@h-rig/runtime 0.0.6-alpha.0

package/dist/src/control-plane/provider/codex-app-server.js

@@ -0,0 +1,885 @@
+// @bun
+// packages/runtime/src/control-plane/provider/codex-app-server.ts
+import { spawn } from "child_process";
+import { createInterface } from "readline";
+
+// packages/runtime/src/control-plane/runtime/tooling/claude-router.ts
+import { existsSync, mkdirSync, statSync, writeFileSync } from "fs";
+import { resolve } from "path";
+var CLAUDE_ROUTER_TOOL_DEFINITIONS = [
+  {
+    name: "read",
+    description: "Read a UTF-8 file from the current Rig task worktree, the outer control-plane repo ($PROJECT_RIG_ROOT), or the host monorepo checkout ($MONOREPO_MAIN_ROOT).",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Absolute or workspace-relative file path." },
+        offset: { type: "integer", minimum: 0 },
+        limit: { type: "integer", minimum: 1, maximum: 2097152 }
+      },
+      required: ["path"],
+      additionalProperties: false
+    }
+  },
+  {
+    name: "write",
+    description: "Write UTF-8 content to a file inside the current Rig task workspace only.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Absolute or workspace-relative file path." },
+        content: { type: "string" },
+        create_parents: { type: "boolean" }
+      },
+      required: ["path", "content"],
+      additionalProperties: false
+    }
+  },
+  {
+    name: "edit",
+    description: "Replace one or more exact string occurrences in a UTF-8 file inside the current Rig task workspace only.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Absolute or workspace-relative file path." },
+        old_string: { type: "string" },
+        new_string: { type: "string" },
+        replace_all: { type: "boolean" }
+      },
+      required: ["path", "old_string", "new_string"],
+      additionalProperties: false
+    }
+  },
+  {
+    name: "glob",
+    description: "Search files using a glob pattern across the current task worktree, $PROJECT_RIG_ROOT, or $MONOREPO_MAIN_ROOT.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        pattern: { type: "string" },
+        path: { type: "string", description: "Optional workspace-relative search root." },
+        include_hidden: { type: "boolean" },
+        max_results: { type: "integer", minimum: 1, maximum: 5000 }
+      },
+      required: ["pattern"],
+      additionalProperties: false
+    }
+  },
+  {
+    name: "grep",
+    description: "Search file contents across the current task worktree, $PROJECT_RIG_ROOT, or $MONOREPO_MAIN_ROOT.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        pattern: { type: "string" },
+        path: { type: "string", description: "Optional workspace-relative search root." },
+        literal: { type: "boolean" },
+        include_hidden: { type: "boolean" },
+        max_results: { type: "integer", minimum: 1, maximum: 500 },
+        glob: { type: "string", description: "Optional file glob filter passed through to ripgrep." }
+      },
+      required: ["pattern"],
+      additionalProperties: false
+    }
+  }
+];
+async function invokeRuntimeTool(toolName, args, options = {}) {
+  if (toolName === "shell") {
+    return invokeRuntimeShellTool(args, options);
+  }
+  const invocationEnv = options.env ?? process.env;
+  const binaryPath = resolveRuntimeToolBinary(toolName, invocationEnv);
+  if (!binaryPath) {
+    return {
+      content: [
+        {
+          type: "text",
+          text: `Unknown Rig runtime tool: ${toolName}`
+        }
+      ],
+      isError: true
+    };
+  }
+  const proc = Bun.spawn([binaryPath], {
+    stdin: "pipe",
+    stdout: "pipe",
+    stderr: "pipe",
+    env: invocationEnv
+  });
+  const requestBody = `${JSON.stringify(args)}
+`;
+  if (proc.stdin) {
+    await proc.stdin.write(requestBody);
+    await proc.stdin.end();
+  }
+  const [exitCode, stdout, stderr] = await Promise.all([
+    proc.exited,
+    readBunProcessPipe(proc.stdout),
