Register agent tasks behind use_agent_identity

[adrian-openai]

Summary

Stack PR3 for feature-gated agent identity support.

This PR adds per-thread agent task registration behind features.use_agent_identity. Tasks are minted on the first real user turn and cached in thread runtime state for later turns.

Stack

• PR1: Add use_agent_identity feature flag #17385 - add features.use_agent_identity
• PR2: Register agent identities behind use_agent_identity #17386 - register agent identities when enabled
• PR3: Register agent tasks behind use_agent_identity #17387 - this PR, original task registration slice
• PR3.1: Persist and prewarm agent tasks per thread #17978 - persist and prewarm registered tasks per thread
• PR4: [codex] Use AgentAssertion downstream behind use_agent_identity #17980 - use AgentAssertion downstream when enabled

Validation

Covered as part of the local stack validation pass:

• just fmt
• cargo test -p codex-core --lib agent_identity
• cargo test -p codex-core --lib agent_assertion
• cargo test -p codex-core --lib websocket_agent_task
• cargo test -p codex-api api_bridge
• cargo build -p codex-cli --bin codex

Notes

The full local app-server E2E path is still being debugged after PR creation. The current branch stack is directionally ready for review while that follow-up continues.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5f089f4a53

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Revalidate cached agent task against current auth binding

ensure_agent_task_registered returns a cached agent_task without checking whether auth/workspace binding changed. After re-auth or workspace switch, turns can keep using a task minted for the old binding because register_task() (the only path that recomputes current_binding) is skipped. This can cause authorization failures or cross-account credential reuse.

Useful? React with 👍 / 👎.

[efrazer-oai]

I don't think we need this auth_binding concept with our auth.json changes. Can do smth like below:

match auth { CodexAuth::ChatgptAuthTokens(tokens) => { if let Some(agent_identity) = tokens.registered_agent_identity() { // preregistered path register_task_with_agent_identity(agent_identity).await } else if let Some(access_token) = tokens.authorization_bearer_token() { // human bootstrap path bootstrap_and_register_task(access_token, tokens.workspace_id()).await } else { Ok(None) } } _ => Ok(None), }

We shouldn't exist in a state where the agent workspace_id doesn't match up with the user workspace_id

[efrazer-oai]

Session lifecycle

In the status quo, we fully persist session details on disk. With this change, we're creating an ephemeral 'task' in memory associated with a session. This is a bit off for a few reasons I think:

1. It means if we turn off codex and start working on the same session later, it shows up as two different 'tasks' which seems like undesirable backend state.
2. It means we add latency to every initial turn in order to make this HTTP call to create the task (idt it'd be too severe, but latency is a huge focus and we try to make most interactions go through websockets; if we can avoid i would).
3. There are some API calls we make that are not session scoped, and some that are session scoped but aren't in the path where we create agent_task. If we're in a regime where there's no user token (i.e. programmatic codex), i believe these will just fail -- would need to make it robust to those.

I wonder if there's a cleaner implementation that loses some fidelity but just creates it on start?

Or if we can pass the session id itself as the task id?

[efrazer-oai]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep them coming!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[nicksteele-oai]

File should probably be rm'd from commit

[adrian-openai]

Weird that notes are actually making it into the PR. I'll remove that.

[nicksteele-oai]

Should there be a way to allow users to soft fail after registration fails even when features.use_agent_identity is enabled? Calling shutdown if registration fails, even by accident, might result in some grotty UX. For instance, shutdown calls abort_all_tasks(TurnAbortReason::Interrupted), which iiuc will abort all active session tasks even if they're unrelated to this session.

[adrian-openai]

This is a fair point. Probably worth a better UX here, where there's an error for this thread, but doesn't necessarily stop all other threads.

[nicksteele-oai]

Could we treat task registration fails as a turn error that can be retried and let the next turn attempt registration again instead of ending the session?

[adrian-openai]

I'm not sure if I'm following - how will that turn be completed without a task? Do you mean that this 'turn error' just returns control back to the user who can try again in case it is a transient error? I think that seems reasonable!

[nicksteele-oai]

Yep the latter! The turn shouldn't be completed but also shouldn't cause a hard fail, and the user should be able to attempt a retry

[nicksteele-oai]

The other thing we might want to consider is have some progress loader/event so if this event hangs the user has some indicator that it's still doing the registration

[nicksteele-oai]

Most of my comments (other than the shutdown invocation) are pretty minor, otherwise looking in good shape!