Commit Graph

44 Commits

Author SHA1 Message Date
Peter Steinberger
401ae11b71 fix(codex): preserve native subagent results after parent cleanup (#102060)
Codex native subagent results now survive parent cleanup, app-server persistence races, resumptions, and transient delivery failures. The monitor treats app-server thread/read and thread/turns/list history as canonical recovery state (works on non-stdio transports), retains the shared physical client only while detached children need monitoring, fences stale reads across lifecycle changes, keeps interrupted children resumable, preserves multi-agent V2 subAgentActivity lineage, and bounds terminal delivery retries with a durable failed state. Removes rollout-file discovery, transcript parsing, periodic whole-client rescans, and the deferred one-shot cleanup path.

Adds an opt-in live E2E lane (OPENCLAW_LIVE_CODEX_NATIVE_SUBAGENT=1) proving detached delivery and history-only recovery against a real app-server with an OpenAI key, restores the registered-child user-spoof regression test, and registers both codex opt-in live files in the release shard optional-env map.

Closes #97593
Related: #93313
2026-07-12 08:27:40 +01:00
Peter Steinberger
1b1cebfe42 fix(openai): align auth availability with effective routes (#104685)
* feat(openai): add provider-owned route facts

* fix(openai): harden provider route facts

* test(codex): update rebased auth fixtures

* chore: leave release notes to release workflow

* fix(openai): align route auth with current contracts

* test(openai): align route and shard expectations

* test(openai): satisfy route fixture contracts

* fix(openai): preserve direct profile forwarding

* test(models): complete route auth mocks

* test(codex): type compaction factory mock

* fix(openai): preserve provider-native model ids

* test(agents): align route auth fixtures

* style(agents): format route integrations

* test(plugin-sdk): pin current surface counts
2026-07-11 15:26:48 -07:00
Peter Steinberger
96f0983a85 fix(onboarding): skip setup for configured gateways and require inference first (#102883)
* fix(crestodian): keep onboarding RPCs restart-safe

* fix(profiles): isolate approval state migrations

* fix(crestodian): bypass configured gateway setup

* test(crestodian): type onboarding mocks

* fix(onboarding): require inference before Crestodian

* fix(onboarding): enforce verified inference handoff

* fix(macos): reset setup on gateway endpoint edits

* chore(i18n): refresh native source inventory

* fix(gateway): keep socket on request cancellation

* test(packaging): require workspace templates

* fix(onboarding): bind setup to verified inference

* fix(onboarding): align inference gate contracts

* fix(crestodian): classify concurrent policy rejection

* test(crestodian): expect registry restoration

* fix(onboarding): bind setup to configured gateways

* fix(codex): preserve startup phase deadlines

* test(crestodian): match fail-closed policy ordering

* test(onboarding): assert bound gateway handoff

* fix(codex): bind runtime resolution to spawn cwd

* test(crestodian): assert policy rejection order

* fix(cli): preserve gateway routing across restarts

* fix(macos): fail closed during gateway edits

* test(macos): cover gateway route generation races

* chore: keep release notes out of onboarding PR

* fix(ci): refresh onboarding generated checks

* style(swift): align gateway channel formatting

* fix(ci): refresh plugin SDK surface budgets

* fix(ci): resync native string inventory

* refactor(swift): split gateway channel support

* test(doctor): isolate plugin compatibility registry

* test(macos): isolate gateway onboarding fixtures

* test(macos): assert gateway lease health ordering

* fix(codex): reconcile computer-use startup changes
2026-07-11 10:25:14 -07:00
xingzhou
745cfc028e fix(codex): bound shared app-server startup waits (#89442)
* fix(codex): isolated cron reports Codex startup stalls

* fix(codex): isolated cron reports Codex startup stalls

* fix(codex): bound shared app-server startup waits

Co-authored-by: 张贵萍0668001030 <zhang.guiping@xydigit.com>

* test(codex): satisfy startup lifecycle checks

* test(codex): align deferred auth test type

* test(codex): type auth mock as async void

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-11 04:58:55 -07:00
Ayaan Zaidi
1ad346e465 test(codex): align shared-client version fixtures with the 0.143.0 floor 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
bb1da73b14 fix(codex): fail detached-but-leased clients on suspect retirement 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
ca3f247eb2 fix(codex): fan out app-server liveness retirement 2026-07-09 14:26:05 +05:30
Vincent Koc
8a5ad170c0 chore(codex): bump app-server to 0.143.0 2026-07-08 23:07:20 -07:00
Peter Steinberger
e5798e5477 refactor(codex): raise app-server floor to 0.142, drop range compat, fix deferred spawn_agent steering (#101221)
* refactor(codex): raise app-server floor to 0.142 and drop range-compat protocol paths

* refactor(codex): model subagent mirror state as one map

* style(codex): format event-projector

* test(codex): drop unused shared-client test import

* refactor(codex): drop v1-era notification field aliases

* fix(codex): teach models to load deferred native spawn_agent via tool_search

* docs(codex): realign harness config tables

* docs(changelog): note Codex app-server protocol update
2026-07-07 05:48:53 +01:00
Peter Steinberger
3d6a2216ea feat(codex): share native threads across Codex clients (#99821)
* feat(codex): share native threads across clients

* test(codex): track coexistence temp dirs

* fix(codex): preserve native source on thread forks

* test(codex): use public temp fixtures

* fix(codex): preserve owner context for deferred tools

* fix(codex): forward owner identity to dynamic tools

* fix(codex): forward owner status to harness attempts

* docs(security): document shared Codex home

* docs(security): document shared Codex home

* docs(security): document shared Codex home
2026-07-04 01:43:21 -07:00
Ben Badejo
b3ac552c82 fix(codex): prefer desktop app-server for Computer Use on macOS (#96730)
* fix(codex): prefer desktop app-server for Computer Use on macOS

* fix(codex): fall back from stale desktop app-server

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
2026-06-25 14:28:20 -04:00
Bek
46a5a5ee5f fix(media): route OAuth image defaults through Codex (#92824)
Route implicit OpenAI image understanding through the Codex app-server for eligible OpenAI OAuth profiles. Preserve scoped and persisted credential ownership plus the rotating-token refresh lifecycle for isolated clients.

Fixes #87168

Thanks @bek91.
2026-06-14 17:11:18 +08:00
Peter Steinberger
6868cde4d4 docs: document large extension sources 2026-06-04 21:40:44 -04:00
Vincent Koc
5a0d9d6326 fix(codex): retire abandoned app-server startups 2026-06-03 02:55:12 -07:00
Vincent Koc
d10d71cdb6 fix(codex): stabilize app-server cleanup tests 2026-06-01 13:15:05 +02:00
Peter Steinberger
22cb7fb6b7 chore(lint): enable no-promise-executor-return 2026-05-31 23:06:13 +01:00
Peter Steinberger
4c33aaa86c refactor: unify OpenAI provider identity (#88451)
* refactor: unify OpenAI provider identity

* refactor: move legacy oauth sidecar doctor helpers

* test: align OpenAI fixtures after rebase

* test: clean OpenAI provider unification

* fix: finish OpenAI provider cleanup

* fix: finish OpenAI cleanup follow-through

* fix: finish OpenAI CI cleanup
2026-05-31 00:29:44 +01:00
Peter Steinberger
5a7d5c6def fix(codex): bound app-server timeout fallout
Retire timed-out Codex app-server clients with lease-aware cleanup and keep harness-owned timeouts out of provider fallback.
2026-05-26 22:41:02 +01:00
Vincent Koc
5ef812293b fix(codex): bridge cli api-key auth into app-server 2026-05-26 17:19:50 +02:00
Peter Steinberger
191bd7dc9a fix(codex): scope app-server migration cleanup 2026-05-17 01:46:39 +01:00
Peter Steinberger
b30face031 fix(codex): migrate legacy app-server state 2026-05-17 01:46:39 +01:00
Peter Steinberger
84d3b7a389 fix(codex): isolate shared app-server clients 2026-05-17 01:46:39 +01:00
Shakker
bebb36caa5 test: affirm codex native auth calls 2026-05-12 21:13:33 +01:00
Kevin Lin
9ff5250792 fix(codex): gate migration on app readiness (#80815)
* fix(codex): gate migration on app readiness

* fix(codex): preserve source auth during migration

* fix(codex): isolate migration source app probes

* docs(codex): align migration readiness reasons

* docs(codex): remove stale auth-required source reason

* fix(codex): narrow native auth profile resolver input

* fix: clarify codex migration subscription gating

* refactor: simplify codex migration subscription gate

* fix: make codex app verification optional

* docs: clarify codex app inventory cache

* test: avoid map spread in migration test
2026-05-12 13:01:22 -07:00
Peter Steinberger
c9ec1dea71 test: dedupe codex shared client mock calls 2026-05-12 13:01:48 +01:00
Peter Steinberger
dd016a2094 test: tighten matrix account propagation assertions 2026-05-10 19:15:12 +01:00
Shakker
7139aa8ad4 test: tighten codex shared client assertions 2026-05-10 19:09:18 +01:00
Peter Steinberger
6cfb08680e fix(codex): close app-server stdio gracefully 2026-05-08 02:58:27 +01:00
Peter Steinberger
35da7d2c99 refactor: remove legacy agent dir resolver 2026-05-05 20:07:49 +01:00
Vincent Koc
eb1a0aa574 fix(codex): honor app-server auth order 2026-05-03 18:25:19 -07:00
Peter Steinberger
089a3063ee fix: make codex app-server cleanup ownership-aware 2026-05-02 09:45:59 +01:00
Peter Steinberger
e6cd90e3fd fix(agents): keep OAuth auth read-through 2026-04-29 11:54:28 +01:00
pash-openai
edb618c6c4 Manage the Codex app-server binary in OpenClaw (#71808)
* Manage Codex app-server binary

* Use plugin deps for Codex app-server binary

* Stabilize media model registry test

* Exclude checkpoint transcripts from memory ingestion
2026-04-25 16:51:14 -07:00
pashpashpash
34fb96622e Support MCP hooks in the Codex harness (#71707)
* codex harness mcp hook parity

* tighten codex hook parity floor

* prove security-style mcp hook blocking

* bound native hook relay key handling

* clarify permission relay defers to provider

* harden native hook relay approvals

* fix(agents): bound native hook relay JSON work budget

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-04-25 21:35:47 +01:00
EVA
860dad268d [codex] Add contract-first Pi/Codex runtime plan suite (#71096)
* test: add pi codex runtime contract coverage

* test: expand pi codex tool runtime contracts

* test: tighten tool runtime contracts

* test: reset tool contract param cache

* test: document codex tool middleware fixture

* test: type pi tool contract events

* test: satisfy pi tool contract test types

* test: cover tool media telemetry contracts

* test: reset plugin runtime after tool contracts

* test: add auth profile runtime contracts

* test: strengthen auth profile runtime contracts

* test: clarify auth profile contract fixtures

* test: expand auth profile contract matrix

* test: assert unrelated cli auth isolation

* test: expand auth profile contract matrix

* test: tighten auth profile contract expectations

* test: add outcome fallback runtime contracts

* test: strengthen outcome fallback contracts

* test: isolate outcome fallback contracts

* test: cover codex terminal outcome signals

* test: expand terminal fallback contracts

* test: add delivery no reply runtime contracts

* test: document json no-reply delivery gap

* test: align delivery contract fixtures

* test: add transcript repair runtime contracts

* test: tighten transcript repair contracts

* test: add prompt overlay runtime contracts

* test: tighten prompt overlay contract scope

* test: type prompt overlay contracts

* test: add schema normalization runtime contracts

* test: clarify schema normalization contract gaps

* test: simplify schema normalization contracts

* test: tighten schema normalization contract gaps

* test: cover compaction schema contract

* test: satisfy schema contract lint

* test: add transport params runtime contracts

* test: tighten transport params contract scope

* test: isolate transport params contracts

* test: lock exact transport defaults

* feat: add agent runtime plan foundation

* fix: preserve codex harness auth profiles

* fix: route followup delivery through runtime plan

* fix: normalize parameter-free openai tool schemas

* fix: satisfy runtime plan type checks

* fix: narrow followup delivery runtime planning

* fix: apply codex app-server auth profiles

* fix: classify codex terminal outcomes

* fix: prevent harness auth leakage into unrelated cli providers

* feat: expand agent runtime plan policy contract

* fix: route pi runtime policy through runtime plan

* fix: route codex runtime policy through runtime plan

* fix: route fallback outcome classification through runtime plan

* refactor: make runtime plan contracts topology-safe

* fix: restore runtime plan test type coverage

* fix: align runtime plan schema contract assertions

* fix: stabilize incomplete turn runtime tests

* fix: stabilize codex native web search test

* fix: preserve codex auth profile secret refs

* fix: keep runtime resolved refs canonical

* fix: preserve permissive nested openai schemas

* fix: accept Codex auth provider aliases

* test: update media-only groups mock

* fix: resolve runtime plan rebase checks

* fix: resolve runtime plan rebase checks

---------

Co-authored-by: Eva <eva@100yen.org>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-04-24 18:34:01 +01:00
Peter Steinberger
d88d6a3c8b fix: complete codex app-server turns in docker 2026-04-23 05:35:17 +01:00
Peter Steinberger
4285958bcd test(codex): cover websocket token rotation (#70328) (thanks @Lucenx9) 2026-04-22 23:37:58 +01:00
Lucenx9
15f285c0cb fix(codex): scope stale shared-client cleanup 2026-04-22 23:37:58 +01:00
Lucenx9
0bc5ccc706 fix(codex): rotate shared app-server clients on auth changes 2026-04-22 23:37:58 +01:00
Peter Steinberger
78f9f3093e test: share codex app-server test helpers 2026-04-20 16:39:15 +01:00
Vincent Koc
859eb06662 refactor(auth): route codex runtimes through canonical oauth 2026-04-18 21:27:27 +01:00
Vincent Koc
c902d20eb7 test(codex): share app-server client harness 2026-04-12 09:17:44 +01:00
Peter Steinberger
9ac7a03982 fix: harden codex app-server harness 2026-04-11 00:13:08 +01:00
Peter Steinberger
3f6af907f7 test(codex): cover app-server command seams 2026-04-10 23:07:25 +01:00