Codex multi-account tracking deduplicates distinct Team users that share the same chatgpt_account_id #49
Description
Summary
Codex multi-account tracking appears to deduplicate distinct ChatGPT Team users too aggressively when they share the same chatgpt_account_id in OAuth/JWT claims. As a result, multiple separately authenticated Codex profiles can collapse into a single onWatch Codex profile/account, even though they represent different user identities with different emails and independent quota usage.
Why this matters
For users operating multiple Codex-authenticated accounts (especially on ChatGPT Team), onWatch should be able to track each authenticated user separately when their effective usage/quota state is distinct.
Today, the Codex profile/account dedup path appears to use the provider account_id / external_id as the uniqueness key. In environments where several authenticated users share the same Team-level chatgpt_account_id, this merges profiles that should remain separate.
That breaks the main value proposition of multi-account monitoring:
- distinct users collapse into one visible account/profile
- per-user quota tracking becomes misleading
- dashboard/operator visibility becomes incorrect
- profile save/import workflows cannot represent all authenticated users
What I observed
At the token/credential level, distinct Codex-authenticated users can have:
- different
email - different
sub - different
chatgpt_user_id - but the same
chatgpt_account_id
If onWatch deduplicates only on chatgpt_account_id, multiple real user profiles are treated as duplicates.
Suspected code path
From reading the code, this looks intentional in the current implementation:
internal/agent/codex_agent_manager.go- comments indicate dedup uses Codex
account_id/ providerexternal_id
- comments indicate dedup uses Codex
internal/store/codex_store.go- comments indicate provider accounts are deduplicated on
external_id - duplicate provider accounts sharing the same external ID are consolidated
- comments indicate provider accounts are deduplicated on
So the current uniqueness key for Codex profiles/accounts appears to be too coarse for some Team setups.
Reproduction concept
- Authenticate Codex with two or more distinct ChatGPT Team users.
- Save/import each as a separate onWatch Codex profile.
- Observe that the credentials/tokens contain distinct user identity fields (for example
email,sub,chatgpt_user_id) but the samechatgpt_account_id. - onWatch merges them into a single Codex account/profile because dedup is keyed by
account_id/external_id.
Expected behavior
Distinct authenticated Codex users should remain separately trackable in onWatch even if they share a Team-level chatgpt_account_id.
Proposed fix
Please consider changing Codex identity/dedup semantics from:
chatgpt_account_id
To a more discriminating identity, such as:
chatgpt_user_id- or
sub - or a composite key like:
chatgpt_account_id + chatgpt_user_id
Preferred option
A composite identity is probably the safest option:
- preserves the shared Team/account relationship
- still distinguishes separate authenticated users
- avoids collapsing independent user profiles into one onWatch account
Notes
This issue is specifically about identity/dedup semantics for Codex profiles in multi-user Team contexts, not about general UI duplication.
If useful, I can also open a follow-up PR or outline the exact fields currently present in Codex auth tokens that would make a safer uniqueness key.