Commit Graph

8 Commits

  • chore: ensure pnpm-workspace.yaml is up-to-date (#10140)
    On the back of:
    
    https://github.com/openai/codex/pull/10138
    
    Let's ensure that every folder with a `package.json` is listed in
    `pnpm-workspace.yaml` (not sure why `docs` was in there...) and that we
    are using `pnpm` over `npm` consistently (which is why this PR deletes
    `codex-cli/package-lock.json`).
  • update pnpm to 10.28.2 to address security issues (#9992)
    Updates pnpm to 10.28.2. to address security issues in prior versions of
    pnpm that can allow deps to execute lifecycle scripts against policy.
    
    I have read the CLA Document and I hereby sign the CLA
  • feat: codex-shell-tool-mcp (#7005)
    This adds a GitHub workflow for building a new npm module we are
    experimenting with that contains an MCP server for running Bash
    commands. The new workflow, `shell-tool-mcp`, is a dependency of the
    general `release` workflow so that we continue to use one version number
    for all artifacts across the project in one GitHub release.
    
    `.github/workflows/shell-tool-mcp.yml` is the primary workflow
    introduced by this PR, which does the following:
    
    - builds the `codex-exec-mcp-server` and `codex-execve-wrapper`
    executables for both arm64 and x64 versions of Mac and Linux (preferring
    the MUSL version for Linux)
    - builds Bash (dynamically linked) for a [comically] large number of
    platforms (both x64 and arm64 for most) with a small patch specified by
    `shell-tool-mcp/patches/bash-exec-wrapper.patch`:
      - `debian-11`
      - `debian-12`
      - `ubuntu-20.04`
      - `ubuntu-22.04`
      - `ubuntu-24.04`
      - `centos-9`
      - `macos-13` (x64 only)
      - `macos-14` (arm64 only)
      - `macos-15` (arm64 only)
    - builds the TypeScript for the [new] Node module declared in the
    `shell-tool-mcp/` folder, which creates `bin/mcp-server.js`
    - adds all of the native binaries to `shell-tool-mcp/vendor/` folder;
    `bin/mcp-server.js` does a runtime check to determine which ones to
    execute
    - uses `npm pack` to create the `.tgz` for the module
    - if `publish: true` is set, invokes the `npm publish` call with the
    `.tgz`
    
    The justification for building Bash for so many different operating
    systems is because, since it is dynamically linked, we want to increase
    our confidence that the version we build is compatible with the glibc
    whatever OS we end up running on. (Note this is less of a concern with
    `codex-exec-mcp-server` and `codex-execve-wrapper` on Linux, as they are
    statically linked.)
    
    This PR also introduces the code for the npm module in `shell-tool-mcp/`
    (the proposed module name is `@openai/codex-shell-tool-mcp`). Initially,
    I intended the module to be a single file of vanilla JavaScript (like
    [`codex-cli/bin/codex.js`](https://github.com/openai/codex/blob/ab5972d447da78d3e4dd8461cf7d43a22e5d2acb/codex-cli/bin/codex.js)),
    but some of the logic seemed a bit tricky, so I decided to port it to
    TypeScript and add unit tests.
    
    `shell-tool-mcp/src/index.ts` defines the `main()` function for the
    module, which performs runtime checks to determine the clang triple to
    find the path to the Rust executables within the `vendor/` folder
    (`resolveTargetTriple()`). It uses a combination of `readOsRelease()`
    and `resolveBashPath()` to determine the correct Bash executable to run
    in the environment. Ultimately, it spawns a command like the following:
    
    ```
    codex-exec-mcp-server \
        --execve codex-execve-wrapper \
        --bash custom-bash "$@"
    ```
    
    Note `.github/workflows/shell-tool-mcp-ci.yml` defines a fairly standard
    CI job for the module (`format`/`build`/`test`).
    
    To test this PR, I pushed this branch to my personal fork of Codex and
    ran the CI job there:
    
    https://github.com/bolinfest/codex/actions/runs/19564311320
    
    Admittedly, the graph looks a bit wild now:
    
    <img width="5115" height="2969" alt="Screenshot 2025-11-20 at 11 44
    58 PM"
    src="https://github.com/user-attachments/assets/cc5ef306-efc1-4ed7-a137-5347e394f393"
    />
    
    But when it finished, I was able to download `codex-shell-tool-mcp-npm`
    from the **Artifacts** for the workflow in an empty temp directory,
    unzip the `.zip` and then the `.tgz` inside it, followed by `xattr -rc
    .` to remove the quarantine bits. Then I ran:
    
    ```shell
    npx @modelcontextprotocol/inspector node /private/tmp/foobar4/package/bin/mcp-server.js
    ```
    
    which launched the MCP Inspector and I was able to use it as expected!
    This bodes well that this should work once the package is published to
    npm:
    
    ```shell
    npx @modelcontextprotocol/inspector npx @openai/codex-shell-tool-mcp
    ```
    
    Also, to verify the package contains what I expect:
    
    ```shell
    /tmp/foobar4/package$ tree
    .
    ├── bin
    │   └── mcp-server.js
    ├── package.json
    ├── README.md
    └── vendor
        ├── aarch64-apple-darwin
        │   ├── bash
        │   │   ├── macos-14
        │   │   │   └── bash
        │   │   └── macos-15
        │   │       └── bash
        │   ├── codex-exec-mcp-server
        │   └── codex-execve-wrapper
        ├── aarch64-unknown-linux-musl
        │   ├── bash
        │   │   ├── centos-9
        │   │   │   └── bash
        │   │   ├── debian-11
        │   │   │   └── bash
        │   │   ├── debian-12
        │   │   │   └── bash
        │   │   ├── ubuntu-20.04
        │   │   │   └── bash
        │   │   ├── ubuntu-22.04
        │   │   │   └── bash
        │   │   └── ubuntu-24.04
        │   │       └── bash
        │   ├── codex-exec-mcp-server
        │   └── codex-execve-wrapper
        ├── x86_64-apple-darwin
        │   ├── bash
        │   │   └── macos-13
        │   │       └── bash
        │   ├── codex-exec-mcp-server
        │   └── codex-execve-wrapper
        └── x86_64-unknown-linux-musl
            ├── bash
            │   ├── centos-9
            │   │   └── bash
            │   ├── debian-11
            │   │   └── bash
            │   ├── debian-12
            │   │   └── bash
            │   ├── ubuntu-20.04
            │   │   └── bash
            │   ├── ubuntu-22.04
            │   │   └── bash
            │   └── ubuntu-24.04
            │       └── bash
            ├── codex-exec-mcp-server
            └── codex-execve-wrapper
    
    26 directories, 26 files
    ```
  • chore: remove the TypeScript code from the repository (#2048)
    This deletes the bulk of the `codex-cli` folder and eliminates the logic
    that builds the TypeScript code and bundles it into the release.
    
    Since this PR modifies `.github/workflows/rust-release.yml`, to test
    changes to the release process, I locally commented out all of the "is
    this commit on upstream `main`" checks in
    `scripts/create_github_release.sh` and ran:
    
    ```
    ./codex-rs/scripts/create_github_release.sh 0.20.0-alpha.4
    ```
    
    Which kicked off:
    
    https://github.com/openai/codex/actions/runs/16842085113
    
    And the release artifacts appear legit!
    
    https://github.com/openai/codex/releases/tag/rust-v0.20.0-alpha.4
  • fix: patch in #366 and #367 for marked-terminal (#916)
    This PR uses [`pnpm
    patch`](https://www.petermekhaeil.com/til/pnpm-patch/) to pull in the
    following proposed fixes for `marked-terminal`:
    
    * https://github.com/mikaelbr/marked-terminal/pull/366
    * https://github.com/mikaelbr/marked-terminal/pull/367
    
    This adds a substantial test to `codex-cli/tests/markdown.test.tsx` to
    verify the new behavior.
    
    Note that one of the tests shows two citations being split across a line
    even though the rendered version would fit comfortably on one line.
    Changing this likely requires a subtle fix to `marked-terminal` to
    account for "rendered length" when determining line breaks.
  • feat: /diff command to view git diff (#426)
    Adds `/diff` command to view git diff
  • chore: migrate to pnpm for improved monorepo management (#287)
    # Migrate to pnpm for improved monorepo management
    
    ## Summary
    This PR migrates the Codex repository from npm to pnpm, providing faster
    dependency installation, better disk space usage, and improved monorepo
    management.
    
    ## Changes
    - Added `pnpm-workspace.yaml` to define workspace packages
    - Added `.npmrc` with optimal pnpm configuration
    - Updated root package.json with workspace scripts
    - Moved resolutions and overrides to the root package.json
    - Updated scripts to use pnpm instead of npm
    - Added documentation for the migration
    - Updated GitHub Actions workflow for pnpm
    
    ## Benefits
    - **Faster installations**: pnpm is significantly faster than npm
    - **Disk space savings**: pnpm's content-addressable store avoids
    duplication
    - **Strict dependency management**: prevents phantom dependencies
    - **Simplified monorepo management**: better workspace coordination
    - **Preparation for Turborepo**: as discussed, this is the first step
    before adding Turborepo
    
    ## Testing
    - Verified that `pnpm install` works correctly
    - Verified that `pnpm run build` completes successfully
    - Ensured all existing functionality is preserved
    
    ## Documentation
    Added a detailed migration guide in `PNPM_MIGRATION.md` explaining:
    - Why we're migrating to pnpm
    - How to use pnpm with this repository
    - Common commands and workspace-specific commands
    - Monorepo structure and configuration
    
    ## Next Steps
    As discussed, once this change is stable, we can consider adding
    Turborepo as a follow-up enhancement.