@seqyuan/annodex 0.1.53 → 0.1.54

package/bin/annodex.js

@@ -27,6 +27,7 @@ const https = require("https");
 const { randomBytes } = require("crypto");
 // eslint-disable-next-line @typescript-eslint/no-require-imports
 const { readAppSettings, ensureAppSettings } = require("../lib/app-settings.js");
+const macosCodexSecurity = require("../lib/macos-codex-security.js");
 
 const pkgDir = path.join(__dirname, "..");
 const nextDir = path.join(pkgDir, ".next");
@@ -82,6 +83,7 @@ const { values: cliArgs, positionals } = parseArgs({
     hostname: { type: "string", short: "H" },
     json:     { type: "boolean" },
     follow:   { type: "boolean", short: "f" },
+    repair:   { type: "boolean" },
     version:  { type: "boolean", short: "v" },
     help:     { type: "boolean", short: "h" },
   },
@@ -719,6 +721,298 @@ function spawnDetachedServer(extraEnv = {}, overridePort, overrideHost) {
   return child;
 }
 
+
+function commandOutput(command, args, options = {}) {
+  try {
+    const result = spawnSync(command, args, {
+      encoding: "utf8",
+      timeout: options.timeout ?? 5000,
+      windowsHide: true,
+      ...options,
+    });
+    return {
+      ok: result.status === 0,
+      status: result.status,
+      signal: result.signal,
+      stdout: (result.stdout || "").trim(),
+      stderr: (result.stderr || "").trim(),
+      error: result.error ? result.error.message : null,
+    };
+  } catch (error) {
+    return { ok: false, status: null, signal: null, stdout: "", stderr: "", error: error instanceof Error ? error.message : String(error) };
+  }
+}
+
+function getNpmPrefix() {
+  const npm = process.platform === "win32" ? "npm.cmd" : "npm";
+  const result = commandOutput(npm, ["prefix", "-g"], { timeout: 3000 });
+  return result.ok && result.stdout ? result.stdout.split(/\r?\n/)[0].trim() : null;
+}
+
+function codexPackageInfo() {
+  const platform = process.platform;
+  const arch = process.arch;
+  let pkgName = null;
+  let triple = null;
+  if (platform === "darwin") {
+    if (arch === "arm64") { pkgName = "codex-darwin-arm64"; triple = "aarch64-apple-darwin"; }
+    else if (arch === "x64") { pkgName = "codex-darwin-x64"; triple = "x86_64-apple-darwin"; }
+  } else if (platform === "linux") {
+    if (arch === "arm64") { pkgName = "codex-linux-arm64"; triple = "aarch64-unknown-linux-musl"; }
+    else if (arch === "x64") { pkgName = "codex-linux-x64"; triple = "x86_64-unknown-linux-musl"; }
+  } else if (platform === "win32") {
+    if (arch === "arm64") { pkgName = "codex-win32-arm64"; triple = "aarch64-pc-windows-msvc"; }
+    else if (arch === "x64") { pkgName = "codex-win32-x64"; triple = "x86_64-pc-windows-msvc"; }
+  }
+  return { pkgName, triple, binaryName: platform === "win32" ? "codex.exe" : "codex" };
+}
+
+function resolveCodexNativeCandidates() {
+  const { pkgName, triple, binaryName } = codexPackageInfo();
+  if (!pkgName || !triple) return [];
+  const roots = [
+    path.join(process.cwd(), "node_modules"),
+    path.join(pkgDir, "node_modules"),
+  ];
+  const npmPrefix = getNpmPrefix();
+  if (npmPrefix) roots.push(path.join(npmPrefix, "lib", "node_modules"));
+  const installedDir = getInstalledPackageDir();
+  roots.push(path.join(installedDir, "node_modules"));
+  roots.push(path.join(installedDir, "..", "..", "node_modules"));
+  const seen = new Set();
+  const out = [];
+  const subPaths = [
+    path.join("vendor", triple, "bin", binaryName),
+    path.join("vendor", triple, "codex", binaryName),
+  ];
+  for (const root of roots) {
+    for (const layout of ["flat", "nested"]) {
+      const pkgRoot = layout === "flat"
+        ? path.join(root, "@openai", pkgName)
+        : path.join(root, "@openai", "codex", "node_modules", "@openai", pkgName);
+      for (const sub of subPaths) {
+        const candidate = path.join(pkgRoot, sub);
+        if (seen.has(candidate)) continue;
+        seen.add(candidate);
+        if (fs.existsSync(candidate)) out.push(candidate);
+      }
+    }
+  }
+  return out;
+}
+
+function resolveCodexShimCandidates() {
