3 Commits

  • package: factor DotSlash executable fetching (#24129)
    ## Why
    
    The package builder already fetches `rg` from a checked-in DotSlash
    manifest. The zsh packaging work needs the same
    fetch/cache/size-check/SHA-256/extract path for another manifest, but
    keeping that refactor inside the zsh PR makes the review harder to
    follow.
    
    This PR factors the existing `rg`-specific implementation into a
    reusable helper with no intended behavior change for `rg` packaging.
    
    ## What Changed
    
    - Added `scripts/codex_package/dotslash.py` for checked-in DotSlash
    manifest parsing, archive download, cache reuse, size validation,
    SHA-256 validation, and member extraction.
    - Updated `scripts/codex_package/ripgrep.py` to delegate to the shared
    helper.
    - Preserved the existing `rg` manifest path, cache key, destination
    filename, and executable-bit behavior.
    
    ## Testing
    
    - `python3 -m py_compile scripts/codex_package/dotslash.py
    scripts/codex_package/ripgrep.py scripts/codex_package/cli.py
    scripts/codex_package/layout.py scripts/codex_package/zsh.py`
    - `python3 -m unittest discover scripts/codex_package`
    
    
    ---
    [//]: # (BEGIN SAPLING FOOTER)
    Stack created with [Sapling](https://sapling-scm.com). Best reviewed
    with [ReviewStack](https://reviewstack.dev/openai/codex/pull/24129).
    * #23768
    * #23756
    * __->__ #24129
  • packaging: move rg manifest out of npm bin (#23833)
    ## Why
    
    Installing `@openai/codex` currently places a Dotslash `rg` manifest at
    `node_modules/@openai/codex/bin/rg`, even though the native optional
    dependency already ships the actual helper under
    `vendor/<target>/codex-path/rg`. The launcher prepends that `codex-path`
    directory, so the top-level `bin/rg` file is redundant in the npm
    install.
    
    The remaining direct consumers of the manifest are package-building
    paths: `scripts/codex_package/ripgrep.py` and
    `codex-cli/scripts/install_native_deps.py`. Keeping the manifest under
    `codex-cli/bin` makes it look like a shipped npm binary, so this moves
    it next to the package-builder code that owns it. The checked-in
    `@openai/codex` package metadata should likewise describe only the meta
    package payload; generated platform packages continue to publish
    `vendor`.
    
    ## What Changed
    
    - Moved the Dotslash ripgrep manifest from `codex-cli/bin/rg` to
    `scripts/codex_package/rg`.
    - Updated the package builder, npm native-artifact hydrator, README, and
    CLI help text to reference the new manifest location.
    - Stopped `codex-cli/scripts/build_npm_package.py` from copying `rg`
    into the `@openai/codex` meta package.
    - Narrowed the checked-in meta package `files` whitelist to
    `bin/codex.js`.
    
    ## Verification
    
    - `python3 -m unittest discover -s scripts/codex_package -p "test_*.py"`
    - `python3 -m unittest discover -s codex-cli/scripts -p "test_*.py"`
    - `python3 -m py_compile codex-cli/scripts/build_npm_package.py
    codex-cli/scripts/install_native_deps.py
    scripts/codex_package/ripgrep.py scripts/codex_package/cli.py
    scripts/stage_npm_packages.py`
    - `codex-cli/scripts/build_npm_package.py --package codex --version
    0.0.0-test --pack-output <tmp>/codex-meta-no-vendor.tgz`
    - `tar -tf <tmp>/codex-meta-no-vendor.tgz` showed only
    `package/bin/codex.js`, `package/package.json`, and `package/README.md`.
    - Direct staging check showed `codex` uses `files: ["bin/codex.js"]`
    while `codex-darwin-arm64` still uses `files: ["vendor"]`.
    
    ---
    [//]: # (BEGIN SAPLING FOOTER)
    Stack created with [Sapling](https://sapling-scm.com). Best reviewed
    with [ReviewStack](https://reviewstack.dev/openai/codex/pull/23833).
    * #23836
    * __->__ #23833
  • build: fetch rg for Codex packages (#23526)
    ## Why
    
    The Codex package builder should produce a complete package without
    requiring callers to pre-populate `rg` under `codex-cli/vendor` or have
    `dotslash` installed on `PATH`. The repo already tracks the
    authoritative DotSlash manifest in `codex-cli/bin/rg`, so the builder
    can read that metadata directly and fetch the correct ripgrep archive
    for the target it is packaging.
    
    ## What changed
    
    - Added `scripts/codex_package/ripgrep.py` to parse `codex-cli/bin/rg`
    after stripping the shebang, select the target platform entry, download
    the configured artifact, and verify the recorded size and SHA-256
    digest.
    - Added a cache under `$TMPDIR/codex-package/<target>-rg` so verified
    archives can be reused without fetching again.
    - Extracted `rg`/`rg.exe` from `tar.gz` and `zip` artifacts into the
    package-builder cache, then copied that into `codex-path` through the
    existing package layout flow.
    - Kept `--rg-bin` as an explicit local override for offline tests and
    unusual local workflows.
    - Documented the default `rg` fetch/cache behavior in
    `scripts/codex_package/README.md`.
    
    ## Verification
    
    - Ran wrapper/module syntax compilation.
    - Ran `scripts/build_codex_package.py --help` from `/private/tmp`.
    - Ran a local manifest fetch test covering shebang-stripped manifest
    parsing, `tar.gz` extraction, `zip` extraction, size/SHA-256
    verification, and cache reuse after deleting the original source
    archives.
    - Ran fake-cargo package/archive builds for macOS, Linux, and Windows
    target layouts with `--rg-bin`, including an assertion that generated
    tar archives contain no duplicate member names.
    
    
    
    
    ---
    [//]: # (BEGIN SAPLING FOOTER)
    Stack created with [Sapling](https://sapling-scm.com). Best reviewed
    with [ReviewStack](https://reviewstack.dev/openai/codex/pull/23526).
    * #23541
    * __->__ #23526