fix: add auth.json write-back for Codex retry and valid-token early-return paths

The Codex retry block and valid-token short-circuit in _refresh_entry() both return early, bypassing the auth.json sync at the end of the method. This adds _sync_device_code_entry_to_auth_store() calls on both paths so refreshed/synced tokens are written back to auth.json regardless of which code path succeeds.
2026-04-09 18:05:21 -07:00
parent a64d8a83e1
commit 4caa635803
1 changed files with 2 additions and 0 deletions
--- a/agent/credential_pool.py
+++ b/agent/credential_pool.py
@@ -692,11 +692,13 @@ class CredentialPool:
                        )
                        self._replace_entry(synced, updated)
                        self._persist()
+                        self._sync_device_code_entry_to_auth_store(updated)
                        return updated
                    except Exception as retry_exc:
                        logger.debug("Codex retry refresh also failed: %s", retry_exc)
                elif not self._entry_needs_refresh(synced):
                    logger.debug("Codex CLI has valid token, using without refresh")
+                    self._sync_device_code_entry_to_auth_store(synced)
                    return synced
            self._mark_exhausted(entry, None)
            return None