Skip to content

fix: pr-bug-scan validated finding from #8765#8805

Open
buf0-bot[bot] wants to merge 1 commit into
mainfrom
bot/pr-bug-scan-8765-1784085783
Open

fix: pr-bug-scan validated finding from #8765#8805
buf0-bot[bot] wants to merge 1 commit into
mainfrom
bot/pr-bug-scan-8765-1784085783

Conversation

@buf0-bot

@buf0-bot buf0-bot Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Automated fix-PR from pr-bug-scan for parent #8765.

Fixer status: FIXED_WITH_REPRO
Summary: getCodexAccountAuthWarning now returns null for the 'chatgpt authentication required' rate-limits message, so API-key-only accounts show no false re-auth banner.
Blocked proof link: src/renderer/src/components/settings/codex-account-auth-warning.ts:38-41 — the re-auth string is no longer returned for this message, so AccountsPane.tsx:1216 needsReauthentication stays false; isCodexAuthError still true so fetcher PTY-skip (codex-fetcher.ts:1091) is unaffected.
Typecheck: skipped

Proof (from validator)

  • C1 — proof_type: code_analysis
    • trigger: An active host Codex account whose auth.json holds only an OPENAI_API_KEY (no ChatGPT tokens). The background rate-limit poll runs and the app-server RPC rejects account/rateLimits/read with 'chatgpt authentication required to read rate limits'.
    • observable: A persistent red 're-authenticate this sign-in' warning banner (raw text 'chatgpt authentication required to read rate limits') appears on the active Codex account row in the Accounts settings pane for an account that is validly authenticated via API key and does not need re-authentication.
    • path:
      • src/main/rate-limits/codex-auth-presence.ts:34 — probeCodexAuthPresence only calls access(auth.json); an API-key-only auth.json exists, so it returns 'present' and the RPC path is spawned
      • src/main/rate-limits/codex-fetcher.ts (fetchViaRpc msg.error branch) — RPC returns status:'error', error:'chatgpt authentication required to read rate limits'
      • src/main/rate-limits/codex-fetcher.ts:1091 — if (isCodexAuthError(rpcResult.error)) return rpcResult now returns this error result directly (previously false → fell through to PTY)
      • src/shared/codex-auth-errors.ts:14 — new pattern /chatgpt authentication required/i makes isCodexAuthError return true for this message
      • src/renderer/src/components/settings/codex-account-auth-warning.ts:38-41 — status==='error' && isCodexAuthError(error) is true, so getCodexAccountAuthWarning returns the raw error string
      • src/renderer/src/components/settings/AccountsPane.tsx:1209-1224 — accountAuthWarning is truthy → needsReauthentication=true → destructive-styled row and re-auth prompt

Reproduction

vitest run --config config/vitest.config.ts src/renderer/src/components/settings/codex-account-auth-warning.test.ts

  • before fix: FAIL: 'does not warn an API-key-only account when rate limits need chatgpt auth' — getCodexAccountAuthWarning returns the raw error instead of null
  • after fix: PASS: 6/6 tests pass; fetcher and codex-auth-errors suites (7 tests) unchanged

Generated by pr-bug-scan (proof-machine architecture). Human approval required before merge.

getCodexAccountAuthWarning now returns null for the 'chatgpt authentication required' rate-limits message, so API-key-only accounts show no false re-auth banner.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant