Fix Termux/Android compatibility issues (DNS, locking, Android target support)#5
Fix Termux/Android compatibility issues (DNS, locking, Android target support)#5wallentx wants to merge 364 commits into
Conversation
d61ca4b to
6c3d14b
Compare
|
Hi, do you know if this will continue to work with, and maybe improve, https://github.com/termux-user-repository/tur/blob/cf26feef42820d03b7061866ee5f456324657a7a/tur/codex/build.sh ? |
The current TUR provided codex is impacted by the issue that my PR resolves, so if I get an invite to PR upstream, this should fix at least the locking issues. I had some code change logic to handle the absence of /etc/resolve.conf on android, but found that simply adding an aarch64-linux-android target made all of that unnecessary.. but if this never gets merged upstream, I could provide a patch with that original conditional logic so that this can be fully solved via patches in the TUR. Are you a maintainer, @robertkirkman ? |
Yes, I have merge permission for TUR. If you want users of Codex on TUR to get this fix, you could also submit this to https://github.com/termux-user-repository/tur/pulls and I would be able to approve it there, and then whenever this version gets merged the patch could be removed from the TUR version when it gets updated. |
4cccbca to
89ee71b
Compare
|
Upstream, they have made a prerelease for rusty-v8 that they are using to test artifacts against their release binaries https://github.com/openai/codex/releases/tag/rusty-v8-v147.4.0 Then I can mirror their upstream prerelease for rust-v8-v147.4.0 which will also include my android artifacts, and this PR might actually be suitable for upstream merging. |
438ac09 to
7ead295
Compare
…-193 # Conflicts: # .github/scripts/run-bazel-query-ci.sh # .github/scripts/run_bazel_with_buildbuddy.py # .github/scripts/test_run_bazel_with_buildbuddy.py
Termux rust-v0.138.0-alpha.6
…nt/wallentx_termux-target_from_release_0.138.0_de617be6e04e
…et_from_release_0.138.0_de617be6e04e checkpoint: into wallentx/termux-target from release/0.138.0 @ de617be
Termux rust-v0.138.0-alpha.7
…nt/wallentx_termux-target_from_release_0.138.0_2ae55f9a4229
…et_from_release_0.138.0_2ae55f9a4229 checkpoint: into wallentx/termux-target from release/0.138.0 @ 2ae55f9
- The `/app` command can now hand off the current CLI thread into Codex Desktop on macOS and native Windows, and Windows workspace launches can open directly into Desktop instead of stopping at a manual prompt. (openai#25638, openai#26500) - Local image attachments and standalone image generations now expose their saved file paths to the model, which makes follow-up edits and file references more reliable. (openai#25944, openai#25947) - Reasoning effort selection is more flexible: the TUI adds fallback shortcuts for terminals that miss `Alt` bindings, and model-defined effort levels now flow through in the order advertised by the model. (openai#25623, openai#26444, openai#26446) - App-server integrations can now read account token usage, and Codex auth supports v2 personal access tokens in CLI and app-server flows. (openai#25344, openai#25731) - Plugin automation got richer structured output: add/remove and marketplace commands support `--json`, plugin list JSON includes marketplace source, and plugin detail data now exposes default prompts, remote MCP servers, and unavailable app templates. (openai#26631, openai#26417, openai#25887, openai#26453, openai#26317) ## Bug Fixes - Goal workflows are more predictable: multiline paste in `/goal edit` no longer submits early, idle auto-turns stay out of Plan mode, and goals stop auto-continuing after terminal turn failures. (openai#26047, openai#26147, openai#26690) - Forked threads now keep user-renamed titles instead of falling back to the original first-prompt name. (openai#26075) - The TUI no longer adds extra blank space while streaming, and cancelled prompts reopen with the cursor at the end so you can keep editing naturally. (openai#26636, openai#26457) - TUI config write failures now show the underlying cause, making validation problems and read-only filesystem issues much easier to diagnose. (openai#26537) - Startup is more resilient across environments, with support for `/usr/bin/bash`, shorter Linux proxy socket paths, and pre-refresh of expired OAuth-backed MCP credentials. (openai#26538, openai#26553, openai#26482) - Workspace instruction loading is more accurate for remote and symlinked workspaces, so the right `AGENTS.md` files are picked up consistently. (openai#26205, openai#26465) ## Documentation - The CLI README was refreshed to remove stale guidance and better match the current documentation flow. (openai#26313) ## Chores - TUI startup does less repeated plugin work by reusing discovery results and loading only hook metadata on the critical path. (openai#26469, openai#26272) - `resume --last` now finds the newest matching session through the state DB first, which speeds up restore on large local histories. (openai#26462) - Large MCP/Ollama streams and long message histories process much faster thanks to optimized byte scanning. (openai#26265) ## Changelog Full Changelog: openai/codex@rust-v0.137.0...rust-v0.138.0 - openai#26179 nit: small prompt update for MAv2 @jif-oai - openai#26175 feat: guard git enrichment @jif-oai - openai#26047 Fix multiline paste in /goal edit @etraut-openai - openai#25700 core: stop threading SandboxPolicy through exec @bolinfest - openai#25925 [codex] Copy user Bazel settings into Codex worktrees @anp-oai - openai#26216 [codex] Pin Python SDK to runtime 0.137.0a4 @aibrahim-oai - openai#25887 Preserve remote plugin default prompts @ericning-o - openai#25944 Expose local image paths to models @won-openai - openai#25469 [profile-switcher][rust] -- [1/2] Add app-server account session protocol @dhruvgupta-oai - openai#26075 Fix forked thread name inheritance @etraut-openai - openai#25960 Restore Windows coverage for code-mode image generation exposure @won-openai - openai#26226 [codex] Split Python runtime release workflow @aibrahim-oai - openai#26254 feat: catalog multi-agent v2 config @jif-oai - openai#26251 Rewrite oversized tool outputs during remote compaction @pakrym-oai - openai#26260 codex-pr-body: avoid confidential references @anp-oai - openai#26074 Use Windows setup marker as completion signal @abhinav-oai - openai#26002 log plugin MCP server names @chrisdong-oai - openai#25623 fix(tui): add reasoning effort fallback shortcuts @fcoury-oai - openai#25638 feat(tui): add /app desktop handoff @fcoury-oai - openai#26189 cli: add package path from install context @bolinfest - openai#25946 [codex-analytics] report compaction request token counts @rhan-oai - openai#26252 ci: sign macOS release artifacts with Azure Key Vault @eburke-openai - openai#26367 chore: calm down @jif-oai - openai#26147 Gate automatic idle turns in Plan mode @jif-oai - openai#26172 Bridge host-loaded skills into the skills extension @jif-oai - openai#26265 Optimize unbounded byte scans with memchr @charliemarsh-oai - openai#26396 Reduce SQLite contention from OpenTelemetry SDK debug logs @zanie-oai - openai#26272 Load plugin hooks without other plugin capabilities @charliemarsh-oai - openai#26313 Simplify Codex CLI README @etraut-openai - openai#25947 Add saved image path hint to standalone image generation @won-openai - openai#26291 Bound external agent session detection work @stefanstokic-oai - openai#26417 Expose configured marketplace source in plugin list JSON @mpc-oai - openai#26436 app-server: support -c config overrides @bolinfest - openai#26435 external-agent-migration: avoid mixed MCP transport configs @stefanstokic-oai - openai#26248 [codex-analytics] emit forked thread id on initialization @kbazzi - openai#26320 core: allow excluding tool namespaces from code mode @sayan-oai - openai#25945 Use Azure artifact signing environment secrets @shijie-oai - openai#26205 Route AGENTS.md loading through environment filesystems @anp-oai - openai#26445 [codex] Fix Windows sandbox build script lint @pakrym-oai - openai#23710 build: use ThinLTO for release binaries @anp-oai - openai#26447 Remove response.processed websocket request @pakrym-oai - openai#26312 Cleanup experimentalFeature/enablement/set @mzeng-openai - openai#26444 [codex] Support model-defined reasoning efforts @aibrahim-oai - openai#26446 [codex] Use model-advertised reasoning effort order @aibrahim-oai - openai#26466 Use Winget release environment secret @shijie-oai - openai#26465 [codex] Preserve logical paths during AGENTS.md discovery @anp-oai - openai#26453 fix(app-server): expose remote MCP servers in plugin read @ericning-o - openai#26473 Add skill for pushing CI configuration changes @anp-oai - openai#26317 [codex] Expose unavailable app templates in plugin detail @charlesgong-openai - openai#26471 Improve Windows sandbox setup refresh diagnostics @iceweasel-oai - openai#26431 Pull plugin service less frequently @beggers-openai - openai#25000 ci: test windows cross build @cconger - openai#25955 [codex] Emit sandbox outcome telemetry event @rreichel3-oai - openai#26487 [codex] Add use_responses_lite 'override' logic @rka-oai - openai#26482 fix(rmcp): refresh expired OAuth tokens before startup @anp-oai - openai#26256 [codex] Keep Bazel startup options stable across commands @anp-oai - openai#26499 core: derive exec policy filesystem policy from profile @bolinfest - openai#26215 feat(remote-control): allow pairing while disabled @apanasenko-oai - openai#26480 [codex] Add environment shell info @pakrym-oai - openai#26210 Encrypt multi-agent v2 message payloads @jif-oai - openai#26566 nit: doc @jif-oai - openai#25710 [codex] Forward turn moderation metadata through app-server @carlc-oai - openai#26599 [codex] Keep v1 spawn metadata visible @jif-oai - openai#26610 refactor: split agent control modules @jif-oai - openai#25344 feat(app-server): expose account token usage [1 of 2] @fcoury-oai - openai#26553 [codex] Fix long proxy socket paths @viyatb-oai - openai#26537 Surface TUI config write error causes @etraut-openai - openai#26500 Open Windows app workspaces via deep link @etraut-openai - openai#26551 Fix `/goal` usage text for control commands @etraut-openai - openai#26554 Render code comment directives in TUI replay @etraut-openai - openai#26623 feat: reload v2 agents on delivery @jif-oai - openai#26532 Require absolute cwd in thread settings @pakrym-oai - openai#26625 [codex] Allow socketpair in proxy-routed Linux sandbox @viyatb-oai - openai#26538 [codex] Add /usr/bin/bash shell fallback @pakrym-oai - openai#26449 feat(remote-control): add pairing status transport @hefuc-oai - openai#26433 Make turn diff tracker multi-env aware @pakrym-oai - openai#26636 fix(tui): avoid doubled blank rows while streaming @fcoury-oai - openai#26450 feat(app-server): add remote control pairing status RPC @hefuc-oai - openai#26335 Clean up Rust release workflow @shijie-oai - openai#26547 [1 of 2] Align goal extension with core behavior @etraut-openai - openai#26181 fix(tui): Windows composer background @fcoury-oai - openai#26457 fix(tui): restore cancelled prompt cursor at end @fcoury-oai - openai#26307 [codex] Respect Windows sandbox backend in exec policy @iceweasel-oai - openai#26484 [codex] Add turn profiling analytics @aibrahim-oai - openai#26552 Make runtime workspace roots absolute in app-server API @pakrym-oai - openai#26462 Use state DB first for `resume --last` @charliemarsh-oai - openai#26469 Speed up TUI startup by reusing plugin discovery @charliemarsh-oai - openai#26631 Add JSON output for plugin subcommands @mpc-oai - openai#26669 [codex] Bound WSL local curated discovery @xl-openai - openai#26548 [2 of 2] Finish moving goal runtime to extension @etraut-openai - openai#26674 protocol: remove submission-side serde from Op @pakrym-oai - openai#26690 Block active goals after terminal turn errors @etraut-openai - openai#25936 [codex] Remove legacy remote plugin startup sync @xl-openai - openai#26490 [codex] Use standalone tools for Responses Lite @rka-oai - openai#26013 [codex] Gate terminal visualization instructions in TUI @vie-oai - openai#25731 [codex-rs] support v2 personal access tokens @cooper-oai - openai#26542 [codex] Send Responses Lite transport header @rka-oai - openai#24852 permissions: enforce managed permission profile allowlists @viyatb-oai - openai#26698 [codex] Deduplicate skill load warnings @xl-openai - openai#26716 Remove `just bench-smoke` from `just test`. @anp-oai
Termux rust-v0.138.0-alpha.8
This PR depends on [openai#31296](openai#31296) for the canonical-to-legacy event mappings. ## Description This PR makes dynamic tools emit canonical `TurnItem::DynamicToolCall` lifecycle instead of `DynamicToolCallRequest` / `DynamicToolCallResponse` directly. App-server v2 now sends the client `DynamicToolCall` request from the canonical item start. It ignores the mapped legacy request/response events, so clients receive one item start and one tool request. ## Why Dynamic tools are a separate migration boundary because their start event also drives a client request. Keeping that routing change isolated makes it easier to verify that the request still happens exactly once. ## What changed - Emit in-progress and completed/failed dynamic tool items from the dynamic tool handler. - Move app-server client request dispatch onto canonical dynamic item starts. - Add focused app-server coverage for the canonical start notification and client request.
