Releases: cortexkit/openai-auth
Releases · cortexkit/openai-auth
Release list
v0.3.3
v0.3.3 — Mid-stream fallback + gpt-5.6 cache keep-warm
- Reroute when an account hits its limit mid-generation (WebSocket). If the active account's quota is exhausted partway through a response, the request now fails over to a healthy fallback account on the same turn, instead of failing on the exhausted one. This applies before any output has streamed; once a response has started, the turn completes and the account is avoided on the next turn (so nothing is billed or run twice).
- gpt-5.6 prompt-cache keep-warm. Keep-warm now matches gpt-5.6's ~30-minute prompt cache (vs ~5 minutes on older models), with a bounded warm cap for short-lived subagent sessions and an optional
/openai-cachekeep HH-HHclock window to limit warming to set hours.
v0.3.2
v0.3.2 — GPT-5.6 Pro reasoning + model preservation
-promodels now use maximum reasoning effort. Selecting a-proGPT-5.6 model (e.g.gpt-5.6-sol-pro) previously behaved identically to the base model — OpenCode expresses Pro as a reasoning mode the Codex backend does not accept, and it was dropped before the wire. The plugin now translates-protoreasoning.effort: "max"(the Codex Pro tier), on the HTTP, WebSocket, and raw-WebSocket paths alike.- Slash commands no longer change your model. Running an
/openai-*command sent a hidden message that could cause OpenCode's next prompt to inherit a default model/variant, silently switching the active model. Command replies now carry the previous model, agent, and variant.
v0.3.1
This release resolves findings from a full security and correctness audit of the plugin. No user action required; upgrade in place.
Security
- Release CI no longer interpolates untrusted input into shell and pins all GitHub Actions to commit SHAs, closing a workflow injection / supply-chain path.
- Diagnostic dumps and log files are now written with private permissions (
0600/0700), and credentials are redacted from dumped request bodies. mainis now a reserved account id and cannot be used as a fallback label; the OAuth callback no longer discards a pending login on a code-less request.
Reliability
- The account killswitch no longer fails open on the WebSocket transport after a main-account re-login.
- A failed fallback account now records its quota, so the killswitch won't immediately retry an exhausted account; quota windows past their reset time are no longer treated as exhausted.
- Account fallback is restricted to the Codex responses endpoint and no longer retries after an indeterminate transport error, preventing duplicate requests.
- A crashed token refresh can no longer stall subsequent refreshes, and a rotated token is no longer lost if persistence briefly fails.
- First-run multi-account migration is serialized with account edits, and removed accounts are no longer refreshed.
- Fixed a file-lock recovery race that could surface under heavy concurrent load.
Internal
- HTTP request bodies are key-ordered to match the WebSocket path, avoiding a prompt-cache miss on transport fallback.
- Added CI test coverage for the Pi package.
v0.3.0
v0.2.1
What's Changed
- test(accounts): assert removed-account secrets are pruned from the state file by @iceteaSA in #18
- fix(pkg): ship src/logger.ts and src/util for the raw-source ./tui entry by @iceteaSA in #8
Full Changelog: v0.2.0...v0.2.1
v0.2.0
v0.1.4
What's Changed
- build(deps-dev): bump @opencode-ai/plugin from 1.17.1 to 1.17.8 by @dependabot[bot] in #6
New Contributors
- @dependabot[bot] made their first contribution in #6
Full Changelog: v0.1.3...v0.1.4
v0.1.3
v0.1.2
v0.1.1
Full Changelog: https://github.com/cortexkit/openai-auth/commits/v0.1.1