Files
openclaw/scripts/prepare-codex-ci-config.ts
Peter Steinberger e580275464 feat(tooling): enforce noUncheckedIndexedAccess in the scripts lane (NUIA phase 5) (#105180)
* feat(tooling): enforce noUncheckedIndexedAccess in the scripts lane

Burns down all 153 scripts-lane errors (bench aggregation, release
checks, i18n inventories, argv indexing) and flips the flag in
tsconfig.scripts.json. Direct-Node-executed release harness scripts use
local narrowing instead of workspace imports, which do not resolve
under plain node execution. Benchmark measured loops untouched.

* fix(scripts): import expect helpers via relative package sources

tsconfig path aliases resolve from cwd under tsx, so release wrapper
scripts running against old release target cwds could not resolve
@openclaw/normalization-core (not a linked root dependency). Relative
package-source imports match the established pattern on the adjacent
lines and are cwd-independent; old-target planning verified directly.
2026-07-12 10:17:00 +01:00

58 lines
2.1 KiB
TypeScript

// Prepare Codex Ci Config script supports OpenClaw repository automation.
import fs from "node:fs/promises";
import path from "node:path";
import { expectDefined } from "../packages/normalization-core/src/expect.js";
function tomlString(value: string): string {
return JSON.stringify(value);
}
export function buildCiSafeCodexConfig(params: {
projectPath: string;
approvalPolicy?: string;
modelReasoningEffort?: string;
sandboxMode?: string;
}): string {
if (!params.projectPath || typeof params.projectPath !== "string") {
throw new Error("projectPath is required.");
}
const resolvedProjectPath = path.resolve(params.projectPath);
const approvalPolicy = params.approvalPolicy ?? "never";
const modelReasoningEffort = params.modelReasoningEffort ?? "low";
const sandboxMode = params.sandboxMode ?? "workspace-write";
return [
"# Generated for Codex CI runs.",
"# Keep the checked-out repo trusted while avoiding maintainer-local",
"# provider/profile overrides that do not exist on CI runners.",
`approval_policy = ${tomlString(approvalPolicy)}`,
`sandbox_mode = ${tomlString(sandboxMode)}`,
`model_reasoning_effort = ${tomlString(modelReasoningEffort)}`,
"",
`[projects.${tomlString(resolvedProjectPath)}]`,
'trust_level = "trusted"',
"",
].join("\n");
}
export async function writeCiSafeCodexConfig(params: {
outputPath: string;
projectPath: string;
approvalPolicy?: string;
modelReasoningEffort?: string;
sandboxMode?: string;
}): Promise<string> {
if (!params.outputPath || typeof params.outputPath !== "string") {
throw new Error("outputPath is required.");
}
const rendered = buildCiSafeCodexConfig(params);
await fs.mkdir(path.dirname(params.outputPath), { recursive: true });
await fs.writeFile(params.outputPath, rendered, "utf-8");
return rendered;
}
if (path.basename(process.argv[1] ?? "") === "prepare-codex-ci-config.ts") {
const outputPath = expectDefined(process.argv[2], "Codex CI config output path");
const projectPath = process.argv[3] ?? process.cwd();
await writeCiSafeCodexConfig({ outputPath, projectPath });
}