fix(itmux): stage only codex auth surface via allowlist (fixes codex startup)#241
Closed
NeuralEmpowerment wants to merge 3 commits into
Closed
fix(itmux): stage only codex auth surface via allowlist (fixes codex startup)#241NeuralEmpowerment wants to merge 3 commits into
NeuralEmpowerment wants to merge 3 commits into
Conversation
codex-cli 0.139.0's ~/.codex mixes a tiny auth/config surface (auth.json,
config.toml) with hundreds of megabytes of operational state under dirs the
old {tmp,log,logs,plugins} denylist never matched (.tmp/, sessions/,
logs_2.sqlite*, computer-use/, cache/, ...). Staging copied all of it
file-by-file over docker exec base64, turning start_workspace into a
multi-minute crawl that never completed - so itmux start --agents codex never
reached ready (claude, whose surface is one small file, works fine). The
--startup-timeout bound covers only the post-launch readiness wait, not
credential staging, so the symptom was a hang, not a timeout.
Switch codex staging from a fragile denylist to an allowlist of the actual
auth surface (auth.json, config.toml, config.json, AGENTS.md). An allowlist
cannot regress when codex adds new state directories. Empirically validated
that auth.json + config.toml is sufficient for codex to reach its ready
composer. Kept byte-for-byte parity between the Rust and Python drivers.
Capture the real codex-cli 0.139.0 first-ready pane after itmux start --agents codex (trust banner accepted, hooks modal dismissed, composer visible) as a fixture and assert codex_is_ready / codex_is_started match it. Guards the start-path predicate now that the staging fix lets start_workspace reach this pane.
Contributor
Author
Codex cross-model review: VERDICT CHANGES REQUESTED (1 must-fix)
|
Rust DirEntry::file_type() stats the link itself, not its target, so an allowlisted auth.json/config.toml that is a symlink (common with dotfile managers like stow/chezmoi) was silently dropped - the exact files the allowlist exists to preserve. Use fs::metadata (follows symlinks) for the file-type decision so a symlink-to-regular-file is staged by-value. Restores parity with the Python driver, whose Path.is_file() already follows symlinks. Also assert the full declared allowlist (config.json, AGENTS.md) in the allowlist test, and add a unix symlink test proving symlinked auth files are staged with their target's bytes.
Contributor
Author
|
Codex must-fix resolved (c1d5775). |
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Plan 2 / okrs-51p.7. Root-causes and fixes why codex never reached ready under itmux (claude did in ~634ms).
Root cause (not a readiness-heuristic bug): codex 0.139.0's
~/.codexis ~785MB (.tmp/250M,sessions/81M,logs_2.sqlite100M,computer-use/53M...). The DooD credential transfer copies directories file-by-file overdocker execbase64, so codex staging was a thousands-of-exec multi-minute crawl that never completed - itmux was stuck instage_into_containerbefore ever launching tmux. The readiness predicate + launch sequence were correct.Fix: replace the fragile denylist (
{tmp,log,logs,plugins}) with an allowlist - stage onlyauth.json/config.toml/config.json/AGENTS.md, skip all dirs. An allowlist can't regress when codex adds new state dirs. Applied to both Rust (auth.rs) and the Python driver (_CodexAdapter) for parity. Supersedes the denylistpluginsaddition from #235.Live-validated:
itmux start --agents codex-> rc=0, StartReportready:true, duration_ms:75. New fixture-based readiness test + rewritten auth-allowlist test. cargo test/clippy/fmt green.Note: the allowlist intentionally drops
sessions/(past transcripts, not auth) - a fresh workspace starts clean. Stacked on the Plan 1a stack (#236).