSummaryCard(summary: UpdateSummary): string[];
+export declare function formatUpdateSummaryInline(summary: UpdateSummary): string;
 export declare function fetchLatestNpmVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
 export declare function runGlobalNpmInstall(packageName: string, version?: "latest" | string): Promise<number>;

package/dist/lib/update-check.js

@@ -3,6 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PACKAGE_NAME = void 0;
 exports.parseVersionTriplet = parseVersionTriplet;
 exports.isVersionNewer = isVersionNewer;
+exports.getUpdateSummary = getUpdateSummary;
+exports.formatUpdateSummaryCard = formatUpdateSummaryCard;
+exports.formatUpdateSummaryInline = formatUpdateSummaryInline;
 exports.fetchLatestNpmVersion = fetchLatestNpmVersion;
 exports.runGlobalNpmInstall = runGlobalNpmInstall;
 const node_child_process_1 = require("node:child_process");
@@ -27,6 +30,44 @@ function isVersionNewer(currentVersion, latestVersion) {
     }
     return false;
 }
+function getUpdateSummary(currentVersion, latestVersion) {
+    const current = parseVersionTriplet(currentVersion);
+    const latest = parseVersionTriplet(latestVersion);
+    if (!current || !latest) {
+        return {
+            currentVersion,
+            latestVersion,
+            state: "unknown",
+        };
+    }
+    return {
+        currentVersion,
+        latestVersion,
+        state: isVersionNewer(currentVersion, latestVersion) ? "update-available" : "up-to-date",
+    };
+}
+function formatUpdateSummaryCard(summary) {
+    const statusLabel = summary.state === "update-available"
+        ? "update available"
+        : summary.state === "up-to-date"
+            ? "up to date"
+            : "unknown";
+    return [
+        "┌─ codex-auth update",
+        `│  current: ${summary.currentVersion}`,
+        `│  latest : ${summary.latestVersion}`,
+        `└─ status : ${statusLabel}`,
+    ];
+}
+function formatUpdateSummaryInline(summary) {
+    if (summary.state === "update-available") {
+        return `⬆ Update available: ${summary.currentVersion} -> ${summary.latestVersion}`;
+    }
+    if (summary.state === "up-to-date") {
+        return `✓ Up to date: ${summary.currentVersion}`;
+    }
+    return `ℹ Update status unknown (current: ${summary.currentVersion}, latest: ${summary.latestVersion})`;
+}
 async function fetchLatestNpmVersion(packageName, timeoutMs = 2500) {
     return new Promise((resolve) => {
         const child = (0, node_child_process_1.spawn)("npm", ["view", packageName, "version", "--json"], {

package/dist/tests/login-hook.test.js

@@ -65,3 +65,18 @@ async function withTempRcFile(t, fn) {
         strict_1.default.equal(after.rcPath, rcPath);
     });
 });
+(0, node_test_1.default)("renderLoginHookBlock includes terminal-mode restore guard", () => {
+    const hook = (0, login_hook_1.renderLoginHookBlock)();
+    strict_1.default.ok(hook.includes("__codex_auth_restore_tty"));
+    strict_1.default.ok(hook.includes("command codex-auth restore-session"));
+    strict_1.default.ok(hook.includes("CODEX_AUTH_FORCE_EXTERNAL_SYNC=1 command codex-auth status"));
+    strict_1.default.ok(!hook.includes("__first_non_flag"));
+    strict_1.default.ok(hook.includes("\\033[>4m"));
+    strict_1.default.ok(hook.includes("\\033[<u"));
+    strict_1.default.ok(hook.includes("\\033[?2026l"));
+    strict_1.default.ok(hook.includes("\\033[?1004l"));
+    strict_1.default.ok(hook.includes("\\033[?2004l"));
+    strict_1.default.ok(hook.includes("\\033[0m"));
+    strict_1.default.ok(hook.includes("\\033[?25h"));
+    strict_1.default.ok(hook.includes("CODEX_AUTH_SKIP_TTY_RESTORE"));
+});

