feat(api): add named-parameter overloads and contract docs

[ndycode]

Summary

• Add backward-compatible named-parameter overloads to selected public helpers to improve API contract clarity and reduce positional-argument brittleness.
• Add explicit public API stability and error contract documentation pages and wire them into docs navigation.
• Stabilize concurrent installer writes on Windows by retrying retryable file operation errors during atomic write/rename cleanup.

What Changed

• Public API additions (non-breaking overloads):
  • lib/rotation.ts
    • selectHybridAccount(params: SelectHybridAccountParams)
    • exponentialBackoff(options: ExponentialBackoffOptions)
  • lib/parallel-probe.ts
    • getTopCandidates(params: GetTopCandidatesParams)
  • lib/request/fetch-helpers.ts
    • createCodexHeaders(params: CreateCodexHeadersParams)
  • lib/request/rate-limit-backoff.ts
    • getRateLimitBackoffWithReason(params: RateLimitBackoffWithReasonParams)
  • lib/request/request-transformer.ts
    • transformRequestBody(params: TransformRequestBodyParams)
• Added docs:
  • docs/reference/public-api.md
  • docs/reference/error-contracts.md
• Updated docs portals:
  • README.md, docs/README.md, docs/DOCUMENTATION.md, docs/reference/commands.md
• Added compatibility coverage tests and docs coverage assertions.
• Hardened installer atomic write path for Windows contention:
  • scripts/install-codex-auth.js

Validation

• npm run lint
• npm run typecheck
• npm test
• npm test -- test/documentation.test.ts
• npm run build
• npm run test:coverage (fails on existing global branch threshold: 77.41% < 80%)
• npm run audit:ci (fails on upstream advisory: hono GHSA-xh87-mx6m-69f3)

Docs and Governance Checklist

• README updated (if user-visible behavior changed)
• docs/getting-started.md updated (not applicable)
• docs/features.md updated (not applicable)
• relevant docs/reference/* pages updated (if commands/settings/paths changed)
• docs/upgrade.md updated (not applicable; no breaking migration)
• SECURITY.md and CONTRIBUTING.md reviewed for alignment

Risk and Rollback

• Risk level: Low to Medium (API surface expansion + installer retry behavior change)
• Rollback plan: Revert commit 03f1b27614c65d01c1805d86d7b444a2bfa55781 to restore prior API/docs/installer behavior.

Additional Notes

• API compatibility review against origin/main confirms changes are additive and preserve prior positional signatures.
• Semver recommendation: MINOR (new backward-compatible API entry points).
• Migration path: Existing callers require no changes; callers can optionally migrate positional calls to named-parameter forms for clarity and forward compatibility.

API Review

Summary

Overall: APPROVED
Breaking Changes: NONE

Breaking Changes Found

• None.

API Design Issues

• None requiring blocker action. New overloads reduce positional-argument ambiguity and align with evolving API clarity goals.

Error Contract Issues

• Error contracts are now explicitly documented in docs/reference/error-contracts.md.

Versioning Recommendation

Suggested bump: MINOR
Rationale: Introduces new backward-compatible call forms and contract documentation without removing or changing existing public signatures.

note: greptile review for oc-chatgpt-multi-auth. cite files like lib/foo.ts:123. confirm regression tests + windows concurrency/token redaction coverage.

Greptile Summary

added backward-compatible named-parameter overloads to six public helpers (selectHybridAccount, exponentialBackoff, getTopCandidates, createCodexHeaders, getRateLimitBackoffWithReason, transformRequestBody) to reduce positional-argument brittleness. hardened installer atomic write path with retry logic for windows filesystem contention (EBUSY, EPERM, EAGAIN, ENOTEMPTY errors). added comprehensive API stability tier documentation and error contract reference pages.

key changes:

• all overloads preserve positional signatures for backward compatibility
• runtime guards validate parameters in both call forms
• installer now retries transient filesystem errors with exponential backoff (6 attempts, 25ms base)
• test coverage includes equivalence tests for positional/named forms and retry behavior validation
• documentation defines tier A/B/C stability guarantees and semver guidance

windows filesystem safety:

• retry helper addresses antivirus/file-locking race conditions on windows desktops
• exponential backoff prevents tight retry loops
• cleanup errors suppressed after successful atomic write (best-effort)
• test coverage uses fake timers to validate retry sequences

Confidence Score: 4/5

• safe to merge with low risk - changes are additive, well-tested, and address real windows concurrency issues
• score reflects comprehensive test coverage, thorough documentation, no breaking changes detected, and sound windows filesystem retry logic. slight complexity in overload detection patterns (using typeof checks and property presence) is mitigated by extensive equivalence testing. all six overloaded functions have both positional/named test coverage.
• lib/parallel-probe.ts and lib/request/fetch-helpers.ts use complex overload detection logic - verify edge cases if modifying these in future

Important Files Changed

Filename	Overview
lib/rotation.ts	added named-parameter overloads for selectHybridAccount and exponentialBackoff with runtime guards; preserves positional signatures
scripts/install-codex-auth.js	wrapped atomic write operations with retry helper to handle windows filesystem contention (EBUSY, EPERM); added warning-only cleanup error suppression
scripts/install-codex-auth-utils.js	added withFileOperationRetry helper with exponential backoff (25ms base, 6 attempts) for transient windows filesystem errors
lib/parallel-probe.ts	added named-parameter overload for getTopCandidates with runtime validation; detects call form via typeof modelFamily === "undefined"
lib/request/fetch-helpers.ts	added named-parameter overload for createCodexHeaders; detection uses multiple undefined checks and property presence
lib/request/rate-limit-backoff.ts	added named-parameter overload for getRateLimitBackoffWithReason; includes quotaKey trimming and comprehensive validation
lib/request/request-transformer.ts	added named-parameter overload for transformRequestBody; complex detection logic with fallback defaults preserved
test/public-api-contract.test.ts	new test suite validating positional/named forms produce identical results across all overloaded functions
test/install-codex-auth.test.ts	added retry behavior tests using fake timers; validates exponential backoff and max-attempts behavior
docs/reference/public-api.md	new doc defining API stability tiers (A/B/C), semver guidance, and migration rules for future contract breaks
docs/reference/error-contracts.md	new doc specifying CLI exit codes, JSON mode contracts, HTTP error mapping, and options-object compatibility guarantees

_{Last reviewed commit: 5eb15c1}

Context used:

• Rule from dashboard - What: Every code change must explain how it defends against Windows filesystem concurrency bugs and ... (source)

[coderabbitai]

📝 Walkthrough

Walkthrough

introduces named-parameter overloads across five core library modules (parallel-probe, fetch-helpers, rate-limit-backoff, request-transformer, rotation) alongside new contract documentation (public-api.md, error-contracts.md), retry logic for file operations, and corresponding test coverage validating both invocation styles.

Changes

Cohort / File(s)	Summary
Documentation & References .gitignore, README.md, docs/DOCUMENTATION.md, docs/README.md, docs/reference/commands.md, docs/releases/v0.1.1.md	added reference links to new public-api.md and error-contracts.md contract docs; removed legacy scoped package note from v0.1.1 release notes.
New Contract Documentation docs/reference/public-api.md, docs/reference/error-contracts.md	created comprehensive contract specifications: public-api.md documents tiered stability, semver, and migration rules; error-contracts.md specifies cli exit codes, json mode output, entitlement mapping for fetch helpers, and options-object compatibility.
Named-Parameter Overloads (API Surface) lib/parallel-probe.ts, lib/request/fetch-helpers.ts, lib/request/rate-limit-backoff.ts, lib/request/request-transformer.ts, lib/rotation.ts	expanded five functions with dual invocation signatures supporting both positional and object-form parameters; each introduces a params interface, overloads, and runtime resolution of input values with validation.
File Operation Resilience scripts/install-codex-auth.js	added retry wrapper (withFileOperationRetry) for transient fs errors; integrated into writeJsonAtomic for atomic writes and cleanup paths; uses exponential backoff and logs warnings on persistent failures.
Test Coverage test/documentation.test.ts, test/fetch-helpers.test.ts, test/parallel-probe.test.ts, test/public-api-contract.test.ts, test/rate-limit-backoff.test.ts, test/request-transformer.test.ts, test/rotation.test.ts	added validation tests for named-parameter form equivalence across five refactored functions; added assertions for contract doc presence; added public-api-contract.test.ts to validate root and module exports.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