+  const names = process.platform === "win32" ? ["codex.cmd", "codex.exe", "codex"] : ["codex"];
+  const dirs = [path.join(process.cwd(), "node_modules", ".bin"), path.join(pkgDir, "node_modules", ".bin")];
+  const npmPrefix = getNpmPrefix();
+  if (npmPrefix) dirs.push(process.platform === "win32" ? npmPrefix : path.join(npmPrefix, "bin"));
+  const installedDir = getInstalledPackageDir();
+  dirs.push(path.join(installedDir, "node_modules", ".bin"));
+  dirs.push(path.join(installedDir, "..", "..", ".bin"));
+  const seen = new Set();
+  const out = [];
+  for (const dir of dirs) {
+    for (const name of names) {
+      const candidate = path.join(dir, name);
+      if (!seen.has(candidate) && fs.existsSync(candidate)) {
+        seen.add(candidate);
+        out.push(candidate);
+      }
+    }
+  }
+  const which = commandOutput(process.platform === "win32" ? "where" : "which", ["codex"], { timeout: 3000 });
+  if (which.ok && which.stdout) {
+    for (const line of which.stdout.split(/\r?\n/).map((v) => v.trim()).filter(Boolean)) {
+      if (!seen.has(line) && fs.existsSync(line)) {
+        seen.add(line);
+        out.push(line);
+      }
+    }
+  }
+  return out;
+}
+
+function xattrInfo(target) {
+  if (process.platform !== "darwin" || !target) return null;
+  const result = commandOutput("xattr", [target], { timeout: 3000 });
+  return {
+    ok: result.ok,
+    hasQuarantine: /com\.apple\.quarantine/.test(result.stdout),
+    attributes: result.stdout ? result.stdout.split(/\r?\n/).filter(Boolean) : [],
+    error: result.ok ? null : (result.stderr || result.error),
+  };
+}
+
+function spctlAssess(target) {
+  if (process.platform !== "darwin" || !target) return null;
+  const result = commandOutput("spctl", ["--assess", "--verbose", target], { timeout: 5000 });
+  return {
+    accepted: result.ok || /accepted/i.test(`${result.stdout}\n${result.stderr}`),
+    status: result.status,
+    output: `${result.stdout}${result.stderr ? `\n${result.stderr}` : ""}`.trim(),
+    error: result.error,
+  };
+}
+
+function selectedCodexPath(nativeCandidates, shimCandidates) {
+  const envPath = process.env.ANNODEX_CODEX_PATH?.trim();
+  if (envPath) return { path: envPath, source: "ANNODEX_CODEX_PATH", exists: fs.existsSync(envPath) };
+  if (nativeCandidates[0]) return { path: nativeCandidates[0], source: "native-candidate", exists: true };
+  if (shimCandidates[0]) return { path: shimCandidates[0], source: "shim-candidate", exists: true };
+  return { path: process.platform === "win32" ? "codex.cmd" : "codex", source: "PATH fallback", exists: null };
+}
+
+function detectMacOSVersion() {
+  if (process.platform !== "darwin") return null;
+  const result = commandOutput("sw_vers", ["-productVersion"], { timeout: 3000 });
+  return result.ok ? result.stdout : null;
+}
+
+function macOSProtectedLocationInfo(targetPath) {
+  if (process.platform !== "darwin" || !targetPath) return null;
+  const real = safeRealpath(targetPath);
+  const home = os.homedir();
+  const protectedRoots = [
+    { label: "Desktop", path: path.join(home, "Desktop") },
+    { label: "Documents", path: path.join(home, "Documents") },
+    { label: "Downloads", path: path.join(home, "Downloads") },
+    { label: "iCloud Drive", path: path.join(home, "Library", "Mobile Documents") },
+  ];
+  const match = protectedRoots.find((root) => isPathInside(real, root.path));
+  return {
+    path: real,
+    inProtectedLocation: Boolean(match),
+    root: match?.label ?? null,
+  };
+}
+
+function runDoctor(json = false, repair = false) {
+  const nativeCandidates = resolveCodexNativeCandidates();
+  const shimCandidates = resolveCodexShimCandidates();
+  const selected = selectedCodexPath(nativeCandidates, shimCandidates);
+  const selectedReal = selected.exists ? safeRealpath(selected.path) : selected.path;
+
+  let repairResults = null;
+  if (repair && process.platform === "darwin") {
+    macosCodexSecurity.clearMacOSQuarantine(process.cwd());
+    const repairPaths = [...new Set([
+      ...nativeCandidates,
