mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-26 01:01:40 +00:00
fix: proactive Codex CLI sync before refresh + retry on failure
This commit is contained in:
Ben Barclay
Teknium
parent
dfde4058cf
commit
a64d8a83e1
1 changed files with 36 additions and 0 deletions
|
|
@ -577,6 +577,13 @@ class CredentialPool:
|
||||||
except Exception as wexc:
|
except Exception as wexc:
|
||||||
logger.debug("Failed to write refreshed token to credentials file: %s", wexc)
|
logger.debug("Failed to write refreshed token to credentials file: %s", wexc)
|
||||||
elif self.provider == "openai-codex":
|
elif self.provider == "openai-codex":
|
||||||
|
# Proactively sync from ~/.codex/auth.json before refresh.
|
||||||
|
# The Codex CLI (or another Hermes profile) may have already
|
||||||
|
# consumed our refresh_token. Syncing first avoids a
|
||||||
|
# "refresh_token_reused" error when the CLI has a newer pair.
|
||||||
|
synced = self._sync_codex_entry_from_cli(entry)
|
||||||
|
if synced is not entry:
|
||||||
|
entry = synced
|
||||||
refreshed = auth_mod.refresh_codex_oauth_pure(
|
refreshed = auth_mod.refresh_codex_oauth_pure(
|
||||||
entry.access_token,
|
entry.access_token,
|
||||||
entry.refresh_token,
|
entry.refresh_token,
|
||||||
|
|
@ -662,6 +669,35 @@ class CredentialPool:
|
||||||
# Credentials file had a valid (non-expired) token — use it directly
|
# Credentials file had a valid (non-expired) token — use it directly
|
||||||
logger.debug("Credentials file has valid token, using without refresh")
|
logger.debug("Credentials file has valid token, using without refresh")
|
||||||
return synced
|
return synced
|
||||||
|
# For openai-codex: the refresh_token may have been consumed by
|
||||||
|
# the Codex CLI between our proactive sync and the refresh call.
|
||||||
|
# Re-sync and retry once.
|
||||||
|
if self.provider == "openai-codex":
|
||||||
|
synced = self._sync_codex_entry_from_cli(entry)
|
||||||
|
if synced.refresh_token != entry.refresh_token:
|
||||||
|
logger.debug("Retrying Codex refresh with synced token from ~/.codex/auth.json")
|
||||||
|
try:
|
||||||
|
refreshed = auth_mod.refresh_codex_oauth_pure(
|
||||||
|
synced.access_token,
|
||||||
|
synced.refresh_token,
|
||||||
|
)
|
||||||
|
updated = replace(
|
||||||
|
synced,
|
||||||
|
access_token=refreshed["access_token"],
|
||||||
|
refresh_token=refreshed["refresh_token"],
|
||||||
|
last_refresh=refreshed.get("last_refresh"),
|
||||||
|
last_status=STATUS_OK,
|
||||||
|
last_status_at=None,
|
||||||
|
last_error_code=None,
|
||||||
|
)
|
||||||
|
self._replace_entry(synced, updated)
|
||||||
|
self._persist()
|
||||||
|
return updated
|
||||||
|
except Exception as retry_exc:
|
||||||
|
logger.debug("Codex retry refresh also failed: %s", retry_exc)
|
||||||
|
elif not self._entry_needs_refresh(synced):
|
||||||
|
logger.debug("Codex CLI has valid token, using without refresh")
|
||||||
|
return synced
|
||||||
self._mark_exhausted(entry, None)
|
self._mark_exhausted(entry, None)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue