3 Commits

  • [codex] add process-owned code-mode session client (#30112)
    ## Summary
    
    - add `ProcessOwnedCodeModeSessionProvider` and logical session
    generation/rebinding state
    - add the supervised child-process connection, reader/writer tasks, and
    driver state machine
    - make dropped execute/wait/open callers cancellation-safe with explicit
    ownership handoff and durable cleanup
    - validate cell/delegate lifecycle state and reject invalid protocol
    transitions
    - add end-to-end stdio coverage for delegates, cancellation, frame
    limits, child loss, stale generations, replacement, and long-lived
    sessions
    
    ## Why
    
    This final stage exposes the process-owned client only after the wire
    protocol, host-safe runtime, and standalone host are independently in
    place. Transport failure is fail-stop: the client closes local state,
    cancels callbacks, reaps the child, and lazily rebuilds a fresh host
    generation rather than transactionally recovering the old connection.
    
    ## Stack
    
    This is **4 of 4** in the process-owned code-mode session stack.
    
    - Depends on #30111
    - Full stack: #30108#30110#30111 → this PR
    
    ## Validation
    
    - `just test -p codex-code-mode -p codex-code-mode-host` — 86 passed
    - `just fix -p codex-code-mode`
    - `just fix -p codex-code-mode-host`
    - `just bazel-lock-update`
    - `just bazel-lock-check`
    - `bazel test //codex-rs/code-mode:code-mode-unit-tests
    //codex-rs/code-mode-host:code-mode-host-unit-tests
    //codex-rs/code-mode-host:code-mode-host-stdio-test
    //codex-rs/code-mode-protocol:code-mode-protocol-unit-tests` — 4/4
    passed
    - `just fmt`
  • [codex] implement standalone code-mode process host (#30111)
    ## Summary
    
    - implement the standalone `codex-code-mode-host` stdio service
    - route sessions, cells, delegate requests, responses, and cancellation
    through a bounded host peer
    - supervise request, writer, cell-forwarding, actor, and V8 failure
    boundaries
    - bound request/session tombstones and fail-stop the connection on
    invalid protocol state
    - add host-only duplex protocol tests and local Cargo/Bazel run recipes
    
    ## Why
    
    This stage makes the host process independently runnable and reviewable
    before exposing any remote client in Codex. Transport or runtime failure
    closes the connection and relies on process replacement rather than
    transactional recovery.
    
    ## Stack
    
    This is **3 of 4** in the process-owned code-mode session stack.
    
    - Depends on #30110
    - The final client PR targets this branch
    
    ## Validation
    
    - `just test -p codex-code-mode-host` — 7 host-only tests passed
    - `just fix -p codex-code-mode-host`
    - `just bazel-lock-update`
    - `just bazel-lock-check`
    - `just fmt`
  • code-mode standalone: extract protocol and add host crate (#27724)
    This is phase 1 of a 4 phase stack:
    1. **Add protocol and host crates for new IPC code mode implementation**
    2. Create the new standalone binary
    3. Create a new IPC `CodeModeSessionProvider` to use new binary
    4. Remove v8 from core and only use IPC provider
    
    
    ## Add protocol and host crates for new IPC code mode implementation
    Establish a clean process boundary without changing the existing
    in-process behavior.
    
    - Add the codex-code-mode-protocol crate for shared session, runtime,
    response, and tool-definition types.
    - Move protocol-facing code out of the V8-backed implementation.
    - Add a buildable codex-code-mode-host crate as the foundation for the
    standalone process.
    - Keep the existing in-process runtime as the active implementation.