feat: surface codex windows sandbox progress
This commit is contained in:
AI Bot
@@ -81,7 +81,7 @@
|
||||
- 当前 `scripts/browser-control-smoke.mjs` 已经能对目标 URL 做一次真实最小探测:抓取页面标题并写回聊天结果;桌面 GUI 控制默认先走 `scripts/codex-computer-use-runtime.mjs`,由 Codex App Server 发起 Codex Computer Use 执行;失败后自动回退 `scripts/cua-driver-computer-use-runtime.mjs`,通过外部 `cua-driver` 执行 `launch_app -> get_window_state -> 可选 type_text/press_key -> get_window_state` 闭环;`scripts/computer-use-smoke.mjs` 仍保留为旧兜底和回归资产
|
||||
- 受控 Mac 需要先安装并授权 `cua-driver`;Boss runtime 会优先搜索 `PATH`,再搜索 `~/.local/bin/cua-driver`、`/usr/local/bin/cua-driver`、`/opt/homebrew/bin/cua-driver` 和 `/Applications/CuaDriver.app/Contents/MacOS/cua-driver`;如果仍找不到,会明确返回 `CUA_DRIVER_COMMAND_NOT_FOUND`,不会伪装成执行成功
|
||||
- 当前默认本机配置已把 `browserAutomation / computerUse` 两项能力直接上报为在线起步态,所以 Boss App 里这台 Mac 会显示“可做浏览器控制 / 桌面控制”;如果某条链路要临时收起,只需要改 `local-agent/config.cloud.json`
|
||||
- 当前 `local-agent` 已新增 `Codex App Server` runner:boss-agent 默认打开 `codexAppServerEnabled`,通过 `codex app-server` stdio 接入 `conversation_reply / dispatch_execution`,也可灰度切到 `ws://127.0.0.1:<port>` 或 `unix://PATH` 本机长驻 App Server;WebSocket/Unix WebSocket handshake 支持 `Authorization: Bearer <token>`,优先用 `codexAppServerAuthTokenFile` 保存本地 token。失败时只在 turn 未启动前回退 `codex exec resume`,避免重复执行同一轮对话。设备 heartbeat 会单独上报 `codexAppServer` capability,并按 `codexAppServerDiscoveryTtlMs` 缓存 `model/list / skills/list / plugin/list / app/list / modelProvider/capabilities/read` 的能力摘要,供 APP/后台模型选择和治理页读取。2026-05-31 起,runner 会吸收 App Server 的 plan / diff / item / subagent 事件并归一到 Boss `execution_progress` 进度卡,执行中通过 `POST /api/v1/master-agent/tasks/[taskId]/progress` 实时刷新;同日第二批已补 `item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated` 到 `approvals / warnings / fileChanges`,第三批已补 `thread/status/changed` 与 `thread/realtime/*` 到 `threadStatus / realtime`,第四批已补 `model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed` 到 `modelRoute / tokenUsage / mcpServers / remoteControl`。Android 原生进度卡可显示线程状态、实时状态、运行状态、安全提醒、审批状态和文件变更摘要,且不展示完整命令、diff、系统提示词、密钥、SDP、音频原始数据、raw realtime item 或 remote installationId。本机 `codex-cli 0.135.0-alpha.1` 协议快照已生成在 `docs/protocol-snapshots/codex-app-server/0.135.0-alpha.1/`。同日新增第一版 Inter-Thread Broker:任务携带源/目标 Codex 线程时可通过 `thread/read -> thread/inject_items -> turn/start` 完成受控线程协作;服务端新增 `POST /api/v1/projects/[projectId]/thread-collaboration` 作为 APP/后台可调用入口;任务携带 `targetCodexTurnId` 时 runner 会改用 `turn/steer` 干预活跃 turn。
|
||||
- 当前 `local-agent` 已新增 `Codex App Server` runner:boss-agent 默认打开 `codexAppServerEnabled`,通过 `codex app-server` stdio 接入 `conversation_reply / dispatch_execution`,也可灰度切到 `ws://127.0.0.1:<port>` 或 `unix://PATH` 本机长驻 App Server;WebSocket/Unix WebSocket handshake 支持 `Authorization: Bearer <token>`,优先用 `codexAppServerAuthTokenFile` 保存本地 token。失败时只在 turn 未启动前回退 `codex exec resume`,避免重复执行同一轮对话。设备 heartbeat 会单独上报 `codexAppServer` capability,并按 `codexAppServerDiscoveryTtlMs` 缓存 `model/list / skills/list / plugin/list / app/list / modelProvider/capabilities/read` 的能力摘要,供 APP/后台模型选择和治理页读取。2026-05-31 起,runner 会吸收 App Server 的 plan / diff / item / subagent 事件并归一到 Boss `execution_progress` 进度卡,执行中通过 `POST /api/v1/master-agent/tasks/[taskId]/progress` 实时刷新;后续已补 `approvals / warnings / fileChanges / threadStatus / realtime / modelRoute / tokenUsage / mcpServers / remoteControl / threadGoal / threadSettings / compaction / accountStatus / modelVerification / threadCollaboration / toolActivities / reasoningSummary / windowsSandbox` 等结构化摘要。Android 原生进度卡可显示线程状态、实时状态、线程配置、线程协作、工具活动、思考摘要、账号状态、运行状态、Windows 沙箱状态、安全提醒、审批状态和文件变更摘要,且不展示完整命令、diff、系统提示词、密钥、SDP、音频原始数据、raw realtime item、remote installationId、本地绝对路径或 Windows sandbox sourcePath。本机 `codex-cli 0.135.0-alpha.1` 协议快照已生成在 `docs/protocol-snapshots/codex-app-server/0.135.0-alpha.1/`。同日新增第一版 Inter-Thread Broker:任务携带源/目标 Codex 线程时可通过 `thread/read -> thread/inject_items -> turn/start` 完成受控线程协作;服务端新增 `POST /api/v1/projects/[projectId]/thread-collaboration` 作为 APP/后台可调用入口;任务携带 `targetCodexTurnId` 时 runner 会改用 `turn/steer` 干预活跃 turn。
|
||||
- `GET http://127.0.0.1:4317/api/v1/skills` 正常,已返回本机扫描到的 Codex Skill
|
||||
- `POST http://127.0.0.1:4317/api/v1/heartbeat` 正常,且会顺带触发 `thread-context` 上报
|
||||
- `local-agent` 当前每 5 秒轮询一次本机 Skill lifecycle 请求;默认打开 `skillLifecycleEnabled=true`。远程 `install` 或带 `sourceUrl` 的更新必须命中 `skillLifecycleAllowedSources` 或 `skillLifecycleTrustedSources`,为空时只允许既有本地 Skill 的 `update / rollback / uninstall / version_lock`;请求携带 `checksum / expectedChecksum` 时会校验 `manifest.json` 或 `SKILL.md` 的 sha256,失败会清理半安装目录或尽量恢复备份。卸载 / 更新 / 回滚前会在 `skillsDir/.boss-skill-backups` 保留备份,卸载仍限制在 `skillsDir` 目录内,版本锁写入 `.boss-skill-locks.json`
|
||||
|
||||
@@ -1525,8 +1525,9 @@ public final class BossUi {
|
||||
JSONObject tokenUsage = progress == null ? null : progress.optJSONObject("tokenUsage");
|
||||
JSONArray mcpServers = progress == null ? null : progress.optJSONArray("mcpServers");
|
||||
JSONObject remoteControl = progress == null ? null : progress.optJSONObject("remoteControl");
|
||||
JSONObject windowsSandbox = progress == null ? null : progress.optJSONObject("windowsSandbox");
|
||||
boolean hasRuntimeStatus = modelRoute != null || tokenUsage != null ||
