@gakr-gakr/codex 0.1.0

package/provider-discovery.ts

@@ -0,0 +1,45 @@
+import type { ProviderCatalogContext } from "autobot/plugin-sdk/provider-catalog-shared";
+import type { ProviderPlugin } from "autobot/plugin-sdk/provider-model-shared";
+import {
+  buildCodexProviderConfig,
+  CODEX_APP_SERVER_AUTH_MARKER,
+  CODEX_PROVIDER_ID,
+  FALLBACK_CODEX_MODELS,
+} from "./provider-catalog.js";
+
+function resolveCodexPluginConfig(ctx: ProviderCatalogContext): unknown {
+  return (ctx.config.plugins?.entries as Record<string, { config?: unknown } | undefined>)?.codex
+    ?.config;
+}
+
+async function runCodexCatalog(ctx: ProviderCatalogContext) {
+  const { buildCodexProviderCatalog } = await import("./provider.js");
+  return await buildCodexProviderCatalog({
+    env: ctx.env,
+    pluginConfig: resolveCodexPluginConfig(ctx),
+  });
+}
+
+export const codexProviderDiscovery: ProviderPlugin = {
+  id: CODEX_PROVIDER_ID,
+  label: "Codex",
+  docsPath: "/providers/models",
+  auth: [],
+  catalog: {
+    order: "late",
+    run: runCodexCatalog,
+  },
+  staticCatalog: {
+    order: "late",
+    run: async () => ({
+      provider: buildCodexProviderConfig(FALLBACK_CODEX_MODELS),
+    }),
+  },
+  resolveSyntheticAuth: () => ({
+    apiKey: CODEX_APP_SERVER_AUTH_MARKER,
+    source: "codex-app-server",
+    mode: "token",
+  }),
+};
+
+export default codexProviderDiscovery;

package/provider.ts

@@ -0,0 +1,243 @@
+import { createSubsystemLogger } from "autobot/plugin-sdk/core";
+import { resolvePluginConfigObject } from "autobot/plugin-sdk/plugin-config-runtime";
+import type { ProviderRuntimeModel } from "autobot/plugin-sdk/plugin-entry";
+import {
+  normalizeModelCompat,
+  type ModelProviderConfig,
+  type ProviderPlugin,
+} from "autobot/plugin-sdk/provider-model-shared";
+import { resolveCodexSystemPromptContribution } from "./prompt-overlay.js";
+import {
+  buildCodexModelDefinition,
+  buildCodexProviderConfig,
+  CODEX_APP_SERVER_AUTH_MARKER,
+  CODEX_BASE_URL,
+  CODEX_PROVIDER_ID,
+  FALLBACK_CODEX_MODELS,
+} from "./provider-catalog.js";
+import {
+  type CodexAppServerStartOptions,
+  readCodexPluginConfig,
+  resolveCodexAppServerRuntimeOptions,
+} from "./src/app-server/config.js";
+import type {
+  CodexAppServerModel,
+  CodexAppServerModelListResult,
+} from "./src/app-server/models.js";
+
+const DEFAULT_DISCOVERY_TIMEOUT_MS = 2500;
+const LIVE_DISCOVERY_ENV = "AUTOBOT_CODEX_DISCOVERY_LIVE";
+const MODEL_DISCOVERY_PAGE_LIMIT = 100;
+const CODEX_APP_SERVER_SETUP_METHOD_ID = "app-server";
+const CODEX_DEFAULT_MODEL_REF = `${CODEX_PROVIDER_ID}/${FALLBACK_CODEX_MODELS[0].id}`;
+const codexCatalogLog = createSubsystemLogger("codex/catalog");
+
+type CodexModelLister = (options: {
+  timeoutMs: number;
+  limit?: number;
+  cursor?: string;
+  startOptions?: CodexAppServerStartOptions;
+  sharedClient?: boolean;
+}) => Promise<CodexAppServerModelListResult>;
+
+type BuildCodexProviderOptions = {
+  pluginConfig?: unknown;
+  listModels?: CodexModelLister;
+};
+
+type BuildCatalogOptions = {
+  env?: NodeJS.ProcessEnv;
+  pluginConfig?: unknown;
+  listModels?: CodexModelLister;
+  onDiscoveryFailure?: (error: unknown) => void;
+};
+
+export function buildCodexProvider(options: BuildCodexProviderOptions = {}): ProviderPlugin {
+  return {
+    id: CODEX_PROVIDER_ID,
+    label: "Codex",
+    docsPath: "/providers/models",
