Skip to content

修复供应商切换状态丢失与 Fast/插件稳定性 / Fix provider-switch state loss and Fast/plugin stability#1345

Open
Yuimi-chaya wants to merge 5 commits into
BigPizzaV3:mainfrom
Yuimi-chaya:codex/provider-state-plugin-fast
Open

修复供应商切换状态丢失与 Fast/插件稳定性 / Fix provider-switch state loss and Fast/plugin stability#1345
Yuimi-chaya wants to merge 5 commits into
BigPizzaV3:mainfrom
Yuimi-chaya:codex/provider-state-plugin-fast

Conversation

@Yuimi-chaya

@Yuimi-chaya Yuimi-chaya commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

中文说明

摘要

本 PR 修复 Codex++ 在供应商切换和 Codex App 新版本注入中的几个长期体验问题:Codex App 本地状态丢失、工作区/个性化设置需要重复配置、Browser/Chrome/Computer Use 等内置插件在 API-key 模式下切换后变灰、Fast/service tier 因模型读取时序或新版 DOM/asset 变化而时隐时现。

本次按功能拆成 4 个 commit,方便逐块审查。

为什么

Codex++ 的核心场景之一是国内用户通过自定义 Base URL + API key 使用 Codex App,而不是依赖官方登录态。当前供应商切换已经能同步会话数据库,让历史对话继续可见,但 Codex App 自己的 persisted state / desktop settings / plugin cache / service-tier 状态没有完整保留。

这会带来几个实际问题:

  • 工作区 root、project hints、projectless output directories 丢失后,用户切换供应商就像重新安装了一次工作区。
  • 个性化设置丢失并不是小问题。比如用户习惯 Ctrl+Enter 提交、Enter 换行,切换后如果回到默认值,按一次 Enter 就可能误提交 prompt。
  • pet/avatar、窗口/侧边栏布局、onboarding/coachmark 状态被重置,会让每个供应商都像一套新环境。
  • Browser、Chrome、Computer Use 等特殊插件在 API-key 场景下可能切换后变灰,必须开 VPN 进入一次官方环境才恢复。
  • Fast/service tier 可能在已经选择 gpt-5.5 且请求可用时仍提示“当前模型未读取”或隐藏入口。

改动

1. Codex App 状态同步

  • 新增 allowlist-based .codex-global-state.json snapshot/merge 逻辑。
  • 保留 workspace roots、project order、thread workspace hints、projectless output directories、writable roots 等和工作区恢复相关的 key。
  • 保留安全的 persisted atom state,例如 default service tier、Fast 提示状态、plugin/onboarding/coachmark、sidebar/panel、avatar overlay 等。
  • 写入前备份到 backups_state/app-state-sync,并维护 latest safe snapshot。
  • 写 provider config 前保留 live [desktop] table,避免覆盖 composerEnterBehaviorselected-avatar-idfollowUpQueueMode 等 Codex Desktop 设置。

2. 供应商切换入口和内置插件 guard

  • 在 launcher、relay switch、manager apply/clear injection 路径中接入切换前 snapshot、切换后 sync。
  • 在完整增强 + 插件市场解锁开启时默认启用 builtin plugin guard,同时保留“强制启用”开关覆盖其他场景。
  • 保留并确保 browser@openai-bundledchrome@openai-bundledcomputer-use@openai-bundled 的本地 bundled 状态。
  • 保留/写入 js_repllocal_shellcomputer_use、Windows unelevated sandbox、notify 配置和 runtime export 兼容修复。
  • 启动时设置 CODEX_ELECTRON_ENABLE_WINDOWS_COMPUTER_USE=1
  • 确保内置 remote plugin marketplace snapshot 可以在切换后重新注册。

3. Fast/service tier 模型目录稳定

  • active relay profile 的 model catalog 现在会读取 live ~/.codex/config.toml 的实际模型。
  • 当前 live 模型优先,其次合并 profile model 和 model list。
  • 去除 Codex++ 模型后缀后再去重,避免显示/判断混乱。

4. 注入层 Fast 与 Codex App 新版兼容

  • 未读取到当前模型时不再直接判定 unsupported,而是视为 pending;只有明确读到非 gpt-5.4 / gpt-5.5 时才阻断 Fast。
  • 从请求参数、可见 UI、backend model catalog、last-known supported model 多源解析模型。
  • pending 状态下保留 service_tier="priority",避免无声降级。
  • 新增 optional Codex App asset loader;旧 app-server-manager-signals-* asset 缺失时记录 skipped,而不是持续 failed。
  • 移除硬编码的旧 app-server-manager asset import。
  • Fast badge placement 增加从模型按钮、textarea、contenteditable、textbox 推导 composer 的 fallback,兼容新版 DOM。

安全边界

  • 不复制 auth.json、API Key、prompt history、provider token cache、permission maps 等敏感内容。
  • 状态同步使用 allowlist,不做 whole-state copy。
  • 特殊插件部分是本地 config/cache/runtime 兜底,不声称 100% 绕过 Codex App ASAR 内部所有组织/地区 gate。
  • 不修改用户图片、密钥、认证文件或全局 git/npm/cargo 配置。

