@tarunspandit/codexflow 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (92) hide show
  1. package/AGENTS.example.md +18 -0
  2. package/CHANGELOG.md +311 -0
  3. package/CHATGPT_PROMPT.md +12 -0
  4. package/CODEX_PROMPT.md +12 -0
  5. package/CONTRIBUTING.md +51 -0
  6. package/DOMAIN_SETUP.md +241 -0
  7. package/FAQ.md +327 -0
  8. package/FAQ_ZH.md +279 -0
  9. package/LICENSE +21 -0
  10. package/NOTICE +9 -0
  11. package/PUBLIC_LAUNCH_CHECKLIST.md +111 -0
  12. package/README.md +287 -0
  13. package/README_ZH.md +461 -0
  14. package/SECURITY.md +145 -0
  15. package/config.example.env +31 -0
  16. package/dist/analysis/cache.js +27 -0
  17. package/dist/analysis/cache.js.map +1 -0
  18. package/dist/analysis/classify.js +102 -0
  19. package/dist/analysis/classify.js.map +1 -0
  20. package/dist/analysis/extract.js +139 -0
  21. package/dist/analysis/extract.js.map +1 -0
  22. package/dist/analysis/graph.js +22 -0
  23. package/dist/analysis/graph.js.map +1 -0
  24. package/dist/analysis/impact.js +167 -0
  25. package/dist/analysis/impact.js.map +1 -0
  26. package/dist/analysis/index.js +215 -0
  27. package/dist/analysis/index.js.map +1 -0
  28. package/dist/analysis/inventory.js +51 -0
  29. package/dist/analysis/inventory.js.map +1 -0
  30. package/dist/analysis/providers.js +24 -0
  31. package/dist/analysis/providers.js.map +1 -0
  32. package/dist/analysis/rank.js +27 -0
  33. package/dist/analysis/rank.js.map +1 -0
  34. package/dist/analysis/types.js +8 -0
  35. package/dist/analysis/types.js.map +1 -0
  36. package/dist/bashOps.js +233 -0
  37. package/dist/bashOps.js.map +1 -0
  38. package/dist/capabilitiesOps.js +365 -0
  39. package/dist/capabilitiesOps.js.map +1 -0
  40. package/dist/codexSessions.js +379 -0
  41. package/dist/codexSessions.js.map +1 -0
  42. package/dist/config.js +289 -0
  43. package/dist/config.js.map +1 -0
  44. package/dist/fsOps.js +286 -0
  45. package/dist/fsOps.js.map +1 -0
  46. package/dist/gitOps.js +79 -0
  47. package/dist/gitOps.js.map +1 -0
  48. package/dist/guard.js +198 -0
  49. package/dist/guard.js.map +1 -0
  50. package/dist/http.js +1671 -0
  51. package/dist/http.js.map +1 -0
  52. package/dist/proContext.js +274 -0
  53. package/dist/proContext.js.map +1 -0
  54. package/dist/profileStore.js +89 -0
  55. package/dist/profileStore.js.map +1 -0
  56. package/dist/projectCatalog.js +134 -0
  57. package/dist/projectCatalog.js.map +1 -0
  58. package/dist/redact.js +73 -0
  59. package/dist/redact.js.map +1 -0
  60. package/dist/searchOps.js +186 -0
  61. package/dist/searchOps.js.map +1 -0
  62. package/dist/server.js +2502 -0
  63. package/dist/server.js.map +1 -0
  64. package/dist/stdio.js +36 -0
  65. package/dist/stdio.js.map +1 -0
  66. package/dist/toolCardWidget.js +1155 -0
  67. package/dist/toolCardWidget.js.map +1 -0
  68. package/dist/workspaceOps.js +229 -0
  69. package/dist/workspaceOps.js.map +1 -0
  70. package/docs/.nojekyll +1 -0
  71. package/docs/favicon.svg +5 -0
  72. package/docs/index.html +638 -0
  73. package/docs/og.png +0 -0
  74. package/docs/script.js +80 -0
  75. package/docs/star.svg +11 -0
  76. package/docs/styles.css +1229 -0
  77. package/docs/zh.html +436 -0
  78. package/package.json +94 -0
  79. package/scripts/analysis-cli-smoke.mjs +81 -0
  80. package/scripts/analysis-smoke.mjs +179 -0
  81. package/scripts/clean.mjs +6 -0
  82. package/scripts/cli-smoke.mjs +168 -0
  83. package/scripts/codexflow.mjs +4375 -0
  84. package/scripts/doctor-smoke.mjs +90 -0
  85. package/scripts/execute-handoff-smoke.mjs +1110 -0
  86. package/scripts/http-smoke.mjs +812 -0
  87. package/scripts/pro-apply.mjs +141 -0
  88. package/scripts/pro-bundle.mjs +121 -0
  89. package/scripts/pro-smoke.mjs +95 -0
  90. package/scripts/settings-smoke.mjs +756 -0
  91. package/scripts/smoke.mjs +1194 -0
  92. package/scripts/stress.mjs +835 -0
@@ -0,0 +1,18 @@
1
+ # AGENTS.md example
2
+
3
+ This repo is connected through CodexFlow.
4
+
5
+ Rules for ChatGPT or another planning model:
6
+
7
+ - Prefer planning and review over direct implementation.
8
+ - Use handoff_to_codex to write .ai-bridge/current-plan.md.
9
+ - Do not edit source files unless the user explicitly asks.
10
+ - Always inspect git_status and git_diff before reviewing.
11
+ - Respect .ai-bridge/decisions.md.
12
+
13
+ Rules for Codex:
14
+
15
+ - Read .ai-bridge/current-plan.md before changing code.
16
+ - Execute in small steps.
17
+ - Update .ai-bridge/codex-status.md after meaningful changes.
18
+ - Include tests run and results.
package/CHANGELOG.md ADDED
@@ -0,0 +1,311 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+
5
+ ## 0.29.0 (2026-07-13)
6
+
7
+ - Launched the redesigned English and Chinese CodexFlow website, social card, public npm identity, and renamed GitHub repository.
8
+ - Added `codexflow status` with human-readable and `--json` runtime/process/health reporting, plus `--non-interactive` / `--no-control-panel` for script and CI launches.
9
+ - Added a synchronized project picker and per-ChatGPT-session project binding, allowing one broker and tunnel to route concurrent web coding chats to different local repositories without invoking the Codex CLI.
10
+ - Project selection now advertises repository instructions, workspace/user/plugin skills, locally available plugin manifests, and configured MCP server names.
11
+ - Renamed the product, npm package, executable, MCP identity, environment namespace, local state directory, widgets, and documentation from CodexPro/codeXchat to CodexFlow/`codexflow`.
12
+ - Removed first-run setup from the normal path: bare `codexflow` discovers project directories from local Codex metadata, chooses the most recent project as the default, starts the broker and quick tunnel, and copies the ChatGPT connection URL.
13
+ - Bumped the interactive tool resource to `ui://widget/codexflow-tool-card-v10.html` while retaining v9/v8 compatibility aliases, preventing stale ChatGPT widget caches from hiding the project picker.
14
+
15
+ ## 0.29.0-beta.1 (npm beta, 2026-07-11)
16
+
17
+ - Added bounded multi-language repository analysis, grouped search results, change-impact and test recommendations, `codexflow inspect` / `codexflow review` CLI commands, and compact opt-in tool cards.
18
+ - Added `codexflow connection-test`, a read-only connector profile with no bash or tool cards, plus request-arrival logging and current ChatGPT Plugins troubleshooting.
19
+ - Added Tailscale Funnel as a saved tunnel/profile option, including `codexflow tailscale --hostname ...`, launcher support, admin profile support, and settings smoke coverage.
20
+ - Added proxy-aware Cloudflare quick tunnels: when proxy env vars are set, CodexFlow requests quick-tunnel credentials through `curl --proxy`, runs `cloudflared` with a temporary credentials file, ignores Cloudflare API URLs, and cleans the credentials file after shutdown.
21
+ - Hardened Codex handoff execution on Windows by resolving spawnable Codex shims, asking Codex to read the plan file instead of argv-passing the whole plan, and recording git status in handoff artifacts.
22
+ - Added concise connector-creation troubleshooting to the English and Chinese FAQs.
23
+ - Bounded browser-facing tool-card structured payloads and binary-file text checks so CodexFlow emits less data without reducing normal tool-result or binary-detection quality.
24
+ - Allowed targeted line-range reads and search matches in text files slightly above `maxReadBytes`, while keeping full-file reads and very large scans bounded.
25
+ - Replaced the overlong README with a shorter install, tunnel, safety, RAM-boundary, and development guide.
26
+ - Added a guarded `apply_patch` MCP tool for unified-diff edits inside workspace write mode, with blocked-path and secret-content checks before patches are applied.
27
+ - Added last-shown review checkpoints to `show_changes`, so repeated unchanged reviews collapse while new workspace changes still produce a fresh diff.
28
+ - Fixed checkpoint-hit `show_changes` responses so repeated unchanged reviews report zero new diff stats instead of carrying stale addition/deletion counts.
29
+ - Scoped `apply_patch` result diffs to the applied patch, so unrelated dirty tracked files are not folded into the patch card.
30
+ - Hardened safe bash filtering, path canonicalization, binary-file checks, ripgrep truncation reporting, and supertool argument validation around edge-case bypasses found by stress testing.
31
+ - Redacted child tunnel process output before logging or surfacing startup failures so Cloudflare `TUNNEL_TOKEN` values cannot leak from failed named-tunnel launches.
32
+ - Kept `codex_sessions` metadata mode from returning transcript-tail summaries, skipped unreadable stale history files, and accepted source paths under symlink-resolved Codex history roots.
33
+ - Hardened search, context export, path blocking, skill loading, and change summaries around hidden files, colon-containing paths, `.env` descendants, large-file limits, user skills, and diff stats.
34
+ - Blocked raw newline and carriage-return command separators in safe bash mode before whitespace normalization, including through the stable `codexflow` supertool wrapper.
35
+ - Corrected docs to describe Developer Mode account eligibility as broader than Plus/Pro while keeping the model/tool-surface limitation explicit.
36
+
37
+ ## 0.28.6 (main, pending npm latest)
38
+
39
+ - Added the stable `codexflow` supertool wrapper for advanced connector-cache/custom workflows, while preserving tool/write/bash mode gates.
40
+ - Hardened direct HTTP auth defaults, local `--no-auth`, token redaction, search parsing, selected-path Pro exports, and handoff polling state.
41
+ - Added `npm run stress` to cover full-mode MCP behavior, supertool dispatch, skill caps, card payloads, search edge cases, Pro export, and handoff polling.
42
+ - Fixed CLI env precedence so `CODEXFLOW_HOST` / `CODEXFLOW_PORT` override generic `HOST` / `PORT`, preventing ambient process env from widening a launcher-validated bind.
43
+ - Normalized stable public hostnames in CLI settings/setup/start flows and accepted common `--flag=value` syntax.
44
+
45
+ - Made ChatGPT tool-card descriptor metadata opt-in with `CODEXFLOW_TOOL_CARDS=1`, so default `tools/list` responses stay plain MCP and avoid fragile widget metadata during tool discovery.
46
+ - Added `codexflow loop-handoff` for bounded local execute/review loops over `.ai-bridge/current-plan.md`, with a required local `--review-command`, `--max-iters`, dry-run preview, optional test command capture, and stop conditions for no diff, repeated diff, missing follow-up plans, reviewer errors, and human cancellation.
47
+ - Hardened `loop-handoff` external-command boundaries: commands are preflighted before execution, reviewer verdicts require explicit `CODEXFLOW_REVIEW=...` assignment lines by default, and reviewer `PASS` no longer masks failed executor/test/reviewer commands unless the user opts into the supported override behavior.
48
+ - Fixed loop change detection so `--stop-if-no-files-changed` and `--stop-if-same-diff` compare each iteration against a pre-execution baseline and count unstaged diffs, staged diffs, and untracked file fingerprints outside `.ai-bridge`.
49
+ - Switched loop guard decisions to an uncapped git-state fingerprint instead of hashing or vetoing on the trimmed reviewer diff artifact.
50
+ - Kept handoff plan hashing on the handoff read-size budget instead of `--max-output-bytes`, so valid plans larger than captured output excerpts do not abort the loop after execution.
51
+ - Made loop change fingerprints content/status based instead of timestamp based, so repeated identical tracked-file writes stop as no new changes instead of looking different because of volatile mtimes.
52
+ - Normalized Git porcelain paths back to workspace-relative paths before loop clean-start filtering and change fingerprinting, with path-scoped status and untracked-file scans so nested workspaces inside larger Git repos are handled correctly.
53
+ - Bounded untracked file fingerprinting so symlinks are reported via `readlink` and regular files hash only a capped prefix instead of following arbitrary paths or reading entire generated artifacts.
54
+ - Tightened `--require-clean-git-start` so staged renames are treated as handoff-only only when both rename endpoints are inside `.ai-bridge`.
55
+ - Stopped reviewer `FAIL` and implicit review verdicts from continuing when the reviewer deletes, empties, or restores `.ai-bridge/current-plan.md` to the scaffold instead of writing a usable follow-up plan.
56
+ - Kept the autonomous handoff loop CLI-only and local-terminal-owned; it does not expose agent execution as a remote MCP tool, automate ChatGPT Web, approve product prompts, proxy models, or bypass limits.
57
+ - Extended handoff smoke coverage with a fake reviewer that fails once by writing a follow-up plan, then passes on the second local executor iteration, plus failed executor, failed reviewer, bare `PASS`, staged-only, untracked-file, bounded-untracked, dirty-baseline, repeated-identical-write, nested-workspace, nested-untracked-workspace, outside-untracked-nested-workspace, large-dirty-baseline, unavailable-diff-artifact, large-plan-over-output-cap, staged-rename, deleted-follow-up-plan, and implicit-deleted-plan cases.
58
+
59
+ ## 0.28.5
60
+
61
+ - Added a compatibility alias for stale ChatGPT descriptors that still request `ui://widget/codexflow-tool-card-v8.html`, while keeping `ui://widget/codexflow-tool-card-v9.html` as the current advertised widget.
62
+ - Stopped advertising the `bash` MCP tool when `CODEXFLOW_BASH_MODE=off` / `codexflow --no-bash` is active, so ChatGPT has less opportunity to attempt a shell tool call in no-bash sessions.
63
+ - Stopped advertising direct `write` and `edit` tools unless `CODEXFLOW_WRITE_MODE=workspace`; handoff/off modes keep handoff planning tools available for bounded `.ai-bridge` plan files without exposing generic source edit actions.
64
+ - Added smoke coverage that compares `codexflow_self_test` expected tools against the actually registered MCP tool set, so disabled tools cannot silently remain visible in ChatGPT's tool list.
65
+ - Tightened `CODEXFLOW_CONTEXT_DIR` to workspace-relative hidden directories such as `.ai-bridge`, rejecting source/build/dependency/credential directories and absolute paths.
66
+ - Made saved profile handling stricter: non-agent modes cannot inherit `write=workspace`, relative tunnel config/token paths resolve from the workspace, and `settings set` refuses to persist raw Cloudflare tunnel tokens.
67
+ - Completed the local admin profile form for named Cloudflare/ngrok settings, including tunnel name, config paths, token-file path, and cloudflared auto-install preference.
68
+ - Fixed path-scoped `show_changes` so unrelated workspace status is not reported for a clean requested path.
69
+ - Kept duplicate `load_skill` matches ambiguous until the caller supplies the exact displayed skill path.
70
+ - Added `codexflow_self_test`, a local-only diagnostic that checks modes, expected tools, safe bash policy, selected-only Pro context, and an optional `.ai-bridge/codexflow-self-test.md` write/edit probe without touching source files.
71
+ - Upgraded ChatGPT cards to `ui://widget/codexflow-tool-card-v9.html` and attached compact card metadata to every CodexFlow tool, with large git/tree/context/bash payloads folded or bounded instead of printed as a giant chat block.
72
+ - Added `include_important_files` and `include_changed_files` controls to `export_pro_context` plus CLI smoke coverage for exact selected-only bundles.
73
+ - Added a dedicated compact `server_config` renderer and accepted model-friendly aliases `workspace_snapshot.max_files` plus `git_diff.include_diff=false` to reduce avoidable retry/error loops in ChatGPT.
74
+ - Reconfirmed the compliance boundary in runtime diagnostics and docs: CodexFlow is a local workspace MCP bridge, not a model provider, model proxy, quota bypass, resale layer, or remote executor.
75
+ - Added `codexflow --no-bash` and documented that CodexFlow does not bind MCP bash to a Codex app conversation id.
76
+ - Added an optional bash session guard with `--bash-session <id> --require-bash-session`; guarded `bash` calls must include the matching `session_id` before any shell command runs.
77
+ - Made bash chat transcripts compact by default, with `--bash-transcript full` for the old raw stdout/stderr chat output.
78
+ - Added opt-in local Codex session discovery with `--codex-sessions metadata|read`, including session ids, titles, cwd paths, source files, resume commands, and bounded transcript reads only in explicit `read` mode.
79
+ - Added a token-protected local profile editor at `/admin/profile` and the setup page so users can save tunnel, hostname, port, mode, bash, Codex session, write/tool mode, widget origin, and tunnel config defaults for the next `codexflow` without exposing raw tokens in the browser.
80
+
81
+ ## 0.28.4
82
+
83
+ - Made workspace cards compact by default, moving git details, discovered skills, and optional file tree output behind collapsible disclosure rows.
