mirror of
https://github.com/openai/codex.git
synced 2026-02-05 00:13:42 +00:00
Compare commits
1 Commits
codex/impl
...
sec
| Author | SHA1 | Date | |
|---|---|---|---|
|
a34f6c9f08 |
@@ -15,6 +15,7 @@
|
||||
* current platform / architecture, an error is thrown.
|
||||
*/
|
||||
|
||||
import { spawnSync } from "child_process";
|
||||
import fs from "fs";
|
||||
import path from "path";
|
||||
import { fileURLToPath, pathToFileURL } from "url";
|
||||
@@ -34,7 +35,7 @@ const wantsNative = fs.existsSync(path.join(__dirname, "use-native")) ||
|
||||
: false);
|
||||
|
||||
// Try native binary if requested.
|
||||
if (wantsNative && process.platform !== 'win32') {
|
||||
if (wantsNative) {
|
||||
const { platform, arch } = process;
|
||||
|
||||
let targetTriple = null;
|
||||
@@ -73,76 +74,22 @@ if (wantsNative && process.platform !== 'win32') {
|
||||
}
|
||||
|
||||
const binaryPath = path.join(__dirname, "..", "bin", `codex-${targetTriple}`);
|
||||
|
||||
// Use an asynchronous spawn instead of spawnSync so that Node is able to
|
||||
// respond to signals (e.g. Ctrl-C / SIGINT) while the native binary is
|
||||
// executing. This allows us to forward those signals to the child process
|
||||
// and guarantees that when either the child terminates or the parent
|
||||
// receives a fatal signal, both processes exit in a predictable manner.
|
||||
const { spawn } = await import("child_process");
|
||||
|
||||
const child = spawn(binaryPath, process.argv.slice(2), {
|
||||
const result = spawnSync(binaryPath, process.argv.slice(2), {
|
||||
stdio: "inherit",
|
||||
});
|
||||
|
||||
child.on("error", (err) => {
|
||||
// Typically triggered when the binary is missing or not executable.
|
||||
// Re-throwing here will terminate the parent with a non-zero exit code
|
||||
// while still printing a helpful stack trace.
|
||||
// eslint-disable-next-line no-console
|
||||
console.error(err);
|
||||
process.exit(1);
|
||||
});
|
||||
const exitCode = typeof result.status === "number" ? result.status : 1;
|
||||
process.exit(exitCode);
|
||||
}
|
||||
|
||||
// Forward common termination signals to the child so that it shuts down
|
||||
// gracefully. In the handler we temporarily disable the default behavior of
|
||||
// exiting immediately; once the child has been signaled we simply wait for
|
||||
// its exit event which will in turn terminate the parent (see below).
|
||||
const forwardSignal = (signal) => {
|
||||
if (child.killed) {
|
||||
return;
|
||||
}
|
||||
try {
|
||||
child.kill(signal);
|
||||
} catch {
|
||||
/* ignore */
|
||||
}
|
||||
};
|
||||
// Fallback: execute the original JavaScript CLI.
|
||||
|
||||
["SIGINT", "SIGTERM", "SIGHUP"].forEach((sig) => {
|
||||
process.on(sig, () => forwardSignal(sig));
|
||||
});
|
||||
// Resolve the path to the compiled CLI bundle
|
||||
const cliPath = path.resolve(__dirname, "../dist/cli.js");
|
||||
const cliUrl = pathToFileURL(cliPath).href;
|
||||
|
||||
// When the child exits, mirror its termination reason in the parent so that
|
||||
// shell scripts and other tooling observe the correct exit status.
|
||||
// Wrap the lifetime of the child process in a Promise so that we can await
|
||||
// its termination in a structured way. The Promise resolves with an object
|
||||
// describing how the child exited: either via exit code or due to a signal.
|
||||
const childResult = await new Promise((resolve) => {
|
||||
child.on("exit", (code, signal) => {
|
||||
if (signal) {
|
||||
resolve({ type: "signal", signal });
|
||||
} else {
|
||||
resolve({ type: "code", exitCode: code ?? 1 });
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
if (childResult.type === "signal") {
|
||||
// Re-emit the same signal so that the parent terminates with the expected
|
||||
// semantics (this also sets the correct exit code of 128 + n).
|
||||
process.kill(process.pid, childResult.signal);
|
||||
} else {
|
||||
process.exit(childResult.exitCode);
|
||||
}
|
||||
} else {
|
||||
// Fallback: execute the original JavaScript CLI.
|
||||
|
||||
// Resolve the path to the compiled CLI bundle
|
||||
const cliPath = path.resolve(__dirname, "../dist/cli.js");
|
||||
const cliUrl = pathToFileURL(cliPath).href;
|
||||
|
||||
// Load and execute the CLI
|
||||
// Load and execute the CLI
|
||||
(async () => {
|
||||
try {
|
||||
await import(cliUrl);
|
||||
} catch (err) {
|
||||
@@ -150,4 +97,4 @@ if (wantsNative && process.platform !== 'win32') {
|
||||
console.error(err);
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
})();
|
||||
|
||||
@@ -10,19 +10,25 @@ import type {
|
||||
import MultilineTextEditor from "./multiline-editor";
|
||||
import { TerminalChatCommandReview } from "./terminal-chat-command-review.js";
|
||||
import TextCompletions from "./terminal-chat-completions.js";
|
||||
import { loadConfig } from "../../utils/config.js";
|
||||
import { loadConfig, type AppConfig } from "../../utils/config.js";
|
||||
import { getFileSystemSuggestions } from "../../utils/file-system-suggestions.js";
|
||||
import { expandFileTags } from "../../utils/file-tag-utils";
|
||||
import { createInputItem } from "../../utils/input-utils.js";
|
||||
import { log } from "../../utils/logger/log.js";
|
||||
import { setSessionId } from "../../utils/session.js";
|
||||
import { SLASH_COMMANDS, type SlashCommand } from "../../utils/slash-commands";
|
||||
import {
|
||||
runSecurityReview,
|
||||
SecurityReviewError,
|
||||
} from "../../utils/security-review.js";
|
||||
import type { SecurityReviewMode } from "../../utils/security-review.js";
|
||||
import {
|
||||
loadCommandHistory,
|
||||
addToHistory,
|
||||
} from "../../utils/storage/command-history.js";
|
||||
import { clearTerminal, onExit } from "../../utils/terminal.js";
|
||||
import { Box, Text, useApp, useInput, useStdin } from "ink";
|
||||
import path from "node:path";
|
||||
import { fileURLToPath } from "node:url";
|
||||
import React, {
|
||||
useCallback,
|
||||
@@ -39,6 +45,130 @@ const suggestions = [
|
||||
"are there any bugs in my code?",
|
||||
];
|
||||
|
||||
const SEC_REVIEW_COMMAND = "/secreview";
|
||||
|
||||
type SecReviewCommandOptions = {
|
||||
mode: SecurityReviewMode;
|
||||
includePaths: Array<string>;
|
||||
outputPath?: string;
|
||||
repoPath?: string;
|
||||
modelName?: string;
|
||||
};
|
||||
|
||||
function tokenizeCommand(input: string): Array<string> {
|
||||
const tokens: Array<string> = [];
|
||||
const regex = /"([^"]*)"|'([^']*)'|(\S+)/g;
|
||||
let match: RegExpExecArray | null;
|
||||
while ((match = regex.exec(input)) !== null) {
|
||||
if (match[1] != null) {
|
||||
tokens.push(match[1]);
|
||||
} else if (match[2] != null) {
|
||||
tokens.push(match[2]);
|
||||
} else if (match[3] != null) {
|
||||
tokens.push(match[3]);
|
||||
}
|
||||
}
|
||||
return tokens;
|
||||
}
|
||||
|
||||
function parseSecReviewCommand(input: string): SecReviewCommandOptions {
|
||||
const tokens = tokenizeCommand(input).slice(1); // drop the command itself
|
||||
let mode: SecurityReviewMode = "full";
|
||||
const includePaths: Array<string> = [];
|
||||
let outputPath: string | undefined;
|
||||
let repoPath: string | undefined;
|
||||
let modelName: string | undefined;
|
||||
|
||||
const parseMode = (value: string, option: string) => {
|
||||
if (value === "bugs") {
|
||||
mode = "bugs";
|
||||
} else if (value === "full") {
|
||||
mode = "full";
|
||||
} else {
|
||||
throw new Error(`Unknown ${option} value "${value}". Use "full" or "bugs".`);
|
||||
}
|
||||
};
|
||||
|
||||
for (let i = 0; i < tokens.length; i += 1) {
|
||||
const token = tokens[i];
|
||||
|
||||
const expectValue = (label: string): string => {
|
||||
if (i + 1 >= tokens.length) {
|
||||
throw new Error(`Expected value after ${label}`);
|
||||
}
|
||||
i += 1;
|
||||
return tokens[i];
|
||||
};
|
||||
|
||||
if (token === "--") {
|
||||
break;
|
||||
} else if (token === "bugs" || token === "--bugs" || token === "--mode=bugs") {
|
||||
mode = "bugs";
|
||||
} else if (token === "full" || token === "--full" || token === "--mode=full") {
|
||||
mode = "full";
|
||||
} else if (token === "--mode") {
|
||||
parseMode(expectValue("--mode"), "--mode");
|
||||
} else if (token.startsWith("--mode=")) {
|
||||
parseMode(token.slice("--mode=".length), "--mode");
|
||||
} else if (token === "--path" || token === "-p") {
|
||||
includePaths.push(expectValue(token));
|
||||
} else if (token.startsWith("--path=")) {
|
||||
includePaths.push(token.slice("--path=".length));
|
||||
} else if (token.startsWith("-p=")) {
|
||||
includePaths.push(token.slice("-p=".length));
|
||||
} else if (
|
||||
token === "--output" ||
|
||||
token === "-o" ||
|
||||
token === "--output-location"
|
||||
) {
|
||||
outputPath = expectValue(token);
|
||||
} else if (token.startsWith("--output=")) {
|
||||
outputPath = token.slice("--output=".length);
|
||||
} else if (token.startsWith("-o=")) {
|
||||
outputPath = token.slice("-o=".length);
|
||||
} else if (
|
||||
token === "--repo" ||
|
||||
token === "--repo-location" ||
|
||||
token === "--repository"
|
||||
) {
|
||||
repoPath = expectValue(token);
|
||||
} else if (token.startsWith("--repo=")) {
|
||||
repoPath = token.slice("--repo=".length);
|
||||
} else if (token.startsWith("--repo-location=")) {
|
||||
repoPath = token.slice("--repo-location=".length);
|
||||
} else if (token === "--model" || token === "--model-name") {
|
||||
modelName = expectValue(token);
|
||||
} else if (token.startsWith("--model=")) {
|
||||
modelName = token.slice("--model=".length);
|
||||
