修复供应商切换状态丢失与 Fast/插件稳定性 / Fix provider-switch state loss and Fast/plugin stability#1345
修复供应商切换状态丢失与 Fast/插件稳定性 / Fix provider-switch state loss and Fast/plugin stability#1345Yuimi-chaya wants to merge 7 commits into
Conversation
… App 状态 为什么 / Why: Codex++ 切换供应商时已经能保留会话,但 Codex App 的 persisted state 和 desktop settings 会丢失,导致工作区、输入习惯、布局和个性化体验回到默认值。 Provider switching already preserves conversations, but Codex App persisted state and desktop settings can be lost, resetting workspace roots, input behavior, layout, and personalization. 改动 / Changes: - Add a safe allowlist-based .codex-global-state.json snapshot/merge module. - Preserve safe workspace, project hint, service-tier, onboarding, layout, and personalization state. - Preserve the live [desktop] table when writing provider config.toml, so settings such as Enter/Ctrl+Enter behavior and selected avatar are not overwritten by stale profile config. - Back up global state before writing merged state. 安全边界 / Safety: The sync deliberately excludes auth, API keys, prompt history, provider token cache, and permission maps. 同步刻意排除 auth、API Key、prompt history、provider token cache 和权限映射。
…供应商切换状态并加固内置插件守护 为什么 / Why: Codex++ 的主要使用场景是自定义 URL + API key。切换供应商后,如果工作区状态、特殊插件本地缓存或 Computer Use 运行时配置被重置,用户会被迫重新安装工作区或开 VPN 进入一次官方环境。 Codex++ is commonly used with custom URLs and API keys. After switching providers, losing workspace state, special plugin cache, or Computer Use runtime config forces users to reinstall workspace state or open the official environment through VPN once. 改动 / Changes: - Wire app-state capture/merge into launcher, relay switch, manager apply/clear paths. - Make builtin plugin guard active when full enhancements and plugin marketplace unlock are enabled, while keeping the force switch for other cases. - Preserve Browser, Chrome, Computer Use bundled plugin config and local openai-bundled marketplace state. - Ensure js_repl, local_shell, computer_use, Windows unelevated sandbox, notify config, and runtime export compatibility. - Set CODEX_ELECTRON_ENABLE_WINDOWS_COMPUTER_USE=1 for guarded Windows launches. - Update manager UI/i18n so the old Computer Use switch is described as a force-enable guard. 安全边界 / Safety: This is a local config/cache/runtime guard. It does not claim to bypass every possible organization or region gate inside Codex App ASAR. 这是本地 config/cache/runtime 兜底,不声称能 100% 绕过 Codex App ASAR 内部所有组织或地区 gate。
为什么 / Why: Fast/service-tier 判断依赖当前模型。如果 active relay profile 的 model list 或 profile model 是旧值,而 live ~/.codex/config.toml 已经选择了 gpt-5.5,Codex++ 会误以为当前模型未读取或不支持。 Fast/service-tier decisions depend on the current model. If the active relay profile model list is stale while live ~/.codex/config.toml already selects gpt-5.5, Codex++ may think the current model is unread or unsupported. 改动 / Changes: - Read the live Codex config model for the active relay profile catalog response. - Put the effective current model first, then merge profile model and model list entries. - Strip Codex++ model suffixes before catalog candidate dedupe. - Add tests for live config winning over stale relay profile values.
… 注入并兼容新版 Codex 资产 为什么 / Why: 用户实际遇到过界面已选 gpt-5.5 且请求可用,但 Codex++ 仍提示“当前模型未读取”或隐藏 Fast 入口。新版 Codex Desktop 还移除了旧 app-server-manager-signals-* asset,并调整了 composer DOM,导致注入报错和右下角 Fast badge 缺失。 Users have seen gpt-5.5 selected and working while Codex++ still reports the current model as unread or hides Fast. Newer Codex Desktop builds also removed the old app-server-manager-signals-* asset and changed composer DOM, causing injection errors and missing composer Fast badge. 改动 / Changes: - Treat unknown current model as pending, not unsupported; only known non-gpt-5.4 / gpt-5.5 models block Fast. - Resolve model from request params, visible UI, backend catalog, and last-known supported model. - Keep service_tier="priority" for pending supported paths instead of silently downgrading. - Load old Codex app assets optionally and log skipped diagnostics when they are absent. - Remove the hard-coded old app-server-manager asset import. - Add composer placement fallbacks based on model buttons, textarea, contenteditable, and textbox nodes.
…e-plugin-fast # Conflicts: # crates/codex-plus-core/src/relay_config.rs
…内置插件 为什么 / Why: 新版 Codex 已逐步整合进 ChatGPT Desktop。只同步会话数据库已不足以保持用户体验:供应商切换后,Browser/Chrome 可能再次变灰,工作区与可写根、沙盒设置、普通对话入口以及 Enter/Ctrl+Enter、宠物和布局等桌面设置仍可能回退。 The newer Codex experience is integrated into ChatGPT Desktop. Conversation database sync alone no longer preserves the working environment: Browser/Chrome can become unavailable again, while workspace/writable roots, sandbox state, projectless startup, Enter behavior, pets and layout can regress after a provider switch. 改动 / Changes: - Extend the allowlisted App-state snapshot for current workspace, writable-root, projectless, service-tier and personalization keys. - Preserve live desktop settings while applying provider config. - Repair the local openai-bundled marketplace and Browser/Chrome/Computer Use entries after provider switches. - Support current bundled plugin cache/runtime layouts without claiming to bypass unknown ASAR organization/region gates. - Keep projectless startup stable and recognize packaged ChatGPT Desktop processes in watcher lifecycle handling. - Add regression coverage for state backup/merge, plugin config, provider switching and ChatGPT process detection. 安全边界 / Safety: 状态同步仍采用白名单,并排除 auth、API Key、prompt history、provider token cache 和权限映射。 State sync remains allowlist-based and excludes auth, API keys, prompt history, provider token cache and permission maps.
CI 说明#1345 当前 Windows artifact 的失败来自未被本 PR 修改的上游测试: 同一 job 中此前的核心测试为 这是 Windows runner 上 loopback HTTP backup test 的网络/时序波动。PR 作者账号没有上游 Actions 的 rerun 权限,请维护者使用 Re-run failed jobs 重跑 Windows job;不建议为触发 CI 制造空提交或修改本 PR 业务代码。 CI noteThe current Windows artifact failure is from an upstream test that this PR does not modify: The preceding core test suite in the same job reported This appears to be a loopback HTTP timing/network flake on the Windows runner. The fork PR author cannot rerun upstream Actions jobs, so a maintainer should use Re-run failed jobs for the Windows job. No business-code change or empty commit is warranted for this failure. |
中文说明
摘要
本 PR 修复 Codex++ 在 API Key + 自定义 Base URL 场景下切换供应商时长期未完整处理的 Codex App 状态问题,并适配 Codex App / ChatGPT Desktop 新版入口与注入结构。
覆盖范围包括:工作区与可写目录状态、沙盒/projectless 状态、个性化设置、Browser/Chrome/Computer Use 内置插件兜底,以及通用 Fast/service tier 入口与模型识别稳定性。
为什么需要修复
Codex++ 已能同步会话数据库中的 provider,使历史对话在切换供应商后继续可见;但 Codex App 的 persisted state、live desktop config、内置插件缓存和 service-tier 状态此前没有被当成同一套用户环境同步。
这不是单纯的界面偏好问题,而会造成实际使用损失:
Ctrl+Enter提交、Enter换行时,切换后恢复默认值可能让一次换行直接提交 prompt。主要改动
1. Codex App 状态同步
.codex-global-state.jsonsnapshot/merge 模块。backups_state/app-state-sync,并维护 latest safe snapshot。[desktop]table,保留composerEnterBehavior、selected-avatar-id、followUpQueueMode等 Codex Desktop 设置。这里同步的是已确认的 workspace/writable/sandbox/projectless 状态,不宣称绕过未知的 Codex App 原生 workspace trust gate。
2. 供应商切换入口与内置插件兜底
browser@openai-bundled、chrome@openai-bundled、computer-use@openai-bundled的本地 bundled 状态。js_repl、local_shell、computer_use、Windowsunelevatedsandbox、notify 配置与 runtime export 兼容项。CODEX_ELECTRON_ENABLE_WINDOWS_COMPUTER_USE=1。这些措施提供 config/cache/runtime 层兜底;若未来 App ASAR 新增更强的组织/地区 UI gate,仍可能需要单独的包体适配。
3. 通用 Fast/service tier 稳定性
~/.codex/config.toml,优先采用真实当前模型,并合并 profile model/model list。service_tier="priority",避免静默回退。app-server-manager-signals-*缺失时记录 skipped,不再持续报错。功能入口
供应商设置 → Codex 增强。内置插件保护、插件市场解锁与 Fast/service tier 控制均在该区域配置。
安全边界
auth.json、API Key、prompt history、provider token cache、permission maps 等敏感内容。验证
npm run checknpm run vite:buildnode --check assets/inject/renderer-inject.jscargo fmt --all --checkcargo test --workspacemain/ Codex++1.2.34验证。English
Summary
This PR fixes Codex App state that Codex++ previously did not preserve completely when switching providers in the API-key + custom Base URL workflow. It also adapts the integration to newer Codex App / ChatGPT Desktop entry points and injection structures.
The scope includes workspace and writable-root state, sandbox/projectless state, personalization, local guards for bundled Browser/Chrome/Computer Use, and general Fast/service-tier model and UI stability.
Why this matters
Codex++ already updates conversation provider metadata so existing threads remain visible after a provider switch. However, persisted App state, live desktop config, bundled-plugin cache, and service-tier state were not treated as one continuous user environment.
This has practical consequences:
Ctrl+Enterto submit andEnterto insert a newline can accidentally submit a prompt when the preference resets.Main changes
1. Codex App state synchronization
.codex-global-state.json.backups_state/app-state-syncbefore writes and maintains a latest safe snapshot.[desktop]table before provider config writes, preserving settings such ascomposerEnterBehavior,selected-avatar-id, andfollowUpQueueMode.This preserves confirmed workspace/writable/sandbox/projectless state; it does not claim to bypass an unknown native workspace-trust gate.
2. Provider-switch hooks and bundled-plugin guard
browser@openai-bundled,chrome@openai-bundled, andcomputer-use@openai-bundled.js_repl,local_shell,computer_use, Windowsunelevatedsandbox, notify configuration, and runtime-export compatibility values.CODEX_ELECTRON_ENABLE_WINDOWS_COMPUTER_USE=1for guarded Windows launches.These are config/cache/runtime safeguards. A future stronger organization/region gate inside the App ASAR may still require a separate package-level adaptation.
3. General Fast/service-tier stability
~/.codex/config.toml, preferring the actual current model and merging profile model/model-list values.service_tier="priority"on pending request paths.app-server-manager-signals-*asset is skipped instead of repeatedly failing.Entry point
Provider settings → Codex enhancements. The bundled-plugin guard, marketplace unlock, and Fast/service-tier controls are configured in this section.
Safety boundaries
auth.json, API keys, prompt history, provider token caches, permission maps, or similar sensitive data.Validation
npm run checknpm run vite:buildnode --check assets/inject/renderer-inject.jscargo fmt --all --checkcargo test --workspacemain/ Codex++1.2.34.