fix(wrapper): support codex-multi-auth version flags

[ndycode]

Summary

Make the standalone codex-multi-auth wrapper answer --version and -v directly, without changing the existing codex --version passthrough behavior.

What Changed

• short-circuited scripts/codex-multi-auth.js so wrapper version flags resolve from package.json before loading the runtime
• kept non-version wrapper commands on the existing runCodexMultiAuthCli(...) path
• added wrapper-bin coverage for --version, -v, and the missing-version error path
• updated install/upgrade/troubleshooting/reference docs to distinguish official Codex CLI version checks from wrapper version checks
• fixed stale docs links that still pointed at the removed docs/releases/v1.2.0.md so documentation validation passes cleanly

Validation

• npm test -- test/codex-multi-auth-bin-wrapper.test.ts test/codex-bin-wrapper.test.ts
• npm test -- test/documentation.test.ts
• npm run lint
• npm run typecheck
• npm test
• npm run build
• npm run clean:repo:check

Docs and Governance Checklist

• updated user-facing install/upgrade/troubleshooting/reference docs for the wrapper version behavior
• kept codex auth ... as the documented command standard
• no release notes were added or regenerated in this PR

Risk and Rollback

• low risk: scoped to the standalone wrapper entrypoint, its focused tests, and related docs
• rollback: revert commit 960ca3e

Additional Notes

• codex --version is intentionally unchanged and still forwards to the official @openai/codex CLI
• codex-multi-auth --version and codex-multi-auth -v now report the installed wrapper package version

note: greptile review for oc-chatgpt-multi-auth. cite files like lib/foo.ts:123. confirm regression tests + windows concurrency/token redaction coverage.

Greptile Summary

this pr adds a clean short-circuit to scripts/codex-multi-auth.js so codex-multi-auth --version and codex-multi-auth -v resolve the wrapper package version from package.json without loading the dist/ runtime — keeping codex --version unchanged as a passthrough to the official @openai/codex cli.

• the lazy await import("../dist/lib/codex-manager.js") is correctly placed in the else branch, so version-only invocations skip the runtime entirely
• CODEX_MULTI_AUTH_CLI_VERSION is still set eagerly before the branch, preserving existing behavior for runtime invocations
• ENOTEMPTY added to isRetriableFsError — good windows filesystem safety improvement
• multi-arg passthrough coverage (["--version", "extra"]) added in response to prior review comment
• createChildEnv() improves test isolation but strips NODE_NO_WARNINGS; on older node targets or ci environments that set this, child stderr warnings could break the stderr.toBe("") assertions in the new version tests
• stale docs/releases/v1.2.0.md links corrected across readme and docs index — unblocks documentation validation

Confidence Score: 4/5

• safe to merge — scoped to the wrapper entrypoint and tests, no changes to auth/token paths or storage
• implementation is clean and correct, multi-arg passthrough gap from previous review is addressed, windows fs safety improved with ENOTEMPTY; one point held for the NODE_NO_WARNINGS gap in createChildEnv() that could cause flaky stderr assertions on older node targets or strict CI images
• test/codex-multi-auth-bin-wrapper.test.ts — review createChildEnv() env key list for NODE_NO_WARNINGS and potential Windows vars

Important Files Changed

Filename	Overview
scripts/codex-multi-auth.js	version flag short-circuit is clean — lazy import of runCodexMultiAuthCli correctly skips runtime load for solo --version/-v, CODEX_MULTI_AUTH_CLI_VERSION is still set eagerly for all paths, error path exits with code 1 without touching the runtime.
test/codex-multi-auth-bin-wrapper.test.ts	solid coverage for --version, -v, missing-version error, and multi-arg passthrough; ENOTEMPTY added to retriable codes for Windows safety; createChildEnv() improves isolation but silently strips NODE_NO_WARNINGS, risking stderr noise on older Node targets.
README.md	stale v1.2.0 release link replaced; codex-multi-auth --version added to verify wiring section; accurate and consistent with the implementation.
docs/README.md	stale v1.2.0 links replaced with v1.1.10 and v0.1.8; both table entries updated consistently.
docs/getting-started.md	distinction between codex --version (official CLI) and codex-multi-auth --version (wrapper) clearly documented.
docs/reference/commands.md	added two-line note documenting the version flag routing difference; accurate and minimal.
docs/troubleshooting.md	codex-multi-auth --version added to both the diagnostic section and bug report attachment list.
docs/upgrade.md	wrapper version check added to upgrade verification steps; no functional changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([codex-multi-auth invoked]) --> B[resolveCliVersion\nrequire ../package.json]
    B --> C{version resolved?}
    C -- yes --> D[set CODEX_MULTI_AUTH_CLI_VERSION]
    C -- no --> E[version = empty string]
    D --> F{args.length === 1\nAND flag in versionFlags?}
    E --> F
    F -- no\nmulti-arg or non-version cmd --> G[lazy import\nrunCodexMultiAuthCli]
    G --> H[await runCodexMultiAuthCli args]
    H --> I[exitCode = integer ? exitCode : 1]
    F -- yes --> J{version resolved?}
    J -- yes --> K[stdout: version string\nexitCode = 0]
    J -- no --> L[stderr: version unavailable\nexitCode = 1]

