fix: reload Codex daemon after account promotion#1218
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed June 21, 2026, 10:34 AM ET / 14:34 UTC. Summary Reproducibility: no. high-confidence live reproduction was established in this review. Source inspection shows current main swaps live auth and refreshes account state without reloading a running daemon, while AGENTS.md makes unrequested live auth/provider probes inappropriate. Review metrics: 3 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land the daemon-reload fix only after conflict resolution, redacted live proof confirms the managed daemon restarts under the promoted account, and maintainers accept the fallback behavior for unsupported or unmanaged installed CLI states. Do we have a high-confidence way to reproduce the issue? No high-confidence live reproduction was established in this review. Source inspection shows current main swaps live auth and refreshes account state without reloading a running daemon, while AGENTS.md makes unrequested live auth/provider probes inappropriate. Is this the best way to solve the issue? Yes for the code direction, but not merge-ready yet. The rewrite uses the Codex CLI daemon lifecycle restart and fails closed for socket-unavailable, unsupported, unmanaged, and invalid probe states, but live proof and conflict resolution are still required. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 9e7a70a42dd2. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4bf57cf8c7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
4bf57cf to
2e68d71
Compare
2e68d71 to
579b140
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
579b140 to
11fab4e
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
11fab4e to
c4a43c8
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
c4a43c8 to
fe76c68
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fe76c68050
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Co-authored-by: rendrag-git <253747599+rendrag-git@users.noreply.github.com>
a900930 to
73c4738
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 73c4738c83
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Summary
Why
Promoting a managed account atomically replaces live
auth.json, but an already-running app-server retains the previous identity until it is restarted.The account switch is already committed before daemon reload. Reload failures therefore remain partial success: Codex CLI uses the new account, account-scoped state is refreshed, and the UI reports that the configured background service still needs attention.
Upstream lifecycle contract
Current Codex daemon restart behavior:
remote_control_enabledfrom those settingsSources:
Current-main rewrite
The original branch predated the current managed-account architecture. This rewrite retains only the remaining daemon-reload behavior while preserving contributor credit.
Normal account selection remains display-only. Only the existing System Account submenu mutates live auth.
Failure behavior
status: running; a missing backend is treated as unmanaged and is never restartedProof
44fc0903swift test --filter 'Codex(AppServerDaemonReloader|AccountPromotionService|AccountPromotionExecution|SystemPromotionUI)Tests': 49 tests passedmake check: green; SwiftFormat clean; SwiftLint 0 violationsgit diff --check: greenmake test: all 41 shards passed on the rebased exact candidateFocused coverage includes:
Live boundary
Runtime daemon commands are covered through the injected command runner. Exact-head validation did not mutate production auth or a live account-backed daemon.
Before merge, this still requires authorized redacted live proof with two actual accounts and a managed daemon. Until then, the PR remains held even if CI is green.