Skip to content

Commit 697f44d

Browse files
committed
chore(codex): refresh system runtime pins
1 parent 94cced2 commit 697f44d

22 files changed

Lines changed: 41 additions & 37 deletions

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ The format follows Keep a Changelog, and marketplace/plugin versions follow Sema
1010

1111
### Changed
1212

13+
- Runtime pins updated to current stable upstream versions: Codex CLI `0.132.0`, Serena Agent `1.5.1`, and Chrome DevTools MCP `1.0.1`.
14+
- System Codex docs now clarify that the owner-selected `sandbox_mode = "danger-full-access"` remains the active runtime policy while `plugin_hooks` stays an explicit official Codex opt-in.
15+
1316
### Security
1417

1518
## [0.4.1] - 2026-05-19

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@ scripts/doctor_system_codex.sh --strict-runtime
114114
python3 scripts/validate_runtime_prereqs.py --strict --require-codex
115115
```
116116

117-
System Codex is intentionally configured for unattended maintainer-controlled execution on a trusted machine: `profile = "rldyour-yolo"`, `approval_policy = "never"`, `sandbox_mode = "danger-full-access"`, `default_permissions = ":danger-no-sandbox"`, `model = "gpt-5.5"`, and `model_reasoning_effort = "xhigh"`. Managed subagent roles in `system/agents/*.toml` install to `~/.codex/agents/*.toml` and use `model = "gpt-5.5"` with `model_reasoning_effort = "medium"`. This is a maintainer-required operating mode for trusted local machines; downstream operators should review their own permission posture before applying these defaults.
117+
System Codex is intentionally configured for unattended maintainer-controlled execution on a trusted machine: `profile = "rldyour-yolo"`, `approval_policy = "never"`, `sandbox_mode = "danger-full-access"`, `default_permissions = ":danger-no-sandbox"`, `model = "gpt-5.5"`, and `model_reasoning_effort = "xhigh"`. Current Codex documentation treats `sandbox_mode` as the active older sandbox model when it is present, so this repository does not migrate the owner profile to beta permission profiles without an explicit policy decision. Managed subagent roles in `system/agents/*.toml` install to `~/.codex/agents/*.toml` and use `model = "gpt-5.5"` with `model_reasoning_effort = "medium"`. This is a maintainer-required operating mode for trusted local machines; downstream operators should review their own permission posture before applying these defaults.
118118

119119
Managed subagents currently include a temporary MCP isolation policy because Codex can eagerly initialize MCP servers per spawned session/subagent. Subagents keep the lightweight core surface available through inherited runtime configuration: `sequential-thinking`, `serena`, `context7`, `grep`, `deepwiki`, `openaiDeveloperDocs`, and built-in `codex_apps`. Specialist MCP servers such as `semgrep`, `figma`, `playwright`, `chrome-devtools`, `dart-flutter`, and `shadcn` are explicitly disabled inside managed subagents and remain parent-session tools for explicit security, design, browser, Flutter, or shadcn work.
120120

config/mcp-runtime-versions.env

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,12 @@ DART_FLUTTER_MCP_RUNTIME=external-local-dart-sdk
55
NODE_MAJOR_VERSION=24
66
BUN_VERSION=1.3.14
77
DART_SDK_VERSION=3.11.0
8-
CODEX_CLI_VERSION=0.130.0
8+
CODEX_CLI_VERSION=0.132.0
99
MCP_PYTHON_SDK_VERSION=1.27.1
10-
SERENA_AGENT_VERSION=1.3.0
10+
SERENA_AGENT_VERSION=1.5.1
1111
SEMGREP_VERSION=1.163.0
1212
SEQUENTIAL_THINKING_MCP_VERSION=2025.12.18
1313
PLAYWRIGHT_MCP_VERSION=0.0.75
14-
CHROME_DEVTOOLS_MCP_VERSION=0.26.0
14+
CHROME_DEVTOOLS_MCP_VERSION=1.0.1
1515
CONTEXT7_MCP_VERSION=2.2.5
1616
SHADCN_VERSION=4.7.0

plugins/rldyour-flow/references/flow-lifecycle.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ Core order:
2323
1. Git sync audit: dirty state, current branch, upstream ahead/behind, worktrees, local/remote branches.
2424
2. If uncommitted, unmerged, or stale merged branch/worktree state exists, deeply review it. If correct and consistent, synchronize it into `main`, merge safe branches, push, and remove merged worktrees/branches. If risky, ask the user with concrete options.
2525
3. Bootstrap agent-only context with `fullrepo_sync.py --bootstrap-init` before treating `AGENTS.md`, `CLAUDE.md`, `.serena/*`, `.claude/*`, `.codex/*`, or similar files as missing. This restores an existing `fullrepo`, publishes local agent-only files when no `fullrepo` exists, installs `.git/info/exclude`, and removes tracked agent-only files from the current branch index when migration is needed.
26-
4. Serena readiness: `check_onboarding_performed`, onboarding if needed, `list_memories`, relevant `read_memory`.
26+
4. Serena readiness: `initial_instructions`, `list_memories`, relevant `read_memory`, and `onboarding` only when no usable project context exists.
2727
5. Scope detection: project, module, sphere, or feature. For a sphere such as backend, inspect the whole sphere and its integration points.
2828
6. Semantic map: `get_symbols_overview`, targeted `find_symbol`, `find_referencing_symbols`, `search_for_pattern` only when needed.
2929
7. Data and contract map: database tables/fields, schemas, migrations, API contracts, generated artifacts, configuration keys, environment variables, and integration boundaries that affect the scope.

plugins/rldyour-flow/references/init-context-pack.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,15 @@ If the scope is ambiguous, ask the owner in Russian with 2-3 concrete options. I
1717

1818
Use Serena first for supported code:
1919

20-
1. `check_onboarding_performed`.
20+
1. `initial_instructions`.
2121
2. `list_memories`.
2222
3. `read_memory` for relevant memories.
23-
4. `get_symbols_overview` for entry files and important modules before reading bodies.
24-
5. `find_symbol` with body disabled to discover children and public surface.
25-
6. `find_symbol` with body enabled only for implementation that must be understood.
26-
7. `find_referencing_symbols` to trace callers, data flow, and impact.
27-
8. `search_for_pattern` for cross-cutting names, routes, schemas, config keys, DB fields, migrations, generated artifacts, tests, and unsupported file types.
23+
4. Use `onboarding` only when a project has no usable Serena memory/context yet.
24+
5. `get_symbols_overview` for entry files and important modules before reading bodies.
25+
6. `find_symbol` with body disabled to discover children and public surface.
26+
7. `find_symbol` with body enabled only for implementation that must be understood.
27+
8. `find_referencing_symbols` to trace callers, data flow, and impact.
28+
9. `search_for_pattern` for cross-cutting names, routes, schemas, config keys, DB fields, migrations, generated artifacts, tests, and unsupported file types.
2829

2930
Use raw `rg` or direct reads only for manifests, Markdown, config files, shell scripts, generated metadata, unsupported language files, or broad text sweeps.
3031

plugins/rldyour-lsps/skills/serena-lsp-integration/SKILL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ Use `.serena/project.local.yml` for machine-local executable paths. Use committe
2929

3030
For supported code files, use the existing Serena-first workflow:
3131

32-
1. `check_onboarding_performed`
32+
1. `initial_instructions`
3333
2. `list_memories`
3434
3. relevant `read_memory`
3535
4. `get_symbols_overview`

plugins/rldyour-mcps/.mcp.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
"command": "uvx",
55
"args": [
66
"--from",
7-
"serena-agent==1.3.0",
7+
"serena-agent==1.5.1",
88
"--python",
99
"3.13",
1010
"--prerelease",
@@ -45,7 +45,7 @@
4545
"chrome-devtools": {
4646
"command": "bunx",
4747
"args": [
48-
"chrome-devtools-mcp@0.26.0",
48+
"chrome-devtools-mcp@1.0.1",
4949
"--headless",
5050
"--isolated",
5151
"--no-usage-statistics",

plugins/rldyour-mcps/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ After plugin installation, browser/OAuth authorization may be required. If Codex
124124
Serena is configured without starting or opening the web dashboard:
125125

126126
```text
127-
uvx --from serena-agent==1.3.0 --python 3.13 --prerelease allow serena start-mcp-server --project-from-cwd --context=codex --enable-web-dashboard False --open-web-dashboard False
127+
uvx --from serena-agent==1.5.1 --python 3.13 --prerelease allow serena start-mcp-server --project-from-cwd --context=codex --enable-web-dashboard False --open-web-dashboard False
128128
```
129129

130130
If the dashboard is needed manually, change this runtime policy intentionally and re-run the system installer.

plugins/rldyour-serena-mcp/hooks/stop_memory_sync.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -167,7 +167,7 @@ Preferred path — delegate to the managed Codex subagent role 'serena-sync' whe
167167
The 'serena-sync' role is a managed Codex TOML agent installed from system/agents/serena-sync.toml. It is Codex-native; do not use Claude Code Agent(...) syntax in this repository.
168168
169169
Fallback path (if the subagent is not available — e.g. plugin not yet reloaded):
170-
1. Use Serena MCP for code inspection: check_onboarding_performed -> list_memories -> read_memory(relevant) -> get_symbols_overview -> find_symbol(include_body=false) -> find_symbol(include_body=true only where needed) -> find_referencing_symbols -> search_for_pattern.
170+
1. Use Serena MCP for code inspection: initial_instructions -> list_memories -> read_memory(relevant) -> get_symbols_overview -> find_symbol(include_body=false) -> find_symbol(include_body=true only where needed) -> find_referencing_symbols -> search_for_pattern.
171171
2. Update .serena/memories with high-signal fact-only English content. Use numbered topic files (AREA-01-SLUG.md) and update CORE-01-INDEX.md when adding, renaming, or splitting memories. Code, git diff, and tests are the source of truth.
172172
3. Each touched memory must contain a 'Last commit: ${HEAD_SHA}' line so the state script recognises sync via direct-head-reference.
173173
4. Run ${COMMIT_SCRIPT} to acknowledge sync state and clear runtime markers.

plugins/rldyour-serena-mcp/hooks/user_prompt_submit.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ if ! printf "%s" "$PROMPT" | grep -qiE 'код|code|repo|repository|project|пр
2525
exit 0
2626
fi
2727

28-
CONTEXT="Serena-first code workflow: for repository/project/directory/file code inspection, use Serena MCP before raw text reads when available: check_onboarding_performed -> list_memories -> read_memory(relevant) -> get_symbols_overview -> find_symbol(include_body=false) -> find_symbol(include_body=true only for needed symbols) -> find_referencing_symbols -> search_for_pattern. Use raw rg/read only as fallback, broad text sweep, or tiny known-location edit."
28+
CONTEXT="Serena-first code workflow: for repository/project/directory/file code inspection, use Serena MCP before raw text reads when available: initial_instructions -> list_memories -> read_memory(relevant) -> get_symbols_overview -> find_symbol(include_body=false) -> find_symbol(include_body=true only for needed symbols) -> find_referencing_symbols -> search_for_pattern. Use raw rg/read only as fallback, broad text sweep, or tiny known-location edit."
2929

3030
python3 - "$CONTEXT" <<'PY'
3131
import json

0 commit comments

Comments
 (0)