clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-29 08:56:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a409c34c856e39ea6b2ac8eb1af7fdf8758c481e
codex/prs/bolinfest/study/PR-2232-study.md
Daniel Edrisian d2af202db7 study last 100 days PRs
2025-09-02 15:17:45 -07:00

90 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
**DOs**
- Bold the keyword: Gate tracing with env var: enable verbose output only when `CODEX_LOGIN_TRACE` is set.
```python
import os
CODEX_LOGIN_TRACE = os.environ.get("CODEX_LOGIN_TRACE", "false") in ("true", "1")
def trace(msg: str) -> None:
if CODEX_LOGIN_TRACE:
print(msg)
```
- Bold the keyword: Centralize request logic: wrap the probe in a tiny helper and always trace success/failure.
```python
import urllib.request
def attempt_request(method: str, context=None) -> bool:
try:
req = urllib.request.Request(f"{DEFAULT_ISSUER}/.well-known/openid-configuration", method="GET")
with urllib.request.urlopen(req, context=context) as resp:
if resp.status != 200:
trace(f"Request using {method} failed: {resp.status}")
return False
trace(f"Request using {method} succeeded")
return True
except Exception as e:
trace(f"Request using {method} failed: {e}")
return False
```
- Bold the keyword: Try defaults first: attempt with Pythons default SSL settings before altering anything.
```python
CA_CONTEXT = None
ok = attempt_request("default settings", CA_CONTEXT)
```
- Bold the keyword: Prefer truststore when present: opportunistically use OS trust store without adding a hard dependency.
```python
if not ok:
try:
import truststore
truststore.inject_into_ssl() # patches default SSL to use OS store
ok = attempt_request("truststore", CA_CONTEXT) # context stays None on purpose
except Exception as e:
trace(f"Failed to use truststore: {e}")
```
- Bold the keyword: Fall back to certifi: create an explicit context from certifis CA bundle if needed.
```python
if not ok:
try:
import ssl, certifi
CA_CONTEXT = ssl.create_default_context(cafile=certifi.where())
ok = attempt_request("certifi", CA_CONTEXT)
except Exception as e:
trace(f"Failed to use certifi: {e}")
```
- Bold the keyword: Keep optional deps optional: import `truststore`/`certifi` lazily inside `try/except` and degrade gracefully.
```python
try:
import truststore # may not be installed
truststore.inject_into_ssl()
except Exception as e:
trace(f"Optional truststore unavailable: {e}")
```
**DONTs**
- Bold the keyword: Dont assume thirdparty deps exist: avoid unconditional, toplevel imports of `truststore`/`certifi`.
```python
# Avoid: crashes on machines without these packages
import truststore
import certifi
```
- Bold the keyword: Dont spam logs: never print unguarded; always route through the trace helper.
```python
# Avoid
print("debug: connected") # noisy without user intent
```
- Bold the keyword: Dont treat non200 as success: explicitly check and trace unexpected statuses.
```python
# Avoid
with urllib.request.urlopen(req) as resp:
return True # ignores 4xx/5xx
```
- Bold the keyword: Dont swallow errors silently: trace exceptions so users can diagnose TLS/store issues.
```python
# Avoid
except Exception:
pass # loses critical context for debugging
```
- Bold the keyword: Dont modify SSL first: try default settings before injecting `truststore` or switching to `certifi`.
```python
# Avoid
import ssl, certifi
CA_CONTEXT = ssl.create_default_context(cafile=certifi.where()) # premature override
```
Reference in New Issue View Git Blame Copy Permalink