cb05de6724
## Summary DotSlash should resolve the same canonical package archives used by standalone installers and npm platform packages, rather than continuing to point at single-binary zstd artifacts or the older Linux bundle archive. This updates the Codex CLI and `codex-app-server` DotSlash release config entries to match `codex-package-<target>.tar.gz` and `codex-app-server-package-<target>.tar.gz`, with paths that select `bin/codex` or `bin/codex-app-server` inside the extracted package. The other helper outputs stay on their existing per-binary artifacts for now. ## Test plan - `python3 -m json.tool .github/dotslash-config.json > /dev/null` - Ran a Python regex smoke test that checked every updated `codex` and `codex-app-server` platform entry against the archive names emitted by `.github/scripts/build-codex-package-archive.sh`.
Codex package builder
This package contains the implementation behind scripts/build_codex_package.py.
The top-level script is the stable executable entry point; these modules keep the
package-building logic split by responsibility.
The builder creates a canonical Codex package directory:
.
├── codex-package.json
├── bin
│ └── <entrypoint>[.exe]
├── codex-resources
│ ├── bwrap # Linux only
│ ├── codex-command-runner.exe # Windows only
│ └── codex-windows-sandbox-setup.exe # Windows only
└── codex-path
└── rg[.exe]
The package directory is the primary artifact. Archive formats such as
.tar.gz, .tar.zst, and .zip are serializations of that directory.
If --target is omitted, the builder uses the release target for the current
host platform. On Linux, that default is a musl target to match Codex release
artifacts; pass a GNU Linux target explicitly for native glibc local builds. If
--package-dir is omitted, the builder creates a new temporary directory and
prints its path after the package is built.
The --variant flag selects the package entrypoint. Supported variants are
codex and codex-app-server. The version field in codex-package.json is
read from [workspace.package].version in codex-rs/Cargo.toml.
Source-built artifacts
Artifacts built from this repository are always built by the package builder in
one grouped cargo build command per package when they are needed:
- all targets: the selected entrypoint, unless
--entrypoint-binis provided - Linux targets:
bwrap - Windows targets:
codex-command-runnerandcodex-windows-sandbox-setup
The default cargo profile is dev-small because local iteration should favor
fast, small builds. Release jobs should pass --cargo-profile release and an
explicit target. Release jobs that already built and signed/notarized the
entrypoint should pass --entrypoint-bin so the package contains that exact
binary instead of rebuilding it.
rg is not built from this repository, so the builder fetches it from the
DotSlash manifest at codex-cli/bin/rg. Downloaded archives are cached under
$TMPDIR/codex-package/<target>-rg and are reused only after the recorded size
and SHA-256 digest have been verified. Pass --rg-bin to use a local ripgrep
executable instead.