ci-fix-tmp-pr-301-fix

[KooshaPari]

• fix(ci): align sdk config types and include auto-merge workflow
• fix(auth): align codex import paths in sdk auth
• ci: retrigger checks after stale auth compile fix

Summary by CodeRabbit

• Chores
  • Implemented automated pull request merge workflow based on labeling system for development efficiency.
  • Refactored internal package imports and type definitions to improve code organization and maintainability.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 03b2fdf and 8d04e8a.

📒 Files selected for processing (5)

• .github/workflows/auto-merge.yml
• .worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go
• pkg/llmproxy/access/reconcile.go
• pkg/llmproxy/api/handlers/management/config_basic.go
• sdk/auth/codex.go

---

📝 Walkthrough

Walkthrough

This PR consolidates SDK configuration types through type aliases to an external package, updates import paths to reference internal packages instead of legacy paths, and adds a GitHub Actions workflow for auto-merging labeled pull requests.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/auto-merge.yml	Added new workflow that automatically enables pull request auto-merge for PRs labeled with "automerge" (excluding "do-not-merge") on specific events (open, reopen, ready_for_review, synchronized, labeled, review submitted) using squash merge strategy.
SDK Config Type Refactoring .worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go, pkg/llmproxy/access/reconcile.go, pkg/llmproxy/api/handlers/management/config_basic.go	Replaced local SDKConfig and StreamingConfig struct definitions with type aliases to external sdkconfig package. Updated registration logic in reconcile.go to explicitly construct and map sdkconfig.SDKConfig fields. Changed config_basic.go to reference config.SDKConfig instead of sdkconfig.SDKConfig.
Import Path Consolidation sdk/auth/codex.go	Updated import paths to reference internal packages (internal/auth/codex, internal/browser, internal/misc, internal/util) instead of legacy pkg/llmproxy paths, with no behavioral logic changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ci: fix workflow required-check names for feature/koosh-migrate-1233-feat-termux-support #492: Introduces identical code-level changes including auto-merge workflow and SDKConfig/StreamingConfig type alias alignment with corresponding reconcile.go registration updates.
• fix(auth): align codex sdk import types #625: Modifies sdk/auth/codex.go with the same import path updates to align to internal packages for Codex auth types.

Suggested labels

HELIOS-CODEX, HELIOS-CODEX-L0

Poem

🐰 Type aliases hop and dance,
Imports find their rightful place,
Auto-merge with GitHub's chance,
Config flows with grace and pace!

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci-fix-tmp-pr-301-fix

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: can't load config: the Go language version (go1.25) used to build golangci-lint is lower than the targeted Go version (1.26.0)
The command is terminated due to an error: can't load config: the Go language version (go1.25) used to build golangci-lint is lower than the targeted Go version (1.26.0)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[KooshaPari]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[KooshaPari]

@coderabbitai full review

[KooshaPari]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[KooshaPari]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

sdk/auth/codex.go (2)

38-192: 🧹 Nitpick | 🔵 Trivial

Function Login exceeds maximum length guideline.

The Login method spans ~154 lines, significantly exceeding the 40-line maximum specified in coding guidelines. Consider extracting logical blocks into helper methods:

• PKCE/state generation (lines 58-66)
• OAuth server setup and teardown (lines 68-81)
• Browser launch logic (lines 90-104)
• Callback waiting loop (lines 130-174)

As per coding guidelines: "Maximum function length: 40 lines".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/auth/codex.go` around lines 38 - 192, The Login method is too long; split
its logical blocks into small helpers: extract PKCE/state generation into a
helper like generatePKCEAndState() that returns pkceCodes and state, move OAuth
server setup/teardown into startOAuthServer(callbackPort) which starts
codex.NewOAuthServer, returns the server and a stop function (so defer stays in
Login but implementation lives in helper), extract browser logic into
openBrowserForAuth(authURL, callbackPort, opts) that handles
browser.IsAvailable(), browser.OpenURL and util.PrintSSHTunnelInstructions, and
extract the callback waiting/manual prompt loop into
waitForCallbackLoop(oauthServer, opts) returning *codex.OAuthResult or error;
update Login to call these helpers (retain authSvc.ExchangeCodeForTokens and
buildAuthRecord usage) so Login becomes a high-level orchestrator under 40 lines
while preserving existing symbols: CodexAuthenticator.Login,
codex.GeneratePKCECodes, misc.GenerateRandomState, codex.NewOAuthServer,
oauthServer.WaitForCallback, authSvc.GenerateAuthURL,
authSvc.ExchangeCodeForTokens, and buildAuthRecord.

---

34-36: ⚠️ Potential issue | 🔴 Critical

Critical: Invalid Go syntax - new() cannot take a value.

new(5 * 24 * time.Hour) is invalid Go syntax. The new() builtin takes a type as its argument, not a value expression. This will fail to compile.

This same pattern also appears in sdk/auth/claude.go (line 35), sdk/auth/iflow.go (line 29), sdk/auth/antigravity.go (line 31), and sdk/auth/qwen.go (line 30) — all need the same fix.

