[codex] Fix Claude auto fallback for MCP-only keychain#1992
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 9, 2026, 2:00 PM ET / 18:00 UTC. Summary Reproducibility: Partly. Source inspection shows current main returns OAuth available for expired Claude CLI-owned credentials when the CLI is present, and the PR adds fixture coverage for MCP-only Keychain state; no live MCP-only Keychain repro was run because repository policy forbids prompt-prone probes without explicit request. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review detailsBest possible solution: Merge the narrow fallback only after the auth owner accepts the fixture matrix as sufficient or adds redacted live MCP-only Keychain proof; keep broader Claude Code credential-storage discovery in #1823. Do we have a high-confidence way to reproduce the issue? Partly. Source inspection shows current main returns OAuth available for expired Claude CLI-owned credentials when the CLI is present, and the PR adds fixture coverage for MCP-only Keychain state; no live MCP-only Keychain repro was run because repository policy forbids prompt-prone probes without explicit request. Is this the best way to solve the issue? Yes for the code shape: it reuses the existing MCP-only detector, preserves explicit OAuth and user-initiated refresh, and adds focused tests. Merge readiness still depends on maintainer acceptance of the proof gap for this auth-provider routing change. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 3b039d15e125. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (4 earlier review cycles)
|
Co-authored-by: janpollak <40995260+janpollak@users.noreply.github.com>
c8245b1 to
1a9d256
Compare
Summary
Autoplanning when the cached Claude CLI-owned credential is expired and the live Claude Keychain contains MCP-only OAuth state.Verification
Exact candidate:
1a9d2567d862f9a3f6eab33e94c96b0ba9332101swift test --filter ClaudeOAuthFetchStrategyAvailabilityTests: 17/17 passed.make check: passed; SwiftFormat and SwiftLint report zero violations.make test: all 50/50 local shards passed.autoreview --mode local: clean; no accepted/actionable findings.1a9d2567.CodexBar Debugstatus item.The current host has no usable Claude OAuth credential, so it cannot reproduce a real MCP-only Keychain state. The branch therefore makes no authenticated/MCP-only live-state claim beyond the contributor's original Debug-attempt evidence and the compiled prompt-free matrix above.
Public Model Identifier Gate: PASS (no model-bearing mutation).
Dependency freshness: PASS (no dependency changes).
Landing boundary
Code and local proof are ready. This changes auth/Keychain routing, so it remains unmerged pending explicit owner sign-off and, if required, a real MCP-only live-state proof waiver.