mirror of
https://github.com/openai/codex.git
synced 2026-06-02 19:31:59 +00:00
b89bf1ef47
## Why Fixes openai/codex#20944. Desktop side chats are intentionally ephemeral and pathless. They can still accept live turns while loaded, but after a reload there is no persisted rollout to resume. In the reported failure mode, Desktop could send `$CODEX_HOME` as the resume/fork path for one of these pathless side chats. `thread/resume` and `thread/fork` prefer an explicit `path` over `threadId`, and rollout path lookup only checked that a candidate existed. That let `$CODEX_HOME` pass as a rollout path, so the later rollout reader tried to open a directory and surfaced the low-level `Is a directory` error. ## What Changed - Reject explicit rollout paths that resolve to a directory or other non-file before attempting to read rollout history. - Make `codex_rollout::existing_rollout_path` return only plain or compressed rollout candidates that are actual files. - Add an app-server regression test that creates an ephemeral fork, runs a turn while the side thread is loaded, simulates reload, then verifies both `thread/resume` and `thread/fork` reject `$CODEX_HOME` with `path is a directory` instead of the OS-level directory-read error. - Rebase over the `TestAppServer` rename and update the remaining stale test harness call sites to use `TestAppServer` with `app_server` local variables. Relevant code: - `thread-store/src/local/read_thread.rs` validates explicit rollout paths before rollout reading:25b47c8f42/codex-rs/thread-store/src/local/read_thread.rs (L146-L165)- `rollout/src/compression.rs` now requires file metadata for plain and compressed rollout candidates:25b47c8f42/codex-rs/rollout/src/compression.rs (L940-L950)- The repro test covers the pathless ephemeral side-chat reload case:25b47c8f42/codex-rs/app-server/tests/suite/v2/thread_fork.rs (L774-L886)## Verification - `just test -p codex-app-server pathless_ephemeral_thread_rejects_codex_home_path_after_reload`
Thread Store
codex-thread-store is the storage boundary for Codex threads. It defines the
ThreadStore trait plus local and in-memory implementations. Other storage
implementations may live outside this repository.
Responsibilities
ThreadStore::append_itemsis the raw canonical history append API. It does not infer metadata from item contents.ThreadStore::update_thread_metadatais the only thread metadata write API. It accepts a single literal metadata patch shape, regardless of whether the caller is applying a user/API mutation or facts derived above the store from appended history.LiveThreadis the preferred API for active session persistence. It owns a per-thread metadata sync helper, applies the rollout persistence policy, appends canonical history, and then sends metadata patches throughThreadStore::update_thread_metadata.ThreadManagerroutes metadata mutations for loaded and cold threads through one entrypoint. Loaded threads use theirLiveThread; cold threads go directly to the store.LocalThreadStorepersists history throughcodex-rolloutJSONL files and persists queryable metadata through the SQLite state database when available. Local explicit metadata mutations also maintain JSONL/name-index compatibility so reading old or SQLite-less local storage keeps working.RolloutRecorderis the local JSONL writer. It writes already-canonical items forThreadStore::append_items; it no longer decides metadata updates for live thread-store appends.core/sessioncreates or resumesLiveThreadhandles and does not need to know whether persistence is backed by local files or another store.
Direction
New metadata observation semantics should live above ThreadStore. Stores
persist explicit metadata fields, but raw history appends remain history-only.