@quantiya/codevibe-codex-plugin 1.0.14 → 1.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/hooks/common.sh +33 -0
- package/package.json +2 -2
package/hooks/common.sh
CHANGED
|
@@ -3,6 +3,39 @@
|
|
|
3
3
|
# Common utilities for CodeVibe Codex hooks
|
|
4
4
|
# Adapted from codevibe-claude-plugin/hooks/common.sh
|
|
5
5
|
|
|
6
|
+
# ─── Reviewer-subprocess short-circuit ───────────────────────────────
|
|
7
|
+
#
|
|
8
|
+
# When $QUORUM_REVIEWER_SUBPROCESS is set, the current `codex`
|
|
9
|
+
# invocation is a reviewer subprocess spawned by Quorum 2.0's
|
|
10
|
+
# `CodexReviewerProvider` (codevibe-core-rs/crates/codevibe-reviewer/
|
|
11
|
+
# src/providers/codex.rs). Reviewer subprocesses use
|
|
12
|
+
# `codex exec --sandbox read-only --ephemeral` and have their own
|
|
13
|
+
# ephemeral session id that MUST NOT interact with the user's
|
|
14
|
+
# primary Codex session state.
|
|
15
|
+
#
|
|
16
|
+
# Without this guard, every reviewer spawn would fire SessionStart →
|
|
17
|
+
# the plugin's resume/create logic creates a ghost backend session →
|
|
18
|
+
# mobile app shows phantom sessions. Worse, the in-memory
|
|
19
|
+
# session-key cache gets polluted and the primary session's
|
|
20
|
+
# subsequent events get encrypted with the wrong key → ciphertext on
|
|
21
|
+
# iOS. The same bug class was empirically observed on 2026-04-21
|
|
22
|
+
# with the Gemini provider and the same plugin pattern; this guard
|
|
23
|
+
# prevents the same bug class for Codex.
|
|
24
|
+
#
|
|
25
|
+
# `common.sh` is sourced by every hook script (session-start.sh,
|
|
26
|
+
# user-prompt.sh, pre-tool-use.sh, post-tool-use.sh, stop.sh), so
|
|
27
|
+
# `exit 0` here propagates to the hook script — Codex CLI sees a
|
|
28
|
+
# clean hook success and continues normally. Zero-impact for normal
|
|
29
|
+
# user sessions (the env var is never set in the 1.0 code path).
|
|
30
|
+
#
|
|
31
|
+
# This change belongs on 1.0 main because it protects the 1.0
|
|
32
|
+
# primary-session-isolation invariant. The env var name is the same
|
|
33
|
+
# `QUORUM_*` scope used by the Claude and Gemini plugins' matching
|
|
34
|
+
# guards.
|
|
35
|
+
if [ -n "$QUORUM_REVIEWER_SUBPROCESS" ]; then
|
|
36
|
+
exit 0
|
|
37
|
+
fi
|
|
38
|
+
|
|
6
39
|
CODEVIBE_TMPDIR="${TMPDIR:-/tmp}"
|
|
7
40
|
LOG_FILE="${LOG_FILE:-${CODEVIBE_TMPDIR}/codevibe-codex-hooks.log}"
|
|
8
41
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@quantiya/codevibe-codex-plugin",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.16",
|
|
4
4
|
"description": "Control OpenAI Codex CLI from your iPhone and Android — real-time sync, approve file edits, send prompts by voice. Part of CodeVibe.",
|
|
5
5
|
"main": "dist/server.js",
|
|
6
6
|
"bin": {
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"node": ">=18.0.0"
|
|
48
48
|
},
|
|
49
49
|
"dependencies": {
|
|
50
|
-
"@quantiya/codevibe-core": "^1.0.
|
|
50
|
+
"@quantiya/codevibe-core": "^1.0.14",
|
|
51
51
|
"chokidar": "^4.0.0",
|
|
52
52
|
"dotenv": "^16.6.1",
|
|
53
53
|
"express": "^5.1.0",
|