codex-profile 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +51 -2
- package/README.md +247 -29
- package/SECURITY.md +5 -0
- package/bin/codex-profile +255 -16
- package/docs/.nojekyll +1 -0
- package/docs/geo-audit.md +67 -0
- package/docs/geo-measurement.md +62 -0
- package/docs/index.html +1136 -0
- package/docs/llms.txt +81 -0
- package/docs/robots.txt +4 -0
- package/docs/sitemap.xml +15 -0
- package/media/codex-profile-parallel-instances.png +0 -0
- package/media/codex-profiles-apple-reveal.mp4 +0 -0
- package/media/codex-profiles-saas-promo-frame.png +0 -0
- package/package.json +6 -3
package/CHANGELOG.md
CHANGED
|
@@ -9,12 +9,61 @@ and this project follows semantic versioning for tagged releases.
|
|
|
9
9
|
|
|
10
10
|
### Added
|
|
11
11
|
|
|
12
|
-
-
|
|
13
|
-
`
|
|
12
|
+
- GitHub Actions workflow that publishes the `codex-profile` npm package on
|
|
13
|
+
`v*` tag pushes (or manual dispatch), gated on `make test` and verifying the
|
|
14
|
+
tag matches `package.json`, with npm provenance.
|
|
15
|
+
|
|
16
|
+
## 0.3.0 - 2026-06-30
|
|
17
|
+
|
|
18
|
+
### Added
|
|
19
|
+
|
|
20
|
+
- AI-native onboarding: a root `AGENTS.md` that gives AI coding agents working in
|
|
21
|
+
the repository the project overview, setup, test, run, convention, and safety
|
|
22
|
+
guidance in the format Codex and similar agents read automatically.
|
|
23
|
+
- README "Run It With an AI Assistant" section with a ready-to-paste prompt for
|
|
24
|
+
chatbots and an expandable copy-paste answer block for "how do I run this?".
|
|
25
|
+
- `llms.txt` "How to run" answer template and an AI-assistant FAQ entry on the
|
|
26
|
+
GitHub Pages project page.
|
|
27
|
+
- npm package metadata and public install documentation for the published
|
|
28
|
+
`codex-profile` package.
|
|
29
|
+
- Experimental `app-instance` command for launching profile-specific Codex
|
|
30
|
+
Desktop app clones with isolated `CODEX_HOME`, Electron user data, and
|
|
31
|
+
profile-local instance logs.
|
|
32
|
+
- `logs <profile> --instance` for reading experimental app-instance logs.
|
|
33
|
+
- Branded README demo asset showing two scoped Codex Desktop profile instances
|
|
34
|
+
side by side.
|
|
35
|
+
- README launch-mode and isolation-boundary tables for the experimental
|
|
36
|
+
parallel Desktop workflow.
|
|
37
|
+
- README origin-story section explaining the real multi-account workflow that
|
|
38
|
+
motivated the project.
|
|
39
|
+
- GitHub Pages-ready GEO documentation with canonical metadata, JSON-LD,
|
|
40
|
+
`robots.txt`, `sitemap.xml`, `llms.txt`, a public audit matrix, and a
|
|
41
|
+
measurement plan.
|
|
42
|
+
- Pages deployment workflow for publishing the static GEO documentation.
|
|
43
|
+
|
|
44
|
+
### Changed
|
|
45
|
+
|
|
46
|
+
- Refreshed README positioning around profile-scoped Codex Desktop instances
|
|
47
|
+
and included media assets in the npm package file list.
|
|
48
|
+
- Updated package homepage and package file list so the AI-readable docs ship
|
|
49
|
+
with npm metadata.
|
|
50
|
+
|
|
51
|
+
### Fixed
|
|
52
|
+
|
|
53
|
+
- Desktop profile switching now escalates to a forced quit if Codex does not
|
|
54
|
+
close cleanly after the initial quit request.
|
|
55
|
+
- Fixed experimental app-instance launches on macOS by preserving Codex's
|
|
56
|
+
`CFBundleName` for Electron helper lookup and launching cloned bundles
|
|
57
|
+
through `open -a` with workspace folders passed as documents.
|
|
14
58
|
|
|
15
59
|
### Tests
|
|
16
60
|
|
|
17
61
|
- Added npm package installation coverage.
|
|
62
|
+
- Added coverage for app-instance launch isolation, app clone rebuilds, and
|
|
63
|
+
completion/help output.
|
|
64
|
+
- Added GEO documentation tests for canonical URLs, indexability directives,
|
|
65
|
+
robots, sitemap, FAQ/schema alignment, `llms.txt`, measurement docs, and
|
|
66
|
+
Pages deployment wiring.
|
|
18
67
|
|
|
19
68
|
## 0.2.0 - 2026-05-21
|
|
20
69
|
|
package/README.md
CHANGED
|
@@ -1,25 +1,94 @@
|
|
|
1
1
|
# codex-profiles
|
|
2
2
|
|
|
3
|
+
Two Codex profiles. One Mac. No token swapping.
|
|
4
|
+
|
|
3
5
|
[](https://github.com/Ducksss/codex-profiles/actions/workflows/ci.yml)
|
|
4
6
|
[](https://github.com/Ducksss/codex-profiles/releases)
|
|
7
|
+
[](https://www.npmjs.com/package/codex-profile)
|
|
5
8
|
[](LICENSE)
|
|
6
9
|
[](bin/codex-profile)
|
|
7
10
|
[](#platform-support)
|
|
8
11
|
|
|
9
|
-
|
|
10
|
-
|
|
12
|
+
[Project page](https://ducksss.github.io/codex-profiles/) |
|
|
13
|
+
[llms.txt](https://ducksss.github.io/codex-profiles/llms.txt) |
|
|
14
|
+
[AGENTS.md](AGENTS.md) |
|
|
15
|
+
[GEO audit](docs/geo-audit.md)
|
|
16
|
+
|
|
17
|
+
Switch Codex CLI and Desktop accounts with isolated `CODEX_HOME` profiles.
|
|
18
|
+
Keep personal, work, school, and client state separated without copying
|
|
19
|
+
`auth.json` token files around.
|
|
11
20
|
|
|
12
21
|
`codex-profiles` is a small Bash wrapper around Codex's `CODEX_HOME` support.
|
|
13
22
|
Each profile gets its own Codex home directory, so auth, settings, sessions,
|
|
14
23
|
connectors, plugins, caches, logs, and local state stay separated while the
|
|
15
24
|
wrapper launches Codex CLI or Codex Desktop with the selected profile.
|
|
16
25
|
|
|
26
|
+

|
|
27
|
+
|
|
17
28
|
```sh
|
|
18
29
|
codex-profile cli personal
|
|
19
30
|
codex-profile cli work exec "review this repo"
|
|
20
|
-
codex-profile app
|
|
31
|
+
codex-profile app-instance personal ~/Dev/app-a
|
|
32
|
+
codex-profile app-instance work ~/Dev/app-b
|
|
21
33
|
```
|
|
22
34
|
|
|
35
|
+
## 🤖 Run It With an AI Assistant
|
|
36
|
+
|
|
37
|
+
`codex-profiles` is built to be AI-native. If you use ChatGPT, Claude, Codex, or
|
|
38
|
+
any coding agent, you do not have to read this whole README — point your
|
|
39
|
+
assistant at the repo and ask.
|
|
40
|
+
|
|
41
|
+
**Paste this into your AI assistant or coding agent:**
|
|
42
|
+
|
|
43
|
+
> Read the repo at https://github.com/Ducksss/codex-profiles and its
|
|
44
|
+
> https://ducksss.github.io/codex-profiles/llms.txt, then tell me how to install
|
|
45
|
+
> codex-profiles and run Codex with separate work and personal profiles on my
|
|
46
|
+
> machine.
|
|
47
|
+
|
|
48
|
+
**Working inside a clone with a coding agent?** It automatically reads
|
|
49
|
+
[`AGENTS.md`](AGENTS.md) for setup, test, and usage instructions.
|
|
50
|
+
|
|
51
|
+
<details>
|
|
52
|
+
<summary><strong>Instructions for AI assistants and chatbots</strong> — expand for a copy-paste answer</summary>
|
|
53
|
+
|
|
54
|
+
If you are an AI assistant and a user asks how to install or run
|
|
55
|
+
`codex-profiles`, give them the following. Every command is copy-paste safe.
