Files
openclaw/extensions/codex/src/command-rpc.ts
Peter Steinberger f94a7dc183 feat(codex): supervise native Codex sessions (#104045)
* feat(codex): add native session supervision

* fix(codex): harden supervision integration

* fix(codex): preserve locked harness ownership

* fix(codex): fence native session archive

* fix(codex): revalidate archive binding ownership

* feat(codex): integrate supervision runtime

* feat(sessions): preserve harness-owned execution

* feat(sessions): persist harness ownership invariants

* feat(gateway): enforce harness-owned sessions

* feat(setup): enable detected Codex supervision

* feat(mac): expose supervised Codex sessions

* feat(ui): make Codex sessions actionable

* docs(codex): document session supervision

* test(codex): cover integration ownership

* chore(i18n): refresh supervision inventories

* fix(setup): finalize Codex activation atomically

* test(codex): narrow binding store update

* fix(sessions): preserve legacy model locks

* test(macos): serialize Codex catalog fixtures

* fix(sessions): preserve legacy lock admission

* chore(i18n): reconcile supervision metadata

* test(sessions): mark legacy lock fixture

* fix(macos): drain final Codex catalog frame

* docs: leave supervision note to release

* style(macos): satisfy Codex catalog type length

* chore: record session accessor seam owners

* fix(macos): honor configured Codex supervision

* fix(codex): preserve harness-owned model locks

* fix(codex): satisfy supervision lint gates

* chore(i18n): refresh native supervision inventory

* fix(codex): align supervision validation contracts

* fix(codex): close supervision boundary gaps

* fix(codex): preserve supervision activation contracts

* fix(codex): dispose standalone supervision runtime

* fix(codex): pin supervised source connection

* fix(plugins): bind delegated runs to exact session target

* fix(codex): scope supervised sessions to configured agents

* fix(codex): fingerprint effective supervision home

* fix(codex): normalize supervision plugin policy

* fix(codex): keep supervised bindings stable across upgrades

* fix(codex): guard all supervised binding connections

* fix(codex): preserve catalog filters and pending CAS identity

* fix(codex): preserve supervision identity for diagnostics

* fix(codex): bind uncertain commits to supervision connection

* fix(codex): satisfy supervision type boundaries

* fix(macos): reconcile current main validation

* fix(codex): handle absent runtime config in supervision

* fix(doctor): own local audio acceleration check

* fix(codex): satisfy integration lint gates

* fix(codex): satisfy lifecycle safety guards
2026-07-11 00:12:08 -07:00

153 lines
4.6 KiB
TypeScript

// Codex plugin module implements command rpc behavior.
import type { resolveCodexAppServerAuthProfileIdForAgent } from "./app-server/auth-bridge.js";
import {
CODEX_CONTROL_METHODS,
describeControlFailure,
type CodexControlMethod,
} from "./app-server/capabilities.js";
import {
resolveCodexAppServerRuntimeOptions,
type CodexAppServerStartOptions,
} from "./app-server/config.js";
import { listCodexAppServerModels } from "./app-server/models.js";
import type {
CodexAppServerRequestMethod,
CodexAppServerRequestParams,
CodexAppServerRequestResult,
JsonValue,
} from "./app-server/protocol.js";
import { requestCodexAppServerJson } from "./app-server/request.js";
export type SafeValue<T> = { ok: true; value: T } | { ok: false; error: string };
type AuthProfileOrderConfig = Parameters<
typeof resolveCodexAppServerAuthProfileIdForAgent
>[0]["config"];
export type CodexControlRequestOptions = {
config?: AuthProfileOrderConfig;
authProfileId?: string | null;
agentDir?: string;
sessionKey?: string;
sessionId?: string;
isolated?: boolean;
startOptions?: CodexAppServerStartOptions;
timeoutMs?: number;
};
export function requestOptions(
pluginConfig: unknown,
limit: number,
config?: AuthProfileOrderConfig,
) {
const runtime = resolveCodexAppServerRuntimeOptions({ pluginConfig });
return {
limit,
timeoutMs: runtime.requestTimeoutMs,
startOptions: runtime.start,
config,
};
}
type CodexControlRequestMethod = CodexControlMethod & CodexAppServerRequestMethod;
export function codexControlRequest<M extends CodexControlRequestMethod>(
pluginConfig: unknown,
method: M,
requestParams: CodexAppServerRequestParams<M>,
options?: CodexControlRequestOptions,
): Promise<CodexAppServerRequestResult<M>>;
export function codexControlRequest(
pluginConfig: unknown,
method: CodexControlMethod,
requestParams?: JsonValue,
options?: CodexControlRequestOptions,
): Promise<JsonValue | undefined>;
export async function codexControlRequest(
pluginConfig: unknown,
method: CodexControlMethod,
requestParams?: unknown,
options: CodexControlRequestOptions = {},
): Promise<unknown> {
const runtime = resolveCodexAppServerRuntimeOptions({ pluginConfig });
return await requestCodexAppServerJson({
method,
requestParams,
timeoutMs: options.timeoutMs ?? runtime.requestTimeoutMs,
startOptions: options.startOptions ?? runtime.start,
config: options.config,
sessionKey: options.sessionKey,
sessionId: options.sessionId,
authProfileId: options.authProfileId,
agentDir: options.agentDir,
isolated: options.isolated,
});
}
export function safeCodexControlRequest<M extends CodexControlRequestMethod>(
pluginConfig: unknown,
method: M,
requestParams: CodexAppServerRequestParams<M>,
options?: CodexControlRequestOptions,
): Promise<SafeValue<CodexAppServerRequestResult<M>>>;
export function safeCodexControlRequest(
pluginConfig: unknown,
method: CodexControlMethod,
requestParams?: JsonValue,
options?: CodexControlRequestOptions,
): Promise<SafeValue<JsonValue | undefined>>;
export async function safeCodexControlRequest(
pluginConfig: unknown,
method: CodexControlMethod,
requestParams?: unknown,
options: CodexControlRequestOptions = {},
): Promise<SafeValue<unknown>> {
return await safeValue(
async () =>
await codexControlRequest(pluginConfig, method, requestParams as JsonValue, options),
);
}
async function safeCodexModelList(
pluginConfig: unknown,
limit: number,
config?: AuthProfileOrderConfig,
) {
return await safeValue(
async () => await listCodexAppServerModels(requestOptions(pluginConfig, limit, config)),
);
}
export async function readCodexStatusProbes(
pluginConfig: unknown,
config?: AuthProfileOrderConfig,
) {
const [models, account, limits, mcps, skills] = await Promise.all([
safeCodexModelList(pluginConfig, 20, config),
safeCodexControlRequest(
pluginConfig,
CODEX_CONTROL_METHODS.account,
{ refreshToken: false },
{ config },
),
safeCodexControlRequest(pluginConfig, CODEX_CONTROL_METHODS.rateLimits, undefined, { config }),
safeCodexControlRequest(
pluginConfig,
CODEX_CONTROL_METHODS.listMcpServers,
{ limit: 100 },
{ config },
),
safeCodexControlRequest(pluginConfig, CODEX_CONTROL_METHODS.listSkills, {}, { config }),
]);
return { models, account, limits, mcps, skills };
}
export async function safeValue<T>(read: () => Promise<T>): Promise<SafeValue<T>> {
try {
return { ok: true, value: await read() };
} catch (error) {
return { ok: false, error: describeControlFailure(error) };
}
}