feat: cube-codex-track-file-change#220
Merged
Merged
Conversation
…ge tracking The previous decision-file enforcement used `existsSync` after the main streamed run. A stale decision file from an earlier panel round would satisfy the check, so the bridge would skip the forcing follow-up and Cube would aggregate the stale content (observed on aetheron-connect-v2 PR #1388: Codex emitted zero file_change events but a stale decision file existed, leading to a misleading APPROVED review). Track `file_change` paths emitted on item.started/item.completed during the current bridge invocation and trigger the follow-up when the expected path is absent from the write set. Relative emitted paths are resolved against opts.worktree; the expected path is resolved with path.resolve so comparison is exact post-resolution. The follow-up still runs on the same Codex thread and its events are tracked too. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The runtime adapter launches dist/cli.js directly, so the previous commit's source change to providers/codex.ts only took effect once the bundled artifact was regenerated. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
WalkthroughThe provider's decision-file enforcement now relies on observing ChangesDecision-file enforcement via file_change events
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Poem
Comment |
jacsamell
added a commit
that referenced
this pull request
May 24, 2026
THE root cause of judge_4 (codex-sdk) failing on every cube prv 1388 across multiple days of Phase 3 dogfood. Codex's sandbox was telling the truth: `additionalDirectories` maps to `--add-dir <path>` which grants READ access only. WRITES to those paths get "Operation not permitted" — codex literally cannot write to the main repo from a worktree CWD. PR #188 fixed this for the legacy codex.py CLI adapter by adding `-c sandbox_workspace_write.writable_roots=[<project_root>]` via `--config` overrides. The SDK provider never got the port. The @openai/codex-sdk's Codex({...}) constructor accepts a `config` field documented as: "Additional `--config key=value` overrides ... Provide a JSON object and the SDK will flatten it into dotted paths and serialize values as TOML literals." Passing { sandbox_workspace_write: { writable_roots: [...] } } in the config object reaches the codex CLI as `-c sandbox_workspace_write.writable_roots=[...]` — same effective shape as the legacy adapter. Keeping `additionalDirectories` on startThread too — read access doesn't hurt and may be the correct SDK mechanism in future versions. Evidence: ~/.cube/logs/judge-judge_4-pr-1388-peer-review-1779582290.json Codex's exact words: "I cannot write the exact canonical path from this session. The sandbox blocks it with `Operation not permitted` because `/Users/jacob/dev/aetheron-connect-v2` is outside the writable roots." Loop disclosure: panel review was blocked by Claude weekly quota (cube identity hit limit; resets May 25 23:30 ACST). Spec was written, cube auto fired, all 5 judges failed with auth errors before even reaching the writer. Shipping the 3-line fix directly because the writer phase couldn't progress and this is a P0 dogfood blocker. PR #220's file_change tracking + PR #218's auto-approve gate guard provide safety net coverage in lieu of synchronous panel review; re-review via cube auto on resume once quota resets. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Autonomous implementation via Agent Cube
Writer: Writer Opus (writer_b)
Branch: writer-opus/cube-codex-track-file-change
Review decisions in
.prompts/decisions/cube-codex-track-file-change-*.jsonSummary
This PR introduces per-invocation tracking of file_change paths emitted by the Codex SDK to replace unreliable on-disk existence checks. Previously, the provider would check if decision files existed after streamed runs, which could fail due to stale state. Now it tracks paths emitted during each invocation and only triggers a forcing follow-up if the expected decision file wasn't written.
Changes
codex.ts (the main implementation):
existsSyncchecks with an invocation-local tracking mechanismfile_changepaths emitted during the main Codex run and any follow-up runscodex.test.ts (new test suite):