|
|
56
|
+
|
|
57
|
+
**Install** (pick one):
|
|
58
|
+
|
|
59
|
+
```sh
|
|
60
|
+
npm install -g codex-profile # npm — the package name is singular
|
|
61
|
+
brew install Ducksss/tap/codex-profile # Homebrew
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
**Verify the install:**
|
|
65
|
+
|
|
66
|
+
```sh
|
|
67
|
+
codex-profile doctor
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
**Run Codex with isolated profiles:**
|
|
71
|
+
|
|
72
|
+
```sh
|
|
73
|
+
codex-profile init work # create an isolated CODEX_HOME profile
|
|
74
|
+
codex-profile login work # log in to that profile once
|
|
75
|
+
codex-profile cli work # start Codex CLI on the work profile
|
|
76
|
+
codex-profile cli work exec "run tests" # one-shot Codex CLI command
|
|
77
|
+
codex-profile app work ~/Dev/project # launch Codex Desktop on a profile (macOS)
|
|
78
|
+
codex-profile status # read-only overview of all profiles
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
**State these facts accurately:**
|
|
82
|
+
|
|
83
|
+
- Each profile is its own `CODEX_HOME` directory (`work` → `~/.codex-work`).
|
|
84
|
+
- It does **not** read, copy, or migrate `auth.json` tokens.
|
|
85
|
+
- CLI commands run on macOS and Linux; Desktop launch is macOS-only.
|
|
86
|
+
- It is community-maintained and is **not** an official OpenAI project.
|
|
87
|
+
- Canonical machine-readable source:
|
|
88
|
+
https://ducksss.github.io/codex-profiles/llms.txt
|
|
89
|
+
|
|
90
|
+
</details>
|
|
91
|
+
|
|
23
92
|
## Why It Exists
|
|
24
93
|
|
|
25
94
|
Codex already supports custom state directories through `CODEX_HOME`:
|
|
@@ -36,6 +105,22 @@ connector state, plugins, caches, and logs shared.
|
|
|
36
105
|
|
|
37
106
|
`codex-profile` gives the clean boundary a short command.
|
|
38
107
|
|
|
108
|
+
## The Workflow That Started It
|
|
109
|
+
|
|
110
|
+
This started as an account-switching problem between profiles with different
|
|
111
|
+
strengths:
|
|
112
|
+
|
|
113
|
+
- A school Codex account with higher limits for heavy coding sessions, but no
|
|
114
|
+
connector setup.
|
|
115
|
+
- A personal Codex account with medium limits, but the connector access needed
|
|
116
|
+
for email, outreach, and day-to-day automation workflows.
|
|
117
|
+
|
|
118
|
+
Logging out, logging back in, reopening Desktop, and rebuilding context every
|
|
119
|
+
time was slow enough to break focus. Copying token files would have been the
|
|
120
|
+
wrong shortcut. The goal was a small command that keeps each account's Codex
|
|
121
|
+
state separate, then makes it possible to open the right profile for the job,
|
|
122
|
+
including two Desktop profiles side by side when the workflow calls for it.
|
|
123
|
+
|
|
39
124
|
## Why Not Swap Auth Files?
|
|
40
125
|
|
|
41
126
|
Auth-file switchers only move `auth.json`. That can change who Codex logs in as,
|
|
@@ -53,16 +138,45 @@ codex-profile <profile> -> one CODEX_HOME per profile
|
|
|
53
138
|
That makes it a better fit for work, personal, education, and client accounts
|
|
54
139
|
where local Codex state should not bleed between contexts.
|
|
55
140
|
|
|
56
|
-
## Demo
|
|
141
|
+
## Desktop Demo
|
|
57
142
|
|
|
58
|
-
|
|
143
|
+
The screenshot above shows the experimental Desktop flow: two Codex profiles
|
|
144
|
+
side by side, each with its own app clone, `CODEX_HOME`, Electron user data,
|
|
145
|
+
and profile-local desktop log. The settings/account panel is visible on purpose
|
|
146
|
+
so the profile boundary is easy to inspect.
|
|
59
147
|
|
|
60
148
|
[Watch the short reveal video](media/codex-profiles-apple-reveal.mp4)
|
|
61
149
|
|
|
150
|
+
## AI-Readable Project Page
|
|
151
|
+
|
|
152
|
+
The repository includes a GitHub Pages site in `docs/` for search engines,
|
|
153
|
+
AI crawlers, and citation systems that need a concise project source instead
|
|
154
|
+
of a long README. It ships with:
|
|
155
|
+
|
|
156
|
+
- `index.html` with canonical metadata, visible FAQ content, citation-ready
|
|
157
|
+
facts, and JSON-LD for Organization, SoftwareApplication, WebSite, WebPage,
|
|
158
|
+
FAQPage, and BreadcrumbList.
