Files
codex-oauth-plus-onboarding…/skill/codex-oauth-plus-onboarding/references/official-extension-phone-update-2026-05-10.md
T

98 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Official codex-oauth extension update learnings for phone verification (2026-05-10)
Source inspected: `QLHazyCoder/codex-oauth-automation-extension` update from local `7dc5cf2` to upstream `6bd00db` (`origin/master`).
## Files inspected
- `background/phone-verification-flow.js`
- `content/phone-auth.js`
- `phone-sms/providers/five-sim.js`
- `tests/phone-auth-country-match.test.js`
- `tests/phone-verification-flow.test.js`
## Useful changes to copy into Hermes runner/workflow
### 1. Detect WhatsApp resend channel without clicking
Official content script now extracts resend button text from `value`, `aria-label`, `title`, `innerText`, and `textContent`, then classifies the resend channel:
- `whatsapp` if text matches `/whats\s*app/i`
- `sms` if text matches `sms|text message|短信`
- `unknown` otherwise
It supports a `probeOnly` mode that returns channel info without clicking.
Hermes runner rule:
1. After submitting a phone number and before clicking resend, probe resend button/channel.
2. If channel is `whatsapp` and BOSS's policy is SMS-only, cancel the 5sim SMS order and rotate/stop; do not click WhatsApp resend.
3. Log compact JSONL phase `whatsapp_resend_detected_cancel`.
### 2. Classify OpenAI HTTP 500/contact-verification server errors
Official update adds server-error detection for pages such as:
- `This page isnt working`
- `currently unable to handle this request`
- `HTTP ERROR 500`
- `500 Internal Server Error`
Hermes runner rule:
- If resend or phone verification lands on this error page, classify as `resend_server_error`, cancel current activation, recover by navigating/generating fresh OAuth session back to `add-phone` before next number.
### 3. Broader direct-delivery-refused detection
Official update adds a broader delivery-refused classifier for Chinese/English variants such as:
- `无法向此电话号码发送验证码`
- `无法向...号码...发送验证码/短信`
- `cannot/unable to send/deliver verification code/sms/text to this phone number`
Hermes runner should treat these as direct number rejection:
- cancel/ban the current order;
- rotate to next number;
- do not keep polling.
### 4. United Kingdom prefix mapping
Official HeroSMS prefix mapping includes:
```js
{ prefix: '44', id: 16, label: 'United Kingdom' }
```
For 5sim/OpenAI country tests in BOSS's runner, map UK as:
```text
5sim country slug: england
OpenAI select ISO: GB
visible text: 英国 (+44)
prefix: 44
```
### 5. Stale email-verification guard
Official signup phone flow now checks whether the page has unexpectedly returned to `/email-verification` before polling/submitting phone SMS. Treat that as stale signup/email-verification state and stop/replace number/account rather than burning SMS orders.
### 6. Waiting callback while polling 5sim
Official 5sim provider added `onWaitingForCode` during polling. Hermes runner can mimic this with compact JSONL status events so long waits do not look stuck.
## Runner patch applied locally
`/tmp/phone_verify_strict_gate_10.py` was patched to:
- probe resend channel before clicking;
- cancel and continue if WhatsApp resend is detected;
- classify server-error pages before/after resend;
- keep strict country gate before buying and before clicking Continue.
## Keep from prior Hermes-specific lessons
- Do not submit if `selectValue` and visible country/dial code mismatch.
- Do not submit a non-US number when visible country is `美国 (+1)`.
- If a 5sim order is already bought and country gate fails, cancel immediately.
- For BOSS's configured SMS-only policy, do not switch to WhatsApp providers unless explicitly approved.