Fix Codex official login and temp auth persistence

[TMYTiMidlY]

Goal

This PR fixes the openai-official Codex provider flow in two parts.

1. Switching to openai-official should not break Codex TUI startup

Before this PR, switching to the OpenAI official provider could write an empty live ~/.codex/auth.json. That is different from having no auth file at all: Codex sees the file, tries to load account credentials from it during TUI bootstrap, and then fails with the account/read error instead of entering its normal login flow.

This PR treats an empty auth snapshot for an official Codex provider as "no saved login". When applying openai-official, cc-switch removes the live ~/.codex/auth.json instead of writing {}. With no live auth file present, Codex follows its normal official login path, so the TUI no longer trips over an empty auth file during startup.

2. Temporary cc-switch start codex openai-official login state should be written back

cc-switch start codex openai-official launches Codex with an isolated temporary CODEX_HOME seeded from the selected provider. This avoids mutating the user's global Codex home while the temporary start session is running.

After Codex exits, cc-switch captures useful state from that temporary home back into the selected provider. If the user logs in during the temporary start session, the temp auth.json is saved back into the openai-official provider so the next start can reuse it.

If the provider was already logged in and the user logs out during the temporary start session, Codex removes the temp auth.json. The capture step records that logout state in the provider, and later applying or starting openai-official keeps auth.json absent rather than writing an empty {} file. This preserves logout without reintroducing the TUI startup error.

Summary

• Remove live ~/.codex/auth.json when switching to an official Codex provider with an empty auth snapshot, so Codex can prompt for login normally instead of failing during TUI startup.
• Launch cc-switch start codex openai-official with a temporary CODEX_HOME seeded from the selected provider snapshot.
• After the Codex handoff exits, capture temp auth.json and config.toml back into the selected provider snapshot.
• Persist a missing temp auth.json as logout state, and make later live/temp application delete or omit auth.json rather than writing an empty {} file.
• Strip runtime MCP tables from captured temp config.toml before saving it back into the provider.
• Bypass startup recovery for the hidden internal capture command so unrelated startup recovery failures cannot lose captured login state.
• Use a hidden internal command name instead of __internal to avoid Bash completion generation panics.
• Keep user-facing error messages localized, with Chinese text in the zh branch and English text in the en branch.

Tests

• cargo fmt
• cargo test codex_temp_launch
• cargo test internal_commands_bypass_future_schema_database_gate
• cargo test commands_that_skip_startup_state_do_not_touch_future_schema_database
• cargo test completions
• cargo run --quiet -- completions bash
• cargo build --release
• /home/timidly/.local/bin/cc-switch --version
• /home/timidly/.local/bin/cc-switch completions bash

[Copilot]

Pull request overview

This PR improves Codex “temp launch” behavior by ensuring the temporary Codex home created during cc-switch start codex is persisted back into the provider snapshot deterministically, while also preventing hidden internal commands from being blocked by startup recovery.

Changes:

• Add a hidden __internal capture-codex-temp CLI command and bypass startup recovery for internal commands.
• Persist Codex temp launch auth.json/config.toml back into the provider snapshot, storing an explicit empty auth snapshot when auth.json is missing and stripping runtime MCP tables from stored config.
• Add regression tests covering internal-command startup bypass and auth/config snapshot capture behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src-tauri/src/services/provider/tests.rs	Adds tests asserting temp-launch snapshot capture persists auth/config and clears auth when auth.json is missing.
src-tauri/src/services/provider/codex.rs	Introduces capture_codex_temp_launch_snapshot and adds an explicit error for official Codex providers when the stored auth snapshot is empty.
src-tauri/src/main.rs	Routes the new internal command and exempts it from startup recovery; adds tests for the startup-state gate behavior.
src-tauri/src/cli/mod.rs	Adds the hidden __internal top-level subcommand to the CLI.
src-tauri/src/cli/commands/mod.rs	Exposes the new internal command module.
src-tauri/src/cli/commands/internal.rs	Implements __internal capture-codex-temp execution path that captures the Codex temp launch snapshot.
src-tauri/src/cli/codex_temp_launch.rs	Extends the Unix handoff wrapper to invoke the internal capture command before removing the temp Codex home.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[SaladDay]

LGTM, THANKS!

[TMYTiMidlY]

Thanks for the quick review and merge! Really appreciate the fast turnaround.