Skip to content

fix(grok): support Grok 4.5 OAuth sessions#3904

Open
mustbearnold wants to merge 1 commit into
pingdotgg:mainfrom
mustbearnold:fix/grok45-supergrok
Open

fix(grok): support Grok 4.5 OAuth sessions#3904
mustbearnold wants to merge 1 commit into
pingdotgg:mainfrom
mustbearnold:fix/grok45-supergrok

Conversation

@mustbearnold

@mustbearnold mustbearnold commented Jul 12, 2026

Copy link
Copy Markdown

Summary

  • make Grok ACP assistant item IDs unique across resumed runtime instances by scoping them to the T3 turn
  • use grok-4.5 instead of the removed/stale grok-build fallback
  • select authentication from the methods advertised by Grok CLI, preferring cached SuperGrok OAuth when API-key auth is unavailable
  • add Windows-compatible Grok CLI test wrappers and a real opt-in Grok 4.5 cached-OAuth prompt probe

Root cause

AcpSessionRuntime synthesizes assistant segment IDs from the ACP session ID and a runtime-local segment counter. Recreating the runtime while loading the same Grok session reset the counter, so later turns reused earlier item IDs. The projection layer then concatenated unrelated assistant content and reassigned it to the latest turn.

Verification

  • 34/34 focused Grok adapter/provider/support tests pass
  • 4/4 opt-in live tests pass against Grok CLI 0.2.93, grok-4.5, and an existing cached SuperGrok OAuth session
  • server and contracts TypeScript typechecks pass
  • changed-file lint: 0 errors, 0 warnings
  • formatting and git diff --check pass
  • production server/web build passes
  • two independent final reviews returned PASS on the exact final diff

Full-suite caveat

The full server suite was attempted on Windows: 1,313 tests passed and 89 failed. The failures are existing Windows/environment incompatibilities, primarily symlink EPERM, Unix fixture spawn EFTYPE, POSIX path assumptions, and unrelated Git/bootstrap tests. The changed Grok test surface is green.


Note

Medium Risk
Changes Grok authentication selection and turn-scoped runtime event IDs on the provider path; incorrect auth or ID scoping could break sessions or transcript projection, though coverage is strong.

Overview
Fixes Grok session resume bugs and aligns the stack with Grok 4.5 and cached SuperGrok OAuth.

Assistant item IDs are now suffixed with the active T3 turn (itemId:turn:turnId) when emitting item.started, item.completed, and content.delta, so a recreated ACP runtime loading the same session no longer reuses segment IDs and merges unrelated turns in the UI.

Defaults and fallbacks move from grok-build to grok-4.5 in contracts, provider snapshots, and resolveGrokAcpBaseModelId.

ACP auth picks authenticate method after initialize: authMethodId can be a function; resolveGrokAuthMethodId prefers API key when advertised, otherwise cached_token when the CLI does not offer xai.api_key.

Tests: Windows .cmd mock Grok wrappers; SIGTERM child-process test skipped on Windows; new adapter test for distinct item IDs across resume; provider tests use platform-aware fake CLIs; opt-in live probe clears XAI_API_KEY, selects grok-4.5, and runs a real OAuth prompt.

Reviewed by Cursor Bugbot for commit f6a2d5c. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Add Grok 4.5 OAuth session support with dynamic auth method resolution

  • Updates the default Grok model from grok-build to grok-4.5 across GrokProvider.ts, GrokAcpSupport.ts, and model.ts
  • Expands resolveGrokAuthMethodId to select the auth method based on agent-advertised methods after initialization, preferring xai.api_key when an API key is present, falling back to cached_token or the first advertised method
  • Changes AcpSessionRuntimeOptions.authMethodId to accept a function receiving the InitializeResponse, allowing dynamic auth method selection per session
  • Scopes assistant item IDs to their turn by appending :turn:<turnId> in GrokAdapter.ts, ensuring distinct IDs across resumed Grok runtimes
  • Behavioral Change: all emitted AssistantItemStarted, AssistantItemCompleted, and ContentDelta events now use turn-scoped item IDs instead of raw IDs from the agent

Macroscope summarized f6a2d5c.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 1906e8cc-e7ac-4a78-8df8-f51d6629c917

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added vouch:unvouched PR author is not yet trusted in the VOUCHED list. size:M 30-99 changed lines (additions + deletions). labels Jul 12, 2026
@macroscopeapp

macroscopeapp Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Needs human review

This PR modifies authentication method selection logic for Grok sessions, dynamically choosing between OAuth and API key based on CLI-advertised methods. Changes to authentication code paths warrant human review regardless of apparent simplicity.

You can customize Macroscope's approvability policy. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:M 30-99 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant