fix: graduate refresh guardian failure penalties

Author: ndycode

lib/refresh-guardian.ts

@@ -1,6 +1,7 @@
 import { createLogger } from "./logger.js";
 import { applyRefreshResult, refreshExpiringAccounts } from "./proactive-refresh.js";
 import type { AccountManager } from "./accounts.js";
+import { ACCOUNT_LIMITS } from "./constants.js";
 import type { CooldownReason } from "./storage.js";
 import type { TokenResult } from "./types.js";
 
@@ -24,6 +25,7 @@ export interface RefreshGuardianStats {
 }
 
 const DEFAULT_INTERVAL_MS = 60_000;
+const NETWORK_FAILURE_COOLDOWN_MS = 6_000;
 
 export class RefreshGuardian {
 	private readonly getAccountManager: () => AccountManager | null;
@@ -95,6 +97,15 @@ export class RefreshGuardian {
 		return "network-error";
 	}
 
+	private getNetworkFailureCooldownMs(): number {
+		return Math.min(this.bufferMs, NETWORK_FAILURE_COOLDOWN_MS);
+	}
+
+	private getAuthFailureCooldownMs(failureCount: number): number {
+		const streak = Math.max(1, Math.floor(failureCount));
+		return Math.min(this.bufferMs, ACCOUNT_LIMITS.AUTH_FAILURE_COOLDOWN_MS * streak);
+	}
+
 	async tick(): Promise<void> {
 		if (this.running) return;
 		const manager = this.getAccountManager();
@@ -135,14 +146,33 @@ export class RefreshGuardian {
 							manager.clearAuthFailures(account);
 							this.stats.refreshed += 1;
 						} else {
-							manager.markAccountCoolingDown(account, this.bufferMs, "network-error");
+							manager.markAccountCoolingDown(
+								account,
+								this.getNetworkFailureCooldownMs(),
+								"network-error",
+							);
 							this.stats.failed += 1;
 							this.stats.networkFailed += 1;
 						}
 						break;
 					case "failed": {
 						const cooldownReason = this.classifyFailureReason(result.tokenResult);
-						manager.markAccountCoolingDown(account, this.bufferMs, cooldownReason);
+						if (cooldownReason === "rate-limit") {
+							manager.markRateLimited(account, this.bufferMs, "codex");
+						} else if (cooldownReason === "auth-failure") {
+							const failureCount = manager.incrementAuthFailures(account);
+							manager.markAccountCoolingDown(
+								account,
+								this.getAuthFailureCooldownMs(failureCount),
+								cooldownReason,
+							);
+						} else {
+							manager.markAccountCoolingDown(
+								account,
+								this.getNetworkFailureCooldownMs(),
+								cooldownReason,
+							);
+						}
 						this.stats.failed += 1;
 						if (cooldownReason === "rate-limit") this.stats.rateLimited += 1;
 						else if (cooldownReason === "auth-failure") this.stats.authFailed += 1;
@@ -153,7 +183,11 @@ export class RefreshGuardian {
 						this.stats.notNeeded += 1;
 						break;
 					case "no_refresh_token":
-						manager.markAccountCoolingDown(account, this.bufferMs, "auth-failure");
+						manager.markAccountCoolingDown(
+							account,
+							ACCOUNT_LIMITS.AUTH_FAILURE_COOLDOWN_MS,
+							"auth-failure",
+						);
 						manager.setAccountEnabled(account.index, false);
 						this.stats.noRefreshToken += 1;
 						this.stats.failed += 1;