} else if (token.startsWith("--model-name=")) {
|
||||
modelName = token.slice("--model-name=".length);
|
||||
} else if (token.length > 0) {
|
||||
includePaths.push(token);
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
mode,
|
||||
includePaths: includePaths.filter((p) => p.length > 0),
|
||||
outputPath,
|
||||
repoPath,
|
||||
modelName,
|
||||
};
|
||||
}
|
||||
|
||||
function trimLogOutput(logText: string, maxLines: number = 40): string {
|
||||
const normalised = logText.replace(/\r\n/g, "\n").trimEnd();
|
||||
if (normalised === "") {
|
||||
return "(empty)";
|
||||
}
|
||||
const lines = normalised.split("\n");
|
||||
if (lines.length <= maxLines) {
|
||||
return normalised;
|
||||
}
|
||||
const tail = lines.slice(-maxLines);
|
||||
return ["… (showing last " + maxLines + " lines)", ...tail].join("\n");
|
||||
}
|
||||
|
||||
export default function TerminalChatInput({
|
||||
isNew,
|
||||
loading,
|
||||
@@ -60,6 +190,7 @@ export default function TerminalChatInput({
|
||||
active,
|
||||
thinkingSeconds,
|
||||
items = [],
|
||||
config,
|
||||
}: {
|
||||
isNew: boolean;
|
||||
loading: boolean;
|
||||
@@ -85,6 +216,7 @@ export default function TerminalChatInput({
|
||||
thinkingSeconds: number;
|
||||
// New: current conversation items so we can include them in bug reports
|
||||
items?: Array<ResponseItem>;
|
||||
config: AppConfig;
|
||||
}): React.ReactElement {
|
||||
// Slash command suggestion index
|
||||
const [selectedSlashSuggestion, setSelectedSlashSuggestion] =
|
||||
@@ -512,6 +644,230 @@ export default function TerminalChatInput({
|
||||
} else if (inputValue.startsWith("/approval")) {
|
||||
setInput("");
|
||||
openApprovalOverlay();
|
||||
return;
|
||||
} else if (inputValue.startsWith(SEC_REVIEW_COMMAND)) {
|
||||
setInput("");
|
||||
const commandId = `secreview-${Date.now()}`;
|
||||
|
||||
let parsed: SecReviewCommandOptions;
|
||||
try {
|
||||
parsed = parseSecReviewCommand(inputValue);
|
||||
} catch (error) {
|
||||
const message =
|
||||
error instanceof Error ? error.message : String(error);
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-parse-error`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text: `⚠️ Unable to parse ${SEC_REVIEW_COMMAND} arguments: ${message}`,
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
return;
|
||||
}
|
||||
|
||||
const repoPath = parsed.repoPath
|
||||
? path.isAbsolute(parsed.repoPath)
|
||||
? parsed.repoPath
|
||||
: path.resolve(process.cwd(), parsed.repoPath)
|
||||
: process.cwd();
|
||||
|
||||
const resolvedOutputPath =
|
||||
parsed.outputPath != null
|
||||
? path.isAbsolute(parsed.outputPath)
|
||||
? parsed.outputPath
|
||||
: path.resolve(repoPath, parsed.outputPath)
|
||||
: undefined;
|
||||
|
||||
const scopeDescription =
|
||||
parsed.includePaths.length > 0
|
||||
? parsed.includePaths.join(", ")
|
||||
: "entire repository";
|
||||
|
||||
const introLines = [
|
||||
`🔐 Running AppSec security review (mode: ${parsed.mode}).`,
|
||||
`Repository: ${repoPath}`,
|
||||
`Scope: ${scopeDescription}`,
|
||||
];
|
||||
|
||||
if (resolvedOutputPath) {
|
||||
introLines.push(`Output: ${resolvedOutputPath}`);
|
||||
}
|
||||
|
||||
if (parsed.modelName) {
|
||||
introLines.push(`Model override: ${parsed.modelName}`);
|
||||
}
|
||||
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-start`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text: introLines.join("\n"),
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
|
||||
try {
|
||||
const result = await runSecurityReview({
|
||||
repoPath,
|
||||
includePaths: parsed.includePaths,
|
||||
outputPath: resolvedOutputPath,
|
||||
modelName: parsed.modelName,
|
||||
mode: parsed.mode,
|
||||
config,
|
||||
});
|
||||
|
||||
const summaryLines = [
|
||||
"✅ AppSec review complete.",
|
||||
`Artifacts: ${result.outputRoot}`,
|
||||
];
|
||||
if (!result.reportContent) {
|
||||
summaryLines.push("ℹ️ report.md not found in output.");
|
||||
}
|
||||
if (!result.bugsContent) {
|
||||
summaryLines.push("ℹ️ context/bugs.md not found in output.");
|
||||
}
|
||||
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-complete`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text: summaryLines.join("\n"),
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
|
||||
if (parsed.mode === "full" && result.reportContent) {
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-report`,
|
||||
type: "message",
|
||||
role: "assistant",
|
||||
content: [
|
||||
{
|
||||
type: "output_text",
|
||||
text: `# AppSec Security Review Report\n\n${result.reportContent}`,
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
}
|
||||
|
||||
if (result.bugsContent) {
|
||||
const heading =
|
||||
parsed.mode === "full"
|
||||
? "## Bugs Summary"
|
||||
: "# AppSec Bugs Summary";
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-bugs`,
|
||||
type: "message",
|
||||
role: "assistant",
|
||||
content: [
|
||||
{
|
||||
type: "output_text",
|
||||
text: `${heading}\n\n${result.bugsContent}`,
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
} else {
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-no-bugs`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text:
|
||||
"No bug summary produced. Check the output directory for details.",
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
}
|
||||
|
||||
if (parsed.mode === "bugs" && result.reportContent) {
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-report-location`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text: `Full report available at ${result.reportPath}`,
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
}
|
||||
if (result.stdout.trim()) {
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-logs`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text: `Logs:\n${trimLogOutput(result.stdout)}`,
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
}
|
||||
} catch (error) {
|
||||
const message =
|
||||
error instanceof Error ? error.message : String(error);
|
||||
const stderr =
|
||||
error instanceof SecurityReviewError && error.stderr
|
||||
? `\n\nstderr last lines:\n${trimLogOutput(error.stderr)}`
|
||||
: "";
|
||||
const stdout =
|
||||
error instanceof SecurityReviewError && error.stdout
|
||||
? `\n\nstdout last lines:\n${trimLogOutput(error.stdout)}`
|
||||
: "";
|
||||
setItems((prev) => [
|
||||
...prev,
|
||||
{
|
||||
id: `${commandId}-error`,
|
||||
type: "message",
|
||||
role: "system",
|
||||
content: [
|
||||
{
|
||||
type: "input_text",
|
||||
text: `❌ AppSec review failed: ${message}${stderr}${stdout}`,
|
||||
},
|
||||
],
|
||||
},
|
||||
]);
|
||||
}
|
||||
|
||||
return;
|
||||
} else if (["exit", "q", ":q"].includes(inputValue)) {
|
||||
setInput("");
|
||||
@@ -707,13 +1063,13 @@ export default function TerminalChatInput({
|
||||
submitInput([inputItem]);
|
||||
|
||||
// Get config for history persistence.
|
||||
const config = loadConfig();
|
||||
const historyConfig = loadConfig();
|
||||
|
||||
// Add to history and update state.
|
||||
const updatedHistory = await addToHistory(value, history, {
|
||||
maxSize: config.history?.maxSize ?? 1000,
|
||||
saveHistory: config.history?.saveHistory ?? true,
|
||||
sensitivePatterns: config.history?.sensitivePatterns ?? [],
|
||||
maxSize: historyConfig.history?.maxSize ?? 1000,
|
||||
saveHistory: historyConfig.history?.saveHistory ?? true,
|
||||
sensitivePatterns: historyConfig.history?.sensitivePatterns ?? [],
|
||||
});
|
||||
|
||||
setHistory(updatedHistory);
|
||||
@@ -742,6 +1098,7 @@ export default function TerminalChatInput({
|
||||
onCompact,
|
||||
skipNextSubmit,
|
||||
items,
|
||||
config,
|
||||
],
|
||||
);
|
||||
|
||||
|
||||
@@ -580,6 +580,7 @@ export default function TerminalChat({
|
||||
}}
|
||||
items={items}
|
||||
thinkingSeconds={thinkingSeconds}
|
||||
config={config}
|
||||
/>
|
||||
)}
|
||||
{overlayMode === "history" && (
|
||||
|
||||
@@ -56,6 +56,10 @@ export default function HelpOverlay({
|
||||
<Text color="cyan">/bug</Text> – generate a prefilled GitHub issue URL
|
||||
with session log
|
||||
</Text>
|
||||
<Text>
|
||||
<Text color="cyan">/secreview</Text> – run AppSec security review and
|
||||
show the results
|
||||
</Text>
|
||||
<Text>
|
||||
<Text color="cyan">/diff</Text> – view working tree git diff
|
||||
</Text>
|
||||
|
||||
@@ -24,6 +24,10 @@ export const SLASH_COMMANDS: Array<SlashCommand> = [
|
||||
{ command: "/help", description: "Show list of commands" },
|
||||
{ command: "/model", description: "Open model selection panel" },
|
||||
{ command: "/approval", description: "Open approval mode selection panel" },
|
||||
{
|
||||
command: "/secreview",
|
||||
description: "Run AppSec security review and display the generated reports",
|
||||
},
|
||||
{
|
||||
command: "/bug",
|
||||
description: "Generate a prefilled GitHub issue URL with session log",
|
||||
|
||||
@@ -61,6 +61,11 @@ describe("/clear command", () => {
|
||||
active: true,
|
||||
thinkingSeconds: 0,
|
||||
items: existingItems,
|
||||
config: {
|
||||
model: "codex-mini-latest",
|
||||
instructions: "",
|
||||
provider: "openai",
|
||||
},
|
||||
};
|
||||
|
||||
const { stdin, flush, cleanup } = renderTui(
|
||||
|
||||
@@ -66,17 +66,27 @@ function stubProps(): any {
|
||||
loading: false,
|
||||
submitInput: vi.fn(),
|
||||
confirmationPrompt: null,
|
||||
explanation: undefined,
|
||||
submitConfirmation: vi.fn(),
|
||||
setLastResponseId: vi.fn(),
|
||||
// Cast to any to satisfy the generic React.Dispatch signature without
|
||||
// pulling the ResponseItem type into the test bundle.
|
||||
setItems: (() => {}) as any,
|
||||
setItems: vi.fn(),
|
||||
contextLeftPercent: 100,
|
||||
openOverlay: vi.fn(),
|
||||
openModelOverlay: vi.fn(),
|
||||
openHelpOverlay: vi.fn(),
|
||||
openApprovalOverlay: vi.fn(),
|
||||
openSessionsOverlay: vi.fn(),
|
||||
openDiffOverlay: vi.fn(),
|
||||
onCompact: vi.fn(),
|
||||
interruptAgent: vi.fn(),
|
||||
active: true,
|
||||
thinkingSeconds: 0,
|
||||
items: [],
|
||||
config: {
|
||||
model: "codex-mini-latest",
|
||||
instructions: "",
|
||||
provider: "openai",
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ test("SLASH_COMMANDS includes expected commands", () => {
|
||||
expect(commands).toContain("/help");
|
||||
expect(commands).toContain("/model");
|
||||
expect(commands).toContain("/approval");
|
||||
expect(commands).toContain("/secreview");
|
||||
expect(commands).toContain("/clearhistory");
|
||||
expect(commands).toContain("/diff");
|
||||
});
|
||||
|
||||
@@ -26,6 +26,11 @@ describe("TerminalChatInput compact command", () => {
|
||||
interruptAgent: () => {},
|
||||
active: true,
|
||||
thinkingSeconds: 0,
|
||||
config: {
|
||||
model: "codex-mini-latest",
|
||||
instructions: "",
|
||||
provider: "openai",
|
||||
},
|
||||
};
|
||||
const { lastFrameStripped } = renderTui(<TerminalChatInput {...props} />);
|
||||
const frame = lastFrameStripped();
|
||||
|
||||
@@ -81,6 +81,11 @@ describe("TerminalChatInput file tag suggestions", () => {
|
||||
interruptAgent: vi.fn(),
|
||||
active: true,
|
||||
thinkingSeconds: 0,
|
||||
config: {
|
||||
model: "codex-mini-latest",
|
||||
instructions: "",
|
||||
provider: "openai",
|
||||
},
|
||||
};
|
||||
|
||||
beforeEach(() => {
|
||||
|
||||
@@ -47,6 +47,11 @@ describe("TerminalChatInput multiline functionality", () => {
|
||||
interruptAgent: () => {},
|
||||
active: true,
|
||||
thinkingSeconds: 0,
|
||||
config: {
|
||||
model: "codex-mini-latest",
|
||||
instructions: "",
|
||||
provider: "openai",
|
||||
},
|
||||
};
|
||||
|
||||
const { stdin, lastFrameStripped, flush, cleanup } = renderTui(
|
||||
@@ -99,6 +104,11 @@ describe("TerminalChatInput multiline functionality", () => {
|
||||
interruptAgent: () => {},
|
||||
active: true,
|
||||
thinkingSeconds: 0,
|
||||
config: {
|
||||
model: "codex-mini-latest",
|
||||
instructions: "",
|
||||
provider: "openai",
|
||||
},
|
||||
};
|
||||
|
||||
const { stdin, lastFrameStripped, flush, cleanup } = renderTui(
|
||||
|
||||
7
codex-rs/Cargo.lock
generated
7
codex-rs/Cargo.lock
generated
@@ -617,7 +617,6 @@ name = "codex-cli"
|
||||
version = "0.0.0"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"assert_cmd",
|
||||
"clap",
|
||||
"clap_complete",
|
||||
"codex-chatgpt",
|
||||
@@ -628,14 +627,10 @@ dependencies = [
|
||||
"codex-login",
|
||||
"codex-mcp-server",
|
||||
"codex-tui",
|
||||
"indoc",
|
||||
"predicates",
|
||||
"serde_json",
|
||||
"tempfile",
|
||||
"tokio",
|
||||
"tracing",
|
||||
"tracing-subscriber",
|
||||
"wiremock",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -823,10 +818,12 @@ dependencies = [
|
||||
"ratatui",
|
||||
"ratatui-image",
|
||||
"regex-lite",
|
||||
"reqwest",
|
||||
"serde_json",
|
||||
"shlex",
|
||||
"strum 0.27.1",
|
||||
"strum_macros 0.27.1",
|
||||
"time",
|
||||
"tokio",
|
||||
"tracing",
|
||||
"tracing-appender",
|
||||
|
||||
@@ -36,11 +36,3 @@ tokio = { version = "1", features = [
|
||||
] }
|
||||
tracing = "0.1.41"
|
||||
tracing-subscriber = "0.3.19"
|
||||
|
||||
[dev-dependencies]
|
||||
assert_cmd = "2"
|
||||
predicates = "3"
|
||||
tempfile = "3"
|
||||
wiremock = "0.6"
|
||||
tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
|
||||
indoc = "2"
|
||||
|
||||
@@ -1,223 +0,0 @@
|
||||
#![allow(clippy::unwrap_used)]
|
||||
|
||||
//! End-to-end integration tests for the `codex` CLI.
|
||||
//!
|
||||
//! These spin up a local [`wiremock`][] server to stand in for the MCP server
|
||||
//! and then run the real compiled `codex` binary against it. The goal is to
|
||||
//! verify the high-level request/response flow rather than the details of the
|
||||
//! individual async functions.
|
||||
//!
|
||||
//! [`wiremock`]: https://docs.rs/wiremock
|
||||
|
||||
use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
|
||||
use predicates::prelude::*;
|
||||
use std::fs;
|
||||
use std::path::Path;
|
||||
use tempfile::TempDir;
|
||||
use wiremock::Mock;
|
||||
use wiremock::MockServer;
|
||||
use wiremock::ResponseTemplate;
|
||||
use wiremock::matchers::method;
|
||||
use wiremock::matchers::path;
|
||||
|
||||
// ----- tests -----
|
||||
|
||||
/// Sends a single simple prompt and verifies that the streamed response is
|
||||
/// surfaced to the user. This exercises the most common "ask a question, get a
|
||||
/// textual answer" flow.
|
||||
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
||||
async fn full_conversation_turn_integration() {
|
||||
if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
|
||||
println!("Skipping test because network is disabled");
|
||||
return;
|
||||
}
|
||||
|
||||
let server = MockServer::start().await;
|
||||
Mock::given(method("POST"))
|
||||
.and(path("/v1/responses"))
|
||||
.respond_with(
|
||||
ResponseTemplate::new(200)
|
||||
.insert_header("content-type", "text/event-stream")
|
||||
.set_body_raw(sse_message("Hello, world."), "text/event-stream"),
|
||||
)
|
||||
.expect(1)
|
||||
.mount(&server)
|
||||
.await;
|
||||
|
||||
// Disable retries — the mock server will fail hard if we make an unexpected
|
||||
// request, so retries only slow the test down.
|
||||
unsafe {
|
||||
std::env::set_var("OPENAI_REQUEST_MAX_RETRIES", "0");
|
||||
std::env::set_var("OPENAI_STREAM_MAX_RETRIES", "0");
|
||||
}
|
||||
|
||||
let codex_home = TempDir::new().unwrap();
|
||||
let sandbox = TempDir::new().unwrap();
|
||||
write_config(codex_home.path(), &server);
|
||||
|
||||
// Capture the agent's final message in a file so we can assert on it precisely.
|
||||
let last_message_file = sandbox.path().join("last_message.txt");
|
||||
|
||||
let mut cmd = assert_cmd::Command::cargo_bin("codex").unwrap();
|
||||
cmd.env("CODEX_HOME", codex_home.path())
|
||||
.current_dir(sandbox.path())
|
||||
.arg("exec")
|
||||
.arg("--skip-git-repo-check")
|
||||
.arg("--output-last-message")
|
||||
.arg(&last_message_file)
|
||||
.arg("Hello");
|
||||
|
||||
cmd.assert()
|
||||
.success()
|
||||
.stdout(predicate::str::contains("Hello, world."));
|
||||
|
||||
// Assert on the captured last message file (more robust than stdout formatting).
|
||||
let last = fs::read_to_string(&last_message_file).unwrap();
|
||||
let expected = "Hello, world.";
|
||||
assert_eq!(last.trim(), expected);
|
||||
}
|
||||
|
||||
/// Simulates a tool invocation (`shell`) followed by a second assistant message
|
||||
/// once the tool call completes.
|
||||
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
||||
async fn tool_invocation_flow() {
|
||||
if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
|
||||
println!("Skipping test because network is disabled");
|
||||
return;
|
||||
}
|
||||
|
||||
let server = MockServer::start().await;
|
||||
|
||||
// The first request returns a function-call item; the second returns the
|
||||
// final assistant message. Use an atomic counter to serve them in order.
|
||||
struct SeqResponder {
|
||||
count: std::sync::atomic::AtomicUsize,
|
||||
}
|
||||
impl wiremock::Respond for SeqResponder {
|
||||
fn respond(&self, _: &wiremock::Request) -> ResponseTemplate {
|
||||
use std::sync::atomic::Ordering;
|
||||
match self.count.fetch_add(1, Ordering::SeqCst) {
|
||||
0 => ResponseTemplate::new(200)
|
||||
.insert_header("content-type", "text/event-stream")
|
||||
.set_body_raw(sse_function_call(), "text/event-stream"),
|
||||
_ => ResponseTemplate::new(200)
|
||||
.insert_header("content-type", "text/event-stream")
|
||||
.set_body_raw(sse_final_after_call(), "text/event-stream"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Mock::given(method("POST"))
|
||||
.and(path("/v1/responses"))
|
||||
.respond_with(SeqResponder {
|
||||
count: std::sync::atomic::AtomicUsize::new(0),
|
||||
})
|
||||
.expect(2)
|
||||
.mount(&server)
|
||||
.await;
|
||||
|
||||
unsafe {
|
||||
std::env::set_var("OPENAI_REQUEST_MAX_RETRIES", "0");
|
||||
std::env::set_var("OPENAI_STREAM_MAX_RETRIES", "0");
|
||||
}
|
||||
|
||||
let codex_home = TempDir::new().unwrap();
|
||||
let sandbox = TempDir::new().unwrap();
|
||||
write_config(codex_home.path(), &server);
|
||||
|
||||
// Capture final assistant message after tool invocation.
|
||||
let last_message_file = sandbox.path().join("last_message.txt");
|
||||
|
||||
let mut cmd = assert_cmd::Command::cargo_bin("codex").unwrap();
|
||||
cmd.env("CODEX_HOME", codex_home.path())
|
||||
.current_dir(sandbox.path())
|
||||
.arg("exec")
|
||||
.arg("--skip-git-repo-check")
|
||||
.arg("--output-last-message")
|
||||
.arg(&last_message_file)
|
||||
.arg("Run shell");
|
||||
|
||||
cmd.assert()
|
||||
.success()
|
||||
.stdout(predicate::str::contains("exec echo hi"))
|
||||
.stdout(predicate::str::contains("hi"));
|
||||
|
||||
// Assert that the final assistant message (second response) was 'done'.
|
||||
let last = fs::read_to_string(&last_message_file).unwrap();
|
||||
let expected = "done";
|
||||
assert_eq!(last.trim(), expected);
|
||||
}
|
||||
|
||||
/// Write a minimal `config.toml` pointing the CLI at the mock server.
|
||||
fn write_config(codex_home: &Path, server: &MockServer) {
|
||||
fs::write(
|
||||
codex_home.join("config.toml"),
|
||||
format!(
|
||||
r#"
|
||||
model_provider = "mock"
|
||||
model = "test-model"
|
||||
|
||||
[model_providers.mock]
|
||||
name = "mock"
|
||||
base_url = "{}/v1"
|
||||
env_key = "PATH"
|
||||
wire_api = "responses"
|
||||
"#,
|
||||
server.uri()
|
||||
),
|
||||
)
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
/// Small helper to generate an SSE stream with a single assistant message.