+    readBunProcessPipe(proc.stderr)
+  ]);
+  if (exitCode !== 0) {
+    const text = [stdout.trim(), stderr.trim()].filter(Boolean).join(`
+`) || `Tool ${toolName} exited with code ${exitCode}`;
+    return {
+      content: [{ type: "text", text }],
+      isError: true
+    };
+  }
+  let payload;
+  try {
+    payload = JSON.parse(stdout);
+  } catch {
+    return {
+      content: [{ type: "text", text: stdout.trim() || `(empty output from ${toolName})` }],
+      isError: false
+    };
+  }
+  if (payload.ok === false) {
+    return {
+      content: [{ type: "text", text: String(payload.message ?? `Tool ${toolName} failed`) }],
+      structuredContent: payload,
+      isError: true
+    };
+  }
+  return {
+    content: [{ type: "text", text: renderToolText(toolName, payload) }],
+    structuredContent: payload,
+    isError: false
+  };
+}
+async function readBunProcessPipe(pipe) {
+  if (typeof pipe === "number" || !pipe) {
+    return "";
+  }
+  return new Response(pipe).text();
+}
+function resolveRuntimeToolBinary(toolName, env) {
+  const binDir = env.RIG_RUNTIME_BIN_DIR?.trim() || "";
+  if (!binDir) {
+    return "";
+  }
+  const mapping = {
+    read: "rig-read",
+    write: "rig-write",
+    edit: "rig-edit",
+    glob: "rig-glob",
+    grep: "rig-grep"
+  };
+  const executable = mapping[toolName];
+  return executable ? resolve(binDir, executable) : "";
+}
+function renderToolText(toolName, payload) {
+  if (toolName === "shell") {
+    const command = typeof payload.command === "string" ? payload.command : "(unknown command)";
+    const stdout = typeof payload.stdout === "string" ? payload.stdout.trim() : "";
+    const stderr = typeof payload.stderr === "string" ? payload.stderr.trim() : "";
+    const exitCode = typeof payload.exit_code === "number" ? payload.exit_code : null;
+    const output = [stdout, stderr].filter(Boolean).join(`
+`);
+    const summary = exitCode === null ? command : `${command}
+
+exit_code=${String(exitCode)}`;
+    return output ? `${summary}
+
+${output}` : summary;
+  }
+  if (toolName === "read") {
+    const path = typeof payload.path === "string" ? payload.path : "(unknown path)";
+    const content = typeof payload.content === "string" ? payload.content : "";
+    const truncated = payload.truncated === true ? `
+
+[truncated]` : "";
+    return `${path}
+
+${content}${truncated}`;
+  }
+  if (toolName === "glob") {
+    const matches = Array.isArray(payload.matches) ? payload.matches.filter((value) => typeof value === "string") : [];
+    return matches.length > 0 ? matches.join(`
+`) : "(no matches)";
+  }
+  if (toolName === "grep") {
+    const matches = Array.isArray(payload.matches) ? payload.matches.filter(isRecord) : [];
+    if (matches.length === 0) {
+      return "(no matches)";
+    }
+    return matches.map((match) => `${String(match.path ?? "(unknown)")}:${String(match.line_number ?? "?")}: ${String(match.line ?? "")}`).join(`
+`);
+  }
+  if (toolName === "write") {
+    return `Wrote ${String(payload.bytes_written ?? 0)} bytes to ${String(payload.path ?? "(unknown path)")}.`;
+  }
+  if (toolName === "edit") {
+    return `Edited ${String(payload.path ?? "(unknown path)")}; replacements: ${String(payload.replacements ?? 0)}.`;
+  }
+  return JSON.stringify(payload, null, 2);
+}
+async function invokeRuntimeShellTool(args, options = {}) {
+  const command = typeof args.command === "string" ? args.command.trim() : "";
+  if (!command) {
+    return {
+      content: [{ type: "text", text: "Missing required shell `command` string." }],
+      isError: true
+    };
+  }
+  const invocationEnv = options.env ?? process.env;
+  const shellName = args.shell === "sh" ? "sh" : args.shell === "zsh" ? "zsh" : "bash";
+  const shellBinary = resolveRuntimeShellBinary(shellName, invocationEnv);
+  if (!shellBinary) {
+    return {
+      content: [{ type: "text", text: `Missing Rig runtime shell binary for ${shellName}.` }],
