Commit Graph

3 Commits

  • [codex] allow shared config reads in app-server queue (#21340)
    ## Summary
    - add a shared-read serialization mode for global app-server request
    families
    - let consecutive leading shared reads for the same family run together
    while keeping exclusive requests ordered
    - mark only `skills/list`, `config/read` and `plugin/list` as shared
    reads for now
    
    ## Why
    `skills/list` and `plugin/list` are read-only config-family requests,
    but the app-server queue currently treats every config request as
    exclusive. That means one long `skills/list` can make a later
    `plugin/list` wait even though the two requests do not mutate config.
    
    This change keeps the existing queue order but lets adjacent reads
    overlap. If a write is already waiting, later reads still stay behind
    it, so writes do not starve.
    
    ## Scope
    This intentionally keeps the first pass narrow:
    - shared reads: `skills/list`, `plugin/list`
    - still exclusive: `plugin/install`, `marketplace/*`,
    `skills/config/write`, `config/*write`, `config/read`, and the rest of
    the config family
    
    ## Validation
    - `just fmt`
    - `cargo test -p codex-app-server-protocol`
    - `cargo test -p codex-app-server`
    - `just fix -p codex-app-server-protocol`
    - `just fix -p codex-app-server`
    
    ## Desktop verification
    I ran the dev desktop app against this branch's built binary with the
    existing UI timing logs enabled. The app did use
    `/Users/xli/code/codex_6/codex-rs/target/debug/codex`.
    
    The new scheduler behavior works, but this narrow change does not remove
    every cold-start delay: in the observed trace, an earlier exclusive
    `config/read` was already queued ahead of the later `skills/list` and
    `plugin/list` requests, so the page-open plugin requests still waited
    behind that earlier exclusive config-family request before they could
    run together.
    
    That means this PR is the scheduler primitive needed for shared reads,
    not the complete end-to-end latency fix by itself.
    
    ## Not run
    - full workspace test suite, because repo policy requires explicit
    approval before running it after touching `app-server-protocol`
  • [codex] Add unsandboxed process exec API (#19040)
    ## Why
    
    App-server clients sometimes need argv-based local process execution
    while sandbox policy is controlled outside Codex. Those environments can
    reject sandbox-disabling paths before a command ever starts, even when
    the caller intentionally wants unsandboxed execution.
    
    This PR adds a distinct `process/*` API for that use case instead of
    extending `command/exec` with another sandbox-disabling shape. Keeping
    the new surface separate also makes the future removal of `command/exec`
    simpler: clients that need explicit process lifecycle control can move
    to the newer handle-based API without depending on `command/exec`
    business logic.
    
    ## What changed
    
    - Added v2 process lifecycle methods: `process/spawn`,
    `process/writeStdin`, `process/resizePty`, and `process/kill`.
    - Added process notifications: `process/outputDelta` for streamed
    stdout/stderr chunks and `process/exited` for final exit status and
    buffered output.
    - Made `process/spawn` intentionally unsandboxed and omitted
    sandbox-selection fields such as `sandboxPolicy` and
    `permissionProfile`.
    - Added client-supplied, connection-scoped `processHandle` values for
    follow-up control requests and notification routing.
    - Supported cwd, environment overrides, PTY mode and size, stdin
    streaming, stdout/stderr streaming, per-stream output caps, and timeout
    controls.
    - Killed active process sessions when the originating app-server
    connection closes.
    - Wired the implementation through the modular `request_processors/`
    app-server layout, with process-handle request serialization for
    follow-up control calls.
    - Updated generated JSON/TypeScript schema fixtures and documented the
    new API in `codex-rs/app-server/README.md`.
    - Added v2 app-server integration coverage in
    `codex-rs/app-server/tests/suite/v2/process_exec.rs` for spawn
    acknowledgement before exit, buffered output caps, and process
    termination.
    
    ## Verification
    
    - `cargo test -p codex-app-server-protocol`
    - `cargo test -p codex-app-server`
    
    ---------
    
    Co-authored-by: Owen Lin <owen@openai.com>
  • app-server: run initialized rpcs with keyed serialization (#17373)
    ## Why
    
    Initialized app-server RPCs no longer need to bottleneck behind one
    request processor path. Running them concurrently improves
    responsiveness, but several request families still mutate shared state
    or depend on ordered side effects. Those stateful families need an
    auditable serialization contract so concurrency does not reorder thread,
    config, auth, command, watcher, MCP, or similar state transitions.
    
    This PR keeps that boundary explicit: stateful work is serialized by the
    smallest useful key, while intentionally read-only or externally
    concurrent work remains unkeyed. In particular, `thread/list` and
    `thread/turns/list` explicitly have no serialization because they
    primarily read append-only rollout storage and should continue to be
    served concurrently.
    
    ## What changed
    
    - Adds `ClientRequest::serialization_scope()` in `app-server-protocol`
    and requires every client request definition to declare its
    serialization behavior.
    - Introduces keyed request scopes for thread, thread path, command exec
    process, fuzzy search session, fs watch, MCP OAuth, and global state
    buckets such as config, account auth, memory, and device keys.
    - Routes initialized app-server RPCs through per-key FIFO serialization
    while allowing unkeyed initialized requests to run concurrently.
    - Cancels in-flight initialized RPC work when the connection disconnects
    or the app-server exits so spawned request tasks do not outlive their
    session.
    - Adds focused coverage for representative keyed and unkeyed
    serialization scopes, including explicitly concurrent
    `thread/turns/list` behavior.
    
    ## Validation
    
    - Added protocol tests for representative keyed serialization scopes and
    intentionally unkeyed request families.
    - Added app-server request serialization tests covering per-key FIFO
    behavior, concurrent unkeyed execution, disconnect shutdown, and config
    read-after-write ordering.
    - Local focused protocol validation after the latest rebase is currently
    blocked by packageproxy failing to resolve locked `rustls-webpki
    0.103.13`; CI is expected to provide the full validation signal.