|
||||
fn sse_message(text: &str) -> String {
|
||||
const TEMPLATE: &str = r#"event: response.output_item.done
|
||||
data: {"type":"response.output_item.done","item":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"TEXT_PLACEHOLDER"}]}}
|
||||
|
||||
event: response.completed
|
||||
data: {"type":"response.completed","response":{"id":"resp1","output":[]}}
|
||||
|
||||
|
||||
"#;
|
||||
|
||||
TEMPLATE.replace("TEXT_PLACEHOLDER", text)
|
||||
}
|
||||
|
||||
/// Helper to craft an SSE stream that returns a `function_call`.
|
||||
fn sse_function_call() -> String {
|
||||
let call = serde_json::json!({
|
||||
"type": "response.output_item.done",
|
||||
"item": {
|
||||
"type": "function_call",
|
||||
"name": "shell",
|
||||
"arguments": "{\"command\":[\"echo\",\"hi\"]}",
|
||||
"call_id": "call1"
|
||||
}
|
||||
});
|
||||
let completed = serde_json::json!({
|
||||
"type": "response.completed",
|
||||
"response": {"id": "resp1", "output": []}
|
||||
});
|
||||
|
||||
format!(
|
||||
"event: response.output_item.done\ndata: {call}\n\n\
|
||||
event: response.completed\ndata: {completed}\n\n\n"
|
||||
)
|
||||
}
|
||||
|
||||
/// SSE stream for the assistant's final message after the tool call returns.
|
||||
fn sse_final_after_call() -> String {
|
||||
let msg = serde_json::json!({
|
||||
"type": "response.output_item.done",
|
||||
"item": {"type": "message", "role": "assistant", "content": [{"type": "output_text", "text": "done"}]}
|
||||
});
|
||||
let completed = serde_json::json!({
|
||||
"type": "response.completed",
|
||||
"response": {"id": "resp2", "output": []}
|
||||
});
|
||||
|
||||
format!(
|
||||
"event: response.output_item.done\ndata: {msg}\n\n\
|
||||
event: response.completed\ndata: {completed}\n\n\n"
|
||||
)
|
||||
}
|
||||
@@ -134,7 +134,7 @@ pub(crate) async fn stream_chat_completions(
|
||||
|
||||
match res {
|
||||
Ok(resp) if resp.status().is_success() => {
|
||||
let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(1600);
|
||||
let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(16);
|
||||
let stream = resp.bytes_stream().map_err(CodexErr::Reqwest);
|
||||
tokio::spawn(process_chat_sse(stream, tx_event));
|
||||
return Ok(ResponseStream { rx_event });
|
||||
@@ -426,12 +426,6 @@ where
|
||||
// will never appear in a Chat Completions stream.
|
||||
continue;
|
||||
}
|
||||
Poll::Ready(Some(Ok(ResponseEvent::OutputTextDelta(_))))
|
||||
| Poll::Ready(Some(Ok(ResponseEvent::ReasoningSummaryDelta(_)))) => {
|
||||
// Deltas are ignored here since aggregation waits for the
|
||||
// final OutputItemDone.
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -125,7 +125,6 @@ impl ModelClient {
|
||||
reasoning,
|
||||
previous_response_id: prompt.prev_id.clone(),
|
||||
store: prompt.store,
|
||||
// TODO: make this configurable
|
||||
stream: true,
|
||||
};
|
||||
|
||||
@@ -149,7 +148,7 @@ impl ModelClient {
|
||||
let res = req_builder.send().await;
|
||||
match res {
|
||||
Ok(resp) if resp.status().is_success() => {
|
||||
let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(1600);
|
||||
let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(16);
|
||||
|
||||
// spawn task to process SSE
|
||||
let stream = resp.bytes_stream().map_err(CodexErr::Reqwest);
|
||||
@@ -206,7 +205,6 @@ struct SseEvent {
|
||||
kind: String,
|
||||
response: Option<Value>,
|
||||
item: Option<Value>,
|
||||
delta: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
@@ -339,22 +337,6 @@ where
|
||||
return;
|
||||
}
|
||||
}
|
||||
"response.output_text.delta" => {
|
||||
if let Some(delta) = event.delta {
|
||||
let event = ResponseEvent::OutputTextDelta(delta);
|
||||
if tx_event.send(Ok(event)).await.is_err() {
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
"response.reasoning_summary_text.delta" => {
|
||||
if let Some(delta) = event.delta {
|
||||
let event = ResponseEvent::ReasoningSummaryDelta(delta);
|
||||
if tx_event.send(Ok(event)).await.is_err() {
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
"response.created" => {
|
||||
if event.response.is_some() {
|
||||
let _ = tx_event.send(Ok(ResponseEvent::Created {})).await;
|
||||
@@ -378,8 +360,10 @@ where
|
||||
| "response.function_call_arguments.delta"
|
||||
| "response.in_progress"
|
||||
| "response.output_item.added"
|
||||
| "response.output_text.delta"
|
||||
| "response.output_text.done"
|
||||
| "response.reasoning_summary_part.added"
|
||||
| "response.reasoning_summary_text.delta"
|
||||
| "response.reasoning_summary_text.done" => {
|
||||
// Currently, we ignore these events, but we handle them
|
||||
// separately to skip the logging message in the `other` case.
|
||||
@@ -391,7 +375,7 @@ where
|
||||
|
||||
/// used in tests to stream from a text SSE file
|
||||
async fn stream_from_fixture(path: impl AsRef<Path>) -> Result<ResponseStream> {
|
||||
let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(1600);
|
||||
let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(16);
|
||||
let f = std::fs::File::open(path.as_ref())?;
|
||||
let lines = std::io::BufReader::new(f).lines();
|
||||
|
||||
|
||||
@@ -57,8 +57,6 @@ pub enum ResponseEvent {
|
||||
response_id: String,
|
||||
token_usage: Option<TokenUsage>,
|
||||
},
|
||||
OutputTextDelta(String),
|
||||
ReasoningSummaryDelta(String),
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize)]
|
||||
|
||||
@@ -61,9 +61,7 @@ use crate::models::ResponseInputItem;
|
||||
use crate::models::ResponseItem;
|
||||
use crate::models::ShellToolCallParams;
|
||||
use crate::project_doc::get_user_instructions;
|
||||
use crate::protocol::AgentMessageDeltaEvent;
|
||||
use crate::protocol::AgentMessageEvent;
|
||||
use crate::protocol::AgentReasoningDeltaEvent;
|
||||
use crate::protocol::AgentReasoningEvent;
|
||||
use crate::protocol::ApplyPatchApprovalRequestEvent;
|
||||
use crate::protocol::AskForApproval;
|
||||
@@ -105,7 +103,7 @@ impl Codex {
|
||||
/// submitted to start the session.
|
||||
pub async fn spawn(config: Config, ctrl_c: Arc<Notify>) -> CodexResult<(Codex, String)> {
|
||||
let (tx_sub, rx_sub) = async_channel::bounded(64);
|
||||
let (tx_event, rx_event) = async_channel::bounded(1600);
|
||||
let (tx_event, rx_event) = async_channel::bounded(64);
|
||||
|
||||
let instructions = get_user_instructions(&config).await;
|
||||
let configure_session = Op::ConfigureSession {
|
||||
@@ -1123,8 +1121,15 @@ async fn try_run_turn(
|
||||
|
||||
let mut stream = sess.client.clone().stream(&prompt).await?;
|
||||
|
||||
// Buffer all the incoming messages from the stream first, then execute them.
|
||||
// If we execute a function call in the middle of handling the stream, it can time out.
|
||||
let mut input = Vec::new();
|
||||
while let Some(event) = stream.next().await {
|
||||
input.push(event?);
|
||||
}
|
||||
|
||||
let mut output = Vec::new();
|
||||
while let Some(Ok(event)) = stream.next().await {
|
||||
for event in input {
|
||||
match event {
|
||||
ResponseEvent::Created => {
|
||||
let mut state = sess.state.lock().unwrap();
|
||||
@@ -1167,20 +1172,6 @@ async fn try_run_turn(
|
||||
state.previous_response_id = Some(response_id);
|
||||
break;
|
||||
}
|
||||
ResponseEvent::OutputTextDelta(delta) => {
|
||||
let event = Event {
|
||||
id: sub_id.to_string(),
|
||||
msg: EventMsg::AgentMessageDelta(AgentMessageDeltaEvent { delta }),
|
||||
};
|
||||
sess.tx_event.send(event).await.ok();
|
||||
}
|
||||
ResponseEvent::ReasoningSummaryDelta(delta) => {
|
||||
let event = Event {
|
||||
id: sub_id.to_string(),
|
||||
msg: EventMsg::AgentReasoningDelta(AgentReasoningDeltaEvent { delta }),
|
||||
};
|
||||
sess.tx_event.send(event).await.ok();
|
||||
}
|
||||
}
|
||||
}
|
||||
Ok(output)
|
||||
|
||||
@@ -722,6 +722,7 @@ disable_response_storage = true
|
||||
query_params: None,
|
||||
http_headers: None,
|
||||
env_http_headers: None,
|
||||
supports_temperature: true,
|
||||
};
|
||||
let model_provider_map = {
|
||||
let mut model_provider_map = built_in_model_providers();
|
||||
|
||||
@@ -79,19 +79,9 @@ impl McpConnectionManager {
|
||||
|
||||
// Launch all configured servers concurrently.
|
||||
let mut join_set = JoinSet::new();
|
||||
let mut errors = ClientStartErrors::new();
|
||||
|
||||
for (server_name, cfg) in mcp_servers {
|
||||
// Validate server name before spawning
|
||||
if !is_valid_mcp_server_name(&server_name) {
|
||||
let error = anyhow::anyhow!(
|
||||
"invalid server name '{}': must match pattern ^[a-zA-Z0-9_-]+$",
|
||||
server_name
|
||||
);
|
||||
errors.insert(server_name, error);
|
||||
continue;
|
||||
}
|
||||
|
||||
// TODO: Verify server name: require `^[a-zA-Z0-9_-]+$`?
|
||||
join_set.spawn(async move {
|
||||
let McpServerConfig { command, args, env } = cfg;
|
||||
let client_res = McpClient::new_stdio_client(command, args, env).await;
|
||||
@@ -127,6 +117,7 @@ impl McpConnectionManager {
|
||||
|
||||
let mut clients: HashMap<String, std::sync::Arc<McpClient>> =
|
||||
HashMap::with_capacity(join_set.len());
|
||||
let mut errors = ClientStartErrors::new();
|
||||
|
||||
while let Some(res) = join_set.join_next().await {
|
||||
let (server_name, client_res) = res?; // JoinError propagation
|
||||
@@ -217,10 +208,3 @@ pub async fn list_all_tools(
|
||||
|
||||
Ok(aggregated)
|
||||
}
|
||||
|
||||
fn is_valid_mcp_server_name(server_name: &str) -> bool {
|
||||
!server_name.is_empty()
|
||||
&& server_name
|
||||
.chars()
|
||||
.all(|c| c.is_ascii_alphanumeric() || c == '_' || c == '-')
|
||||
}
|
||||
|
||||
@@ -64,6 +64,14 @@ pub struct ModelProviderInfo {
|
||||
/// value should be used. If the environment variable is not set, or the
|
||||
/// value is empty, the header will not be included in the request.