|
||||
(mcpServers != null && mcpServers.length() > 0) || remoteControl != null;
|
||||
(mcpServers != null && mcpServers.length() > 0) || remoteControl != null || windowsSandbox != null;
|
||||
if (hasRuntimeStatus) {
|
||||
card.addView(divider(context));
|
||||
card.addView(sectionTitle(context, "运行状态"));
|
||||
@@ -1596,6 +1597,27 @@ public final class BossUi {
|
||||
));
|
||||
}
|
||||
}
|
||||
if (windowsSandbox != null) {
|
||||
String status = windowsSandbox.optString("status", "").trim();
|
||||
String setupMode = windowsSandbox.optString("setupMode", "").trim();
|
||||
String error = windowsSandbox.optString("error", "").trim();
|
||||
if (!TextUtils.isEmpty(status) || !TextUtils.isEmpty(setupMode)) {
|
||||
StringBuilder label = new StringBuilder("Windows 沙箱");
|
||||
if (!TextUtils.isEmpty(status)) {
|
||||
label.append(" ").append(status);
|
||||
}
|
||||
if (!TextUtils.isEmpty(setupMode)) {
|
||||
label.append(" · ").append(setupMode);
|
||||
}
|
||||
card.addView(detailRow(
|
||||
context,
|
||||
"⊞",
|
||||
label.toString(),
|
||||
error,
|
||||
"failed".equals(status)
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
JSONArray toolActivities = progress == null ? null : progress.optJSONArray("toolActivities");
|
||||
|
||||
@@ -1051,7 +1051,12 @@ public class ProjectDetailActivityUiTest {
|
||||
.put("remoteControl", new JSONObject()
|
||||
.put("status", "connected")
|
||||
.put("serverName", "Mac Studio")
|
||||
.put("environmentId", "env-prod")));
|
||||
.put("environmentId", "env-prod"))
|
||||
.put("windowsSandbox", new JSONObject()
|
||||
.put("status", "failed")
|
||||
.put("setupMode", "elevated")
|
||||
.put("error", "token=[redacted] failed")
|
||||
.put("sourcePath", "C:\\Users\\kris\\secret\\sandbox.log")));
|
||||
|
||||
View messageView = ReflectionHelpers.callInstanceMethod(
|
||||
activity,
|
||||
@@ -1065,8 +1070,11 @@ public class ProjectDetailActivityUiTest {
|
||||
assertTrue(viewTreeContainsText(messageView, "MCP github · failed"));
|
||||
assertTrue(viewTreeContainsText(messageView, "token=[redacted] failed to start"));
|
||||
assertTrue(viewTreeContainsText(messageView, "远控 connected · Mac Studio"));
|
||||
assertTrue(viewTreeContainsText(messageView, "Windows 沙箱 failed · elevated"));
|
||||
assertTrue(viewTreeContainsText(messageView, "token=[redacted] failed"));
|
||||
assertFalse(viewTreeContainsText(messageView, "install-secret"));
|
||||
assertFalse(viewTreeContainsText(messageView, "sk-secret"));
|
||||
assertFalse(viewTreeContainsText(messageView, "C:\\Users\\kris\\secret"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -153,7 +153,7 @@
|
||||
- Web 和原生 Android 当前都已经接上“新设备导入草稿 -> 勾选 -> 决议预览 -> 应用导入”的前台页面;已绑定生产设备继续保留 heartbeat 自动导入链路
|
||||
- 原生首页的刷新失败策略当前已改成按当前 tab 独立判错,不会再因为 `设备 / 设置 / OTA` 的旁路请求失败把会话页刷新一并判成失败
|
||||
- 当前量产方向已经明确为“Boss 企业控制面 + 可插拔执行协议”:多租户、权限、审批、审计、备份、回退和 Skill 治理由 Boss 承担,Codex App Server / Codex MCP / Codex CLI / Computer Use / 业务系统 API 都作为 provider 接入;详见 `docs/architecture/enterprise_ai_ops_architecture_cn.md`
|
||||
- 当前 Codex App Server 已完成十一批接入:boss-agent 默认开启 `local-agent/codex-app-server-runner.mjs` 作为 Codex 绑定入口,优先走 `codex app-server` stdio,也可灰度连接 `ws://127.0.0.1:<port>` 或 `unix://PATH` 同机长驻 App Server;长驻连接支持 `Authorization: Bearer <token>`,配置上优先使用 `codexAppServerAuthTokenFile`。turn 启动前失败才回退 CLI,turn 启动后不重复执行;桌面远程控制默认先走 `codex-computer-use`,失败后回退 `cua-driver-computer-use`。2026-05-31 已按本机 `codex-cli 0.135.0-alpha.1` 生成协议快照 `docs/protocol-snapshots/codex-app-server/0.135.0-alpha.1/`,并把 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started`、`item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated`、`thread/status/changed`、`thread/realtime/*`、`model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed`、`thread/goal/*`、`thread/settings/updated`、`thread/compacted`、`account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice`、`ThreadItem.collabToolCall`、`ThreadItem.contextCompaction`、`mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`imageGeneration`、`hook/started|completed`、`enteredReviewMode`、`exitedReviewMode`、`commandExecution`、`ThreadItem.plan`、`ThreadItem.reasoning.summary` 归一到 Boss `execution_progress` 卡片;realtime 只保留状态、文本摘要和计数,运行状态只保留模型切换、上下文用量、MCP 状态和远控连接摘要,线程配置只保留目标、模型、审批、沙箱、协作模式和压缩状态,线程协作只保留工具名、状态、目标类型和智能体状态,工具活动只保留类型、名称、状态和安全摘要,图像生成只保留状态与安全文件名,钩子生命周期只保留事件名、处理器类型、状态、来源、执行模式和耗时,思考摘要只保留官方 summary 文本和状态,账号状态只保留认证方式、套餐、额度窗口、积分余额和模型校验摘要,不保存 SDP、音频原始数据、raw item、remote installationId、cwd、turnId、配置文件路径、collab 源/目标线程 ID、collab prompt、tool arguments/result/contentItems、web URL token、命令正文/输出、raw reasoning content、reasoning item id、imageGeneration revisedPrompt/result、hook sourcePath/statusMessage/entries 或未清洗密钥。heartbeat 已能缓存 `model/list / skills/list / plugin/list / app/list / modelProvider/capabilities/read` 的能力摘要;同批已补 `turn/steer` 活跃 turn 干预和 `POST /api/v1/projects/[projectId]/thread-collaboration` 服务端线程协作排队入口。
|
||||
