@zhiman_innies/innies-codex 0.122.60 → 0.122.61

package/assets/innies-catalog.json

@@ -231,7 +231,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": true,
@@ -305,7 +306,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": false,
@@ -380,7 +382,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": false,
@@ -448,7 +451,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": false,
@@ -512,7 +516,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": true,
@@ -580,7 +585,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": true,
@@ -644,7 +650,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": false,
@@ -708,7 +715,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": true,
@@ -776,7 +784,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": true,
@@ -836,7 +845,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": true,
@@ -896,7 +906,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": false,
@@ -956,7 +967,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     },
     {
       "support_verbosity": false,
@@ -1016,7 +1028,8 @@
         "pro",
         "team"
       ],
-      "supports_reasoning_summaries": true
+      "supports_reasoning_summaries": true,
+      "hidden": true
     }
   ]
 }

package/bin/innies-config.js

@@ -61,6 +61,15 @@ export function resolveInniesHome() {
 }
 
 export function ensureInniesHomeDefaults(homeDir) {
+  // N20 (2026-06-15): self-create the home dir so the library
+  // contract is self-contained. Previously `innies.js:55` did the
+  // `fs.mkdirSync` before calling us; that meant any other caller
+  // (a script that `import`s this module, a unit test, a future
+  // sub-command) had to remember the same dance or hit ENOENT on
+  // the very first `writeFileSync` of catalog.json. The cost is
+  // one extra `mkdir` on the hot path; the benefit is the API
+  // matches the contract advertised in the JSDoc.
+  fs.mkdirSync(homeDir, { recursive: true });
   const state = loadInniesState(homeDir);
   const catalogPath = path.join(homeDir, DEFAULT_CATALOG_FILENAME);
   ensureInniesCatalog(catalogPath);
@@ -372,6 +381,60 @@ function defaultInniesConfig(catalogPath, managedDefault) {
   ].join("\n");
 }
 
+// N20 (2026-06-15): detect-and-peel the FIRST-RUN warning header so
+// `normalizeInniesConfig` can re-emit it at the very top, matching
+// `defaultInniesConfig`'s byte ordering. Without this, init 1 (the
+// fresh `defaultInniesConfig` output) places the header at the top
+// and the managed lines below it; on init 2+ the managed lines are
+// PREPENDED (because `stripManagedRootSettings` preserves comment
+// lines verbatim) and the header drifts to position 2 — producing a
+// stable-but-different md5 every other round-trip. Detecting the
+// header by its leading magic line and peeling the full block off
+// the unmanaged tail closes the gap: init 1 and init 2+ are now
+// bytewise-equal whenever the user has not edited the header.
+//
+// The header is owned by the code (not the user) so re-emitting it
+// unconditionally is correct; the only case where we DON'T emit it
+// is when the source file does not have it (e.g. a user on a
+// pre-N20 install who upgrades — their file lacks the header and we
+// respect that).
+const FIRST_RUN_HEADER_MAGIC = "# ⚠️  FIRST-RUN SETUP REQUIRED (N20 / 2026-06-15)";
+const FIRST_RUN_HEADER_OPEN = "# ============================================================================";
+
+function peelFirstRunHeader(unmanagedBody) {
+  const lines = unmanagedBody.split(/\r?\n/);
+  // The header always opens with `# ==========...` (line 0) and has
+  // the magic marker on line 1. We scan forward for the closing
+  // `# ==========...` (line N) which terminates the block. The
+  // magic-line check makes the detection robust to a user
+  // prepending their own comment block (which would shift the
+  // header's position); finding the closing delimiter makes it
+  // robust to future edits that add/remove filler lines.
+  if (lines.length < 3) {
+    return { header: null, body: unmanagedBody };
+  }
+  if (lines[0] !== FIRST_RUN_HEADER_OPEN) {
+    return { header: null, body: unmanagedBody };
+  }
+  if (!lines[1] || !lines[1].includes(FIRST_RUN_HEADER_MAGIC)) {
+    return { header: null, body: unmanagedBody };
+  }
+  // Find closing delimiter.
+  let closeIdx = -1;
+  for (let i = 2; i < lines.length; i++) {
+    if (lines[i] === FIRST_RUN_HEADER_OPEN) {
+      closeIdx = i;
+      break;
+    }
+  }
+  if (closeIdx < 0) {
+    return { header: null, body: unmanagedBody };
+  }
+  const header = lines.slice(0, closeIdx + 1).join("\n");
+  const body = lines.slice(closeIdx + 1).join("\n").replace(/^\n+/, "");
+  return { header, body };
+}
+
 function normalizeInniesConfig(contents, catalogPath, state) {
   if (contents.trim() === "") {
     return defaultInniesConfig(catalogPath, managedDefaultModel());
@@ -382,15 +445,26 @@ function normalizeInniesConfig(contents, catalogPath, state) {
   const managedDefault = isUserSelected ? null : managedDefaultModel();
   const managedSettings = ROOT_MANAGED_SETTINGS;
   const unmanagedContents = stripManagedRootSettings(contents, managedSettings).trim();
+  // N20 (2026-06-15): peel the FIRST-RUN warning header off the
+  // unmanaged tail so we can re-emit it BEFORE the managed lines
+  // (matching `defaultInniesConfig`'s byte ordering). See
+  // `peelFirstRunHeader` for the detection rationale.
+  const { header: firstRunHeader, body: unmanagedBody } =
+    peelFirstRunHeader(unmanagedContents);
   const managedLines = isUserSelected
     ? preservedUserManagedLines(contents, catalogPath)
     : managedDefault
       ? managedDefaultLines(catalogPath, managedDefault)
       : catalogOnlyManagedLines(catalogPath);
-  let updated = `${managedLines.join("\n")}\n`;
+  let updated = "";
+  if (firstRunHeader) {
+    updated = `${firstRunHeader}\n\n${managedLines.join("\n")}\n`;
+  } else {
+    updated = `${managedLines.join("\n")}\n`;
+  }
 
-  if (unmanagedContents !== "") {
-    updated = `${updated}\n${unmanagedContents}\n`;
+  if (unmanagedBody !== "") {
+    updated = `${updated}\n${unmanagedBody}\n`;
   } else {
     updated = `${updated}\n`;
   }
@@ -688,6 +762,19 @@ export function _enforceDashscopeEnvKeyForTest(contents) {
   return enforceDashscopeEnvKey(contents);
 }
 
+// N20 (2026-06-15): exported for unit testing in
+// scripts/test_normalize_byte_stable.cjs. Asserts that
+// normalizeInniesConfig re-emits the FIRST-RUN warning header at
+// the top of the file (matching defaultInniesConfig's byte
+// ordering) so init 1 → init 2 produces a bytewise-equal config.
+export function _normalizeInniesConfigForTest(contents, catalogPath, state) {
+  return normalizeInniesConfig(contents, catalogPath, state);
+}
+
+export function _peelFirstRunHeaderForTest(unmanagedBody) {
+  return peelFirstRunHeader(unmanagedBody);
+}
+
 function normalizeProviderBlock(contents, provider) {
   const lines = contents.split(/\r?\n/);
   const updated = [];

package/bin/innies.js

@@ -49,6 +49,24 @@ if (isVersionRequest(process.argv.slice(2))) {
   process.exit(0);
 }
 
+// N20 fix Phase 3 (2026-06-15): parse `--model X` from argv at the
+// top level so it's available before any `await` runs. Mirrors the
+// slug -> provider_key mapping in `codex-rs/exec/src/lib.rs:387-392`
+// (the headless-exec ingress that `--model` actually controls). We
+// need this to scope the onboarding placeholder detection to the
+// provider block the user *intends* to use — without it, onboarding
+// warns about every unfilled block including ones the user never
+// picked, which is the G1-NEW-1/4 root cause.
+function parseModelArgFromArgv(argv) {
+  for (let i = 0; i < argv.length - 1; i++) {
+    if (argv[i] === "--model" || argv[i] === "-m") {
+      return argv[i + 1] ?? null;
+    }
+  }
+  return null;
+}
+const MODEL_CLI_ARG = parseModelArgFromArgv(process.argv.slice(2));
+
 const codexHome = resolveInniesHome();
 process.env[INNIES_HOME_ENV_VAR] = codexHome;
 process.env.CODEX_HOME = codexHome;
@@ -158,10 +176,72 @@ function writeExternalRuntimeSmokeResult(runtimeVersion) {
 // warning — otherwise we'd block on readline forever. The
 // detection itself is purely synchronous and never throws.
 
-function detectPlaceholders(configPath) {
+// N20 fix Phase 3 (2026-06-15): read the top-of-file `model_provider = "..."`
+// pin (the value written by `defaultInniesConfig` in innies-config.js).
+// We deliberately match the FIRST non-commented, non-section occurrence —
+// the template writes `model_provider = "<DEFAULT_PROVIDER>"` at the top
+// of the file (see `managedDefaultLines` and the `preservedModelProvider`
+// fallback path in innies-config.js:514-525).
+function resolveTopPinnedProvider(configPath) {
+  if (!fs.existsSync(configPath)) {
+    return null;
+  }
+  const lines = fs.readFileSync(configPath, "utf8").split(/\r?\n/);
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("#") || trimmed.startsWith("[")) {
+      continue;
+    }
+    const m = trimmed.match(/^model_provider\s*=\s*"([^"]+)"\s*$/);
+    if (m) {
+      return m[1];
+    }
+  }
+  return null;
+}
+
+// N20 fix Phase 3 (2026-06-15): decide which provider block the user
+// is *actually* about to dispatch to. Two inputs:
+//   1. `--model X` from argv (wins if present — overrides the pin,
+//      matches `codex-rs/exec/src/lib.rs:387-392`)
+//   2. top-of-file `model_provider = "..."` pin (the user's default)
+//
+// We apply the same slug -> provider_key static mapping that the
+// Rust `--model` resolver uses so the two layers agree. Unknown
+// slugs fall through to the top-of-file pin (the trust-the-pin
+// path; the user is doing something custom).
+function resolveSelectedProviderKey(configPath, modelCliArg) {
+  const topPin = resolveTopPinnedProvider(configPath);
+  if (!modelCliArg) {
+    return topPin;
+  }
+  const slugToKey = {
+    qwen35_35b: "zhiman_35b",
+    qwen36_27b: "zhiman_27b",
+    "qwen3.6-27b": "dashscope",
+    "qwen3-6-27b": "dashscope",
+  };
+  const mapped = Object.prototype.hasOwnProperty.call(slugToKey, modelCliArg)
+    ? slugToKey[modelCliArg]
+    : null;
+  // If we recognize the slug, return the mapped key. Otherwise trust
+  // the user's top-of-file pin (they may have a custom slug that
+  // happens to match a block name).
+  return mapped ?? topPin;
+}
+
+function detectPlaceholders(configPath, selectedKey) {
   if (!fs.existsSync(configPath)) {
     return [];
   }
+  // N20 fix Phase 3 (2026-06-15): when we cannot determine which
+  // block the user is about to dispatch to, return [] (conservative
+  // no-op). The user can still hit the N20 path inside the binary
+  // if their selection happens to be the unfilled one — but we
+  // don't want to spam warnings for blocks they're not using.
+  if (selectedKey === null || selectedKey === undefined) {
+    return [];
+  }
   const lines = fs.readFileSync(configPath, "utf8").split(/\r?\n/);
   const placeholders = [];
   let currentProviderHeader = null;
@@ -179,6 +259,13 @@ function detectPlaceholders(configPath) {
     const commentedBaseUrl = line.match(/^(\s*)#\s*base_url\s*=\s*"([^"]+)"\s*(#.*)?$/);
     if (commentedBaseUrl) {
       const [, indent, value, trailingComment] = commentedBaseUrl;
+      // N20 fix Phase 3 (2026-06-15): only flag placeholders inside
+      // the block the user actually selected. This is the G1-NEW-1
+      // root cause: previously, ALL unfilled blocks were warned
+      // about, including ones the user pinned-but-isn't-using.
+      if (currentProviderHeader !== selectedKey) {
+        continue;
+      }
       if (Object.prototype.hasOwnProperty.call(KNOWN_BASE_URL_PLACEHOLDERS, value)) {
         placeholders.push({
           lineNo: i,
@@ -207,11 +294,15 @@ async function promptOnce(rl, question) {
 
