docs(codex): add Hermes-aware recovery branch for refresh_token_reused (#1542)#1595
Open
0xDevNinja wants to merge 1 commit into
Open
docs(codex): add Hermes-aware recovery branch for refresh_token_reused (#1542)#15950xDevNinja wants to merge 1 commit into
0xDevNinja wants to merge 1 commit into
Conversation
- Codex `refresh_token_reused` is split-brain by default: Hermes `openai-codex` can still serve valid tokens while `~/.codex/auth.json` goes stale, so running `codex login` first wipes a working session - Add a sub-bullet under Error Handling > Auth that branches on a Hermes smoke test, repairs `~/.codex/auth.json` from Hermes tokens when the provider still works, falls back to `codex login` only when both routes are dead - Doc-only; no Codex or Hermes auth behavior changes Fixes garrytan#1542.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/codexError Handling currently funnels every auth error tocodex login.refresh_token_reusedis the one case where that's actively destructive: Hermes'openai-codexprovider can still be serving valid tokens while~/.codex/auth.jsonhas gone stale (split-brain auth), andcodex loginwipes the working Hermes session.Fixes #1542.
Behavior
The new bullet adds three steps in order:
openai-codexprovider (if Hermes is installed) before doing anything else.~/.codex/auth.jsonfrom the Hermes-side tokens, chmod 600, retestcodex exec— nocodex loginneeded.codex loginis the right next step.The skill is also told to tell the user which branch it took before acting, so the user knows whether they're about to nuke a working Hermes session.
Scope
Doc-only: edit to
codex/SKILL.md.tmplError Handling section, plus the regeneratedcodex/SKILL.md(viabun run gen:skill-docs). No code, no auth surface, no tests added — same shape asbun run gen:skill-docstemplate-only doc PRs that have shipped before. The reporter's notes call this out explicitly: "This is documentation/runbook guidance only; it does not change Codex or Hermes auth behavior."The 7 failures are the pre-existing
--dry-run freshness checkcases on non-Claude hosts (Kiro/OpenCode/Slate/Cursor/OpenClaw/Hermes/GBrain) that reproduce onupstream/mainwith this branch's changes stashed — unrelated to this patch.Out of scope
codex-auth-synchelper into gstack. The reporter notes the exact helper script varies by Hermes version; bundling one here would lock us to a specific Hermes layout. Pointing at the helper in prose keeps both sides flexible.command -v hermescheck could move into Step 0 in a follow-up if maintainers prefer.