@in-the-loop-labs/pair-review 3.4.1 → 3.5.1

package/src/ai/codex-provider.js

@@ -34,6 +34,29 @@ const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
  * Deprecated (April 2026): gpt-5.1-codex-mini, gpt-5.1-codex-max, gpt-5.1-codex
  */
 const CODEX_MODELS = [
+  {
+    id: 'gpt-5.5-high',
+    cli_model: 'gpt-5.5',
+    extra_args: ['-c', 'model_reasoning_effort="high"'],
+    name: 'GPT-5.5 High',
+    tier: 'thorough',
+    tagline: 'Latest Deep',
+    description: 'Latest-generation GPT model with high reasoning effort for demanding PR reviews, strong code understanding, and careful cross-file analysis.',
+    badge: 'Recommended',
+    badgeClass: 'badge-recommended',
+    default: true
+  },
+  {
+    id: 'gpt-5.5-xhigh',
+    cli_model: 'gpt-5.5',
+    extra_args: ['-c', 'model_reasoning_effort="xhigh"'],
+    name: 'GPT-5.5 XHigh',
+    tier: 'thorough',
+    tagline: 'Frontier Depth',
+    description: 'GPT-5.5 with extra-high reasoning effort for the hardest reviews: architecture, concurrency, security-sensitive changes, and large codebase context.',
+    badge: 'Max Reasoning',
+    badgeClass: 'badge-power'
+  },
   {
     id: 'gpt-5.4-high',
     // Alias keeps results/councils saved under the previous bare `gpt-5.4`
@@ -45,9 +68,8 @@ const CODEX_MODELS = [
     tier: 'thorough',
     tagline: 'Deep Review',
     description: 'GPT-5.4 with high reasoning effort for complex multi-file reviews, architectural consistency, and subtle behavioral regressions.',
-    badge: 'Recommended',
-    badgeClass: 'badge-recommended',
-    default: true
+    badge: 'Previous Gen',
+    badgeClass: 'badge-power'
   },
   {
     id: 'gpt-5.4-xhigh',
@@ -60,28 +82,6 @@ const CODEX_MODELS = [
     badge: 'Extra High',
     badgeClass: 'badge-power'
   },
-  {
-    id: 'gpt-5.5-high',
-    cli_model: 'gpt-5.5',
-    extra_args: ['-c', 'model_reasoning_effort="high"'],
-    name: 'GPT-5.5 High',
-    tier: 'thorough',
-    tagline: 'Latest Deep',
-    description: 'Latest-generation GPT model with high reasoning effort for demanding PR reviews, strong code understanding, and careful cross-file analysis.',
-    badge: 'High Effort',
-    badgeClass: 'badge-power'
-  },
-  {
-    id: 'gpt-5.5-xhigh',
-    cli_model: 'gpt-5.5',
-    extra_args: ['-c', 'model_reasoning_effort="xhigh"'],
-    name: 'GPT-5.5 XHigh',
-    tier: 'thorough',
-    tagline: 'Frontier Depth',
-    description: 'GPT-5.5 with extra-high reasoning effort for the hardest reviews: architecture, concurrency, security-sensitive changes, and large codebase context.',
-    badge: 'Max Reasoning',
-    badgeClass: 'badge-power'
-  },
   {
     id: 'gpt-5.3-codex',
     name: 'GPT-5.3 Codex',
@@ -121,7 +121,7 @@ class CodexProvider extends AIProvider {
    * @param {Object} configOverrides.env - Additional environment variables
    * @param {Object[]} configOverrides.models - Custom model definitions
    */
-  constructor(model = 'gpt-5.4-high', configOverrides = {}) {
+  constructor(model = 'gpt-5.5-high', configOverrides = {}) {
     super(model);
 