+      isError: true
+    };
+  }
+  const workspaceRoot = resolve(invocationEnv.RIG_TASK_WORKSPACE?.trim() || process.cwd());
+  const requestedWorkdir = typeof args.workdir === "string" ? args.workdir.trim() : "";
+  const workdir = requestedWorkdir ? resolveWithinWorkspace(workspaceRoot, requestedWorkdir) : workspaceRoot;
+  if (!existsSync(workdir)) {
+    return {
+      content: [{
+        type: "text",
+        text: `Shell workdir does not exist inside the task workspace: ${requestedWorkdir || "."}`
+      }],
+      isError: true
+    };
+  }
+  try {
+    if (!statSync(workdir).isDirectory()) {
+      return {
+        content: [{
+          type: "text",
+          text: `Shell workdir is not a directory inside the task workspace: ${requestedWorkdir || "."}`
+        }],
+        isError: true
+      };
+    }
+  } catch (error) {
+    return {
+      content: [{
+        type: "text",
+        text: error instanceof Error ? error.message : String(error)
+      }],
+      isError: true
+    };
+  }
+  let proc = null;
+  try {
+    proc = Bun.spawn([shellBinary, shellName === "bash" ? "-lc" : "-c", command], {
+      cwd: workdir,
+      env: invocationEnv,
+      stdout: "pipe",
+      stderr: "pipe"
+    });
+  } catch (error) {
+    return {
+      content: [{
+        type: "text",
+        text: error instanceof Error ? error.message : String(error)
+      }],
+      isError: true
+    };
+  }
+  const [exitCode, stdout, stderr] = await Promise.all([
+    proc.exited,
+    readBunProcessPipe(proc.stdout),
+    readBunProcessPipe(proc.stderr)
+  ]);
+  const payload = {
+    ok: exitCode === 0,
+    shell: shellName,
+    cwd: workdir,
+    command,
+    stdout,
+    stderr,
+    exit_code: exitCode
+  };
+  return {
+    content: [{ type: "text", text: renderToolText("shell", payload) }],
+    structuredContent: payload,
+    isError: exitCode !== 0
+  };
+}
+function resolveRuntimeShellBinary(shellName, env) {
+  const binDir = env.RIG_RUNTIME_BIN_DIR?.trim() || "";
+  return binDir ? resolve(binDir, shellName) : "";
+}
+function resolveWithinWorkspace(workspaceRoot, target) {
+  const resolvedTarget = resolve(workspaceRoot, normalizeWorkspaceRelativeTarget(target));
+  const normalizedWorkspace = workspaceRoot.endsWith("/") ? workspaceRoot : `${workspaceRoot}/`;
+  const normalizedTarget = resolvedTarget.endsWith("/") ? resolvedTarget : `${resolvedTarget}/`;
+  if (resolvedTarget === workspaceRoot || normalizedTarget.startsWith(normalizedWorkspace)) {
+    return resolvedTarget;
+  }
+  throw new Error(`Shell workdir must stay inside the task workspace: ${target}`);
+}
+function normalizeWorkspaceRelativeTarget(target) {
+  const trimmed = target.trim();
+  if (!trimmed) {
+    return ".";
+  }
+  if (trimmed === "$MONOREPO_ROOT" || trimmed === "$RIG_TASK_WORKSPACE") {
+    return ".";
+  }
+  if (trimmed.startsWith("$MONOREPO_ROOT/")) {
+    return trimmed.slice("$MONOREPO_ROOT/".length);
+  }
+  if (trimmed.startsWith("$RIG_TASK_WORKSPACE/")) {
+    return trimmed.slice("$RIG_TASK_WORKSPACE/".length);
+  }
+  if (trimmed === "repos/spliter-monorepo") {
+    return ".";
+  }
+  if (trimmed.startsWith("repos/spliter-monorepo/")) {
+    return trimmed.slice("repos/spliter-monorepo/".length);
+  }
+  return trimmed;
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+if (false) {}
+
+// packages/runtime/src/control-plane/provider/codex-app-server.ts
+var CODEX_APP_SERVER_TASK_RUN_SENTINEL = "__rig_codex_app_server_task_run__";
+var RIG_DYNAMIC_TOOL_SERVER = "rig_runtime_tools";
+var DEFAULT_CLIENT_INFO = {
+  name: "rig_task_runtime",
+  title: "Rig Task Runtime",
+  version: "0.1.0"
+};
+var CODEX_APP_SERVER_DISABLED_FEATURES = [
+  "shell_tool",
+  "apply_patch_freeform",
+  "request_permissions_tool",
+  "apps",
+  "plugins",
+  "tool_search",
+  "js_repl",
+  "js_repl_tools_only",
+  "collab"
+];
+function buildCodexAppServerArgs() {
+  return [
+    "app-server",
