Merge branch 'main' into feat/watch-mode

Author: stefanoamorelli

.github/workflows/ci.yml

@@ -67,3 +67,8 @@ jobs:
 
       - name: Build
         run: pnpm run build
+
+      - name: Ensure README.md contains only ASCII and certain Unicode code points
+        run: ./scripts/asciicheck.py README.md
+      - name: Check README ToC
+        run: python3 scripts/readme_toc.py README.md

CHANGELOG.md

@@ -2,6 +2,61 @@
 
 You can install any of these versions: `npm install -g codex@version`
 
+## `0.1.2504221401`
+
+### 🚀 Features
+
+- Show actionable errors when api keys are missing (#523)
+- Add CLI `--version` flag (#492)
+
+### 🐛 Bug Fixes
+
+- Agent loop for ZDR (`disableResponseStorage`) (#543)
+- Fix relative `workdir` check for `apply_patch` (#556)
+- Minimal mid-stream #429 retry loop using existing back-off (#506)
+- Inconsistent usage of base URL and API key (#507)
+- Remove requirement for api key for ollama (#546)
+- Support `[provider]_BASE_URL` (#542)
+
+## `0.1.2504220136`
+
+### 🚀 Features
+
+- Add support for ZDR orgs (#481)
+- Include fractional portion of chunk that exceeds stdout/stderr limit (#497)
+
+## `0.1.2504211509`
+
+### 🚀 Features
+
+- Support multiple providers via Responses-Completion transformation (#247)
+- Add user-defined safe commands configuration and approval logic #380 (#386)
+- Allow switching approval modes when prompted to approve an edit/command (#400)
+- Add support for `/diff` command autocomplete in TerminalChatInput (#431)
+- Auto-open model selector if user selects deprecated model (#427)
+- Read approvalMode from config file (#298)
+- `/diff` command to view git diff (#426)
+- Tab completions for file paths (#279)
+- Add /command autocomplete (#317)
+- Allow multi-line input (#438)
+
+### 🐛 Bug Fixes
+
+- `full-auto` support in quiet mode (#374)
+- Enable shell option for child process execution (#391)
+- Configure husky and lint-staged for pnpm monorepo (#384)
+- Command pipe execution by improving shell detection (#437)
+- Name of the file not matching the name of the component (#354)
+- Allow proper exit from new Switch approval mode dialog (#453)
+- Ensure /clear resets context and exclude system messages from approximateTokenUsed count (#443)
+- `/clear` now clears terminal screen and resets context left indicator (#425)
+- Correct fish completion function name in CLI script (#485)
+- Auto-open model-selector when model is not found (#448)
+- Remove unnecessary isLoggingEnabled() checks (#420)
+- Improve test reliability for `raw-exec` (#434)
+- Unintended tear down of agent loop (#483)
+- Remove extraneous type casts (#462)
+
 ## `0.1.2504181820`
 
 ### 🚀 Features

README.md

@@ -38,7 +38,7 @@ commit_parsers = [
   { message = "^fix",  group = "<!-- 1 -->🐛 Bug Fixes" },
   { message = "^bump", group = "<!-- 6 -->🛳️ Release" },
   # Fallback – skip anything that didn't match the above rules.
-  { message = ".*",  group = "<!-- 10 -->💼 Other", skip = true },
+  { message = ".*",  group = "<!-- 10 -->💼 Other" },
 ]
 
 filter_unconventional = false

cliff.toml

@@ -1,6 +1,8 @@
 import * as esbuild from "esbuild";
 import * as fs from "fs";
 import * as path from "path";
+
+const OUT_DIR = 'dist'
 /**
  * ink attempts to import react-devtools-core in an ESM-unfriendly way:
  *
@@ -39,6 +41,11 @@ const isDevBuild =
 
 const plugins = [ignoreReactDevToolsPlugin];
 
+// Build Hygiene, ensure we drop previous dist dir and any leftover files
+const outPath = path.resolve(OUT_DIR);
+if (fs.existsSync(outPath)) {
+  fs.rmSync(outPath, { recursive: true, force: true });
+}
 
 // Add a shebang that enables source‑map support for dev builds so that stack
 // traces point to the original TypeScript lines without requiring callers to
@@ -50,7 +57,7 @@ if (isDevBuild) {
     name: "dev-shebang",
     setup(build) {
       build.onEnd(async () => {
-        const outFile = path.resolve(isDevBuild ? "dist/cli-dev.js" : "dist/cli.js");
+        const outFile = path.resolve(isDevBuild ? `${OUT_DIR}/cli-dev.js` : `${OUT_DIR}/cli.js`);
         let code = await fs.promises.readFile(outFile, "utf8");
         if (code.startsWith("#!")) {
           code = code.replace(/^#!.*\n/, devShebangLine);
@@ -69,7 +76,7 @@ esbuild
     format: "esm",
     platform: "node",
     tsconfig: "tsconfig.json",
-    outfile: isDevBuild ? "dist/cli-dev.js" : "dist/cli.js",
+    outfile: isDevBuild ? `${OUT_DIR}/cli-dev.js` : `${OUT_DIR}/cli.js`,
     minify: !isDevBuild,
     sourcemap: isDevBuild ? "inline" : true,
     plugins,

codex-cli/build.mjs

@@ -1,6 +1,6 @@
 {
   "name": "@openai/codex",
-  "version": "0.1.2504181820",
+  "version": "0.1.2504221401",
   "license": "Apache-2.0",
   "bin": {
     "codex": "bin/codex.js"
@@ -26,8 +26,7 @@
     "release": "pnpm run release:readme && pnpm run release:version && pnpm install && pnpm run release:build-and-publish"
   },
   "files": [
-    "dist",
-    "src"
+    "dist"
   ],
   "dependencies": {
     "@inkjs/ui": "^2.0.0",

codex-cli/package.json

@@ -4,7 +4,6 @@ import {
   identify_files_added,
   identify_files_needed,
 } from "./utils/agent/apply-patch";
-import { loadConfig } from "./utils/config";
 import * as path from "path";
 import { parse } from "shell-quote";
 
@@ -72,13 +71,14 @@ export type ApprovalPolicy =
  */
 export function canAutoApprove(
   command: ReadonlyArray<string>,
+  workdir: string | undefined,
   policy: ApprovalPolicy,
   writableRoots: ReadonlyArray<string>,
   env: NodeJS.ProcessEnv = process.env,
 ): SafetyAssessment {
   if (command[0] === "apply_patch") {
     return command.length === 2 && typeof command[1] === "string"
-      ? canAutoApproveApplyPatch(command[1], writableRoots, policy)
+      ? canAutoApproveApplyPatch(command[1], workdir, writableRoots, policy)
       : {
           type: "reject",
           reason: "Invalid apply_patch command",
@@ -104,7 +104,12 @@ export function canAutoApprove(
   ) {
     const applyPatchArg = tryParseApplyPatch(command[2]);
     if (applyPatchArg != null) {
-      return canAutoApproveApplyPatch(applyPatchArg, writableRoots, policy);
+      return canAutoApproveApplyPatch(
+        applyPatchArg,
+        workdir,
+        writableRoots,
+        policy,
+      );
     }
 
     let bashCmd;
@@ -136,8 +141,8 @@ export function canAutoApprove(
     // bashCmd could be a mix of strings and operators, e.g.:
     //   "ls || (true && pwd)" => [ 'ls', { op: '||' }, '(', 'true', { op: '&&' }, 'pwd', ')' ]
     // We try to ensure that *every* command segment is deemed safe and that
-    // all operators belong to an allow‑list. If so, the entire expression is
-    // considered auto‑approvable.
+    // all operators belong to an allow-list. If so, the entire expression is
+    // considered auto-approvable.
 
     const shellSafe = isEntireShellExpressionSafe(bashCmd);
     if (shellSafe != null) {
@@ -163,6 +168,7 @@ export function canAutoApprove(
 
 function canAutoApproveApplyPatch(
   applyPatchArg: string,
+  workdir: string | undefined,
   writableRoots: ReadonlyArray<string>,
   policy: ApprovalPolicy,
 ): SafetyAssessment {
@@ -180,7 +186,13 @@ function canAutoApproveApplyPatch(
       break;
   }
 
-  if (isWritePatchConstrainedToWritablePaths(applyPatchArg, writableRoots)) {
+  if (
+    isWritePatchConstrainedToWritablePaths(
+      applyPatchArg,
+      workdir,
+      writableRoots,
+    )
+  ) {
     return {
       type: "auto-approve",
       reason: "apply_patch command is constrained to writable paths",
@@ -209,6 +221,7 @@ function canAutoApproveApplyPatch(
  */
 function isWritePatchConstrainedToWritablePaths(
   applyPatchArg: string,
+  workdir: string | undefined,
   writableRoots: ReadonlyArray<string>,
 ): boolean {
   // `identify_files_needed()` returns a list of files that will be modified or
@@ -223,35 +236,60 @@ function isWritePatchConstrainedToWritablePaths(
   return (
     allPathsConstrainedTowritablePaths(
       identify_files_needed(applyPatchArg),
+      workdir,
       writableRoots,
     ) &&
     allPathsConstrainedTowritablePaths(
       identify_files_added(applyPatchArg),
+      workdir,
       writableRoots,
     )
   );
 }
 
 function allPathsConstrainedTowritablePaths(
   candidatePaths: ReadonlyArray<string>,
+  workdir: string | undefined,
   writableRoots: ReadonlyArray<string>,
 ): boolean {
   return candidatePaths.every((candidatePath) =>
-    isPathConstrainedTowritablePaths(candidatePath, writableRoots),
+    isPathConstrainedTowritablePaths(candidatePath, workdir, writableRoots),
   );
 }
 
