v2.1.9.md

June 3, 2026 ยท View on GitHub

CLI

Bugfixes

  • codex-multi-auth login --device-auth no longer exits with Detected unsettled top-level await before the user can complete browser authorization. The polling sleep timer was being unref'd, which is correct for library/background callers but caused Node to exit during the foreground CLI flow. The CLI call site now opts in to a new keepAlive option on runDeviceAuthFlow so the event loop stays alive until polling resolves or the abort signal fires.
  • codex-multi-auth login --device-auth, --manual, and --no-browser now run the requested transport even when the account pool already has entries. Previously the Accounts Dashboard menu intercepted login whenever any account was present, silently ignoring the explicit flag.
  • Declining Add another account? after a successful explicit-mode add now exits cleanly. Previously the outer loginFlow loop would re-enter the same transport because the dashboard had been bypassed, trapping the user in a fresh sign-in prompt.
  • Cancelling an explicit-mode sign-in (for example pressing Ctrl-C during browser/manual auth) now exits cleanly instead of falling back to a fresh transport invocation.
  • Reaching ACCOUNT_LIMITS.MAX_ACCOUNTS (20) during an explicit-mode add now exits cleanly after printing the cap message. Previously the outer loop would silently start another sign-in session despite the cap.

Public API

Improvements

  • DeviceAuthFlowOptions adds an optional keepAlive?: boolean field. Library and background consumers retain the previous behavior (sleep timers are unref'd so polling does not hold the event loop open). Foreground CLI callers can pass keepAlive: true to keep the loop alive while polling for completion. Abort handling stays correct in both modes: clearTimeout runs in the abort listener so the timer ref is always released on cancellation.