|
|
159
|
+
- `robots.txt` and `sitemap.xml` for crawl discovery.
|
|
160
|
+
- `llms.txt` with official URLs, install commands, security boundaries, and
|
|
161
|
+
answer-safe project facts.
|
|
162
|
+
- `geo-audit.md` and `geo-measurement.md` for tracking checklist coverage,
|
|
163
|
+
prompt retests, citations, screenshots, and accuracy KPIs.
|
|
164
|
+
- A Pages deployment workflow that validates the GEO files before publishing
|
|
165
|
+
the static site.
|
|
166
|
+
|
|
167
|
+
Validate this layer locally:
|
|
168
|
+
|
|
169
|
+
```sh
|
|
170
|
+
node test/geo-site-test.mjs
|
|
171
|
+
```
|
|
172
|
+
|
|
62
173
|
## Highlights
|
|
63
174
|
|
|
64
175
|
- Isolated Codex homes per profile.
|
|
65
176
|
- CLI and Codex Desktop launch support.
|
|
177
|
+
- Experimental parallel Codex Desktop app instances for power users on macOS.
|
|
178
|
+
- Profile-specific app clones with distinct macOS bundle identifiers.
|
|
179
|
+
- Separate Electron user data for each experimental Desktop instance.
|
|
66
180
|
- No token copying, parsing, printing, or migration.
|
|
67
181
|
- Read-only `list`, `status`, and `doctor` commands for diagnostics.
|
|
68
182
|
- JSON output for automation.
|
|
@@ -73,21 +187,33 @@ where local Codex state should not bleed between contexts.
|
|
|
73
187
|
- Source-style self-upgrade with dry-run preview.
|
|
74
188
|
- No third-party runtime dependencies.
|
|
75
189
|
- Tested on macOS and Ubuntu.
|
|
190
|
+
- Pages-ready AI-readable documentation with structured data, `llms.txt`,
|
|
191
|
+
robots, sitemap, and a measurement plan.
|
|
76
192
|
|
|
77
193
|
## Install
|
|
78
194
|
|
|
79
|
-
With npm
|
|
195
|
+
With npm:
|
|
80
196
|
|
|
81
197
|
```sh
|
|
82
|
-
npm install -g
|
|
198
|
+
npm install -g codex-profile
|
|
83
199
|
```
|
|
84
200
|
|
|
201
|
+
The npm package is `codex-profile` (singular). It installs both the
|
|
202
|
+
`codex-profile` and `codex-profiles` commands. Use the singular package name;
|
|
203
|
+
the plural `codex-profiles` package on npm is a different project.
|
|
204
|
+
|
|
85
205
|
With Homebrew:
|
|
86
206
|
|
|
87
207
|
```sh
|
|
88
208
|
brew install Ducksss/tap/codex-profile
|
|
89
209
|
```
|
|
90
210
|
|
|
211
|
+
With npm directly from this GitHub repo:
|
|
212
|
+
|
|
213
|
+
```sh
|
|
214
|
+
npm install -g github:Ducksss/codex-profiles
|
|
215
|
+
```
|
|
216
|
+
|
|
91
217
|
From source:
|
|
92
218
|
|
|
93
219
|
```sh
|
|
@@ -105,13 +231,6 @@ Verify the install:
|
|
|
105
231
|
codex-profile doctor
|
|
106
232
|
```
|
|
107
233
|
|
|
108
|
-
The package is also prepared for the public npm registry as `codex-profile`.