- 当前 Codex App Server 已完成十二批接入:boss-agent 默认开启 `local-agent/codex-app-server-runner.mjs` 作为 Codex 绑定入口,优先走 `codex app-server` stdio,也可灰度连接 `ws://127.0.0.1:<port>` 或 `unix://PATH` 同机长驻 App Server;长驻连接支持 `Authorization: Bearer <token>`,配置上优先使用 `codexAppServerAuthTokenFile`。turn 启动前失败才回退 CLI,turn 启动后不重复执行;桌面远程控制默认先走 `codex-computer-use`,失败后回退 `cua-driver-computer-use`。2026-05-31 已按本机 `codex-cli 0.135.0-alpha.1` 生成协议快照 `docs/protocol-snapshots/codex-app-server/0.135.0-alpha.1/`,并把 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started`、`item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated`、`thread/status/changed`、`thread/realtime/*`、`model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed`、`windowsSandbox/setupCompleted`、`thread/goal/*`、`thread/settings/updated`、`thread/compacted`、`account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice`、`ThreadItem.collabToolCall`、`ThreadItem.contextCompaction`、`mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`imageGeneration`、`hook/started|completed`、`enteredReviewMode`、`exitedReviewMode`、`commandExecution`、`ThreadItem.plan`、`ThreadItem.reasoning.summary` 归一到 Boss `execution_progress` 卡片;realtime 只保留状态、文本摘要和计数,运行状态只保留模型切换、上下文用量、MCP 状态、远控连接摘要和 Windows 沙箱准备状态,线程配置只保留目标、模型、审批、沙箱、协作模式和压缩状态,线程协作只保留工具名、状态、目标类型和智能体状态,工具活动只保留类型、名称、状态和安全摘要,图像生成只保留状态与安全文件名,钩子生命周期只保留事件名、处理器类型、状态、来源、执行模式和耗时,思考摘要只保留官方 summary 文本和状态,账号状态只保留认证方式、套餐、额度窗口、积分余额和模型校验摘要,不保存 SDP、音频原始数据、raw item、remote installationId、cwd、turnId、配置文件路径、collab 源/目标线程 ID、collab prompt、tool arguments/result/contentItems、web URL token、命令正文/输出、raw reasoning content、reasoning item id、imageGeneration revisedPrompt/result、hook sourcePath/statusMessage/entries、Windows sandbox sourcePath/samplePaths/本地绝对路径或未清洗密钥。heartbeat 已能缓存 `model/list / skills/list / plugin/list / app/list / modelProvider/capabilities/read` 的能力摘要;同批已补 `turn/steer` 活跃 turn 干预和 `POST /api/v1/projects/[projectId]/thread-collaboration` 服务端线程协作排队入口。
|
||||
- 当前 boss-agent 已支持 Mac OTA:`local-agent/boss-agent-ota-runner.mjs` 默认开启,每 5 分钟检查服务端最新包;状态页可手动检查或下载并安装,安装时保留原绑定配置,只更新版本号和本机 runtime 路径。最新验证版本为 `20260516221619`,已在 MacBook Air `macbook-air` 上确认 OTA 下载校验、暂存、覆盖安装后不会误切到默认 `config.cloud.json`。正式分发脚本已预留 Developer ID 公证路径:`BOSS_AGENT_NOTARIZE=1` 配合 notary profile 或 Apple ID 凭据。
|
||||
- 当前量产治理已补设备撤权和任务可靠性底座:`revoke_device` 会清空设备 token、标记离线并阻断 heartbeat / 任务认领 / Skill 同步 / 日志上报 / boss-agent OTA;`MasterAgentTask` claim 会记录 attempt 和 lease,运行中任务可按租约重试,超过上限转 `timed_out`,用户或管理员可通过 cancel 接口转 `canceled` 且迟到 complete 不覆盖终态。
|
||||
- 当前群聊 `dispatch_execution` 完成回写已补幂等,重复完成不会再向群聊重复追加结果
|
||||
|
||||
@@ -73,7 +73,7 @@
|
||||
- 当前已支持聊天附件主链:输入框左侧 `+` 会打开底部抽屉,支持图片 / 视频 / 文件发送;图片 / 视频先确认,文件直接发送
|
||||
- 当前附件消息支持下载、原生打开、手动分析和自动分析状态展示
|
||||
- 当前线程聊天消息会按该线程绑定的 Codex 电脑显示来源头像:单线程会话使用项目绑定设备头像,多设备 / 群聊消息会优先根据发送人里的设备名匹配对应电脑头像;主 Agent 总入口自身仍保留主 Agent 对话样式
|
||||
- 当前已支持 `execution_progress` 执行进度卡:普通线程对话、主 Agent 托管线程和群聊目标线程执行时,会在对应聊天窗口显示“进度 / 线程状态 / 实时状态 / 线程配置 / 线程协作 / 工具活动 / 思考摘要 / 账号状态 / 运行状态 / 安全提醒 / 审批状态 / 文件变更 / 分支详情 / 生成结果 / 后台智能体”结构化卡片;线程过程噪音仍走 `thread_process` 折叠
|
||||
- 当前已支持 `execution_progress` 执行进度卡:普通线程对话、主 Agent 托管线程和群聊目标线程执行时,会在对应聊天窗口显示“进度 / 线程状态 / 实时状态 / 线程配置 / 线程协作 / 工具活动 / 思考摘要 / 账号状态 / 运行状态 / 安全提醒 / 审批状态 / 文件变更 / 分支详情 / 生成结果 / 后台智能体”结构化卡片;运行状态里也会展示 Codex Windows 沙箱准备摘要;线程过程噪音仍走 `thread_process` 折叠
|
||||
- `线程详情 / 运维调试` 仍保留对应原生活动页,但已退出主聊天面
|
||||
- 当前已补上本地发送中气泡、发送按钮状态控制,以及“只有接近底部才自动滚到底”的消息流行为
|
||||
- 当前根页导航:
|
||||
@@ -117,7 +117,7 @@
|
||||
- 当前 `RemoteRuntimeAdapter` 还负责拦截固定模式的线程内部环境提示;命中后会直接改写成失败,避免把只读/cwd 这类脏文本写进聊天记录
|
||||
- 当前普通单线程 `conversation_reply` 在真正执行 `codex exec resume` 前,会先把 Boss 用户消息镜像进目标 Codex Desktop rollout;定位优先走 `state_5.sqlite`,不可用时回退扫描 `~/.codex/sessions`,并按 `sourceMessageId` 去重
|
||||
- 当前 Codex Desktop 同步新增常驻刷新桥:`scripts/codex-desktop-refresh-bridge-daemon.mjs` 通过 launchd 监听 `127.0.0.1:4318`,暴露 `POST /api/v1/codex-desktop/refresh`、`GET /api/v1/codex-desktop/events`、`GET /api/v1/codex-desktop/events/recent` 和 `GET /api/v1/codex-desktop/capabilities`;`local-agent` 会优先调用 refresh endpoint,失败时回退到 `scripts/codex-desktop-refresh-hint.mjs` 命令式刷新。SSE 事件只包含线程引用、消息 ID、状态、deep link 等安全元数据,不包含用户正文或内部 prompt;`scripts/codex-desktop-event-consumer.mjs` 可作为 Desktop 插件/IPC 接入前的订阅 smoke;`scripts/codex-desktop-integration-probe.mjs` 负责只读探测 Codex.app 能力
|
||||
- 当前新增 Codex App Server runner:`local-agent/codex-app-server-runner.mjs`。boss-agent 默认配置 `codexAppServerEnabled=true`,会接管 `conversation_reply / dispatch_execution`;它默认通过 stdio 启动 `codex app-server`,也支持 `codexAppServerTransport=ws + codexAppServerUrl=ws://127.0.0.1:<port>` 或 `codexAppServerTransport=unix + codexAppServerUrl=unix:///absolute/path.sock` 连接同机长驻 App Server,bearer token 可通过 `codexAppServerAuthTokenFile` 读取并在握手时发送 `Authorization: Bearer <token>`。runner 执行 `initialize -> thread/resume|thread/start -> turn/start|turn/steer`,并把 `item/agentMessage/delta` 或 `item/completed` 归一成 Boss 任务回复;当 App Server 对单个 JSON-RPC 请求返回 `-32001 / retry later` 时,runner 会做最多 3 次指数退避重试。turn 启动前失败可回退 CLI,turn 启动后失败不回退,避免重复执行。