+    auth: [
+      {
+        id: CODEX_APP_SERVER_SETUP_METHOD_ID,
+        label: "Codex app-server",
+        hint: "Use the Codex app-server runtime and managed model catalog.",
+        kind: "custom",
+        wizard: {
+          choiceId: CODEX_PROVIDER_ID,
+          choiceLabel: "Codex app-server",
+          choiceHint: "Use the Codex app-server runtime and managed model catalog.",
+          assistantPriority: -40,
+          groupId: CODEX_PROVIDER_ID,
+          groupLabel: "Codex",
+          groupHint: "Codex app-server model provider",
+          onboardingScopes: ["text-inference"],
+        },
+        run: async () => ({ profiles: [], defaultModel: CODEX_DEFAULT_MODEL_REF }),
+      },
+    ],
+    catalog: {
+      order: "late",
+      run: async (ctx) => {
+        const runtimePluginConfig = resolvePluginConfigObject(ctx.config, CODEX_PROVIDER_ID);
+        const pluginConfig = runtimePluginConfig ?? (ctx.config ? undefined : options.pluginConfig);
+        return await buildCodexProviderCatalog({
+          env: ctx.env,
+          pluginConfig,
+          listModels: options.listModels,
+        });
+      },
+    },
+    staticCatalog: {
+      order: "late",
+      run: async () => ({
+        provider: buildCodexProviderConfig(FALLBACK_CODEX_MODELS),
+      }),
+    },
+    resolveDynamicModel: (ctx) => resolveCodexDynamicModel(ctx.modelId),
+    resolveSyntheticAuth: () => ({
+      apiKey: CODEX_APP_SERVER_AUTH_MARKER,
+      source: "codex-app-server",
+      mode: "token",
+    }),
+    resolveThinkingProfile: ({ modelId }) => ({
+      levels: [
+        { id: "off" },
+        { id: "minimal" },
+        { id: "low" },
+        { id: "medium" },
+        { id: "high" },
+        ...(isKnownXHighCodexModel(modelId) ? [{ id: "xhigh" as const }] : []),
+      ],
+    }),
+    resolveSystemPromptContribution: ({ config, modelId }) =>
+      resolveCodexSystemPromptContribution({ config, modelId }),
+    isModernModelRef: ({ modelId }) => isModernCodexModel(modelId),
+  };
+}
+
+export async function buildCodexProviderCatalog(
+  options: BuildCatalogOptions = {},
+): Promise<{ provider: ModelProviderConfig }> {
+  const config = readCodexPluginConfig(options.pluginConfig);
+  const appServer = resolveCodexAppServerRuntimeOptions({ pluginConfig: options.pluginConfig });
+  const timeoutMs = normalizeTimeoutMs(config.discovery?.timeoutMs);
+  let discovered: CodexAppServerModel[] = [];
+  if (config.discovery?.enabled !== false && !shouldSkipLiveDiscovery(options.env)) {
+    discovered = await listModelsBestEffort({
+      listModels: options.listModels ?? listCodexAppServerModelsLazy,
+      timeoutMs,
+      startOptions: appServer.start,
+      onDiscoveryFailure: options.onDiscoveryFailure,
+    });
+  }
+  return {
+    provider: buildCodexProviderConfig(discovered.length > 0 ? discovered : FALLBACK_CODEX_MODELS),
+  };
+}
+
+function resolveCodexDynamicModel(modelId: string) {
+  const id = modelId.trim();
+  if (!id) {
+    return undefined;
+  }
+  const fallbackModel = FALLBACK_CODEX_MODELS.find((model) => model.id === id);
+  return normalizeModelCompat({
+    ...buildCodexModelDefinition({
+      id,
+      model: id,
+      inputModalities: fallbackModel?.inputModalities ?? ["text"],
+      supportedReasoningEfforts:
+        fallbackModel?.supportedReasoningEfforts ??
+        (shouldDefaultToReasoningModel(id) ? ["medium"] : []),
+    }),
+    provider: CODEX_PROVIDER_ID,
+    baseUrl: CODEX_BASE_URL,
+  } as ProviderRuntimeModel);
+}
+
+async function listModelsBestEffort(params: {
+  listModels: CodexModelLister;
+  timeoutMs: number;
+  startOptions: CodexAppServerStartOptions;
+  onDiscoveryFailure?: (error: unknown) => void;
+}): Promise<CodexAppServerModel[]> {
+  try {
+    const models: CodexAppServerModel[] = [];
+    let cursor: string | undefined;
+    do {
+      const result = await params.listModels({
+        timeoutMs: params.timeoutMs,
+        limit: MODEL_DISCOVERY_PAGE_LIMIT,
+        cursor,
+        startOptions: params.startOptions,
+        sharedClient: false,
+      });
+      models.push(...result.models.filter((model) => !model.hidden));
+      cursor = result.nextCursor;
+    } while (cursor);
+    return models;
+  } catch (error) {
+    params.onDiscoveryFailure?.(error);
+    codexCatalogLog.debug("codex model discovery failed; using fallback catalog", {
+      error: error instanceof Error ? error.message : String(error),
+    });
+    return [];
+  }
+}
+
+async function listCodexAppServerModelsLazy(options: {
+  timeoutMs: number;
+  limit?: number;
+  cursor?: string;
+  startOptions?: CodexAppServerStartOptions;
+  sharedClient?: boolean;
+}): Promise<CodexAppServerModelListResult> {
+  const { listCodexAppServerModels } = await import("./src/app-server/models.js");
+  return listCodexAppServerModels(options);
+}
+
+function normalizeTimeoutMs(value: unknown): number {
+  return typeof value === "number" && Number.isFinite(value) && value > 0
+    ? value
+    : DEFAULT_DISCOVERY_TIMEOUT_MS;
+}
+
+function shouldSkipLiveDiscovery(env: NodeJS.ProcessEnv = process.env): boolean {
+  const override = env[LIVE_DISCOVERY_ENV]?.trim().toLowerCase();
+  if (override === "0" || override === "false") {
+    return true;
+  }
+  return Boolean(env.VITEST) && override !== "1";
+}
+
+function shouldDefaultToReasoningModel(modelId: string): boolean {
+  const lower = modelId.toLowerCase();
+  return (
+    lower.startsWith("gpt-5") ||
+    lower.startsWith("o1") ||
+    lower.startsWith("o3") ||
+    lower.startsWith("o4")
+  );
+}
+
+function isKnownXHighCodexModel(modelId: string): boolean {
+  const lower = modelId.trim().toLowerCase();
+  return (
+    lower.startsWith("gpt-5") ||
+    lower.startsWith("o3") ||
+    lower.startsWith("o4") ||
+    lower.includes("codex")
+  );
+}
+
+// Exported so adapter request paths (thread-lifecycle.resolveReasoningEffort)
+// can branch on model-family enum support: modern Codex models use the
+// none/low/medium/high/xhigh effort enum and reject "minimal", which is the
+// CLI default. (#71946)
+export function isModernCodexModel(modelId: string): boolean {
+  const lower = modelId.trim().toLowerCase();
+  return (
+    lower === "gpt-5.5" || lower === "gpt-5.4" || lower === "gpt-5.4-mini" || lower === "gpt-5.2"
+  );
+}

package/src/app-server/app-inventory-cache.ts

@@ -0,0 +1,324 @@
+import { embeddedAgentLog } from "autobot/plugin-sdk/agent-harness-runtime";
+import type { JsonValue, v2 } from "./protocol.js";
+
+export const CODEX_APP_INVENTORY_CACHE_TTL_MS = 60 * 60 * 1_000;
+const MAX_SERIALIZED_ERROR_MESSAGE_LENGTH = 500;
+
+export type CodexAppInventoryRequest = (
+  method: "app/list",
+  params: v2.AppsListParams,
+) => Promise<v2.AppsListResponse>;
+
+export type CodexAppInventoryCacheKeyInput = {
+  codexHome?: string;
+  endpoint?: string;
+  authProfileId?: string;
+  accountId?: string;
+  envApiKeyFingerprint?: string;
+  appServerVersion?: string;
+};
+
+export type CodexAppInventoryCacheDiagnostic = {
+  message: string;
+  atMs: number;
+};
+
+export type CodexAppInventorySnapshot = {
+  key: string;
+  apps: v2.AppInfo[];
+  fetchedAtMs: number;
+  expiresAtMs: number;
+  revision: number;
+  lastError?: CodexAppInventoryCacheDiagnostic;
+};
+
+export type CodexAppInventoryReadState = "fresh" | "stale" | "missing";
+
+export type CodexAppInventoryCacheRead = {
+  state: CodexAppInventoryReadState;
+  key: string;
+  revision: number;
+  snapshot?: CodexAppInventorySnapshot;
+  refreshScheduled: boolean;
+  diagnostic?: CodexAppInventoryCacheDiagnostic;
+};
+
+type CacheEntry = CodexAppInventorySnapshot & {
+  invalidated: boolean;
+};
+
+type RefreshParams = {
+  key: string;
+  request: CodexAppInventoryRequest;
+  nowMs?: number;
+  forceRefetch?: boolean;
+  suppressRefresh?: boolean;
+};
+
+export class CodexAppInventoryCache {
+  private readonly ttlMs: number;
+  private readonly entries = new Map<string, CacheEntry>();
+  private readonly inFlight = new Map<string, Promise<CodexAppInventorySnapshot>>();
+  // Per-key refresh generation. Each refresh attempt claims the next token so
+  // an older request that finishes late cannot overwrite a newer snapshot.
+  private readonly refreshTokens = new Map<string, number>();
+  private readonly diagnostics = new Map<string, CodexAppInventoryCacheDiagnostic>();
+  private revision = 0;
+
+  constructor(options: { ttlMs?: number } = {}) {
+    this.ttlMs = options.ttlMs ?? CODEX_APP_INVENTORY_CACHE_TTL_MS;
+  }
+
+  read(params: RefreshParams): CodexAppInventoryCacheRead {
+    const nowMs = params.nowMs ?? Date.now();
+    const entry = this.entries.get(params.key);
+    if (!entry) {
+      const refreshScheduled = params.suppressRefresh ? false : this.scheduleRefresh(params);
+      return {
+        state: "missing",
+        key: params.key,
+        revision: this.revision,
+        refreshScheduled,
+        ...(this.diagnostics.get(params.key)
+          ? { diagnostic: this.diagnostics.get(params.key) }
+          : {}),
+      };
+    }
+
+    const state: CodexAppInventoryReadState =
+      entry.invalidated || entry.expiresAtMs <= nowMs ? "stale" : "fresh";
+    const refreshScheduled =
+      state === "fresh" && !params.forceRefetch ? false : this.scheduleRefresh(params);
+    return {
+      state,
+      key: params.key,
+      revision: entry.revision,
+      snapshot: stripEntryState(entry),
+      refreshScheduled,
+      ...(entry.lastError ? { diagnostic: entry.lastError } : {}),
+    };
+  }
+
+  refreshNow(params: RefreshParams): Promise<CodexAppInventorySnapshot> {
+    return this.refresh(params);
+  }
+
+  invalidate(key: string, reason: string, nowMs = Date.now()): number {
+    this.revision += 1;
+    const diagnostic = { message: reason, atMs: nowMs };
+    const entry = this.entries.get(key);
+    if (entry) {
+      entry.invalidated = true;
+      entry.lastError = diagnostic;
+      entry.revision = this.revision;
+    } else {
+      this.diagnostics.set(key, diagnostic);
