Fix Termux/Android compatibility issues (DNS, locking, Android target support)#5
Draft
wallentx wants to merge 85 commits into
Draft
Fix Termux/Android compatibility issues (DNS, locking, Android target support)#5wallentx wants to merge 85 commits into
wallentx wants to merge 85 commits into
Conversation
wallentx
changed the title
wallentx
force-pushed
the
wallentx/termux-target
branch
from
d61ca4b to
6c3d14b
Compare
|
Hi, do you know if this will continue to work with, and maybe improve, https://github.com/termux-user-repository/tur/blob/cf26feef42820d03b7061866ee5f456324657a7a/tur/codex/build.sh ? |
Owner
Author
The current TUR provided codex is impacted by the issue that my PR resolves, so if I get an invite to PR upstream, this should fix at least the locking issues. I had some code change logic to handle the absence of /etc/resolve.conf on android, but found that simply adding an aarch64-linux-android target made all of that unnecessary.. but if this never gets merged upstream, I could provide a patch with that original conditional logic so that this can be fully solved via patches in the TUR. Are you a maintainer, @robertkirkman ? |
Yes, I have merge permission for TUR. If you want users of Codex on TUR to get this fix, you could also submit this to https://github.com/termux-user-repository/tur/pulls and I would be able to approve it there, and then whenever this version gets merged the patch could be removed from the TUR version when it gets updated. |
wallentx
force-pushed
the
wallentx/termux-target
branch
from
4cccbca to
89ee71b
Compare
Owner
Author
|
Upstream, they have made a prerelease for rusty-v8 that they are using to test artifacts against their release binaries https://github.com/openai/codex/releases/tag/rusty-v8-v147.4.0 Then I can mirror their upstream prerelease for rust-v8-v147.4.0 which will also include my android artifacts, and this PR might actually be suitable for upstream merging. |
- The Python SDK now supports first-class authentication, including API key login, ChatGPT browser and device-code flows, account inspection, and logout APIs. (openai#23093) - Python turn APIs are easier to use for text-only workflows: you can pass a plain string as input, and handle-based runs now return a richer `TurnResult` with collected items, timing, and usage data. (openai#23151, openai#23162) - `codex exec resume` now accepts `--output-schema`, so resumed automations can keep session context while still enforcing structured JSON output. (openai#23123) - TUI startup is faster because terminal capability probes are now batched instead of waiting on several serial checks before the first interactive frame. (openai#23175) - Remote executor registration can now use standard Codex auth instead of a separate registry credential flow. (openai#22769) - App-server turns can preserve requested image fidelity, including original-resolution local images, across user inputs and image-producing tools. (openai#20693) ## Bug Fixes - Goal continuations now stop when they hit usage limits or a repeated blocker instead of looping and burning more tokens, and completion responses phrase usage more naturally. (openai#23094, openai#22907) - The session picker is easier to trust: renamed threads now show `name (thread-id)` in resume hints, and pasted text works in the picker search box. (openai#23234, openai#23338) - Multi-session TUI flows are more reliable: in-progress MCP calls stay marked as active during replay, and elicitation replies are sent back to the thread that requested them. (openai#23236, openai#23241) - Remote sessions now keep websocket connections alive and show repo-relative diff paths again instead of `/tmp/...`-prefixed paths. (openai#23226, openai#23261) - Windows installs are more robust: `codex doctor` now detects npm-managed installs correctly, and MSVC release binaries no longer depend on separately installed VC++ runtime DLLs. (openai#22967, openai#22905) - TUI polish fixes include immediate shutdown feedback on exit, hiding the ChatGPT usage link for non-OpenAI providers, and keeping a cleared Fast tier from reappearing after side-thread resume. (openai#23323, openai#23127, openai#23121) ## Documentation - The Python SDK docs, FAQ, and examples were refreshed around the new auth flow and turn APIs, with clearer setup guidance and simpler text-only examples. (openai#22941, openai#23093, openai#23151, openai#23162) ## Chores - Memory summaries are now versioned and rebuilt when the stored format is stale, which should keep long-lived memory context leaner and more predictable. (openai#23148) ## Changelog Full Changelog: openai/codex@rust-v0.131.0...rust-v0.132.0 - openai#20693 Preserve image detail in app-server inputs @fjord-oai - openai#22891 tui: pass active permission profiles through app commands @bolinfest - openai#22924 app-server-protocol: remove PermissionProfile from API @bolinfest - openai#22941 [codex] Refine Python SDK user-facing docs @aibrahim-oai - openai#22967 Fix Windows doctor npm root probe @etraut-openai - openai#22920 core: set permission profiles from snapshots @bolinfest - openai#22939 [codex] Split Python SDK helper logic @aibrahim-oai - openai#22907 Improve goal completion usage reporting @etraut-openai - openai#23030 test: construct permission profiles directly @bolinfest - openai#22769 exec-server: support auth-backed remote executor registration @miz-openai - openai#22946 [codex] preserve MCP result meta in McpToolCallItemResult @miaolin-oai - openai#23069 multiagent: trim model-visible description, cap to 5 models @sayan-oai - openai#22913 [1 of 4] tui: route primary settings writes through app server @etraut-openai - openai#23093 sdk/python: add first-class login support @aibrahim-oai - openai#23151 [codex] Return TurnResult from Python turn handles @aibrahim-oai - openai#23147 Make multi-agent v2 tool namespace configurable @jif-oai - openai#23036 test: reduce core sandbox policy test setup @bolinfest - openai#23162 [codex] Accept string input for Python turns @aibrahim-oai - openai#23226 Add exec-server websocket keepalive @starr-openai - openai#23148 Densify and version memory summaries @jif-oai - openai#22448 [codex] Add installed-plugin mention API @xli-oai - openai#23288 chore: goal ext skeleton @jif-oai - openai#23291 Make extension lifecycle hooks async @jif-oai - openai#23293 feat: add extension event sink capability @jif-oai - openai#23295 chore: isolate thread goal storage behind GoalStore @jif-oai - openai#23301 chore: goal resumed metrics @jif-oai - openai#23305 chore: make token usage async @jif-oai - openai#23306 Emit goal update events from goal extension tools @jif-oai - openai#23121 tui: keep cleared Fast tier from reappearing after side-thread resume @etraut-openai - openai#23123 Support --output-schema for exec resume @etraut-openai - openai#23128 Fix TUI stream cleanup after turn errors @etraut-openai - openai#23127 Hide ChatGPT usage link for non-OpenAI status @etraut-openai - openai#23175 [1 of 2] Optimize TUI startup terminal probes @etraut-openai - openai#22706 [codex] Remove legacy shell output formatting paths @pakrym-oai - openai#23332 nit: read prompt @jif-oai - openai#22905 windows: link MSVC release binaries with static CRT @iceweasel-oai - openai#23323 fix(tui): show shutdown feedback on exit @fcoury-oai - openai#23261 Fix remote turn diff display roots @starr-openai - openai#22569 Simplify legacy Windows sandbox ACL persistence @iceweasel-oai - openai#23273 Upload rust full CI JUnit reports @starr-openai - openai#22893 fix: harden plugin creator sharing validation @efrazer-oai - openai#23094 goal: pause continuation loops on usage limits and blockers @etraut-openai - openai#23234 Clarify resume hints for renamed threads @etraut-openai - openai#23241 TUI: route elicitation responses to request thread @etraut-openai - openai#23236 TUI: replay in-progress MCP calls as started @etraut-openai - openai#23088 goals: keep pause transitions explicit @etraut-openai - openai#23338 feat(tui): handle paste in session picker @fcoury-oai - openai#23335 feat(app-server): add optional thread_id to experimentalFeature/list @owenlin0
(cherry picked from commit 337303c)
wallentx
force-pushed
the
wallentx/termux-target
branch
from
438ac09 to
7ead295
Compare
Termux rust-v0.132.0
…nt/wallentx_termux-target_from_release_0.132.0_a234e07f3bcf # Conflicts: # .github/workflows/rust-release.yml # codex-rs/Cargo.toml
…et_from_release_0.132.0_a234e07f3bcf checkpoint: into wallentx/termux-target from release/0.132.0 @ a234e07
Termux rust-v0.133.0-alpha.1
…nt/wallentx_termux-target_from_release_0.133.0_5180a72112f6 # Conflicts: # .github/workflows/rust-release.yml # codex-rs/Cargo.toml
…et_from_release_0.133.0_5180a72112f6 checkpoint: into wallentx/termux-target from release/0.133.0 @ 5180a72
## Why Legacy `[profiles.<name>]` config tables and the legacy `profile` selector are being retired in favor of profile files selected with `--profile <name>`. After openai#23886 removed the CLI-side legacy profile plumbing, the app-server config surface still exposed those fields and still carried conversion code for the old protocol shape. ## What changed - Remove `profile`, `profiles`, and `ProfileV2` from the app-server config protocol/schema output so `config/read` no longer returns legacy profile config. - Drop the old v1 `UserSavedConfig` profile conversion path from `config`. - Reject new app-server config writes under `profiles.*` with the same migration direction used for `profile`, while still allowing callers to clear existing legacy profile tables. - Refresh app-server config coverage and the experimental API README example around the remaining `Config` nesting path. ## Verification - Added config-manager coverage that `config/read` omits legacy profile config, `profiles.*` writes are rejected, and existing legacy profile tables can still be cleared. - Updated the v2 config RPC test to cover the rejected `profiles.*` batch-write path.
Add new enterprise requirement gate. Validation: - `cargo test -p codex-config --lib` - `cargo test -p codex-app-server-protocol --lib` - `cargo test -p codex-tui --lib debug_config` - `cargo test -p codex-app-server --lib` *(fails: stack overflow in `in_process::tests::in_process_start_initializes_and_handles_typed_v2_request`; reproduces when run alone)*
## Why Windows sandbox diagnostics currently append to a single `sandbox.log` under `CODEX_HOME/.sandbox`. That file never rolls over, which makes it hard to safely include sandbox diagnostics in future feedback reports without risking unbounded growth. ## What changed - Replaced direct append-open sandbox logging with `tracing_appender::rolling::RollingFileAppender`. - Configured sandbox logs to rotate daily using names like `sandbox.YYYY-MM-DD.log`. - Added a conservative `MAX_LOG_FILES` cap of 90 retained matching log files. - Routed the Windows sandbox setup helper through the same rolling writer. - Added helpers for resolving the current daily sandbox log path so future feedback upload work can use the same filename logic. - Updated tests and test diagnostics to read the dated daily log file. This intentionally does not include sandbox logs in `/feedback` yet; scrubbing and attachment behavior can happen in a follow-up. ## Testing - `cargo fmt -p codex-windows-sandbox` - `cargo check -p codex-windows-sandbox` - `cargo test -p codex-windows-sandbox` - `cargo test -p codex-windows-sandbox logging::tests` - `cargo clippy -p codex-windows-sandbox --all-targets -- -D warnings`
Now that users can install via `curl` (or `irm`), we should tell them about it so they no longer need to use `npm`! Note that on one Windows machine I tested on, when I ran: ``` irm https://chatgpt.com/codex/install.ps1 | iex ``` I got this error: ``` iex : The property 'OSArchitecture' cannot be found on this object. Verify that the property exists. At line:1 char:45 + irm https://chatgpt.com/codex/install.ps1 | iex + ~~~ + CategoryInfo : NotSpecified: (:) [Invoke-Expression], PropertyNotFoundException + FullyQualifiedErrorId : PropertyNotFoundStrict,Microsoft.PowerShell.Commands.InvokeExpressionCommand ``` so we'll recommend the following that works from both `cmd.exe` and PowerShell: ``` powershell -ExecutionPolicy ByPass -c "irm https://chatgpt.com/codex/install.ps1 | iex" ``` This PR makes a slight update to `codex-rs/tui/src/update_action.rs` to match.