 /** If candidatePath is relative, it will be resolved against cwd. */
 function isPathConstrainedTowritablePaths(
   candidatePath: string,
+  workdir: string | undefined,
   writableRoots: ReadonlyArray<string>,
 ): boolean {
-  const candidateAbsolutePath = path.resolve(candidatePath);
+  const candidateAbsolutePath = resolvePathAgainstWorkdir(
+    candidatePath,
+    workdir,
+  );
+
   return writableRoots.some((writablePath) =>
     pathContains(writablePath, candidateAbsolutePath),
   );
 }
 
+/**
+ * If not already an absolute path, resolves `candidatePath` against `workdir`
+ * if specified; otherwise, against `process.cwd()`.
+ */
+export function resolvePathAgainstWorkdir(
+  candidatePath: string,
+  workdir: string | undefined,
+): string {
+  if (path.isAbsolute(candidatePath)) {
+    return candidatePath;
+  } else if (workdir != null) {
+    return path.resolve(workdir, candidatePath);
+  } else {
+    return path.resolve(candidatePath);
+  }
+}
+
 /** Both `parent` and `child` must be absolute paths. */
 function pathContains(parent: string, child: string): boolean {
   const relative = path.relative(parent, child);
@@ -297,24 +335,6 @@ export function isSafeCommand(
 ): SafeCommandReason | null {
   const [cmd0, cmd1, cmd2, cmd3] = command;
 
-  const config = loadConfig();
-  if (config.safeCommands && Array.isArray(config.safeCommands)) {
-    for (const safe of config.safeCommands) {
-      // safe: "npm test" → ["npm", "test"]
-      const safeArr = typeof safe === "string" ? safe.trim().split(/\s+/) : [];
-      if (
-        safeArr.length > 0 &&
-        safeArr.length <= command.length &&
-        safeArr.every((v, i) => v === command[i])
-      ) {
-        return {
-          reason: "User-defined safe command",
-          group: "User config",
-        };
-      }
-    }
-  }
-
   switch (cmd0) {
     case "cd":
       return {
@@ -333,7 +353,7 @@ export function isSafeCommand(
       };
     case "true":
       return {
-        reason: "No‑op (true)",
+        reason: "No-op (true)",
         group: "Utility",
       };
     case "echo":
@@ -348,11 +368,20 @@ export function isSafeCommand(
         reason: "Ripgrep search",
         group: "Searching",
       };
-    case "find":
-      return {
-        reason: "Find files or directories",
-        group: "Searching",
-      };
+    case "find": {
+      // Certain options to `find` allow executing arbitrary processes, so we
+      // cannot auto-approve them.
+      if (
+        command.some((arg: string) => UNSAFE_OPTIONS_FOR_FIND_COMMAND.has(arg))
+      ) {
+        break;
+      } else {
+        return {
+          reason: "Find files or directories",
+          group: "Searching",
+        };
+      }
+    }
     case "grep":
       return {
         reason: "Text search (grep)",
@@ -440,12 +469,27 @@ function isValidSedNArg(arg: string | undefined): boolean {
   return arg != null && /^(\d+,)?\d+p$/.test(arg);
 }
 
+const UNSAFE_OPTIONS_FOR_FIND_COMMAND: ReadonlySet<string> = new Set([
+  // Options that can execute arbitrary commands.
+  "-exec",
+  "-execdir",
+  "-ok",
+  "-okdir",
+  // Option that deletes matching files.
+  "-delete",
+  // Options that write pathnames to a file.
+  "-fls",
+  "-fprint",
+  "-fprint0",
+  "-fprintf",
+]);
+
 // ---------------- Helper utilities for complex shell expressions -----------------
 
-// A conservative allow‑list of bash operators that do not, on their own, cause
+// A conservative allow-list of bash operators that do not, on their own, cause
 // side effects. Redirections (>, >>, <, etc.) and command substitution `$()`
 // are intentionally excluded. Parentheses used for grouping are treated as
-// strings by `shell‑quote`, so we do not add them here. Reference:
+// strings by `shell-quote`, so we do not add them here. Reference:
 // https://github.com/substack/node-shell-quote#parsecmd-opts
 const SAFE_SHELL_OPERATORS: ReadonlySet<string> = new Set([
   "&&", // logical AND
@@ -471,7 +515,7 @@ function isEntireShellExpressionSafe(
   }
 
   try {
-    // Collect command segments delimited by operators. `shell‑quote` represents
+    // Collect command segments delimited by operators. `shell-quote` represents
     // subshell grouping parentheses as literal strings "(" and ")"; treat them
     // as unsafe to keep the logic simple (since subshells could introduce
     // unexpected scope changes).
@@ -539,7 +583,7 @@ function isParseEntryWithOp(
   return (
     typeof entry === "object" &&
     entry != null &&
-    // Using the safe `in` operator keeps the check property‑safe even when
+    // Using the safe `in` operator keeps the check property-safe even when
     // `entry` is a `string`.
     "op" in entry &&
     typeof (entry as { op?: unknown }).op === "string"