How configuration is resolved at runtime from files, env, and defaults.
Runtime root priority (getCodexMultiAuthDir):
CODEX_MULTI_AUTH_DIRwhen set- If
CODEX_HOMEis an explicit non-default path: only$CODEX_HOME/multi-auth(no cross-root scan) - Otherwise prefer candidate roots under
CODEX_HOME/~/.codexthat already hold account storage - Fall back to
~/.codex/multi-auth(canonical default) or other roots that already show multi-auth signals - Legacy path fallback only when storage signals exist
Canonical target is ~/.codex/multi-auth when no override is set.
settings.json is read for:
dashboardDisplaySettingspluginConfig
If legacy config exists, compatibility load and migration path still apply.
For runtime values stored in pluginConfig, source selection is:
- Fallback file from
CODEX_MULTI_AUTH_CONFIG_PATHwhen set and the file exists (also the preferred save target when set) - Unified settings
pluginConfigfromsettings.json(if present and valid) - Legacy compatibility path when unified config is missing/invalid
- Hardcoded default in
DEFAULT_PLUGIN_CONFIG
After source selection, environment variables apply per-setting overrides.
A CODEX_MULTI_AUTH_CONFIG_PATH that is set but not yet created is ignored for load; the first save still creates/writes that path when the env var remains set.
For dashboard display values:
- Persisted
dashboardDisplaySettings - Normalization + fallback defaults
- Resolve root directory.
- Use global accounts file by default.
- If project-scoped mode is active, use project namespaced path under root.
- Attempt legacy project-file migration when applicable.
- Standalone manager receives
codex-multi-auth ...and normalizes bare subcommands toauth ...before dispatch. - Optional wrapper receives
codex-multi-auth-codex ..., normalizes compatibility aliases, and runs auth-manager commands locally. - If a wrapper command is not in auth-manager scope, discover and forward to the official Codex CLI binary.
- For forwarded request-bearing commands, check whether runtime rotation is enabled.
- Resolve
CODEX_MULTI_AUTH_RUNTIME_ROTATION_PROXY; if unset, readpluginConfig.codexRuntimeRotationProxy, which defaults to enabled. - If disabled or the forwarded command is help/non-requesting, forward directly to official Codex.
- If enabled, start a loopback Responses proxy with a per-process client token.
- Create a temporary shadow
CODEX_HOMEand rewriteconfig.tomlto usecodex-multi-auth-runtime-proxy. - Forward official Codex with the shadow home.
- Proxy request handling selects/refreshed managed accounts and rotates on rate limit, auth, network, or server failure before streaming starts.
- On process exit, sync refreshed official Codex state files back and remove the shadow home.
- Transform request for Codex backend compatibility.
- Resolve account candidate set (health, cooldown, quota, affinity).
- Execute request with timeout/retry policy.
- Apply failover/rotation/cooldown decisions.
- Persist account/cache/session updates.
- Detect unsupported model or entitlement failures.
- Record in entitlement cache.
- Apply capability penalties for account/model pair.
- Use fallback model policy if enabled.
- Re-evaluate account scoring and retry path.
- File watcher detects account-file updates.
- Debounce and reload in-memory account manager.
- Session affinity and guardian processes continue with updated state.
Use:
codex-multi-auth status
codex-multi-auth report --json
codex-multi-auth rotation statusCheck files:
~/.codex/multi-auth/settings.json~/.codex/multi-auth/openai-codex-accounts.json