Codex/moc126#352
Open
Alpaca233114514 wants to merge 2 commits into
Open
Conversation
Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MOC126的codex版本
(Co-author by GPT-5.5 Xhigh)
MOC-126 实践设计:Proxy 注入 Mock UserIDSummary当前分支 codex/MOC126 已有 Phase 1,但 mock 命中条件有关键缺陷:/backend-api/* 在 provider resolver 前被处理,Authorization: Bearer cas_* gateway key 会被误判成“真实 ChatGPT auth”,导致 apikey/第三方模型路径可能直接透传 chatgpt.com,mock userID 不生效。
Key Changes在 crates/proxy/src/forward.rs (line 639) 收窄 has_real_chatgpt_auth:Authorization 只有在 Bearer token 是 ChatGPT access JWT 且匹配本机活动 auth.json 时才算真实账号。
Bearer cas_* 明确视为 gateway key,不阻止 mock。
Cookie 只在包含 ChatGPT 会话 cookie 名时算真实账号,避免普通 cookie 误杀 mock。
复用或迁移 crates/proxy/src/resolver.rs (line 335) 里的 ChatGPT token 判定逻辑,避免 forward/resolver 两套规则漂移。
保留 crates/codex_integration/src/apply.rs (line 145) 当前行为:非 relay 也写 chatgpt_base_url=/backend-api,让账号端点进入 proxy。
扩展 mock JSON shape,保持现有扁平字段,同时加入更可能被 Codex 消费的嵌套 user / account 字段;不 mock POST/PUT 写操作,未知端点仍透传。
Implementation Details新增 helper:extract_bearer_token、is_gateway_bearer、is_real_chatgpt_bearer、cookie_looks_like_chatgpt_session。
将 resolver 中私有的 ChatGPT JWT/active-token 检查提到 crates/proxy/src 可共享位置,resolver 与 forward 共用同一实现。
修改 telemetry:mock 命中记录 [chatgpt-mock] GET ...
mock 跳过因真实 auth 记录 [chatgpt-relay] real auth ...
gateway auth 下命中 mock 不记录敏感 token。
清理当前无效测试名 mock_misses_with_auth_header,改成覆盖真实场景:Bearer cas_* 命中 mock,真实 ChatGPT token/cookie 跳过 mock。
Test Plan按你的要求,不主动跑测试命令。
代码内保留/补充回归用例,覆盖:GET /backend-api/getAccount + 无 auth → mock。
GET /backend-api/getAccount + Bearer cas_* → mock。
GET /backend-api/getAccount + 本机真实 ChatGPT token → relay。
GET /backend-api/getAccount + ChatGPT session cookie → relay。
POST /backend-api/* → 不 mock,继续 relay。
Assumptions当前任务继续落在现有 codex/MOC126 分支,不另建 sibling worktree。
仓库外 Linear 指名的 4 份归档文档当前 Windows 环境未找到;以 Linear issue 内容、git 历史文档和当前代码为事实来源。
本次不引入前端开关;MOC-126 仍是探索性质,默认随 chatgpt_base_url proxy 生效。