Skip to content

feat: add multi-account round-robin rotation for ChatGPT OAuth#113

Open
chindris-mihai-alexandru wants to merge 4 commits intonumman-ali:mainfrom
chindris-mihai-alexandru:feat/round-robin-multi-account
Open

feat: add multi-account round-robin rotation for ChatGPT OAuth#113
chindris-mihai-alexandru wants to merge 4 commits intonumman-ali:mainfrom
chindris-mihai-alexandru:feat/round-robin-multi-account

Conversation

@chindris-mihai-alexandru

Summary

  • add a persisted multi-account pool at ~/.opencode/openai-codex-accounts.json and auto-merge newly logged-in OAuth accounts
  • implement account selection strategies (round-robin default, sticky optional) with automatic rotation on 429/usage-limit responses
  • refresh tokens per selected account, persist rotation state, and document new config/installer cleanup behavior

Validation

  • npm test (232 passed)
  • npm run typecheck
  • npm run build
  • smoke-tested local OpenCode config: opencode run "ping" --model=openai/gpt-5.2 --variant=medium -> pong

@chindris-mihai-alexandru
Copy link
Author

chindris-mihai-alexandru commented Feb 25, 2026

Follow-up hardening pushed in b919faa:

  • fixed refresh sync edge-case that could skip updating current auth after rotated refresh tokens
  • prevented stale auth upserts from overwriting newer pooled credentials
  • guarded request body JSON parsing to avoid pre-rotation crashes
  • made account-pool persistence atomic (temp+rename) with restrictive file mode
  • added fallback 429 response (with retry-after) when all pooled accounts are limited
  • expanded account-pool tests for stale overwrite prevention and min retry-after behavior

Validation rerun after fixes:

  • npm test (234 passed)
  • npm run typecheck
  • npm run build

@chindris-mihai-alexandru
Copy link
Author

Additional hardening after exhaustive re-check + web best-practice review (commit 2ee8c78):

  • parse both Retry-After: <delay-seconds> and Retry-After: <http-date> and cap extreme values
  • use collision-safe temp filenames for atomic pool writes (pid + timestamp + randomUUID)
  • make refresh flow resilient when provider omits refresh_token in refresh responses (fallback to existing refresh token)
  • guard client.auth.set persistence path with warning-level error handling
  • add tests for HTTP-date retry-after and refresh-token fallback behavior

Validation rerun:

  • npm test (236 passed)
  • npm run typecheck
  • npm run build

Note: one explore-agent report returned hallucinated file paths outside this repo; ignored those and only acted on validated in-repo findings + authoritative references (MDN Retry-After semantics, OAuth refresh-token rotation guidance).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant