Release line: stable
This patch release adds the OpenAI Codex device-code login path for remote and headless Codex sessions.
- Package version prepared for publish:
2.0.2 - Previous stable release:
v2.0.1 - Semver rationale: patch follow-up on the 2.x CLI login surface. The new device auth path is additive, behind an explicit flag, and preserves the existing browser, manual, and no-browser login flows.
- added
codex auth login --device-authas the preferred remote/headless login path - requests a user code from OpenAI Codex's device auth endpoint, prints the verification URL and one-time code, then polls until authorization completes or times out
- exchanges the returned authorization code with the Codex device redirect URI
- persists the resulting account through the existing account storage, Codex CLI sync, and active-account path
- rejects conflicting
--device-authcombinations with--manualor--no-browser - keeps browser-first login, manual callback paste,
--no-browser, andCODEX_AUTH_NO_BROWSER=1behavior unchanged - keeps the device-code poll response out of logs and account storage while preserving the upstream PKCE verifier exchange boundary
- added unit coverage for user-code aliases, interval parsing, request failures, disabled endpoint handling, pending poll responses, retry/timeout behavior, and token exchange validation
- added CLI coverage for non-TTY device auth, parser conflicts, persistence, and Codex CLI active-account sync
- hardened fake-timer polling tests and added regression checks for device-auth log redaction
npm.cmd run typechecknpm.cmd run buildnpx.cmd vitest run test/device-auth.test.ts test/codex-manager-help.test.ts test/codex-manager-cli.test.ts test/documentation.test.ts test/schemas.test.tsnpm.cmd testnpm.cmd run lintnpm.cmd run pack:checknpm.cmd pack --dry-run
- PR:
#441Add device auth login flow - Issue:
#440 - Previous release notes:
docs/releases/v2.0.1.md