+      selected.exists ? selected.path : null,
+    ].filter(Boolean))];
+    repairResults = macosCodexSecurity.repairMacOSCodexPaths(repairPaths);
+    if (!json) {
+      console.log("repair:");
+      for (const item of repairResults) {
+        if (item.skipped) {
+          console.log(`- ${item.path}: skipped (no revoked cert)`);
+        } else {
+          console.log(`- ${item.path}: ${item.repair?.ok ? "repaired" : "failed"}`);
+        }
+      }
+      console.log("");
+    }
+  }
+
+  const transport = (process.env.ANNODEX_CODEX_TRANSPORT || "auto").toLowerCase();
+  const resolvedTransport = transport === "ws" || transport === "stdio" ? transport : (process.platform === "linux" ? "ws" : "stdio");
+  const versionProbe = selected.path
+    ? commandOutput(selected.path, ["--version"], { timeout: 15000 })
+    : null;
+  const report = {
+    annodex: { version: VERSION, packageName: PKG_NAME, packageDir: pkgDir, installedPackageDir: getInstalledPackageDir() },
+    platform: { platform: process.platform, arch: process.arch, macOSVersion: detectMacOSVersion() },
+    node: { version: process.version, execPath: process.execPath, cwd: process.cwd() },
+    appBundle: { enabled: process.env.ANNODEX_APP_BUNDLE === "1", env: process.env.ANNODEX_APP_BUNDLE || null },
+    workspace: {
+      packageDir: safeRealpath(pkgDir),
+      cwd: safeRealpath(process.cwd()),
+      packageDirMacOSProtection: macOSProtectedLocationInfo(pkgDir),
+      cwdMacOSProtection: macOSProtectedLocationInfo(process.cwd()),
+    },
+    config: { configDir: agentDir, logFile, npmPrefix: getNpmPrefix() },
+    transport: { requested: process.env.ANNODEX_CODEX_TRANSPORT || "auto", resolved: resolvedTransport },
+    codex: {
+      envPath: process.env.ANNODEX_CODEX_PATH || null,
+      selected: { ...selected, realpath: selectedReal },
+      nativeCandidates,
+      shimCandidates,
+      selectedXattr: xattrInfo(selected.exists ? selected.path : null),
+      selectedCodesign: selected.exists
+        ? macosCodexSecurity.codesignVerify(selected.path)
+        : null,
+      selectedSpctl: spctlAssess(selected.exists ? selected.path : null),
+      versionProbe: versionProbe ? {
+        ok: versionProbe.ok,
+        status: versionProbe.status,
+        signal: versionProbe.signal,
+        stdout: versionProbe.stdout,
+        stderr: versionProbe.stderr,
+        error: versionProbe.error,
+      } : null,
+    },
+    recommendations: [],
+    repair: repairResults,
+  };
+  if (process.platform === "darwin") {
+    if (!report.appBundle.enabled) report.recommendations.push("macOS: not launched from Annodex.app; CLI mode is diagnostic/advanced until the launcher PoC is validated.");
+    if (report.appBundle.enabled && report.workspace.packageDirMacOSProtection?.inProtectedLocation) {
+      report.recommendations.push(`macOS: Annodex.app is reading source/runtime files from ${report.workspace.packageDirMacOSProtection.root}. Finder-launched apps may hit TCC EPERM there. Move the repo/runtime outside protected folders or bundle the runtime into Annodex.app before evaluating launcher viability.`);
+    }
+    if (report.codex.selectedXattr?.hasQuarantine) report.recommendations.push("macOS: selected codex path has com.apple.quarantine. Run `annodex doctor --repair` or restart annodex (xattr is cleared automatically on codex spawn).");
+    if (report.codex.selectedCodesign?.revoked || (report.codex.selectedSpctl?.output && macosCodexSecurity.needsRevokedCertRepair(report.codex.selectedSpctl.output))) {
+      report.recommendations.push("macOS: codex binary has a revoked Developer ID signature (CSSMERR_TP_CERT_REVOKED). Run `annodex doctor --repair` to strip and apply ad-hoc signing, then retry codex --version.");
+    } else if (report.codex.selectedSpctl && !report.codex.selectedSpctl.accepted && versionProbe && !versionProbe.ok) {
+      report.recommendations.push("macOS: spctl assessment did not accept the selected codex binary and codex --version failed. Try `annodex doctor --repair` for ad-hoc signing.");
