feat(embeddings): add token refresh to CodexOAuthEmbeddings; extract CodexAuthManager#1712
Merged
Merged
Conversation
…hEmbeddings Extract Codex OAuth auth management into a shared CodexAuthManager class (codex_auth.py) used by both CodexLLM and CodexOAuthEmbeddings. This gives CodexOAuthEmbeddings the same token-refresh capability that CodexLLM already has: proactive refresh (JWT expiry detection before each encode call) and reactive refresh (401 retry with rotated token). Also fix the openrouter branch in create_embeddings_from_env() which was silently ignoring HINDSIGHT_API_EMBEDDINGS_OPENAI_DIMENSIONS. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
DK09876
force-pushed
the
fix/codex-oauth-embeddings-refresh
branch
from
5ccd020 to
6f0690a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Builds on #1704 (Codex OAuth embeddings) with three improvements:
Token refresh for
CodexOAuthEmbeddings: the original implementation read the OAuth token once at construction time and never refreshed it. Long-running processes would silently keep using an expired token until the process was restarted. This adds the same proactive (JWT expiry detection) and reactive (401 retry) refresh logic thatCodexLLMalready has.CodexAuthManagerextraction: rather than duplicating the refresh logic, the shared auth management (token loading, JWT decode, staleness check, atomic file persistence, single-flight refresh) is extracted into a newcodex_auth.py. BothCodexLLMandCodexOAuthEmbeddingsdelegate to it.CodexLLMwraps the sync manager viaasyncio.to_thread;CodexOAuthEmbeddingscalls it directly fromencode().openrouterbranch missingdimensions: the newHINDSIGHT_API_EMBEDDINGS_OPENAI_DIMENSIONSenv var was wired into theopenaiprovider branch but notopenrouter, so it was silently ignored. One-line fix.Test plan
test_codex_oauth_refresh.py,test_embeddings_openai_batch_size.py) including 2 new tests for proactive and reactive refresh inCodexOAuthEmbeddingsopenrouterdimensions fix covered by updatedtest_openrouter_provider_uses_configured_batch_size🤖 Generated with Claude Code