package/dist/tests/save-account-safety.test.js

@@ -426,3 +426,140 @@ async function withIsolatedCodexDir(t, fn) {
         strict_1.default.equal(authStat.isSymbolicLink(), false);
     });
 });
+(0, node_test_1.default)("getCurrentAccountName prefers session-scoped snapshot over global current pointer", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        const active = await service.getCurrentAccountName();
+        strict_1.default.equal(active, "odin@megkapja.hu");
+    });
+});
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded ignores external login from another terminal when session snapshot differs", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(currentPath, "odin@megkapja.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: false,
+            autoSwitchDisabled: false,
+        });
+        await strict_1.default.rejects(() => promises_1.default.access(node_path_1.default.join(accountsDir, "lajos@edix.hu.json")));
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "odin@megkapja.hu");
+    });
+});
+(0, node_test_1.default)("syncExternalAuthSnapshotIfNeeded can be forced for explicit in-terminal codex login sync", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        const previousFlag = process.env.CODEX_AUTH_FORCE_EXTERNAL_SYNC;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(currentPath, "odin@megkapja.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        process.env.CODEX_AUTH_FORCE_EXTERNAL_SYNC = "1";
+        t.after(() => {
+            process.env.CODEX_AUTH_FORCE_EXTERNAL_SYNC = previousFlag;
+        });
+        const result = await service.syncExternalAuthSnapshotIfNeeded();
+        strict_1.default.deepEqual(result, {
+            synchronized: true,
+            savedName: "lajos@edix.hu",
+            autoSwitchDisabled: false,
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "lajos@edix.hu");
+    });
+});
+(0, node_test_1.default)("restoreSessionSnapshotIfNeeded re-activates the session-pinned snapshot when auth.json drifts", async (t) => {
+    await withIsolatedCodexDir(t, async ({ codexDir, accountsDir, authPath }) => {
+        const service = new account_service_1.AccountService();
+        const currentPath = node_path_1.default.join(codexDir, "current");
+        const sessionMapPath = node_path_1.default.join(accountsDir, "sessions.json");
+        const sessionKey = `ppid:${process.ppid}`;
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "odin@megkapja.hu.json"), buildAuthPayload("odin@megkapja.hu", {
+            accountId: "acct-odin",
+            userId: "user-odin",
+        }));
+        await promises_1.default.writeFile(node_path_1.default.join(accountsDir, "lajos@edix.hu.json"), buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }));
+        await promises_1.default.writeFile(currentPath, "lajos@edix.hu\n", "utf8");
+        await promises_1.default.writeFile(sessionMapPath, `${JSON.stringify({
+            version: 1,
+            sessions: {
+                [sessionKey]: {
+                    accountName: "odin@megkapja.hu",
+                    updatedAt: new Date().toISOString(),
+                },
+            },
+        }, null, 2)}\n`, "utf8");
+        await promises_1.default.writeFile(authPath, buildAuthPayload("lajos@edix.hu", {
+            accountId: "acct-lajos",
+            userId: "user-lajos",
+        }), "utf8");
+        const restored = await service.restoreSessionSnapshotIfNeeded();
+        strict_1.default.deepEqual(restored, {
+            restored: true,
+            accountName: "odin@megkapja.hu",
+        });
+        strict_1.default.equal((await promises_1.default.readFile(currentPath, "utf8")).trim(), "odin@megkapja.hu");
+        const parsed = await (0, auth_parser_1.parseAuthSnapshotFile)(authPath);
+        strict_1.default.equal(parsed.email, "odin@megkapja.hu");
+    });
+});

package/dist/tests/update-check.test.js

@@ -27,3 +27,41 @@ const update_check_1 = require("../lib/update-check");
     strict_1.default.equal((0, update_check_1.isVersionNewer)("latest", "0.1.9"), false);
     strict_1.default.equal((0, update_check_1.isVersionNewer)("0.1.8", "nightly"), false);
 });
+(0, node_test_1.default)("getUpdateSummary returns update-available state", () => {
+    const summary = (0, update_check_1.getUpdateSummary)("0.1.8", "0.1.9");
+    strict_1.default.deepEqual(summary, {
+        currentVersion: "0.1.8",
+        latestVersion: "0.1.9",
+        state: "update-available",
+    });
+});
+(0, node_test_1.default)("getUpdateSummary returns up-to-date state", () => {
+    const summary = (0, update_check_1.getUpdateSummary)("0.1.9", "0.1.9");
+    strict_1.default.deepEqual(summary, {
+        currentVersion: "0.1.9",
+        latestVersion: "0.1.9",
+        state: "up-to-date",
+    });
+});
+(0, node_test_1.default)("formatUpdateSummaryInline renders human-friendly states", () => {
+    strict_1.default.equal((0, update_check_1.formatUpdateSummaryInline)({
+        currentVersion: "0.1.8",
+        latestVersion: "0.1.9",
+        state: "update-available",
+    }), "⬆ Update available: 0.1.8 -> 0.1.9");
+    strict_1.default.equal((0, update_check_1.formatUpdateSummaryInline)({
+        currentVersion: "0.1.9",
+        latestVersion: "0.1.9",
+        state: "up-to-date",
+    }), "✓ Up to date: 0.1.9");
+});
+(0, node_test_1.default)("formatUpdateSummaryCard renders a stable 4-line card", () => {
+    const lines = (0, update_check_1.formatUpdateSummaryCard)({
+        currentVersion: "0.1.9",
+        latestVersion: "0.1.10",
+        state: "update-available",
+    });
+    strict_1.default.equal(lines.length, 4);
+    strict_1.default.equal(lines[0], "┌─ codex-auth update");
+    strict_1.default.equal(lines[3], "└─ status : update available");
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imdeadpool/codex-account-switcher",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "description": "A command-line tool that lets you manage and switch between multiple Codex accounts instantly, no more constant logins and logouts.",
   "license": "MIT",
   "bin": {

package/scripts/postinstall-login-hook.cjs

@@ -22,6 +22,13 @@ function renderHookBlock() {
   return [
     MARK_START,
     "# Auto-sync codex-auth snapshots after successful official `codex login`.",
+    "# Also restore common terminal modes to avoid leaked escape sequences after codex exits.",
+    "__codex_auth_restore_tty() {",
+    "  [[ -t 1 ]] || return 0",
+    "  local __tty_target=/dev/tty",
+    "  [[ -w \"$__tty_target\" ]] || __tty_target=/dev/stdout",
+    "  printf '\\033[>4m\\033[<u\\033[?2026l\\033[?1004l\\033[?1l\\033[?2004l\\033[?1000l\\033[?1002l\\033[?1003l\\033[?1006l\\033[?1015l\\033[?1049l\\033[0m\\033[?25h\\033[H\\033>' >\"$__tty_target\" 2>/dev/null || true",
+    "}",
     "if ! typeset -f codex >/dev/null 2>&1; then",
     "  codex() {",
     "    command codex \"$@\"",
@@ -40,6 +47,9 @@ function renderHookBlock() {
     "        command codex-auth status >/dev/null 2>&1 || true",
     "      fi",
     "    fi",
+    "    if [[ -z \"${CODEX_AUTH_SKIP_TTY_RESTORE:-}\" ]]; then",
+    "      __codex_auth_restore_tty",
+    "    fi",
     "    return $__codex_exit",
     "  }",
     "fi",