Add thin Windows PowerShell launcher#128
Merged
fujibee merged 5 commits intoJun 17, 2026
Merged
Conversation
Contributor
Author
|
CI is green on the latest head (
I also ran a real native Windows PowerShell E2E after installing this branch into Covered flow:
The message body included Japanese text, quotes, and emoji ( |
Contributor
Author
|
One design note compared with #103: This follow-up intentionally simplifies the native-Windows approach from the previous PR. Instead of keeping a Windows runner script plus a
All command semantics and DB access stay on the Bash side ( So compared with #103, this PR removes the runner/shim layer and makes the Windows path smaller: PowerShell is only the launcher, Bash remains the implementation. |
Owner
|
Reviewed — this looks good. The design is clean: keeping all command semantics in CI is green (check + bats ubuntu/macos), and the manual Windows E2E in the test plan is thorough. Approving. Two non-blocking notes for follow-up:
Thanks for the thorough test plan. |
Merged
fujibee
added a commit
that referenced
this pull request
Jun 18, 2026
Build the full Codex pseudo-monitor on top of the re-arm fix, ported clean onto current main (despawn + instance-id already landed). New scripts: - codex-shim.sh: PATH-front entrypoint that routes interactive codex / codex resume launches in monitor-mode projects through codex-monitor.sh; everything else (--version, exec, non-monitor projects) passes through to real Codex. - codex-monitor.sh: starts/reuses the shared app-server, launches the out-of-sandbox bridge launcher, then execs the TUI on the same unix socket. - codex-bridge-launcher.sh: polls the request file and starts codex-bridge.js outside the Codex sandbox (a hook-launched bridge cannot connect to the socket from inside the sandbox). - codex-shim-install.sh: installs/removes the ~/.agents/bin/codex shim. Wiring grafted onto main's versions (preserving #129/#132/#128): - session-start.sh: codex branch writes a request file (launcher mode) or nohup-launches the bridge. Resolves the thread id via CODEX_THREAD_ID, then falls back to the newest rollout whose session_meta cwd matches the project — fresh / "codex exec" sessions never export CODEX_THREAD_ID, so without this the bridge only auto-launched on the interactive resume path (launch-gap #41). - delivery.sh: "set monitor" for codex installs the shim + prints guidance; rejects "both". - install.sh: configure_codex_sandbox adds db/teams/run to Codex sandbox_workspace_write.writable_roots. Tests: codex shim, session-start codex (incl. rollout fallback), delivery monitor/both codex, install writable_roots. Full suite 314 green.
fujibee
added a commit
that referenced
this pull request
Jun 18, 2026
… + fresh-session launch (#41) (#148) * feat(codex-bridge): re-arm watch-once without depending on turn/completed (#41) Vertical slice of the Codex app-server bridge, rebuilt clean on current main (despawn + instance-id already landed). Carries the working WebSocket-over-UDS transport and watch-once oracle, and fixes the delivery bug. Root cause: the bridge re-armed watch-once only from onTurnCompleted (turn/completed | turn/failed). The real Codex app-server does not reliably deliver those, so after the first wake the bridge started a turn and never re-armed — it handled one message then slept. The fake app-server in tests sends turn/completed explicitly, hiding it. Fix: route turn teardown through a single onTurnEnded() reachable from turn/completed, thread/status idle, OR a turn watchdog (--turn-timeout, default 60s). Detection re-arms when the turn ends, so a missing completion event no longer parks the bridge. The stale max_id guard is retained. Tests: two regressions where the fake never sends turn/completed — one driven by the watchdog, one by an idle status — asserting a second wakeup occurs. Full codex-bridge + watch-once suites green (12 + 6). * feat(codex-bridge): wire up the Codex monitor stack on main (#41) Build the full Codex pseudo-monitor on top of the re-arm fix, ported clean onto current main (despawn + instance-id already landed). New scripts: - codex-shim.sh: PATH-front entrypoint that routes interactive codex / codex resume launches in monitor-mode projects through codex-monitor.sh; everything else (--version, exec, non-monitor projects) passes through to real Codex. - codex-monitor.sh: starts/reuses the shared app-server, launches