mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-17 23:01:36 +00:00
* feat(codex): add native session supervision * fix(codex): harden supervision integration * fix(codex): preserve locked harness ownership * fix(codex): fence native session archive * fix(codex): revalidate archive binding ownership * feat(codex): integrate supervision runtime * feat(sessions): preserve harness-owned execution * feat(sessions): persist harness ownership invariants * feat(gateway): enforce harness-owned sessions * feat(setup): enable detected Codex supervision * feat(mac): expose supervised Codex sessions * feat(ui): make Codex sessions actionable * docs(codex): document session supervision * test(codex): cover integration ownership * chore(i18n): refresh supervision inventories * fix(setup): finalize Codex activation atomically * test(codex): narrow binding store update * fix(sessions): preserve legacy model locks * test(macos): serialize Codex catalog fixtures * fix(sessions): preserve legacy lock admission * chore(i18n): reconcile supervision metadata * test(sessions): mark legacy lock fixture * fix(macos): drain final Codex catalog frame * docs: leave supervision note to release * style(macos): satisfy Codex catalog type length * chore: record session accessor seam owners * fix(macos): honor configured Codex supervision * fix(codex): preserve harness-owned model locks * fix(codex): satisfy supervision lint gates * chore(i18n): refresh native supervision inventory * fix(codex): align supervision validation contracts * fix(codex): close supervision boundary gaps * fix(codex): preserve supervision activation contracts * fix(codex): dispose standalone supervision runtime * fix(codex): pin supervised source connection * fix(plugins): bind delegated runs to exact session target * fix(codex): scope supervised sessions to configured agents * fix(codex): fingerprint effective supervision home * fix(codex): normalize supervision plugin policy * fix(codex): keep supervised bindings stable across upgrades * fix(codex): guard all supervised binding connections * fix(codex): preserve catalog filters and pending CAS identity * fix(codex): preserve supervision identity for diagnostics * fix(codex): bind uncertain commits to supervision connection * fix(codex): satisfy supervision type boundaries * fix(macos): reconcile current main validation * fix(codex): handle absent runtime config in supervision * fix(doctor): own local audio acceleration check * fix(codex): satisfy integration lint gates * fix(codex): satisfy lifecycle safety guards
153 lines
4.6 KiB
TypeScript
153 lines
4.6 KiB
TypeScript
// Codex plugin module implements command rpc behavior.
|
|
import type { resolveCodexAppServerAuthProfileIdForAgent } from "./app-server/auth-bridge.js";
|
|
import {
|
|
CODEX_CONTROL_METHODS,
|
|
describeControlFailure,
|
|
type CodexControlMethod,
|
|
} from "./app-server/capabilities.js";
|
|
import {
|
|
resolveCodexAppServerRuntimeOptions,
|
|
type CodexAppServerStartOptions,
|
|
} from "./app-server/config.js";
|
|
import { listCodexAppServerModels } from "./app-server/models.js";
|
|
import type {
|
|
CodexAppServerRequestMethod,
|
|
CodexAppServerRequestParams,
|
|
CodexAppServerRequestResult,
|
|
JsonValue,
|
|
} from "./app-server/protocol.js";
|
|
import { requestCodexAppServerJson } from "./app-server/request.js";
|
|
|
|
export type SafeValue<T> = { ok: true; value: T } | { ok: false; error: string };
|
|
|
|
type AuthProfileOrderConfig = Parameters<
|
|
typeof resolveCodexAppServerAuthProfileIdForAgent
|
|
>[0]["config"];
|
|
|
|
export type CodexControlRequestOptions = {
|
|
config?: AuthProfileOrderConfig;
|
|
authProfileId?: string | null;
|
|
agentDir?: string;
|
|
sessionKey?: string;
|
|
sessionId?: string;
|
|
isolated?: boolean;
|
|