2026-05-31 起,runner 会把 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started` 归一成 `executionProgress.steps / branch / artifacts / agents`,把 `item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated` 归一成 `executionProgress.approvals / warnings / fileChanges`,把 `thread/status/changed`、`thread/realtime/started|transcript|outputAudio|itemAdded|error|closed` 归一成 `executionProgress.threadStatus / realtime`,把 `model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed` 归一成 `executionProgress.modelRoute / tokenUsage / mcpServers / remoteControl`,并把 `thread/goal/*`、`thread/settings/updated`、`thread/compacted`、`account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice`、`ThreadItem.collabToolCall`、`ThreadItem.contextCompaction`、`mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`imageGeneration`、`hook/started|completed`、`enteredReviewMode`、`exitedReviewMode`、`commandExecution`、`ThreadItem.plan`、`ThreadItem.reasoning.summary` 归一成线程配置、账号状态、模型校验、安全提醒、线程协作、上下文压缩、工具活动、图片产物、钩子生命周期、计划步骤和思考摘要;服务端 complete 回写会与本地 Git/GitHub 进度合并,且不保存 SDP、音频 base64、raw realtime item、remote installationId、cwd、turnId、配置路径、collab 源/目标线程 ID、collab prompt、tool arguments/result/contentItems、web URL token、命令正文/输出、raw reasoning content、reasoning item id、imageGeneration revisedPrompt/result、hook sourcePath/statusMessage/entries 或未清洗的 MCP 错误。heartbeat 同时支持按 TTL 拉取 `model/list / skills/list / plugin/list / app/list / modelProvider/capabilities/read`,并把摘要保存在 `capabilities.codexAppServer.metadata`。
|
||||
- 当前新增 Codex App Server runner:`local-agent/codex-app-server-runner.mjs`。boss-agent 默认配置 `codexAppServerEnabled=true`,会接管 `conversation_reply / dispatch_execution`;它默认通过 stdio 启动 `codex app-server`,也支持 `codexAppServerTransport=ws + codexAppServerUrl=ws://127.0.0.1:<port>` 或 `codexAppServerTransport=unix + codexAppServerUrl=unix:///absolute/path.sock` 连接同机长驻 App Server,bearer token 可通过 `codexAppServerAuthTokenFile` 读取并在握手时发送 `Authorization: Bearer <token>`。runner 执行 `initialize -> thread/resume|thread/start -> turn/start|turn/steer`,并把 `item/agentMessage/delta` 或 `item/completed` 归一成 Boss 任务回复;当 App Server 对单个 JSON-RPC 请求返回 `-32001 / retry later` 时,runner 会做最多 3 次指数退避重试。turn 启动前失败可回退 CLI,turn 启动后失败不回退,避免重复执行。2026-05-31 起,runner 会把 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started` 归一成 `executionProgress.steps / branch / artifacts / agents`,把 `item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated` 归一成 `executionProgress.approvals / warnings / fileChanges`,把 `thread/status/changed`、`thread/realtime/started|transcript|outputAudio|itemAdded|error|closed` 归一成 `executionProgress.threadStatus / realtime`,把 `model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed` 归一成 `executionProgress.modelRoute / tokenUsage / mcpServers / remoteControl`,并把 `thread/goal/*`、`thread/settings/updated`、`thread/compacted`、`account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice`、`ThreadItem.collabToolCall`、`ThreadItem.contextCompaction`、`mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`imageGeneration`、`hook/started|completed`、`windowsSandbox/setupCompleted`、`enteredReviewMode`、`exitedReviewMode`、`commandExecution`、`ThreadItem.plan`、`ThreadItem.reasoning.summary` 归一成线程配置、账号状态、模型校验、安全提醒、线程协作、上下文压缩、工具活动、图片产物、钩子生命周期、Windows 沙箱准备状态、计划步骤和思考摘要;服务端 complete 回写会与本地 Git/GitHub 进度合并,且不保存 SDP、音频 base64、raw realtime item、remote installationId、cwd、turnId、配置路径、collab 源/目标线程 ID、collab prompt、tool arguments/result/contentItems、web URL token、命令正文/输出、raw reasoning content、reasoning item id、imageGeneration revisedPrompt/result、hook sourcePath/statusMessage/entries、Windows sandbox sourcePath/samplePaths/本地绝对路径或未清洗的 MCP 错误。heartbeat 同时支持按 TTL 拉取 `model/list / skills/list / plugin/list / app/list / modelProvider/capabilities/read`,并把摘要保存在 `capabilities.codexAppServer.metadata`。
|
||||
- 当前 Codex App Server runner 已新增第一版 Boss Inter-Thread Broker:任务携带 `intentCategory=thread_collaboration`、`sourceCodexThreadRef` 和 `targetCodexThreadRef` 时,会先 `thread/read` 源线程,再通过 `thread/inject_items` 向目标线程注入受控摘要,最后 `turn/start` 目标线程;服务端入口是 `POST /api/v1/projects/[projectId]/thread-collaboration`,负责权限、源/目标线程校验和任务排队。这不是假设官方线程 P2P,而是 Boss 自己做线程协作编排。
|
||||
- 当前 boss-agent Mac OTA 已接入:`local-agent/boss-agent-ota-runner.mjs` 会用设备 token 调 Boss 服务端 `/api/v1/boss-agent/ota` 检查最新 Mac 运行包,`/api/v1/boss-agent/ota/apply` 会下载 `boss-agent-mac-latest.zip`、校验 sha256、暂存安装 wrapper,并拉起本机安装器;安装脚本会保留绑定配置并只更新版本号与本机 runtime 路径。安装器会优先沿用当前 LaunchAgent active config,并保留所有 `config*.json`,避免多电脑场景中误绑定到默认设备配置。当前最新验证包为 `20260516221619`;构建脚本支持 `BOSS_AGENT_NOTARIZE=1` 的 Developer ID 公证路径。
|
||||
- 当前 `local-agent` 还新增了两条统一电脑控制 runtime:
|
||||
|
||||
@@ -20,9 +20,9 @@ Boss 不能直接把 App Server 原始 Thread / Turn / Item 字段写进业务
|
||||
|
||||
2026-05-31 已继续把 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started` 这类协议事件归一化为 Boss `execution_progress` 的步骤、分支变更、产物和后台智能体。同日第二批补齐 `item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved` 和 `item/fileChange/patchUpdated` 的安全摘要映射,APP 只展示审批状态、风险提醒和文件路径,不展示完整命令、diff、系统提示词或密钥。第三批已把 `thread/status/changed` 与 `thread/realtime/*` 归一成 `executionProgress.threadStatus / realtime`,APP 只展示活跃/等待审批/等待用户输入、realtime 文本摘要、音频片段计数和关闭/错误原因;第四批已把 `model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated` 和 `remoteControl/status/changed` 归一成 `executionProgress.modelRoute / tokenUsage / mcpServers / remoteControl`,用于 APP “运行状态”区块。
|
||||
|
||||
2026-06-01 第五批已把 `thread/goal/updated|cleared`、`thread/settings/updated` 和 `thread/compacted` 归一成 `executionProgress.threadGoal / threadSettings / compaction`,用于 APP “线程配置”区块;第六批已把 `account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice` 归一成 `executionProgress.accountStatus / modelVerification / warnings`;第七批已把官方 `ThreadItem.collabToolCall` 归一成 `executionProgress.threadCollaboration`,并按官方建议把新版 `ThreadItem.contextCompaction` 映射回 `executionProgress.compaction`;第八批已把 `mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`enteredReviewMode`、`exitedReviewMode` 和 `commandExecution` 归一成 `executionProgress.toolActivities`;第九批已把官方 `ThreadItem.plan` 的最终 `item/completed` 文本映射为 `executionProgress.steps`,并把 `ThreadItem.reasoning.summary` 映射为 `executionProgress.reasoningSummary`;第十批已把 `ThreadItem.imageGeneration` 安全映射为 `executionProgress.toolActivities` 的图像生成活动和 `executionProgress.artifacts` 的图片产物;第十一批已把 `hook/started|completed` 安全映射为 `executionProgress.toolActivities` 的钩子活动,供 APP 以“钩子”轻卡展示企业治理和插件生命周期状态。
|
||||
2026-06-01 第五批已把 `thread/goal/updated|cleared`、`thread/settings/updated` 和 `thread/compacted` 归一成 `executionProgress.threadGoal / threadSettings / compaction`,用于 APP “线程配置”区块;第六批已把 `account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice` 归一成 `executionProgress.accountStatus / modelVerification / warnings`;第七批已把官方 `ThreadItem.collabToolCall` 归一成 `executionProgress.threadCollaboration`,并按官方建议把新版 `ThreadItem.contextCompaction` 映射回 `executionProgress.compaction`;第八批已把 `mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`enteredReviewMode`、`exitedReviewMode` 和 `commandExecution` 归一成 `executionProgress.toolActivities`;第九批已把官方 `ThreadItem.plan` 的最终 `item/completed` 文本映射为 `executionProgress.steps`,并把 `ThreadItem.reasoning.summary` 映射为 `executionProgress.reasoningSummary`;第十批已把 `ThreadItem.imageGeneration` 安全映射为 `executionProgress.toolActivities` 的图像生成活动和 `executionProgress.artifacts` 的图片产物;第十一批已把 `hook/started|completed` 安全映射为 `executionProgress.toolActivities` 的钩子活动,供 APP 以“钩子”轻卡展示企业治理和插件生命周期状态;第十二批已把 `windowsSandbox/setupCompleted` 安全映射为 `executionProgress.windowsSandbox`,供 APP 在“运行状态”里展示 Windows 沙箱准备状态、setup mode 和脱敏错误摘要。
|
||||
|
||||
`thread/realtime/sdp`、音频 base64、原始 realtime item、remote installationId、thread settings 的 `cwd`、compaction `turnId`、collaboration settings 内部 prompt、collabToolCall 源/目标线程 ID、tool arguments/result/contentItems、web URL token、命令正文/输出、raw reasoning `content`、reasoning item id、imageGeneration 原始 result/revisedPrompt、hook id/sourcePath/statusMessage/entries 和未清洗的 MCP 错误不入账。
|
||||
`thread/realtime/sdp`、音频 base64、原始 realtime item、remote installationId、thread settings 的 `cwd`、compaction `turnId`、collaboration settings 内部 prompt、collabToolCall 源/目标线程 ID、tool arguments/result/contentItems、web URL token、命令正文/输出、raw reasoning `content`、reasoning item id、imageGeneration 原始 result/revisedPrompt、hook id/sourcePath/statusMessage/entries、Windows sandbox sourcePath/samplePaths/本地绝对路径和未清洗的 MCP 错误不入账。
|
||||
|
||||
官方文档入口:`https://developers.openai.com/codex/app-server`
|
||||
|
||||
@@ -85,7 +85,7 @@ APP 展示结构对齐截图:
|
||||
- `线程协作`:展示 `collabToolCall` 的工具名、执行状态、目标类型和智能体状态,不展示源/目标线程 ID 或 prompt
|
||||
- `工具活动`:展示 MCP / dynamic tool / web search / image view / image generation / hook / Review / command 的类型、名称、状态和安全摘要,不展示参数、结果、URL token、命令正文、命令输出、图像生成原始 result/revised prompt 或 hook 原始输出
|
||||
- `思考摘要`:展示 Codex 官方 reasoning `summary` 和状态,不展示 raw reasoning `content`、item id 或密钥
|
||||
- `运行状态`:展示模型重路由、上下文用量、MCP 启动状态和远控连接状态
|
||||
- `运行状态`:展示模型重路由、上下文用量、MCP 启动状态、远控连接状态和 Windows 沙箱准备状态
|
||||
- `分支详情`:变更行、Git 操作、GitHub CLI 可用状态
|
||||
- `生成结果`:从执行结果里提取文件、图片、APK、文档等产物名
|
||||
- `后台智能体`:预留 OMX / Hermes / explorer 等多智能体来源展示
|
||||
@@ -142,6 +142,7 @@ UI 参考:
|
||||
- `local-agent/codex-app-server-runner.mjs` 已把 App Server `ThreadItem.plan` 与 `ThreadItem.reasoning.summary` 归一成 `executionProgress.steps / reasoningSummary`;服务端进度路由和 Android 原生进度卡已支持展示,测试覆盖 raw reasoning content、reasoning item id 和密钥不外泄
|
||||
- `local-agent/codex-app-server-runner.mjs` 已把 App Server `ThreadItem.imageGeneration` 归一成 `executionProgress.toolActivities / artifacts`;服务端进度路由和 Android 原生进度卡已支持展示,测试覆盖 revisedPrompt、result、item id、本地绝对路径和密钥不外泄
|
||||
- `local-agent/codex-app-server-runner.mjs` 已把 App Server `hook/started|completed` 归一成 `executionProgress.toolActivities`;服务端进度路由和 Android 原生进度卡已支持展示,测试覆盖 hook id、sourcePath、statusMessage、entries、本地绝对路径和密钥不外泄
|
||||
- `local-agent/codex-app-server-runner.mjs` 已把 App Server `windowsSandbox/setupCompleted` 归一成 `executionProgress.windowsSandbox`;服务端进度路由和 Android 原生进度卡已支持展示,测试覆盖 setup error 中的 token、本地 Windows 路径和 sourcePath 不外泄
|
||||
- 新增实时进度入口 `POST /api/v1/master-agent/tasks/[taskId]/progress`,设备端可在任务执行中持续刷新同一张 `execution_progress` 卡;`local-agent` 的 App Server runner 已在收到协议进度事件时调用该接口,complete 仍携带最终进度作为兜底
|
||||
- 新增服务端线程协作入口 `POST /api/v1/projects/[projectId]/thread-collaboration`,由 Boss 校验源/目标项目权限并创建 `intentCategory=thread_collaboration` 的 `conversation_reply` 任务;设备端继续通过 App Server runner 执行 `thread/read -> thread/inject_items -> turn/start`,避免把“线程互通”误做成无监管 P2P
|
||||
- 新增活跃 turn 干预:任务携带 `targetCodexTurnId` / `targetTurnId` 时,App Server runner 会调用 `turn/steer`,并把 `turnControl=steer`、`turnId` 写回执行结果;没有活跃 turn id 时仍使用 `turn/start`
|
||||
|
||||
@@ -249,7 +249,7 @@ cd /Users/kris/code/boss
|
||||