the out-of-sandbox bridge launcher, then execs the TUI on the same unix socket. - codex-bridge-launcher.sh: polls the request file and starts codex-bridge.js outside the Codex sandbox (a hook-launched bridge cannot connect to the socket from inside the sandbox). - codex-shim-install.sh: installs/removes the ~/.agents/bin/codex shim. Wiring grafted onto main's versions (preserving #129/#132/#128): - session-start.sh: codex branch writes a request file (launcher mode) or nohup-launches the bridge. Resolves the thread id via CODEX_THREAD_ID, then falls back to the newest rollout whose session_meta cwd matches the project — fresh / "codex exec" sessions never export CODEX_THREAD_ID, so without this the bridge only auto-launched on the interactive resume path (launch-gap #41). - delivery.sh: "set monitor" for codex installs the shim + prints guidance; rejects "both". - install.sh: configure_codex_sandbox adds db/teams/run to Codex sandbox_workspace_write.writable_roots. Tests: codex shim, session-start codex (incl. rollout fallback), delivery monitor/both codex, install writable_roots. Full suite 314 green. * docs(codex-bridge): document the Codex monitor beta (#41) - templates/cmd.codex.md: offer monitor as a delivery mode for codex (the app-server bridge beta), default to it on first join, and accept "mode monitor"; keep rejecting "both". - README.md: describe the Codex monitor beta in the Codex section and the intro, pointing at docs/codex-monitor-beta.md for setup and internals. * test(codex): sandbox HOME in setup_test_env so the suite never touches real state (#41) Running the bats suite was clobbering the developer's real shim: a couple of tests install the codex shim (delivery set monitor codex -> codex-shim-install writes $HOME/.agents/bin/codex) and configure $HOME/.codex/config.toml, but setup_test_env did not sandbox HOME. The shim ended up pointing at the test's temp scripts dir, which dangled once the temp dir was torn down. CI never caught it (clean containers have no real ~/.agents to break). Sandbox HOME under the per-test temp skill dir in setup_test_env. bats runs each test in its own subshell, so the export is scoped per test and needs no restore. test_install.bats keeps its own FAKE_HOME and is unaffected. * feat(codex): flag missing PATH / Node when enabling monitor mode (#41) The two silent first-run failures for the Codex monitor beta were a shim that isn't on PATH and a missing Node — in both cases the bridge just never starts. `delivery set monitor codex` now surfaces them at enable time: - If ~/.agents/bin is not on PATH, print a loud WARNING that the shim won't intercept `codex` and the bridge will not engage (this is the #1 cause of "I turned monitor on and nothing happens"). - If Node is missing, print a WARNING that the bridge needs Node. Presence only, no version gate: the bridge uses old/stable APIs (one optional-chaining call, Node 14+) and any Node new enough to run Codex runs it. AGMSG_CODEX_NODE overrides the checked binary (and makes the path testable). Tests for both warnings. * docs(codex-bridge): fix the flow diagram — hook writes a request file, launcher starts the bridge (#41) The diagram and prose claimed the SessionStart hook starts codex-bridge.js directly. That is the broken in-sandbox path (socket connect EPERM). Correct it: the hook resolves the thread (CODEX_THREAD_ID or newest matching rollout) and writes a request file; codex-monitor.sh's out-of-sandbox launcher reads it and starts the bridge, which connects over WebSocket-over-UDS. Add the re-arm loop and turn serialization. * feat(codex): emphasize the monitor beta and clean up on mode off (#41) Make the experimental nature and the PATH cost of the Codex monitor beta hard to miss, and make turning it off actually tear things down: - cmd.codex.md: move monitor to the LAST delivery option (3, "BETA, advanced"), default to turn, and spell out that it installs a PATH shim that intercepts the `codex` command — opt in only if you understand PATH precedence. - README + docs/codex-monitor-beta.md: prominent warning blocks (changes how Codex starts, ~/.agents/bin must be first on PATH, known rough edges #149/#150). - delivery.sh: `set off codex` now stops the project's bridge process(es) and removes their run files (the manual counterpart to the not-yet-wired auto teardown, #149), and tells the user the shim is global — how