|
||||
pub env_http_headers: Option<HashMap<String, String>>,
|
||||
|
||||
/// Whether the provider accepts an explicit `temperature` parameter.
|
||||
#[serde(default = "default_supports_temperature")]
|
||||
pub supports_temperature: bool,
|
||||
}
|
||||
|
||||
const fn default_supports_temperature() -> bool {
|
||||
true
|
||||
}
|
||||
|
||||
impl ModelProviderInfo {
|
||||
@@ -205,6 +213,7 @@ pub fn built_in_model_providers() -> HashMap<String, ModelProviderInfo> {
|
||||
.into_iter()
|
||||
.collect(),
|
||||
),
|
||||
supports_temperature: false,
|
||||
},
|
||||
),
|
||||
]
|
||||
@@ -234,6 +243,7 @@ base_url = "http://localhost:11434/v1"
|
||||
query_params: None,
|
||||
http_headers: None,
|
||||
env_http_headers: None,
|
||||
supports_temperature: true,
|
||||
};
|
||||
|
||||
let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
|
||||
@@ -259,6 +269,7 @@ query_params = { api-version = "2025-04-01-preview" }
|
||||
}),
|
||||
http_headers: None,
|
||||
env_http_headers: None,
|
||||
supports_temperature: true,
|
||||
};
|
||||
|
||||
let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
|
||||
@@ -287,6 +298,7 @@ env_http_headers = { "X-Example-Env-Header" = "EXAMPLE_ENV_VAR" }
|
||||
env_http_headers: Some(maplit::hashmap! {
|
||||
"X-Example-Env-Header".to_string() => "EXAMPLE_ENV_VAR".to_string(),
|
||||
}),
|
||||
supports_temperature: true,
|
||||
};
|
||||
|
||||
let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
|
||||
|
||||
@@ -282,15 +282,9 @@ pub enum EventMsg {
|
||||
/// Agent text output message
|
||||
AgentMessage(AgentMessageEvent),
|
||||
|
||||
/// Agent text output delta message
|
||||
AgentMessageDelta(AgentMessageDeltaEvent),
|
||||
|
||||
/// Reasoning event from agent.
|
||||
AgentReasoning(AgentReasoningEvent),
|
||||
|
||||
/// Agent reasoning delta event from agent.
|
||||
AgentReasoningDelta(AgentReasoningDeltaEvent),
|
||||
|
||||
/// Ack the client's configure message.
|
||||
SessionConfigured(SessionConfiguredEvent),
|
||||
|
||||
@@ -346,21 +340,11 @@ pub struct AgentMessageEvent {
|
||||
pub message: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, Serialize)]
|
||||
pub struct AgentMessageDeltaEvent {
|
||||
pub delta: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, Serialize)]
|
||||
pub struct AgentReasoningEvent {
|
||||
pub text: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, Serialize)]
|
||||
pub struct AgentReasoningDeltaEvent {
|
||||
pub delta: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize, Serialize)]
|
||||
pub struct McpToolCallBeginEvent {
|
||||
/// Identifier so this can be paired with the McpToolCallEnd event.
|
||||
|
||||
@@ -71,8 +71,8 @@ async fn chat_mode_stream_cli() {
|
||||
println!("Stderr:\n{}", String::from_utf8_lossy(&output.stderr));
|
||||
assert!(output.status.success());
|
||||
let stdout = String::from_utf8_lossy(&output.stdout);
|
||||
let hi_lines = stdout.lines().filter(|line| line.trim() == "hi").count();
|
||||
assert_eq!(hi_lines, 1, "Expected exactly one line with 'hi'");
|
||||
assert!(stdout.contains("hi"));
|
||||
assert_eq!(stdout.matches("hi").count(), 1);
|
||||
|
||||
server.verify().await;
|
||||
}
|
||||
|
||||
@@ -107,6 +107,7 @@ async fn keeps_previous_response_id_between_tasks() {
|
||||
query_params: None,
|
||||
http_headers: None,
|
||||
env_http_headers: None,
|
||||
supports_temperature: true,
|
||||
};
|
||||
|
||||
// Init session
|
||||
|
||||
@@ -32,8 +32,6 @@ fn sse_completed(id: &str) -> String {
|
||||
}
|
||||
|
||||
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
||||
// this test is flaky (has race conditions), so we ignore it for now
|
||||
#[ignore]
|
||||
async fn retries_on_early_close() {
|
||||
#![allow(clippy::unwrap_used)]
|
||||
|
||||
@@ -98,6 +96,7 @@ async fn retries_on_early_close() {
|
||||
query_params: None,
|
||||
http_headers: None,
|
||||
env_http_headers: None,
|
||||
supports_temperature: true,
|
||||
};
|
||||
|
||||
let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
|
||||
|
||||
@@ -3,9 +3,7 @@ use codex_common::summarize_sandbox_policy;
|
||||
use codex_core::WireApi;
|
||||
use codex_core::config::Config;
|
||||
use codex_core::model_supports_reasoning_summaries;
|
||||
use codex_core::protocol::AgentMessageDeltaEvent;
|
||||
use codex_core::protocol::AgentMessageEvent;
|
||||
use codex_core::protocol::AgentReasoningDeltaEvent;
|
||||
use codex_core::protocol::BackgroundEventEvent;
|
||||
use codex_core::protocol::ErrorEvent;
|
||||
use codex_core::protocol::Event;
|
||||
@@ -23,7 +21,6 @@ use owo_colors::OwoColorize;
|
||||
use owo_colors::Style;
|
||||
use shlex::try_join;
|
||||
use std::collections::HashMap;
|
||||
use std::io::Write;
|
||||
use std::time::Instant;
|
||||
|
||||
/// This should be configurable. When used in CI, users may not want to impose
|
||||
@@ -53,12 +50,10 @@ pub(crate) struct EventProcessor {
|
||||
|
||||
/// Whether to include `AgentReasoning` events in the output.
|
||||
show_agent_reasoning: bool,
|
||||
answer_started: bool,
|
||||
reasoning_started: bool,
|
||||
}
|
||||
|
||||
impl EventProcessor {
|
||||
pub(crate) fn create_with_ansi(with_ansi: bool, config: &Config) -> Self {
|
||||
pub(crate) fn create_with_ansi(with_ansi: bool, show_agent_reasoning: bool) -> Self {
|
||||
let call_id_to_command = HashMap::new();
|
||||
let call_id_to_patch = HashMap::new();
|
||||
let call_id_to_tool_call = HashMap::new();
|
||||
@@ -75,9 +70,7 @@ impl EventProcessor {
|
||||
green: Style::new().green(),
|
||||
cyan: Style::new().cyan(),
|
||||
call_id_to_tool_call,
|
||||
show_agent_reasoning: !config.hide_agent_reasoning,
|
||||
answer_started: false,
|
||||
reasoning_started: false,
|
||||
show_agent_reasoning,
|
||||
}
|
||||
} else {
|
||||
Self {
|
||||
@@ -91,9 +84,7 @@ impl EventProcessor {
|
||||
green: Style::new(),
|
||||
cyan: Style::new(),
|
||||
call_id_to_tool_call,
|
||||
show_agent_reasoning: !config.hide_agent_reasoning,
|
||||
answer_started: false,
|
||||
reasoning_started: false,
|
||||
show_agent_reasoning,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -193,45 +184,12 @@ impl EventProcessor {
|
||||
EventMsg::TokenCount(TokenUsage { total_tokens, .. }) => {
|
||||
ts_println!(self, "tokens used: {total_tokens}");
|
||||
}
|
||||
EventMsg::AgentMessageDelta(AgentMessageDeltaEvent { delta }) => {
|
||||
if !self.answer_started {
|
||||
ts_println!(self, "{}\n", "codex".style(self.italic).style(self.magenta));
|
||||
self.answer_started = true;
|
||||
}
|
||||
print!("{delta}");
|
||||
#[allow(clippy::expect_used)]
|
||||
std::io::stdout().flush().expect("could not flush stdout");
|
||||
}
|
||||
EventMsg::AgentReasoningDelta(AgentReasoningDeltaEvent { delta }) => {
|
||||
if !self.show_agent_reasoning {
|
||||
return;
|
||||
}
|
||||
if !self.reasoning_started {
|
||||
ts_println!(
|
||||
self,
|
||||
"{}\n",
|
||||
"thinking".style(self.italic).style(self.magenta),
|
||||
);
|
||||
self.reasoning_started = true;
|
||||
}
|
||||
print!("{delta}");
|
||||
#[allow(clippy::expect_used)]
|
||||
std::io::stdout().flush().expect("could not flush stdout");
|
||||
}
|
||||
EventMsg::AgentMessage(AgentMessageEvent { message }) => {
|
||||
// if answer_started is false, this means we haven't received any
|
||||
// delta. Thus, we need to print the message as a new answer.
|
||||
if !self.answer_started {
|
||||
ts_println!(
|
||||
self,
|
||||
"{}\n{}",
|
||||
"codex".style(self.italic).style(self.magenta),
|
||||
message,
|
||||
);
|
||||
} else {
|
||||
println!();
|
||||
self.answer_started = false;
|
||||
}
|
||||
ts_println!(
|
||||
self,
|
||||
"{}\n{message}",
|
||||
"codex".style(self.bold).style(self.magenta)
|
||||
);
|
||||
}
|
||||
EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
|
||||
call_id,
|
||||
@@ -385,7 +343,7 @@ impl EventProcessor {
|
||||
);
|
||||
|
||||
// Pretty-print the patch summary with colored diff markers so
|
||||
// it's easy to scan in the terminal output.
|
||||
// it’s easy to scan in the terminal output.
|
||||
for (path, change) in changes.iter() {
|
||||
match change {
|
||||
FileChange::Add { content } => {
|
||||
@@ -483,17 +441,12 @@ impl EventProcessor {
|
||||
}
|
||||
EventMsg::AgentReasoning(agent_reasoning_event) => {
|
||||
if self.show_agent_reasoning {
|
||||
if !self.reasoning_started {
|
||||
ts_println!(
|
||||
self,
|
||||
"{}\n{}",
|
||||
"codex".style(self.italic).style(self.magenta),
|
||||
agent_reasoning_event.text,
|
||||
);
|
||||
} else {
|
||||
println!();
|
||||
self.reasoning_started = false;
|
||||
}
|
||||
ts_println!(
|
||||
self,
|
||||
"{}\n{}",
|
||||
"thinking".style(self.italic).style(self.magenta),
|
||||
agent_reasoning_event.text
|
||||
);
|
||||
}
|
||||
}
|
||||
EventMsg::SessionConfigured(session_configured_event) => {
|
||||
|
||||
@@ -115,7 +115,8 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
|
||||
};
|
||||
|
||||
let config = Config::load_with_cli_overrides(cli_kv_overrides, overrides)?;
|
||||
let mut event_processor = EventProcessor::create_with_ansi(stdout_with_ansi, &config);
|
||||
let mut event_processor =
|
||||
EventProcessor::create_with_ansi(stdout_with_ansi, !config.hide_agent_reasoning);
|
||||
// Print the effective configuration and prompt so users can see what Codex
|
||||
// is using.