## Why Before changing plugin namespace loading performance, lock down the existing behavior so the same cases can be validated before and after the optimization. ## What - cover mixed plain and nested plugin skills under one scan root - cover inherited, nested, and invalid-manifest namespace precedence - cover symlinked plugin skill directories, symlinked plain directories, and scan-root ancestor symlinks ## Validation - just test -p codex-core-skills namespace on unmodified main: 12 passed
## Why Intel macOS release binaries crash on the first Code Mode tool call while V8 creates its code range. The x86_64 V8 allocator later makes a non-`MAP_JIT` reservation executable, which Hardened Runtime rejects when the signature contains only `com.apple.security.cs.allow-jit`. Tracks [SE-8006](https://linear.app/openai/issue/SE-8006/intel-macos-codex-cli-crashes-in-v8-startup-on-gpt-56-sol-tool-calls). Fixes openai#28390. ## What - add an expanded entitlement profile only for x86_64 `codex` and `codex-app-server`, the release binaries that link V8 - keep arm64 and `codex-responses-api-proxy` on the existing narrower profile - share one fail-closed target/binary selector between signing and final verification - verify the expected Mach-O architecture and exact entitlement dictionary for the signed binary, tar.gz, zstd, package, and DMG copies ## Verification - `just test-github-scripts` (34 tests) - `UV_CACHE_DIR=/private/tmp/codex-uv-cache just fmt-check` - `bash -n .github/scripts/macos-signing/select_codex_entitlements.sh` - `plutil -lint` on both entitlement profiles - parsed `rust-release.yml` as YAML - `git diff --check` - ad-hoc Hardened Runtime signing smoke on an x86_64 Mach-O slice: strict `codesign` verification passed; the Codex profile contained exactly both keys and the proxy profile retained exactly `allow-jit` ## Release validation Run a native Intel smoke of the final Developer ID-signed x86_64 Codex binary through V8 isolate creation before shipping. PR openai#30849 is diagnostic scaffolding, but its non-sandbox release job currently fails in the harness before V8 starts, so it is not counted as coverage here.
## Summary - refactor `ExternalAuth` to return `CodexAuth` directly - remove the parallel `ExternalAuthTokens` wrapper - preserve existing external bearer and app-server refresh behavior This is a mechanical precursor refactor; it does not add auth capabilities or change recovery behavior. ## Testing - `cargo fmt --all` - `cargo test -q -p codex-login --lib` - `cargo test -q -p codex-app-server --test all external_auth_refreshes_on_unauthorized`
## Why Windows Bazel test shards currently cap local test actions at 4. Controlled forced-test-execution measurements in openai#31339 found that 8 local jobs reduced Bazel elapsed time on every shard by 19–29%, including the slow shard from 835.5s to 609.3s, while 12 jobs regressed. ## What Set `common:ci-windows-cross --local_test_jobs=8` in `.bazelrc`. ## Manual validation - `git diff --check` - `just fmt` - [8-job CI experiment](https://github.com/openai/codex/actions/runs/28838387129)
## Summary - Adds `writes` to `AppToolApproval` and exposes it through config and app-server schemas, including `[apps._default].default_tools_approval_mode`. - In `writes`, tools with `readOnlyHint = true` skip approval; all other tools prompt, including non-destructive writes and tools without annotations. - Prevents session or persistent approval choices in this mode so later writes still prompt. ## Why `auto` only prompts for risk-hinted actions, while `prompt` also interrupts reads. Apps need a middle mode that gates writes without prompting for declared read-only actions. ## Validation - `just write-config-schema` - `just write-app-server-schema` - `just fmt` - `just test -p codex-core mcp_turn_metadata` (4 passed) - `just test -p codex-core writes_mode` (2 passed) - `just test -p codex-app-server config_read_includes_apps` (1 passed) - `just test -p codex-app-server-protocol` (251 passed) - `just test -p codex-config` (200 passed) - `just test -p codex-cli` (300 passed) - `just fix -p codex-core -p codex-config -p codex-app-server-protocol -p codex-app-server -p codex-cli`
## Summary - Treat streamed Responses `bio_policy` failures as terminal invalid requests instead of retryable stream errors. - Recognize the new biology policy code and message in the TUI while preserving the legacy `invalid_prompt` contract. - Keep the existing dedicated biology safety notice and add regression/snapshot coverage for all supported error shapes. ## Why [openai/openai#1068559](openai/openai#1068559) gates a Responses API contract change from `invalid_prompt` and the legacy message to `bio_policy` and new biology copy. Without this compatibility change, streamed blocks are retried as transient failures and the OSS TUI falls back to a generic/raw error instead of the dedicated safety notice. ## Validation - `just test -p codex-api` — 137 passed - `just test -p codex-tui app_server_safety_access_errors_render_dedicated_notice` — passed - `just fix -p codex-api` - `just fix -p codex-tui` - `just fmt` - `just test -p codex-tui` — 2,957 passed; two reproducible failures remain in untouched Guardian feature-flag persistence tests: - `update_feature_flags_disabling_guardian_clears_review_policy_and_restores_default` - `update_feature_flags_disabling_guardian_clears_manual_review_policy_without_history`
## Summary - measure successful legacy `app/list` latency with `codex.apps.installed.duration_ms`, segmented