Block recovery on invalid OAuth credentials#16
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces an explicit OAuth-blocked recovery mechanism for the YouTube AutoEncoder service. Instead of entering an ambiguous retry backoff, refresh-token rejections and unusable token files are now classified as explicit OAuth authorization blocks. The supervisor pauses API recovery and monitors the local token file for changes using fingerprinting, while preserving any active public stream under its local watchdog. Additionally, signal handlers are now limited to the visible test-pattern runs. The review feedback points out a critical issue where malformed or non-numeric expiration metadata in the token file could cause uncaught ValueError or TypeError exceptions, bypassing the OAuth-blocked recovery logic and propagating as a fatal error.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ffe5f6574f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
aa183cd to
fcd4f03
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fcd4f038d1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
fcd4f03 to
f97a5b7
Compare
f97a5b7 to
3b7260e
Compare
Summary
invalid_grant, HTTP 401, and unusable token files as explicit OAuth authorization conditionsRoot Cause
The API helper correctly reported a rejected refresh token as a permanent failure, but the supervisor accepted only retryable classes and converted
fataltoambiguous. That produced an endless retry cycle instead of an actionable authorization block. A cached access token that remained locally unexpired could also be rejected by YouTube with HTTP 401; that path bypassed refresh-tokeninvalid_granthandling. The API CLI additionally installed test-pattern signal handlers for every subcommand, causingauthorizeto swallow termination signals when no child existed.Safety
invalid_client,invalid_scope, andunauthorized_clientremain fatal and never trigger token refresh or token-file wait0600local-filesystem advisory lockRollback
Revert PR #16 after merge and redeploy the two prior runtime scripts. No state migration or credential change is required.
Validation
.venv/bin/ruff check bin tests.venv/bin/python -m py_compile bin/youtube-autoencoder bin/youtube-autoencoder-api.venv/bin/pytest -q-> 244 passedgit diff --checkPublic-Safety Checklist