@seqyuan/annodex 0.1.53 → 0.1.55

package/lib/macos-codex-security.js

@@ -0,0 +1,376 @@
+"use strict";
+/* eslint-disable @typescript-eslint/no-require-imports */
+
+/**
+ * macOS Gatekeeper helpers for the vendored @openai/codex native binary.
+ *
+ * npm-installed codex may carry com.apple.quarantine and/or a Developer ID
+ * signature whose certificate chain was revoked. The latter can cause macOS
+ * to SIGKILL the process immediately (CSSMERR_TP_CERT_REVOKED). Stripping the
+ * broken signature and applying ad-hoc signing (--sign -) downgrades the
+ * failure to a first-run Gatekeeper dialog (right-click → Open), matching the
+ * hermes-agent Electron recovery pattern.
+ */
+
+const { spawnSync, execSync } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+
+const CODESIGN = "/usr/bin/codesign";
+const SPCTL = "/usr/sbin/spctl";
+
+/** Avoid repeating signature checks on every codex spawn in one process. */
+function getPreparedRegistry() {
+  if (!globalThis.__annodexCodexPreparedBinaries) {
+    globalThis.__annodexCodexPreparedBinaries = new Map();
+  }
+  return globalThis.__annodexCodexPreparedBinaries;
+}
+
+const preparingBinaries = new Set();
+
+function isBinaryPrepared(binaryPath) {
+  const mtime = binaryMtimeMs(binaryPath);
+  return mtime !== null && getPreparedRegistry().get(binaryPath) === mtime;
+}
+
+function markBinaryPrepared(binaryPath) {
+  const mtime = binaryMtimeMs(binaryPath);
+  if (mtime !== null) getPreparedRegistry().set(binaryPath, mtime);
+}
+
+let quarantineClearedForCwd = null;
+
+function isDarwin() {
+  return process.platform === "darwin";
+}
+
+function codesignOutput(result) {
+  return `${result.stdout || ""}${result.stderr || ""}`.trim();
+}
+
+function needsRevokedCertRepair(text) {
+  return /CSSMERR_TP_CERT_REVOKED/i.test(text || "");
+}
+
+function binaryMtimeMs(binaryPath) {
+  try {
+    return fs.statSync(binaryPath).mtimeMs;
+  } catch {
+    return null;
+  }
+}
+
+function spctlAssess(binaryPath, timeoutMs = 10_000) {
+  if (!isDarwin() || !binaryPath || !fs.existsSync(binaryPath)) {
+    return { accepted: false, output: "", error: "missing binary" };
+  }
+  const result = spawnSync(SPCTL, ["--assess", "--verbose", binaryPath], {
+    encoding: "utf8",
+    timeout: timeoutMs,
+  });
+  const output = codesignOutput(result);
+  const timedOut = result.error && /timed out/i.test(result.error.message || "");
+  return {
+    accepted: result.status === 0 || /accepted/i.test(output),
+    revoked: needsRevokedCertRepair(output),
+    timedOut,
+    output,
+    status: result.status,
+    error: result.error ? result.error.message : null,
+  };
+}
+
+function codesignVerify(binaryPath, { timeoutMs = 5_000 } = {}) {
+  if (!isDarwin() || !binaryPath || !fs.existsSync(binaryPath)) {
+    return { ok: false, revoked: false, output: "", error: "missing binary" };
+  }
+  const result = spawnSync(CODESIGN, ["--verify", "--strict", "--verbose=4", binaryPath], {
+    encoding: "utf8",
+    timeout: timeoutMs,
+  });
+  const output = codesignOutput(result);
+  return {
+    ok: result.status === 0,
+    revoked: needsRevokedCertRepair(output),
+    output,
+    status: result.status,
+    error: result.error ? result.error.message : null,
+  };
+}
+
+/** Fast spawn-path check — only detect revoked certs (not full strict verify). */
+function needsRepairBeforeSpawn(binaryPath) {
+  const result = spawnSync(CODESIGN, ["--verify", binaryPath], {
+    encoding: "utf8",
+    timeout: 3_000,
+  });
+  return needsRevokedCertRepair(codesignOutput(result));
+}
+
+function shouldRepairCodexBinary(binaryPath) {
+  const verify = codesignVerify(binaryPath);
+  if (verify.revoked || !verify.ok) return true;
+  const spctl = spctlAssess(binaryPath, 10_000);
+  return spctl.revoked;
+}
+
+function repairCodexBinaryAdHoc(binaryPath) {
+  if (!isDarwin() || !binaryPath || !fs.existsSync(binaryPath)) {
+    return { ok: false, output: "", error: "missing binary" };
+  }
+  spawnSync(CODESIGN, ["--remove-signature", binaryPath], {
+    encoding: "utf8",
+    timeout: 10_000,
+  });
+  const sign = spawnSync(CODESIGN, ["--force", "--sign", "-", binaryPath], {
+    encoding: "utf8",
+    timeout: 10_000,
+  });
+  const output = codesignOutput(sign);
+  return {
+    ok: sign.status === 0,
+    output,
+    error: sign.error ? sign.error.message : null,
+  };
+}
+
+function collectCodexXattrTargets(cwd) {
+  const targets = [];
+  const workDir = cwd || process.cwd();
+
+  const localPkg = path.join(workDir, "node_modules", "@openai", "codex");
+  if (fs.existsSync(localPkg)) targets.push(localPkg);
+
+  let annodexRoot = null;
+  try {
+    annodexRoot = path.join(__dirname, "..");
+  } catch {
+    // bundled build
+  }
+
+  try {
+    const npmPrefix = execSync("npm prefix -g", { encoding: "utf8", timeout: 3000 }).trim();
+    if (npmPrefix) {
+      const globalPkg = path.join(npmPrefix, "lib", "node_modules", "@openai", "codex");
+      if (fs.existsSync(globalPkg)) targets.push(globalPkg);
+      const binShim = path.join(npmPrefix, "bin", "codex");
+      if (fs.existsSync(binShim)) targets.push(binShim);
+    }
+  } catch {
+    // npm not available
+  }
+
+  if (annodexRoot) {
+    const annodexPkg = path.join(annodexRoot, "..", "..", "node_modules", "@openai", "codex");
+    if (fs.existsSync(annodexPkg) && !targets.includes(annodexPkg)) targets.push(annodexPkg);
+  }
+
+  return targets;
+}
+
+function clearMacOSQuarantineDeep(cwd) {
+  if (!isDarwin()) return { cleared: 0, paths: [], skipped: true };
+  const targets = collectCodexXattrTargets(cwd);
+  const clearedPaths = [];
+  for (const target of targets) {
+    try {
+      execSync(`xattr -cr "${target}" 2>/dev/null || true`, {
+        shell: "/bin/bash",
+        timeout: 5000,
+      });
+      clearedPaths.push(target);
+    } catch {
+      // read-only volumes, etc.