|
||||
event_processor.print_config_summary(&config, &prompt);
|
||||
|
||||
@@ -171,12 +171,6 @@ pub async fn run_codex_tool_session(
|
||||
EventMsg::SessionConfigured(_) => {
|
||||
tracing::error!("unexpected SessionConfigured event");
|
||||
}
|
||||
EventMsg::AgentMessageDelta(_) => {
|
||||
// TODO: think how we want to support this in the MCP
|
||||
}
|
||||
EventMsg::AgentReasoningDelta(_) => {
|
||||
// TODO: think how we want to support this in the MCP
|
||||
}
|
||||
EventMsg::Error(_)
|
||||
| EventMsg::TaskStarted
|
||||
| EventMsg::TokenCount(_)
|
||||
|
||||
@@ -40,6 +40,7 @@ ratatui = { version = "0.29.0", features = [
|
||||
] }
|
||||
ratatui-image = "8.0.0"
|
||||
regex-lite = "0.1"
|
||||
reqwest = { version = "0.12", features = ["json"] }
|
||||
serde_json = { version = "1", features = ["preserve_order"] }
|
||||
shlex = "1.3.0"
|
||||
strum = "0.27.1"
|
||||
@@ -59,6 +60,7 @@ tui-markdown = "0.3.3"
|
||||
tui-textarea = "0.7.0"
|
||||
unicode-segmentation = "1.12.0"
|
||||
uuid = "1"
|
||||
time = { version = "0.3", features = ["formatting"] }
|
||||
|
||||
[dev-dependencies]
|
||||
insta = "1.43.1"
|
||||
|
||||
@@ -199,21 +199,7 @@ impl<'a> App<'a> {
|
||||
modifiers: crossterm::event::KeyModifiers::CONTROL,
|
||||
..
|
||||
} => {
|
||||
match &mut self.app_state {
|
||||
AppState::Chat { widget } => {
|
||||
if widget.composer_is_empty() {
|
||||
self.app_event_tx.send(AppEvent::ExitRequest);
|
||||
} else {
|
||||
// Treat Ctrl+D as a normal key event when the composer
|
||||
// is not empty so that it doesn't quit the application
|
||||
// prematurely.
|
||||
self.dispatch_key_event(key_event);
|
||||
}
|
||||
}
|
||||
AppState::Login { .. } | AppState::GitWarning { .. } => {
|
||||
self.app_event_tx.send(AppEvent::ExitRequest);
|
||||
}
|
||||
}
|
||||
self.app_event_tx.send(AppEvent::ExitRequest);
|
||||
}
|
||||
_ => {
|
||||
self.dispatch_key_event(key_event);
|
||||
@@ -280,6 +266,11 @@ impl<'a> App<'a> {
|
||||
widget.add_diff_output(text);
|
||||
}
|
||||
}
|
||||
SlashCommand::SecurityReview => {
|
||||
if let AppState::Chat { widget } = &mut self.app_state {
|
||||
widget.start_security_review_with_defaults();
|
||||
}
|
||||
}
|
||||
},
|
||||
AppEvent::StartFileSearch(query) => {
|
||||
self.file_search.on_user_query(query);
|
||||
@@ -289,6 +280,11 @@ impl<'a> App<'a> {
|
||||
widget.apply_file_search_result(query, matches);
|
||||
}
|
||||
}
|
||||
AppEvent::SecurityReviewFinished { mode, outcome } => {
|
||||
if let AppState::Chat { widget } = &mut self.app_state {
|
||||
widget.handle_security_review_finished(mode, outcome);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
terminal.clear()?;
|
||||
@@ -297,8 +293,6 @@ impl<'a> App<'a> {
|
||||
}
|
||||
|
||||
fn draw_next_frame(&mut self, terminal: &mut tui::Tui) -> Result<()> {
|
||||
// TODO: add a throttle to avoid redrawing too often
|
||||
|
||||
match &mut self.app_state {
|
||||
AppState::Chat { widget } => {
|
||||
terminal.draw(|frame| frame.render_widget_ref(&**widget, frame.area()))?;
|
||||
|
||||
@@ -2,6 +2,7 @@ use codex_core::protocol::Event;
|
||||
use codex_file_search::FileMatch;
|
||||
use crossterm::event::KeyEvent;
|
||||
|
||||
use crate::security_review::{SecurityReviewFailure, SecurityReviewMode, SecurityReviewResult};
|
||||
use crate::slash_command::SlashCommand;
|
||||
|
||||
#[allow(clippy::large_enum_variant)]
|
||||
@@ -45,4 +46,10 @@ pub(crate) enum AppEvent {
|
||||
query: String,
|
||||
matches: Vec<FileMatch>,
|
||||
},
|
||||
|
||||
/// Completion event for a `/secreview` invocation.
|
||||
SecurityReviewFinished {
|
||||
mode: SecurityReviewMode,
|
||||
outcome: Result<SecurityReviewResult, SecurityReviewFailure>,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -76,11 +76,6 @@ impl ChatComposer<'_> {
|
||||
this
|
||||
}
|
||||
|
||||
/// Returns true if the composer currently contains no user input.
|
||||
pub(crate) fn is_empty(&self) -> bool {
|
||||
self.textarea.is_empty()
|
||||
}
|
||||
|
||||
/// Update the cached *context-left* percentage and refresh the placeholder
|
||||
/// text. The UI relies on the placeholder to convey the remaining
|
||||
/// context when the composer is empty.
|
||||
|
||||
@@ -72,7 +72,8 @@ impl ChatComposerHistory {
|
||||
return false;
|
||||
}
|
||||
|
||||
if textarea.is_empty() {
|
||||
let lines = textarea.lines();
|
||||
if lines.len() == 1 && lines[0].is_empty() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -84,7 +85,6 @@ impl ChatComposerHistory {
|
||||
return false;
|
||||
}
|
||||
|
||||
let lines = textarea.lines();
|
||||
matches!(&self.last_history_text, Some(prev) if prev == &lines.join("\n"))
|
||||
}
|
||||
|
||||
|
||||
@@ -162,10 +162,6 @@ impl BottomPane<'_> {
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn composer_is_empty(&self) -> bool {
|
||||
self.composer.is_empty()
|
||||
}
|
||||
|
||||
pub(crate) fn is_task_running(&self) -> bool {
|
||||
self.is_task_running
|
||||
}
|
||||
|
||||
@@ -1,11 +1,9 @@
|
||||
use std::path::PathBuf;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::sync::Arc;
|
||||
|
||||
use codex_core::codex_wrapper::init_codex;
|
||||
use codex_core::config::Config;
|
||||
use codex_core::protocol::AgentMessageDeltaEvent;
|
||||
use codex_core::protocol::AgentMessageEvent;
|
||||
use codex_core::protocol::AgentReasoningDeltaEvent;
|
||||
use codex_core::protocol::AgentReasoningEvent;
|
||||
use codex_core::protocol::ApplyPatchApprovalRequestEvent;
|
||||
use codex_core::protocol::ErrorEvent;
|
||||
@@ -31,6 +29,7 @@ use ratatui::widgets::Widget;
|
||||
use ratatui::widgets::WidgetRef;
|
||||
use tokio::sync::mpsc::UnboundedSender;
|
||||
use tokio::sync::mpsc::unbounded_channel;
|
||||
use tokio::task::JoinHandle;
|
||||
|
||||
use crate::app_event::AppEvent;
|
||||
use crate::app_event_sender::AppEventSender;
|
||||
@@ -40,7 +39,10 @@ use crate::bottom_pane::InputResult;
|
||||
use crate::conversation_history_widget::ConversationHistoryWidget;
|
||||
use crate::history_cell::PatchEventType;
|
||||
use crate::user_approval_widget::ApprovalRequest;
|
||||
use crate::security_review::{run_security_review, SecurityReviewFailure, SecurityReviewMode, SecurityReviewRequest, SecurityReviewResult};
|
||||
use codex_file_search::FileMatch;
|
||||
use path_clean::PathClean;
|
||||
use shlex;
|
||||
|
||||
pub(crate) struct ChatWidget<'a> {
|
||||
app_event_tx: AppEventSender,
|
||||
@@ -51,8 +53,8 @@ pub(crate) struct ChatWidget<'a> {
|
||||
config: Config,
|
||||
initial_user_message: Option<UserMessage>,
|
||||
token_usage: TokenUsage,
|
||||
reasoning_buffer: String,
|
||||
answer_buffer: String,
|
||||
security_review_handle: Option<JoinHandle<()>>,
|
||||
active_security_review_mode: Option<SecurityReviewMode>,
|
||||
}
|
||||
|
||||
#[derive(Clone, Copy, Eq, PartialEq)]
|
||||
@@ -83,6 +85,15 @@ fn create_initial_user_message(text: String, image_paths: Vec<PathBuf>) -> Optio
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Default)]
|
||||
struct ParsedSecReviewCommand {
|
||||
mode: SecurityReviewMode,
|
||||
include_paths: Vec<String>,
|
||||
output_path: Option<String>,
|
||||
repo_path: Option<String>,
|
||||
model_name: Option<String>,
|
||||
}
|
||||
|
||||
impl ChatWidget<'_> {
|
||||
pub(crate) fn new(
|
||||
config: Config,
|
||||
@@ -139,8 +150,8 @@ impl ChatWidget<'_> {
|
||||
initial_images,
|
||||
),
|
||||
token_usage: TokenUsage::default(),
|
||||
reasoning_buffer: String::new(),
|
||||
answer_buffer: String::new(),
|
||||
security_review_handle: None,
|
||||
active_security_review_mode: None,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -188,6 +199,11 @@ impl ChatWidget<'_> {
|
||||
|
||||
fn submit_user_message(&mut self, user_message: UserMessage) {
|
||||
let UserMessage { text, image_paths } = user_message;
|
||||
|
||||
if self.try_handle_slash_command(&text) {
|
||||
return;
|
||||
}
|
||||
|
||||
let mut items: Vec<InputItem> = Vec::new();
|
||||
|
||||
if !text.is_empty() {
|
||||
@@ -224,6 +240,240 @@ impl ChatWidget<'_> {
|
||||
self.conversation_history.scroll_to_bottom();
|
||||
}
|
||||
|
||||
fn try_handle_slash_command(&mut self, text: &str) -> bool {
|
||||
let trimmed = text.trim();
|
||||
if trimmed.starts_with("/secreview") {
|
||||
match parse_security_review_command(trimmed) {
|
||||
Ok(command) => {
|
||||
if let Err(err) = self.launch_security_review(command) {
|
||||
self.report_security_review_error(err);
|
||||
}
|
||||
}
|
||||
Err(err) => self.report_security_review_error(err),
|
||||
}
|
||||
return true;
|
||||
}
|
||||
false
|
||||
}
|
||||
|
||||
pub(crate) fn start_security_review_with_defaults(&mut self) {
|
||||
let command = ParsedSecReviewCommand::default();
|
||||
if let Err(err) = self.launch_security_review(command) {
|
||||
self.report_security_review_error(err);
|
||||
}
|
||||
}
|
||||
|
||||
fn launch_security_review(&mut self, command: ParsedSecReviewCommand) -> Result<(), String> {
|
||||
let repo_candidate = if let Some(repo_override) = command.repo_path.as_ref() {
|
||||
let candidate = Path::new(repo_override);
|
||||
