fix(grok): support Grok 4.5 OAuth sessions#3904
Conversation
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
ApprovabilityVerdict: Needs human review This PR modifies authentication method selection logic for Grok sessions, dynamically choosing between OAuth and API key based on CLI-advertised methods. Changes to authentication code paths warrant human review regardless of apparent simplicity. You can customize Macroscope's approvability policy. Learn more. |
Summary
grok-4.5instead of the removed/stalegrok-buildfallbackRoot cause
AcpSessionRuntimesynthesizes assistant segment IDs from the ACP session ID and a runtime-local segment counter. Recreating the runtime while loading the same Grok session reset the counter, so later turns reused earlier item IDs. The projection layer then concatenated unrelated assistant content and reassigned it to the latest turn.Verification
34/34focused Grok adapter/provider/support tests pass4/4opt-in live tests pass against Grok CLI 0.2.93,grok-4.5, and an existing cached SuperGrok OAuth sessiongit diff --checkpassFull-suite caveat
The full server suite was attempted on Windows: 1,313 tests passed and 89 failed. The failures are existing Windows/environment incompatibilities, primarily symlink
EPERM, Unix fixturespawn EFTYPE, POSIX path assumptions, and unrelated Git/bootstrap tests. The changed Grok test surface is green.Note
Medium Risk
Changes Grok authentication selection and turn-scoped runtime event IDs on the provider path; incorrect auth or ID scoping could break sessions or transcript projection, though coverage is strong.
Overview
Fixes Grok session resume bugs and aligns the stack with Grok 4.5 and cached SuperGrok OAuth.
Assistant item IDs are now suffixed with the active T3 turn (
itemId:turn:turnId) when emittingitem.started,item.completed, andcontent.delta, so a recreated ACP runtime loading the same session no longer reuses segment IDs and merges unrelated turns in the UI.Defaults and fallbacks move from
grok-buildtogrok-4.5in contracts, provider snapshots, andresolveGrokAcpBaseModelId.ACP auth picks
authenticatemethod afterinitialize:authMethodIdcan be a function;resolveGrokAuthMethodIdprefers API key when advertised, otherwise cached_token when the CLI does not offerxai.api_key.Tests: Windows
.cmdmock Grok wrappers; SIGTERM child-process test skipped on Windows; new adapter test for distinct item IDs across resume; provider tests use platform-aware fake CLIs; opt-in live probe clearsXAI_API_KEY, selectsgrok-4.5, and runs a real OAuth prompt.Reviewed by Cursor Bugbot for commit f6a2d5c. Bugbot is set up for automated code reviews on this repo. Configure here.
Note
Add Grok 4.5 OAuth session support with dynamic auth method resolution
grok-buildtogrok-4.5acrossGrokProvider.ts,GrokAcpSupport.ts, andmodel.tsresolveGrokAuthMethodIdto select the auth method based on agent-advertised methods after initialization, preferringxai.api_keywhen an API key is present, falling back tocached_tokenor the first advertised methodAcpSessionRuntimeOptions.authMethodIdto accept a function receiving theInitializeResponse, allowing dynamic auth method selection per session:turn:<turnId>inGrokAdapter.ts, ensuring distinct IDs across resumed Grok runtimesAssistantItemStarted,AssistantItemCompleted, andContentDeltaevents now use turn-scoped item IDs instead of raw IDs from the agentMacroscope summarized f6a2d5c.