fix: remove Codex API key auth path, add secret redaction and d7 auto-rotation

- Remove OPENAI_API_KEY from .env and Codex child process env to prevent
  API billing when subscription quota is exhausted
- Remove writeCodexApiKeyAuth entirely — Codex now uses OAuth only
- Add 9-pattern secret redaction in formatOutbound() to prevent key leaks
- Fix Codex usage bucket aggregation: use 'codex' bucket only instead of
  max across all buckets (bengalfox = Codex Spark, not needed)
- Add d7≥100% auto-rotation in updateCodexAccountUsage to skip exhausted
  accounts and prevent API billing fallback
- Add findNextCodexAvailable that checks both rate-limits and d7 usage
- Clean stale apikey auth.json files from all session directories
- Update tests: OAuth-only auth, d7 auto-skip (3 new tests), dashboard

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Eyejoker
2026-03-25 10:39:42 +09:00
parent 094278b08e
commit 00ffde7623
11 changed files with 818 additions and 192 deletions

View File

@@ -17,11 +17,22 @@ export interface StatusSnapshotEntry {
pendingTasks: number;
}
export interface UsageRowSnapshot {
name: string;
h5pct: number;
h5reset: string;
d7pct: number;
d7reset: string;
}
export interface StatusSnapshot {
agentType: AgentType;
assistantName: string;
updatedAt: string;
entries: StatusSnapshotEntry[];
usageRows?: UsageRowSnapshot[];
/** ISO timestamp of the last successful usage data fetch (separate from updatedAt heartbeat). */
usageRowsFetchedAt?: string;
}
const STATUS_SNAPSHOT_DIR = path.join(CACHE_DIR, 'status-dashboard');