@gakr-gakr/codex 0.1.0 → 0.1.1

package/src/app-server/plugin-activation.ts

@@ -1,283 +0,0 @@
-import fs from "node:fs/promises";
-import path from "node:path";
-import {
-  type CodexAppInventoryCache,
-  type CodexAppInventoryRequest,
-} from "./app-inventory-cache.js";
-import { CODEX_PLUGINS_MARKETPLACE_NAME, type ResolvedCodexPluginPolicy } from "./config.js";
-import {
-  findOpenAiCuratedPluginSummary,
-  pluginReadParams,
-  type CodexPluginMarketplaceRef,
-  type CodexPluginRuntimeRequest,
-} from "./plugin-inventory.js";
-import type { v2 } from "./protocol.js";
-
-export type CodexPluginActivationReason =
-  | "already_active"
-  | "installed"
-  | "disabled"
-  | "marketplace_missing"
-  | "plugin_missing"
-  | "auth_required"
-  | "refresh_failed";
-
-export type CodexPluginActivationDiagnostic = {
-  message: string;
-};
-
-export type CodexPluginActivationResult = {
-  identity: ResolvedCodexPluginPolicy;
-  ok: boolean;
-  reason: CodexPluginActivationReason;
-  installAttempted: boolean;
-  marketplace?: CodexPluginMarketplaceRef;
-  installResponse?: v2.PluginInstallResponse;
-  diagnostics: CodexPluginActivationDiagnostic[];
-};
-
-export type EnsureCodexPluginActivationParams = {
-  identity: ResolvedCodexPluginPolicy;
-  request: CodexPluginRuntimeRequest;
-  appCache?: CodexAppInventoryCache;
-  appCacheKey?: string;
-  installEvenIfActive?: boolean;
-};
-
-export type CodexPluginRuntimeRefreshResult = {
-  diagnostics: CodexPluginActivationDiagnostic[];
-};
-
-export async function ensureCodexPluginActivation(
-  params: EnsureCodexPluginActivationParams,
-): Promise<CodexPluginActivationResult> {
-  if (params.identity.marketplaceName !== CODEX_PLUGINS_MARKETPLACE_NAME) {
-    return activationFailure(params.identity, "marketplace_missing", {
-      message: "Only " + CODEX_PLUGINS_MARKETPLACE_NAME + " plugins can be activated.",
-    });
-  }
-
-  const listed = (await params.request("plugin/list", {
-    cwds: [],
-  } satisfies v2.PluginListParams)) as v2.PluginListResponse;
-  const resolved = findOpenAiCuratedPluginSummary(listed, params.identity.pluginName);
-  if (!resolved) {
-    const hasCuratedMarketplace = listed.marketplaces.some(
-      (marketplace) => marketplace.name === CODEX_PLUGINS_MARKETPLACE_NAME,
-    );
-    if (!hasCuratedMarketplace) {
-      return activationFailure(params.identity, "marketplace_missing", {
-        message: `Codex marketplace ${CODEX_PLUGINS_MARKETPLACE_NAME} was not found.`,
-      });
-    }
-    return activationFailure(params.identity, "plugin_missing", {
-      message: `${params.identity.pluginName} was not found in ${CODEX_PLUGINS_MARKETPLACE_NAME}.`,
-    });
-  }
-
-  if (resolved.summary.installed && resolved.summary.enabled && !params.installEvenIfActive) {
-    return {
-      identity: params.identity,
-      ok: true,
-      reason: "already_active",
-      installAttempted: false,
-      marketplace: resolved.marketplace,
-      diagnostics: [],
-    };
-  }
-
-  const installResponse = (await params.request(
-    "plugin/install",
-    pluginReadParams(
-      resolved.marketplace,
-      params.identity.pluginName,
-    ) satisfies v2.PluginInstallParams,
-  )) as v2.PluginInstallResponse;
-  const refreshDiagnostics: CodexPluginActivationDiagnostic[] = [];
-  let refreshFailed = false;
-  try {
-    const refreshResult = await refreshCodexPluginRuntimeState({
-      request: params.request,
-      appCache: params.appCache,
-      appCacheKey: params.appCacheKey,
-    });
-    refreshDiagnostics.push(...refreshResult.diagnostics);
-  } catch (error) {
-    refreshFailed = true;
-    refreshDiagnostics.push({
-      message: `Codex plugin runtime refresh failed after install: ${
-        error instanceof Error ? error.message : String(error)
-      }`,
-    });
-  }
-  const authRequired = installResponse.appsNeedingAuth.length > 0;
-  return {
-    identity: params.identity,
-    ok: !authRequired && !refreshFailed,
-    reason: refreshFailed
-      ? "refresh_failed"
-      : authRequired
-        ? "auth_required"
-        : resolved.summary.installed && resolved.summary.enabled
-          ? "already_active"
-          : "installed",
-    installAttempted: true,
-    marketplace: resolved.marketplace,
-    installResponse,
-    diagnostics: [
-      ...refreshDiagnostics,
-      ...installResponse.appsNeedingAuth.map((app) => ({
-        message: `${app.name} requires app authentication before plugin tools are exposed.`,
-      })),
-    ],
-  };
-}
-
-export async function refreshCodexPluginRuntimeState(params: {
-  request: CodexPluginRuntimeRequest;
-  appCache?: CodexAppInventoryCache;
-  appCacheKey?: string;
-}): Promise<CodexPluginRuntimeRefreshResult> {
-  const diagnostics: CodexPluginActivationDiagnostic[] = [];
-  await params.request("plugin/list", {
-    cwds: [],
-  } satisfies v2.PluginListParams);
-  await params.request("skills/list", {
-    cwds: [],
-    forceReload: true,
-  } satisfies v2.SkillsListParams);
-  try {
-    await params.request("hooks/list", {
-      cwds: [],
-    } satisfies v2.HooksListParams);
-  } catch (error) {
-    diagnostics.push({
-      message: `Codex hooks refresh skipped: ${error instanceof Error ? error.message : String(error)}`,
-    });
-  }
-  await params.request("config/mcpServer/reload", undefined);
-
-  if (params.appCache && params.appCacheKey) {
-    params.appCache.invalidate(params.appCacheKey, "Codex plugin activation changed app inventory");
-    const request: CodexAppInventoryRequest = async (method, requestParams) =>
-      (await params.request(method, requestParams)) as v2.AppsListResponse;
-    try {
-      await params.appCache.refreshNow({
-        key: params.appCacheKey,
-        request,
-        forceRefetch: true,
-      });
-    } catch (error) {
-      diagnostics.push({
-        message: `Codex app inventory refresh skipped: ${
-          error instanceof Error ? error.message : String(error)
-        }`,
-      });
-    }
-  }
-
-  return { diagnostics };
-}
-
-export async function ensureCodexAppsSubstrateConfig(params: {
-  codexHome: string;
-  readFile?: (filePath: string, encoding: "utf8") => Promise<string>;
-  writeFile?: (filePath: string, content: string, encoding: "utf8") => Promise<void>;
-  mkdir?: (dirPath: string, options: { recursive: true }) => Promise<unknown>;
-}): Promise<{ changed: boolean; configPath: string }> {
-  const readFile = params.readFile ?? ((filePath, encoding) => fs.readFile(filePath, encoding));
-  const writeFile =
-    params.writeFile ??
-    ((filePath, content, encoding) => fs.writeFile(filePath, content, encoding));
-  const mkdir = params.mkdir ?? ((dirPath, options) => fs.mkdir(dirPath, options));
-  const configPath = path.join(params.codexHome, "config.toml");
-  let current = "";
-  try {
-    current = await readFile(configPath, "utf8");
-  } catch (error) {
-    if (!isEnoent(error)) {
-      throw error;
-    }
-  }
-
-  const next = upsertTomlBoolean(
-    upsertTomlBoolean(current, "features", "apps", true),
-    "apps._default",
-    "enabled",
-    true,
-  );
-  if (next === current) {
-    return { changed: false, configPath };
-  }
-  await mkdir(path.dirname(configPath), { recursive: true });
-  await writeFile(configPath, next, "utf8");
-  return { changed: true, configPath };
-}
-
-export function upsertTomlBoolean(
-  source: string,
-  section: string,
-  key: string,
-  value: boolean,
-): string {
-  const lines = source.replace(/\r\n/g, "\n").split("\n");
-  if (lines.length > 0 && lines.at(-1) === "") {
-    lines.pop();
-  }
-  const sectionHeaderPattern = new RegExp(`^\\s*\\[${escapeRegExp(section)}\\]\\s*(?:#.*)?$`);
-  const anySectionPattern = /^\s*\[[^\]]+\]\s*(?:#.*)?$/;
-  const keyPattern = new RegExp(`^\\s*${escapeRegExp(key)}\\s*=`);
-  const desiredLine = `${key} = ${value ? "true" : "false"}`;
-  const sectionStart = lines.findIndex((line) => sectionHeaderPattern.test(line));
-  if (sectionStart === -1) {
-    const nextLines = [...lines];
-    if (nextLines.length > 0 && nextLines.at(-1)?.trim()) {
-      nextLines.push("");
-    }
-    nextLines.push(`[${section}]`, desiredLine);
-    return `${nextLines.join("\n")}\n`;
-  }
-
-  let sectionEnd = lines.length;
-  for (let index = sectionStart + 1; index < lines.length; index += 1) {
-    if (anySectionPattern.test(lines[index] ?? "")) {
-      sectionEnd = index;
-      break;
-    }
-  }
-  for (let index = sectionStart + 1; index < sectionEnd; index += 1) {
-    if (keyPattern.test(lines[index] ?? "")) {
-      if (lines[index] === desiredLine) {
-        return `${lines.join("\n")}\n`;
-      }
-      const nextLines = [...lines];
-      nextLines[index] = desiredLine;
-      return `${nextLines.join("\n")}\n`;
-    }
-  }
-  const nextLines = [...lines];
-  nextLines.splice(sectionEnd, 0, desiredLine);
-  return `${nextLines.join("\n")}\n`;
-}
-
-function activationFailure(
-  identity: ResolvedCodexPluginPolicy,
-  reason: CodexPluginActivationReason,
-  diagnostic: CodexPluginActivationDiagnostic,
-): CodexPluginActivationResult {
-  return {
-    identity,
-    ok: false,
-    reason,
-    installAttempted: false,
-    diagnostics: [diagnostic],
-  };
-}
-
-function isEnoent(error: unknown): boolean {
-  return Boolean(error && typeof error === "object" && "code" in error && error.code === "ENOENT");
-}
-
-function escapeRegExp(value: string): string {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}

package/src/app-server/plugin-app-cache-key.ts

@@ -1,74 +0,0 @@
-import { createHash } from "node:crypto";
-import {
-  buildCodexAppInventoryCacheKey,
-  type CodexAppInventoryCacheKeyInput,
-} from "./app-inventory-cache.js";
-import { resolveCodexAppServerHomeDir } from "./auth-bridge.js";
-import type { CodexAppServerRuntimeOptions, CodexAppServerStartOptions } from "./config.js";
-
-export type CodexPluginAppCacheKeyParams = Omit<
-  CodexAppInventoryCacheKeyInput,
-  "codexHome" | "endpoint"
-> & {
-  appServer: Pick<CodexAppServerRuntimeOptions, "start">;
-  agentDir?: string;
-};
-
-export function buildCodexPluginAppCacheKey(params: CodexPluginAppCacheKeyParams): string {
-  return buildCodexAppInventoryCacheKey({
-    codexHome: resolveCodexPluginAppCacheCodexHome(params.appServer, params.agentDir),
-    endpoint: resolveCodexPluginAppCacheEndpoint(params.appServer),
-    authProfileId: params.authProfileId,
-    accountId: params.accountId,
-    envApiKeyFingerprint: params.envApiKeyFingerprint,
-    appServerVersion: params.appServerVersion,
-  });
-}
-
-export function resolveCodexPluginAppCacheEndpoint(
-  appServer: Pick<CodexAppServerRuntimeOptions, "start">,
-): string {
-  return JSON.stringify({
-    transport: appServer.start.transport,
-    command: appServer.start.command,
-    args: appServer.start.args,
-    url: appServer.start.url ?? null,
-    credentialFingerprint: fingerprintCodexPluginAppCacheCredentials(appServer.start),
-  });
-}
-
-export function resolveCodexPluginAppCacheCodexHome(
-  appServer: Pick<CodexAppServerRuntimeOptions, "start">,
-  agentDir?: string,
-): string | undefined {
-  const configuredCodexHome = appServer.start.env?.CODEX_HOME?.trim();
-  if (configuredCodexHome) {
-    return configuredCodexHome;
-  }
-  return appServer.start.transport === "stdio" && agentDir
-    ? resolveCodexAppServerHomeDir(agentDir)
-    : undefined;
-}
-
-function fingerprintCodexPluginAppCacheCredentials(
-  startOptions: CodexAppServerStartOptions,
-): string | null {
-  const authToken = startOptions.authToken ?? "";
-  const headers = Object.entries(startOptions.headers)
-    .map(([key, value]) => [key.toLowerCase(), value] as const)
-    .toSorted(([left], [right]) => left.localeCompare(right));
-  if (!authToken && headers.length === 0) {
-    return null;
-  }
-  const hash = createHash("sha256");
-  hash.update("autobot:codex:plugin-app-cache-credentials:v1");
-  hash.update("\0");
-  hash.update(authToken);
-  for (const [key, value] of headers) {
-    hash.update("\0");
-    hash.update(key);
-    hash.update("\0");
-    hash.update(value);
-  }
-  return `sha256:${hash.digest("hex")}`;
-}

package/src/app-server/plugin-approval-roundtrip.ts

@@ -1,122 +0,0 @@
-import {
-  callGatewayTool,
-  type EmbeddedRunAttemptParams,
-} from "autobot/plugin-sdk/agent-harness-runtime";
-
-const DEFAULT_CODEX_APPROVAL_TIMEOUT_MS = 120_000;
-const MAX_PLUGIN_APPROVAL_TITLE_LENGTH = 80;
-const MAX_PLUGIN_APPROVAL_DESCRIPTION_LENGTH = 256;
-
-type ExecApprovalDecision = "allow-once" | "allow-always" | "deny";
-
-export type AppServerApprovalOutcome =
-  | "approved-once"
-  | "approved-session"
-  | "denied"
-  | "unavailable"
-  | "cancelled";
-
-type ApprovalRequestResult = {
-  id?: string;
-  decision?: ExecApprovalDecision | null;
-};
-
-type ApprovalWaitResult = {
-  id?: string;
-  decision?: ExecApprovalDecision | null;
-};
-
-export async function requestPluginApproval(params: {
-  paramsForRun: EmbeddedRunAttemptParams;
-  title: string;
-  description: string;
-  severity: "info" | "warning";
-  toolName: string;
-  toolCallId?: string;
-}): Promise<ApprovalRequestResult | undefined> {
-  const timeoutMs = DEFAULT_CODEX_APPROVAL_TIMEOUT_MS;
-  return callGatewayTool(
-    "plugin.approval.request",
-    { timeoutMs: timeoutMs + 10_000 },
-    {
-      pluginId: "autobot-codex-app-server",
-      title: truncateForGateway(params.title, MAX_PLUGIN_APPROVAL_TITLE_LENGTH),
-      description: truncateForGateway(params.description, MAX_PLUGIN_APPROVAL_DESCRIPTION_LENGTH),
-      severity: params.severity,
-      toolName: params.toolName,
-      toolCallId: params.toolCallId,
-      agentId: params.paramsForRun.agentId,
-      sessionKey: params.paramsForRun.sessionKey,
-      turnSourceChannel: params.paramsForRun.messageChannel ?? params.paramsForRun.messageProvider,
-      turnSourceTo: params.paramsForRun.currentChannelId,
-      turnSourceAccountId: params.paramsForRun.agentAccountId,
-      turnSourceThreadId: params.paramsForRun.currentThreadTs,
-      timeoutMs,
-      twoPhase: true,
-    },
-    { expectFinal: false },
-  ) as Promise<ApprovalRequestResult | undefined>;
-}
-
-export function approvalRequestExplicitlyUnavailable(result: unknown): boolean {
-  if (result === null || result === undefined || typeof result !== "object") {
-    return false;
-  }
-  let descriptor: PropertyDescriptor | undefined;
-  try {
-    descriptor = Object.getOwnPropertyDescriptor(result, "decision");
-  } catch {
-    return false;
-  }
-  return descriptor !== undefined && "value" in descriptor && descriptor.value === null;
-}
-
-export async function waitForPluginApprovalDecision(params: {
-  approvalId: string;
-  signal?: AbortSignal;
-}): Promise<ExecApprovalDecision | null | undefined> {
-  const timeoutMs = DEFAULT_CODEX_APPROVAL_TIMEOUT_MS;
-  const waitPromise: Promise<ApprovalWaitResult | undefined> = callGatewayTool(
-    "plugin.approval.waitDecision",
-    { timeoutMs: timeoutMs + 10_000 },
-    { id: params.approvalId },
-  );
-  if (!params.signal) {
-    return (await waitPromise)?.decision;
-  }
-  let onAbort: (() => void) | undefined;
-  const abortPromise = new Promise<never>((_, reject) => {
-    if (params.signal!.aborted) {
-      reject(params.signal!.reason);
-      return;
-    }
-    onAbort = () => reject(params.signal!.reason);
-    params.signal!.addEventListener("abort", onAbort, { once: true });
-  });
-  try {
-    return (await Promise.race([waitPromise, abortPromise]))?.decision;
-  } finally {
-    if (onAbort) {
-      params.signal.removeEventListener("abort", onAbort);
-    }
-  }
-}
-
-export function mapExecDecisionToOutcome(
-  decision: ExecApprovalDecision | null | undefined,
-): AppServerApprovalOutcome {
-  if (decision === "allow-once") {
-    return "approved-once";
-  }
-  if (decision === "allow-always") {
-    return "approved-session";
-  }
-  if (decision === null || decision === undefined) {
-    return "unavailable";
-  }
-  return "denied";
-}
-
-function truncateForGateway(value: string, maxLength: number): string {
-  return value.length <= maxLength ? value : `${value.slice(0, Math.max(0, maxLength - 3))}...`;
-}