[Codex][Codex CLI] Preserve retry attempt auth metadata in feedback tags

Keep auth_401_* as the preserved original unauthorized context while still recording the follow-up request's own ids and auth classification in auth_* fields. Co-authored-by: Codex <noreply@openai.com>
2026-04-24 06:35:50 +00:00 · 2026-03-13 14:34:29 -07:00
parent 0dca1e8be3
commit 006373a3db
2 changed files with 15 additions and 18 deletions
--- a/codex-rs/core/src/util.rs
+++ b/codex-rs/core/src/util.rs
@@ -55,7 +55,6 @@ pub(crate) struct FeedbackRequestTags<'a> {
 }

 pub(crate) fn emit_feedback_request_tags(tags: &FeedbackRequestTags<'_>) {
-    let preserve_401_context_only = tags.auth_retry_after_unauthorized == Some(true);
    let auth_header_name = tags.auth_header_name.unwrap_or("");
    let auth_mode = tags.auth_mode.unwrap_or("");
    let auth_retry_after_unauthorized = tags
@@ -66,18 +65,10 @@ pub(crate) fn emit_feedback_request_tags(tags: &FeedbackRequestTags<'_>) {
    let auth_connection_reused = tags
        .auth_connection_reused
        .map_or_else(String::new, |value| value.to_string());
-    let auth_request_id = (!preserve_401_context_only)
-        .then_some(tags.auth_request_id.unwrap_or(""))
-        .unwrap_or("");
-    let auth_cf_ray = (!preserve_401_context_only)
-        .then_some(tags.auth_cf_ray.unwrap_or(""))
-        .unwrap_or("");
-    let auth_error = (!preserve_401_context_only)
-        .then_some(tags.auth_error.unwrap_or(""))
-        .unwrap_or("");
-    let auth_error_code = (!preserve_401_context_only)
-        .then_some(tags.auth_error_code.unwrap_or(""))
-        .unwrap_or("");
+    let auth_request_id = tags.auth_request_id.unwrap_or("");
+    let auth_cf_ray = tags.auth_cf_ray.unwrap_or("");
+    let auth_error = tags.auth_error.unwrap_or("");
+    let auth_error_code = tags.auth_error_code.unwrap_or("");
    let auth_recovery_followup_success = tags
        .auth_recovery_followup_success
        .map_or_else(String::new, |value| value.to_string());
--- a/codex-rs/core/src/util_tests.rs
+++ b/codex-rs/core/src/util_tests.rs
@@ -178,7 +178,7 @@ fn emit_feedback_auth_recovery_tags_preserves_401_specific_fields() {
 }

 #[test]
-fn emit_feedback_request_tags_skips_duplicate_latest_auth_fields_after_unauthorized() {
+fn emit_feedback_request_tags_preserves_latest_auth_fields_after_unauthorized() {
    let tags = Arc::new(Mutex::new(BTreeMap::new()));
    let _guard = tracing_subscriber::registry()
        .with(TagCollectorLayer { tags: tags.clone() })
@@ -204,13 +204,19 @@ fn emit_feedback_request_tags_skips_duplicate_latest_auth_fields_after_unauthori
    let tags = tags.lock().unwrap().clone();
    assert_eq!(
        tags.get("auth_request_id").map(String::as_str),
-        Some("\"\"")
+        Some("\"req-123\"")
+    );
+    assert_eq!(
+        tags.get("auth_cf_ray").map(String::as_str),
+        Some("\"ray-123\"")
+    );
+    assert_eq!(
+        tags.get("auth_error").map(String::as_str),
+        Some("\"missing_authorization_header\"")
    );
-    assert_eq!(tags.get("auth_cf_ray").map(String::as_str), Some("\"\""));
-    assert_eq!(tags.get("auth_error").map(String::as_str), Some("\"\""));
    assert_eq!(
        tags.get("auth_error_code").map(String::as_str),
-        Some("\"\"")
+        Some("\"token_expired\"")
    );
    assert_eq!(
        tags.get("auth_recovery_followup_success")