by `path=legacy` and `reload` - measure successful host-owned `codex_apps` startup and explicit refresh latency with `codex.apps.refresh.duration_ms` - add the refresh trigger to successful `codex.mcp.tools.fetch_uncached.duration_ms` samples for `codex_apps` without changing other MCP-server samples ## Why This establishes a small latency baseline for the current connector path before `ConnectorRuntimeManager`, `app/installed`, and `app/read` land. Error-rate and broader runtime-state instrumentation are intentionally deferred. This is telemetry-only and does not change connector behavior. ## Validation - `just test -p codex-mcp` (94 passed) - `just test -p codex-app-server list_apps` (13 passed) - `just fix -p codex-mcp` - `just fix -p codex-app-server` - `just fmt` - `git diff --check`
## Why Approval guidance is currently assembled entirely by the client. Model Messages V2 needs model catalogs to provide model-specific `on_request` guidance for both user-reviewed and auto-reviewed approval flows while retaining the existing generated prompt as a compatibility fallback. ## What changed - add nullable `on_request` and `on_request_auto_review` catalog messages - select the message matching the active approvals reviewer for `on_request` policies - replace the complete legacy approval section when the selected catalog value exists, including support for an empty string that suppresses the section - retain legacy rendering when the object or selected key is absent, and for non-`on_request` policies - preserve approval messages when base-instruction or personality overrides clear instruction templates - refresh permissions instructions when the active model changes - pass catalog messages through initial and incremental permissions construction ## Relationship to reviewer persistence PR openai#31309 independently persists the approvals reviewer in turn context and refreshes permissions when that reviewer changes. This PR is based directly on `main` and does not duplicate that rollout migration; once both land, reviewer switches will also select and append the new catalog variant. ## Testing - `just test -p codex-protocol` - `just test -p codex-prompts` - `just test -p codex-models-manager` - `just test -p codex-core permissions_messages`
## Why Remote-executor integration tests need one host-agnostic exec-server fixture target instead of a Windows-only wrapper. ## What - rename the testing binary target to exec-server - make the fixture source and target host-agnostic - update Windows remote-executor test wiring to use the shared target ## Validation - bazel build //codex-rs/exec-server/testing:exec-server - bazel cquery --config=ci-windows-cross 'set(//codex-rs/exec-server/testing:exec-server //codex-rs/core/tests/remote_env_windows:smoke-test)' ## Stack 1. [openai#31422 test: generalize exec-server fixture](openai#31422) 2. [openai#31425 test: add TestAppServer builder](openai#31425) 3. [openai#31427 test: add delayed exec-server transport](openai#31427) 4. [openai#31295 bench: add cold skill load macrobenchmark](openai#31295) 5. [openai#31428 bench: add e2e benchmark entrypoints](openai#31428) 6. [openai#31429 ci: smoke Bazel e2e benchmarks](openai#31429)
## Summary - enable `auth_elicitation` by default - promote the feature to `Stable`, as default-enabled features must be stable - update the feature regression test to cover the new lifecycle state and default ## Impact Auth elicitation is now available without requiring users or clients to opt in through configuration. ## Testing - `just test -p codex-features` (52 passed)
## What Adds an optional hosted login-success redirect path for app-server login requests. - Keeps the existing localhost success page as the default. - Lets app-server callers opt into a hosted success page with an optional protocol field. - Persists credentials before redirecting to the hosted success page. - Keeps org setup and existing CLI/device-code login flows on the local success page. - Accepts an optional typed `appBrand` value and forwards it to the hosted page as `app_brand` so web can select the correct asset. - Generates the app-server protocol schema updates for the new optional fields. ## Why This supports the hosted Codex login success page rollout without changing existing login behavior by default. The Codex Apps frontend can gate the opt-in with Statsig after the hosted web page. ## Rollout safety - Old callers omit the new field and continue using localhost. - New callers talking to old app-server builds remain safe because the Codex Apps side treats the field as optional and defaults the flag off. - Missing brand values default to Codex. - The hosted redirect always uses the app-login source so the hosted page can reopen Codex; the existing streamlined-login visual flag remains separate. ## Validation - `just fmt` - `just fix -p codex-login -p codex-app-server-protocol -p codex-app-server -p codex-app-server-test-client -p codex-tui` - `just test -p codex-login` - `just test -p codex-app-server-protocol` - `just write-app-server-schema` - `git diff HEAD --check` The focused login and protocol run passed all 380 tests. I also started the broader `just test -p codex-app-server`; it compiled successfully, then many tests failed on this machine because spawned test servers tried to use the ambient `/Users/rafaelj/.codex/sqlite` state DB, which is read-only in this sandbox. I stopped that run after confirming the failures shared that environment issue.