|
|
109
|
-
After the registry package is published, npm users can install it with:
|
|
110
|
-
|
|
111
|
-
```sh
|
|
112
|
-
npm install -g codex-profile
|
|
113
|
-
```
|
|
114
|
-
|
|
115
234
|
## Quick Start
|
|
116
235
|
|
|
117
236
|
Create and log in to each profile once:
|
|
@@ -137,6 +256,21 @@ codex-profile app personal ~/Dev/my-project
|
|
|
137
256
|
codex-profile app work
|
|
138
257
|
```
|
|
139
258
|
|
|
259
|
+
Run an experimental parallel Codex Desktop instance with its own app clone and
|
|
260
|
+
Electron user data directory:
|
|
261
|
+
|
|
262
|
+
```sh
|
|
263
|
+
codex-profile app-instance personal ~/Dev/project-a
|
|
264
|
+
codex-profile app-instance work --rebuild ~/Dev/project-b
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
Desktop launch modes are intentionally split:
|
|
268
|
+
|
|
269
|
+
| Command | Use when | Behavior |
|
|
270
|
+
| --- | --- | --- |
|
|
271
|
+
| `codex-profile app <profile>` | You want the normal Desktop app on one active profile. | Quits the canonical `Codex.app`, then relaunches it with the selected `CODEX_HOME`. |
|
|
272
|
+
| `codex-profile app-instance <profile>` | You want multiple Desktop profiles open side by side. | Creates or reuses a profile-specific app clone, separate Electron user data, and a profile-local instance log. |
|
|
273
|
+
|
|
140
274
|
Check what exists and what is logged in:
|
|
141
275
|
|
|
142
276
|
```sh
|
|
@@ -227,6 +361,39 @@ codex-profile logs personal
|
|
|
227
361
|
codex-profile logs personal --tail 100
|
|
228
362
|
```
|
|
229
363
|
|
|
364
|
+
Experimental instance logs use their own file:
|
|
365
|
+
|
|
366
|
+
```sh
|
|
367
|
+
codex-profile logs personal --instance --path
|
|
368
|
+
codex-profile logs personal --instance --tail 100
|
|
369
|
+
```
|
|
370
|
+
|
|
371
|
+
### Run Parallel Desktop Instances
|
|
372
|
+
|
|
373
|
+
`app-instance` is the visual power-user workflow: two Codex Desktop profiles,
|
|
374
|
+
same macOS user, separate Codex state.
|
|
375
|
+
|
|
376
|
+
```sh
|
|
377
|
+
codex-profile app-instance personal ~/Dev/personal-app
|
|
378
|
+
codex-profile app-instance work ~/Dev/work-app
|
|
379
|
+
```
|
|
380
|
+
|
|
381
|
+
The command creates or reuses profile-specific app clones under
|
|
382
|
+
`~/Library/Application Support/codex-profile/app-instances`, patches each clone
|
|
383
|
+
with a distinct bundle identifier, re-signs it, and launches it without
|
|
384
|
+
quitting existing Codex windows.
|
|
385
|
+
|
|
386
|
+
The separate command name is deliberate. `codex-profile app` remains the
|
|
387
|
+
predictable single-app switcher for existing workflows and scripts.
|
|
388
|
+
`codex-profile app-instance` is the explicit contract for cloned bundles,
|
|
389
|
+
parallel windows, and experimental Desktop behavior.
|
|
390
|
+
|
|
391
|
+
If Codex Desktop updates or a clone looks stale:
|
|
392
|
+
|
|
393
|
+
```sh
|
|
394
|
+
codex-profile app-instance work --rebuild ~/Dev/work-app
|
|
395
|
+
```
|
|
396
|
+
|
|
230
397
|
### Clone Safe Config
|
|
231
398
|
|
|
232
399
|
Copy known non-secret config files from one profile to another:
|
|
@@ -332,6 +499,7 @@ alias codex-app-work='codex-profile app work'
|
|
|
332
499
|
|
|
333
500
|
```text
|
|
334
501
|
codex-profile app <profile> [workspace]
|
|
502
|
+
codex-profile app-instance <profile> [--rebuild] [workspace]
|
|
335
503
|
codex-profile cli <profile> [codex-args...]
|
|
336
504
|
codex-profile login <profile> [codex-login-args...]
