feat: OAuth auto-refresh, Codex session resume, MCP injection, and secret sanitization

- Add token-refresh module that auto-renews Claude OAuth tokens 30min before expiry
- Fix Codex session loss on service restart by resuming previous sessions
- Inject nanoclaw MCP server into Codex config.toml for send_message/schedule_task
- Sanitize ANTHROPIC_API_KEY and CLAUDE_CODE_OAUTH_TOKEN from Codex subprocess env
This commit is contained in:
Eyejoker
2026-03-12 02:47:24 +09:00
parent 3fd9ce18b5
commit 0515edc93d
4 changed files with 268 additions and 2 deletions

View File

@@ -235,10 +235,16 @@ async function main(): Promise<void> {
}
// Query loop: run codex exec → wait for IPC message → repeat
// First exec is a fresh session; subsequent execs resume the last session.
let isFirstExec = true;
// If we have a previous sessionId, resume instead of starting fresh.
// CODEX_HOME is per-group persistent, so `resume --last` picks up the right session.
const hasPreviousSession = !!containerInput.sessionId;
let isFirstExec = !hasPreviousSession;
let turnCount = 0;
if (hasPreviousSession) {
log(`Resuming previous session (sessionId: ${containerInput.sessionId})`);
}
try {
while (true) {
turnCount++;
@@ -252,17 +258,23 @@ async function main(): Promise<void> {
const { result, error } = await runCodexExec(prompt, !isFirstExec);
isFirstExec = false;
// Generate a session marker so nanoclaw tracks this codex session.
// On next spawn, containerInput.sessionId will be set → resume --last.
const sessionId = containerInput.sessionId || `codex-${containerInput.groupFolder}-${Date.now()}`;
if (error) {
log(`Codex error: ${error}`);
writeOutput({
status: 'error',
result: result || null,
newSessionId: sessionId,
error,
});
} else {
writeOutput({
status: 'success',
result: result || null,
newSessionId: sessionId,
});
}