     // Command precedence: ENV > config > default
@@ -149,9 +149,9 @@ class CodexProvider extends AIProvider {
     // 2. "read-only" prevents ALL shell commands including git-diff-lines
     // 3. The AI is instructed to only analyze code, not modify it
     //
-    // --full-auto: Non-interactive mode that auto-approves within sandbox bounds.
-    // Combined with workspace-write sandbox, this limits damage to the worktree only.
-    // Note: The -a flag is for interactive mode only; exec subcommand uses --full-auto.
+    // Newer Codex CLI versions deprecate --full-auto; `codex exec` is already
+    // non-interactive, and `--sandbox workspace-write` selects the required
+    // sandbox policy.
     //
     // Shell environment config:
     // - allow_login_shell=false: Prevents zsh from using -l flag, which would
@@ -164,7 +164,7 @@ class CodexProvider extends AIProvider {
     // (--dangerously-bypass-approvals-and-sandbox is the Codex CLI equivalent of Claude's --dangerously-skip-permissions)
     const sandboxArgs = configOverrides.yolo
       ? ['--dangerously-bypass-approvals-and-sandbox']
-      : ['--sandbox', 'workspace-write', '--full-auto'];
+      : ['--sandbox', 'workspace-write'];
     // Shell env args prevent login shell from reconstructing PATH (orthogonal to
     // sandbox permissions). Overridable via configOverrides.args following the
     // same two-tier pattern as chat-providers.js: args replaces, extra_args appends.
@@ -352,7 +352,7 @@ class CodexProvider extends AIProvider {
 
         if (code !== 0) {
           logger.error(`${levelPrefix} Codex CLI exited with code ${code}`);
-          settle(reject, new Error(`${levelPrefix} Codex CLI exited with code ${code}: ${stderr}`));
+          settle(reject, this.createExitError(code, stderr, levelPrefix));
           return;
         }
 
@@ -433,6 +433,37 @@ class CodexProvider extends AIProvider {
     });
   }
 
+  /**
+   * Build an actionable error for Codex CLI process failures.
+   *
+   * @param {number} code - Process exit code
+   * @param {string} stderr - Captured stderr
+   * @param {string} levelPrefix - Logging prefix
+   * @returns {Error}
+   */
+  createExitError(code, stderr, levelPrefix) {
+    const stderrText = stderr.trim();
+
+    if (this.isAuthError(stderrText)) {
+      return new Error(
+        `${levelPrefix} Codex CLI authentication failed. Check Codex CLI authentication and try again. ` +
+        `Original stderr: ${stderrText}`
+      );
+    }
+
+    return new Error(`${levelPrefix} Codex CLI exited with code ${code}: ${stderr}`);
+  }
+
+  /**
+   * Detect authentication failures reported by the Codex CLI.
+   *
+   * @param {string} stderr - Captured stderr
+   * @returns {boolean}
+   */
+  isAuthError(stderr) {
+    return /(?:401\s+Unauthorized|HTTP error:\s*401|Unauthorized)/i.test(stderr);
+  }
+
   /**
    * Parse Codex CLI JSONL response
    * Codex outputs JSONL with multiple event types:
@@ -664,7 +695,7 @@ class CodexProvider extends AIProvider {
 
     // Base args for extraction (read-only sandbox, no shell access needed)
     // Note: '-' (stdin marker) must come LAST, after any extra_args
-    const baseArgs = ['exec', '-m', cliModel, '--json', '--sandbox', 'read-only', '--full-auto'];
+    const baseArgs = ['exec', '-m', cliModel, '--json', '--sandbox', 'read-only'];
 
     // Append stdin marker '-' at the end after all other args
     return [...baseArgs, ...extraArgs, '-'];
@@ -790,7 +821,7 @@ class CodexProvider extends AIProvider {
   }
 
   static getDefaultModel() {
-    return 'gpt-5.4-high';
+    return 'gpt-5.5-high';
   }
 
   static getInstallInstructions() {

package/src/chat/api-reference.js

@@ -235,7 +235,7 @@ curl -s -X POST http://localhost:{{PORT}}/api/pr/OWNER/REPO/PR_NUMBER/analyses \
   -H 'Content-Type: application/json' \\
   -d '{
     "provider": "claude",
-    "model": "claude-sonnet-4-5-20250929",
+    "model": "claude-opus-4-7",
     "tier": "balanced",
     "customInstructions": "Focus on security issues."
   }'

package/src/chat/chat-providers.js

@@ -12,6 +12,7 @@ const logger = require('../utils/logger');
 
 // Default dependencies (overridable for testing)
 const defaults = { spawn };
+const CODEX_SANDBOX_MODES = new Set(['workspace-write', 'read-only']);
 
 /**
  * Built-in chat provider definitions.
@@ -68,6 +69,7 @@ const CHAT_PROVIDERS = {
     name: 'Codex (JSON-RPC)',
     type: 'codex',
     command: 'codex',
+    sandbox: 'workspace-write',
     // Shell environment config prevents zsh -l from reconstructing PATH,
     // ensuring git-diff-lines and other bin/ scripts remain findable.
     args: [
@@ -118,11 +120,17 @@ function getChatProvider(id) {
     };
     if (overrides.model) provider.model = overrides.model;
     if (overrides.provider) provider.provider = overrides.provider;
+    if (overrides.availability_command !== undefined) {
+      provider.availability_command = overrides.availability_command;
+    }
     if (overrides.extra_args && Array.isArray(overrides.extra_args)) {
       provider.args = [...provider.args, ...overrides.extra_args];
     }
     if (overrides.load_skills !== undefined) provider.load_skills = overrides.load_skills;
     if (overrides.app_extensions !== undefined) provider.app_extensions = overrides.app_extensions;
+    if (provider.type === 'codex' && overrides.sandbox !== undefined) {
+      provider.sandbox = normalizeCodexSandbox(overrides.sandbox, id);
+    }
     if (provider.command.includes(' ')) {
       provider.useShell = true;
     }
@@ -136,6 +144,9 @@ function getChatProvider(id) {
   if (overrides.command) merged.command = overrides.command;
   if (overrides.model) merged.model = overrides.model;
   if (overrides.provider) merged.provider = overrides.provider;
+  if (overrides.availability_command !== undefined) {
+    merged.availability_command = overrides.availability_command;
+  }
   if (overrides.env) merged.env = { ...merged.env, ...overrides.env };
   if (overrides.args) {
     merged.args = overrides.args;
@@ -146,6 +157,9 @@ function getChatProvider(id) {
   }
   if (overrides.load_skills !== undefined) merged.load_skills = overrides.load_skills;
   if (overrides.app_extensions !== undefined) merged.app_extensions = overrides.app_extensions;
+  if (base.type === 'codex' && overrides.sandbox !== undefined) {
+    merged.sandbox = normalizeCodexSandbox(overrides.sandbox, id);
+  }
   // For multi-word commands (e.g. "devx claude"), use shell mode
   if (merged.command && merged.command.includes(' ')) {
     merged.useShell = true;
@@ -153,6 +167,24 @@ function getChatProvider(id) {
   return merged;
 }
 
+/**
+ * Validate the small user-facing Codex sandbox config surface.
+ * @param {string} sandbox
+ * @param {string} providerId
+ * @returns {string}
+ */
+function normalizeCodexSandbox(sandbox, providerId = 'codex') {
+  if (CODEX_SANDBOX_MODES.has(sandbox)) {
+    return sandbox;
+  }
+
+  logger.warn(
+    `[ChatProviders] Invalid sandbox "${sandbox}" for ${providerId}; ` +
+    'falling back to workspace-write. Supported values: workspace-write, read-only.'
+  );
+  return 'workspace-write';
+}
+
 /**
  * Get all chat provider definitions (built-in + dynamic from config).
  * @returns {Array<Object>}
@@ -197,8 +229,10 @@ function isCodexProvider(id) {
 