if candidate.is_absolute() {
|
||||
candidate.to_path_buf()
|
||||
} else {
|
||||
self.config.cwd.join(candidate)
|
||||
}
|
||||
} else {
|
||||
self.config.cwd.clone()
|
||||
}
|
||||
.clean();
|
||||
|
||||
let repo_path = match repo_candidate.canonicalize() {
|
||||
Ok(path) => path,
|
||||
Err(_) => repo_candidate.clone(),
|
||||
};
|
||||
|
||||
if !repo_path.exists() {
|
||||
return Err(format!(
|
||||
"Repository path '{}' does not exist.",
|
||||
repo_path.display()
|
||||
));
|
||||
}
|
||||
if !repo_path.is_dir() {
|
||||
return Err(format!(
|
||||
"Repository path '{}' is not a directory.",
|
||||
repo_path.display()
|
||||
));
|
||||
}
|
||||
|
||||
let mut resolved_paths: Vec<PathBuf> = Vec::new();
|
||||
let mut display_paths: Vec<String> = Vec::new();
|
||||
|
||||
for include in &command.include_paths {
|
||||
let candidate = resolve_path(&repo_path, include);
|
||||
let canonical = match candidate.canonicalize() {
|
||||
Ok(path) => path,
|
||||
Err(_) => candidate.clone(),
|
||||
};
|
||||
|
||||
if !canonical.exists() {
|
||||
return Err(format!("Path '{}' does not exist.", canonical.display()));
|
||||
}
|
||||
if !canonical.starts_with(&repo_path) {
|
||||
return Err(format!(
|
||||
"Path '{}' is outside the repository root '{}'.",
|
||||
canonical.display(),
|
||||
repo_path.display()
|
||||
));
|
||||
}
|
||||
|
||||
let relative = canonical
|
||||
.strip_prefix(&repo_path)
|
||||
.unwrap_or(&canonical)
|
||||
.display()
|
||||
.to_string();
|
||||
display_paths.push(relative);
|
||||
resolved_paths.push(canonical);
|
||||
}
|
||||
|
||||
let output_root = if let Some(output_override) = command.output_path.as_ref() {
|
||||
let candidate = Path::new(output_override);
|
||||
if candidate.is_absolute() {
|
||||
candidate.to_path_buf()
|
||||
} else {
|
||||
repo_path.join(candidate)
|
||||
}
|
||||
} else {
|
||||
repo_path.join("appsec_review")
|
||||
}
|
||||
.clean();
|
||||
|
||||
let model_name = command
|
||||
.model_name
|
||||
.clone()
|
||||
.unwrap_or_else(|| self.config.model.clone());
|
||||
|
||||
if self.security_review_handle.is_some() {
|
||||
return Err("A security review is already running. Please wait for it to finish or abort it before starting another.".to_string());
|
||||
}
|
||||
|
||||
let scope_description = if resolved_paths.is_empty() {
|
||||
"entire repository".to_string()
|
||||
} else {
|
||||
display_paths.join(", ")
|
||||
};
|
||||
|
||||
let summary = format!(
|
||||
"🔐 Running AppSec security review (mode: {}).\nRepository: {}\nScope: {}\nOutput: {}\nModel: {}",
|
||||
command.mode.as_str(),
|
||||
repo_path.display(),
|
||||
scope_description,
|
||||
output_root.display(),
|
||||
model_name
|
||||
);
|
||||
self.conversation_history.add_background_event(summary);
|
||||
self.conversation_history.scroll_to_bottom();
|
||||
self.bottom_pane.set_task_running(true);
|
||||
self.request_redraw();
|
||||
|
||||
let provider = self.config.model_provider.clone();
|
||||
let request = SecurityReviewRequest {
|
||||
repo_path: repo_path.clone(),
|
||||
include_paths: resolved_paths,
|
||||
output_root: output_root.clone(),
|
||||
mode: command.mode,
|
||||
model: model_name,
|
||||
provider,
|
||||
progress_sender: Some(self.app_event_tx.clone()),
|
||||
};
|
||||
|
||||
let app_event_tx = self.app_event_tx.clone();
|
||||
let mode = command.mode;
|
||||
let handle = tokio::spawn(async move {
|
||||
let outcome = run_security_review(request).await;
|
||||
app_event_tx.send(AppEvent::SecurityReviewFinished { mode, outcome });
|
||||
});
|
||||
self.security_review_handle = Some(handle);
|
||||
self.active_security_review_mode = Some(mode);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn report_security_review_error(&mut self, message: String) {
|
||||
self.security_review_handle = None;
|
||||
self.active_security_review_mode = None;
|
||||
self.bottom_pane.set_task_running(false);
|
||||
self.conversation_history
|
||||
.add_background_event(format!("❌ {message}"));
|
||||
self.conversation_history.scroll_to_bottom();
|
||||
self.request_redraw();
|
||||
}
|
||||
|
||||
pub(crate) fn handle_security_review_finished(
|
||||
&mut self,
|
||||
mode: SecurityReviewMode,
|
||||
outcome: Result<SecurityReviewResult, SecurityReviewFailure>,
|
||||
) {
|
||||
self.security_review_handle = None;
|
||||
self.active_security_review_mode = None;
|
||||
self.bottom_pane.set_task_running(false);
|
||||
match outcome {
|
||||
Ok(result) => {
|
||||
let SecurityReviewResult {
|
||||
bugs_markdown,
|
||||
report_markdown,
|
||||
bugs_path,
|
||||
report_path,
|
||||
logs,
|
||||
} = result;
|
||||
|
||||
let mut summary = format!(
|
||||
"✅ AppSec security review complete (mode: {}).\nBugs saved to {}.",
|
||||
mode.as_str(),
|
||||
bugs_path.display()
|
||||
);
|
||||
if let Some(report_path) = report_path.as_ref() {
|
||||
summary.push_str(&format!(
|
||||
"\nReport saved to {}.",
|
||||
report_path.display()
|
||||
));
|
||||
}
|
||||
self.conversation_history.add_background_event(summary);
|
||||
|
||||
if matches!(mode, SecurityReviewMode::Full) {
|
||||
if let Some(markdown) = report_markdown.and_then(|m| {
|
||||
if m.trim().is_empty() {
|
||||
None
|
||||
} else {
|
||||
Some(m)
|
||||
}
|
||||
}) {
|
||||
self.conversation_history.add_agent_message(
|
||||
&self.config,
|
||||
format!("# AppSec Security Review Report\n\n{markdown}"),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if !bugs_markdown.trim().is_empty() {
|
||||
let heading = if matches!(mode, SecurityReviewMode::Full) {
|
||||
"## Bugs Summary"
|
||||
} else {
|
||||
"# AppSec Bugs Summary"
|
||||
};
|
||||
self.conversation_history.add_agent_message(
|
||||
&self.config,
|
||||
format!("{heading}\n\n{bugs_markdown}"),
|
||||
);
|
||||
}
|
||||
|
||||
if let Some(log_text) = format_security_review_logs(&logs) {
|
||||
self.conversation_history
|
||||
.add_background_event(format!("Logs:\n{log_text}"));
|
||||
}
|
||||
}
|
||||
Err(error) => {
|
||||
let SecurityReviewFailure { message, logs } = error;
|
||||
let mut summary = format!("❌ AppSec security review failed: {message}");
|
||||
if let Some(log_text) = format_security_review_logs(&logs) {
|
||||
summary.push_str(&format!("\n\nLogs:\n{log_text}"));
|
||||
}
|
||||
self.conversation_history.add_background_event(summary);
|
||||
}
|
||||
}
|
||||
|
||||
self.conversation_history.scroll_to_bottom();
|
||||
self.request_redraw();
|
||||
}
|
||||
|
||||
pub(crate) fn handle_codex_event(&mut self, event: Event) {
|
||||
let Event { id, msg } = event;
|
||||
match msg {
|
||||
@@ -246,51 +496,16 @@ impl ChatWidget<'_> {
|
||||
self.request_redraw();
|
||||
}
|
||||
EventMsg::AgentMessage(AgentMessageEvent { message }) => {
|
||||
// if the answer buffer is empty, this means we haven't received any
|
||||
// delta. Thus, we need to print the message as a new answer.
|
||||
if self.answer_buffer.is_empty() {
|
||||
self.conversation_history
|
||||
.add_agent_message(&self.config, message);
|
||||
} else {
|
||||
self.conversation_history
|
||||
.replace_prev_agent_message(&self.config, message);
|
||||
}
|
||||
self.answer_buffer.clear();
|
||||
self.request_redraw();
|
||||
}
|
||||
EventMsg::AgentMessageDelta(AgentMessageDeltaEvent { delta }) => {
|
||||
if self.answer_buffer.is_empty() {
|
||||
self.conversation_history
|
||||
.add_agent_message(&self.config, "".to_string());
|
||||
}
|
||||
self.answer_buffer.push_str(&delta.clone());
|
||||
self.conversation_history
|
||||
.replace_prev_agent_message(&self.config, self.answer_buffer.clone());
|
||||
self.request_redraw();
|
||||
}
|
||||
EventMsg::AgentReasoningDelta(AgentReasoningDeltaEvent { delta }) => {
|
||||
if self.reasoning_buffer.is_empty() {
|
||||
self.conversation_history
|
||||
.add_agent_reasoning(&self.config, "".to_string());
|
||||
}
|
||||
self.reasoning_buffer.push_str(&delta.clone());
|
||||
self.conversation_history
|
||||
.replace_prev_agent_reasoning(&self.config, self.reasoning_buffer.clone());
|
||||
.add_agent_message(&self.config, message);
|
||||
self.request_redraw();
|
||||
}
|
||||
EventMsg::AgentReasoning(AgentReasoningEvent { text }) => {
|
||||
// if the reasoning buffer is empty, this means we haven't received any
|
||||
// delta. Thus, we need to print the message as a new reasoning.
|
||||
if self.reasoning_buffer.is_empty() {
|
||||
if !self.config.hide_agent_reasoning {
|
||||
self.conversation_history
|
||||
.add_agent_reasoning(&self.config, "".to_string());
|
||||
} else {
|
||||
// else, we rerender one last time.
|
||||
self.conversation_history
|
||||
.replace_prev_agent_reasoning(&self.config, text);
|
||||
.add_agent_reasoning(&self.config, text);
|
||||
self.request_redraw();
|
||||
}
|
||||
self.reasoning_buffer.clear();
|
||||
self.request_redraw();
|
||||
}
|
||||
EventMsg::TaskStarted => {
|
||||
self.bottom_pane.clear_ctrl_c_quit_hint();
|
||||
@@ -461,6 +676,20 @@ impl ChatWidget<'_> {
|
||||
/// Returns true if the key press was handled, false if it was not.
|
||||
/// If the key press was not handled, the caller should handle it (likely by exiting the process).
|
||||
pub(crate) fn on_ctrl_c(&mut self) -> bool {
|
||||
if let Some(handle) = self.security_review_handle.take() {
|
||||
handle.abort();
|
||||
let mode = self
|
||||
.active_security_review_mode
|
||||
.take()
|
||||
.unwrap_or_else(SecurityReviewMode::default);
|
||||
let failure = SecurityReviewFailure {
|
||||
message: "AppSec security review aborted by user.".to_string(),
|
||||
logs: vec!["AppSec security review aborted by user.".to_string()],
|
||||
};
|
||||
self.handle_security_review_finished(mode, Err(failure));
|
||||
return true;
|
||||
}
|
||||
|
||||
if self.bottom_pane.is_task_running() {
|
||||
self.bottom_pane.clear_ctrl_c_quit_hint();
|
||||
self.submit_op(Op::Interrupt);
|
||||
@@ -473,10 +702,6 @@ impl ChatWidget<'_> {
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn composer_is_empty(&self) -> bool {
|
||||
self.bottom_pane.composer_is_empty()
|
||||
}
|
||||
|
||||
/// Forward an `Op` directly to codex.
|
||||
pub(crate) fn submit_op(&self, op: Op) {
|
||||
if let Err(e) = self.codex_op_tx.send(op) {
|
||||
@@ -526,3 +751,137 @@ fn add_token_usage(current_usage: &TokenUsage, new_usage: &TokenUsage) -> TokenU
|
||||
total_tokens: current_usage.total_tokens + new_usage.total_tokens,
|
||||
}
|
||||
}
|
||||
|
||||
fn parse_security_review_command(input: &str) -> Result<ParsedSecReviewCommand, String> {
|
||||
let tokens = shlex::split(input).ok_or_else(|| "Unable to parse command arguments.".to_string())?;
|
||||
if tokens.is_empty() {
|
||||
return Err("Empty command.".to_string());
|
||||
}
|
||||
|
||||
if tokens[0] != "/secreview" {
|
||||
return Err("Unrecognized command.".to_string());
|
||||
}
|
||||
|
||||
let mut command = ParsedSecReviewCommand::default();
|
||||
let mut idx = 1;
|
||||
while idx < tokens.len() {
|
||||
let token = &tokens[idx];
|
||||
|
||||
if token == "--" {
|
||||
for extra in tokens.iter().skip(idx + 1) {
|
||||
if !extra.is_empty() {
|
||||
command.include_paths.push(extra.to_string());
|
||||
}
|
||||
}
|
||||
break;
|
||||
} else if matches!(
|
||||
token.as_str(),
|
||||
"bugs" | "--bugs" | "--mode=bugs"
|
||||
) {
|
||||
command.mode = SecurityReviewMode::Bugs;
|
||||
} else if matches!(
|
||||
token.as_str(),
|
||||
"full" | "--full" | "--mode=full"
|
||||
) {
|
||||
command.mode = SecurityReviewMode::Full;
|
||||
} else if token == "--mode" {
|
||||
idx += 1;
|
||||
if idx >= tokens.len() {
|
||||
return Err("Expected value after --mode.".to_string());
|
||||
}
|
||||
command.mode = parse_mode(&tokens[idx])?;
|
||||
} else if let Some(value) = token.strip_prefix("--mode=") {
|
||||
command.mode = parse_mode(value)?;
|
||||
} else if token == "--path" || token == "-p" {
|
||||
idx += 1;
|
||||
if idx >= tokens.len() {
|
||||
return Err(format!("Expected value after {token}."));
|
||||
}
|
||||
command.include_paths.push(tokens[idx].clone());
|
||||
} else if let Some(value) = token.strip_prefix("--path=") {
|
||||
command.include_paths.push(value.to_string());
|
||||
} else if let Some(value) = token.strip_prefix("-p=") {
|
||||
command.include_paths.push(value.to_string());
|
||||
} else if matches!(
|
||||
token.as_str(),
|
||||
"--output" | "-o" | "--output-location"
|
||||
) {
|
||||
idx += 1;
|
||||
if idx >= tokens.len() {
|
||||
return Err(format!("Expected value after {token}."));
|
||||
}
|
||||
command.output_path = Some(tokens[idx].clone());
|
||||
} else if let Some(value) = token.strip_prefix("--output=") {
|
||||
command.output_path = Some(value.to_string());
|
||||
} else if let Some(value) = token.strip_prefix("-o=") {
|
||||
command.output_path = Some(value.to_string());
|
||||
} else if matches!(
|
||||
token.as_str(),
|
||||
"--repo" | "--repo-location" | "--repository"
|
||||
) {
|
||||
idx += 1;
|
||||
if idx >= tokens.len() {
|
||||
return Err(format!("Expected value after {token}."));
|
||||
}
|
||||
command.repo_path = Some(tokens[idx].clone());
|
||||
} else if let Some(value) = token.strip_prefix("--repo=") {
|
||||
command.repo_path = Some(value.to_string());
|
||||
} else if let Some(value) = token.strip_prefix("--repo-location=") {
|
||||
command.repo_path = Some(value.to_string());
|
||||
} else if token == "--model" || token == "--model-name" {
|
||||
idx += 1;
|
||||
if idx >= tokens.len() {
|
||||
return Err(format!("Expected value after {token}."));
|
||||
}
|
||||
command.model_name = Some(tokens[idx].clone());
|
||||
} else if let Some(value) = token.strip_prefix("--model=") {
|
||||
command.model_name = Some(value.to_string());
|
||||
} else if let Some(value) = token.strip_prefix("--model-name=") {
|
||||
command.model_name = Some(value.to_string());
|
||||
} else if !token.is_empty() {
|
||||
command.include_paths.push(token.clone());
|
||||
}
|
||||
|
||||
idx += 1;
|
||||
}
|
||||
|
||||
Ok(command)
|
||||
}
|
||||
|
||||
fn parse_mode(value: &str) -> Result<SecurityReviewMode, String> {
|
||||
match value.to_ascii_lowercase().as_str() {
|
||||
"full" => Ok(SecurityReviewMode::Full),
|
||||
"bugs" | "bugs-only" | "bugsonly" => Ok(SecurityReviewMode::Bugs),
|
||||
other => Err(format!("Unknown mode '{other}'. Use 'full' or 'bugs'.")),
|
||||
}
|
||||
}
|
||||
|
||||
fn resolve_path(base: &Path, candidate: &str) -> PathBuf {
|
||||
let path = Path::new(candidate);
|
||||
if path.is_absolute() {
|
||||
path.to_path_buf()
|
||||
} else {
|
||||
base.join(path)
|
||||
}
|
||||
.clean()
|
||||
}
|
||||
|
||||
fn format_security_review_logs(logs: &[String]) -> Option<String> {
|
||||
if logs.is_empty() {
|
||||
return None;
|
||||
}
|
||||
|
||||
let joined = logs.join("\n");
|
||||
if joined.trim().is_empty() {
|
||||
return None;
|
||||
}
|
||||
|
||||
let lines: Vec<&str> = joined.lines().collect();
|
||||
const MAX_LINES: usize = 40;
|
||||
if lines.len() <= MAX_LINES {
|
||||
Some(joined)
|
||||
} else {
|
||||
let tail = lines[lines.len().saturating_sub(MAX_LINES)..].join("\n");
|
||||
Some(format!("… (showing last {MAX_LINES} lines)\n{tail}"))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -202,14 +202,6 @@ impl ConversationHistoryWidget {
|
||||
self.add_to_history(HistoryCell::new_agent_reasoning(config, text));
|
||||
}
|
||||
|
||||
pub fn replace_prev_agent_reasoning(&mut self, config: &Config, text: String) {
|
||||
self.replace_last_agent_reasoning(config, text);
|
||||
}
|
||||
|
||||
pub fn replace_prev_agent_message(&mut self, config: &Config, text: String) {
|
||||
self.replace_last_agent_message(config, text);
|
||||
}
|
||||
|
||||
pub fn add_background_event(&mut self, message: String) {
|
||||
self.add_to_history(HistoryCell::new_background_event(message));
|
||||
}
|
||||
@@ -257,42 +249,6 @@ impl ConversationHistoryWidget {
|
||||
});
|
||||
}
|
||||
|
||||
pub fn replace_last_agent_reasoning(&mut self, config: &Config, text: String) {
|
||||
if let Some(idx) = self
|
||||
.entries
|
||||
.iter()
|
||||
.rposition(|entry| matches!(entry.cell, HistoryCell::AgentReasoning { .. }))
|
||||
{
|
||||
let width = self.cached_width.get();
|
||||
let entry = &mut self.entries[idx];
|
||||
entry.cell = HistoryCell::new_agent_reasoning(config, text);
|
||||
let height = if width > 0 {
|
||||
entry.cell.height(width)
|
||||
} else {
|
||||
0
|
||||
};
|
||||
entry.line_count.set(height);
|
||||
}
|
||||
}
|
||||
|
||||
pub fn replace_last_agent_message(&mut self, config: &Config, text: String) {
|
||||
if let Some(idx) = self
|
||||
.entries
|
||||
.iter()
|
||||
.rposition(|entry| matches!(entry.cell, HistoryCell::AgentMessage { .. }))
|
||||
{
|
||||
let width = self.cached_width.get();
|
||||
let entry = &mut self.entries[idx];
|
||||
entry.cell = HistoryCell::new_agent_message(config, text);
|
||||
let height = if width > 0 {
|
||||
entry.cell.height(width)
|
||||
} else {
|
||||
0
|
||||
};
|
||||
entry.line_count.set(height);
|
||||
}
|
||||
}
|
||||
|
||||
pub fn record_completed_exec_command(
|
||||
&mut self,
|
||||
call_id: String,
|
||||
@@ -498,7 +454,7 @@ impl WidgetRef for ConversationHistoryWidget {
|
||||
|
||||
{
|
||||
// Choose a thumb color that stands out only when this pane has focus so that the
|
||||
// user's attention is naturally drawn to the active viewport. When unfocused we show
|
||||
// user’s attention is naturally drawn to the active viewport. When unfocused we show
|
||||
// a low-contrast thumb so the scrollbar fades into the background without becoming
|
||||
// invisible.
|
||||
let thumb_style = if self.has_input_focus {
|
||||
|
||||
@@ -20,6 +20,7 @@ use tracing_subscriber::EnvFilter;
|
||||
use tracing_subscriber::prelude::*;
|
||||
|
||||
mod app;
|
||||
mod security_review;
|
||||
mod app_event;
|
||||
mod app_event_sender;
|
||||
mod bottom_pane;
|
||||
|
||||
@@ -14,6 +14,8 @@ pub enum SlashCommand {
|
||||
// more frequently used commands should be listed first.
|
||||
New,
|
||||
Diff,
|
||||
#[strum(serialize = "secreview")]
|
||||
SecurityReview,
|
||||
Quit,
|
||||
ToggleMouseMode,
|
||||
}
|
||||
@@ -30,6 +32,9 @@ impl SlashCommand {
|
||||
SlashCommand::Diff => {
|
||||
"Show git diff of the working directory (including untracked files)"
|
||||
}
|
||||
SlashCommand::SecurityReview => {
|
||||
"Run AppSec security review and display the generated reports"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user