From be0c597d255a21a7e935f033dfcc4de4e19c8c8e Mon Sep 17 00:00:00 2001 From: Tam Nhu Tran Date: Mon, 30 Mar 2026 11:46:12 -0400 Subject: [PATCH] docs(architecture): document codex duplicate-email identity --- docs/system-architecture/provider-flows.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/system-architecture/provider-flows.md b/docs/system-architecture/provider-flows.md index 69d9f317..a9e4c8a1 100644 --- a/docs/system-architecture/provider-flows.md +++ b/docs/system-architecture/provider-flows.md @@ -1,6 +1,6 @@ # Provider Integration Flows -Last Updated: 2026-02-16 +Last Updated: 2026-03-30 Detailed provider integration flows including CLIProxyAPI, legacy GLMT compatibility transforms, remote CLIProxy, quota management, and authentication. @@ -76,6 +76,18 @@ CLIProxyAPI is a local OAuth proxy binary that enables seamless integration with | Kiro (AWS) | `kiro` | Method-aware (default: Device Code) | 9876 | CLIProxyAPIPlus | | GitHub Copilot | `ghcp` | Device Code | none | CLIProxyAPIPlus | +### Codex Duplicate-Email Account Identity + +Codex can legitimately produce multiple auth files for the same email when the user has both a team/business login and a personal/free login. CCS now treats those as separate accounts instead of collapsing them by email. + +- Internal account IDs stay duplicate-aware for Codex only: `email#variant` +- Variant keys are derived from the auth filename, for example `kaidu.kd@gmail.com#04a0f049-team` and `kaidu.kd@gmail.com#free` +- Dashboard surfaces continue to show the canonical email, with a compact variant badge such as `Team` or `Free` +- Quota fetch resolves the exact registry `tokenFile` for the selected account instead of scanning by email and taking the first match +- Live usage/account monitor stats key by `provider + account identity`, so duplicate Codex emails no longer merge into one runtime bucket + +This preserves the user-visible distinction between business and personal Codex sessions while keeping other providers on their existing email-backed identity model. + ### Hardcoded Provider Detection CCS detects hardcoded providers via `profile-detector.ts` and routes through `execClaudeWithCLIProxy()`.