|
|
337
505
|
codex-profile init <profile>
|
|
@@ -339,7 +507,7 @@ codex-profile remove <profile> [--yes]
|
|
|
339
507
|
codex-profile status [profile]
|
|
340
508
|
codex-profile status --json [profile]
|
|
341
509
|
codex-profile path <profile>
|
|
342
|
-
codex-profile logs <profile> [--path|--tail [lines]]
|
|
510
|
+
codex-profile logs <profile> [--instance] [--path|--tail [lines]]
|
|
343
511
|
codex-profile clone-config <source-profile> <target-profile> [--force]
|
|
344
512
|
codex-profile list
|
|
345
513
|
codex-profile doctor [--json]
|
|
@@ -351,15 +519,16 @@ codex-profile --version
|
|
|
351
519
|
|
|
352
520
|
## Environment Overrides
|
|
353
521
|
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
522
|
+
| Variable | Purpose |
|
|
523
|
+
| --- | --- |
|
|
524
|
+
| `CODEX_APP` | Override the `Codex.app` path. |
|
|
525
|
+
| `CODEX_APP_BIN` | Override the Codex Desktop binary path. |
|
|
526
|
+
| `CODEX_CLI` | Override the Codex CLI binary path. |
|
|
527
|
+
| `CODEX_PROFILE_APP_INSTANCE_ROOT` | Override the experimental app-instance clone root. |
|
|
528
|
+
| `CODEX_PROFILE_UPGRADE_REPO` | Override the upgrade repository. |
|
|
529
|
+
| `CODEX_PROFILE_UPGRADE_REF` | Override the upgrade git ref. |
|
|
530
|
+
| `CODEX_PROFILE_UPGRADE_CACHE` | Override the upgrade cache checkout. |
|
|
531
|
+
| `CODEX_PROFILE_UPGRADE_PREFIX` | Override the upgrade install prefix. |
|
|
363
532
|
|
|
364
533
|
Examples:
|
|
365
534
|
|
|
@@ -380,15 +549,55 @@ The `app` command is macOS-only because it launches `Codex.app` and uses macOS
|
|
|
380
549
|
app-control tooling to quit the running desktop app before relaunching it with a
|
|
381
550
|
different `CODEX_HOME`.
|
|
382
551
|
|
|
552
|
+
The experimental `app-instance` command is also macOS-oriented. It creates a
|
|
553
|
+
profile-specific copy of `Codex.app`, patches its display name and bundle
|
|
554
|
+
identifier when macOS tooling is available, re-signs the clone, and launches it
|
|
555
|
+
without quitting other Codex windows.
|
|
556
|
+
|
|
557
|
+
Existing clones are checked before launch. If required metadata is missing,
|
|
558
|
+
malformed, stale, or was created by an older `codex-profile` version,
|
|
559
|
+
`app-instance` rebuilds the clone automatically. Use `--rebuild` after Codex
|
|
560
|
+
Desktop updates or whenever you want to force a fresh copy from the installed
|
|
561
|
+
`Codex.app`.
|
|
562
|
+
|
|
383
563
|
## Desktop App Notes
|
|
384
564
|
|
|
385
565
|
Codex Desktop should run one profile at a time. `codex-profile app <profile>`
|
|
386
|
-
asks the running Codex app to quit, waits for it to close,
|
|
387
|
-
|
|
566
|
+
asks the running Codex app to quit, waits for it to close, and forces a
|
|
567
|
+
shutdown if it keeps hanging around before relaunching the app with the
|
|
568
|
+
selected `CODEX_HOME`.
|
|
388
569
|
|
|
389
570
|
For predictable account switching, launch Codex Desktop through `codex-profile`
|
|
390
571
|
instead of Dock or Spotlight.
|
|
391
572
|
|
|
573
|
+
`app` and `app-instance` stay separate by design. Launching two windows from
|
|
574
|
+
`app` would make existing scripts surprising and would hide the important
|
|
575
|
+
implementation detail that parallel mode clones and re-signs an app bundle.
|
|
576
|
+
The command names describe the contract: `app` switches the canonical app,
|
|
577
|
+
while `app-instance` launches a profile-specific Desktop clone.
|
|
578
|
+
|
|
579
|
+
### Experimental Parallel Instances
|
|
580
|
+
|
|
581
|
+
`codex-profile app-instance <profile>` is an opt-in escape hatch for users who
|
|
582
|
+
need two Codex Desktop profiles open at once. It keeps the normal `app` command
|
|
583
|
+
conservative and instead launches a profile-specific app clone with:
|
|
584
|
+
|
|
585
|
+
- `CODEX_HOME` set to the selected profile home.
|
|
586
|
+
- Electron `--user-data-dir` set to `<profile-home>/electron-user-data`.
|
|
587
|
+
- A distinct macOS bundle identifier derived from the raw profile name.
|
|
588
|
+
- Desktop logs written to `<profile-home>/logs/desktop-instance.log`.
|
|
589
|
+
- Instance logs available through `codex-profile logs <profile> --instance`.
