fix: create scratch CODEX_HOME before login

[DRanger666]

Summary

This keeps the isolated-login behavior intact, but creates the temporary login CODEX_HOME directory before spawning upstream codex login.

The isolated-login fix is the right direction for the account-revocation issue: it prevents upstream codex login from seeing the real active auth.json while a new account is being added. While testing that flow locally, I hit a follow-up failure from current Codex:

CODEX_HOME points to ".../accounts/login-<timestamp>", but that path does not exist

What happened

codex-auth login computed an isolated scratch home under CODEX_HOME/accounts/login-<timestamp> and passed it to upstream codex login, but the scratch directory was not created before the child process started. Current Codex validates that CODEX_HOME exists, so login failed before the isolated auth file could be created.

Why tests missed it

The existing fake codex used by the integration tests created the target CODEX_HOME itself with mkdir -p, so it tolerated a missing scratch directory. Real Codex is stricter and fails when the override path does not already exist.

Fix

• Create the scratch login home with the existing private-directory helper before launching codex login.
• Keep the existing cleanup behavior that removes the temporary login home afterward.
• Add a stricter integration fake that fails unless CODEX_HOME exists before launch, so this behavior is covered by tests.

Validation

• zig build run -- list
• zig build test --summary all (383/383 tests passed)

I also verified this manually with the local codex-auth binary by restoring previously invalid accounts while checking that the previously active account stayed valid after login.

[greptile-apps]

Greptile Summary

This PR fixes a runtime failure where upstream codex rejects a CODEX_HOME that doesn't exist on disk: the scratch login directory accounts/login-<timestamp> is now created via ensurePrivateDir before spawning the child process. A stricter integration test fake that exits with code 42 when CODEX_HOME is absent is added to prevent regression.

• src/workflows/login.zig: one-line addition of try registry.ensurePrivateDir(login_codex_home) between the defer deleteTree registration and the runCodexLogin call, placing creation after the cleanup defer is already on the stack.
• tests/cli_integration_test.zig: new writeStrictExistingCodexHomeFakeCodex helper and a corresponding integration test that asserts the scratch directory existed during the child process, was isolated from the real CODEX_HOME, and was cleaned up afterward.

Confidence Score: 5/5

Safe to merge — the change is a targeted one-liner that creates the scratch directory before the child process starts, with no regressions to the surrounding cleanup logic.

The defer deleteTree is registered on the line immediately before the new try ensurePrivateDir, so the cleanup is already on the stack if directory creation or permission-hardening fails. The new integration test faithfully models the stricter real-world behavior and the assertions cover isolation, naming, and post-login cleanup. No existing logic is altered.

No files require special attention.

Important Files Changed

Filename	Overview
src/workflows/login.zig	Adds ensurePrivateDir call after the defer deleteTree is registered, so the cleanup defer is already on the stack if directory creation or hardening fails — correct LIFO ordering.
tests/cli_integration_test.zig	New strict fake codex helper and integration test correctly exercise the pre-creation requirement; Unix and Windows scripts are consistent with existing fake helpers.

Sequence Diagram

sequenceDiagram
    participant H as handleLogin
    participant R as registry
    participant C as codex login

    H->>R: loadRegistry / syncActiveAccount
    H->>R: ensureAccountsDir
    H->>H: loginScratchCodexHomeAlloc
    H->>H: defer deleteTree registered
    H->>R: ensurePrivateDir (NEW)
    note over H,R: scratch dir now exists on disk
    H->>C: runCodexLogin
    C-->>H: writes auth.json into scratch dir
    H->>R: copyManagedFile to real CODEX_HOME
    H->>R: upsertAccount / saveRegistry
    H->>H: defer fires - deleteTree scratch dir

Loading

_{Reviews (3): Last reviewed commit: "style: remove login scratch comment" | Re-trigger Greptile}

[pkg-pr-new]

Open in StackBlitz

@loongphy/codex-auth-darwin-arm64

npx https://pkg.pr.new/@loongphy/codex-auth-darwin-arm64@d8990ca

@loongphy/codex-auth-darwin-x64

npx https://pkg.pr.new/@loongphy/codex-auth-darwin-x64@d8990ca

@loongphy/codex-auth-linux-arm64

npx https://pkg.pr.new/@loongphy/codex-auth-linux-arm64@d8990ca

@loongphy/codex-auth-linux-x64

npx https://pkg.pr.new/@loongphy/codex-auth-linux-x64@d8990ca

@loongphy/codex-auth-win32-arm64

npx https://pkg.pr.new/@loongphy/codex-auth-win32-arm64@d8990ca

@loongphy/codex-auth-win32-x64

npx https://pkg.pr.new/@loongphy/codex-auth-win32-x64@d8990ca

@loongphy/codex-auth

npx https://pkg.pr.new/@loongphy/codex-auth@d8990ca

commit: d8990ca

[DRanger666]

Addressed the cleanup-order review point in 23f8ca7.

The scratch login CODEX_HOME cleanup is now registered before the ensurePrivateDir call, so if directory creation succeeds but permission hardening fails, the scratch directory is still removed.

Validation rerun locally with isolated HOME/Zig caches:

• zig build run -- list
• zig build test --summary all (383/383 tests passed)

[Loongphy]

LGTM!

It seems the GPT-5.5 downgrade caused it to miss some test cases, and the PR got auto-merged before I could catch it.