---

critical flags

• missing regression for windows: scripts/install-codex-auth.js:withFileOperationRetry retries file ops but does not test on windows; EACCES, EPERM, and EISDIR handling differ across platforms. verify fs retry logic covers both posix and windows error codes.
• concurrency risk in file ops: scripts/install-codex-auth.js:writeJsonAtomic wraps writeFile and rename in retry loops without file-locking semantics. concurrent writes to the same json file may corrupt state. consider advisory locking or journal-based writes.
• no regression for cross-module params consistency: five lib modules now have named-param overloads, but no integration test verifies that all callers transition correctly when chaining (e.g., getTopCandidates → transformRequestBody → createCodexHeaders). verify end-to-end flows work with mixed invocation styles.
• validation pattern inconsistency: lib/request/fetch-helpers.ts and lib/request/rate-limit-backoff.ts throw TypeError on missing required params, but lib/rotation.ts:selectHybridAccount silently defaults trackers. clarify contract or enforce uniform validation.
• missing test for named-param partial args: test suite validates full named-param objects, but does not test partial/missing optional fields (e.g., omitting opts in CreateCodexHeadersParams). add tests for sparse object forms to catch missing fallbacks.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 7.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows conventional commits format with lowercase imperative, correct type/scope, and is well under 72 characters.
Description check	✅ Passed	The PR description comprehensively covers all required sections from the template: summary, what changed, validation (with completed checkboxes), docs/governance checklist, risk/rollback, and additional notes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch audit/api-contract-unlimited-2026-03-01

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 11

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/reference/error-contracts.md`:
- Around line 82-87: The docs/reference/error-contracts.md contains relative
links that appear correct but aren’t covered by the existing internal-link unit
test; update test/documentation.test.ts (the internal link validation test that
currently only checks docs/README.md) to either scan all markdown files under
docs/ (recursively) or include docs/reference/error-contracts.md in its input
set so internal links like public-api.md, commands.md, ../troubleshooting.md and
../upgrade.md are validated; modify the test harness to collect all .md files
under the docs directory and run the same link-resolution/assertion logic used
for README.md.

In `@lib/parallel-probe.ts`:
- Around line 75-77: The runtime validation in getTopCandidates
(lib/parallel-probe.ts) is too weak: ensure the resolved account manager object
(accountManager / manager) is present and implements the expected interface
(e.g., has methods like rotateAuth or whatever manager methods you use) and that
resolvedMaxCandidates is a finite integer > 0 (not NaN, not negative, not
Infinity); if not, throw a clear TypeError indicating which param is invalid.
Update the input checks around resolvedModelFamily / resolvedMaxCandidates and
the account manager usage (the code paths that assume a valid manager at lines
referenced) to validate types before use, and add vitest regression tests in
test/parallel-probe.test.ts that assert invalid named params (missing/invalid
account manager) and invalid maxCandidates values (NaN, negative, zero,
Infinity) produce the expected TypeError; ensure tests mention auth-rotation,
concurrency, and handle EBUSY/429 considerations per repo guidelines.

In `@lib/request/rate-limit-backoff.ts`:
- Around line 138-157: The named-overload path for getRateLimitBackoffWithReason
does not validate accountIndex before calling getRateLimitBackoff, allowing an
invalid accountIndex in accountIndexOrParams to flow into shared 429 state;
update the guard alongside the existing quotaKey check in the function that
reads accountIndexOrParams (validate that resolvedAccountIndex is a finite
non-negative number or throw a TypeError) so you never call getRateLimitBackoff
with an invalid index, and add a Vitest regression in
test/rate-limit-backoff.test.ts that passes invalid named params (e.g.,
non-number or negative accountIndex) asserting the function throws and that
existing shared rate-limit state is not mutated by the call.

In `@lib/rotation.ts`:
- Around line 483-500: The exponential backoff computation can produce NaN when
attemptOrOptions is a named object missing attempt (or positional invalid), so
add input validation in the function that computes delay: verify
attemptOrOptions (and derived normalizedAttempt) is a finite positive integer
before using it to compute delay (symbols: attemptOrOptions, normalizedAttempt,
normalizedBaseMs, normalizedMaxMs, addJitter), and throw a clear TypeError for
invalid inputs to prevent NaN delays. Then add vitest regression cases in
test/rotation.test.ts covering invalid named input (e.g. {}) and invalid
positional inputs (e.g. undefined, non-number, negative, NaN) asserting the
function throws the expected error; mention the change in tests and ensure
addJitter is still called only after validation.
- Around line 349-363: The code now accepts a named-parameter overload but
immediately calls .filter on resolvedAccounts (in selectHybridAccount), which
can throw if a caller passes a malformed object; update selectHybridAccount to
validate that resolvedAccounts is an Array before using .filter and throw a
clear TypeError (e.g., "selectHybridAccount requires accounts to be an array")
when it's not; also add a vitest regression in test/rotation.test.ts that calls
selectHybridAccount with invalid named params (e.g., accounts: {} or accounts:
null) to assert the new TypeError is thrown, and ensure the test suite mentions
this change so CI covers the guard.

In `@scripts/install-codex-auth.js`:
- Around line 44-47: Add vitest regression tests in
test/install-codex-auth.test.ts that exercise the retry logic driven by
FILE_RETRY_CODES, FILE_RETRY_MAX_ATTEMPTS and FILE_RETRY_BASE_DELAY_MS in
scripts/install-codex-auth.js: mock the fs operations used by the installer (the
specific functions the installer calls around the retry block) to throw
transient errors (EBUSY/EPERM/EAGAIN/ENOTEMPTY) for the first N attempts and
then succeed, using vi.useFakeTimers() / advanceTimersByTime() to simulate
exponential backoff and assert the operation eventually succeeds and the
expected number of retries occurred; also add a case where the mock keeps
throwing beyond FILE_RETRY_MAX_ATTEMPTS and assert the installer surfaces the
error. Follow the pattern used in test/storage.test.ts:1407-1498 for structuring
the mocks, timers, and assertions.

In `@test/documentation.test.ts`:
- Around line 141-155: Update the test "documents public API stability tiers and
error contracts" to also assert that docs/reference/error-contracts.md contains
the "options-object compatibility contract" section and the six dual-call helper
names documented there: use the existing errorContracts variable and add
expect(errorContracts).toContain('options-object compatibility contract') plus
expect(...).toContain('<helperName>') for each of the six dual-call helper
function names (copy the exact names from the file into the test so future
removals are caught).

In `@test/fetch-helpers.test.ts`:
- Around line 240-255: The test only asserts three headers and can miss
regressions for other required headers; update the 'supports named-parameter
options form' test that calls createCodexHeaders(...) to assert full header
parity between the positional and named variants: add equality checks for
OPENAI_HEADERS.CONVERSATION_ID (or 'conversation_id'), any beta/originator
header (e.g., OPENAI_HEADERS.ORIGINATOR or the beta header key used in
createCodexHeaders), and the 'Accept' header, plus any other headers returned by
createCodexHeaders such as content-type or custom feature flags, ensuring
named.get(...) === positional.get(...) for each header key so the contract is
fully covered and deterministic under vitest.

In `@test/public-api-contract.test.ts`:
- Around line 17-27: The tuple destructuring in the test loses type safety
because `required` is inferred as (string | module)[][]; change `required` to a
readonly tuple type (e.g., `as const` or an explicit type like `Array<[string,
typeof rotation]>`) so `name` and `mod` have precise types, and add regression
assertions that call both positional and options-object overloads for each
exported API that gained named-parameter overloads (e.g., selectHybridAccount,
exponentialBackoff, getTopCandidates, createCodexHeaders,
getRateLimitBackoffWithReason, transformRequestBody) to ensure both call forms
compile and behave as expected.

In `@test/rotation.test.ts`:
- Around line 588-601: The test that mocks Math.random in the "supports
named-parameter options form" case should guarantee restore even if assertions
throw: wrap the mocking and assertions in a try/finally and call vi.spyOn(Math,
"random").mockRestore() in the finally block. Locate the test using the
exponentialBackoff calls (positional and named) and the vi.spyOn(Math, "random")
usage and move the mockRestore into a finally so Math.random is always restored
after the test.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 36cf5d4 and 03f1b27.