|
|
590
|
+
- App clones stored under
|
|
591
|
+
`~/Library/Application Support/codex-profile/app-instances` by default.
|
|
592
|
+
|
|
593
|
+
The isolation boundary is intentionally narrow and inspectable:
|
|
594
|
+
|
|
595
|
+
| Isolated per profile | Still shared by the macOS user |
|
|
596
|
+
| --- | --- |
|
|
597
|
+
| Codex auth, config, sessions, plugins, caches, logs, and local Codex state under the selected `CODEX_HOME`. | SSH keys, GitHub CLI auth, cloud CLI auth, browser cookies, OS keychain items, npm state, git credentials, and other credentials outside `CODEX_HOME`. |
|
|
598
|
+
| Electron user data for the cloned Desktop app. | The same macOS account, filesystem permissions, network environment, Dock, login items, and system keychains. |
|
|
599
|
+
| Profile-specific app clone metadata and bundle identifier. | The installed source `Codex.app` bundle used as the clone template. |
|
|
600
|
+
|
|
392
601
|
## Security Model
|
|
393
602
|
|
|
394
603
|
`codex-profile` does one security-sensitive thing: it sets `CODEX_HOME` before
|
|
@@ -402,6 +611,10 @@ default repository is this project. `--dry-run` prints the source ref, cache
|
|
|
402
611
|
path, and install prefix before anything changes. Do not point upgrade at a
|
|
403
612
|
repository you do not trust.
|
|
404
613
|
|
|
614
|
+
`app-instance` adds Desktop app clone metadata and Electron user-data isolation,
|
|
615
|
+
but it is still profile-level process isolation. It is not a VM, container, or
|
|
616
|
+
separate macOS account.
|
|
617
|
+
|
|
405
618
|
Separate Codex homes are cleaner than swapping `auth.json`, but they are not
|
|
406
619
|
full OS-level isolation. Your operating system user still shares SSH keys,
|
|
407
620
|
GitHub CLI auth, browser cookies, cloud CLI credentials, npm state, and other
|
|
@@ -436,8 +649,11 @@ are a cleaner boundary.
|
|
|
436
649
|
|
|
437
650
|
### Can I run two desktop profiles at once?
|
|
438
651
|
|
|
439
|
-
|
|
440
|
-
|
|
652
|
+
The default `app` command intentionally treats Codex Desktop as one active
|
|
653
|
+
profile at a time. For an opt-in experimental path, use
|
|
654
|
+
`codex-profile app-instance <profile>`. It launches a profile-specific app clone
|
|
655
|
+
with separate `CODEX_HOME` and Electron user data, but it does not isolate
|
|
656
|
+
external OS-level credentials.
|
|
441
657
|
|
|
442
658
|
### Does this isolate external tools too?
|
|
443
659
|
|
|
@@ -461,7 +677,9 @@ make lint
|
|
|
461
677
|
The test suite covers Bash syntax, profile path mapping, install smoke tests,
|
|
462
678
|
CLI/login pass-through, list/version output, npm package installation, source
|
|
463
679
|
upgrades, fresh-profile status checks, hardened status discovery, private
|
|
464
|
-
desktop log placement,
|
|
680
|
+
desktop log placement, app-instance clone metadata validation, parallel
|
|
681
|
+
Desktop launch coverage, missing-CLI doctor output, and the AI-readable Pages
|
|
682
|
+
documentation layer.
|
|
465
683
|
|
|
466
684
|
## Contributing
|
|
467
685
|
|
package/SECURITY.md
CHANGED
|
@@ -28,6 +28,11 @@ codes, connector credentials, or private logs.
|
|
|
28
28
|
`codex-profiles` does not read or copy Codex auth tokens. It only sets
|
|
29
29
|
`CODEX_HOME` before launching Codex.
|
|
30
30
|
|
|
31
|
+
The experimental `app-instance` command also creates profile-specific Codex app
|
|
32
|
+
clones and launches them with separate Electron user data directories. That is
|
|
33
|
+
profile-level process isolation for Codex Desktop state, not OS-level
|
|
34
|
+
isolation.
|
|
35
|
+
|
|
31
36
|
It does not isolate non-Codex credentials such as SSH keys, GitHub CLI auth,
|
|
32
37
|
cloud CLI credentials, browser cookies, or OS keychain items. Use separate OS
|
|
33
38
|
users for stronger isolation.
|