@kodelyth/codex 2026.5.42 → 2026.6.1

package/src/app-server/app-inventory-cache.test.ts

@@ -1,176 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import {
-  CodexAppInventoryCache,
-  buildCodexAppInventoryCacheKey,
-  serializeCodexAppInventoryError,
-} from "./app-inventory-cache.js";
-import type { v2 } from "./protocol.js";
-
-describe("Codex app inventory cache", () => {
-  it("returns missing while scheduling one coalesced app/list refresh", async () => {
-    const cache = new CodexAppInventoryCache({ ttlMs: 100 });
-    const request = vi.fn(async (_method: "app/list", params: v2.AppsListParams) => {
-      return {
-        data: [app(params.cursor ? "app-2" : "app-1")],
-        nextCursor: params.cursor ? null : "next",
-      } satisfies v2.AppsListResponse;
-    });
-
-    const key = buildCodexAppInventoryCacheKey({ codexHome: "/codex", authProfileId: "work" });
-    const read = cache.read({ key, request, nowMs: 0 });
-    expect(read.state).toBe("missing");
-    expect(read.refreshScheduled).toBe(true);
-
-    const snapshot = await cache.refreshNow({ key, request, nowMs: 0 });
-    expect(snapshot.apps.map((item) => item.id)).toEqual(["app-1", "app-2"]);
-    expect(request).toHaveBeenCalledTimes(2);
-
-    const fresh = cache.read({ key, request, nowMs: 50 });
-    expect(fresh.state).toBe("fresh");
-    expect(fresh.refreshScheduled).toBe(false);
-    expect(fresh.snapshot?.apps.map((item) => item.id)).toEqual(["app-1", "app-2"]);
-  });
-
-  it("can read missing inventory without scheduling app/list", async () => {
-    const cache = new CodexAppInventoryCache({ ttlMs: 100 });
-    const request = vi.fn(async () => {
-      return {
-        data: [app("app-1")],
-        nextCursor: null,
-      } satisfies v2.AppsListResponse;
-    });
-
-    const read = cache.read({
-      key: "runtime",
-      request,
-      suppressRefresh: true,
-    });
-
-    expect(read.state).toBe("missing");
-    expect(read.refreshScheduled).toBe(false);
-    expect(request).not.toHaveBeenCalled();
-  });
-
-  it("uses stale inventory for the current read while still refreshing asynchronously", async () => {
-    const cache = new CodexAppInventoryCache({ ttlMs: 10 });
-    const request = vi.fn(async () => {
-      return {
-        data: [app(`app-${request.mock.calls.length}`)],
-        nextCursor: null,
-      } satisfies v2.AppsListResponse;
-    });
-    const key = "runtime";
-    await cache.refreshNow({ key, request, nowMs: 0 });
-
-    const stale = cache.read({ key, request, nowMs: 11, suppressRefresh: true });
-    expect(stale.state).toBe("stale");
-    expect(stale.snapshot?.apps.map((item) => item.id)).toEqual(["app-1"]);
-    expect(stale.refreshScheduled).toBe(true);
-
-    const refreshed = await cache.refreshNow({ key, request, nowMs: 11 });
-    expect(refreshed.apps.map((item) => item.id)).toEqual(["app-2"]);
-  });
-
-  it("records refresh errors without discarding the last successful snapshot", async () => {
-    const cache = new CodexAppInventoryCache({ ttlMs: 1 });
-    const key = "runtime";
-    await cache.refreshNow({
-      key,
-      nowMs: 0,
-      request: async () => ({ data: [app("app-1")], nextCursor: null }),
-    });
-
-    await expect(
-      cache.refreshNow({
-        key,
-        nowMs: 2,
-        request: async () => {
-          throw new Error("app list failed");
-        },
-      }),
-    ).rejects.toThrow("app list failed");
-
-    const read = cache.read({
-      key,
-      nowMs: 2,
-      request: async () => ({ data: [app("app-2")], nextCursor: null }),
-    });
-    expect(read.snapshot?.apps.map((item) => item.id)).toEqual(["app-1"]);
-    expect(read.diagnostic?.message).toBe("app list failed");
-  });
-
-  it("omits challenge HTML when serializing app/list errors", () => {
-    const error = new Error(
-      'failed to list apps: Request failed with status 403 Forbidden: <html><script src="/backend-api/connectors/directory/list?__cf_chl_tk=secret-token"></script></html>',
-    );
-    const serialized = serializeCodexAppInventoryError(error);
-
-    expect(serialized.message).toBe(
-      "failed to list apps: Request failed with status 403 Forbidden: [HTML response body omitted]",
-    );
-  });
-
-  it("forces a post-install refresh past an older in-flight app/list", async () => {
-    const cache = new CodexAppInventoryCache({ ttlMs: 1_000 });
-    const key = "runtime";
-    let resolveStale: ((response: v2.AppsListResponse) => void) | undefined;
-    let resolveFresh: ((response: v2.AppsListResponse) => void) | undefined;
-    const request = vi.fn(
-      async (_method: "app/list", params: v2.AppsListParams): Promise<v2.AppsListResponse> => {
-        expect(params.forceRefetch).toBe(request.mock.calls.length === 2);
-        return await new Promise((resolve) => {
-          if (request.mock.calls.length === 1) {
-            resolveStale = resolve;
-          } else {
-            resolveFresh = resolve;
-          }
-        });
-      },
-    );
-
-    const staleRead = cache.read({ key, request, nowMs: 0 });
-    expect(staleRead.state).toBe("missing");
-    expect(staleRead.refreshScheduled).toBe(true);
-
-    cache.invalidate(key, "plugin installed", 1);
-    const forcedRead = cache.read({ key, request, nowMs: 1, forceRefetch: true });
-    expect(forcedRead.state).toBe("missing");
-    expect(forcedRead.refreshScheduled).toBe(true);
-    expect(request).toHaveBeenCalledTimes(2);
-
-    const forced = cache.refreshNow({ key, request, nowMs: 1 });
-    resolveFresh?.({ data: [app("fresh-app")], nextCursor: null });
-    await expect(forced).resolves.toStrictEqual({
-      key,
-      apps: [app("fresh-app")],
-      fetchedAtMs: 1,
-      expiresAtMs: 1_001,
-      revision: 2,
-    });
-
-    resolveStale?.({ data: [app("stale-app")], nextCursor: null });
-    await Promise.resolve();
-
-    const freshRead = cache.read({ key, request, nowMs: 2 });
-    expect(freshRead.state).toBe("fresh");
-    expect(freshRead.snapshot?.apps.map((item) => item.id)).toEqual(["fresh-app"]);
-  });
-});
-
-function app(id: string): v2.AppInfo {
-  return {
-    id,
-    name: id,
-    description: null,
-    logoUrl: null,
-    logoUrlDark: null,
-    distributionChannel: null,
-    branding: null,
-    appMetadata: null,
-    labels: null,
-    installUrl: null,
-    isAccessible: true,
-    isEnabled: true,
-    pluginDisplayNames: [],
-  };
-}

package/src/app-server/app-inventory-cache.ts

@@ -1,324 +0,0 @@
-import { embeddedAgentLog } from "klaw/plugin-sdk/agent-harness-runtime";
-import type { JsonValue, v2 } from "./protocol.js";
-
-export const CODEX_APP_INVENTORY_CACHE_TTL_MS = 60 * 60 * 1_000;
-const MAX_SERIALIZED_ERROR_MESSAGE_LENGTH = 500;
-
-export type CodexAppInventoryRequest = (
-  method: "app/list",
-  params: v2.AppsListParams,
-) => Promise<v2.AppsListResponse>;
-
-export type CodexAppInventoryCacheKeyInput = {
-  codexHome?: string;
-  endpoint?: string;
-  authProfileId?: string;
-  accountId?: string;
-  envApiKeyFingerprint?: string;
-  appServerVersion?: string;
-};
-
-export type CodexAppInventoryCacheDiagnostic = {
-  message: string;
-  atMs: number;
-};
-
-export type CodexAppInventorySnapshot = {
-  key: string;
-  apps: v2.AppInfo[];
-  fetchedAtMs: number;
-  expiresAtMs: number;
-  revision: number;
-  lastError?: CodexAppInventoryCacheDiagnostic;
-};
-
-export type CodexAppInventoryReadState = "fresh" | "stale" | "missing";
-
-export type CodexAppInventoryCacheRead = {
-  state: CodexAppInventoryReadState;
-  key: string;
-  revision: number;
-  snapshot?: CodexAppInventorySnapshot;
-  refreshScheduled: boolean;
-  diagnostic?: CodexAppInventoryCacheDiagnostic;
-};
-
-type CacheEntry = CodexAppInventorySnapshot & {
-  invalidated: boolean;
-};
-
-type RefreshParams = {
-  key: string;
-  request: CodexAppInventoryRequest;
-  nowMs?: number;
-  forceRefetch?: boolean;
-  suppressRefresh?: boolean;
-};
-
-export class CodexAppInventoryCache {
-  private readonly ttlMs: number;
-  private readonly entries = new Map<string, CacheEntry>();
-  private readonly inFlight = new Map<string, Promise<CodexAppInventorySnapshot>>();
-  // Per-key refresh generation. Each refresh attempt claims the next token so
-  // an older request that finishes late cannot overwrite a newer snapshot.
