Add opt-in Codex CLI provider for subscription-auth LLM calls

[ivkiwi]

Summary

• add an opt-in codex-sdk provider that shells out to codex exec for compression/summarization
• detect it via AGENTMEMORY_ALLOW_CODEX_SDK=true, while keeping API-key providers first by default
• add AGENTMEMORY_PREFER_CODEX_SDK=true for users who explicitly want Codex before API-key providers
• document the Codex subscription fallback and add provider/config tests

Safety

• uses the supported Codex CLI surface instead of reading private Codex/ChatGPT token files
• runs child requests with AGENTMEMORY_SDK_CHILD=1 / AGENTMEMORY_CODEX_SDK_CHILD=1 to avoid recursive hook capture
• invokes codex exec with --ephemeral, --ignore-rules, --sandbox read-only, and --skip-git-repo-check
• leaves auto-compression opt-in; this can still consume subscription quota/rate limits

Validation

• ./node_modules/.bin/vitest run test/codex-sdk-provider.test.ts test/env-loader.test.ts
• npm run build
• live CodexSDKProvider smoke test returned OK
• agentmemory status healthy after local linked install

Notes

I also ran npm test, but the full local suite was not clean in my sandbox due existing environment/permission-sensitive failures: embedding provider env selection, fs watcher timeouts, multimodal image writes under ~/.agentmemory, and viewer listen permissions/timeouts.

Closes #527

Summary by CodeRabbit

• New Features

  • Added Codex/ChatGPT subscription fallback support as an alternative LLM provider. Enable via AGENTMEMORY_ALLOW_CODEX_SDK=true, with optional preference override using AGENTMEMORY_PREFER_CODEX_SDK=true.

• Documentation

  • Updated README and configuration examples to document Codex subscription fallback options and related environment variables.

• Tests

  • Added test coverage for Codex provider functionality and provider selection logic.

[vercel]

Someone is attempting to deploy a commit to the rohitg00's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR implements an opt-in Codex CLI subscription-auth fallback for agentmemory, allowing users logged into Codex/ChatGPT to enable LLM compression without provisioning an API key. It adds a CodexSDKProvider that shells out to codex exec, wires it through the provider factory, adds configuration gating via environment variables, and includes comprehensive tests and documentation.

Changes

Codex SDK subscription-auth fallback

Layer / File(s)	Summary
Type definition and configuration setup src/types.ts, src/config.ts	ProviderType union is reformatted to multi-line; buildCodexSdkConfig helper returns codex-sdk config with stderr warning; detectProvider conditionally selects Codex based on AGENTMEMORY_ALLOW_CODEX_SDK and AGENTMEMORY_PREFER_CODEX_SDK environment flags; VALID_PROVIDERS includes codex-sdk for fallback validation.
CodexSDKProvider implementation src/providers/codex-sdk.ts	CodexSDKProvider class invokes Codex CLI via codex exec --ephemeral --sandbox --read-only, builds Codex-compatible prompts, enforces timeout via AGENTMEMORY_CODEX_TIMEOUT_MS with fallback, strips ANSI codes, truncates errors, guards against recursive SDK child invocation, and rejects with exit code/signal and captured output on failure.
Provider factory integration src/providers/index.ts	Imports CodexSDKProvider and extends createBaseProvider switch-case to instantiate CodexSDKProvider from config.model and config.maxTokens when provider is codex-sdk.
CodexSDKProvider unit tests test/codex-sdk-provider.test.ts	Vitest suite creates temporary fake codex executable and validates compress invokes codex CLI with expected prompt format and exec flags, recursion guard prevents execution when AGENTMEMORY_SDK_CHILD=1, and error handling captures exit code and stderr on codex failure.
Configuration integration tests test/env-loader.test.ts	Cleans Codex SDK and provider API-key environment variables before each test; adds three new provider selection tests: Codex SDK fallback when no API key exists, API-key provider precedence over Codex fallback, and explicit Codex preference via AGENTMEMORY_PREFER_CODEX_SDK.
Documentation and configuration examples .env.example, README.md	.env.example adds commented Codex/ChatGPT subscription fallback config block; README.md clarifies default no-LLM behavior, documents Codex fallback option with precedence rules, includes Config File example, and adds Environment Variables subsection describing codex exec configuration variables.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A rabbit hops through configuration,
Codex CLI calls with careful caution—
No API keys, just subscriptions true,
Timeouts guarded, recursion askew.
Shell-spawned whispers keep agents free! 🎯

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add opt-in Codex CLI provider for subscription-auth LLM calls' directly and accurately describes the primary change: introducing a new opt-in provider for Codex CLI to enable subscription-based LLM operations.
Linked Issues check	✅ Passed	The PR fully addresses issue #527 requirements: implements opt-in Codex CLI provider via AGENTMEMORY_ALLOW_CODEX_SDK flag, keeps API-key providers preferred by default, adds AGENTMEMORY_PREFER_CODEX_SDK for preference override, uses supported codex exec interface with safety guards (ephemeral, sandbox, recursion guards), includes warnings, and maintains noop as safe default.
Out of Scope Changes check	✅ Passed	All changes are in scope: environment variable configuration (.env.example), documentation (README.md), provider implementation (config.ts, codex-sdk.ts, providers/index.ts), type definitions (types.ts), and related tests are directly aligned with the Codex CLI provider feature.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

test/env-loader.test.ts (1)

23-42: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Harden setup against ambient OPENAI_API_KEY_FOR_LLM

The test setup clears OPENAI_API_KEY but not OPENAI_API_KEY_FOR_LLM. If the parent environment sets it to false, provider-selection assertions can become flaky.

Suggested patch

     delete process.env["OPENAI_API_KEY"];
+    delete process.env["OPENAI_API_KEY_FOR_LLM"];
     delete process.env["MINIMAX_API_KEY"];

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/env-loader.test.ts` around lines 23 - 42, In the beforeEach setup block
(the anonymous function passed to beforeEach in env-loader.test.ts) you clear
many environment variables but miss OPENAI_API_KEY_FOR_LLM; add deletion of
process.env["OPENAI_API_KEY_FOR_LLM"] so the test environment is hardened
against a parent process setting that variable (update the same beforeEach where
sandboxHome is set and other delete process.env[...] calls occur).

src/config.ts (1)

335-374: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Gate codex-sdk fallback entries behind explicit opt-in

loadFallbackConfig() accepts codex-sdk from FALLBACK_PROVIDERS without requiring AGENTMEMORY_ALLOW_CODEX_SDK=true. That bypasses the explicit opt-in safety gate used by detectProvider() and can unexpectedly invoke subscription-backed calls.

Suggested patch

 export function loadFallbackConfig(): FallbackConfig {
   const env = getMergedEnv();
   const raw = env["FALLBACK_PROVIDERS"] || "";
   const allowAgentSdk = env["AGENTMEMORY_ALLOW_AGENT_SDK"] === "true";
+  const allowCodexSdk = env["AGENTMEMORY_ALLOW_CODEX_SDK"] === "true";
   const providers = raw
@@
     .filter((p) => {
+      if (p === "codex-sdk" && !allowCodexSdk) {
+        process.stderr.write(
+          "[agentmemory] Ignoring FALLBACK_PROVIDERS entry 'codex-sdk' " +
+            "(AGENTMEMORY_ALLOW_CODEX_SDK is not 'true'). Opt in explicitly " +
+            "with AGENTMEMORY_ALLOW_CODEX_SDK=true if this is intentional.\n",
+        );
+        return false;
+      }
       // Honor the same safety gate as detectProvider: agent-sdk is only
       // permitted as a fallback target when the user has explicitly opted

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/config.ts` around lines 335 - 374, loadFallbackConfig currently permits
"codex-sdk" from FALLBACK_PROVIDERS without the explicit opt-in used elsewhere;
add an explicit opt-in check like the existing agent-sdk gate: introduce a
boolean (e.g. allowCodexSdk = env["AGENTMEMORY_ALLOW_CODEX_SDK"] === "true") and
extend the providers filter block in loadFallbackConfig to reject "codex-sdk"
when allowCodexSdk is false, emitting a clear stderr message mirroring the
agent-sdk message (mentioning AGENTMEMORY_ALLOW_CODEX_SDK and why it's gated)
and return false for that entry; reference VALID_PROVIDERS and the providers
filter inside loadFallbackConfig when making this change.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@src/config.ts`:
- Around line 335-374: loadFallbackConfig currently permits "codex-sdk" from
FALLBACK_PROVIDERS without the explicit opt-in used elsewhere; add an explicit
opt-in check like the existing agent-sdk gate: introduce a boolean (e.g.
allowCodexSdk = env["AGENTMEMORY_ALLOW_CODEX_SDK"] === "true") and extend the
providers filter block in loadFallbackConfig to reject "codex-sdk" when
allowCodexSdk is false, emitting a clear stderr message mirroring the agent-sdk
message (mentioning AGENTMEMORY_ALLOW_CODEX_SDK and why it's gated) and return
false for that entry; reference VALID_PROVIDERS and the providers filter inside
loadFallbackConfig when making this change.

In `@test/env-loader.test.ts`:
- Around line 23-42: In the beforeEach setup block (the anonymous function
passed to beforeEach in env-loader.test.ts) you clear many environment variables
but miss OPENAI_API_KEY_FOR_LLM; add deletion of
process.env["OPENAI_API_KEY_FOR_LLM"] so the test environment is hardened
against a parent process setting that variable (update the same beforeEach where
sandboxHome is set and other delete process.env[...] calls occur).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 25ef541d-a042-41e5-abe5-d80937d6c202

📥 Commits

Reviewing files that changed from the base of the PR and between bc64107 and 452f581.

📒 Files selected for processing (8)

• .env.example
• README.md
• src/config.ts
• src/providers/codex-sdk.ts
• src/providers/index.ts
• src/types.ts
• test/codex-sdk-provider.test.ts
• test/env-loader.test.ts