+    }
+  }
+  return { cleared: clearedPaths.length, paths: clearedPaths, skipped: false };
+}
+
+function clearMacOSQuarantine(cwd) {
+  return clearMacOSQuarantineDeep(cwd);
+}
+
+/** Fast quarantine clear for codex spawn — target only the native binary. */
+function clearMacOSQuarantineForSpawn(executablePath, cwd) {
+  if (!isDarwin()) return { cleared: 0, paths: [], skipped: true };
+  const key = cwd || process.cwd();
+  if (quarantineClearedForCwd === key) {
+    return { cleared: 0, paths: [], skipped: true };
+  }
+  const clearedPaths = [];
+  if (executablePath && fs.existsSync(executablePath)) {
+    try {
+      execSync(`xattr -c "${executablePath}" 2>/dev/null || true`, {
+        shell: "/bin/bash",
+        timeout: 2000,
+      });
+      clearedPaths.push(executablePath);
+    } catch {
+      // ignore
+    }
+  }
+  quarantineClearedForCwd = key;
+  return { cleared: clearedPaths.length, paths: clearedPaths, skipped: false };
+}
+
+function looksLikeNativeCodexBinary(filePath) {
+  if (!filePath) return false;
+  const base = path.basename(filePath);
+  return base === "codex" || base === "codex.exe";
+}
+
+/** Given a codex executable path (may be a JS shim), find the real native binary. */
+function resolveNativeBinaryFromShim(executablePath) {
+  if (!executablePath || !fs.existsSync(executablePath)) return null;
+  // If it's already a native binary (inside vendor/), return as-is
+  if (/vendor[/\\]/.test(executablePath)) return executablePath;
+
+  // Check if it's a JS shim (e.g. node_modules/.bin/codex)
+  try {
+    const content = fs.readFileSync(executablePath, "utf8").slice(0, 512);
+    if (content.includes("node") || content.includes("#!/")) {
+      // This is a shim/script — find the native binary nearby
+      const shimDir = path.dirname(executablePath);
+      const nodeModulesDir = path.join(shimDir, "..");
+
+      const platform = process.platform;
+      const arch = process.arch;
+      let pkgName;
+      let triple;
+      if (platform === "darwin") {
+        if (arch === "arm64") { pkgName = "codex-darwin-arm64"; triple = "aarch64-apple-darwin"; }
+        else if (arch === "x64") { pkgName = "codex-darwin-x64"; triple = "x86_64-apple-darwin"; }
+        else return null;
+      } else {
+        return null;
+      }
+      const binaryName = "codex";
+
+      const subPaths = [
+        path.join("vendor", triple, "bin", binaryName),
+        path.join("vendor", triple, "codex", binaryName),
+      ];
+      for (const sub of subPaths) {
+        const candidate = path.join(nodeModulesDir, "@openai", pkgName, sub);
+        if (fs.existsSync(candidate)) return candidate;
+      }
+      // Also try nested layout
+      for (const sub of subPaths) {
+        const candidate = path.join(nodeModulesDir, "@openai", "codex", "node_modules", "@openai", pkgName, sub);
+        if (fs.existsSync(candidate)) return candidate;
+      }
+    }
+  } catch { /* ignore */ }
+  return executablePath;
+}
+
+function repairMacOSCodexPaths(binaryPaths, { force = false, mode = "doctor" } = {}) {
+  if (!isDarwin()) return [];
+  const seen = new Set();
+  const results = [];
+  for (const binaryPath of binaryPaths) {
+    if (!binaryPath || seen.has(binaryPath) || !fs.existsSync(binaryPath)) continue;
+    if (!looksLikeNativeCodexBinary(binaryPath)) continue;
+    seen.add(binaryPath);
+
+    const beforeVerify = mode === "doctor" ? codesignVerify(binaryPath) : null;
+    const beforeSpctl = mode === "doctor" ? spctlAssess(binaryPath, 10_000) : null;
+    const needsRepair = force
+      || (beforeVerify?.revoked ?? false)
+      || (beforeSpctl?.revoked ?? false)
+      || (mode === "spawn" && needsRepairBeforeSpawn(binaryPath));
+    if (!needsRepair) {
+      markBinaryPrepared(binaryPath);
+      results.push({
+        path: binaryPath,
+        skipped: true,
+        before: beforeVerify,
+        beforeSpctl,
+      });
+      continue;
+    }
+
+    const repair = repairCodexBinaryAdHoc(binaryPath);
+    const after = codesignVerify(binaryPath);
+    const afterSpctl = mode === "doctor" ? spctlAssess(binaryPath, 10_000) : null;
+    if (repair.ok) markBinaryPrepared(binaryPath);
+    results.push({
+      path: binaryPath,
+      skipped: false,
+      before: beforeVerify,
+      beforeSpctl,
+      repair,
+      after,
+      afterSpctl,
+    });
+  }
+  return results;
+}
+
+/**
+ * Best-effort macOS prep before spawning codex: replace revoked signatures with
+ * ad-hoc signing. Skips xattr on the hot path — clearing quarantine on trees
+ * under macOS protected folders (Documents, etc.) can take 20s+ per spawn.
+ * Use `annodex doctor --repair` for deep quarantine cleanup.
+ */
+function prepareMacOSCodexForSpawn(executablePath, cwd) {
+  if (!isDarwin()) return { quarantine: { cleared: 0, paths: [] }, repairs: [] };
+
+  const quarantine = { cleared: 0, paths: [], skipped: true };
+  if (!executablePath) return { quarantine, repairs: [] };
+
+  // If the resolved executable is a JS shim (e.g. node_modules/.bin/codex),
+  // find and repair the underlying native binary instead.
+  // Spawning the shim causes Node to exec the native binary as a grandchild,
+  // which macOS Gatekeeper may kill even after ad-hoc signing of the shim itself.
+  const resolvedNative = resolveNativeBinaryFromShim(executablePath);
+  if (resolvedNative && resolvedNative !== executablePath) {
+    console.log(
+      `[codex-server] Resolved native codex binary from shim: ${executablePath} -> ${resolvedNative}`,
+    );
+    prepareMacOSCodexForSpawn(resolvedNative, cwd);
+    return { quarantine, repairs: [], shimResolved: resolvedNative };
+  }
+
+  if (!looksLikeNativeCodexBinary(executablePath)) {
+    return { quarantine, repairs: [] };
+  }
+  if (isBinaryPrepared(executablePath) || preparingBinaries.has(executablePath)) {
+    return { quarantine, repairs: [], skipped: true };
+  }
+
+  preparingBinaries.add(executablePath);
+  let repairs = [];
+  try {
+    repairs = repairMacOSCodexPaths([executablePath], { mode: "spawn" });
+  } finally {
+    preparingBinaries.delete(executablePath);
+  }
+  for (const item of repairs) {
+    if (item.skipped) continue;
+    if (item.repair?.ok) {
+      console.log(
+        `[codex-server] Repaired codex signature with ad-hoc signing: ${item.path}`,
+      );
+    } else if (item.before?.revoked || item.beforeSpctl?.revoked) {
+      console.warn(
+        `[codex-server] Failed to repair revoked codex signature at ${item.path}: ${item.repair?.output || item.repair?.error || "unknown error"}`,
+      );
+    }
+  }
+
+  return { quarantine, repairs };
+}
+
+module.exports = {
+  codesignVerify,
+  spctlAssess,
+  shouldRepairCodexBinary,
+  repairCodexBinaryAdHoc,
+  needsRevokedCertRepair,
+  clearMacOSQuarantine,
+  repairMacOSCodexPaths,
+  resolveNativeBinaryFromShim,
+  prepareMacOSCodexForSpawn,
+};

package/next.config.ts

@@ -6,7 +6,7 @@ const { version } = JSON.parse(readFileSync(join(__dirname, "package.json"), "ut
 
 const nextConfig: NextConfig = {
   serverExternalPackages: ["ws", "@openai/codex"],
-  allowedDevOrigins: ['192.168.*.*'],
+  allowedDevOrigins: ["127.0.0.1", "localhost", "192.168.*.*"],
   env: {
     NEXT_PUBLIC_APP_VERSION: version,
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@seqyuan/annodex",
-  "version": "0.1.53",
+  "version": "0.1.55",
   "description": "AI-native bioinformatics workspace by Annoroad",
   "license": "MIT",
   "bin": {
@@ -16,6 +16,7 @@
     "!.next/trace",
     "!.next/trace-build",
     "lib/app-settings.js",
+    "lib/macos-codex-security.js",
     "lib/default-SOUL.md",
     "lib/default-HARNESS.md",
     "public",