mirror of
https://github.com/nesquena/hermes-webui.git
synced 2026-05-25 03:00:23 +00:00
Nathan Esquenazi
b34ce63c97
The Codex OAuth onboarding worker introduced in #1652 had a cancel-vs-worker race: a `cancel_onboarding_oauth_flow` request that arrived while the worker was mid-network-call (between the `live = dict(...)` snapshot and the next status check) would be silently overridden: 1. User clicks Cancel → server sets flow.status = "cancelled" and drops sensitive lifecycle fields under the lock. 2. Worker is mid-`_poll_codex_authorization` / `_exchange_codex_authorization` using the local `live` snapshot it captured before the cancel. 3. Worker calls `_persist_codex_credentials(...)` — auth.json gets written. 4. Worker calls `_set_flow_status(flow_id, "success")` — overrides the cancelled status. Net effect: the user's explicit cancel is ignored, credentials are persisted, and the UI reports success. Reproduced with a behavioural harness that drove a real worker thread against patched network helpers and confirmed: pre-fix : flow status `success`, auth.json written despite cancel post-fix: flow status `cancelled`, auth.json NOT written The fix re-checks the flow status under `_OAUTH_FLOWS_LOCK` after the token exchange completes and before persisting. If the status is no longer `pending`, the worker exits without persisting credentials and without overwriting the terminal status. Regression test `test_cancel_during_token_exchange_does_not_persist_credentials` drives the worker against threading.Event-gated network stubs to reproduce the race deterministically and lock the new invariant. Trace verified against fresh hermes-agent tarball — credential_pool entry shape (`auth_type=oauth`, `source=manual:device_code`, `priority=0`, base_url) remains compatible with `agent.credential_pool.load_pool("openai-codex")` and the agent CLI's `_save_codex_tokens` legacy fallback path. Tests: - 10/10 in tests/test_issue1362_codex_oauth_onboarding.py - Full suite: 4230 passed, 57 skipped, 3 xpassed, 0 failed in 33.82s Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>