+    ...CODEX_APP_SERVER_DISABLED_FEATURES.flatMap((feature) => ["--disable", feature]),
+    "-c",
+    'web_search="disabled"',
+    "-c",
+    "tools.view_image=false",
+    "-c",
+    "features.default_mode_request_user_input=false"
+  ];
+}
+function parseCodexAppServerTaskRunArgs(argv) {
+  if (argv[0] !== CODEX_APP_SERVER_TASK_RUN_SENTINEL) {
+    return null;
+  }
+  let model;
+  let prompt;
+  let runtimeMode = "workspace-write";
+  let interactionMode;
+  for (let index = 1;index < argv.length; index += 1) {
+    const current = argv[index];
+    if (current === "--model") {
+      model = argv[index + 1];
+      index += 1;
+      continue;
+    }
+    if (current === "--runtime-mode") {
+      runtimeMode = argv[index + 1] ?? runtimeMode;
+      index += 1;
+      continue;
+    }
+    if (current === "--interaction-mode") {
+      interactionMode = argv[index + 1];
+      index += 1;
+      continue;
+    }
+    if (current === "--prompt") {
+      prompt = argv[index + 1];
+      index += 1;
+      continue;
+    }
+  }
+  if (!prompt?.trim()) {
+    throw new Error("Missing `--prompt` for Codex app-server task run.");
+  }
+  return {
+    model: model?.trim() ? model.trim() : undefined,
+    prompt,
+    runtimeMode,
+    interactionMode
+  };
+}
+async function runCodexAppServerTaskRun(options) {
+  const child = spawn(options.codexBinary, options.launchArgs, {
+    cwd: options.cwd,
+    env: sanitizeEnv(options.env),
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+  const pendingResponses = new Map;
+  const dynamicToolResults = new Map;
+  const agentMessageText = new Map;
+  const inFlightToolCalls = new Set;
+  let nextRequestId = 1;
+  let sendQueue = Promise.resolve();
+  const completionState = { current: null };
+  const stdout = createInterface({ input: child.stdout });
+  const stderr = createInterface({ input: child.stderr });
+  const sendMessage = (payload) => {
+    const line = `${JSON.stringify(payload)}
+`;
+    sendQueue = sendQueue.then(() => writeChildLine(child, line));
+    return sendQueue;
+  };
+  const sendRequest = async (method, params) => {
+    const id = nextRequestId;
+    nextRequestId += 1;
+    const resultPromise = new Promise((resolve2, reject) => {
+      pendingResponses.set(id, { resolve: resolve2, reject });
+    });
+    await sendMessage({ id, method, params });
+    return resultPromise;
+  };
+  const sendResponse = async (id, result) => {
+    await sendMessage({ id, result });
+  };
+  const sendError = async (id, message) => {
+    await sendMessage({
+      id,
+      error: {
+        code: -32603,
+        message
+      }
+    });
+  };
+  const trackToolCall = (call) => {
+    inFlightToolCalls.add(call);
+    call.finally(() => inFlightToolCalls.delete(call)).catch((err) => {
+      console.warn("[codex-app-server] in-flight tool call failure:", err);
+    });
+  };
+  const handleNotification = (message) => {
+    const method = message.method;
+    if (!method) {
+      return;
+    }
+    const params = message.params ?? {};
+    const timestamp = new Date().toISOString();
+    if (method === "thread/started") {
+      emitSyntheticCodexRecord({
+        type: "thread.started",
+        timestamp,
+        thread: params.thread ?? null
+      });
+      return;
+    }
+    if (method === "turn/started") {
+      emitSyntheticCodexRecord({
+        type: "turn.started",
+        timestamp,
+        turn: params.turn ?? null
+      });
+      return;
+    }
+    if (method === "item/agentMessage/delta") {
+      const itemId = normalizeString(params.itemId);
+      const delta = typeof params.delta === "string" ? params.delta : "";
+      if (!itemId || delta.length === 0) {
+        return;
+      }
+      agentMessageText.set(itemId, `${agentMessageText.get(itemId) ?? ""}${delta}`);
+      emitSyntheticCodexRecord({
+        type: "stream_event",
+        event: {
+          delta: {
+            type: "text_delta",
+            text: delta
+          }
+        }
+      });
+      return;
+    }
+    if (method === "item/started" || method === "item/completed") {
+      const record = mapAppServerItemToCodexRecord({
+        phase: method === "item/started" ? "item.started" : "item.completed",
+        timestamp,
+        item: params.item,
+        dynamicToolResults,
+        agentMessageText
+      });
+      if (record) {
+        emitSyntheticCodexRecord(record);
+      }
+      return;
+    }
+    if (method === "turn/completed") {
+      const turn = asRecord(params.turn);
+      const error = asRecord(turn?.error);
+      completionState.current = {
+        status: normalizeString(turn?.status) ?? "failed",
+        error: normalizeString(error?.message)
+      };
+      emitSyntheticCodexRecord({
+        type: "turn.completed",
+        timestamp,
+        turn
+      });
+      return;
+    }
+    if (method === "error") {
+      const errorMessage = normalizeString(params.message) ?? JSON.stringify(params);
+      console.error(`[rig-codex-app-server] ${errorMessage}`);
+    }
+  };
+  const handleServerRequest = (message) => {
+    const method = message.method;
+    const requestId = message.id;
+    if (!method || requestId === undefined) {
+      return;
+    }
+    if (method === "item/tool/call") {
+      const params = message.params ?? {};
+      const callId = normalizeString(params.callId);
+      const toolName = normalizeString(params.tool);
+      const toolArgs = asRecord(params.arguments) ?? {};
+      const toolCall = (async () => {
+        if (!callId || !toolName) {
+          await sendError(requestId, "Malformed dynamic tool call.");
+          return;
+        }
+        try {
+          const invocation = await invokeRuntimeTool(toolName, toolArgs, {
+            env: options.env
+          });
+          const contentItems = invocationToContentItems(invocation);
+          const contentText = contentItems.filter((item) => item.type === "inputText").map((item) => item.text).join(`
+`).trim();
+          dynamicToolResults.set(callId, {
+            isError: invocation.isError === true,
+            contentText,
+            structuredResult: asRecord(invocation.structuredContent) ?? (contentText ? { content: contentText } : null)
+          });
+          await sendResponse(requestId, {
+            contentItems,
+            success: invocation.isError !== true
+          });
+        } catch (error) {
+          const messageText = error instanceof Error ? error.message : String(error);
+          dynamicToolResults.set(callId, {
+            isError: true,
+            contentText: messageText,
+            structuredResult: { error: messageText }
+          });
+          await sendResponse(requestId, {
+            contentItems: [{ type: "inputText", text: messageText }],
+            success: false
+          });
+        }
+      })();
+      trackToolCall(toolCall);
+      return;
+    }
+    if (method === "item/commandExecution/requestApproval" || method === "item/fileChange/requestApproval") {
+      trackToolCall(sendResponse(requestId, { decision: "decline" }));
+      return;
+    }
+    if (method === "item/permissions/requestApproval") {
+      trackToolCall(sendResponse(requestId, {
+        permissions: {},
+        scope: "turn"
+      }));
+      return;
+    }
+    if (method === "applyPatchApproval" || method === "execCommandApproval") {
+      trackToolCall(sendResponse(requestId, { decision: "denied" }));
+      return;
+    }
+    trackToolCall(sendError(requestId, `Unsupported app-server request: ${method}`));
+  };
+  stdout.on("line", (line) => {
+    const trimmed = line.trim();
+    if (!trimmed) {
+      return;
+    }
+    let message;
+    try {
+      message = JSON.parse(trimmed);
+    } catch {
+      console.error(trimmed);
+      return;
+    }
+    if (message.method) {
+      if (message.id !== undefined) {