-  private readonly refreshTokens = new Map<string, number>();
-  private readonly diagnostics = new Map<string, CodexAppInventoryCacheDiagnostic>();
-  private revision = 0;
-
-  constructor(options: { ttlMs?: number } = {}) {
-    this.ttlMs = options.ttlMs ?? CODEX_APP_INVENTORY_CACHE_TTL_MS;
-  }
-
-  read(params: RefreshParams): CodexAppInventoryCacheRead {
-    const nowMs = params.nowMs ?? Date.now();
-    const entry = this.entries.get(params.key);
-    if (!entry) {
-      const refreshScheduled = params.suppressRefresh ? false : this.scheduleRefresh(params);
-      return {
-        state: "missing",
-        key: params.key,
-        revision: this.revision,
-        refreshScheduled,
-        ...(this.diagnostics.get(params.key)
-          ? { diagnostic: this.diagnostics.get(params.key) }
-          : {}),
-      };
-    }
-
-    const state: CodexAppInventoryReadState =
-      entry.invalidated || entry.expiresAtMs <= nowMs ? "stale" : "fresh";
-    const refreshScheduled =
-      state === "fresh" && !params.forceRefetch ? false : this.scheduleRefresh(params);
-    return {
-      state,
-      key: params.key,
-      revision: entry.revision,
-      snapshot: stripEntryState(entry),
-      refreshScheduled,
-      ...(entry.lastError ? { diagnostic: entry.lastError } : {}),
-    };
-  }
-
-  refreshNow(params: RefreshParams): Promise<CodexAppInventorySnapshot> {
-    return this.refresh(params);
-  }
-
-  invalidate(key: string, reason: string, nowMs = Date.now()): number {
-    this.revision += 1;
-    const diagnostic = { message: reason, atMs: nowMs };
-    const entry = this.entries.get(key);
-    if (entry) {
-      entry.invalidated = true;
-      entry.lastError = diagnostic;
-      entry.revision = this.revision;
-    } else {
-      this.diagnostics.set(key, diagnostic);
-    }
-    return this.revision;
-  }
-
-  clear(): void {
-    this.entries.clear();
-    this.inFlight.clear();
-    this.refreshTokens.clear();
-    this.diagnostics.clear();
-    this.revision = 0;
-  }
-
-  getRevision(): number {
-    return this.revision;
-  }
-
-  private scheduleRefresh(params: RefreshParams): boolean {
-    if (this.inFlight.has(params.key) && !params.forceRefetch) {
-      return true;
-    }
-    const promise = this.refresh(params);
-    this.inFlight.set(params.key, promise);
-    promise.catch(() => undefined);
-    return true;
-  }
-
-  private async refresh(params: RefreshParams): Promise<CodexAppInventorySnapshot> {
-    const existing = this.inFlight.get(params.key);
-    if (existing && !params.forceRefetch) {
-      return existing;
-    }
-
-    const refreshToken = (this.refreshTokens.get(params.key) ?? 0) + 1;
-    this.refreshTokens.set(params.key, refreshToken);
-    const promise = this.refreshUncoalesced(params, refreshToken);
-    this.inFlight.set(params.key, promise);
-    try {
-      return await promise;
-    } finally {
-      if (this.inFlight.get(params.key) === promise) {
-        this.inFlight.delete(params.key);
-      }
-    }
-  }
-
-  private async refreshUncoalesced(
-    params: RefreshParams,
-    refreshToken: number,
-  ): Promise<CodexAppInventorySnapshot> {
-    const nowMs = params.nowMs ?? Date.now();
-    try {
-      const apps = await listAllApps(params.request, params.forceRefetch ?? false);
-      this.revision += 1;
-      const snapshot: CodexAppInventorySnapshot = {
-        key: params.key,
-        apps,
-        fetchedAtMs: nowMs,
-        expiresAtMs: nowMs + this.ttlMs,
-        revision: this.revision,
-      };
-      // Only publish this snapshot if no newer refresh started for the same key
-      // while this request was in flight.
-      if (this.refreshTokens.get(params.key) === refreshToken) {
-        this.entries.set(params.key, { ...snapshot, invalidated: false });
-        this.diagnostics.delete(params.key);
-      }
-      return snapshot;
-    } catch (error) {
-      const diagnostic = {
-        message: sanitizeErrorMessage(error instanceof Error ? error.message : String(error)),
-        atMs: nowMs,
-      };
-      this.diagnostics.set(params.key, diagnostic);
-      const entry = this.entries.get(params.key);
-      if (entry) {
-        entry.lastError = diagnostic;
-      }
-      embeddedAgentLog.warn("codex app inventory refresh failed", {
-        forceRefetch: params.forceRefetch === true,
-        keyFingerprint: fingerprintInventoryCacheKey(params.key),
-        error: serializeCodexAppInventoryError(error),
-      });
-      throw error;
-    }
-  }
-}
-
-export function serializeCodexAppInventoryError(error: unknown): Record<string, unknown> {
-  const record = isRecord(error) ? error : undefined;
-  const data = record && "data" in record ? redactErrorData(record.data) : undefined;
-  return {
-    name:
-      error instanceof Error
-        ? error.name
-        : typeof record?.name === "string"
-          ? record.name
-          : undefined,
-    message: sanitizeErrorMessage(error instanceof Error ? error.message : String(error)),
-    ...(typeof record?.code === "number" ? { code: record.code } : {}),
-    ...(data !== undefined ? { data } : {}),
-  };
-}
-
-export const defaultCodexAppInventoryCache = new CodexAppInventoryCache();
-
-export function buildCodexAppInventoryCacheKey(input: CodexAppInventoryCacheKeyInput): string {
-  return JSON.stringify({
-    codexHome: input.codexHome ?? null,
-    endpoint: input.endpoint ?? null,
-    authProfileId: input.authProfileId ?? null,
-    accountId: input.accountId ?? null,
-    envApiKeyFingerprint: input.envApiKeyFingerprint ?? null,
-    appServerVersion: input.appServerVersion ?? null,
-  });
-}
-
-async function listAllApps(
-  request: CodexAppInventoryRequest,
-  forceRefetch: boolean,
-): Promise<v2.AppInfo[]> {
-  const apps: v2.AppInfo[] = [];
-  let cursor: string | null | undefined;
-  do {
-    const response = await request("app/list", {
-      cursor,
-      limit: 100,
-      forceRefetch,
-    });
-    apps.push(...response.data);
-    cursor = response.nextCursor;
-  } while (cursor);
-  return apps;
-}
-
-function stripEntryState(entry: CacheEntry): CodexAppInventorySnapshot {
-  const { invalidated: _invalidated, ...snapshot } = entry;
-  return snapshot;
-}
-
-function fingerprintInventoryCacheKey(key: string): string {
-  let hash = 0;
-  for (let index = 0; index < key.length; index += 1) {
-    hash = (hash * 31 + key.charCodeAt(index)) >>> 0;
-  }
-  return hash.toString(16).padStart(8, "0");
-}
-
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return Boolean(value && typeof value === "object" && !Array.isArray(value));
-}
-
-function redactErrorData(value: unknown, depth = 0): JsonValue | undefined {
-  if (value === undefined) {
-    return undefined;
-  }
-  if (value === null || typeof value === "boolean" || typeof value === "number") {
-    return value;
-  }
-  if (depth > 6) {
-    return "[truncated]";
-  }
-  if (Array.isArray(value)) {
-    return value.map((entry) => redactErrorData(entry, depth + 1) ?? null);
-  }
-  if (isRecord(value)) {
-    const redacted: Record<string, JsonValue> = {};
-    for (const [key, entry] of Object.entries(value)) {
-      redacted[key] = isSensitiveErrorDataKey(key)
-        ? "<redacted>"
-        : (redactErrorData(entry, depth + 1) ?? null);
-    }
-    return redacted;
-  }
-  if (typeof value === "string" && value.length > 500) {
-    return `${value.slice(0, 500)}...`;
-  }
-  if (typeof value === "string") {
-    return value;
-  }
-  if (typeof value === "bigint") {
-    return value.toString();
-  }
-  if (typeof value === "symbol") {
-    return value.description ? `Symbol(${value.description})` : "Symbol()";
-  }
-  if (typeof value === "function") {
-    return value.name ? `[function ${value.name}]` : "[function]";
-  }
-  return "[unserializable]";
-}
-
-function sanitizeErrorMessage(message: string): string {
-  const htmlStart = message.search(/<html[\s>]/i);
-  const withoutHtml =
-    htmlStart >= 0
-      ? `${message.slice(0, htmlStart).trimEnd()} [HTML response body omitted]`
-      : message;
-  const redacted = withoutHtml.replace(
-    /([?&][^=\s"'<>]*(?:api[_-]?key|authorization|cookie|credential|password|secret|token|tk)[^=\s"'<>]*=)[^&\s"'<>]+/gi,
-    "$1<redacted>",
-  );
-  return redacted.length > MAX_SERIALIZED_ERROR_MESSAGE_LENGTH
-    ? `${redacted.slice(0, MAX_SERIALIZED_ERROR_MESSAGE_LENGTH)}...`
-    : redacted;
-}
-
-function isSensitiveErrorDataKey(key: string): boolean {
-  return /api[_-]?key|authorization|cookie|credential|password|secret|token/i.test(key);
-}