For what it's worth, codex doesn't yet seem to be aggressively terminating accounts or invalidating auth tokens if they detect usage in a non-first party tool. Whether that will continue to be the case or not a gamble though.