test/refresh-guardian.test.ts

@@ -27,9 +27,34 @@ function createManagerMock(accounts: ManagedAccount[]): AccountManager {
       (index: number) =>
         accounts.find((account) => account.index === index) ?? null,
     ),
-    clearAuthFailures: vi.fn(),
-    markAccountCoolingDown: vi.fn(),
-    setAccountEnabled: vi.fn(),
+    clearAuthFailures: vi.fn((account: ManagedAccount) => {
+      account.consecutiveAuthFailures = 0;
+    }),
+    incrementAuthFailures: vi.fn((account: ManagedAccount) => {
+      account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
+      return account.consecutiveAuthFailures;
+    }),
+    markAccountCoolingDown: vi.fn(
+      (
+        account: ManagedAccount,
+        cooldownMs: number,
+        reason: "auth-failure" | "network-error" | "rate-limit",
+      ) => {
+        account.coolingDownUntil = Date.now() + cooldownMs;
+        account.cooldownReason = reason;
+      },
+    ),
+    markRateLimited: vi.fn(
+      (account: ManagedAccount, retryAfterMs: number) => {
+        account.rateLimitResetTimes.codex = Date.now() + retryAfterMs;
+      },
+    ),
+    setAccountEnabled: vi.fn((index: number, enabled: boolean) => {
+      const account = accounts.find((candidate) => candidate.index === index);
+      if (account) {
+        account.enabled = enabled;
+      }
+    }),
     saveToDiskDebounced: vi.fn(),
   } as unknown as AccountManager;
 }
@@ -159,9 +184,12 @@ describe("refresh-guardian", () => {
     expect(
       manager.clearAuthFailures as ReturnType<typeof vi.fn>,
     ).toHaveBeenCalledWith(accountA);
+    expect(
+      manager.incrementAuthFailures as ReturnType<typeof vi.fn>,
+    ).toHaveBeenCalledWith(accountB);
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenCalledWith(accountB, 60_000, "auth-failure");
+    ).toHaveBeenCalledWith(accountB, 30_000, "auth-failure");
     expect(
       manager.saveToDiskDebounced as ReturnType<typeof vi.fn>,
     ).toHaveBeenCalledTimes(1);
@@ -232,8 +260,15 @@ describe("refresh-guardian", () => {
         (index: number) =>
           [liveB, liveA].find((account) => account.index === index) ?? null,
       ),
-      clearAuthFailures: vi.fn(),
+      clearAuthFailures: vi.fn((account: ManagedAccount) => {
+        account.consecutiveAuthFailures = 0;
+      }),
+      incrementAuthFailures: vi.fn((account: ManagedAccount) => {
+        account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
+        return account.consecutiveAuthFailures;
+      }),
       markAccountCoolingDown: vi.fn(),
+      markRateLimited: vi.fn(),
       saveToDiskDebounced: vi.fn(),
     } as unknown as AccountManager;
     const { RefreshGuardian } = await import("../lib/refresh-guardian.js");
@@ -343,16 +378,19 @@ describe("refresh-guardian", () => {
     ).toHaveBeenCalledWith(1, false);
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(1, accountB, 60_000, "auth-failure");
+    ).toHaveBeenNthCalledWith(1, accountB, 30_000, "auth-failure");
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(2, accountC, 60_000, "rate-limit");
+    ).toHaveBeenNthCalledWith(2, accountD, 6_000, "network-error");
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(3, accountD, 60_000, "network-error");
+    ).toHaveBeenNthCalledWith(3, accountE, 30_000, "auth-failure");
     expect(
-      manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(4, accountE, 60_000, "auth-failure");
+      manager.markRateLimited as ReturnType<typeof vi.fn>,
+    ).toHaveBeenCalledWith(accountC, 60_000, "codex");
+    expect(
+      manager.incrementAuthFailures as ReturnType<typeof vi.fn>,
+    ).toHaveBeenNthCalledWith(1, accountE);
 