- 当前 `local-agent` 已新增 `Codex App Server` provider:boss-agent 默认配置 `codexAppServerEnabled=true`,`conversation_reply / dispatch_execution` 会先通过 `codex app-server` 的 stdio JSON-RPC 恢复或创建线程,也可配置 `codexAppServerTransport=ws + codexAppServerUrl=ws://127.0.0.1:<port>` 或 `codexAppServerTransport=unix + codexAppServerUrl=unix:///absolute/path.sock` 连接同机长驻 App Server;长驻连接可通过 `codexAppServerAuthTokenFile` 或 `BOSS_CODEX_APP_SERVER_AUTH_TOKEN_FILE` 提供 bearer token。随后 runner 下发 `turn/start` 并收集流式 agent 回复;如果单个 JSON-RPC 请求返回 `-32001 / retry later`,runner 会先做指数退避重试;如果任务携带 `targetCodexTurnId`,会改用 `turn/steer` 干预活跃 turn;如果 App Server 在 turn 启动前失败,默认允许回退到 `codex exec resume`,如果 turn 已经启动则不再回退,避免同一轮用户消息被重复执行。桌面控制另有 `codexComputerUseEnabled=true`,默认先走 Codex Computer Use,再回退 CUA Driver。
|
||||
- 当前已新增 Boss 自有 Inter-Thread Broker 第一版:服务端入口 `POST /api/v1/projects/[projectId]/thread-collaboration` 会创建带源/目标 Codex 线程引用的协作任务;App Server runner 执行 `thread/read(source) -> thread/inject_items(target) -> turn/start(target)`,用于让一个线程的结论受控进入另一个线程,不依赖官方任意线程 P2P 互聊能力
|
||||
- 当前 `local-agent` 对 `dispatch_execution` 任务会按 `orchestrationBackendId` 分流:默认走 `codex exec resume`;当任务显式选择 `omx-team` 且本机 `omxEnabled + omxCommand/omxArgs` 可用时,会改走 `OMX Team Runtime` JSON 协议执行并回写 `rawThreadReply / replyBody`
|
||||
- 当前 `local-agent` 会在 Codex 任务执行中和完成时回传 `executionProgress`:服务端把同一任务的进度卡从 queued / running 更新到 completed / failed,Android 原生聊天页会显示“进度 / 线程状态 / 实时状态 / 线程配置 / 线程协作 / 工具活动 / 思考摘要 / 账号状态 / 运行状态 / 安全提醒 / 审批状态 / 文件变更 / 分支详情 / 生成结果 / 后台智能体”。2026-05-31 起,Codex App Server 的 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started` 会直接映射为进度步骤、变更统计、生成产物和后台智能体;第二批已把 `item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated` 映射为审批、安全提醒和文件变更摘要;第三批已把 `thread/status/changed` 与 `thread/realtime/*` 安全映射为线程状态和实时状态摘要;第四批已把 `model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed` 安全映射为运行状态摘要;第五批已把 `thread/goal/*`、`thread/settings/updated` 和 `thread/compacted` 映射为线程配置摘要;第六批已把 `account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice` 映射为账号状态、模型校验和安全提醒摘要;第七批已把 `ThreadItem.collabToolCall` 和 `ThreadItem.contextCompaction` 映射为线程协作和上下文压缩摘要;第八批已把 `mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`enteredReviewMode`、`exitedReviewMode`、`commandExecution` 映射为工具活动摘要;第九批已把 `ThreadItem.plan` 和 `ThreadItem.reasoning.summary` 映射为计划步骤与思考摘要;第十批已把 `ThreadItem.imageGeneration` 映射为图像生成工具活动和图片产物;第十一批已把 `hook/started|completed` 映射为钩子生命周期工具活动。所有进度均通过 `POST /api/v1/master-agent/tasks/[taskId]/progress` 实时刷新;字段白名单会剥离 cwd、turnId、配置文件路径、内部 prompt、collab 源/目标线程 ID、tool arguments/result、web URL token、命令正文/输出、raw reasoning content、reasoning item id、图像生成 revisedPrompt/result、hook sourcePath/statusMessage/entries 和未清洗密钥,complete 回写仍会携带最终进度兜底
|
||||
- 当前 `local-agent` 会在 Codex 任务执行中和完成时回传 `executionProgress`:服务端把同一任务的进度卡从 queued / running 更新到 completed / failed,Android 原生聊天页会显示“进度 / 线程状态 / 实时状态 / 线程配置 / 线程协作 / 工具活动 / 思考摘要 / 账号状态 / 运行状态 / 安全提醒 / 审批状态 / 文件变更 / 分支详情 / 生成结果 / 后台智能体”。2026-05-31 起,Codex App Server 的 `turn/plan/updated`、`turn/diff/updated`、`item/started|completed`、`thread/started` 会直接映射为进度步骤、变更统计、生成产物和后台智能体;第二批已把 `item/*/requestApproval`、`item/autoApprovalReview/*`、`guardianWarning`、`serverRequest/resolved`、`item/fileChange/patchUpdated` 映射为审批、安全提醒和文件变更摘要;第三批已把 `thread/status/changed` 与 `thread/realtime/*` 安全映射为线程状态和实时状态摘要;第四批已把 `model/rerouted`、`thread/tokenUsage/updated`、`mcpServer/startupStatus/updated`、`remoteControl/status/changed` 安全映射为运行状态摘要;第五批已把 `thread/goal/*`、`thread/settings/updated` 和 `thread/compacted` 映射为线程配置摘要;第六批已把 `account/updated`、`account/rateLimits/updated`、`model/verification`、`warning`、`configWarning`、`deprecationNotice` 映射为账号状态、模型校验和安全提醒摘要;第七批已把 `ThreadItem.collabToolCall` 和 `ThreadItem.contextCompaction` 映射为线程协作和上下文压缩摘要;第八批已把 `mcpToolCall`、`dynamicToolCall`、`webSearch`、`imageView`、`enteredReviewMode`、`exitedReviewMode`、`commandExecution` 映射为工具活动摘要;第九批已把 `ThreadItem.plan` 和 `ThreadItem.reasoning.summary` 映射为计划步骤与思考摘要;第十批已把 `ThreadItem.imageGeneration` 映射为图像生成工具活动和图片产物;第十一批已把 `hook/started|completed` 映射为钩子生命周期工具活动;第十二批已把 `windowsSandbox/setupCompleted` 映射为 Windows 沙箱准备状态摘要。所有进度均通过 `POST /api/v1/master-agent/tasks/[taskId]/progress` 实时刷新;字段白名单会剥离 cwd、turnId、配置文件路径、内部 prompt、collab 源/目标线程 ID、tool arguments/result、web URL token、命令正文/输出、raw reasoning content、reasoning item id、图像生成 revisedPrompt/result、hook sourcePath/statusMessage/entries、Windows sandbox sourcePath/samplePaths/本地绝对路径和未清洗密钥,complete 回写仍会携带最终进度兜底
|
||||
- 当前 `local-agent` heartbeat 已新增 Codex App Server capability discovery:按 TTL 拉取模型、provider 能力、Skill、Plugin、App 摘要,写入 `capabilities.codexAppServer.metadata`;Web 设备详情会展示 App Server 连接状态、模型数量、默认/快速/深度模型和扩展数量
|
||||
- 当前 `MasterAgentTask` 已具备服务端租约和取消基础状态机:claim 会写入 `attemptCount / maxAttempts / leaseExpiresAt`,运行中任务租约过期后可被重新认领,超过重试上限会转 `timed_out`;`POST /api/v1/master-agent/tasks/[taskId]/cancel` 会把任务转 `canceled`,迟到的成功 complete 不会覆盖终态
|
||||
- 当前 `local-agent` 对 `browser_control / desktop_control` 已从占位骨架升级成外部 runtime 桥:当本机配置了 `browserControlEnabled + browserControlCommand` 或 `computerUseEnabled + computerUseCommand` 时,会把标准化 JSON 请求透传给外部进程,并解析单行 JSON 结果;未启用时会 fail closed,返回明确的 runtime disabled 错误,不再假装执行成功
|
||||
|
||||
@@ -842,6 +842,14 @@ function safeProgressText(value, maxLength = 180) {
|
||||
.slice(0, maxLength);
|
||||
}
|
||||
|
||||
function safeRuntimeDiagnosticText(value, maxLength = 180) {
|
||||
return safeProgressText(value, maxLength)
|
||||
.replace(/[A-Za-z]:\\[^\s]+/g, "[path]")
|
||||
.replace(/\/Users\/[^\s]+/g, "[path]")
|
||||
.trim()
|
||||
.slice(0, maxLength);
|
||||
}
|
||||
|
||||
function normalizeApprovalKindFromMethod(method) {
|
||||
if (/commandExecution|execCommand/i.test(method)) {
|
||||
return "command";
|
||||
@@ -1086,6 +1094,26 @@ function extractModelVerificationSnapshot(params) {
|
||||
return verifications.length > 0 ? { verifications } : null;
|
||||
}
|
||||
|
||||
function extractWindowsSandboxSnapshot(params) {
|
||||
if (!params || typeof params !== "object") {
|
||||
return null;
|
||||
}
|
||||
const status =
|
||||
typeof params.success === "boolean"
|
||||
? params.success
|
||||
? "ready"
|
||||
: "failed"
|
||||
: safeProgressText(params.status, 60);
|
||||
const setupMode = safeProgressText(params.mode ?? params.setupMode, 60);
|
||||
const error = safeRuntimeDiagnosticText(params.error, 180);
|
||||
const snapshot = {
|
||||
status: status || undefined,
|
||||
setupMode: setupMode || undefined,
|
||||
error: error || undefined,
|
||||
};
|
||||
return Object.values(snapshot).some((value) => value !== undefined && value !== "") ? snapshot : null;
|
||||
}
|
||||
|
||||
function buildNoticeWarningMessage(summary, details) {
|
||||
const cleanSummary = safeProgressText(summary, 140);
|
||||
const cleanDetails = safeProgressText(details, 180);
|
||||
@@ -1345,6 +1373,7 @@ function createProgressCollector() {
|
||||
let tokenUsage;
|
||||
const mcpServers = [];
|
||||
let remoteControl;
|
||||
let windowsSandbox;
|
||||
let threadGoal;
|
||||
let threadSettings;
|
||||
let compaction;
|
||||
@@ -1662,6 +1691,13 @@ function createProgressCollector() {
|
||||
}
|
||||
return;
|
||||
}
|
||||
if (message.method === "windowsSandbox/setupCompleted") {
|
||||
const nextSandbox = extractWindowsSandboxSnapshot(message.params);
|
||||
if (nextSandbox) {
|
||||
windowsSandbox = nextSandbox;
|
||||
}
|
||||
return;
|
||||
}
|
||||
if (message.method === "thread/goal/updated") {
|
||||
const nextGoal = extractThreadGoalSnapshot(message.params?.goal);
|
||||
if (nextGoal) {
|
||||
@@ -1810,6 +1846,9 @@ function createProgressCollector() {
|
||||
if (remoteControl) {
|
||||
result.remoteControl = { ...remoteControl };
|
||||
}
|
||||
if (windowsSandbox) {
|
||||
result.windowsSandbox = { ...windowsSandbox };
|
||||
}
|
||||
if (threadGoal) {
|
||||
result.threadGoal = { ...threadGoal };
|
||||
}
|
||||
|
||||
@@ -205,6 +205,12 @@ export interface ExecutionProgressRemoteControl {
|
||||
environmentId?: string;
|
||||
}
|
||||
|
||||
export interface ExecutionProgressWindowsSandbox {
|
||||
status?: string;
|
||||
setupMode?: string;
|
||||
error?: string;
|
||||
}
|
||||
|
||||
export interface ExecutionProgressThreadGoal {
|
||||
objective?: string;
|
||||
status: string;
|
||||
@@ -277,6 +283,7 @@ export interface ExecutionProgressSnapshot {
|
||||
modelVerification?: ExecutionProgressModelVerification;
|
||||
mcpServers?: ExecutionProgressMcpServer[];
|
||||
remoteControl?: ExecutionProgressRemoteControl;
|
||||
windowsSandbox?: ExecutionProgressWindowsSandbox;
|
||||
threadGoal?: ExecutionProgressThreadGoal;
|
||||
threadSettings?: ExecutionProgressThreadSettings;
|
||||
compaction?: ExecutionProgressCompaction;
|
||||
@@ -302,6 +309,7 @@ export interface ExecutionProgressInput {
|
||||
modelVerification?: Partial<ExecutionProgressModelVerification> & { turnId?: unknown };
|
||||
mcpServers?: Array<Partial<ExecutionProgressMcpServer> & { name?: string }>;
|
||||
remoteControl?: Partial<ExecutionProgressRemoteControl> & { installationId?: unknown };
|
||||
windowsSandbox?: Partial<ExecutionProgressWindowsSandbox> & { sourcePath?: unknown; samplePaths?: unknown };
|
||||
threadGoal?: Partial<ExecutionProgressThreadGoal>;
|
||||
threadSettings?: Partial<ExecutionProgressThreadSettings> & { cwd?: unknown };
|
||||
compaction?: Partial<ExecutionProgressCompaction> & { turnId?: unknown };
|
||||
@@ -4007,6 +4015,7 @@ function normalizeExecutionProgressSnapshot(raw: Partial<ExecutionProgressSnapsh
|
||||
: normalizeExecutionProgressModelVerification(raw.modelVerification),
|
||||
mcpServers: nativeRemoteControl ? undefined : normalizeExecutionProgressMcpServers(raw.mcpServers),
|
||||
remoteControl: nativeRemoteControl ? undefined : normalizeExecutionProgressRemoteControl(raw.remoteControl),
|
||||
windowsSandbox: nativeRemoteControl ? undefined : normalizeExecutionProgressWindowsSandbox(raw.windowsSandbox),
|
||||
threadGoal: nativeRemoteControl ? undefined : normalizeExecutionProgressThreadGoal(raw.threadGoal),
|
||||
threadSettings: nativeRemoteControl ? undefined : normalizeExecutionProgressThreadSettings(raw.threadSettings),
|
||||
compaction: nativeRemoteControl ? undefined : normalizeExecutionProgressCompaction(raw.compaction),
|
||||
@@ -5418,6 +5427,14 @@ function safeExecutionProgressText(value: unknown, fallback = "") {
|
||||
return sanitized || fallback;
