Harden app-server steering validation

Co-Authored-By: OpenAI Codex <noreply@openai.com>

Author: xuio

dist/index.js

@@ -23653,35 +23653,42 @@ var CodexSessionManager = class {
     }
     const wasActive = Boolean(session.controller);
     if (session.protocol === "app-server" && session.appServer && session.activeTurn && !options.interruptCurrent) {
-      const turn = this.recordSteerDelivery(session, prompt);
-      try {
-        const delivered = await session.appServer.steer(prompt);
-        turn.status = delivered.delivered ? "completed" : "failed";
-        turn.resultOk = delivered.delivered;
-        turn.resultStatus = delivered.delivered ? "completed" : "failed";
-        turn.error = delivered.delivered ? void 0 : "No active Codex app-server turn accepted steering.";
-        turn.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
-        this.notifyTurn(turn);
-        this.notifySession(session);
-        if (options.wait && session.activeTurn) await this.waitForTurn(session, session.activeTurn);
-        return {
-          session: snapshot2(session),
-          turn: turnSnapshot(turn),
-          delivery: delivered.delivered ? "delivered_to_active_turn" : "queued_after_current",
-          error: turn.error
-        };
-      } catch (error2) {
-        logger.error("session.steer_app_server_failed", {
+      const activeCodexTurnId = await this.waitForAppServerActiveTurn(session, 1e3);
+      if (!activeCodexTurnId) {
+        logger.warn("session.steer_app_server_not_ready", {
           sessionId: id,
-          error: errorForLog(error2)
+          activeTurnId: session.activeTurn.id
         });
-        turn.status = "failed";
-        turn.error = error2 instanceof Error ? error2.message : String(error2);
-        turn.resultOk = false;
-        turn.resultStatus = "failed";
-        turn.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
-        this.notifyTurn(turn);
-        this.notifySession(session);
+      } else {
+        try {
+          const delivered = await session.appServer.steer(prompt);
+          if (!delivered.delivered) {
+            logger.warn("session.steer_app_server_rejected", {
+              sessionId: id,
+              activeTurnId: session.activeTurn.id,
+              activeCodexTurnId
+            });
+          } else {
+            const turn = this.recordSteerDelivery(session, prompt);
+            turn.status = "completed";
+            turn.resultOk = true;
+            turn.resultStatus = "completed";
+            turn.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+            this.notifyTurn(turn);
+            this.notifySession(session);
+            if (options.wait && session.activeTurn) await this.waitForTurn(session, session.activeTurn);
+            return {
+              session: snapshot2(session),
+              turn: turnSnapshot(turn),
+              delivery: "delivered_to_active_turn"
+            };
+          }
+        } catch (error2) {
+          logger.error("session.steer_app_server_failed", {
+            sessionId: id,
+            error: errorForLog(error2)
+          });
+        }
       }
     }
     const response = await this.send(id, prompt, overrides, {
@@ -23971,6 +23978,15 @@ var CodexSessionManager = class {
       });
     }
   }
+  async waitForAppServerActiveTurn(session, timeoutMs) {
+    const deadline = Date.now() + timeoutMs;
+    while (session.controller && session.activeTurn && session.appServer && Date.now() < deadline) {
+      const activeTurnId = session.appServer.activeTurnId;
+      if (activeTurnId) return activeTurnId;
+      await new Promise((resolve) => setTimeout(resolve, 10));
+    }
+    return session.appServer?.activeTurnId;
+  }
   notifyTurn(turn) {
     for (const waiter of turn.waiters) waiter();
     turn.waiters.clear();