📒 Files selected for processing (21)

• .gitignore
• README.md
• docs/DOCUMENTATION.md
• docs/README.md
• docs/reference/commands.md
• docs/reference/error-contracts.md
• docs/reference/public-api.md
• docs/releases/v0.1.1.md
• lib/parallel-probe.ts
• lib/request/fetch-helpers.ts
• lib/request/rate-limit-backoff.ts
• lib/request/request-transformer.ts
• lib/rotation.ts
• scripts/install-codex-auth.js
• test/documentation.test.ts
• test/fetch-helpers.test.ts
• test/parallel-probe.test.ts
• test/public-api-contract.test.ts
• test/rate-limit-backoff.test.ts
• test/request-transformer.test.ts
• test/rotation.test.ts

💤 Files with no reviewable changes (1)

• docs/releases/v0.1.1.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (3)

test/**

⚙️ CodeRabbit configuration file

tests must stay deterministic and use vitest. demand regression cases that reproduce concurrency bugs, token refresh races, and windows filesystem behavior. reject changes that mock real secrets or skip assertions.

Files:

• test/public-api-contract.test.ts
• test/documentation.test.ts
• test/fetch-helpers.test.ts
• test/parallel-probe.test.ts
• test/rotation.test.ts
• test/rate-limit-backoff.test.ts
• test/request-transformer.test.ts

docs/**

⚙️ CodeRabbit configuration file

keep README, SECURITY, and docs consistent with actual CLI flags and workflows. whenever behavior changes, require updated upgrade notes and mention new npm scripts.

Files:

• docs/reference/error-contracts.md
• docs/reference/commands.md
• docs/README.md
• docs/DOCUMENTATION.md
• docs/reference/public-api.md

lib/**

⚙️ CodeRabbit configuration file

focus on auth rotation, windows filesystem IO, and concurrency. verify every change cites affected tests (vitest) and that new queues handle EBUSY/429 scenarios. check for logging that leaks tokens or emails.

Files:

• lib/request/rate-limit-backoff.ts
• lib/rotation.ts
• lib/request/request-transformer.ts
• lib/parallel-probe.ts
• lib/request/fetch-helpers.ts

🧬 Code graph analysis (9)

test/fetch-helpers.test.ts (2)

lib/request/fetch-helpers.ts (1)

• createCodexHeaders (526-568)

lib/constants.ts (1)

• OPENAI_HEADERS (29-35)

test/parallel-probe.test.ts (1)

lib/parallel-probe.ts (1)

• getTopCandidates (50-117)

lib/request/request-transformer.ts (2)

lib/types.ts (2)

• RequestBody (92-113)
• UserConfig (12-21)

lib/logger.ts (1)

• logDebug (325-331)

test/rotation.test.ts (1)

lib/rotation.ts (3)

• AccountWithMetrics (267-271)
• selectHybridAccount (341-428)
• exponentialBackoff (477-501)

test/rate-limit-backoff.test.ts (1)

lib/request/rate-limit-backoff.ts (2)

• getRateLimitBackoffWithReason (132-169)
• clearRateLimitBackoffState (95-97)

scripts/install-codex-auth.js (1)

lib/utils.ts (1)

• sleep (54-56)

test/request-transformer.test.ts (2)

lib/types.ts (1)

• RequestBody (92-113)

lib/request/request-transformer.ts (1)

• transformRequestBody (843-1054)

lib/parallel-probe.ts (3)

lib/accounts.ts (2)

• AccountManager (102-795)
• ManagedAccount (82-100)

lib/prompts/codex.ts (1)

• ModelFamily (47-52)

lib/rotation.ts (3)

• getHealthTracker (510-515)
• getTokenTracker (517-522)
• AccountWithMetrics (267-271)

lib/request/fetch-helpers.ts (1)

lib/constants.ts (2)

• OPENAI_HEADERS (29-35)
• OPENAI_HEADER_VALUES (38-41)

🔇 Additional comments (19)

.gitignore (1)

12-12: good additive ignore rule for exact .tmp artifacts.