## Why This PR is a behavior-preserving refactor only. It does not add a fallback, change which model is used for compaction, or otherwise change compaction behavior. The behavioral change is implemented in the stacked follow-up, openai#30319. Pre-sampling compaction deliberately uses the previous turn's context when the compaction compatibility hash changes or when switching to a model with a smaller context window. That preserves the model settings that produced the history being compacted, but the previous context is not always usable. For example, a resumed thread can still reference a model slug that has since been retired, causing compaction to fail before the currently selected model can sample. openai#30319 addresses that failure mode by retrying compaction with the current turn's selected model when the backend rejects the previous-model attempt. This PR performs only that preparatory refactor. ## What changed - Extracted one legacy `/responses/compact` request attempt into `compact_remote_request.rs`. - Extracted one Responses-based remote compaction request attempt into `compact_remote_v2_attempt.rs`. - Kept hooks, lifecycle events, analytics, window advancement, history processing and installation, and error behavior unchanged in the existing orchestration paths. - Preserved standalone Responses-based compaction's owned client-session lifetime through lifecycle completion. ## Testing - `just test -p codex-core -E 'test(remote_compact)'` (22 tests)
This PR depends on [openai#31296](openai#31296) for the canonical-to-legacy event mappings. ## Description This PR makes the MultiAgentV2 spawn, message/follow-up, and interrupt paths emit completed canonical `TurnItem::SubAgentActivity` items instead of `SubAgentActivityEvent` directly. App-server v2 now applies interrupted-agent thread-watch cleanup from the canonical completed item and ignores the mapped legacy activity event. ## Why Sub-agent activity is separate from the v1 collab tool begin/end lifecycle. Keeping it separate makes the v2 watcher side effect reviewable without mixing in the larger collab tool-call migration. ## What changed - Emit canonical sub-agent activity items from v2 spawn, message/follow-up, and interrupt paths. - Move missing-thread watcher cleanup onto canonical completed activity items. - Update focused app-server coverage to exercise canonical interrupted activity.
## Why The backend config-bundle contract now exposes managed configuration in `managed_layers`, split into `baseline` and `system_overlay`. The Rust transport models need to match that contract before any runtime behavior changes. ## What changed - add the generated `DeliveredManagedLayers` model - model `baseline` and `system_overlay` as required arrays - expose optional/null `managed_layers` on delivered config and requirements documents - retain `enterprise_managed` for transport compatibility This PR changes transport types only; cloud-config runtime behavior is unchanged. ## Stack 1 of 4. Next: openai#31286. ## Validation - `just test -p codex-backend-openapi-models -p codex-backend-client` - `just test -p codex-cloud-config` - revalidated against the current generated backend schema
This PR depends on [openai#31296](openai#31296) for the canonical-to-legacy event mappings. ## Description This PR makes the non-wait v1 collaboration tools—spawn, send input, resume, and close—emit canonical `TurnItem::CollabAgentToolCall` lifecycle instead of their legacy begin/end events directly. App-server v2 consumes the canonical collab items directly, ignores the mapped legacy events, and applies close-agent thread-watch cleanup from the completed item. ## Why These four tools share the same single-target lifecycle shape. Wait stays separate because it carries multi-target status snapshots and has its own status-shaping cleanup. ## What changed - Add shared helpers for emitting canonical collab tool-call lifecycle. - Migrate spawn, send input, resume, and close handlers. - Move close-agent watcher cleanup onto canonical completed collab items.
This PR depends on [openai#31296](openai#31296) for the canonical-to-legacy event mappings. ## Description This PR makes the v1 and v2 wait paths emit canonical `TurnItem::CollabAgentToolCall` lifecycle instead of `CollabWaitingBegin` / `CollabWaitingEnd` directly. Both paths already used the same legacy waiting events before this PR. The v1 item carries receiver metadata and final agent statuses for its target agents; v2 waits for mailbox activity rather than specific agents, so it keeps those fields empty, matching the existing v2 legacy payload. App-server v2 consumes the canonical item directly and ignores the mapped legacy wait events. ## Why Wait is separate from the other collab tools because it is multi-target and has distinct timeout/status behavior. Keeping it last also lets this PR remove the old helper that only existed to shape legacy wait status entries in core. ## What changed - Emit canonical collab wait items from both v1 and v2 wait handlers. - Preserve receiver metadata and agent status snapshots on completed wait items. - Remove the old core helper for building legacy wait status entries. ## Follow-up The next stack PR, [openai#30188](openai#30188), writes canonical `TurnItem` values to paginated rollout files.
…enai#30319) ## Why Pre-sampling compaction intentionally uses the previous turn's model when the compaction compatibility hash changes or when switching to a model with a smaller context window. This keeps compaction aligned with the settings that produced the history, but it can block the next turn when a resumed ChatGPT thread still references a model slug that has since been retired. The Codex backend rejects that compaction request before the user's currently selected model gets a chance to sample. This PR lets those threads recover without changing previous-model compaction behavior for API-key authentication or custom providers. It is stacked on openai#31316, which is a behavior-preserving extraction of the individual remote compaction attempts; this PR contains the fallback behavior. ## What changed - For automatic previous-model compaction, capture the selected model's request context when using ChatGPT authentication with the OpenAI provider and the selected model differs from the previous model. - If the previous-model attempt returns an `InvalidRequest`, retry compaction once with the selected model for both `/responses/compact` and Responses Compaction V2. - Complete history processing, lifecycle events, and token accounting with the context of the model that successfully compacted the thread. - If the fallback also fails, return the original previous-model error so the retry does not change the user-visible failure. - Record fallback attempts with reason, implementation, and outcome telemetry. - Leave API-key authentication, custom providers, same-model turns, and non-`InvalidRequest` failures on their existing paths. ## Testing - `just test -p codex-core -E 'test(pre_sampling_compact) | test(model_unavailable_error)'` (10 tests) - Added integration coverage for a resumed thread whose model was renamed, a model downshift using Responses Compaction V2, and API-key authentication with a custom provider.
## Summary
- recognize embedded HTTP(S) URL prefixes case-insensitively in Windows
dangerous-command detection
- add regression coverage for uppercase and mixed-case schemes inside
`Start-Process` invocations
## Why
PowerShell and URL parsing treat schemes case-insensitively, but the
pre-parser only searched for lowercase `http://` and `https://`. When a
URL appeared in the same shlex token as surrounding PowerShell syntax,
such as `Start-Process('HTTPS://example.com');`, the prefix was not
stripped and the command was incorrectly classified as not dangerous.
Validated with the scoped `codex-shell-command` suite (138 tests) and a
direct classifier reproduction that failed before the change and passed
afterward.
## Summary Autocomplete completion previously inserted a new space even when a separator was already present, which could leave redundant whitespace around neighboring text. Popup dismissal also tracked only the query string, so dismissing one token could suppress a different occurrence with the same text. This gives completions one horizontal-separator policy across files, images, skills, and mentions. Existing separators are reused when possible, ordinary suffix text remains separated, and line breaks stay intact. Dismissal now identifies the complete whitespace-delimited token occurrence, so offset-only edits preserve dismissal while later identical tokens remain independent. Newly completed values beginning with `$` or `@` can also remain closed when the next PR's affinity rule recognizes the token to the left of the cursor. ## Examples The examples below use `|` to represent the cursor. ### Reuse existing separators Starting with an existing two-space gap: ```text @ma| next ``` After accepting `src/main.rs` and typing `foo`, completion previously added a third separator and left both original spaces before `next`: ```text src/main.rs foo| next ``` After this PR, completion reuses the first existing separator as the insertion point and preserves the second between the new text and `next`: ```text src/main.rs foo| next ``` ### Keep a completed sigil-prefixed value closed Starting before a line break: ```text @ma| next ``` and accepting a path whose result is itself prefixed with `@` produces: ```text @scope/main.rs | next ``` Without this PR's completion dismissal, the affinity rule in openai#30463 rediscovers the completed token to the left of the cursor and reopens its popup: ```text @scope/main.rs | ^^^^^^^^^^^^^^^ popup reopens next ``` With this PR, the inserted occurrence is dismissed and the popup remains closed: ```text @scope/main.rs | ^^^^^^^^^^^^^^^ popup remains closed next ``` ### Do not dismiss an identical later occurrence Given two identical tokens: ```text @scope/main.rs| @scope/main.rs ``` after dismissing the first popup with Escape and moving to the second token, query-only dismissal previously suppressed the second popup too: ```text @scope/main.rs @scope/main.rs| ^^^^^^^^^^^^^ popup remains closed ``` After this PR, dismissal also matches the token's ordinal among complete tokens, so the second occurrence opens normally: ```text @scope/main.rs @scope/main.rs| ^^^^^^^^^^^^^ popup opens ``` ### Keep dismissal across offset-only edits After dismissing `@ma`, moving to its start, and pasting an email-like token: ```text email@ma.com @ma| ``` the `@ma` bytes embedded in `email@ma.com` do not count as another autocomplete token. The original `@ma` keeps its dismissal even though its byte range moved. ## Stack This is PR 2 of 3, stacked on openai#31190. It relies on the explicit replacement ranges introduced there and provides the completion lifecycle used by the targeting fix in openai#30463.
## Why Test callers need one composable way to create app-server fixtures instead of a growing family of overlapping constructor implementations. ## What - add a feature-complete TestAppServer::builder() - make the default builder own a temporary CODEX_HOME and select the automatic test environment - expose builder knobs for no automatic environment, explicit CODEX_HOME, program, arguments, plugin startup tasks, environment overrides, managed config, and JSON logging - keep the existing public constructor surface, but route every constructor through the builder so the new path is exercised immediately - remove the redundant private constructor ladders; caller migration and public constructor removal live in the optional cleanup stack ## Validation - just test -p codex-app-server (940/941 before updating the expected builder error wording) - just test -p codex-app-server auto_env_rejects_explicit_environment_config - just fix -p codex-app-server - just fmt ## Follow-up stacks Cleanup, optional for the benchmark work: 1. [openai#31451 test: migrate TestAppServer callers to builder](openai#31451) 2. [openai#31452 test: remove TestAppServer constructors](openai#31452) Benchmark infrastructure: 1. [openai#31427 test: add delayed exec-server transport](openai#31427) 2. [openai#31295 bench: add cold skill load macrobenchmark](openai#31295) 3. [openai#31428 bench: add e2e benchmark entrypoints](openai#31428) 4. [openai#31429 ci: smoke Bazel e2e benchmarks](openai#31429)
## Why openai#31335 lets HTTP callers obtain proxy-aware clients from `HttpClientFactory`, but a non-HTTP transport such as WebSockets also needs two pieces of policy owned by `codex-http-client`: a concrete route decision for its destination and the same custom-CA-aware rustls trust configuration used by HTTPS. Keeping these prerequisites in the shared abstraction means the dependent Responses WebSocket change (openai#31441) cannot independently reinterpret `features.respect_system_proxy`, PAC results, or enterprise CA settings. ## What changed - Add a redaction-safe `OutboundProxyRoute` with explicit transport-default, direct, and concrete-proxy outcomes. - Add `HttpClientFactory::resolve_proxy_route()` so transports can resolve a destination through the already-selected outbound proxy policy. - Resolve `ws://` and `wss://` URLs through their HTTP equivalents so system and PAC rules apply consistently. - Add an always-returned rustls config builder that starts from native roots and layers in any configured Codex custom CA bundle. The existing optional builder remains available to callers that can delegate the default configuration to their transport. - Continue redacting proxy URLs from `Debug` output because they may contain credentials. ## Review guide 1. `http-client/src/outbound_proxy.rs` defines the transport-neutral route result and WebSocket URL normalization. 2. `http-client/src/custom_ca.rs` factors the native-root/custom-CA construction so callers that perform TLS themselves can always obtain a config. 3. `http-client/src/outbound_proxy_tests.rs` verifies WebSocket normalization and legacy transport-default behavior. ## Test plan - `just test -p codex-http-client outbound_proxy` - `just test -p codex-http-client custom_ca` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/31342). * openai#31431 * openai#31363 * openai#31362 * openai#31361 * openai#31442 * openai#31441 * __->__ openai#31342
## Why Loading skills from a remote executor can add a lot to thread start time when there are many skills. Previous changes added some concurrency for the file reads themselves, but we're still bottlenecked on the initial root path discovery. Using the benchmark from [openai#31295](openai#31295), this change reduces the measured mean of loading 66 skills about 71%. Behavioral coverage lands separately in [openai#31369](openai#31369). ## What - resolve the scanned root's inherited namespace once - resolve discovered nested plugin roots once, retaining nearest-valid-ancestor behavior - pass an explicit resolved Plain / Plugin namespace into skill parsing instead of probing per skill - preserve explicitly provided plugin namespaces as the highest-priority source - reuse the same resolver for environment skills, deleting its duplicate root-probe and ancestor-selection path ## Validation - just test -p codex-core-skills namespace: 12 passed on both the parent and optimized branches
# Conflicts: # .github/actions/macos-code-sign/codex-app-server.entitlements.plist # .github/actions/macos-code-sign/codex-code-mode-host.entitlements.plist # .github/actions/macos-code-sign/codex-responses-api-proxy.entitlements.plist
Termux rust-v0.143.0-alpha.39
…nt/wallentx_termux-target_from_release_0.143.0_cb2e3d1b74e5
…et_from_release_0.143.0_cb2e3d1b74e5 checkpoint: into wallentx/termux-target from release/0.143.0 @ cb2e3d1


Codex CLI currently fails on native Termux/Android due to DNS resolution and unsupported lock semantics in this environment. This PR adds compatibility adjustments that allow:
The changes preserve existing behavior on non-Android platforms.
Changes
DNS/Resolver fixes
$PREFIX/etc/resolv.conf,Graceful handling of unsupported locks
std::io::ErrorKind::Unsupportedfromtry_lock()without failing.Android build target support in CI
To produce and validate builds targeting Android (e.g. native Termux):
aarch64-linux-androidtarget in GitHub Actions.CC, andARfor the Android target.keyringtarget dependencies for Android.This enables CI to build Android artifacts that include the compatibility adjustments above, which aids testing and validation.
Validation
just fmtcargo test