startOptions?: CodexAppServerStartOptions;
|
|
timeoutMs?: number;
|
|
};
|
|
|
|
export function requestOptions(
|
|
pluginConfig: unknown,
|
|
limit: number,
|
|
config?: AuthProfileOrderConfig,
|
|
) {
|
|
const runtime = resolveCodexAppServerRuntimeOptions({ pluginConfig });
|
|
return {
|
|
limit,
|
|
timeoutMs: runtime.requestTimeoutMs,
|
|
startOptions: runtime.start,
|
|
config,
|
|
};
|
|
}
|
|
|
|
type CodexControlRequestMethod = CodexControlMethod & CodexAppServerRequestMethod;
|
|
|
|
export function codexControlRequest<M extends CodexControlRequestMethod>(
|
|
pluginConfig: unknown,
|
|
method: M,
|
|
requestParams: CodexAppServerRequestParams<M>,
|
|
options?: CodexControlRequestOptions,
|
|
): Promise<CodexAppServerRequestResult<M>>;
|
|
export function codexControlRequest(
|
|
pluginConfig: unknown,
|
|
method: CodexControlMethod,
|
|
requestParams?: JsonValue,
|
|
options?: CodexControlRequestOptions,
|
|
): Promise<JsonValue | undefined>;
|
|
export async function codexControlRequest(
|
|
pluginConfig: unknown,
|
|
method: CodexControlMethod,
|
|
requestParams?: unknown,
|
|
options: CodexControlRequestOptions = {},
|
|
): Promise<unknown> {
|
|
const runtime = resolveCodexAppServerRuntimeOptions({ pluginConfig });
|
|
return await requestCodexAppServerJson({
|
|
method,
|
|
requestParams,
|
|
timeoutMs: options.timeoutMs ?? runtime.requestTimeoutMs,
|
|
startOptions: options.startOptions ?? runtime.start,
|
|
config: options.config,
|
|
sessionKey: options.sessionKey,
|
|
sessionId: options.sessionId,
|
|
authProfileId: options.authProfileId,
|
|
agentDir: options.agentDir,
|
|
isolated: options.isolated,
|
|
});
|
|
}
|
|
|
|
export function safeCodexControlRequest<M extends CodexControlRequestMethod>(
|
|
pluginConfig: unknown,
|
|
method: M,
|
|
requestParams: CodexAppServerRequestParams<M>,
|
|
options?: CodexControlRequestOptions,
|
|
): Promise<SafeValue<CodexAppServerRequestResult<M>>>;
|
|
export function safeCodexControlRequest(
|
|
pluginConfig: unknown,
|
|
method: CodexControlMethod,
|
|
requestParams?: JsonValue,
|
|
options?: CodexControlRequestOptions,
|
|
): Promise<SafeValue<JsonValue | undefined>>;
|
|
export async function safeCodexControlRequest(
|
|
pluginConfig: unknown,
|
|
method: CodexControlMethod,
|
|
requestParams?: unknown,
|
|
options: CodexControlRequestOptions = {},
|
|
): Promise<SafeValue<unknown>> {
|
|
return await safeValue(
|
|
async () =>
|
|
await codexControlRequest(pluginConfig, method, requestParams as JsonValue, options),
|
|
);
|
|
}
|
|
|
|
async function safeCodexModelList(
|
|
pluginConfig: unknown,
|
|
limit: number,
|
|
config?: AuthProfileOrderConfig,
|
|
) {
|
|
return await safeValue(
|
|
async () => await listCodexAppServerModels(requestOptions(pluginConfig, limit, config)),
|
|
);
|
|
}
|
|
|
|
export async function readCodexStatusProbes(
|
|
pluginConfig: unknown,
|
|
config?: AuthProfileOrderConfig,
|
|
) {
|
|
const [models, account, limits, mcps, skills] = await Promise.all([
|
|
safeCodexModelList(pluginConfig, 20, config),
|
|
safeCodexControlRequest(
|
|
pluginConfig,
|
|
CODEX_CONTROL_METHODS.account,
|
|
{ refreshToken: false },
|
|
{ config },
|
|
),
|
|
safeCodexControlRequest(pluginConfig, CODEX_CONTROL_METHODS.rateLimits, undefined, { config }),
|
|
safeCodexControlRequest(
|
|
pluginConfig,
|
|
CODEX_CONTROL_METHODS.listMcpServers,
|
|
{ limit: 100 },
|
|
{ config },
|
|
),
|
|
safeCodexControlRequest(pluginConfig, CODEX_CONTROL_METHODS.listSkills, {}, { config }),
|
|
]);
|
|
|
|
return { models, account, limits, mcps, skills };
|
|
}
|
|
|
|
export async function safeValue<T>(read: () => Promise<T>): Promise<SafeValue<T>> {
|
|
try {
|
|
return { ok: true, value: await read() };
|
|
} catch (error) {
|
|
return { ok: false, error: describeControlFailure(error) };
|
|
}
|
|
}
|