84
+ - Changed workspace open skill discovery to include workspace, user, and plugin skills by default while still exposing a focused `standard` tool surface.
85
+ - Added read-only `load_skill` so ChatGPT can load bounded `SKILL.md` instructions for discovered workspace, user, or plugin skills without exposing arbitrary path reads.
86
+ - Kept AGENTS detection in the workspace open result but stopped embedding the full AGENTS file in the open response; agents can read it explicitly when needed.
87
+ - Fixed setup propagation for `--widget-domain` and corrected workspace-card git status splitting for multi-file diffs.
88
+
89
+ ## 0.28.3
90
+
91
+ - Added `CODEXFLOW_WIDGET_DOMAIN` and the Apps SDK resource metadata keys `_meta.ui.domain` plus `_meta["openai/widgetDomain"]` so ChatGPT no longer reports that the widget domain is missing.
92
+ - Surfaced the widget domain in server config, HTTP status output, docs, env examples, and smoke tests.
93
+
94
+ ## 0.28.2
95
+
96
+ - Moved ChatGPT visual cards from `bash` to the workspace open tools so the first call gives a compact project orientation instead of noisy terminal cards.
97
+ - Kept `bash` data-only for focused verification commands and strengthened server instructions to prefer `tree`, `search`, `read`, and `show_changes` for inspection/review.
98
+ - Upgraded the widget to v8 with a workspace summary renderer and a neutral waiting state instead of a stale-looking running card.
99
+
100
+ ## 0.28.1
101
+
102
+ - Added `CODEXFLOW_TOOL_MODE=minimal|standard|full`, with `standard` as the default focused ChatGPT tool surface and `full` preserving the previous advanced toolbox.
103
+ - Added `show_changes` as a review-oriented visual card for git status, diff stats, and optional diff while keeping raw `git_diff` data-only.
104
+ - Upgraded the ChatGPT widget to v7 with compact bash execution summaries, review cards, and cleaner handoff cards.
105
+ - Allowed `open_workspace` to accept `path` as an alias for `root` to reduce client argument mismatch failures.
106
+ - Allowed safe package scripts with colon suffixes such as `npm run build:clients` for build/test verification.
107
+ - Surfaced tool mode in server config, local status, workspace/context exports, launcher output, setup profiles, and docs.
108
+
109
+ ## 0.28.0
110
+
111
+ - Added `codexflow execute-handoff` as an opt-in local executor for `.ai-bridge/current-plan.md`.
112
+ - Added `codexflow watch-handoff` as an opt-in local watcher that executes new handoff plans by content hash without exposing execution as a remote MCP tool.
113
+ - Added built-in local adapters for `opencode`, `pi`, and `codex`, plus a restricted `--command` template path for custom agents.
114
+ - Added `--dry-run`, `--yes`, timeout handling, stdout/stderr capture, `agent-status.md`, `implementation-diff.patch`, and `execution-log.jsonl` output.
115
+ - Kept `handoff_to_agent` planning-only; local execution is not exposed as a remote MCP tool.
116
+ - Fixed Windows release-gate coverage for symlink-escape smoke tests, Bash lookup, and custom executor paths containing spaces.
117
+ - Added smoke coverage for dry-run previews, custom command validation, execution status, diff collection, duplicate watch-plan skipping, and structured execution logging.
118
+ - Clarified that CodexFlow is an official Developer Mode/MCP workflow, not a rate-limit bypass or model access provider.
119
+
120
+ ## 0.27.2
121
+
122
+ - Added `handoff_to_agent` for file-based handoffs to Codex, OpenCode, Pi, or custom local implementation agents without executing local commands.
123
+ - Extended `.ai-bridge` with generic `agent-status.md`, `implementation-diff.patch`, and `execution-log.jsonl` files.
124
+ - Updated `read_handoff`, `codex_context`, Pro apply logging, docs, and smoke coverage for generic agent handoffs.
125
+ - Fixed secret detection so benign env-var references like `process.env.TOKEN` are not blocked or redacted as literal secrets.
126
+ - Shell-quoted generated agent command hints so model names cannot inject extra shell tokens.
127
+ - Bounded append-mode handoff reads with the configured text-file size guard.
128
+
129
+ ## 0.27.1
130
+
131
+ - Fail closed when HTTP MCP auth is required but `CODEXFLOW_HTTP_TOKEN` is missing, including public tunnel mode and non-loopback binds.
132
+ - Block additional safe-bash bypass paths for absolute paths, parent paths, environment expansion, sensitive paths, and `find` write/action flags.
133
+ - Added smoke coverage for the missing-token HTTP startup failure and safe-bash blocked command cases.
134
+
135
+ ## 0.27.0
136
+
137
+ - Kept terminal startup focused on only the connector URL and essential controls; usage prompts now belong in README/docs only.
138
+ - Made `git_diff` data-only instead of a widget-rendered tool. This reduces noisy ChatGPT cards and avoids template fetch failures for empty/no-op diffs.
139
+ - Kept visual cards scoped to high-signal outputs: source writes, exact edits, Pro context exports, and Codex handoffs.
140
+ - Updated smoke coverage so routine inspection tools stay compact.
141
+
142
+ ## 0.26.0
143
+
144
+ - Removed prompt management from the terminal control panel.
145
+ - Removed the `s` hotkey and all launcher-side suggested prompt generation.
146
+ - Kept usage prompts and workflow examples in documentation instead of runtime UI.
147
+
148
+ ## 0.25.0
149
+
150
+ - Simplified the ready screen so startup shows one compact status block instead of a long boxed next-step panel.
151
+ - Reduced visible controls to the common actions: open ChatGPT, copy URL, open status, copy prompt, help, and quit.
152
+ - Changed the `s` control to copy the suggested ChatGPT prompt instead of printing the full prompt repeatedly.
153
+ - Cleaned up saved setup list formatting so reused ngrok/Cloudflare profiles are easier to scan in narrow terminals.
154
+
155
+ ## 0.24.0
156
+
157
+ - Added `codexflow settings list` to show all saved workspace tunnel profiles.
158
+ - Added `codexflow settings use` and `--from-root` to copy a saved setup from one workspace to another.
159
+ - Improved first-run `codexflow` behavior: if the current workspace has no settings but other saved setups exist, CodexFlow shows them as a numbered list so users can reuse an existing ngrok or Cloudflare setup instead of retyping hostnames.
160
+ - Expanded settings smoke coverage for profile listing and reuse.
161
+
162
+ ## 0.23.0
163
+
164
+ - Added a compact first-run tunnel picker to `codexflow` when no workspace settings exist, so users can choose Cloudflare quick, ngrok, Cloudflare stable, or local mode without running the full setup wizard.
165
+ - Added `codexflow settings` with `show`, `set`, and `delete --yes` actions for persistent per-workspace tunnel preferences.
166
+ - Persisted the selected tunnel provider, hostname, port, mode, and CodexFlow token until the user changes or deletes the workspace settings.
167
+ - Added `scripts/settings-smoke.mjs` and included it in `npm run smoke`.
168
+
169
+ ## 0.22.0
170
+
171
+ - Added the v5 Apps SDK widget resource at `ui://widget/codexflow-tool-card-v5.html` with cleaner pending states and more polished diff/search/code cards.
172
+ - Added a token-protected local admin dashboard at `/` and `/setup` for workspace, mode, allowed-root, setup, profile, and ChatGPT connection visibility.
173
+ - Added the terminal `o` control to open the local admin dashboard while CodexFlow is running.
174
+ - Updated HTTP smoke coverage to verify the onboarding page and v5 widget resource.
175
+
176
+ ## 0.21.0
177
+
178
+ - Added `codexflow doctor` as a read-only setup diagnostic for Node, build artifacts, workspace profiles, port availability, tunnel prerequisites, clipboard support, and browser-open support.
179
+ - Added `scripts/doctor-smoke.mjs` and included it in `npm run smoke`.
180
+ - Added `PUBLIC_LAUNCH_CHECKLIST.md` with release gates, ChatGPT Developer Mode golden prompts, security checks, onboarding expectations, and current non-goals.
181
+ - Added `npm run doctor` and included the public launch checklist in the npm package surface.
182
+
183
+ ## 0.20.0
184
+
185
+ - Made `codexflow` prompts clearer with a dim "Enter to proceed with default" hint before each defaulted input.
186
+ - Simplified the ready screen: the Server URL is described as already copied, and Enter is clearly labeled as opening ChatGPT connector settings.
187
+ - Added saved-profile hints so ngrok/Cloudflare stable setups tell users that future launches from the same workspace only need `codexflow`.
188
+ - Added a local port preflight with clear guidance for running two repositories at the same time.
189
+ - Documented the multi-repo rule: each concurrent repo needs its own local port, and stable public tunnels need separate hostnames.
190
+
191
+ ## 0.19.0
192
+
193
+ - Added per-workspace saved profiles under `~/.codexflow/profiles/`.
194
+ - `codexflow` now saves tunnel provider, hostname, port, mode, and a generated reusable CodexFlow auth token by default.
195
+ - `codexflow` now loads the saved profile for the current workspace unless `--no-profile` is passed.
196
+ - Added `--save-config`, `--no-save-config`, and `--no-profile` launcher flags.
197
+
198
+ ## 0.18.0
199
+
200
+ - Added ngrok as a first-class tunnel mode with `codexflow ngrok --hostname <domain>` and `--tunnel ngrok`.
201
+ - Added ngrok support to the interactive `codexflow` public URL choices.
202
+ - Added ngrok executable/config resolution with clear setup errors for missing auth or unavailable domains.
203
+ - Documented reserved ngrok domains as a stable ChatGPT connector URL option.
204
+
205
+ ## 0.17.0
206
+
207
+ - Added `codexflow` / `codexflow onboard` as an interactive onboarding wizard for workspace, port, mode, and public URL strategy.
208
+ - Reworked the launcher startup and ready screens into compact framed panels with status lines instead of long setup text.
209
+ - Added `npm run connect:setup` for source checkouts.
210
+ - Documented the guided onboarding path next to the one-command `codexflow` flow.
211
+
212
+ ## 0.16.0
213
+
214
+ - Reworked the widget pre-result state so in-progress tool calls show a compact running card instead of raw placeholder JSON.
215
+ - Added `codexflow stable` and `--stable` as shortcuts for Cloudflare named-tunnel mode.
216
+ - Added `codexflow stable-help` and friendlier missing-hostname guidance for fixed ChatGPT app URLs.
217
+ - Updated setup docs around stable URLs for users who cannot edit an existing ChatGPT app connector URL.
218
+
219
+ ## 0.15.0
220
+
221
+ - Changed `codexflow` to default to agent mode with workspace writes enabled.
222
+ - Added `--mode agent`, `--mode handoff`, `--mode pro`, plus shortcut flags `--agent`, `--handoff`, and `--pro-planning`.
223
+ - Reworked the terminal startup panel to copy the Server URL, hide long setup details by default, and expose details through controls.
224
+ - Updated the default suggested ChatGPT prompt so ChatGPT edits/writes/verifies directly instead of creating a handoff plan.
225
+ - Kept handoff and Pro-context workflows as explicit modes for planning-only use.
226
+
227
+ ## 0.14.0
228
+
229
+ - Added cross-platform `cloudflared` bootstrap for macOS, Windows, and Linux.
230
+ - CodexFlow now reuses `cloudflared` from PATH first, then `~/.codexflow/bin`, then downloads the official Cloudflare release into `~/.codexflow/bin` when needed.
231
+ - Changed `--install-cloudflared` to force a user-local reinstall instead of using Homebrew.
232
+ - Added `codexflow install-cloudflared` for stable-domain setup without starting the MCP server.
233
+ - Kept `--no-install-cloudflared` as the opt-out for locked-down or manually managed machines.
234
+ - Updated setup docs with OS-specific notes for clipboard, browser opening, and Cloudflare Tunnel.
235
+
236
+ ## 0.13.0
237
+
238
+ - Added an interactive CodexFlow terminal control panel after startup.
239
+ - Added Enter-to-open ChatGPT connector settings, `c` to copy URL, `p` to print app fields, `s` to print the suggested prompt, and `q` to stop.
240
+ - Quieted local MCP and Cloudflare logs by default so startup reads like a product flow.
241
+ - Made macOS/Homebrew `cloudflared` installation automatic by default when missing.
242
+ - Added `--no-install-cloudflared` to opt out of automatic installation.
243
+ - Changed the default user-facing start command to `npx codexflow@latest start`.
244
+
245
+ ## 0.12.0
246
+
247
+ - Added clipboard-first `codexflow Start` flow for ChatGPT Developer Mode.
248
+ - Public HTTPS connector URLs are copied automatically when clipboard support is available.
249
+ - Added `--open-chatgpt`, `--copy-url`, and `--no-copy-url` launcher flags.
250
+ - Added opt-in `--install-cloudflared` for macOS/Homebrew users.
251
+ - Added `npm run connect:chatgpt` for source checkouts.
252
+ - Updated README setup path around one command: `npx codexflow@latest start --open-chatgpt`.
253
+
254
+ ## 0.11.0
255
+
256
+ - Renamed the package, CLI, app labels, widget metadata, and environment variables to CodexFlow.
257
+ - Removed the duplicate CLI binary entry from `package.json`.
258
+ - Added `DOMAIN_SETUP.md` with Namecheap, Cloudflare, stable tunnel, and future hosted-relay guidance.
259
+ - Changed the generated model fallback bundle title to `codexflow Context Bundle`.
260
+ - Regenerated build output and package lock metadata for the CodexFlow package name.
261
+
262
+ ## 0.10.0
263
+
264
+ - Prepared the project for public open-source use.
265
+ - Added npm package metadata, keywords, engine requirements, public package files, and `prepack`.
266
+ - Added `codexflow` as a package-name binary so `npx codexflow@latest ...` works.
267
+ - Added `codexflow pro-bundle` and `codexflow pro-apply` CLI subcommands.
268
+ - Added `LICENSE`, `SECURITY.md`, and `CONTRIBUTING.md`.
269
+ - Removed local runtime reports from the public package surface.
270
+ - Reworked docs to avoid private local paths and product-specific model claims.
271
+
272
+ ## 0.9.0
273
+
274
+ - Added stable Cloudflare named-tunnel mode with `--tunnel cloudflare-named`.
275
+ - Added `npm run connect:stable`.
276
+ - Added support for existing tunnel names, Cloudflare dashboard tunnel tokens, token files, and cloudflared config files.
277
+ - Added stable-host health checks before printing the ChatGPT connector URL.
278
+
279
+ ## 0.8.2
280
+
281
+ - Fixed duplicate `AGENTS.md` loading on case-insensitive filesystems.
282
+ - Kept `codex_context` data-only so it does not create noisy widget cards.
283
+
284
+ ## 0.8.1
285
+
286
+ - Added `codex_context` for AGENTS-style instructions, `.ai-bridge` handoff files, git status, and optional git diff.
287
+
288
+ ## 0.8.0
289
+
290
+ - Made widget rendering quieter by attaching visual cards only to high-signal change tools.
291
+ - Added request and tool-call logging without printing prompts, file contents, or tokens.
292
+
293
+ ## 0.7.0
294
+
295
+ - Reworked the Apps SDK widget into compact developer cards.
296
+ - Kept widget CSP strict with no external fetches, fonts, scripts, images, or iframes.
297
+
298
+ ## 0.6.0
299
+
300
+ - Added CSP metadata for ChatGPT Developer Mode widget rendering.
301
+ - Added `codexflow_inventory` for sanitized skill and MCP server names.
302
+
303
+ ## 0.5.0
304
+
305
+ - Added Apps SDK widget resources for selected tool outputs.
306
+
307
+ ## 0.4.x
308
+
309
+ - Added `export_pro_context`.
310
+ - Added terminal helpers for creating and applying planning-context bundles.
311
+ - Added `open_current_workspace` for safer first calls from ChatGPT.
@@ -0,0 +1,12 @@
1
+ Use CodexFlow.
2
+
3
+ Call list_projects first and show its picker. After the user chooses, call select_project and keep all later work routed to that project.
4
+ Do not switch projects unless the user asks.
5
+ Call codexflow_inventory only when you need local skill or MCP server names.
6
+ Use the `codexflow` supertool only when a stable action wrapper is needed; call it with action=list_actions first.
7
+
8
+ Act as a coding agent. Inspect the relevant files, make the requested source edits with write/edit, then verify with search/read/bash and show_changes when useful. Use git_status/git_diff only when CodexFlow was started with --tool-mode full.
9
+
10
+ Keep changes scoped to the request. Do not use handoff_to_agent or handoff_to_codex unless I explicitly ask for planning-only handoff.
11
+
12
+ When finished, summarize changed files, verification run, and anything blocked.
@@ -0,0 +1,12 @@
1
+ Read .ai-bridge/current-plan.md and execute it in small, reviewable steps.
2
+
3
+ After each meaningful change, update .ai-bridge/agent-status.md with:
4
+
5
+ - what changed
6
+ - files touched
7
+ - tests, lint, or typecheck commands run
8
+ - results
9
+ - blockers or questions
10
+ - what ChatGPT or another reviewer should review next
11
+
12
+ Keep .ai-bridge/decisions.md aligned with implementation choices. Do not overwrite .ai-bridge/current-plan.md unless explicitly asked.
@@ -0,0 +1,51 @@
1
+ # Contributing
2
+
3
+ codexflow is early. Good contributions make it safer, faster, and easier to explain.
4
+
5
+ ## Local Setup
6
+
7
+ ```bash
8
+ npm install
9
+ npm run build
10
+ npm run smoke
11
+ ```
12
+
13
+ Run a local connector:
14
+
15
+ ```bash
16
+ npm run connect:local -- --root /path/to/test/repo
17
+ ```
18
+
19
+ Run through a Cloudflare quick tunnel:
20
+
21
+ ```bash
22
+ npm run connect -- --root /path/to/test/repo --bash safe --write handoff
23
+ ```
24
+
25
+ ## Useful Areas
26
+
27
+ - safer tool defaults
28
+ - better setup diagnostics
29
+ - stable tunnel setup helpers
30
+ - smaller/faster context bundles
31
+ - clearer ChatGPT tool prompts
32
+ - better Apps SDK widgets
33
+ - tests for path guards and auth boundaries
34
+ - docs that reduce user setup mistakes
35
+
36
+ ## Pull Request Checklist
37
+
38
+ - Keep the change scoped.
39
+ - Do not include local tunnel URLs, auth tokens, `.env` values, or private paths.
40
+ - Run `npm run build`.
41
+ - Run `npm run smoke`.
42
+ - Update `README.md` or `CHANGELOG.md` when behavior changes.
43
+ - Explain security impact for changes touching auth, file access, shell execution, or tunnels.
44
+
45
+ ## Docs Style
46
+
47
+ - Be concrete.
48
+ - Avoid hype.
49
+ - Name the exact command, mode, flag, and failure case.
50
+ - Make risk boundaries clear.
51
+ - Prefer examples that use `/path/to/repo` and `codexflow.example.com`, not local machine paths.
@@ -0,0 +1,241 @@
1
+ # CodexFlow Domain Setup
2
+
3
+ This guide explains how to use a Namecheap domain, Cloudflare, or ngrok so CodexFlow can keep a stable ChatGPT connector URL.
4
+
5
+ There are two different products hiding behind the phrase "one URL":
6
+
7
+ - Personal stable URL: one developer runs CodexFlow locally and keeps a stable URL such as `https://mcp.example.space/mcp`.
8
+ - Hosted relay for all users: every user gets a stable CodexFlow URL without managing Cloudflare. This requires a hosted service that routes each ChatGPT request to the correct user's local agent.
9
+
10
+ The personal stable URL works now. The hosted relay is the product architecture to build before public launch.
11
+
12
+ ## What A Domain Can And Cannot Do
13
+
14
+ A DNS hostname points traffic to one Cloudflare tunnel, load balancer, or hosted service. It cannot automatically discover every user's laptop.
15
+
16
+ For public users, one shared domain needs one of these designs:
17
+
18
+ - Per-user tunnel hostnames, such as `alice.mcp.example.space` and `bob.mcp.example.space`, each routed to that user's tunnel.
19
+ - A hosted relay at `mcp.example.space` where each local CodexFlow agent opens an outbound connection and authenticates. ChatGPT calls the relay URL, and the relay forwards each request to the right connected local agent.
20
+
21
+ The hosted relay is the clean end-user experience:
22
+
23
+ ```text
24
+ User terminal
25
+ CodexFlow --root .
26
+ opens outbound session to your relay
27
+
28
+ ChatGPT connector
29
+ https://mcp.example.space/<workspace-id>/mcp
30
+
31
+ Relay
32
+ authenticates request
33
+ forwards MCP traffic to the correct user's local CodexFlow agent
34
+ ```
35
+
36
+ That is how you make the setup feel like one URL for everyone.
37
+
38
+ ## Recommended Domain Layout
39
+
40
+ Use subdomains instead of the apex domain:
41
+
42
+ ```text
43
+ codexflow.example.space marketing/docs site
44
+ app.example.space future dashboard/login
45
+ mcp.example.space hosted relay entrypoint
46
+ local.example.space optional private dogfood tunnel
47
+ ```
48
+
49
+ For your current dogfood setup, use:
50
+
51
+ ```text
52
+ local.example.space
53
+ ```
54
+
55
+ For the future public product, use:
56
+
57
+ ```text
58
+ mcp.example.space
59
+ ```
60
+
61
+ ## One-Time Namecheap And Cloudflare Setup
62
+
63
+ 1. Add your apex domain to Cloudflare.
64
+
65
+ In Cloudflare Dashboard, go to Domains, choose "Onboard a domain", enter your domain such as `example.space`, choose a plan, and review imported DNS records.
66
+
67
+ 2. Change Namecheap nameservers.
68
+
69
+ In Namecheap, open Domain List, choose Manage for the domain, set Nameservers to Custom nameservers, enter the two Cloudflare nameservers, and save.
70
+
71
+ 3. Wait for activation.
72
+
73
+ Namecheap says nameserver propagation can take up to 24-48 hours in rare cases. Cloudflare will show the domain as active once the nameservers are picked up.
74
+
75
+ 4. Preserve email records.
76
+
77
+ If the domain receives email, make sure MX, SPF, DKIM, and DMARC records exist in Cloudflare before relying on the domain.
78
+
79
+ ## Personal Stable Tunnel
80
+
81
+ Install or bootstrap `cloudflared`:
82
+
83
+ ```bash
84
+ codexflow install-cloudflared
85
+ ```
86
+
87
+ That installs the official Cloudflare binary into `~/.codexflow/bin` on supported macOS, Windows, and Linux machines. You can also install `cloudflared` manually and keep it on PATH.
88
+
89
+ Authenticate:
90
+
91
+ ```bash
92
+ ~/.codexflow/bin/cloudflared tunnel login
93
+ ```
94
+
95
+ Create a named tunnel:
96
+
97
+ ```bash
98
+ ~/.codexflow/bin/cloudflared tunnel create codexflow-local
99
+ ~/.codexflow/bin/cloudflared tunnel route dns codexflow-local local.example.space
100
+ ```
101
+
102
+ Start CodexFlow with that stable hostname:
103
+
104
+ ```bash
105
+ codexflow stable \
106
+ --root /absolute/path/to/your/repo \
107
+ --hostname local.example.space \
108
+ --tunnel-name codexflow-local \
109
+ --token replace-with-a-long-stable-token \
110
+ --bash safe
111
+ ```
112
+
113
+ Add this once in ChatGPT Developer Mode:
114
+
115
+ ```text
116
+ Name: CodexFlow
117
+ Connection: Server URL
118
+ Server URL: https://local.example.space/mcp?codexflow_token=replace-with-a-long-stable-token
119
+ Authentication: None / No Authentication
120
+ ```
121
+
122
+ After that, restart only the terminal command. You do not need to edit the ChatGPT connector unless you change the hostname or token.
123
+
124
+ ## Dashboard-Managed Tunnel Token
125
+
126
+ If you create the tunnel in the Cloudflare dashboard, save the connector token locally:
127
+
128
+ ```bash
129
+ mkdir -p ~/.codexflow
130
+ chmod 700 ~/.codexflow
131
+ $EDITOR ~/.codexflow/cloudflare-tunnel-token
132
+ chmod 600 ~/.codexflow/cloudflare-tunnel-token
133
+ ```
134
+
135
+ Then run:
136
+
137
+ ```bash
138
+ codexflow stable \
139
+ --root /absolute/path/to/your/repo \
140
+ --hostname local.example.space \
141
+ --cloudflare-token-file ~/.codexflow/cloudflare-tunnel-token \
142
+ --token replace-with-a-long-stable-token \
143
+ --bash safe
144
+ ```
145
+
146
+ Do not confuse these two tokens:
147
+
148
+ ```text
149
+ Cloudflare tunnel token lets cloudflared connect your machine to Cloudflare.
150
+ codexflow MCP token protects the /mcp endpoint that ChatGPT calls.
151
+ ```
152
+
153
+ ## Ngrok Free Dev Domain
154
+
155
+ Ngrok is the simpler personal stable URL for most users. A free ngrok account includes a dev domain, which can be saved once in CodexFlow and reused every time the local server restarts.
156
+
157
+ One-time setup:
158
+
159
+ ```bash
160
+ brew install ngrok
161
+ ngrok config add-authtoken <your-ngrok-token>
162
+ ```
163
+
164
+ Find your assigned dev domain in the ngrok dashboard under Universal Gateway -> Domains, for example:
165
+
166
+ ```text
167
+ your-domain.ngrok-free.dev
168
+ ```
169
+
170
+ Daily startup:
171
+
172
+ ```bash
173
+ codexflow ngrok \
174
+ --root /absolute/path/to/your/repo \
175
+ --hostname your-domain.ngrok-free.dev \
176
+ --token replace-with-a-long-stable-token \
177
+ --bash safe
178
+ ```
179
+
180
+ Add this once in ChatGPT Developer Mode:
181
+
182
+ ```text
183
+ Name: CodexFlow
184
+ Connection: Server URL
185
+ Server URL: https://your-domain.ngrok-free.dev/mcp?codexflow_token=replace-with-a-long-stable-token
186
+ Authentication: None / No Authentication
187
+ ```
188
+
189
+ CodexFlows the local MCP server, runs `ngrok http http://127.0.0.1:8787 --url https://your-domain.ngrok-free.dev`, waits for `/healthz`, copies the Server URL, and keeps both processes alive until you quit.
190
+
191
+ ## Product Plan For All Users
192
+
193
+ For open-source users, support three modes:
194
+
195
+ ```text
196
+ 1. Local-only stdio/HTTP
197
+ No public URL. Best for clients that can launch local MCP commands.
198
+
199
+ 2. Bring-your-own tunnel
200
+ User owns Cloudflare/ngrok/domain. Good for power users and contributors.
201
+
202
+ 3. CodexFlow hosted relay
203
+ Best public UX. User runs one local command and gets a stable connector URL from your service.
204
+ ```
205
+
206
+ The hosted relay needs:
207
+
208
+ - User auth and device registration.
209
+ - Per-device or per-workspace MCP URLs.
210
+ - Local agent outbound WebSocket or HTTP/2 session to the relay.
211
+ - Per-session CodexFlow token rotation.
212
+ - Audit log of tool names, durations, and file paths, without source contents by default.
213
+ - Strict write modes: `workspace` by default for agent mode, `handoff` when the user chooses planning-only mode.
214
+ - Workspace root allowlist enforced locally, not only at the relay.
215
+ - Revocation from the dashboard.
216
+
217
+ ## Latency And Cost
218
+
219
+ For your own named tunnel, latency should be similar to the current quick tunnel. The domain itself does not add meaningful latency; traffic still goes through Cloudflare Tunnel.
220
+
221
+ For the hosted relay, there is one extra hop:
222
+
223
+ ```text
224
+ ChatGPT -> Cloudflare/relay -> user's local CodexFlow agent
225
+ ```
226
+
227
+ That is usually fine for planning and file operations. The bigger speed win is reducing tool calls and response payloads:
228
+
229
+ - Start with `open_current_workspace` and `include_tree=false`.
230
+ - Use targeted `read`, `search`, and `codex_context`.
231
+ - Show widget cards only for high-signal write/edit/diff results.
232
+ - Keep `server_config`, inventory, tree, read, and search compact.
233
+
234
+ For cost, the domain renewal is separate. Cloudflare DNS and basic tunnel usage can be enough for dogfooding. A public relay will eventually cost real hosting/traffic/observability money, even if it starts small on Cloudflare Workers, Durable Objects, or a small server.
235
+
236
+ ## Sources
237
+
238
+ - Cloudflare domain onboarding: https://developers.cloudflare.com/fundamentals/manage-domains/add-site/
239
+ - Namecheap Cloudflare nameserver setup: https://www.namecheap.com/support/knowledgebase/article.aspx/9607/2210/how-to-set-up-dns-records-for-your-domain-in-a-cloudflare-account/
240
+ - Cloudflare locally-managed tunnel: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/create-local-tunnel/
241
+ - Cloudflare Tunnel overview: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/