@kbediako/codex-orchestrator 0.1.37 → 0.2.0

package/dist/orchestrator/src/cli/codexDefaultsSetup.js

@@ -7,20 +7,19 @@ import { resolveCodexHome } from './utils/codexPaths.js';
 import { findPackageRoot } from './utils/packageInfo.js';
 import { writeAtomicFile } from '../utils/atomicWrite.js';
 const require = createRequire(import.meta.url);
-const toml = require('@iarna/toml');
-const canonicalize = require('canonicalize');
-export const BASELINE_MODEL = 'gpt-5.3-codex';
+let tomlLibrary;
+export const BASELINE_MODEL = 'gpt-5.4';
+export const BASELINE_REVIEW_MODEL = BASELINE_MODEL;
 export const BASELINE_REASONING = 'xhigh';
 export const BASELINE_REASONING_MINIMUM = 'high';
 export const BASELINE_AGENTS = {
     max_threads: 12,
-    max_depth: 4,
-    max_spawn_depth: 4
+    max_depth: 4
 };
 const ROLE_DEFINITIONS = [
     {
         key: 'explorer_fast',
-        description: 'Fast explorer (spark text-only).',
+        description: 'Fast explorer (spark file/codebase search only).',
         fileName: 'explorer-fast.toml',
         configFile: './agents/explorer-fast.toml',
         templatePath: join('templates', 'codex', '.codex', 'agents', 'explorer-fast.toml')
@@ -48,7 +47,7 @@ export async function runCodexDefaultsSetup(options = {}) {
     const roleDefinitions = await loadRoleDefinitions();
     const configState = await loadConfigState(plan.configPath);
     const nextConfig = mergeBaselineDefaults(configState.parsed, roleDefinitions);
-    const configChanged = canonicalize(configState.parsed) !== canonicalize(nextConfig);
+    const configChanged = canonicalizeConfigValue(configState.parsed) !== canonicalizeConfigValue(nextConfig);
     const roleChanges = await planRoleChanges(plan.agentsDir, force, roleDefinitions);
     if (!apply) {
         const changes = buildPlannedChanges({
@@ -65,7 +64,7 @@ export async function runCodexDefaultsSetup(options = {}) {
     }
     const changes = [];
     if (configChanged || !configState.exists) {
-        const rendered = `${toml.stringify(nextConfig)}\n`;
+        const rendered = `${getTomlLibrary().stringify(nextConfig)}\n`;
         await writeAtomicFile(plan.configPath, rendered, { ensureDir: true, encoding: 'utf8' });
         changes.push({
             target: 'config',
@@ -152,7 +151,7 @@ async function loadConfigState(configPath) {
     }
     const raw = await readFile(configPath, 'utf8');
     try {
-        const parsed = toml.parse(raw);
+        const parsed = getTomlLibrary().parse(raw);
         if (!isRecord(parsed)) {
             throw new Error('top-level TOML document must be a table.');
         }
@@ -163,14 +162,53 @@ async function loadConfigState(configPath) {
         throw new Error(`Failed to parse Codex config TOML at ${configPath}: ${reason}`);
     }
 }
+function getTomlLibrary() {
+    if (tomlLibrary) {
+        return tomlLibrary;
+    }
+    if (tomlLibrary === null) {
+        throw new Error('Failed to load @iarna/toml.');
+    }
+    try {
+        tomlLibrary = require('@iarna/toml');
+        return tomlLibrary;
+    }
+    catch (error) {
+        tomlLibrary = null;
+        throw error;
+    }
+}
+function canonicalizeConfigValue(value) {
+    if (value === null) {
+        return 'null';
+    }
+    if (typeof value === 'boolean' || typeof value === 'number' || typeof value === 'string') {
+        return JSON.stringify(value);
+    }
+    if (Array.isArray(value)) {
+        return `[${value.map((entry) => canonicalizeConfigValue(entry) ?? 'null').join(',')}]`;
+    }
+    if (value && typeof value === 'object') {
+        const entries = Object.entries(value)
+            .sort(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey))
+            .flatMap(([key, entry]) => {
+            const canonicalEntry = canonicalizeConfigValue(entry);
+            if (typeof canonicalEntry === 'undefined') {
+                return [];
+            }
+            return [`${JSON.stringify(key)}:${canonicalEntry}`];
+        });
+        return `{${entries.join(',')}}`;
+    }
+    return undefined;
+}
 function mergeBaselineDefaults(existing, roleDefinitions) {
     const next = structuredClone(existing);
     next.model = BASELINE_MODEL;
+    next.review_model = BASELINE_REVIEW_MODEL;
     next.model_reasoning_effort = BASELINE_REASONING;
     const agents = isRecord(next.agents) ? structuredClone(next.agents) : {};
     agents.max_threads = BASELINE_AGENTS.max_threads;
-    agents.max_depth = BASELINE_AGENTS.max_depth;
-    agents.max_spawn_depth = BASELINE_AGENTS.max_spawn_depth;
     for (const role of roleDefinitions) {
         const existingRole = isRecord(agents[role.key])
             ? structuredClone(agents[role.key])

package/dist/orchestrator/src/cli/config/delegationConfig.js

@@ -5,7 +5,7 @@ import { homedir } from 'node:os';
 import { dirname, isAbsolute, join, relative, resolve, sep } from 'node:path';
 import { logger } from '../../logger.js';
 const require = createRequire(import.meta.url);
-const toml = require('@iarna/toml');
+let tomlParser;
 const DEFAULT_ALLOWED_RUN_ROOTS = [];
 const DEFAULT_CONFIG = {
     delegate: {
@@ -60,6 +60,16 @@ const SOURCE_PRIORITY = {
     env: 3,
     cli: 4
 };
+const DELEGATION_CONFIG_ROOT_KEYS = new Set([
+    'delegate',
+    'rlm',
+    'runner',
+    'ui',
+    'github',
+    'paths',
+    'confirm',
+    'sandbox'
+]);
 export async function loadDelegationConfigFiles(options) {
     const env = options.env ?? process.env;
     const codexHome = options.codexHome ?? resolveCodexHome(env);
@@ -112,7 +122,7 @@ export function computeEffectiveDelegationConfig(options) {
             ...(merged.sandbox ?? {})
         }
     };
-    if (effective.delegate.mode !== 'full' && effective.delegate.mode !== 'question_only') {
+    if (effective.delegate.mode !== 'full' && effective.delegate.mode !== 'question_only' && effective.delegate.mode !== 'status_only') {
         effective.delegate.mode = defaults.delegate.mode;
     }
     const repoAllowedRoots = typeof repoLayer?.paths?.allowedRoots !== 'undefined' ? repoLayer.paths.allowedRoots : [options.repoRoot];
@@ -214,8 +224,7 @@ function mergeSection(base, update) {
 async function readTomlFile(path) {
     try {
         const raw = await readFile(path, 'utf8');
-        const parsed = toml.parse(raw);
-        return parsed;
+        return parseDelegationTomlConfig(raw);
     }
     catch (error) {
         if (error.code === 'ENOENT') {
@@ -477,9 +486,312 @@ export function parseDelegationConfigOverride(value, source) {
     if (!trimmed) {
         return null;
     }
-    const parsed = toml.parse(trimmed);
+    const parsed = parseDelegationTomlConfig(trimmed);
     if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
         return null;
     }
     return normalizeLayer(parsed, source);
 }
+function getTomlParser() {
+    if (typeof tomlParser !== 'undefined') {
+        return tomlParser;
+    }
+    try {
+        tomlParser = require('@iarna/toml');
+    }
+    catch {
+        tomlParser = null;
+    }
+    return tomlParser;
+}
+function parseDelegationTomlConfig(raw) {
+    const parser = getTomlParser();
+    if (parser) {
+        const parsed = parser.parse(raw);
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+            return parsed;
+        }
+        return {};
+    }
+    return parseDelegationTomlSubset(raw);
+}
+function parseDelegationTomlSubset(raw) {
+    const parsed = {};
+    let currentSection = [];
+    for (const line of raw.split(/\r?\n/u)) {
+        const trimmed = stripTomlComment(line).trim();
+        if (!trimmed) {
+            continue;
+        }
+        const tableMatch = trimmed.match(/^\[(.+)\]$/u);
+        if (tableMatch) {
+            const tablePath = parseTomlDottedPath(tableMatch[1] ?? '');
+            currentSection =
+                tablePath.length > 0 && DELEGATION_CONFIG_ROOT_KEYS.has(tablePath[0] ?? '')
+                    ? tablePath
+                    : null;
+            continue;
+        }
+        const separatorIndex = findTomlAssignmentSeparator(trimmed);
+        if (separatorIndex === -1) {
+            continue;
+        }
+        const keyPath = parseTomlDottedPath(trimmed.slice(0, separatorIndex));
+        if (keyPath.length === 0) {
+            continue;
+        }
+        if (currentSection === null) {
+            continue;
+        }
+        const fullPath = [...currentSection, ...keyPath];
+        if (!DELEGATION_CONFIG_ROOT_KEYS.has(fullPath[0] ?? '')) {
+            continue;
+        }
+        const parsedValue = parseTomlValue(trimmed.slice(separatorIndex + 1).trim());
+        if (typeof parsedValue === 'undefined') {
+            continue;
+        }
+        assignNestedTomlValue(parsed, fullPath, parsedValue);
+    }
+    return parsed;
+}
+function assignNestedTomlValue(target, pathSegments, value) {
+    let current = target;
+    for (let index = 0; index < pathSegments.length - 1; index += 1) {
+        const segment = pathSegments[index];
+        const existing = current[segment];
+        if (!existing || typeof existing !== 'object' || Array.isArray(existing)) {
+            current[segment] = {};
+        }
+        current = current[segment];
+    }
+    const leafKey = pathSegments[pathSegments.length - 1];
+    current[leafKey] = value;
+}
+function parseTomlDottedPath(raw) {
+    const segments = [];
+    let current = '';
+    let quote = null;
+    let escaping = false;
+    const flush = () => {
+        const normalized = normalizeTomlKeySegment(current);
+        if (normalized) {
+            segments.push(normalized);
+        }
+        current = '';
+    };
+    for (const character of raw.trim()) {
+        if (escaping) {
+            current += character;
+            escaping = false;
+            continue;
+        }
+        if (quote && character === '\\') {
+            current += character;
+            escaping = true;
+            continue;
+        }
+        if (character === '"' || character === '\'') {
+            if (quote === character) {
+                quote = null;
+            }
+            else if (!quote) {
+                quote = character;
+            }
+            current += character;
+            continue;
+        }
+        if (!quote && character === '.') {
+            flush();
+            continue;
+        }
+        current += character;
+    }
+    flush();
+    return segments;
+}
+function normalizeTomlKeySegment(raw) {
+    const trimmed = raw.trim();
+    if (!trimmed) {
+        return null;
+    }
+    if ((trimmed.startsWith('"') && trimmed.endsWith('"')) ||
+        (trimmed.startsWith('\'') && trimmed.endsWith('\''))) {
+        return decodeTomlString(trimmed);
+    }
+    return trimmed;
+}
+function parseTomlValue(raw) {
+    if (!raw) {
+        return undefined;
+    }
+    if ((raw.startsWith('"') && raw.endsWith('"')) ||
+        (raw.startsWith('\'') && raw.endsWith('\''))) {
+        return decodeTomlString(raw);
+    }
+    if (raw.startsWith('[') && raw.endsWith(']')) {
+        return splitTomlArrayEntries(raw.slice(1, -1)).map((entry) => parseTomlValue(entry));
+    }
+    if (raw === 'true') {
+        return true;
+    }
+    if (raw === 'false') {
+        return false;
+    }
+    const integer = parseTomlInteger(raw);
+    if (integer !== null) {
+        return integer;
+    }
+    const numeric = Number(raw);
+    if (Number.isFinite(numeric)) {
+        return numeric;
+    }
+    return undefined;
+}
+function parseTomlInteger(raw) {
+    const trimmed = raw.trim();
+    if (!trimmed) {
+        return null;
+    }
+    if (/^[+-]?(?:0|[1-9](?:_?\d)*)$/u.test(trimmed)) {
+        return Number.parseInt(trimmed.replace(/_/gu, ''), 10);
+    }
+    if (/^[+-]?0x[0-9a-f](?:_?[0-9a-f])*$/iu.test(trimmed)) {
+        return parseTomlBasedInteger(trimmed, /^([+-]?)0x/iu, 16);
+    }
+    if (/^[+-]?0o[0-7](?:_?[0-7])*$/iu.test(trimmed)) {
+        return parseTomlBasedInteger(trimmed, /^([+-]?)0o/iu, 8);
+    }
+    if (/^[+-]?0b[01](?:_?[01])*$/iu.test(trimmed)) {
+        return parseTomlBasedInteger(trimmed, /^([+-]?)0b/iu, 2);
+    }
+    return null;
+}
+function parseTomlBasedInteger(raw, prefixPattern, radix) {
+    const normalized = raw.replace(/_/gu, '');
+    const prefixMatch = normalized.match(prefixPattern);
+    if (!prefixMatch) {
+        return null;
+    }
+    const sign = prefixMatch[1] === '-' ? -1 : 1;
+    const digits = normalized.slice(prefixMatch[0].length);
+    return sign * Number.parseInt(digits, radix);
+}
+function splitTomlArrayEntries(raw) {
+    const entries = [];
+    let current = '';
+    let bracketDepth = 0;
+    let quote = null;
+    let escaping = false;
+    const flush = () => {
+        const trimmed = current.trim();
+        if (trimmed) {
+            entries.push(trimmed);
+        }
+        current = '';
+    };
+    for (const character of raw) {
+        if (escaping) {
+            current += character;
+            escaping = false;
+            continue;
+        }
+        if (quote && character === '\\') {
+            current += character;
+            escaping = true;
+            continue;
+        }
+        if (character === '"' || character === '\'') {
+            if (quote === character) {
+                quote = null;
+            }
+            else if (!quote) {
+                quote = character;
+            }
+            current += character;
+            continue;
+        }
+        if (!quote) {
+            if (character === '[') {
+                bracketDepth += 1;
+            }
+            else if (character === ']') {
+                bracketDepth = Math.max(0, bracketDepth - 1);
+            }
+            else if (character === ',' && bracketDepth === 0) {
+                flush();
+                continue;
+            }
+        }
+        current += character;
+    }
+    flush();
+    return entries;
+}
+function findTomlAssignmentSeparator(raw) {
+    let quote = null;
+    let escaping = false;
+    for (let index = 0; index < raw.length; index += 1) {
+        const character = raw[index];
+        if (escaping) {
+            escaping = false;
+            continue;
+        }
+        if (quote && character === '\\') {
+            escaping = true;
+            continue;
+        }
+        if (character === '"' || character === '\'') {
+            if (quote === character) {
+                quote = null;
+            }
+            else if (!quote) {
+                quote = character;
+            }
+            continue;
+        }
+        if (!quote && character === '=') {
+            return index;
+        }
+    }
+    return -1;
+}
+function decodeTomlString(raw) {
+    if (raw.startsWith('"') && raw.endsWith('"')) {
+        try {
+            return JSON.parse(raw);
+        }
+        catch {
+            return raw.slice(1, -1).replace(/\\\\/gu, '\\').replace(/\\"/gu, '"').replace(/\\'/gu, '\'');
+        }
+    }
+    return raw.slice(1, -1).replace(/\\'/gu, '\'');
+}
+function stripTomlComment(line) {
+    let quote = null;
+    let escaping = false;
+    for (let index = 0; index < line.length; index += 1) {
+        const character = line[index];
+        if (escaping) {
+            escaping = false;
+            continue;
+        }
+        if (quote && character === '\\') {
+            escaping = true;
+            continue;
+        }
+        if (character === '"' || character === '\'') {
+            if (quote === character) {
+                quote = null;
+            }
+            else if (!quote) {
+                quote = character;
+            }
+            continue;
+        }
+        if (!quote && character === '#') {
+            return line.slice(0, index);
+        }
+    }
+    return line;
+}

package/dist/orchestrator/src/cli/config/repoConfigPolicy.js

@@ -1,4 +1,3 @@
-import { join } from 'node:path';
 import process from 'node:process';
 export const REPO_CONFIG_REQUIRED_ENV_KEY = 'CODEX_ORCHESTRATOR_REPO_CONFIG_REQUIRED';
 const REPO_CONFIG_REQUIRED_TRUE_VALUES = new Set(['1', 'true', 'yes', 'on']);
@@ -13,10 +12,10 @@ export function isRepoConfigRequired(env = process.env) {
     }
     return REPO_CONFIG_REQUIRED_TRUE_VALUES.has(normalized);
 }
-export function formatRepoConfigRequiredError(repoRoot) {
+export function formatRepoConfigRequiredError(repoConfigPath) {
     return [
         `Repo-local codex.orchestrator.json is required when ${REPO_CONFIG_REQUIRED_ENV_KEY}=1.`,
-        `Expected: ${join(repoRoot, 'codex.orchestrator.json')}.`,
+        `Expected: ${repoConfigPath}.`,
         'Run `codex-orchestrator init codex` to scaffold repo-local config.'
     ].join(' ');
 }

package/dist/orchestrator/src/cli/config/userConfig.js

@@ -1,20 +1,11 @@
+import process from 'node:process';
 import { readFile } from 'node:fs/promises';
-import { join } from 'node:path';
+import { isAbsolute, join, resolve } from 'node:path';
 import { logger } from '../../logger.js';
 import { findPackageRoot } from '../utils/packageInfo.js';
+export const REPO_CONFIG_PATH_ENV_KEY = 'CODEX_ORCHESTRATOR_REPO_CONFIG_PATH';
 export async function loadRepoConfig(env, options = {}) {
-    const repoConfigPath = join(env.repoRoot, 'codex.orchestrator.json');
-    const repoConfig = await readConfig(repoConfigPath);
-    if (repoConfig) {
-        if (!options.quiet) {
-            logger.info(`[codex-config] Loaded user config from ${repoConfigPath}`);
-        }
-        return normalizeUserConfig(repoConfig, 'repo');
-    }
-    if (!options.quiet) {
-        logger.warn(`[codex-config] Missing codex.orchestrator.json at ${repoConfigPath}`);
-    }
-    return null;
+    return await loadRepoConfigFromPath(resolveRepoConfigPath(env, options.processEnv), options);
 }
 export async function loadPackageConfig(env, options = {}) {
     const repoConfigPath = join(env.repoRoot, 'codex.orchestrator.json');
@@ -45,6 +36,30 @@ export async function loadUserConfig(env, options = {}) {
     }
     return await loadPackageConfig(env, options);
 }
+export function resolveRepoConfigPath(env, runtimeEnv = process.env) {
+    const override = runtimeEnv[REPO_CONFIG_PATH_ENV_KEY];
+    if (typeof override !== 'string' || override.trim().length === 0) {
+        return join(env.repoRoot, 'codex.orchestrator.json');
+    }
+    const trimmed = override.trim();
+    return isAbsolute(trimmed) ? trimmed : resolve(env.repoRoot, trimmed);
+}
+export async function loadRepoConfigFromPath(repoConfigPath, options = {}) {
+    const repoConfig = await readConfig(repoConfigPath);
+    if (repoConfig) {
+        if (!options.quiet) {
+            logger.info(`[codex-config] Loaded user config from ${repoConfigPath}`);
+        }
+        return normalizeUserConfig(repoConfig, 'repo');
+    }
+    if (!options.quiet) {
+        logger.warn(`[codex-config] Missing codex.orchestrator.json at ${repoConfigPath}`);
+    }
+    return null;
+}
+export function parseUserConfigRaw(raw, source) {
+    return normalizeUserConfig(JSON.parse(raw), source);
+}
 export function findPipeline(config, id) {
     if (!config?.pipelines) {
         return null;

package/dist/orchestrator/src/cli/control/authenticatedControlRouteGate.js

@@ -0,0 +1,69 @@
+import { timingSafeEqual } from 'node:crypto';
+const CSRF_HEADER = 'x-csrf-token';
+export function admitAuthenticatedControlRoute(context) {
+    const auth = resolveAuthToken({
+        authorizationHeader: context.req.headers.authorization,
+        controlToken: context.controlToken,
+        isSessionTokenValid: context.isSessionTokenValid
+    });
+    if (!auth) {
+        writeGateError(context.res, 401, 'unauthorized');
+        return null;
+    }
+    if (requiresCsrfProtection(context.req.method) && !isCsrfValid(context.req, auth.token)) {
+        writeGateError(context.res, 403, 'csrf_invalid');
+        return null;
+    }
+    if (isRunnerOnlyEndpoint(context.pathname, context.req.method) && auth.kind !== 'control') {
+        writeGateError(context.res, 403, 'runner_only');
+        return null;
+    }
+    return auth;
+}
+function resolveAuthToken(input) {
+    const header = typeof input.authorizationHeader === 'string' ? input.authorizationHeader : null;
+    if (!header || !header.startsWith('Bearer ')) {
+        return null;
+    }
+    const token = header.slice('Bearer '.length);
+    if (safeTokenCompare(token, input.controlToken)) {
+        return { token, kind: 'control' };
+    }
+    if (input.isSessionTokenValid(token)) {
+        return { token, kind: 'session' };
+    }
+    return null;
+}
+function isCsrfValid(req, token) {
+    const header = req.headers[CSRF_HEADER];
+    if (!header) {
+        return false;
+    }
+    return safeTokenCompare(header, token);
+}
+function requiresCsrfProtection(method) {
+    const normalized = (method ?? 'GET').toUpperCase();
+    return normalized !== 'GET' && normalized !== 'HEAD';
+}
+function isRunnerOnlyEndpoint(pathname, method) {
+    if ((method ?? 'GET').toUpperCase() !== 'POST') {
+        return false;
+    }
+    const normalized = pathname.endsWith('/') && pathname !== '/' ? pathname.slice(0, -1) : pathname;
+    return (normalized === '/confirmations/issue' ||
+        normalized === '/confirmations/consume' ||
+        normalized === '/confirmations/validate' ||
+        normalized === '/delegation/register' ||
+        normalized === '/questions/enqueue' ||
+        normalized === '/security/violation');
+}
+function writeGateError(res, status, error) {
+    res.writeHead(status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error }));
+}
+function safeTokenCompare(left, right) {
+    if (left.length !== right.length) {
+        return false;
+    }
+    return timingSafeEqual(Buffer.from(left, 'utf8'), Buffer.from(right, 'utf8'));
+}