 async function maybeRunOnboardingFlow(codexHome) {
   const configPath = path.join(codexHome, "config.toml");
-  const placeholders = detectPlaceholders(configPath);
+  // N20 fix Phase 3 (2026-06-15): narrow detection to the block the
+  // user is actually about to dispatch to. G1-NEW-1/4 root cause.
+  const selectedKey = resolveSelectedProviderKey(configPath, MODEL_CLI_ARG);
+  const placeholders = detectPlaceholders(configPath, selectedKey);
 
   if (placeholders.length === 0) {
-    // No unfilled placeholders — user already configured (or is on a
-    // fresh install with env vars set). Nothing to do.
+    // No unfilled placeholders in the selected block — user already
+    // configured it (or is on a fresh install with env vars set for
+    // exactly this block). Nothing to do.
     return { prompted: false, filled: 0 };
   }
 
@@ -225,6 +316,7 @@ async function maybeRunOnboardingFlow(codexHome) {
     console.warn(
       "[innies-onboarding] 检测到 config.toml 有未填的 base_url 占位符 " +
         "(N20 fresh-install 阻断)。" +
+        " (已自动识别选中 provider 块: \"" + selectedKey + "\" — 只检查此块)" +
         " stdin 不是 TTY,无法交互式引导 — 继续执行(可能 N20 fail)。" +
         " 三种解决方式: (1) 设置 INNIES_SKIP_ONBOARDING=1 显式跳过;" +
         " (2) 编辑 " + configPath + " 填值;" +
@@ -242,6 +334,7 @@ async function maybeRunOnboardingFlow(codexHome) {
   console.log("[innies-onboarding] 首次运行检测 (N20 fresh-install 阻断防护)");
   console.log("-----------------------------------------------------------------------------");
   console.log(`config.toml: ${configPath}`);
+  console.log(`(已自动识别选中 provider 块: "${selectedKey}" — 只检查此块)`);
   console.log("");
   console.log("检测到以下 provider 块的 base_url 仍是占位符(注释状态):");
   for (const p of placeholders) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhiman_innies/innies-codex",
-  "version": "0.122.60",
+  "version": "0.122.61",
   "license": "Apache-2.0",
   "bin": {
     "innies": "bin/innies.js"
@@ -23,9 +23,9 @@
     "postinstall": "node bin/innies-init.js"
   },
   "optionalDependencies": {
-    "@zhiman_innies/innies-codex-darwin-x64": "0.122.60-darwin-x64",
-    "@zhiman_innies/innies-codex-darwin-arm64": "0.122.60-darwin-arm64",
-    "@zhiman_innies/innies-codex-win32-x64": "0.122.60-win32-x64",
-    "@zhiman_innies/innies-codex-win32-arm64": "0.122.60-win32-arm64"
+    "@zhiman_innies/innies-codex-darwin-x64": "0.122.61-darwin-x64",
+    "@zhiman_innies/innies-codex-darwin-arm64": "0.122.61-darwin-arm64",
+    "@zhiman_innies/innies-codex-win32-x64": "0.122.61-win32-x64",
+    "@zhiman_innies/innies-codex-win32-arm64": "0.122.61-win32-arm64"
   }
 }