## Why Older Git for Windows versions can leave the Windows console output mode without virtual terminal processing after Codex runs git metadata commands in a repository. When the TUI later emits ANSI control sequences for redraws, restore, or image rendering, Windows Terminal can show raw escape bytes or leave the prompt/status area corrupted. This is a targeted mitigation for the repo-conditioned Windows rendering corruption reported in openai#23888 and related reports openai#23512 and openai#23628. Updating Git avoids the trigger for affected users, but Codex should also reassert the terminal mode before it writes TUI control sequences. | Before | After | |---|---| | <img width="2100" height="1359" alt="CleanShot 2026-05-22 at 11 23 21" src="https://github.com/user-attachments/assets/3218c379-5f97-4c71-ab25-805c9d20578a" /> | <img width="2100" height="1359" alt="CleanShot 2026-05-22 at 11 23 58" src="https://github.com/user-attachments/assets/55ac72bb-37d0-400e-99bc-12dd5ea4092d" /> | ## What Changed - Re-enable Windows virtual terminal processing for stdout and stderr before TUI mode setup, restore, redraw, resume, and pet image render paths. - Treat invalid, null, or non-console handles as no-ops so redirected or non-console output is unaffected. - Keep the helper as a no-op on non-Windows platforms. ## How to Test 1. On Windows Terminal with a Git 2.28.0 for Windows install, start Codex inside a valid Git repository. 2. Start a new Codex CLI session. 3. Confirm the prompt, working indicator, and bottom status line remain readable instead of showing raw ANSI escape sequences. 4. Repeat outside a Git repository to confirm the ordinary non-repo startup path is unchanged. Targeted tests: - Not run locally; the behavior depends on Windows console mode APIs and the current worktree is on macOS.
## Why `codex sandbox` now always runs the host sandbox backend, so it should accept the same profile selection mechanism as the rest of the runtime CLI surface. Without `--profile`, sandbox debugging can exercise only the default config stack unless users manually translate profile config into ad hoc `-c` overrides. Supporting `--profile` lets sandbox invocations load `$CODEX_HOME/<name>.config.toml`, including permission profile configuration, before resolving the sandbox policy for the command being run. ## What Changed - Added `--profile NAME` / `-p NAME` to the host-specific `codex sandbox` argument structs as `config_profile`. - Allowed root-level `codex --profile NAME sandbox ...` and made a sandbox-local `codex sandbox --profile NAME ...` override the root selection. - Threaded `LoaderOverrides` through sandbox config loading so selected config profile files participate in permission resolution before the legacy read-only fallback. - Documented the new sandbox flag in `codex-rs/README.md`. ## Verification - Added parser coverage for `codex sandbox --profile`. - Added sandbox config-loader coverage that verifies selected config profile loader overrides select the profile config rather than falling back to read-only. - Ran `cargo test -p codex-cli`.
## Why [Recent PR](openai#22709) removed `trace_id` from `TurnContextItem`. ## What changed - Add to `TurnStartedEvent` so rollout consumers can correlate turns with telemetry traces. - Note that the branch name is out of date because I originally re-added to `TurnContextItem`, but we decided to move it to `TurnStartedEvent`. ## Verification - `cargo test -p codex-protocol` - `cargo test -p codex-core --lib regular_turn_emits_turn_started_without_waiting_for_startup_prewarm` - `cargo test -p codex-core --test all emits_warning_when_resumed_model_differs` - `cargo test -p codex-rollout` - `cargo test -p codex-state`
## Summary - add `--oauth-client-id` and `--oauth-resource` options for streamable HTTP `codex mcp add` registrations - persist those options in MCP server config and use them during the immediate OAuth login flow - cover add-time serialization of both OAuth options in the CLI integration tests ## Testing - `just fmt` - `cargo test -p codex-cli` - `just fix -p codex-cli`
## Why Standalone image generation needs a typed `codex-api` client surface for the Codex image proxy routes before the harness and model-facing tool layers are wired in. ## What changed - Added `ImagesClient` support for JSON `images/generations` and `images/edits` requests. - Added typed request and response shapes for generation, JSON edit image URLs, image metadata, and base64 image outputs. - Kept generation model slugs open-ended while requiring the generation model field that the downstream endpoint expects. - Exported the new client and image types from `codex-api`. - Added coverage for generation and edit wire shapes, extra response metadata that the client ignores, and malformed image responses missing `data`. ## Validation - `cargo test -p codex-api` - `just fix -p codex-api` - `just fmt` - `git diff --check main`
…i#24146) ## What changed - Add a distinct `responses_compaction_v2` value for `CodexCompactionEvent.implementation`. - Emit that value from the remote compaction v2 path. - Keep local compaction as `responses` and legacy `/responses/compact` as `responses_compact`. ## Why Remote compaction v2 and local prompt-based compaction were both reported as `responses`, which made the analytics table collapse two different compaction mechanisms into one implementation bucket. ## Validation - `just fmt` - `just test -p codex-analytics` `just test -p codex-core` was started locally, but this PR is intentionally being pushed for CI to finish the remaining validation.
