Adds opt-in `ccsx auth import-default <name>` to migrate the existing
~/.codex/auth.json into a new profile, plus the cross-system integration
tests and user-facing documentation.
- import-default-command (C3 torn-write protection):
- readFileSync + JSON.parse with 3x retry / 100ms backoff to survive
Codex's truncate-then-write auth.json refresh race
- decode-id-token sanity-check on JWT shape (catches mid-write JWT
corruption that JSON.parse alone wouldn't notice)
- pgrep -f codex best-effort detection; warns + refuses without
--force-while-running flag if a live codex process is found
- rejects cliproxy-format auth files ({type: "codex", ...} wrapper)
with a clear "use ccs cliproxy ..." pointer
- atomic write to <dest>.tmp.<pid>.<rand> + rename
- --with-history defaults to false per D8 (auth-only is the safer
default; opt in for bulkier data)
- --force backs up existing auth.json to .bak-<ts> before overwrite
- non-destructive — never modifies ~/.codex/; legacy mode keeps
working without ever running this command
- integration tests:
- two-terminal-isolation: two profiles with separate CODEX_HOMEs
write to their own auth.json/history.jsonl with no crosstalk
- ccsxp-independence: codex-auth profile set; ccsxp still uses its
own CCSXP_CODEX_HOME / ~/.codex pool (H5 stderr notice present)
- legacy-fallback: no profiles registered → codex-runtime-router
leaves CODEX_HOME unset → codex falls back to ~/.codex
- import-default.integration: real fs copy + decode + register
- docs/codex-auth.md: user guide covering quick start, two-terminal
example, migration, dashboard, and caveats (cmd.exe, Windows
symlinks, ccsx vs ccsxp distinction)
155 codex-auth-scope tests green (45 Phase 1 + 57 Phase 2 + 19 Phase 3
+ 15 Phase 4 + 19 Phase 5). Full suite 3051/3082 — the 1 failure is a
pre-existing test-pollution issue between ccsxp-runtime.test.ts and
codex-runtime-integration.test.ts that exists on dev today; the test
passes in isolation.
Adds a read-only dashboard surface for the codex-auth profile registry.
Power users can see which profile is active and its decoded email/plan
without leaving the browser; mutations stay CLI-only.
- codex-auth-dashboard-service: builds the response shape (active +
default + profiles[]), reads each profile's auth.json, decodes id_token
via Phase 1 decoder (nested URI claims per C1), 5s in-memory single-key
cache plus exported invalidateCodexAuthProfilesCache() hook for
in-process Phase 2 callers (D7); strict field whitelist — id_token /
access_token / refresh_token NEVER appear in response body or logs
- GET /api/codex/profiles registered INSIDE the
requireLocalAccessWhenAuthDisabled middleware (H6) — emails are PII
and must not leak when dashboard is exposed remotely; integration
test asserts 403 from non-localhost origin
- NEW Auth Profiles tab (D5) in ui/src/pages/codex.tsx — distinct from
the existing codex-profiles-card (which edits config.toml [profiles],
a different concept); active profile + email + plan tier highlighted,
table of all profiles below, disabled Switch/Remove buttons redirect
to terminal commands
- accountId returned by API for power users (curl) but hidden from
the default UI (D6)
- 11 service unit tests + 4 endpoint integration tests, all green
Verifies that a single requestId propagates across at least 3 lifecycle
stages emitted from different modules, and that ALS context survives across
async boundaries (setImmediate, microtask, promise.then). Registered in
test:slow bucket per validate:ci-parity gate.
Refs #1141, #1138
- reject pending tool_result layouts that cannot be translated without reordering user content
- keep interleaved GLMT tool_use blocks open until finalization instead of stopping early
- cover leading/interleaved tool_result regressions and interleaved streaming tool fragments
- enforce strict tool_result ordering and pairing against assistant tool_use ids
- reject tool_result image payloads that cannot map to OpenAI tool messages
- preserve raw tool schemas on the /v1/messages proxy path instead of silently tightening them
- forward Anthropic tool_choice semantics and cover adaptive routing plus upstream payload checks
- add dependency injection to export-command, binary-manager,
codex-plan-compatibility, config-command, and usage-syncer
- override process.exit in api-export test to prevent silent
termination in Bun's parallel test runner
- harden test-environment bootstrap with process.env isolation
- fix auth middleware to avoid config upgrade during checks
Phase 05: Migrate test imports from bin/ to dist/
- Update 19 test files to import from dist/ instead of bin/
- Update CLI path in cli.test.js and special-commands.test.js
- Update cross-platform.test.js to check dist/ directory
Phase 06: Cleanup & validation
- Remove bin/ directory (32 JS files)
- Fix ClaudeSymlinkManager import in doctor.ts
- Update postinstall.js to use dist/ modules
- Regenerate package-lock.json (now points to dist/ccs.js)
All 39 tests passing. TypeScript migration complete.
- Move integration/special-commands.test.js to npm/ since it tests bin/ccs.js
- This test was incorrectly categorized as cross-installation integration
- It specifically tests npm package functionality (bin/ccs.js)
- Remove empty integration/ directory and update package.json
- Final test counts: 37 native + 39 npm + 7 unit = 83 total tests
Clean final structure:
- native/ - Native installation tests only
- npm/ - npm package tests (including integration tests)
- shared/ - Shared utilities, fixtures, and unit tests