Thank you for improving Codex Switch. Because the project handles login credentials, security and reviewability take priority over implementation speed.
- Search existing issues to avoid duplicates.
- Open an issue before implementing a large feature or architectural change. Describe the goal, user value, and security impact.
- Create a short-lived branch from the latest main branch.
- Keep commits focused and use Conventional Commits, such as
feat: add account importorfix(auth): handle expired token. - Run
npm run checkbefore opening a pull request.
- Frontend pages and components must not call
invokedirectly. Keep all IPC inapps/desktop/src/api/backend.ts. - Put business state in hooks, presentation logic in components, and pure formatting helpers in
utils. - Tauri commands should only define the input boundary and orchestrate use cases. Authentication, storage, and HTTP logic belong in their respective Rust modules.
- IPC models must expose only the fields required by the UI. Never add tokens or complete backend responses.
- Prefer small functions, explicit names, and pure parsing logic that can be tested independently.
- Store user-facing text and documentation as UTF-8. Do not commit editor-specific configuration.
- Never commit a real
auth.json, JWT, cookie, account screenshot, or API response. - Test tokens must be unusable fake values, and their payloads must not contain real identities.
- Logs, errors, and debug output must not contain access tokens, refresh tokens, or authorization codes.
- Pull requests that change credential persistence, OAuth, file permissions, or network endpoints must describe the threat model and validation performed.
- Do not post exploitable vulnerability details in a public issue. Contact the maintainers first to establish a private reporting channel.
npm run checkThis command checks the desktop frontend, admin console, backend types and tests, mobile TypeScript, Rust formatting, and Rust tests. UI changes should also be tested in both browser-preview and desktop modes. Account-switching, Provider, and local-proxy changes must be tested with a temporary CODEX_HOME.
Recommended minimum coverage:
- Frontend components: empty, loading, error, active-account, and busy states
- Storage: missing target directory, invalid JSON, and atomic replacement failures
- Authentication: missing fields, malformed JWTs, and different account IDs
- Network: success, refresh after
401, unsuccessful status codes, and invalid responses - Provider/proxy: direct and hot switching, Responses and Chat Completions formats, config restoration, and structured diagnostics that omit request content and credentials
- Cloud sync: first-login merge, last-modified conflict handling, full desktop payloads, and redacted mobile summaries
- Database entities: synchronized-schema coverage plus a dated SQL migration for deployments with
POSTGRES_DB_SYNCHRONIZE=false
Commit messages are linted with commitlint and Husky after npm install. Use the Conventional Commits format:
type(scope): short imperative summary
The scope is optional. Common types include feat, fix, docs, refactor, test, build, ci, and chore.
Include the following information:
- What changed and why
- Any impact on credentials, security boundaries, or data locations
- Automated checks and manual verification performed
- Screenshots or recordings for UI changes, with all real account information removed
- Known limitations or follow-up work
Update README.md, docs/, or this guide whenever behavior, data locations, commands, architecture boundaries, or the contribution workflow changes. Documentation is part of the feature and should not be deferred until after merge.