+    }
+  }
+  if (report.codex.selected.exists === false) report.recommendations.push("ANNODEX_CODEX_PATH is set but does not exist. Fix or unset it.");
+  if (versionProbe && !versionProbe.ok) report.recommendations.push("codex --version probe failed. Check the selected codex path and macOS security dialogs/logs.");
+
+  if (json) {
+    console.log(JSON.stringify(report, null, 2));
+    return versionProbe && !versionProbe.ok ? 1 : 0;
+  }
+  console.log(`annodex doctor v${VERSION}`);
+  console.log(`platform: ${process.platform}/${process.arch}${report.platform.macOSVersion ? ` macOS ${report.platform.macOSVersion}` : ""}`);
+  console.log(`node: ${process.version} ${process.execPath}`);
+  console.log(`app bundle: ${report.appBundle.enabled ? "yes" : "no"}`);
+  if (report.workspace.packageDirMacOSProtection?.inProtectedLocation) {
+    console.log(`package dir protection: ${report.workspace.packageDirMacOSProtection.root}`);
+  }
+  if (report.workspace.cwdMacOSProtection?.inProtectedLocation) {
+    console.log(`cwd protection: ${report.workspace.cwdMacOSProtection.root}`);
+  }
+  console.log(`config dir: ${agentDir}`);
+  console.log(`transport: requested=${report.transport.requested} resolved=${report.transport.resolved}`);
+  console.log(`codex selected: ${selected.path} (${selected.source}, exists=${selected.exists})`);
+  if (selectedReal && selectedReal !== selected.path) console.log(`codex realpath: ${selectedReal}`);
+  console.log(`native candidates: ${nativeCandidates.length ? nativeCandidates.join("; ") : "none"}`);
+  console.log(`shim candidates: ${shimCandidates.length ? shimCandidates.join("; ") : "none"}`);
+  if (report.codex.selectedXattr) {
+    console.log(`xattr quarantine: ${report.codex.selectedXattr.hasQuarantine ? "yes" : "no"}`);
+    if (report.codex.selectedXattr.attributes.length) console.log(`xattr attributes: ${report.codex.selectedXattr.attributes.join(", ")}`);
+  }
+  if (report.codex.selectedCodesign) {
+    console.log(`codesign verify: ${report.codex.selectedCodesign.ok ? "ok" : "failed"}${report.codex.selectedCodesign.revoked ? " (revoked cert)" : ""}`);
+    if (report.codex.selectedCodesign.output) console.log(`codesign output: ${report.codex.selectedCodesign.output}`);
+  }
+  if (report.codex.selectedSpctl) {
+    console.log(`spctl accepted: ${report.codex.selectedSpctl.accepted ? "yes" : "no"}`);
+    if (report.codex.selectedSpctl.output) console.log(`spctl output: ${report.codex.selectedSpctl.output}`);
+  }
+  if (versionProbe) {
+    console.log(`codex --version: ${versionProbe.ok ? "ok" : "failed"}${versionProbe.signal ? ` signal=${versionProbe.signal}` : ""}`);
+    if (versionProbe.stdout) console.log(`  stdout: ${versionProbe.stdout}`);
+    if (versionProbe.stderr) console.log(`  stderr: ${versionProbe.stderr}`);
+    if (versionProbe.error) console.log(`  error: ${versionProbe.error}`);
+  }
+  if (report.recommendations.length) {
+    console.log("recommendations:");
+    for (const item of report.recommendations) console.log(`- ${item}`);
+  }
+  return versionProbe && !versionProbe.ok ? 1 : 0;
+}
+
 if (cliArgs.version) {
   console.log(VERSION);
   process.exit(0);
@@ -734,6 +1028,7 @@ Usage:
   annodex stop           Stop background annodex
   annodex status [--json] Show background server status
   annodex logs [-f]      Show background server logs
+  annodex doctor [--json] [--repair] Diagnose local codex/runtime setup
   annodex passwd          Set or change password (empty = disable auth)
   annodex update          Update to the latest version
 
@@ -749,6 +1044,10 @@ Options:
 }
 
 const firstPos = positionals[0];
+if (firstPos === "doctor") {
+  process.exit(runDoctor(cliArgs.json, cliArgs.repair));
+}
+
 if (firstPos === "status") {
   const json = cliArgs.json;
   staleStateRemoved();

package/lib/macos-codex-security.js

@@ -0,0 +1,316 @@
+"use strict";
+/* eslint-disable @typescript-eslint/no-require-imports */
+
+/**
+ * macOS Gatekeeper helpers for the vendored @openai/codex native binary.