to remove it and restore PATH if no other project uses monitor. Leaves the shared app-server and shim in place. Test included. * feat(codex): tell users to restart Codex for monitor to take effect (#151) Enabling mode monitor only launches the bridge on the next Codex SessionStart, so an already-running session (or an off->on toggle) stays unmonitored until restart. delivery.sh, the cmd.codex.md prompt guidance, and docs now say so explicitly. The actual in-session (re)launch is tracked in #151. * docs(codex): clarify bridge starts on first turn, not at launch Codex fires the SessionStart hook on the session's first turn (first message), not the moment the TUI opens, so the monitor bridge is absent until the user interacts once after a restart. Update the delivery.sh enable message, the cmd.codex.md prompts, and the beta doc to say "restart and send your first message". Note the launcher/request-file redundancy review (#153) in the bridge mechanics. * feat(codex): lower monitor poll interval default from 5s to 2s The watch-once poll interval governs how fast an idle, armed bridge detects a new unread message. Drop the default from 5s to 2s for snappier delivery. Safe against double-injection: watch-once is one-shot (exits on first detection), re-arm only happens after the turn ends, and the stale-max_id guard backstops any re-detection — none of which the interval affects. Update both the bridge default and the watch-once.sh standalone fallback to keep them in sync. * fix(codex): deliver deferred wake on turn end; de-dup Codex writable_roots Two blocking issues from review: 1) codex-bridge.js: a wake observed while the resumed thread was still active (SessionStart fires on the first user turn) was deferred by tryStartTurn(), but onTurnEnded() re-armed instead of delivering it. The next watch-once re-observed the same unread max_id and the stale-wake guard stopped the bridge with exit 1 before the message was delivered. onTurnEnded() now delivers a pending wake via tryStartTurn() rather than re-arming. 2) install.sh: Codex writable_roots was configured by TWO copies — a legacy inline block (db/teams only, old closing-bracket awk) and configure_codex_ sandbox() (db/teams/run). On a fresh install both ran, and the inline copy's empty-array handling emitted a leading comma, which combined with the function's insert to produce invalid TOML (`["run", , "db", "teams"]`). Removed the legacy inline duplicate and rewrote the function to insert after the opening '[' — valid for empty/single-line/multiline arrays. Adds regression tests for both (the bridge test fails without the fix).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Windows PowerShell users currently depend on session-local aliases/functions or ad hoc wrappers. This adds a thin PowerShell launcher that delegates to the existing Bash scripts, preserving agmsg's single implementation and DB access boundary while making Windows invocation reliable.
This PR also folds in the Codex sandbox README note so the Windows follow-up and README-only update land together.
What changed
scripts/dispatch.shas the Bash-side command dispatcher forinbox,send,history,team,config,mode,join,reset,actas, anddrop.scripts/windows/agmsg.ps1as a thin Windows platform shim: Git Bash detection, UTF-8 setup, sqlite3 preflight, argv handoff, thendispatch.sh.install.shno longer writes a top-level~/.agents/<cmd>.ps1; users can enable a profile function viascripts/windows/install-agmsg.ps1.install.sh --cmd <name> --updateso it updates the named skill instead of the first.agmsgskill directory found.Test plan
Local checks run on Windows:
git diff --checkbash -n install.sh uninstall.sh scripts/delivery.sh scripts/dispatch.sh scripts/send.sh scripts/inbox.sh scripts/history.sh scripts/team.sh scripts/join.sh scripts/reset.sh scripts/whoami.sh scripts/identities.shscripts/windows/agmsg.ps1andscripts/windows/install-agmsg.ps1npm testpowershell -NoProfile -ExecutionPolicy Bypass -File tests/smoke_windows_powershell.ps1 -RepoRoot (Resolve-Path .).Pathmode off/mode turn~/.agents/<cmd>.ps1creation and cleanup of the earlier generated shortcutagmsgfunction that points at~/.agents/skills/agmsg/scripts/windows/agmsg.ps1:join -> send -> history -> inbox -> env identity -> whoami identity -> mode off/turn -> team -> resetCI is green on the latest head:
check: passbats (ubuntu-latest): passbats (macos-latest): pass