     const stats = guardian.getStats();
     expect(stats.runs).toBe(1);
@@ -395,8 +433,15 @@ describe("refresh-guardian", () => {
         (index: number) =>
           liveSnapshot.find((account) => account.index === index) ?? null,
       ),
-      clearAuthFailures: vi.fn(),
+      clearAuthFailures: vi.fn((account: ManagedAccount) => {
+        account.consecutiveAuthFailures = 0;
+      }),
+      incrementAuthFailures: vi.fn((account: ManagedAccount) => {
+        account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
+        return account.consecutiveAuthFailures;
+      }),
       markAccountCoolingDown: vi.fn(),
+      markRateLimited: vi.fn(),
       setAccountEnabled: vi.fn(),
       saveToDiskDebounced: vi.fn(),
     } as unknown as AccountManager;
@@ -499,19 +544,25 @@ describe("refresh-guardian", () => {
     ).toHaveBeenCalledTimes(5);
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(1, accountA, 60_000, "network-error");
+    ).toHaveBeenNthCalledWith(1, accountA, 6_000, "network-error");
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(2, accountB, 60_000, "network-error");
+    ).toHaveBeenNthCalledWith(2, accountB, 6_000, "network-error");
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(3, accountC, 60_000, "auth-failure");
+    ).toHaveBeenNthCalledWith(3, accountC, 30_000, "auth-failure");
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(4, accountD, 60_000, "auth-failure");
+    ).toHaveBeenNthCalledWith(4, accountD, 30_000, "auth-failure");
     expect(
       manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
-    ).toHaveBeenNthCalledWith(5, accountE, 60_000, "network-error");
+    ).toHaveBeenNthCalledWith(5, accountE, 6_000, "network-error");
+    expect(
+      manager.incrementAuthFailures as ReturnType<typeof vi.fn>,
+    ).toHaveBeenNthCalledWith(1, accountC);
+    expect(
+      manager.incrementAuthFailures as ReturnType<typeof vi.fn>,
+    ).toHaveBeenNthCalledWith(2, accountD);
     expect(
       manager.saveToDiskDebounced as ReturnType<typeof vi.fn>,
     ).toHaveBeenCalledTimes(1);
@@ -545,6 +596,48 @@ describe("refresh-guardian", () => {
     expect(Reflect.get(guardian, "running")).toBe(false);
   });
 
+  it("escalates auth cooldowns across repeated guardian failures", async () => {
+    const account = createManagedAccount(0);
+    const manager = createManagerMock([account]);
+    const { RefreshGuardian } = await import("../lib/refresh-guardian.js");
+    const guardian = new RefreshGuardian(() => manager, {
+      bufferMs: 120_000,
+      intervalMs: 5_000,
+    });
+
+    refreshExpiringAccountsMock.mockResolvedValue(
+      new Map([
+        [
+          0,
+          {
+            refreshed: true,
+            reason: "failed",
+            tokenResult: {
+              type: "failed",
+              reason: "http_error",
+              statusCode: 401,
+              message: "expired",
+            },
+          },
+        ],
+      ]),
+    );
+
+    await guardian.tick();
+    await vi.advanceTimersByTimeAsync(30_001);
+    await guardian.tick();
+
+    expect(
+      manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
+    ).toHaveBeenNthCalledWith(1, account, 30_000, "auth-failure");
+    expect(
+      manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
+    ).toHaveBeenNthCalledWith(2, account, 60_000, "auth-failure");
+    expect(
+      manager.incrementAuthFailures as ReturnType<typeof vi.fn>,
+    ).toHaveBeenCalledTimes(2);
+  });
+
   it("handles account removal during tick without throwing", async () => {
     const originalA = createManagedAccount(0);
     const originalB = createManagedAccount(1);
@@ -560,8 +653,15 @@ describe("refresh-guardian", () => {
       getAccountByIndex: vi.fn(
         (index: number) => liveAfterRemoval[index] ?? null,
       ),
-      clearAuthFailures: vi.fn(),
+      clearAuthFailures: vi.fn((account: ManagedAccount) => {
+        account.consecutiveAuthFailures = 0;
+      }),
+      incrementAuthFailures: vi.fn((account: ManagedAccount) => {
+        account.consecutiveAuthFailures = (account.consecutiveAuthFailures ?? 0) + 1;
+        return account.consecutiveAuthFailures;
+      }),
       markAccountCoolingDown: vi.fn(),
+      markRateLimited: vi.fn(),
       setAccountEnabled: vi.fn(),
       saveToDiskDebounced: vi.fn(),
     } as unknown as AccountManager;
@@ -609,11 +709,11 @@ describe("refresh-guardian", () => {
       expect.anything(),
     );
     expect(
-      manager.markAccountCoolingDown as ReturnType<typeof vi.fn>,
+      manager.markRateLimited as ReturnType<typeof vi.fn>,
     ).toHaveBeenCalledWith(
       expect.objectContaining({ refreshToken: originalB.refreshToken }),
       60_000,
-      "rate-limit",
+      "codex",
     );
   });
 });