src/sessions.ts

@@ -280,35 +280,42 @@ export class CodexSessionManager {
     }
     const wasActive = Boolean(session.controller);
     if (session.protocol === "app-server" && session.appServer && session.activeTurn && !options.interruptCurrent) {
-      const turn = this.recordSteerDelivery(session, prompt);
-      try {
-        const delivered = await session.appServer.steer(prompt);
-        turn.status = delivered.delivered ? "completed" : "failed";
-        turn.resultOk = delivered.delivered;
-        turn.resultStatus = delivered.delivered ? "completed" : "failed";
-        turn.error = delivered.delivered ? undefined : "No active Codex app-server turn accepted steering.";
-        turn.updatedAt = new Date().toISOString();
-        this.notifyTurn(turn);
-        this.notifySession(session);
-        if (options.wait && session.activeTurn) await this.waitForTurn(session, session.activeTurn);
-        return {
-          session: snapshot(session),
-          turn: turnSnapshot(turn),
-          delivery: delivered.delivered ? "delivered_to_active_turn" : "queued_after_current",
-          error: turn.error,
-        };
-      } catch (error) {
-        logger.error("session.steer_app_server_failed", {
+      const activeCodexTurnId = await this.waitForAppServerActiveTurn(session, 1_000);
+      if (!activeCodexTurnId) {
+        logger.warn("session.steer_app_server_not_ready", {
           sessionId: id,
-          error: errorForLog(error),
+          activeTurnId: session.activeTurn.id,
         });
-        turn.status = "failed";
-        turn.error = error instanceof Error ? error.message : String(error);
-        turn.resultOk = false;
-        turn.resultStatus = "failed";
-        turn.updatedAt = new Date().toISOString();
-        this.notifyTurn(turn);
-        this.notifySession(session);
+      } else {
+        try {
+          const delivered = await session.appServer.steer(prompt);
+          if (!delivered.delivered) {
+            logger.warn("session.steer_app_server_rejected", {
+              sessionId: id,
+              activeTurnId: session.activeTurn.id,
+              activeCodexTurnId,
+            });
+          } else {
+            const turn = this.recordSteerDelivery(session, prompt);
+            turn.status = "completed";
+            turn.resultOk = true;
+            turn.resultStatus = "completed";
+            turn.updatedAt = new Date().toISOString();
+            this.notifyTurn(turn);
+            this.notifySession(session);
+            if (options.wait && session.activeTurn) await this.waitForTurn(session, session.activeTurn);
+            return {
+              session: snapshot(session),
+              turn: turnSnapshot(turn),
+              delivery: "delivered_to_active_turn",
+            };
+          }
+        } catch (error) {
+          logger.error("session.steer_app_server_failed", {
+            sessionId: id,
+            error: errorForLog(error),
+          });
+        }
       }
     }
     const response = await this.send(id, prompt, overrides, {
@@ -652,6 +659,19 @@ export class CodexSessionManager {
     }
   }
 
+  private async waitForAppServerActiveTurn(
+    session: CodexSessionRecord,
+    timeoutMs: number,
+  ): Promise<string | undefined> {
+    const deadline = Date.now() + timeoutMs;
+    while (session.controller && session.activeTurn && session.appServer && Date.now() < deadline) {
+      const activeTurnId = session.appServer.activeTurnId;
+      if (activeTurnId) return activeTurnId;
+      await new Promise((resolve) => setTimeout(resolve, 10));
+    }
+    return session.appServer?.activeTurnId;
+  }
+
   private notifyTurn(turn: CodexSessionTurnRecord): void {
     for (const waiter of turn.waiters) waiter();
     turn.waiters.clear();

test/claude-autodiscovery.mjs

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { mkdir, readFile, readdir, rm, stat } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { extractJsonResult } from "./json-result.mjs";
 
 const root = process.cwd();
 const fakeCodex = path.join(root, "test/fixtures/fake-codex.mjs");
@@ -59,12 +60,6 @@ async function resolveClaudeCodeBinary() {
   return resolved;
 }
 
-function extractJsonResult(rawResult) {
-  const trimmed = rawResult.trim();
-  const fenced = trimmed.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/);
-  return JSON.parse(fenced ? fenced[1] : trimmed);
-}
-
 function assert(condition, message, details) {
   if (!condition) {
     throw new Error(`${message}${details ? `\n${JSON.stringify(details, null, 2)}` : ""}`);

test/claude-large-output.mjs

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { readdir, stat } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { extractJsonResult } from "./json-result.mjs";
 
 const root = process.cwd();
 const fakeCodex = path.join(root, "test/fixtures/fake-codex.mjs");
@@ -58,12 +59,6 @@ async function resolveClaudeCodeBinary() {
   return resolved;
 }
 
-function extractJsonResult(rawResult) {
-  const trimmed = rawResult.trim();
-  const fenced = trimmed.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/);
-  return JSON.parse(fenced ? fenced[1] : trimmed);
-}
-
 function assert(condition, message, details) {
   if (!condition) {
     throw new Error(`${message}${details ? `\n${JSON.stringify(details, null, 2)}` : ""}`);

test/claude-orchestration.mjs

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { readdir, stat } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { extractJsonResult } from "./json-result.mjs";
 
 const root = process.cwd();
 const fakeCodex = path.join(root, "test/fixtures/fake-codex.mjs");
@@ -58,12 +59,6 @@ async function resolveClaudeCodeBinary() {
   return resolved;
 }
 
-function extractJsonResult(rawResult) {
-  const trimmed = rawResult.trim();
-  const fenced = trimmed.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/);
-  return JSON.parse(fenced ? fenced[1] : trimmed);
-}
-
 function assert(condition, message, details) {
   if (!condition) {
     throw new Error(`${message}${details ? `\n${JSON.stringify(details, null, 2)}` : ""}`);

test/claude-real-codex.mjs

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { readdir, stat } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { extractJsonResult } from "./json-result.mjs";
 
 const root = process.cwd();
 const codexBin =
@@ -58,12 +59,6 @@ async function resolveClaudeCodeBinary() {
   return resolved;
 }
 
-function extractJsonResult(rawResult) {
-  const trimmed = rawResult.trim();
-  const fenced = trimmed.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/);
-  return JSON.parse(fenced ? fenced[1] : trimmed);
-}
-
 function assert(condition, message, details) {
   if (!condition) {
     throw new Error(`${message}${details ? `\n${JSON.stringify(details, null, 2)}` : ""}`);

test/claude-real-session.mjs

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { readdir, stat } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { extractJsonResult } from "./json-result.mjs";
 
 const root = process.cwd();
 const codexBin =
@@ -69,12 +70,6 @@ async function resolveClaudeCodeBinary() {
   return resolved;
 }
 
-function extractJsonResult(rawResult) {
-  const trimmed = rawResult.trim();
-  const fenced = trimmed.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/);
-  return JSON.parse(fenced ? fenced[1] : trimmed);
-}
-
 function assert(condition, message, details) {
   if (!condition) {
     throw new Error(`${message}${details ? `\n${JSON.stringify(details, null, 2)}` : ""}`);
@@ -89,7 +84,7 @@ Perform exactly these checks:
 3. Call continue_codex_session for that session id with task "Follow-up persistent session validation. Stay read-only. Reply exactly REAL_SESSION_FOLLOW_OK", codex_bin "${codexBin}", model_preset "spark", reasoning_effort "low", timeout_ms 180000. Important: intentionally omit project_dir and cwd from this follow-up call.
 4. Verify the continue_codex_session result has agent.ok true, agent.cwd equal to "${root}", session.projectDir equal to "${root}", and finalMessage containing REAL_SESSION_FOLLOW_OK.
 5. Call get_session for the same session id and verify session.projectDir is still "${root}" and turns is at least 2.
-6. Call start_codex_session_async with task "Real async app-server steering validation. Stay read-only. Run the shell command \`sleep 6\`, then reply exactly REAL_SESSION_ASYNC_START_OK unless a later steering instruction changes the exact final reply.", project_dir "${root}", codex_bin "${codexBin}", model_preset "spark", reasoning_effort "low", timeout_ms 180000. Verify it returns a second session.id and a turn.id immediately.
+6. Call start_codex_session_async with task "Real async app-server steering validation. Stay read-only. Run the shell command \`sleep 30\`, then reply exactly REAL_SESSION_ASYNC_START_OK unless a later steering instruction changes the exact final reply.", project_dir "${root}", codex_bin "${codexBin}", model_preset "spark", reasoning_effort "low", timeout_ms 180000. Verify it returns a second session.id and a turn.id immediately.
 7. Poll get_codex_session for that second session id until session.supportsRealSteering is true and session.activeTurn is present.
 8. Call steer_codex_session for that second session id with steering_prompt "Steering validation. Change the exact final reply to REAL_SESSION_STEER_OK.", codex_bin "${codexBin}", model_preset "spark", reasoning_effort "low", timeout_ms 180000, wait_for_completion false. Verify it returns delivery "delivered_to_active_turn" and a completed steer turn.
 9. Call wait_codex_session for the second session id with timeout_ms 300000. Verify completed true, session.protocol is "app-server", session.turns is at least 1, recentTurns contains a completed steer turn, and lastResult.finalMessage contains REAL_SESSION_STEER_OK.

test/claude-session-steering.mjs

@@ -2,6 +2,7 @@ import { spawnSync } from "node:child_process";
 import { mkdir, readFile, readdir, rm, stat } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { extractJsonResult } from "./json-result.mjs";
 
 const root = process.cwd();
 const fakeCodex = path.join(root, "test/fixtures/fake-codex.mjs");
@@ -59,12 +60,6 @@ async function resolveClaudeCodeBinary() {
   return resolved;
 }
 
-function extractJsonResult(rawResult) {
-  const trimmed = rawResult.trim();
-  const fenced = trimmed.match(/^```(?:json)?\s*([\s\S]*?)\s*```$/);
-  return JSON.parse(fenced ? fenced[1] : trimmed);
-}
-
 function assert(condition, message, details) {
   if (!condition) {
     throw new Error(`${message}${details ? `\n${JSON.stringify(details, null, 2)}` : ""}`);
@@ -76,7 +71,7 @@ await mkdir(recordDir, { recursive: true });
 try {
   const prompt = `Validate the codex-subagents plugin's long-running session flow from inside Claude Code. Use only the codex-subagents MCP tools. Use this exact fake Codex binary: ${fakeCodex}. Use this exact project_dir: ${projectDir}.
 
-Start a Codex Spark session in the background with task "CLAUDE_STEERING_START DELAY_MS=2000". Poll get_codex_session until the session reports supportsRealSteering true and has an activeTurn. While it is running, first steer the session with steering prompt "CLAUDE_STEERING_STEER" without waiting for steering to complete. Then add a normal follow-up prompt "CLAUDE_STEERING_FOLLOW" without waiting for that prompt to complete. Then wait until the session is idle.
+Start a Codex Spark session in the background with task "CLAUDE_STEERING_START DELAY_MS=10000". Poll get_codex_session until the session reports supportsRealSteering true and has an activeTurn. While it is running, first steer the session with steering prompt "CLAUDE_STEERING_STEER" without waiting for steering to complete. Then add a normal follow-up prompt "CLAUDE_STEERING_FOLLOW" without waiting for that prompt to complete. Then wait until the session is idle.
 
 Return exactly one compact JSON object and no markdown. Shape: {"ok": boolean, "turns": number, "steerCompleted": boolean, "completed": boolean}.`;
 

test/json-result.mjs

@@ -0,0 +1,50 @@
+function findFirstJsonValue(text) {
+  for (let start = 0; start < text.length; start += 1) {
+    const opener = text[start];
+    if (opener !== "{" && opener !== "[") continue;
+
+    const stack = [opener];
+    let inString = false;
+    let escaped = false;
+
+    for (let index = start + 1; index < text.length; index += 1) {
+      const char = text[index];
+      if (inString) {
+        if (escaped) escaped = false;
+        else if (char === "\\") escaped = true;
+        else if (char === "\"") inString = false;
+        continue;
+      }
+
+      if (char === "\"") {
+        inString = true;
+        continue;
+      }
+      if (char === "{" || char === "[") {
+        stack.push(char);
+        continue;
+      }
+      if (char !== "}" && char !== "]") continue;
+
+      const expected = char === "}" ? "{" : "[";
+      if (stack.at(-1) !== expected) break;
+      stack.pop();
+      if (stack.length === 0) return text.slice(start, index + 1);
+    }
+  }
+  return undefined;
+}
+
+export function extractJsonResult(rawResult) {
+  const trimmed = String(rawResult ?? "").trim();
+  const fenced = trimmed.match(/```(?:json)?\s*([\s\S]*?)\s*```/i);
+  if (fenced) return JSON.parse(fenced[1].trim());
+
+  try {
+    return JSON.parse(trimmed);
+  } catch (strictError) {
+    const value = findFirstJsonValue(trimmed);
+    if (value) return JSON.parse(value);
+    throw strictError;
+  }
+}

test/json-result.test.mjs

@@ -0,0 +1,13 @@
+import { describe, expect, it } from "vitest";
+import { extractJsonResult } from "./json-result.mjs";
+
+describe("extractJsonResult", () => {
+  it("parses strict JSON, fenced JSON, and prefixed Claude text", () => {
+    expect(extractJsonResult('{"ok":true}')).toEqual({ ok: true });
+    expect(extractJsonResult('```json\n{"ok":true}\n```')).toEqual({ ok: true });
+    expect(extractJsonResult('All checks passed. {"ok":true,"text":"brace } inside string"}')).toEqual({
+      ok: true,
+      text: "brace } inside string",
+    });
+  });
+});