 /**
  * Check availability of a single chat provider.
- * For Pi, delegates to the existing AI provider availability cache.
- * For ACP providers, spawns `<command> --version` to verify the binary exists.
+ * Providers with `availability_command` run that command first.
+ * Without an availability command, Pi delegates to the existing AI provider
+ * availability cache and other providers spawn `<command> --version` to verify
+ * the binary exists.
  * @param {string} id - Provider ID
  * @param {Object} [_deps] - Dependency overrides for testing
  * @returns {Promise<{available: boolean, error?: string}>}
@@ -209,6 +243,19 @@ async function checkChatProviderAvailability(id, _deps) {
     return { available: false, error: `Unknown provider: ${id}` };
   }
 
+  const deps = { ...defaults, ..._deps };
+
+  if (provider.availability_command) {
+    return runCommandAvailabilityCheck({
+      deps,
+      command: provider.availability_command,
+      args: [],
+      displayCommand: 'availability command',
+      shell: true,
+      env: provider.env,
+    });
+  }
+
   // Pi delegates to existing AI provider availability
   if (provider.type === 'pi') {
     const cached = getCachedAvailability('pi');
@@ -218,30 +265,61 @@ async function checkChatProviderAvailability(id, _deps) {
   // Codex uses the same binary-check pattern as ACP providers
   // (falls through to the spawn check below)
 
-  const deps = { ...defaults, ..._deps };
   const command = provider.command;
   const useShell = provider.useShell || false;
 
+  // For multi-word commands, use shell mode
+  const spawnCmd = useShell ? `${command} --version` : command;
+  const spawnArgs = useShell ? [] : ['--version'];
+  return runCommandAvailabilityCheck({
+    deps,
+    command: spawnCmd,
+    args: spawnArgs,
+    displayCommand: `${command} --version`,
+    shell: useShell,
+    env: provider.env,
+  });
+}
+
+/**
+ * Spawn a command and resolve based on its exit status. Shared by the
+ * configured `availability_command` path and the legacy `<command> --version`
+ * fallback.
+ *
+ * Notes on the option choices:
+ * - `stdio: ['ignore', 'ignore', 'ignore']` discards output so a verbose probe
+ *   cannot fill an OS pipe buffer and block while waiting for a reader.
+ * - `shell: true` allows multi-word configured commands to run through the
+ *   user's shell.
+ * - `once()` avoids leaking listeners or resolving twice if multiple child
+ *   process events fire.
+ * - `displayCommand` is used in error messages so user-configured shell strings
+ *   do not need to be printed verbatim.
+ *
+ * @param {{deps: {spawn: Function}, command: string, args: string[], displayCommand: string, shell: boolean, env?: Object}} opts
+ * @returns {Promise<{available: boolean, error?: string}>}
+ */
+function runCommandAvailabilityCheck({ deps, command, args, displayCommand, shell, env }) {
   return new Promise((resolve) => {
     try {
-      // For multi-word commands, use shell mode
-      const spawnCmd = useShell ? `${command} --version` : command;
-      const spawnArgs = useShell ? [] : ['--version'];
-      const proc = deps.spawn(spawnCmd, spawnArgs, {
-        stdio: ['ignore', 'pipe', 'pipe'],
+      const proc = deps.spawn(command, args, {
+        stdio: ['ignore', 'ignore', 'ignore'],
         timeout: 10000,
-        shell: useShell,
+        shell,
+        env: { ...process.env, ...(env || {}) },
       });
 
-      proc.on('error', (err) => {
+      proc.once('error', (err) => {
         resolve({ available: false, error: err.message });
       });
 
-      proc.on('close', (code) => {
+      proc.once('close', (code, signal) => {
         if (code === 0) {
           resolve({ available: true });
+        } else if (signal) {
+          resolve({ available: false, error: `${displayCommand} timed out or was terminated (${signal})` });
         } else {
-          resolve({ available: false, error: `${command} --version exited with code ${code}` });
+          resolve({ available: false, error: `${displayCommand} exited with code ${code}` });
         }
       });
     } catch (err) {