fix: Claude OAuth 429時に前回表示を保持 / Preserve Claude OAuth display on 429#1956
fix: Claude OAuth 429時に前回表示を保持 / Preserve Claude OAuth display on 429#1956ruushu wants to merge 1 commit into
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 6, 2026, 7:05 PM ET / 23:05 UTC. Summary Reproducibility: yes. from source inspection: current main uses a provider-wide OAuth 429 gate and will surface OAuth 429 failures through normal provider error handling when prior data exists. I did not run live OAuth probes because AGENTS.md warns against validation that can display Keychain prompts without explicit request. Review metrics: 1 noteworthy metric.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review findings
Review detailsBest possible solution: Land a narrow repair that keeps OAuth 429 snapshots without recording stale samples, uses a cross-platform token fingerprint, and includes contributor-side real behavior proof for the 429 path. Do we have a high-confidence way to reproduce the issue? Yes from source inspection: current main uses a provider-wide OAuth 429 gate and will surface OAuth 429 failures through normal provider error handling when prior data exists. I did not run live OAuth probes because AGENTS.md warns against validation that can display Keychain prompts without explicit request. Is this the best way to solve the issue? No, not yet: preserving the last-good display is the right direction, but the current patch still collapses token-scoped cooldowns on Linux and records cached 429 rows as fresh history samples. Full review comments:
Overall correctness: patch is incorrect AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 8021ed86d5cd. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (2 earlier review cycles)
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c5a95f2ab2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| private static func blockedUntilKey(accessToken: String) -> String { | ||
| let data = Data(accessToken.utf8) | ||
| let fingerprint = ClaudeOAuthCredentialsStore.sha256Prefix(data) ?? "unavailable" |
There was a problem hiding this comment.
Fix token hash fallback for Linux OAuth cooldowns
On Linux CLI builds, ClaudeOAuthCredentialsStore.sha256Prefix returns nil because that helper only uses CryptoKit while the package's Linux dependency is the Crypto module, so this fallback makes every access token use the same claudeOAuthUsageRateLimitBlockedUntilV2.unavailable key. In multi-account OAuth usage, a 429 from one Claude account will therefore block background refreshes for all other accounts for the cooldown window, defeating the token-scoped gate and leaving valid accounts stale. Use the existing Crypto fallback path here instead of collapsing to a shared key.
Useful? React with 👍 / 👎.
| return ResolvedAccountOutcome( | ||
| snapshot: snapshot, | ||
| usage: priorUsage, | ||
| sourceLabel: priorSnapshot.sourceLabel) |
There was a problem hiding this comment.
Avoid recording cached 429 rows as fresh history
When a stacked Claude token-account refresh hits an OAuth 429, this returns the prior cached snapshot as usage; refreshTokenAccounts treats every non-nil resolved.usage as a newly fetched sample and later records it with the current Date(). During a cooldown/outage, each retry can write stale usage points into plan-utilization history and reset detection as if they were real observations. Preserve the row via snapshot, but don't mark cached 429 data as a fetched usage sample.
Useful? React with 👍 / 👎.
Problem
Claude OAuth usage refreshes can receive HTTP 429 from Anthropic's OAuth usage endpoint.
Before this change, background refreshes could continue retrying the same account during the cooldown and replace a valid last-good display with a provider-level error.
Validation
git diff --check: passed.swift build --target CodexBarCore: passed.swift build --target CodexBarCLI: passed.swift test --filter ClaudeOAuthTests: not completed in this run.make check: portable checks and SwiftFormat passed; full lint did not complete in this run.Goal
Constraints
Approach
ClaudeOAuthUsageRateLimitGateby access token fingerprint using the existing SHA-256 prefix helper.Retry-Afteras a 30 minute background cooldown.ClaudeOAuthFetchErrorandClaudeUsageError.