|
||||
}
|
||||
|
||||
function safeExecutionProgressDiagnosticText(value: unknown, fallback = "") {
|
||||
const text = safeExecutionProgressText(value, fallback)
|
||||
.replace(/[A-Za-z]:\\[^\s]+/g, "[path]")
|
||||
.replace(/\/Users\/[^\s]+/g, "[path]")
|
||||
.trim();
|
||||
return text || fallback;
|
||||
}
|
||||
|
||||
function normalizeExecutionProgressStatus(status: unknown): ExecutionProgressStatus {
|
||||
return status === "running" || status === "completed" || status === "failed" || status === "queued"
|
||||
? status
|
||||
@@ -5718,6 +5735,23 @@ function normalizeExecutionProgressRemoteControl(
|
||||
};
|
||||
}
|
||||
|
||||
function normalizeExecutionProgressWindowsSandbox(
|
||||
input?: ExecutionProgressInput["windowsSandbox"],
|
||||
): ExecutionProgressWindowsSandbox | undefined {
|
||||
if (!input) {
|
||||
return undefined;
|
||||
}
|
||||
const status = safeExecutionProgressText(input.status);
|
||||
const setupMode = safeExecutionProgressText(input.setupMode);
|
||||
const error = safeExecutionProgressDiagnosticText(input.error);
|
||||
const snapshot: ExecutionProgressWindowsSandbox = {
|
||||
status: status || undefined,
|
||||
setupMode: setupMode || undefined,
|
||||
error: error || undefined,
|
||||
};
|
||||
return Object.values(snapshot).some((value) => value !== undefined && value !== "") ? snapshot : undefined;
|
||||
}
|
||||
|
||||
function normalizeExecutionProgressThreadGoal(
|
||||
input?: ExecutionProgressInput["threadGoal"],
|
||||
): ExecutionProgressThreadGoal | undefined {
|
||||
@@ -5977,6 +6011,9 @@ function buildExecutionProgressSnapshot(
|
||||
: normalizeExecutionProgressModelVerification(input?.modelVerification),
|
||||
mcpServers: nativeRemoteControl ? undefined : normalizeExecutionProgressMcpServers(input?.mcpServers),
|
||||
remoteControl: nativeRemoteControl ? undefined : normalizeExecutionProgressRemoteControl(input?.remoteControl),
|
||||
windowsSandbox: nativeRemoteControl
|
||||
? undefined
|
||||
: normalizeExecutionProgressWindowsSandbox(input?.windowsSandbox),
|
||||
threadGoal: nativeRemoteControl ? undefined : normalizeExecutionProgressThreadGoal(input?.threadGoal),
|
||||
threadSettings: nativeRemoteControl ? undefined : normalizeExecutionProgressThreadSettings(input?.threadSettings),
|
||||
compaction: nativeRemoteControl ? undefined : normalizeExecutionProgressCompaction(input?.compaction),
|
||||
|
||||
8
tests/fixtures/codex-app-server-runtime.mjs
vendored
8
tests/fixtures/codex-app-server-runtime.mjs
vendored
@@ -519,6 +519,14 @@ rl.on("line", (line) => {
|
||||
environmentId: "env-prod",
|
||||
},
|
||||
});
|
||||
send({
|
||||
method: "windowsSandbox/setupCompleted",
|
||||
params: {
|
||||
mode: "elevated",
|
||||
success: false,
|
||||
error: "token=sk-secret-should-not-leak failed in C:\\Users\\kris\\secret",
|
||||
},
|
||||
});
|
||||
}
|
||||
if (process.env.BOSS_CODEX_APP_SERVER_FIXTURE_EMIT_THREAD_CONFIG_EVENTS === "1") {
|
||||
send({
|
||||
|
||||
@@ -458,9 +458,15 @@ test("codex app-server runner maps runtime status events without leaking interna
|
||||
serverName: "Mac Studio",
|
||||
environmentId: "env-prod",
|
||||
});
|
||||
assert.deepEqual(result.executionProgress.windowsSandbox, {
|
||||
status: "failed",
|
||||
setupMode: "elevated",
|
||||
error: "token=[redacted] failed in [path]",
|
||||
});
|
||||
const serialized = JSON.stringify(result.executionProgress);
|
||||
assert.equal(serialized.includes("install-secret-should-not-leak"), false);
|
||||
assert.equal(serialized.includes("sk-secret-should-not-leak"), false);
|
||||
assert.equal(serialized.includes("C:\\Users\\kris\\secret"), false);
|
||||
} finally {
|
||||
if (previous === undefined) {
|
||||
delete process.env.BOSS_CODEX_APP_SERVER_FIXTURE_EMIT_RUNTIME_STATUS;
|
||||
|
||||
@@ -274,6 +274,12 @@ test("POST task progress preserves Codex runtime status summaries", async () =>
|
||||
environmentId: "env-prod",
|
||||
installationId: "install-secret-should-not-persist",
|
||||
},
|
||||
windowsSandbox: {
|
||||
status: "failed",
|
||||
setupMode: "elevated",
|
||||
error: "token=sk-secret-should-not-persist failed",
|
||||
sourcePath: "C:\\Users\\kris\\secret\\sandbox.log",
|
||||
},
|
||||
},
|
||||
}),
|
||||
}),
|
||||
@@ -292,7 +298,11 @@ test("POST task progress preserves Codex runtime status summaries", async () =>
|
||||
assert.equal(progress?.mcpServers?.[0]?.name, "github");
|
||||
assert.equal(progress?.mcpServers?.[0]?.error, "token=[redacted] failed to start");
|
||||
assert.equal(progress?.remoteControl?.status, "connected");
|
||||
assert.equal(progress?.windowsSandbox?.status, "failed");
|
||||
assert.equal(progress?.windowsSandbox?.setupMode, "elevated");
|
||||
assert.equal(progress?.windowsSandbox?.error, "token=[redacted] failed");
|
||||
assert.equal(JSON.stringify(progress).includes("install-secret-should-not-persist"), false);
|
||||
assert.equal(JSON.stringify(progress).includes("C:\\Users\\kris\\secret"), false);
|
||||
});
|
||||
|
||||
test("POST task progress preserves Codex thread goal, settings, and compaction summaries", async () => {
|
||||
|
||||
Reference in New Issue
Block a user