Loading

Comments Outside Diff (1)

1. test/codex-multi-auth-bin-wrapper.test.ts, line 18-19 (link)

   ENOTEMPTY missing from retriable fs error codes

   isRetriableFsError only retries on EBUSY and EPERM, omitting ENOTEMPTY. on windows, antivirus or the indexer can hold a directory open long enough for rmSync({ recursive: true }) to fail with ENOTEMPTY on the directory itself even though node handles the tree walk internally. every other cleanup helper in this repo (e.g. repo-hygiene.test.ts) includes ENOTEMPTY in the retriable set per AGENTS.md. this test's cleanup could silently leave temp dirs on a windows ci agent and pollute subsequent runs.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: test/codex-multi-auth-bin-wrapper.test.ts
   Line: 18-19
   
   Comment:
   **`ENOTEMPTY` missing from retriable fs error codes**
   
   `isRetriableFsError` only retries on `EBUSY` and `EPERM`, omitting `ENOTEMPTY`. on windows, antivirus or the indexer can hold a directory open long enough for `rmSync({ recursive: true })` to fail with `ENOTEMPTY` on the directory itself even though node handles the tree walk internally. every other cleanup helper in this repo (e.g. `repo-hygiene.test.ts`) includes `ENOTEMPTY` in the retriable set per `AGENTS.md`. this test's cleanup could silently leave temp dirs on a windows ci agent and pollute subsequent runs.
   
   
   
   How can I resolve this? If you propose a fix, please make it concise.

   

Prompt To Fix All With AI

This is a comment left during a code review.
Path: test/codex-multi-auth-bin-wrapper.test.ts
Line: 58-67

Comment:
**`createChildEnv()` doesn't pass `NODE_NO_WARNINGS`**

the new helper is a nice isolation improvement, but it strips `NODE_NO_WARNINGS`. if the vitest runner sets that var to suppress experimental ESM warnings (or any other Node.js deprecation noise), child processes won't inherit it and may emit warnings to stderr — breaking the `expect(result.stderr).toBe("")` assertions in the new `--version` / `-v` tests.

this won't repro on a clean Node 20+ install (ESM is stable), but it's worth adding `NODE_NO_WARNINGS` to the passthrough list to make the suite robust on older Node targets:

```suggestion
const passthroughEnvKeys = ["HOME", "PATH", "SystemRoot", "TEMP", "TMP", "USERPROFILE", "NODE_NO_WARNINGS"] as const;
```

on windows, also consider whether `APPDATA` or `LOCALAPPDATA` might be needed by Node.js internals — they're absent here and could surface on locked-down CI images.

How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: "test: harden wrapper..."}

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[coderabbitai]

📝 Walkthrough

walkthrough

the pr adds explicit --version/-v handling to the wrapper cli, reads the version from package.json at runtime, updates several docs to instruct running codex-multi-auth --version, and adds tests for the new version-reporting behavior.

changes

Cohort / File(s)	Summary
documentation updates README.md, docs/README.md, docs/getting-started.md, docs/reference/commands.md, docs/troubleshooting.md, docs/upgrade.md	added codex-multi-auth --version guidance alongside existing codex --version checks; adjusted release-note links and verification checklist entries.
wrapper script implementation scripts/codex-multi-auth.js	moved to lazy dynamic import for the runtime CLI, added resolveCliVersion() to read ../package.json, set CODEX_MULTI_AUTH_CLI_VERSION env var, and implemented explicit --version/-v exit paths (success and error).
test coverage test/codex-multi-auth-bin-wrapper.test.ts	added fixture package.json with a version, added tests for --version and -v success paths and an error path when version is missing, and added a test ensuring non-version args are forwarded to the runtime.

sequence diagram(s)

(skipped)

estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

review flags

• missing regression tests: add a test exercising the normal cli path (dynamic import path) when --version is not passed. see test/codex-multi-auth-bin-wrapper.test.ts:line which currently tests version branches but does not validate the typical runtime execution path.
• windows path handling: scripts/codex-multi-auth.js resolves ../package.json. verify path resolution works on windows and in packaged/bundled installs. reference lib/codex-multi-auth.js:line for the resolution code and consider using path.resolve(__dirname, '../package.json').
• concurrency & env mutation: the script sets process.env.CODEX_MULTI_AUTH_CLI_VERSION. this can affect tests running in parallel. review the necessity of this env mutation and consider avoiding global process.env writes or documenting intended consumers. see lib/codex-multi-auth.js:line and test/codex-multi-auth-bin-wrapper.test.ts:line for related usage.

suggested labels

bug

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title follows the conventional commits format with type 'fix', scope 'wrapper', and a lowercase imperative summary that clearly describes adding version flag support to the codex-multi-auth wrapper.
Description check	✅ Passed	PR description is well-structured and comprehensive, covering summary, detailed changes, validation steps, governance checklist, and risk assessment aligned with the template.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/codex-multi-auth-version-flag

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix/codex-multi-auth-version-flag

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/codex-multi-auth.js`:
- Around line 36-40: The stray line setting process.exitCode is incorrectly
unindented outside the else block; move the statement that assigns
process.exitCode (the ternary using Number.isInteger(exitCode) ? exitCode : 1)
so it is inside the else block immediately after the await
runCodexMultiAuthCli(args) call (near the runCodexMultiAuthCli symbol), matching
the indentation of the surrounding block.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2ece97a8-f70a-42d9-8ecd-78b8ae1964ec

📥 Commits

Reviewing files that changed from the base of the PR and between 1be5e95 and 960ca3e.

📒 Files selected for processing (8)

• README.md
• docs/README.md
• docs/getting-started.md
• docs/reference/commands.md
• docs/troubleshooting.md
• docs/upgrade.md
• scripts/codex-multi-auth.js
• test/codex-multi-auth-bin-wrapper.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Greptile Review

🧰 Additional context used

📓 Path-based instructions (2)

docs/**

⚙️ CodeRabbit configuration file

keep README, SECURITY, and docs consistent with actual CLI flags and workflows. whenever behavior changes, require updated upgrade notes and mention new npm scripts.

Files:

• docs/upgrade.md
• docs/getting-started.md
• docs/troubleshooting.md
• docs/reference/commands.md
• docs/README.md

test/**

⚙️ CodeRabbit configuration file

tests must stay deterministic and use vitest. demand regression cases that reproduce concurrency bugs, token refresh races, and windows filesystem behavior. reject changes that mock real secrets or skip assertions.

Files:

• test/codex-multi-auth-bin-wrapper.test.ts

🔇 Additional comments (13)

docs/getting-started.md (1)

29-37: lgtm — clear distinction between the two version surfaces.

the verification step now correctly documents both codex --version (official cli) and codex-multi-auth --version (wrapper package), matching the implementation in scripts/codex-multi-auth.js:28-35.

docs/upgrade.md (1)

35-41: lgtm — migration checklist now covers both version surfaces.

consistent with docs/getting-started.md and docs/troubleshooting.md changes.

docs/reference/commands.md (1)

72-73: lgtm — command reference accurately documents version flag behavior.

correctly documents both --version and -v for the wrapper, matching scripts/codex-multi-auth.js:5 where versionFlags = new Set(["--version", "-v"]).

docs/troubleshooting.md (2)

30-34: lgtm — troubleshooting verification now includes wrapper version check.

helps users diagnose routing issues by confirming both cli surfaces are functional.

---

122-122: lgtm — issue report checklist updated.

including codex-multi-auth --version output in bug reports will help maintainers quickly identify version mismatches.

README.md (2)

65-71: lgtm — readme verification section accurately describes both version surfaces.

consistent with docs/getting-started.md and docs/reference/commands.md.

---

297-299: release note links match docs/readme.md updates.

same v1.2.0 → v1.1.10 shift applied here.

test/codex-multi-auth-bin-wrapper.test.ts (3)

45-49: fixture correctly replicates the expected directory structure.

package.json at fixtureRoot/ and script at fixtureRoot/scripts/codex-multi-auth.js means createRequire(import.meta.url).require("../package.json") resolves correctly in scripts/codex-multi-auth.js:10.

---

77-93: lgtm — tests for --version and -v flags are deterministic and cover both short/long forms.

assertions check exit code, stdout content, and empty stderr. good coverage.

---

95-108: lgtm — error path test confirms user-facing error message and exit code 1.

this covers the case where package.json has no version field, matching scripts/codex-multi-auth.js:32-34.

scripts/codex-multi-auth.js (2)

28-35: version flag handling only matches single-arg invocations — intentional?

args.length === 1 && versionFlags.has(args[0]) means codex-multi-auth --version auth status would pass through to the runtime rather than printing the version. this is probably fine (matches typical cli behavior), but worth confirming it's intended.

---

7-19: resolveCliVersion() is solid — best-effort with proper fallback.

catches require errors and validates pkg.version is a non-empty string. the empty catch block is appropriate for "best effort only" semantics.

docs/README.md (1)

29-31: release note links are valid

all referenced release files exist: docs/releases/v1.1.10.md, docs/releases/v0.1.9.md, docs/releases/v0.1.8.md.