refactor: load agent identity runtime eagerly#19763
Conversation
|
@codex review |
e251d8b to
a20884a
Compare
ee7d9b3 to
d69ac63
Compare
There was a problem hiding this comment.
💡 Codex Review
codex/codex-rs/login/src/auth/manager.rs
Lines 1496 to 1497 in 3618af5
load_auth_from_storage maps any auth-load error to None. Because AgentIdentity loading now makes a network registration call, a transient registration outage during reload() becomes None and set_cached_auth replaces a valid cached auth with logged-out state. This can deauthenticate active sessions on temporary backend blips.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| pub async fn from_agent_identity_jwt(jwt: &str) -> std::io::Result<Self> { | ||
| let record = AgentIdentityAuthRecord::from_agent_identity_jwt(jwt)?; | ||
| Ok(Self::AgentIdentity(AgentIdentityAuth::new(record))) | ||
| Ok(Self::AgentIdentity(AgentIdentityAuth::load(record).await?)) |
There was a problem hiding this comment.
Keep from_auth_storage local for AgentIdentity
from_agent_identity_jwt now awaits AgentIdentityAuth::load, which always performs register_agent_task. As a result, CodexAuth::from_auth_storage (used by local status/read paths) now depends on network availability and can fail/timeout even when callers only need to inspect stored auth state. This regresses offline behavior and adds avoidable startup latency.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
We shouldn't be able to start up Codex Agent Identity without network access, this is fine.
64a404b to
c21a966
Compare
## Summary Auth loading used to expose synchronous construction helpers in several places even though some auth sources now need async work. This PR makes the auth-loading surface async and updates the callers to await it. This is intentionally only plumbing. It does not change how AgentIdentity tokens are decoded, how task runtime ids are allocated, or how JWT signatures are verified. ## Stack 1. **This PR:** [refactor: make auth loading async](#19762) 2. [refactor: load AgentIdentity runtime eagerly](#19763) 3. [feat: verify AgentIdentity JWTs with JWKS](#19764) ## Important call sites | Area | Change | | --- | --- | | `codex-login` auth loading | `CodexAuth` and `AuthManager` construction paths now await auth loading. | | app-server startup | Auth manager construction is awaited during initialization. | | CLI/TUI/exec/MCP/chatgpt callers | Existing auth-loading calls now await the same behavior. | | cloud requirements storage loader | The loader becomes async so it can share the same auth construction path. | | auth tests | Tests that load auth now run in async contexts. | ## Testing Tests: targeted Rust auth test compilation, formatter, scoped Clippy fix, and Bazel lock check.
dfb08d0 to
381d0dc
Compare
381d0dc to
248b00b
Compare
|
noice - I can rebase my cloud requirement PR onto this one. |
Summary
AgentIdentity auth previously registered the process task lazily behind a
OnceCell. That meant the auth object could be constructed before its runtime task binding was known.This PR makes AgentIdentity auth load the runtime task at auth load time and stores the resulting process task id directly on the auth object. The model-provider call path can then read a concrete task id instead of handling a missing lazy value.
Stack
Important call sites
AgentIdentityAuth::loadprocess_task_id.CodexAuth::from_agent_identity_jwtprocess_task_idinstead of an optional lazy value.Design decisions
AgentIdentity auth now treats task registration as part of constructing a usable auth object. That matches how callers use the value: once auth is present, the model-provider path expects the task-scoped assertion data to be ready.
Testing
Tests: targeted Rust auth test compilation, formatter, scoped Clippy fix, and Bazel lock check.