this is a safe, backward-compatible cleanup. it complements existing wildcard ignores and does not introduce windows edge cases, concurrency risks, or regression-test needs. (reviewed at .gitignore:12; no lib/... or test/... lines were changed in this hunk.)

test/request-transformer.test.ts (1)

2290-2332: good parity test for named transformrequestbody calls.

this cleanly validates positional vs named equivalence and keeps the setup deterministic (test/request-transformer.test.ts:2312, test/request-transformer.test.ts:2321).

test/parallel-probe.test.ts (1)

264-288: good named-params compatibility check for gettopcandidates.

this is deterministic and directly validates backward-compatible behavior (test/parallel-probe.test.ts:274, test/parallel-probe.test.ts:280).

lib/request/fetch-helpers.ts (1)

517-550: named and positional header construction is clean and backward-compatible.

the resolved-param flow is consistent and the required account/token guard is explicit (lib/request/fetch-helpers.ts:548-550), while preserving existing header behavior.

Also applies to: 551-567

test/rotation.test.ts (1)

515-530: good compatibility coverage for object-form parity.

test/rotation.test.ts:515 (line 515) correctly validates named-parameter behavior against positional baseline for selectHybridAccount. this is deterministic and aligned with the new api contract.

lib/request/request-transformer.ts (2)

24-32: interface addition is clean and additive.

lib/request/request-transformer.ts:24 (line 24) defines a clear options object contract and keeps backward compatibility with positional overloads.

---

895-999: resolved-parameter wiring is consistent across fast-session and codex-mode branches.

lib/request/request-transformer.ts:895 (line 895) through lib/request/request-transformer.ts:991 (line 991) correctly routes named and positional inputs through shared resolved variables without changing core behavior.

README.md (1)

262-263: docs index links are consistent with the new contract pages.

README.md:262 (line 262) and README.md:263 (line 263) correctly expose the new reference docs from the project entrypoint.

docs/reference/commands.md (1)

118-121: related section update is coherent and link-safe.

docs/reference/commands.md:118 (line 118) adds the public api and error contract references without dropping core navigation.

As per coding guidelines docs/**: keep README, SECURITY, and docs consistent with actual cli flags and workflows.

docs/DOCUMENTATION.md (1)

32-33: source-of-truth map update is correct.

docs/DOCUMENTATION.md:32 (line 32) and docs/DOCUMENTATION.md:33 (line 33) correctly register the new contract docs in governance mapping.

As per coding guidelines docs/**: keep README, SECURITY, and docs consistent with actual cli flags and workflows.

docs/reference/public-api.md (1)

49-63: calling-style guidance is clear and matches the new overload strategy.

docs/reference/public-api.md:49 (line 49) through docs/reference/public-api.md:63 (line 63) clearly documents options-object preference while preserving positional compatibility.

As per coding guidelines docs/**: whenever behavior changes, require docs consistency with actual workflows.

docs/README.md (1)

40-41: portal reference entries are aligned and discoverable.

docs/README.md:40 (line 40) and docs/README.md:41 (line 41) correctly surface both new contract documents in the reference section.

As per coding guidelines docs/**: keep internal links valid and reflect new contract references.

test/rate-limit-backoff.test.ts (1)

158-168: named-parameter parity test is deterministic and solid.

test/rate-limit-backoff.test.ts:158 (line 158) validates object-form parity against positional behavior, and test/rate-limit-backoff.test.ts:160 (line 160) correctly resets state to avoid cross-call coupling.

As per coding guidelines test/**: tests must stay deterministic and use vitest.

test/public-api-contract.test.ts (1)

3-9: lgtm on root export alignment

deterministic, uses vitest, and validates the aliasing contract (OpenAIAuthPlugin === OpenAIOAuthPlugin === default). straightforward and correct.

test/documentation.test.ts (2)

19-20: lgtm on userDocs array additions

adding the new reference paths keeps the doc presence checks aligned with the pr's new documentation pages.

---

72-73: lgtm on portal link assertions

validates that docs/README.md references the new contract pages. consistent with the coding guidelines requiring docs consistency.

docs/reference/error-contracts.md (3)

67-79: options-object section aligns with pr objectives

documents the six dual-call helpers from the pr summary. this matches the named-parameter overloads added in lib/rotation.ts, lib/parallel-probe.ts, lib/request/fetch-helpers.ts, lib/request/rate-limit-backoff.ts, and lib/request/request-transformer.ts.

---

56-58: no action needed - documentation is accurate

handleErrorResponse correctly exports and returns rateLimit.retryAfterMs metadata as documented. verified at lib/request/fetch-helpers.ts:575, RateLimitInfo interface at :39-42, and extractRateLimitInfoFromBody at :693.

---

32-38: all documented --json commands are implemented with test coverage

all five commands documented in lines 32-38 (forecast, report, fix, doctor, verify-flagged) are correctly implemented in lib/codex-manager.ts with arg parsing for --json / -j flags, and each has regression tests validating JSON output format in test/codex-manager-cli.test.ts (forecast at 240, report at 1108, fix at 412, doctor at 1035, verify-flagged at 333). documentation is accurate and no drift detected.

[ndycode]

Fixed items

1. lib/parallel-probe.ts - Added runtime guard for accountManager shape and positive-integer maxCandidates, plus regression tests in test/parallel-probe.test.ts.
2. lib/request/rate-limit-backoff.ts - Added non-negative integer validation for accountIndex and trimmed non-empty quotaKey, plus state-safety regressions in test/rate-limit-backoff.test.ts.
3. lib/rotation.ts - Added named-overload guard requiring accounts array in selectHybridAccount and strict input validation in exponentialBackoff, plus regression tests in test/rotation.test.ts.
4. lib/request/request-transformer.ts - Added named-overload body object validation with regression in test/request-transformer.test.ts.
5. scripts/install-codex-auth-utils.js and scripts/install-codex-auth.js - Centralized transient filesystem retry helpers and wired installer to shared retry utility.
6. test/install-codex-auth.test.ts - Added fake-timer retry regressions covering eventual success and max-attempt failure paths.
7. test/documentation.test.ts - Expanded docs link validation to recursively scan all markdown under docs/, and added assertions for options-object compatibility helper names.
8. test/fetch-helpers.test.ts and test/public-api-contract.test.ts - Strengthened header parity and overload parity contract checks with typed export matrix assertions.

Deferred items

• None.

Blocked items

• None.

Validation evidence

• npm run lint - pass
• npm run typecheck - pass
• npm test -- test/parallel-probe.test.ts test/rate-limit-backoff.test.ts test/rotation.test.ts test/request-transformer.test.ts test/fetch-helpers.test.ts test/documentation.test.ts test/public-api-contract.test.ts test/install-codex-auth.test.ts - pass
• npm test - pass
• npm run build - pass
• npm run clean:repo:check - pass

[ndycode]

Fixed items

1. PRRT_kwDORWWY285xWo9W on lib/request/request-transformer.ts was verified as already fixed in 5eb15c1 (transformRequestBody now validates named body and tests assert TypeError), then marked resolved in GitHub.
2. Re-audited all review threads on PR #20; unresolved actionable thread count is now zero.

Deferred items

• None.

Blocked items

• None.

Validation evidence

• gh api graphql (reviewThreads query for PR #20) - pass
• gh api graphql (resolveReviewThread for PRRT_kwDORWWY285xWo9W) - pass
• gh pr checks 20 --repo ndycode/codex-multi-auth --watch=false - pass

[ndycode]

@greptile

[ndycode]

Fixed items

1. Superseded by PR supersede: unify PRs #15 #16 #17 #18 #19 #20 #24 #25 into one branch #27 (eat/unified-supersede-all-prs), which consolidates PR feat(api): add named-parameter overloads and contract docs #20 ($branch) into the single canonical review branch.

Deferred items

• None.

Blocked items

• None.

Validation evidence

pm run clean:repo:check - pass

pm run audit:ci - pass

pm run typecheck - pass

pm run lint - pass

pm run build - pass

pm test - pass (92 files, 2113 tests)

• PR supersede: unify PRs #15 #16 #17 #18 #19 #20 #24 #25 into one branch #27 checks - pass (CodeRabbit, Graphite / AI Reviews, Greptile Review)