Minor Compatibility and Stability Release
This release carries 29 commits of audit-driven remediation across safety, architecture, DX, and new features, executed phase-by-phase with zero breaking changes to the public API. Read the summary below before upgrading.
- Safety: CRITICAL auth-failure race fixed (
lib/accounts.ts), destructive defaults (importAccounts,exportAccounts,codex-remove) now require explicit opt-in, debounced saves flush on SIGINT/SIGTERM, V2 storage files no longer silently drop, schemaVersion > 3 now throws instead of discarding data. - Architecture:
index.tsdown 43%,lib/storage.tsdown 94%,lib/accounts.tsdown 73% via RC-1..RC-9 refactors; typed error hierarchy inlib/errors.ts; all 18 tools extracted tolib/tools/*; AccountManager split into 4 domain services; circuit-breaker half-open gate wired into the request pipeline; Zod validation at remaining process boundaries. - Dev & OSS hygiene: Dependabot + Scorecard workflows, commit-msg hook enforcing Conventional Commits, per-file coverage floor, CI matrix (Node 18/20/22 + Windows), release-please automation, Keep-a-Changelog format, README badges, CONTRIBUTING local-dev, chaos fault-injection test suite (20 scenarios), contract tests pinning OpenAI/Codex API shapes.
- New features:
codex-diagredacted diagnostics snapshot tool,codex-diffredacted config comparator,codex-keychainopt-in OS-keychain backend (viaCODEX_KEYCHAIN=1, macOS Keychain / Windows Credential Manager / Linux libsecret), multi-worktree collision detection + non-blocking warning,NO_COLOR/FORCE_COLORsupport.
Commit Summary
- e19c645 fix(keychain): F1 LOW + NIT polish from post-merge review (#134)
- f17ff0d fix(keychain): address F1 post-merge review findings (1 HIGH + 3 MEDIUM) (#133)
- ae75093 feat(security): opt-in OS-keychain credential backend via CODEX_KEYCHAIN=1 (#132)
- 514b7aa test(contracts): pin external API shapes (OAuth + Codex chat + SSE) (#131)
- dba4b26 feat: Phase 4 F2 - multi-worktree collision detection (#130)
- 10acf92 feat(tools): add codex-diff redacted config comparison tool (#129)
- 9115f4d test(batch-e): real fault-injection chaos tests (8 scenarios) (#128)
- d8fdd74 ci(batch-d): release-please automation (node release type, Conventional Commits, Keep-a-Changelog) (#127)
- 6ba5df1 feat: Phase 3 Batch C - NO_COLOR + codex-diag diagnostics snapshot (#126)
- 921d095 docs(batch-b): README badges + CONTRIBUTING local-dev + Keep-a-Changelog + ARCHITECTURE v6 refresh (#124)
- 11995a5 ci(batch-a): dependabot + scorecard + commit-msg hook + per-file coverage floor (#125)
- 158c764 refactor(rc-8): wire circuit-breaker half-open gate into request pipeline (#123)
- ef35af8 refactor(rc-7): split AccountManager into state/persistence/rotation/recovery services (#122)
- 6c1598b refactor(rc-1): extract remaining 15 tools to lib/tools/* (#121)
- 69f85ba refactor(rc-1): hoist closure-free helpers to lib/runtime.ts and scaffold lib/tools/ (#115)
- 5a7eb75 refactor(rc-3): typed error hierarchy in lib/errors.ts (#120)
- a41cb1b refactor(rc-9): zod-validate remaining process boundaries (#119)
- 7ad3cfc refactor(rc-6): split runtime-contracts into oauth-constants + error-sentinels (#118)
- c6bbb93 refactor(rc-4): consolidate recovery module layout (#117)
- ac2f4d8 refactor(rc-2): split lib/storage.ts into purpose-specific modules under lib/storage/ (#116)
- cfd093f fix(installer): deep-merge provider.openai + --dry-run preview (#114)
- 42ebfd2 fix(storage): handle V2 schema (migrate or explicit reject) (#113)
- e14f37e fix(security): strict nullish merge + loopback URI + CLI zod + token redaction (#112)
- 0014f5a fix(reliability): shutdown flush + forward-compat schema guard (#110)
- fbd2efc refactor(dead-code): remove unused auth-rate-limit + audit modules (#109)
- 7bf8827 fix(safety): serialize auth-failure increment + flip destructive defaults (#108)
- da308d4 docs(audits): full-repository audit v1 for v6.0.0 (SHA d92a8ee) (#107)
- b7b0e08 ci: add quality gates matrix (typecheck/lint/test/build + prod audit) (#111)
- d92a8ee deps: patch all open Dependabot advisories (#106)