+        handleServerRequest(message);
+      } else {
+        handleNotification(message);
+      }
+      return;
+    }
+    if (message.id !== undefined) {
+      const pending = pendingResponses.get(message.id);
+      if (!pending) {
+        return;
+      }
+      pendingResponses.delete(message.id);
+      if (message.error) {
+        pending.reject(new Error(formatJsonRpcError(message.error)));
+      } else {
+        pending.resolve(message.result ?? {});
+      }
+    }
+  });
+  stderr.on("line", (line) => {
+    if (line.trim()) {
+      console.error(line);
+    }
+  });
+  const exitPromise = new Promise((resolve2) => {
+    child.once("close", (code, signal) => resolve2({ code, signal }));
+  });
+  await sendRequest("initialize", {
+    clientInfo: DEFAULT_CLIENT_INFO,
+    capabilities: {
+      experimentalApi: true
+    }
+  });
+  await sendMessage({
+    method: "initialized",
+    params: {}
+  });
+  const threadStart = await sendRequest("thread/start", {
+    model: options.config.model ?? null,
+    cwd: options.cwd,
+    approvalPolicy: "never",
+    sandbox: options.config.runtimeMode === "full-access" ? "danger-full-access" : "workspace-write",
+    serviceName: "rig_task_runtime",
+    experimentalRawEvents: false,
+    persistExtendedHistory: false,
+    dynamicTools: codexDynamicToolDefinitions()
+  });
+  const thread = asRecord(threadStart.thread);
+  const threadId = normalizeString(thread?.id);
+  if (!threadId) {
+    throw new Error("Codex app-server thread/start did not return a thread id.");
+  }
+  await sendRequest("turn/start", {
+    threadId,
+    input: [
+      {
+        type: "text",
+        text: options.config.prompt,
+        text_elements: []
+      }
+    ]
+  });
+  let exitResult = null;
+  while (!completionState.current) {
+    exitResult = await Promise.race([
+      exitPromise,
+      new Promise((resolve2) => setTimeout(() => resolve2(null), 100))
+    ]);
+    if (exitResult) {
+      break;
+    }
+  }
+  const completedTurn = completionState.current;
+  if (!completedTurn) {
+    const detail = exitResult ? `codex app-server exited before turn completion (${String(exitResult.code ?? exitResult.signal ?? "unknown")})` : "codex app-server exited before turn completion";
+    throw new Error(detail);
+  }
+  if (inFlightToolCalls.size > 0) {
+    await Promise.allSettled(Array.from(inFlightToolCalls));
+  }
+  terminateChild(child);
+  await exitPromise;
+  if (completedTurn.status !== "completed") {
+    const reason = completedTurn.error ?? `Codex turn ended with status ${completedTurn.status}`;
+    console.error(`[rig-codex-app-server] ${reason}`);
+    return 1;
+  }
+  return 0;
+}
+function codexDynamicToolDefinitions() {
+  return [
+    {
+      name: "shell",
+      description: "Run a shell command through Rig's audited gateway inside the current task workspace. Use this for git, bun, node, python3, rg, and related command-line work. Never rely on absolute host binaries.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          command: { type: "string", description: "Shell command to execute." },
+          workdir: { type: "string", description: "Optional workspace-relative working directory." },
+          shell: { type: "string", enum: ["bash", "sh", "zsh"] }
+        },
+        required: ["command"],
+        additionalProperties: false
+      }
+    },
+    ...CLAUDE_ROUTER_TOOL_DEFINITIONS
+  ];
+}
+function mapAppServerItemToCodexRecord(input) {
+  const item = asRecord(input.item);
+  const itemType = normalizeString(item?.type);
+  const itemId = normalizeString(item?.id);
+  if (!item || !itemType || !itemId) {
+    return null;
+  }
+  if (itemType === "agentMessage") {
+    if (input.phase !== "item.completed") {
+      return null;
+    }
+    const finalText = normalizeString(item.text) ?? input.agentMessageText.get(itemId) ?? "";
+    input.agentMessageText.delete(itemId);
+    return {
