mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-08 13:12:08 +00:00
fix(pool): sync anthropic entry on access_token change, not just refresh_token
`_sync_anthropic_entry_from_credentials_file` only checked whether the
refresh_token in ~/.claude/.credentials.json differed from the pool
entry's refresh_token. This missed the case where the CLI performs a
silent access-token re-issue — returning a new access_token alongside
the *same* refresh_token. The pool entry's stale bearer token was never
updated, causing 401 errors on every request until the exhausted-TTL
(5 min) expired.
Bring this function to parity with its Codex and xAI OAuth siblings:
- Check either access_token *or* refresh_token changed (dual-field guard).
- Use `file_X or entry.X` fallbacks so a partial file can't blank a field.
- Clear all six status/error fields on sync (last_error_reason,
last_error_message, last_error_reset_at were previously omitted),
ensuring an exhausted entry becomes available immediately.
Spotted via parity review against commit 569bc94b5 which fixed the same
pattern in `_sync_nous_entry_from_auth_store`.
This commit is contained in:
parent
c510f48680
commit
d634fa079e
2 changed files with 157 additions and 6 deletions
|
|
@ -616,17 +616,32 @@ class CredentialPool:
|
|||
file_refresh = creds.get("refreshToken", "")
|
||||
file_access = creds.get("accessToken", "")
|
||||
file_expires = creds.get("expiresAt", 0)
|
||||
# If the credentials file has a different token pair, sync it
|
||||
if file_refresh and file_refresh != entry.refresh_token:
|
||||
logger.debug("Pool entry %s: syncing tokens from credentials file (refresh token changed)", entry.id)
|
||||
# Sync when either token changed. Access tokens can be re-issued
|
||||
# without a new refresh token (silent re-issue path), so checking
|
||||
# only refresh_token misses that case and leaves a stale
|
||||
# access_token in the pool → 401 on every request until the pool
|
||||
# entry's exhausted TTL expires.
|
||||
entry_access = entry.access_token or ""
|
||||
entry_refresh = entry.refresh_token or ""
|
||||
if (file_access or file_refresh) and (
|
||||
(file_access and file_access != entry_access)
|
||||
or (file_refresh and file_refresh != entry_refresh)
|
||||
):
|
||||
logger.debug(
|
||||
"Pool entry %s: syncing tokens from credentials file (tokens changed)",
|
||||
entry.id,
|
||||
)
|
||||
updated = replace(
|
||||
entry,
|
||||
access_token=file_access,
|
||||
refresh_token=file_refresh,
|
||||
expires_at_ms=file_expires,
|
||||
access_token=file_access or entry.access_token,
|
||||
refresh_token=file_refresh or entry.refresh_token,
|
||||
expires_at_ms=file_expires or entry.expires_at_ms,
|
||||
last_status=None,
|
||||
last_status_at=None,
|
||||
last_error_code=None,
|
||||
last_error_reason=None,
|
||||
last_error_message=None,
|
||||
last_error_reset_at=None,
|
||||
)
|
||||
self._replace_entry(entry, updated)
|
||||
self._persist()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue