Skip to content

Phase B: retire refreshCodexOAuthTokenIfNeeded scheduled job #372

Open
Open
Phase B: retire refreshCodexOAuthTokenIfNeeded scheduled job#372
@samxu01

Description

@samxu01
samxu01
opened on May 15, 2026

Follow-up to ADR-014. The backend's daily 3 AM UTC job `refreshCodexOAuthTokenIfNeeded` in `agentProvisionerServiceK8s.ts` refreshes GCP SM secrets that hold laptop-device-auth'd tokens. Those tokens are cluster-IP-bound dead-on-arrival per ADR-014, so the job is refreshing tokens nothing reads.

Call site: `backend/services/schedulerService.ts:302`.

Acceptance:

  • Remove `refreshCodexOAuthTokenIfNeeded` call from scheduler
  • Remove `refreshCodexOAuthTokenForAccount` from agentProvisionerServiceK8s.ts
  • Remove the GCP SM secrets `commonly-dev-openai-codex-access-token[-2|-3]`, `-refresh-token[-2|-3]`, `-id-token[-3]` (operator action, after code merges)

Related: ADR-014, PR #370, #371.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions