Skip to content

fix(codex): correct managed auth checks and browser login completion#490

Open
morluto wants to merge 4 commits into
repoprompt:mainfrom
morluto:fix/codex-managed-auth-state
Open

fix(codex): correct managed auth checks and browser login completion#490
morluto wants to merge 4 commits into
repoprompt:mainfrom
morluto:fix/codex-managed-auth-state

Conversation

@morluto

@morluto morluto commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes #479.

Corrects RepoPrompt's Codex managed-auth state handling so connection checks no longer invalidate otherwise usable sessions, and browser login cannot report success before OAuth actually completes.

Changes

  • Use passive account/read(refreshToken: false) for Test Connection and cached connection-status checks.
  • Preserve forced token refresh for genuine authentication recovery.
  • Keep passive checks and forced refreshes in separate single-flight tasks.
  • Require browser login to receive a successful account/login/completed notification matching the returned loginId.
  • Verify the account passively after the matching completion notification.
  • Ignore missing, stale, or mismatched login-completion notifications.
  • Remove the implicit account/logout fallback when external authentication is active.
  • Add focused regression coverage for the managed-auth state machine.
  • Stabilize two existing prompt preassembly synchronization tests discovered during PR-ready validation.
  • Reconcile the affected test contract ledger entries.

User impact

Previously, a user could see this sequence:

  1. Codex CLI remained usable with its current access token.
  2. RepoPrompt's Test Connection forced refresh.
  3. A stale or reused refresh token failed with 401 refresh_token_reused.
  4. RepoPrompt incorrectly appeared disconnected.
  5. Login with ChatGPT opened a browser flow.
  6. RepoPrompt saw the pre-existing account and reported success before the new OAuth flow completed.

After this change:

  • status checks do not force token rotation;
  • refresh failures are not confused with passive account presence;
  • browser login only succeeds after the correlated OAuth completion;
  • RepoPrompt does not silently logout shared terminal Codex authentication.

Validation

  • CodexManagedAuthRecoveryServiceTests: 7 passed
  • PromptContextPreAssemblyServiceTests: 16 passed
  • Full coordinated root test suite: passed
  • SwiftFormat and SwiftLint strict: passed
  • RepoPrompt product build: passed
  • Test contract ledger verification: 3,155 tests reconciled
  • Repository guardrails and secret scans: passed

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@morluto morluto changed the title Fix Codex managed auth checks and browser login completion fix(codex): correct managed auth checks and browser login completion Jul 11, 2026
Comment on lines 142 to 148
try await client.startIfNeeded()
let result = try await client.request(
method: "account/read",
params: ["refreshToken": true],
params: ["refreshToken": forceRefresh],
timeout: refreshRequestTimeout
)
if Self.isValidAccountReadResult(result) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The startManagedChatgptLogin method is missing a check for an in-flight inFlightCheckTask, which can cause a race condition and create redundant RPC client connections.
Severity: MEDIUM

Suggested Fix

In startManagedChatgptLogin, add a check to await any inFlightCheckTask before proceeding, similar to how inFlightRefreshTask is handled. This will ensure that only one authentication-related task is active at a time, respecting the established synchronization pattern.

Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location:
Sources/RepoPrompt/Infrastructure/AI/Providers/Codex/Shared/CodexManagedAuthRecoveryService.swift#L142-L148

Potential issue: The `startManagedChatgptLogin()` method checks for an in-flight
`inFlightRefreshTask` but fails to check for an `inFlightCheckTask`. This can lead to
two simultaneous RPC client connections being created if a user initiates a connection
test (which creates an `inFlightCheckTask`) and then immediately tries to log in. This
race condition violates the intended single-flight pattern for authentication tasks,
leading to resource inefficiency and potential operational issues if the underlying
service has connection limits or rate-limiting.

Did we get this right? 👍 / 👎 to inform future reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Codex Test Connection forces token refresh and managed login reports success before OAuth completes

1 participant