## Why The package builder already fetches `rg` from a checked-in DotSlash manifest. The zsh packaging work needs the same fetch/cache/size-check/SHA-256/extract path for another manifest, but keeping that refactor inside the zsh PR makes the review harder to follow. This PR factors the existing `rg`-specific implementation into a reusable helper with no intended behavior change for `rg` packaging. ## What Changed - Added `scripts/codex_package/dotslash.py` for checked-in DotSlash manifest parsing, archive download, cache reuse, size validation, SHA-256 validation, and member extraction. - Updated `scripts/codex_package/ripgrep.py` to delegate to the shared helper. - Preserved the existing `rg` manifest path, cache key, destination filename, and executable-bit behavior. ## Testing - `python3 -m py_compile scripts/codex_package/dotslash.py scripts/codex_package/ripgrep.py scripts/codex_package/cli.py scripts/codex_package/layout.py scripts/codex_package/zsh.py` - `python3 -m unittest discover scripts/codex_package` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/24129). * openai#23768 * openai#23756 * __->__ openai#24129
## Why The idea here is to erase the difference between initial and followup inputs to a turn. Followup inputs are already represented as TurnInput. Eventual goal is not to have explicit on task input at all and pull everything from input Q. ## What Changed - Changes `SessionTask::run` and the erased `AnySessionTask::run` path to accept `Vec<TurnInput>`. - Wraps user-submitted spawn input as `TurnInput::UserInput` at the session task start boundary. - Updates `run_turn` to record initial `TurnInput` using the same hook and recording path used for pending input. - Keeps review-specific conversion local to `ReviewTask`, where the sub-Codex one-shot API still expects `Vec<UserInput>`. - Moves the synthetic compact prompt into `CompactTask` and starts compact tasks with empty task input. ## Validation - `cargo check -p codex-core` - `just test -p codex-core -E 'test(task_finish_emits_turn_item_lifecycle_for_leftover_pending_user_input) | test(queued_response_items_for_next_turn_move_into_next_active_turn) | test(steered_input_reopens_mailbox_delivery_for_current_turn)'`
## Summary - add Divan benchmarks for prompt image re-encoding paths - wire the image benchmark smoke test into Rust CI workflows ## Why Image prompt handling includes re-encoding work that benefits from repeatable benchmark coverage so changes can be measured in CI and locally. This already helped identify a potential regression from changing compiler flags. ## Impact Developers can run and compare the new image re-encoding benchmarks, and CI exercises the benchmark target via the Rust benchmark smoke test.
## Why Before changing the Codex Bridge JSON schema policy, add integration coverage around real connector-like MCP tool schemas. The existing unit tests cover individual sanitizer behaviors, but they do not make it easy to see whether full fixture schemas keep model-visible guidance, prune only unreachable definitions, drop unsupported JSON Schema fields, and stay within the Responses API schema budget. ## What Changed - Added `tools/tests/json_schema_policy_fixtures.rs`, which converts MCP tool fixtures through `mcp_tool_to_responses_api_tool` and validates the resulting Responses tool parameters. - Added connector-style fixtures for Slack, Google Calendar, Google Drive, Notion, and Microsoft Outlook Email under `tools/tests/fixtures/json_schema_policy/`. - Added fixture assertions for preserved guidance, pruned definitions, expected field drops after `JsonSchema` conversion, marker count baselines, and dangling local `$ref` prevention. - Added a real oversized golden Notion `create_page` input schema fixture to exercise the compaction path that strips descriptions, drops root `$defs`, rewrites local refs, and fits the compacted schema under the budget.