Proposed fix

 func (a *CodexAuthenticator) RefreshLead() *time.Duration {
-	return new(5 * 24 * time.Hour)
+	d := 5 * 24 * time.Hour
+	return &d
 }

Or use a helper if this pattern is common:

func ptr[T any](v T) *T { return &v }

func (a *CodexAuthenticator) RefreshLead() *time.Duration {
	return ptr(5 * 24 * time.Hour)
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/auth/codex.go` around lines 34 - 36, The functions like
CodexAuthenticator.RefreshLead currently use invalid Go syntax new(5 * 24 *
time.Hour); change each to return a pointer to a duration value instead (e.g.,
create a local variable d := 5 * 24 * time.Hour and return &d) or add and use a
generic helper ptr[T any](v T) *T { return &v } to return ptr(5 * 24 *
time.Hour); apply this fix to CodexAuthenticator.RefreshLead and the equivalent
methods in sdk/auth/claude.go (ClaudeAuthenticator.RefreshLead),
sdk/auth/iflow.go (IflowAuthenticator.RefreshLead), sdk/auth/antigravity.go
(AntigravityAuthenticator.RefreshLead), and sdk/auth/qwen.go
(QwenAuthenticator.RefreshLead).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/llmproxy/access/reconcile.go`:
- Around line 12-13: The file imports logrus as `log` (see the import alias `log
"github.com/sirupsen/logrus"`) which violates the guideline to use zerolog;
replace that import with zerolog (for example `github.com/rs/zerolog/log`) and
update all logging call sites in this file (`reconcile.go`) to use zerolog's API
(convert log.Info/Error/Warn etc. usages to zerolog's chained style with
.Msg/.Msgf and context fields) so the module consistently uses zerolog instead
of logrus.

---

Outside diff comments:
In `@sdk/auth/codex.go`:
- Around line 38-192: The Login method is too long; split its logical blocks
into small helpers: extract PKCE/state generation into a helper like
generatePKCEAndState() that returns pkceCodes and state, move OAuth server
setup/teardown into startOAuthServer(callbackPort) which starts
codex.NewOAuthServer, returns the server and a stop function (so defer stays in
Login but implementation lives in helper), extract browser logic into
openBrowserForAuth(authURL, callbackPort, opts) that handles
browser.IsAvailable(), browser.OpenURL and util.PrintSSHTunnelInstructions, and
extract the callback waiting/manual prompt loop into
waitForCallbackLoop(oauthServer, opts) returning *codex.OAuthResult or error;
update Login to call these helpers (retain authSvc.ExchangeCodeForTokens and
buildAuthRecord usage) so Login becomes a high-level orchestrator under 40 lines
while preserving existing symbols: CodexAuthenticator.Login,
codex.GeneratePKCECodes, misc.GenerateRandomState, codex.NewOAuthServer,
oauthServer.WaitForCallback, authSvc.GenerateAuthURL,
authSvc.ExchangeCodeForTokens, and buildAuthRecord.
- Around line 34-36: The functions like CodexAuthenticator.RefreshLead currently
use invalid Go syntax new(5 * 24 * time.Hour); change each to return a pointer
to a duration value instead (e.g., create a local variable d := 5 * 24 *
time.Hour and return &d) or add and use a generic helper ptr[T any](v T) *T {
return &v } to return ptr(5 * 24 * time.Hour); apply this fix to
CodexAuthenticator.RefreshLead and the equivalent methods in sdk/auth/claude.go
(ClaudeAuthenticator.RefreshLead), sdk/auth/iflow.go
(IflowAuthenticator.RefreshLead), sdk/auth/antigravity.go
(AntigravityAuthenticator.RefreshLead), and sdk/auth/qwen.go
(QwenAuthenticator.RefreshLead).

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 03b2fdf and 8d04e8a.

📒 Files selected for processing (5)

• .github/workflows/auto-merge.yml
• .worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go
• pkg/llmproxy/access/reconcile.go
• pkg/llmproxy/api/handlers/management/config_basic.go
• sdk/auth/codex.go

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

**/*.go: NEVER create a v2 file - refactor the original instead
NEVER create a new class if an existing one can be made generic
NEVER create custom implementations when an OSS library exists - search pkg.go.dev for existing libraries before writing code
Build generic building blocks (provider interface + registry) before application logic
Use chi for HTTP routing (NOT custom routers)
Use zerolog for logging (NOT fmt.Print)
Use viper for configuration (NOT manual env parsing)
Use go-playground/validator for validation (NOT manual if/else validation)
Use golang.org/x/time/rate for rate limiting (NOT custom limiters)
Use template strings for messages instead of hardcoded messages and config-driven logic instead of code-driven
Zero new lint suppressions without inline justification
All new code must pass: go fmt, go vet, golint
Maximum function length: 40 lines
No placeholder TODOs in committed code

Files:

• sdk/auth/codex.go
• pkg/llmproxy/access/reconcile.go
• pkg/llmproxy/api/handlers/management/config_basic.go

🧠 Learnings (1)

📚 Learning: 2026-02-25T10:11:41.448Z

Learnt from: CR
Repo: KooshaPari/cliproxyapi-plusplus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-25T10:11:41.448Z
Learning: Applies to **/*.go : Build generic building blocks (provider interface + registry) before application logic

Applied to files:

• pkg/llmproxy/api/handlers/management/config_basic.go

🧬 Code graph analysis (2)

pkg/llmproxy/access/reconcile.go (1)

.worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go (2)

• SDKConfig (7-7)
• StreamingConfig (8-8)

pkg/llmproxy/api/handlers/management/config_basic.go (1)

.worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go (1)

• SDKConfig (7-7)

🔇 Additional comments (5)

.github/workflows/auto-merge.yml (1)

1-33: Workflow looks good for auto-merge gate.

The workflow correctly:

• Uses pull_request_target safely (no checkout of untrusted PR code)
• Gates on both label presence (automerge) and absence (do-not-merge)
• Only enables automerge on approved reviews or non-review events
• Uses minimal required permissions

Consider pinning the action to a specific SHA for supply-chain security instead of the @v3 tag:

-        uses: peter-evans/enable-pull-request-automerge@v3
+        uses: peter-evans/enable-pull-request-automerge@v3  # Consider pinning to SHA

[approve_code_changes, suggest_optional_refactor]

pkg/llmproxy/access/reconcile.go (1)

89-98: Field-by-field copy may be redundant given type aliasing.

Since config.SDKConfig is aliased to sdkconfig.SDKConfig (as shown in sdk_types.go), this explicit field copy could be simplified. The current approach creates maintenance overhead when fields are added to SDKConfig.

If the types are truly aliases (not separate structs), consider:

♻️ Suggested simplification

-	sdkCfg := sdkconfig.SDKConfig{
-		ProxyURL:                   newCfg.SDKConfig.ProxyURL,
-		ForceModelPrefix:           newCfg.SDKConfig.ForceModelPrefix,
-		RequestLog:                 newCfg.SDKConfig.RequestLog,
-		APIKeys:                    newCfg.SDKConfig.APIKeys,
-		PassthroughHeaders:         newCfg.SDKConfig.PassthroughHeaders,
-		Streaming:                  sdkconfig.StreamingConfig(newCfg.SDKConfig.Streaming),
-		NonStreamKeepAliveInterval: newCfg.SDKConfig.NonStreamKeepAliveInterval,
-	}
-	configaccess.Register(&sdkCfg)
+	sdkCfg := sdkconfig.SDKConfig(newCfg.SDKConfig)
+	configaccess.Register(&sdkCfg)

If the explicit copy is intentional (e.g., to allow future divergence or filter fields), add a comment explaining the rationale.

[suggest_recommended_refactor, request_verification]

#!/bin/bash
# Verify if config.SDKConfig is truly an alias to sdkconfig.SDKConfig
# If so, the field-by-field copy is unnecessary

# Check the type definition in sdk_types.go
fd -t f "sdk_types.go" --exec cat {}

# Check if there's a separate SDKConfig struct definition in internal/config
rg -n "type SDKConfig struct" --type go

sdk/auth/codex.go (1)

10-15: Import path changes look correct.

The switch from pkg/llmproxy/* to internal/* paths aligns with the PR objective of aligning codex import paths in SDK auth.

pkg/llmproxy/api/handlers/management/config_basic.go (1)

47-48: Type change aligns correctly with SDK config aliasing.

Using config.SDKConfig instead of sdkconfig.SDKConfig is consistent with the type alias defined in sdk_types.go where SDKConfig = sdkconfig.SDKConfig. This simplifies imports while maintaining type compatibility.

.worktrees/config/m/config-build/active/pkg/llmproxy/config/sdk_types.go (1)

1-8: Clean type aliasing approach.

The type aliases correctly unify config.SDKConfig and config.StreamingConfig with their SDK counterparts. This:

• Prevents type mismatches when passing config between packages
• Maintains a single source of truth for these types
• The explanatory comment on line 6 clarifies the intent

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Logging library inconsistency with coding guidelines.

The file uses logrus for logging, but coding guidelines specify using zerolog. This appears to be existing code, so flagging for awareness rather than immediate change.

As per coding guidelines: "Use zerolog for logging (NOT fmt.Print)".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/llmproxy/access/reconcile.go` around lines 12 - 13, The file imports
logrus as `log` (see the import alias `log "github.com/sirupsen/logrus"`) which
violates the guideline to use zerolog; replace that import with zerolog (for
example `github.com/rs/zerolog/log`) and update all logging call sites in this
file (`reconcile.go`) to use zerolog's API (convert log.Info/Error/Warn etc.
usages to zerolog's chained style with .Msg/.Msgf and context fields) so the
module consistently uses zerolog instead of logrus.

[KooshaPari]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[github-actions]

@coderabbitai full review

Automated retrigger: backlog > 10, CodeRabbit state=FAILURE, age=1194.6m.

[KooshaPari]

Closing: CI fix attempt that still fails build. Reopen if needed after fixing underlying issues.

[coderabbitai]

@github-actions I'll trigger a full review of this PR now.

✅ Actions performed

Full review triggered.