+    }
+    return this.revision;
+  }
+
+  clear(): void {
+    this.entries.clear();
+    this.inFlight.clear();
+    this.refreshTokens.clear();
+    this.diagnostics.clear();
+    this.revision = 0;
+  }
+
+  getRevision(): number {
+    return this.revision;
+  }
+
+  private scheduleRefresh(params: RefreshParams): boolean {
+    if (this.inFlight.has(params.key) && !params.forceRefetch) {
+      return true;
+    }
+    const promise = this.refresh(params);
+    this.inFlight.set(params.key, promise);
+    promise.catch(() => undefined);
+    return true;
+  }
+
+  private async refresh(params: RefreshParams): Promise<CodexAppInventorySnapshot> {
+    const existing = this.inFlight.get(params.key);
+    if (existing && !params.forceRefetch) {
+      return existing;
+    }
+
+    const refreshToken = (this.refreshTokens.get(params.key) ?? 0) + 1;
+    this.refreshTokens.set(params.key, refreshToken);
+    const promise = this.refreshUncoalesced(params, refreshToken);
+    this.inFlight.set(params.key, promise);
+    try {
+      return await promise;
+    } finally {
+      if (this.inFlight.get(params.key) === promise) {
+        this.inFlight.delete(params.key);
+      }
+    }
+  }
+
+  private async refreshUncoalesced(
+    params: RefreshParams,
+    refreshToken: number,
+  ): Promise<CodexAppInventorySnapshot> {
+    const nowMs = params.nowMs ?? Date.now();
+    try {
+      const apps = await listAllApps(params.request, params.forceRefetch ?? false);
+      this.revision += 1;
+      const snapshot: CodexAppInventorySnapshot = {
+        key: params.key,
+        apps,
+        fetchedAtMs: nowMs,
+        expiresAtMs: nowMs + this.ttlMs,
+        revision: this.revision,
+      };
+      // Only publish this snapshot if no newer refresh started for the same key
+      // while this request was in flight.
+      if (this.refreshTokens.get(params.key) === refreshToken) {
+        this.entries.set(params.key, { ...snapshot, invalidated: false });
+        this.diagnostics.delete(params.key);
+      }
+      return snapshot;
+    } catch (error) {
+      const diagnostic = {
+        message: sanitizeErrorMessage(error instanceof Error ? error.message : String(error)),
+        atMs: nowMs,
+      };
+      this.diagnostics.set(params.key, diagnostic);
+      const entry = this.entries.get(params.key);
+      if (entry) {
+        entry.lastError = diagnostic;
+      }
+      embeddedAgentLog.warn("codex app inventory refresh failed", {
+        forceRefetch: params.forceRefetch === true,
+        keyFingerprint: fingerprintInventoryCacheKey(params.key),
+        error: serializeCodexAppInventoryError(error),
+      });
+      throw error;
+    }
+  }
+}
+
+export function serializeCodexAppInventoryError(error: unknown): Record<string, unknown> {
+  const record = isRecord(error) ? error : undefined;
+  const data = record && "data" in record ? redactErrorData(record.data) : undefined;
+  return {
+    name:
+      error instanceof Error
+        ? error.name
+        : typeof record?.name === "string"
+          ? record.name
+          : undefined,
+    message: sanitizeErrorMessage(error instanceof Error ? error.message : String(error)),
+    ...(typeof record?.code === "number" ? { code: record.code } : {}),
+    ...(data !== undefined ? { data } : {}),
+  };
+}
+
+export const defaultCodexAppInventoryCache = new CodexAppInventoryCache();
+
+export function buildCodexAppInventoryCacheKey(input: CodexAppInventoryCacheKeyInput): string {
+  return JSON.stringify({
+    codexHome: input.codexHome ?? null,
+    endpoint: input.endpoint ?? null,
+    authProfileId: input.authProfileId ?? null,
+    accountId: input.accountId ?? null,
+    envApiKeyFingerprint: input.envApiKeyFingerprint ?? null,
+    appServerVersion: input.appServerVersion ?? null,
+  });
+}
+
+async function listAllApps(
+  request: CodexAppInventoryRequest,
+  forceRefetch: boolean,
+): Promise<v2.AppInfo[]> {
+  const apps: v2.AppInfo[] = [];
+  let cursor: string | null | undefined;
+  do {
+    const response = await request("app/list", {
+      cursor,
+      limit: 100,
+      forceRefetch,
+    });
+    apps.push(...response.data);
+    cursor = response.nextCursor;
+  } while (cursor);
+  return apps;
+}
+
+function stripEntryState(entry: CacheEntry): CodexAppInventorySnapshot {
+  const { invalidated: _invalidated, ...snapshot } = entry;
+  return snapshot;
+}
+
+function fingerprintInventoryCacheKey(key: string): string {
+  let hash = 0;
+  for (let index = 0; index < key.length; index += 1) {
+    hash = (hash * 31 + key.charCodeAt(index)) >>> 0;
+  }
+  return hash.toString(16).padStart(8, "0");
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+
+function redactErrorData(value: unknown, depth = 0): JsonValue | undefined {
+  if (value === undefined) {
+    return undefined;
+  }
+  if (value === null || typeof value === "boolean" || typeof value === "number") {
+    return value;
+  }
+  if (depth > 6) {
+    return "[truncated]";
+  }
+  if (Array.isArray(value)) {
+    return value.map((entry) => redactErrorData(entry, depth + 1) ?? null);
+  }
+  if (isRecord(value)) {
+    const redacted: Record<string, JsonValue> = {};
+    for (const [key, entry] of Object.entries(value)) {
+      redacted[key] = isSensitiveErrorDataKey(key)
+        ? "<redacted>"
+        : (redactErrorData(entry, depth + 1) ?? null);
+    }
+    return redacted;
+  }
+  if (typeof value === "string" && value.length > 500) {
+    return `${value.slice(0, 500)}...`;
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  if (typeof value === "bigint") {
+    return value.toString();
+  }
+  if (typeof value === "symbol") {
+    return value.description ? `Symbol(${value.description})` : "Symbol()";
+  }
+  if (typeof value === "function") {
+    return value.name ? `[function ${value.name}]` : "[function]";
+  }
+  return "[unserializable]";
+}
+
+function sanitizeErrorMessage(message: string): string {
+  const htmlStart = message.search(/<html[\s>]/i);
+  const withoutHtml =
+    htmlStart >= 0
+      ? `${message.slice(0, htmlStart).trimEnd()} [HTML response body omitted]`
+      : message;
+  const redacted = withoutHtml.replace(
+    /([?&][^=\s"'<>]*(?:api[_-]?key|authorization|cookie|credential|password|secret|token|tk)[^=\s"'<>]*=)[^&\s"'<>]+/gi,
+    "$1<redacted>",
+  );
+  return redacted.length > MAX_SERIALIZED_ERROR_MESSAGE_LENGTH
+    ? `${redacted.slice(0, MAX_SERIALIZED_ERROR_MESSAGE_LENGTH)}...`
+    : redacted;
+}
+
+function isSensitiveErrorDataKey(key: string): boolean {
+  return /api[_-]?key|authorization|cookie|credential|password|secret|token/i.test(key);
+}