+ *
+ * npm-installed codex may carry com.apple.quarantine and/or a Developer ID
+ * signature whose certificate chain was revoked. The latter can cause macOS
+ * to SIGKILL the process immediately (CSSMERR_TP_CERT_REVOKED). Stripping the
+ * broken signature and applying ad-hoc signing (--sign -) downgrades the
+ * failure to a first-run Gatekeeper dialog (right-click → Open), matching the
+ * hermes-agent Electron recovery pattern.
+ */
+
+const { spawnSync, execSync } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+
+const CODESIGN = "/usr/bin/codesign";
+const SPCTL = "/usr/sbin/spctl";
+
+/** Avoid repeating signature checks on every codex spawn in one process. */
+function getPreparedRegistry() {
+  if (!globalThis.__annodexCodexPreparedBinaries) {
+    globalThis.__annodexCodexPreparedBinaries = new Map();
+  }
+  return globalThis.__annodexCodexPreparedBinaries;
+}
+
+const preparingBinaries = new Set();
+
+function isBinaryPrepared(binaryPath) {
+  const mtime = binaryMtimeMs(binaryPath);
+  return mtime !== null && getPreparedRegistry().get(binaryPath) === mtime;
+}
+
+function markBinaryPrepared(binaryPath) {
+  const mtime = binaryMtimeMs(binaryPath);
+  if (mtime !== null) getPreparedRegistry().set(binaryPath, mtime);
+}
+
+let quarantineClearedForCwd = null;
+
+function isDarwin() {
+  return process.platform === "darwin";
+}
+
+function codesignOutput(result) {
+  return `${result.stdout || ""}${result.stderr || ""}`.trim();
+}
+
+function needsRevokedCertRepair(text) {
+  return /CSSMERR_TP_CERT_REVOKED/i.test(text || "");
+}
+
+function binaryMtimeMs(binaryPath) {
+  try {
+    return fs.statSync(binaryPath).mtimeMs;
+  } catch {
+    return null;
+  }
+}
+
+function spctlAssess(binaryPath, timeoutMs = 10_000) {
+  if (!isDarwin() || !binaryPath || !fs.existsSync(binaryPath)) {
+    return { accepted: false, output: "", error: "missing binary" };
+  }
+  const result = spawnSync(SPCTL, ["--assess", "--verbose", binaryPath], {
+    encoding: "utf8",
+    timeout: timeoutMs,
+  });
+  const output = codesignOutput(result);
+  const timedOut = result.error && /timed out/i.test(result.error.message || "");
+  return {
+    accepted: result.status === 0 || /accepted/i.test(output),
+    revoked: needsRevokedCertRepair(output),
+    timedOut,
+    output,
+    status: result.status,
+    error: result.error ? result.error.message : null,
+  };
+}
+
+function codesignVerify(binaryPath, { timeoutMs = 5_000 } = {}) {
+  if (!isDarwin() || !binaryPath || !fs.existsSync(binaryPath)) {
+    return { ok: false, revoked: false, output: "", error: "missing binary" };
+  }
+  const result = spawnSync(CODESIGN, ["--verify", "--strict", "--verbose=4", binaryPath], {
+    encoding: "utf8",
+    timeout: timeoutMs,
+  });
+  const output = codesignOutput(result);
+  return {
+    ok: result.status === 0,
+    revoked: needsRevokedCertRepair(output),
+    output,
+    status: result.status,
+    error: result.error ? result.error.message : null,
+  };
+}
+
+/** Fast spawn-path check — only detect revoked certs (not full strict verify). */
+function needsRepairBeforeSpawn(binaryPath) {
+  const result = spawnSync(CODESIGN, ["--verify", binaryPath], {
+    encoding: "utf8",
+    timeout: 3_000,
+  });
+  return needsRevokedCertRepair(codesignOutput(result));
+}
+
+function shouldRepairCodexBinary(binaryPath) {
+  const verify = codesignVerify(binaryPath);
+  if (verify.revoked || !verify.ok) return true;
+  const spctl = spctlAssess(binaryPath, 10_000);
+  return spctl.revoked;
+}
+