+      type: "item.completed",
+      timestamp: input.timestamp,
+      item: {
+        id: itemId,
+        type: "agent_message",
+        text: finalText
+      }
+    };
+  }
+  if (itemType === "commandExecution") {
+    return {
+      type: input.phase,
+      timestamp: input.timestamp,
+      item: {
+        id: itemId,
+        type: "command_execution",
+        command: normalizeString(item.command),
+        cwd: normalizeString(item.cwd),
+        status: normalizeStatus(item.status),
+        aggregated_output: normalizeString(item.aggregatedOutput),
+        exit_code: typeof item.exitCode === "number" ? item.exitCode : null,
+        duration_ms: typeof item.durationMs === "number" ? item.durationMs : null
+      }
+    };
+  }
+  if (itemType === "mcpToolCall") {
+    return {
+      type: input.phase,
+      timestamp: input.timestamp,
+      item: {
+        id: itemId,
+        type: "mcp_tool_call",
+        server: normalizeString(item.server),
+        tool: normalizeString(item.tool),
+        status: normalizeStatus(item.status),
+        arguments: item.arguments ?? null,
+        result: asRecord(item.result) ?? null,
+        error: asRecord(item.error) ?? null
+      }
+    };
+  }
+  if (itemType === "dynamicToolCall") {
+    const cached = input.dynamicToolResults.get(itemId) ?? null;
+    if (input.phase === "item.completed") {
+      input.dynamicToolResults.delete(itemId);
+    }
+    return {
+      type: input.phase,
+      timestamp: input.timestamp,
+      item: {
+        id: itemId,
+        type: "mcp_tool_call",
+        server: RIG_DYNAMIC_TOOL_SERVER,
+        tool: normalizeString(item.tool),
+        status: cached?.isError ? "failed" : normalizeStatus(item.status),
+        arguments: item.arguments ?? null,
+        result: cached?.structuredResult ?? {
+          content_items: item.contentItems ?? null,
+          success: item.success ?? null
+        }
+      }
+    };
+  }
+  return null;
+}
+function invocationToContentItems(invocation) {
+  const items = Array.isArray(invocation.content) ? invocation.content : [];
+  const mapped = items.map((item) => {
+    const entry = asRecord(item);
+    if (!entry || entry.type !== "text" || typeof entry.text !== "string") {
+      return null;
+    }
+    return {
+      type: "inputText",
+      text: entry.text
+    };
+  }).filter((item) => Boolean(item));
+  return mapped.length > 0 ? mapped : [{ type: "inputText", text: "(empty tool response)" }];
+}
+function emitSyntheticCodexRecord(record) {
+  process.stdout.write(`${JSON.stringify(record)}
+`);
+}
+function sanitizeEnv(env) {
+  const next = {};
+  for (const [key, value] of Object.entries(env)) {
+    if (typeof value === "string") {
+      next[key] = value;
+    }
+  }
+  return next;
+}
+function writeChildLine(child, line) {
+  return new Promise((resolve2, reject) => {
+    child.stdin.write(line, (error) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      resolve2();
+    });
+  });
+}
+function terminateChild(child) {
+  if (child.killed) {
+    return;
+  }
+  try {
+    child.kill("SIGTERM");
+  } catch {}
+}
+function asRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : null;
+}
+function normalizeString(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function normalizeStatus(value) {
+  const raw = normalizeString(value);
+  if (!raw) {
+    return null;
+  }
+  switch (raw) {
+    case "inProgress":
+      return "in_progress";
+    case "completed":
+    case "failed":
+    case "declined":
+      return raw;
+    default:
+      return raw;
+  }
+}
+function formatJsonRpcError(error) {
+  if (!error) {
+    return "Unknown app-server error";
+  }
+  const parts = [error.message, error.data ? JSON.stringify(error.data) : null].filter(Boolean);
+  return parts.join(" ");
+}
+export {
+  runCodexAppServerTaskRun,
+  parseCodexAppServerTaskRunArgs,
+  buildCodexAppServerArgs,
+  CODEX_APP_SERVER_TASK_RUN_SENTINEL
+};