diff --git a/src/renderer/src/components/settings/codex-account-auth-warning.test.ts b/src/renderer/src/components/settings/codex-account-auth-warning.test.ts index ea8de210bcf..d5352d0af42 100644 --- a/src/renderer/src/components/settings/codex-account-auth-warning.test.ts +++ b/src/renderer/src/components/settings/codex-account-auth-warning.test.ts @@ -52,6 +52,21 @@ describe('codex account auth warning', () => { ).toContain('access token could not be refreshed') }) + it('does not warn an API-key-only account when rate limits need chatgpt auth', () => { + // Why: the app-server rejects account/rateLimits/read with this message for + // an account signed in via OPENAI_API_KEY only. That account is validly + // authenticated and must not surface a destructive re-auth banner (#8765). + expect( + getCodexAccountAuthWarning({ + limits: codexLimits('chatgpt authentication required to read rate limits'), + target: { runtime: 'host', wslDistro: null }, + runtime: { runtime: 'host' }, + activeAccountId: 'account-1', + accountId: 'account-1' + }) + ).toBeNull() + }) + it('does not warn for inactive accounts or a different runtime', () => { const limits = codexLimits( 'Your access token could not be refreshed. Please log out and sign in again.' diff --git a/src/renderer/src/components/settings/codex-account-auth-warning.ts b/src/renderer/src/components/settings/codex-account-auth-warning.ts index b9d824576c4..e26ed665943 100644 --- a/src/renderer/src/components/settings/codex-account-auth-warning.ts +++ b/src/renderer/src/components/settings/codex-account-auth-warning.ts @@ -4,6 +4,14 @@ import type { } from '../../../../shared/rate-limit-types' import { isCodexAuthError } from '../../../../shared/codex-auth-errors' +// Why: an API-key-only Codex account is validly signed in. The app-server +// rejects account/rateLimits/read with "chatgpt authentication required to read +// rate limits" for such accounts, which isCodexAuthError classifies as an auth +// error so the rate-limit fetcher skips its PTY fallback. That classification is +// correct for the fetcher but not for this re-auth banner: the account does not +// need re-authentication, so showing a destructive warning would be wrong. +const CHATGPT_RATE_LIMIT_AUTH_REQUIRED_RE = /chatgpt authentication required/i + type AccountRuntime = { runtime: 'host' | 'wsl' wslDistro?: string | null @@ -38,5 +46,8 @@ export function getCodexAccountAuthWarning(args: { if (args.limits?.status !== 'error' || !isCodexAuthError(args.limits.error)) { return null } + if (args.limits.error && CHATGPT_RATE_LIMIT_AUTH_REQUIRED_RE.test(args.limits.error)) { + return null + } return args.limits.error?.trim() || 'Codex reported that this sign-in needs re-authentication.' }