+function repairCodexBinaryAdHoc(binaryPath) {
+  if (!isDarwin() || !binaryPath || !fs.existsSync(binaryPath)) {
+    return { ok: false, output: "", error: "missing binary" };
+  }
+  spawnSync(CODESIGN, ["--remove-signature", binaryPath], {
+    encoding: "utf8",
+    timeout: 10_000,
+  });
+  const sign = spawnSync(CODESIGN, ["--force", "--sign", "-", binaryPath], {
+    encoding: "utf8",
+    timeout: 10_000,
+  });
+  const output = codesignOutput(sign);
+  return {
+    ok: sign.status === 0,
+    output,
+    error: sign.error ? sign.error.message : null,
+  };
+}
+
+function collectCodexXattrTargets(cwd) {
+  const targets = [];
+  const workDir = cwd || process.cwd();
+
+  const localPkg = path.join(workDir, "node_modules", "@openai", "codex");
+  if (fs.existsSync(localPkg)) targets.push(localPkg);
+
+  let annodexRoot = null;
+  try {
+    annodexRoot = path.join(__dirname, "..");
+  } catch {
+    // bundled build
+  }
+
+  try {
+    const npmPrefix = execSync("npm prefix -g", { encoding: "utf8", timeout: 3000 }).trim();
+    if (npmPrefix) {
+      const globalPkg = path.join(npmPrefix, "lib", "node_modules", "@openai", "codex");
+      if (fs.existsSync(globalPkg)) targets.push(globalPkg);
+      const binShim = path.join(npmPrefix, "bin", "codex");
+      if (fs.existsSync(binShim)) targets.push(binShim);
+    }
+  } catch {
+    // npm not available
+  }
+
+  if (annodexRoot) {
+    const annodexPkg = path.join(annodexRoot, "..", "..", "node_modules", "@openai", "codex");
+    if (fs.existsSync(annodexPkg) && !targets.includes(annodexPkg)) targets.push(annodexPkg);
+  }
+
+  return targets;
+}
+
+function clearMacOSQuarantineDeep(cwd) {
+  if (!isDarwin()) return { cleared: 0, paths: [], skipped: true };
+  const targets = collectCodexXattrTargets(cwd);
+  const clearedPaths = [];
+  for (const target of targets) {
+    try {
+      execSync(`xattr -cr "${target}" 2>/dev/null || true`, {
+        shell: "/bin/bash",
+        timeout: 5000,
+      });
+      clearedPaths.push(target);
+    } catch {
+      // read-only volumes, etc.
+    }
+  }
+  return { cleared: clearedPaths.length, paths: clearedPaths, skipped: false };
+}
+
+function clearMacOSQuarantine(cwd) {
+  return clearMacOSQuarantineDeep(cwd);
+}
+
+/** Fast quarantine clear for codex spawn — target only the native binary. */
+function clearMacOSQuarantineForSpawn(executablePath, cwd) {
+  if (!isDarwin()) return { cleared: 0, paths: [], skipped: true };
+  const key = cwd || process.cwd();
+  if (quarantineClearedForCwd === key) {
+    return { cleared: 0, paths: [], skipped: true };
+  }
+  const clearedPaths = [];
+  if (executablePath && fs.existsSync(executablePath)) {
+    try {
+      execSync(`xattr -c "${executablePath}" 2>/dev/null || true`, {
+        shell: "/bin/bash",
+        timeout: 2000,
+      });
+      clearedPaths.push(executablePath);
+    } catch {
+      // ignore
+    }
+  }
+  quarantineClearedForCwd = key;
+  return { cleared: clearedPaths.length, paths: clearedPaths, skipped: false };
+}
+
+function looksLikeNativeCodexBinary(filePath) {
+  if (!filePath) return false;
+  const base = path.basename(filePath);
+  return base === "codex" || base === "codex.exe";
+}
+
+function repairMacOSCodexPaths(binaryPaths, { force = false, mode = "doctor" } = {}) {
+  if (!isDarwin()) return [];
+  const seen = new Set();
+  const results = [];
+  for (const binaryPath of binaryPaths) {
+    if (!binaryPath || seen.has(binaryPath) || !fs.existsSync(binaryPath)) continue;
+    if (!looksLikeNativeCodexBinary(binaryPath)) continue;
+    seen.add(binaryPath);
+
+    const beforeVerify = mode === "doctor" ? codesignVerify(binaryPath) : null;
+    const beforeSpctl = mode === "doctor" ? spctlAssess(binaryPath, 10_000) : null;
+    const needsRepair = force
+      || (beforeVerify?.revoked ?? false)
+      || (beforeSpctl?.revoked ?? false)
+      || (mode === "spawn" && needsRepairBeforeSpawn(binaryPath));
+    if (!needsRepair) {
+      markBinaryPrepared(binaryPath);
+      results.push({
+        path: binaryPath,
+        skipped: true,
+        before: beforeVerify,
+        beforeSpctl,
+      });
+      continue;
+    }
+
+    const repair = repairCodexBinaryAdHoc(binaryPath);
+    const after = codesignVerify(binaryPath);
+    const afterSpctl = mode === "doctor" ? spctlAssess(binaryPath, 10_000) : null;
+    if (repair.ok) markBinaryPrepared(binaryPath);
+    results.push({
+      path: binaryPath,
+      skipped: false,
+      before: beforeVerify,
+      beforeSpctl,
+      repair,
+      after,
+      afterSpctl,
+    });
+  }
+  return results;
+}
+
+/**
+ * Best-effort macOS prep before spawning codex: replace revoked signatures with
+ * ad-hoc signing. Skips xattr on the hot path — clearing quarantine on trees
+ * under macOS protected folders (Documents, etc.) can take 20s+ per spawn.
+ * Use `annodex doctor --repair` for deep quarantine cleanup.
+ */
+function prepareMacOSCodexForSpawn(executablePath, cwd) {
+  if (!isDarwin()) return { quarantine: { cleared: 0, paths: [] }, repairs: [] };
+
+  const quarantine = { cleared: 0, paths: [], skipped: true };
+
+  if (!executablePath || !looksLikeNativeCodexBinary(executablePath)) {
+    return { quarantine, repairs: [] };
+  }
+  if (isBinaryPrepared(executablePath) || preparingBinaries.has(executablePath)) {
+    return { quarantine, repairs: [], skipped: true };
+  }
+
+  preparingBinaries.add(executablePath);
+  let repairs = [];
+  try {
+    repairs = repairMacOSCodexPaths([executablePath], { mode: "spawn" });
+  } finally {
+    preparingBinaries.delete(executablePath);
+  }
+  for (const item of repairs) {
+    if (item.skipped) continue;
+    if (item.repair?.ok) {
+      console.log(
+        `[codex-server] Repaired codex signature with ad-hoc signing: ${item.path}`,
+      );
+    } else if (item.before?.revoked || item.beforeSpctl?.revoked) {
+      console.warn(
+        `[codex-server] Failed to repair revoked codex signature at ${item.path}: ${item.repair?.output || item.repair?.error || "unknown error"}`,
+      );
+    }
+  }
+
+  return { quarantine, repairs };
+}
+
+module.exports = {
+  codesignVerify,
+  spctlAssess,
+  shouldRepairCodexBinary,
+  repairCodexBinaryAdHoc,
+  needsRevokedCertRepair,
+  clearMacOSQuarantine,
+  repairMacOSCodexPaths,
+  prepareMacOSCodexForSpawn,
+};

package/next.config.ts

@@ -6,7 +6,7 @@ const { version } = JSON.parse(readFileSync(join(__dirname, "package.json"), "ut
 
 const nextConfig: NextConfig = {
   serverExternalPackages: ["ws", "@openai/codex"],
-  allowedDevOrigins: ['192.168.*.*'],
+  allowedDevOrigins: ["127.0.0.1", "localhost", "192.168.*.*"],
   env: {
     NEXT_PUBLIC_APP_VERSION: version,
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@seqyuan/annodex",
-  "version": "0.1.53",
+  "version": "0.1.54",
   "description": "AI-native bioinformatics workspace by Annoroad",
   "license": "MIT",
   "bin": {
@@ -16,6 +16,7 @@
     "!.next/trace",
     "!.next/trace-build",
     "lib/app-settings.js",
+    "lib/macos-codex-security.js",
     "lib/default-SOUL.md",
     "lib/default-HARNESS.md",
     "public",