-
Notifications
You must be signed in to change notification settings - Fork 11
[codex] fix Claude auth probe and state sync locking #441
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
2738a0c
7c58988
72bf8eb
19bd8c3
09dc407
a02936b
bd54c54
025b925
875fbd5
de50520
bbd1885
5ba9e51
88da062
5dc13bc
06a4e2a
bc1da97
8abc88d
aedf7d3
c114e64
0d8a463
ae12482
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| --- | ||
| "@prover-coder-ai/docker-git": patch | ||
| --- | ||
|
|
||
| Fix `docker-git auth claude login` failing after a successful OAuth login. | ||
|
|
||
| After `claude setup-token` created and persisted the OAuth token, the login | ||
| command ran a verification probe (`claude -p ping`) and treated any non-zero | ||
| exit as a hard failure, exiting with code 1 even though the token was already | ||
| saved. A transient probe failure (network hiccup, rate limit, or token | ||
| propagation delay) would therefore discard an otherwise successful login. | ||
|
|
||
| The probe failure is now reported as a warning instead of an error, mirroring | ||
| `docker-git auth claude status`. The token is kept, and the user is advised to | ||
| re-check connectivity later with `docker-git auth claude status`. | ||
|
|
||
| Controller startup now also rejects `DOCKER_GIT_CONTROLLER_GPU=all` when | ||
| `docker-compose.gpu.yml` exists as a directory instead of a regular file, | ||
| matching the extra compose overlay invariant before invoking Docker Compose. |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -57,4 +57,32 @@ runs: | |
| run: npm install -g node-gyp | ||
| - name: Install dependencies | ||
| shell: bash | ||
| run: bun install --frozen-lockfile | ||
| run: | | ||
| run_bun_install() { | ||
| local timeout_seconds=$((20 * 60)) | ||
| bun install --frozen-lockfile & | ||
| local install_pid="$!" | ||
| ( | ||
| sleep "$timeout_seconds" | ||
| echo "bun install exceeded 20 minutes; terminating" >&2 | ||
| kill "$install_pid" 2>/dev/null || true | ||
| ) & | ||
| local timeout_pid="$!" | ||
| local status=0 | ||
| wait "$install_pid" || status="$?" | ||
| kill "$timeout_pid" 2>/dev/null || true | ||
| wait "$timeout_pid" 2>/dev/null || true | ||
| return "$status" | ||
| } | ||
|
|
||
| for attempt in 1 2 3; do | ||
| if run_bun_install; then | ||
| exit 0 | ||
| fi | ||
| if [[ "$attempt" == "3" ]]; then | ||
| echo "bun install failed after retries" >&2 | ||
| exit 1 | ||
| fi | ||
| echo "bun install attempt ${attempt} failed; retrying..." >&2 | ||
| sleep $((attempt * 2)) | ||
| done | ||
|
Comment on lines
+61
to
+88
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win Ретраи здесь недостижимы в текущем workflow timeout. На Line 62 одна попытка может ждать 20 минут, но 🤖 Prompt for AI Agents |
||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -59,6 +59,7 @@ import { | |
| logoutGitAuth, | ||
| logoutGitlabAuth, | ||
| logoutGithubAuth, | ||
| readClaudeAuthStatus, | ||
| readCodexAuthStatus, | ||
| readGrokAuthStatus, | ||
| readGitAuthStatus, | ||
|
|
@@ -1138,6 +1139,15 @@ export const makeRouter = () => { | |
| return yield* _(jsonResponse({ status }, 200)) | ||
| }).pipe(Effect.catchAll(errorResponse)) | ||
| ), | ||
| HttpRouter.get( | ||
| "/auth/claude/status", | ||
| Effect.gen(function*(_) { | ||
| const request = yield* _(HttpServerRequest.HttpServerRequest) | ||
| const label = new URL(request.url, "http://localhost").searchParams.get("label") | ||
| const status = yield* _(readClaudeAuthStatus(label)) | ||
| return yield* _(jsonResponse({ status }, 200)) | ||
| }).pipe(Effect.catchAll(errorResponse)) | ||
| ), | ||
|
Comment on lines
+1142
to
+1150
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Проверить, есть ли middleware авторизации, оборачивающий /auth маршруты
rg -n "HttpMiddleware|Authorization|authenticate" packages/api/src/http.ts packages/api/src -g '!**/*.test.ts'Repository: ProverCoderAI/docker-git Length of output: 1743 🏁 Script executed: #!/bin/bash
set -euo pipefail
printf '\n== program.ts outline ==\n'
ast-grep outline packages/api/src/program.ts --view expanded || true
printf '\n== http.ts outline (around auth routes) ==\n'
ast-grep outline packages/api/src/http.ts --view expanded | sed -n '1,220p' || true
printf '\n== auth status routes and middleware references ==\n'
rg -n '"/auth/[^"]+/status"|HttpMiddleware|withMiddlewares|middleware|Auth' packages/api/src/http.ts packages/api/src/program.tsRepository: ProverCoderAI/docker-git Length of output: 16514 🏁 Script executed: #!/bin/bash
set -euo pipefail
printf '\n== program.ts (lines 1-120) ==\n'
sed -n '1,120p' packages/api/src/program.ts
printf '\n== http.ts (routes around /auth and wrapper) ==\n'
sed -n '1100,1338p' packages/api/src/http.ts
printf '\n== readClaudeAuthStatus definition ==\n'
rg -n "readClaudeAuthStatus|type .*AuthStatus|account" packages/api/src/services packages/api/src -g '!**/*.test.ts'Repository: ProverCoderAI/docker-git Length of output: 40037 🏁 Script executed: #!/bin/bash
set -euo pipefail
printf '\n== packages/api/src/services/auth.ts (480-540, 708-720) ==\n'
sed -n '480,540p' packages/api/src/services/auth.ts
printf '\n---\n'
sed -n '708,720p' packages/api/src/services/auth.ts
printf '\n== packages/api/src/api/contracts.ts (290-315) ==\n'
sed -n '290,315p' packages/api/src/api/contracts.ts
printf '\n== route/app middleware search ==\n'
rg -n 'HttpMiddleware|serve\\(|withMiddleware|withMiddlewares|HttpServer\\.serve|auth.*middleware|require.*auth|ApiAuthRequiredError' packages/api/srcRepository: ProverCoderAI/docker-git Length of output: 3284 🏁 Script executed: #!/bin/bash
set -euo pipefail
printf '\n== auth / middleware search ==\n'
rg -n 'HttpMiddleware|HttpRouter\.(use|mount|group|prefix|prefixPath)|withMiddlewares|withMiddleware|authorize|authenticated|ApiAuthRequiredError' packages/api/src
printf '\n== makeRouter head and app assembly around withCoreRoutes ==\n'
sed -n '1040,1360p' packages/api/src/http.ts
printf '\n== Claude account extraction ==\n'
sed -n '600,705p' packages/api/src/services/auth.tsRepository: ProverCoderAI/docker-git Length of output: 22509 Закрыть 🤖 Prompt for AI AgentsSource: Path instructions |
||
| HttpRouter.get( | ||
| "/auth/menu", | ||
| Effect.gen(function*(_) { | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
На timeout нужно завершать всю process group, а не только родительский PID.
На Lines 63-74 watchdog шлёт
killтолько вbun install. Еслиpostinstallили другой lifecycle-скрипт породит дочерние процессы, они переживут retry и смогут оставить lock/сокеты/IO, а следующая попытка стартует поверх них. Здесь нужен запуск в отдельной process group и сигнал по всей группе.🤖 Prompt for AI Agents