## Why The turn loop no longer needs to decide when a `ModelClientSession` should reset its websocket state after compaction. That reset behavior belongs inside the model client, where the websocket cache and retry state are owned. The repo guidance now calls this out explicitly so future changes let the incremental request logic decide whether the previous request can be reused. ## What Changed - Removed the `reset_client_session` return value from pre-sampling and auto-compact helpers in `core/src/session/turn.rs`. - Changed compaction helpers to return `CodexResult<()>` so callers only handle success or failure. - Made `ModelClientSession::reset_websocket_session` private to `core/src/client.rs`, leaving it callable only from model-client internals. - Added `AGENTS.md` guidance not to call `reset_client_session` unnecessarily. ## Validation - `just test -p codex-core session::turn`
…#24114) ## Why `openai/openai#947613` adds `X-Codex-Rate-Limit-Reached-Type` for Codex workspace credit-depletion and spend-cap responses. The CLI currently reads the adjacent promo header but otherwise renders generic usage-limit copy, so those responses do not explain the workspace-specific action the user needs to take. Backend dependency: openai/openai#947613 ## What Changed - Parse `X-Codex-Rate-Limit-Reached-Type` in the usage-limit error handling path alongside `x-codex-promo-message`. - Keep the header value parsing with the shared `RateLimitReachedType` enum. - Carry the parsed type on `UsageLimitReachedError` and render client-owned copy for the four workspace owner/member credit and spend-cap values. - Preserve existing promo and plan-based text for absent, generic, or unknown header values. - Keep the existing TUI workspace-owner nudge state path unchanged; the response header only selects the displayed error string. - Add focused display coverage for all specific type values and the generic fallback case. ## Test Plan - Added `usage_limit_reached_error_formats_rate_limit_reached_types` coverage. - Not run manually, per request; CI runs validation on the pushed commit.
## Why The zsh release workflow currently publishes macOS arm64 and Linux zsh fork artifacts, but no macOS x64 artifact. The Codex package builder therefore cannot include codex-resources/zsh/bin/zsh for x86_64-apple-darwin packages. ## What Changed - Added an x86_64-apple-darwin row to the macOS zsh release matrix. - Runs that row on macos-15-large, the Intel macOS runner appropriate for the native zsh build. - Added the matching macos-x86_64 platform to the zsh DotSlash publish config so the generated release manifest can reference the new tarball.
Termux rust-v0.134.0-alpha.2
…nt/wallentx_termux-target_from_release_0.134.0_382b2ad95859
…et_from_release_0.134.0_382b2ad95859 checkpoint: into wallentx/termux-target from release/0.134.0 @ 382b2ad
Termux rust-v0.134.0-alpha.3
…nt/wallentx_termux-target_from_release_0.134.0_0a84df1e3328
…et_from_release_0.134.0_0a84df1e3328 checkpoint: into wallentx/termux-target from release/0.134.0 @ 0a84df1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Codex CLI currently fails on native Termux/Android due to DNS resolution and unsupported lock semantics in this environment. This PR adds compatibility adjustments that allow:
The changes preserve existing behavior on non-Android platforms.
Changes
DNS/Resolver fixes
$PREFIX/etc/resolv.conf,Graceful handling of unsupported locks
std::io::ErrorKind::Unsupportedfromtry_lock()without failing.Android build target support in CI
To produce and validate builds targeting Android (e.g. native Termux):
aarch64-linux-androidtarget in GitHub Actions.CC, andARfor the Android target.keyringtarget dependencies for Android.This enables CI to build Android artifacts that include the compatibility adjustments above, which aids testing and validation.
Validation
just fmtcargo test