测试

  • node --check assets/inject/renderer-inject.js
  • cargo fmt --check
  • npm run check
  • cargo --config "source.crates-io.replace-with='ustc-sparse'" --config "source.ustc-sparse.registry='sparse+https://mirrors.ustc.edu.cn/crates.io-index/'" test -p codex-plus-core --test codex_app_state --test relay_config --test relay_switch --test launcher --test model_catalog --test cdp_bridge

手动验证

  • 连续两轮新供应商切换后,个性化 settings 成功保留。
  • 无 VPN 情况下切换供应商后,Computer Use 和 Browser 最终恢复为可用状态。
  • 最新本地安装补丁后,Fast badge 在对话框右下角恢复显示。

English Summary

Summary

This PR fixes several long-standing provider-switch and injection issues in Codex++: lost Codex App local state, repeated workspace/personalization setup, built-in Browser/Chrome/Computer Use plugins becoming unavailable in API-key mode after provider switches, and Fast/service-tier controls disappearing or being misdetected because of model-read timing or newer Codex App DOM/asset changes.

The change is split into 4 commits so each functional area can be reviewed separately.

Why

One of Codex++'s core use cases is using Codex App with a custom Base URL + API key, especially for users who do not rely on the official login state. Provider switching already syncs conversation data so historical threads stay visible, but Codex App's persisted state, desktop settings, plugin cache, and service-tier state were not fully preserved.

This causes several practical issues:

  • If workspace roots, project hints, and projectless output directories are lost, switching providers feels like reinstalling the workspace.
  • Losing personalization is not a cosmetic issue. For example, if a user expects Ctrl+Enter to submit and Enter to insert a newline, resetting this behavior can cause an accidental prompt submission.
  • Resetting pet/avatar, window/sidebar layout, onboarding, and coachmark state makes every provider feel like a separate fresh environment.
  • Browser, Chrome, and Computer Use can become disabled after provider switches in API-key mode, forcing users to open the official environment through VPN once.
  • Fast/service tier can report the current model as unread or hide the entry even when gpt-5.5 is visibly selected and requests work.

Changes

1. Codex App state sync

  • Added allowlist-based .codex-global-state.json snapshot/merge logic.
  • Preserves workspace roots, project order, thread workspace hints, projectless output directories, writable roots, and related workspace recovery keys.
  • Preserves safe persisted atom state such as default service tier, Fast hints, plugin/onboarding/coachmark state, sidebar/panel state, and avatar overlay state.
  • Backs up before writing under backups_state/app-state-sync and keeps a latest safe snapshot.
  • Preserves the live [desktop] table before writing provider config, avoiding overwrites of Codex Desktop settings such as composerEnterBehavior, selected-avatar-id, and followUpQueueMode.

2. Provider-switch hooks and builtin plugin guard

  • Wires pre-switch snapshot and post-switch sync into launcher, relay switch, and manager apply/clear injection paths.
  • Enables the builtin plugin guard by default when full enhancements and plugin marketplace unlock are active, while keeping the force-enable switch for other scenarios.
  • Preserves and ensures local bundled state for browser@openai-bundled, chrome@openai-bundled, and computer-use@openai-bundled.
  • Preserves/writes js_repl, local_shell, computer_use, Windows unelevated sandbox, notify config, and runtime export compatibility.
  • Sets CODEX_ELECTRON_ENABLE_WINDOWS_COMPUTER_USE=1 on guarded Windows launches.
  • Ensures the embedded remote plugin marketplace snapshot can be re-registered after switches.

3. Fast/service-tier model catalog stability

  • The active relay profile model catalog now reads the effective model from live ~/.codex/config.toml.
  • The live current model is preferred, then profile model and model list entries are merged.
  • Codex++ model suffixes are stripped before dedupe to avoid display/detection confusion.

4. Injection-layer Fast and newer Codex App compatibility

  • Unknown current model is no longer treated as unsupported; it is treated as pending. Fast is blocked only for known non-gpt-5.4 / gpt-5.5 models.
  • Resolves the model from request params, visible UI, backend model catalog, and last-known supported model.
  • Keeps service_tier="priority" for pending paths instead of silently downgrading.
  • Adds an optional Codex App asset loader; when the old app-server-manager-signals-* asset is missing, it logs skipped instead of repeatedly failing.
  • Removes the hard-coded old app-server-manager asset import.
  • Fast badge placement now falls back through model buttons, textarea, contenteditable, and textbox nodes to support newer composer DOM.

Safety

  • Does not copy auth.json, API keys, prompt history, provider token cache, permission maps, or similar sensitive data.
  • State sync uses an allowlist and does not copy the whole state file.
  • The special-plugin part is a local config/cache/runtime guard and does not claim to fully bypass every organization/region gate inside Codex App ASAR.
  • Does not modify user images, secrets, auth files, or global git/npm/cargo configuration.

Tests

  • node --check assets/inject/renderer-inject.js
  • cargo fmt --check
  • npm run check
  • cargo --config "source.crates-io.replace-with='ustc-sparse'" --config "source.ustc-sparse.registry='sparse+https://mirrors.ustc.edu.cn/crates.io-index/'" test -p codex-plus-core --test codex_app_state --test relay_config --test relay_switch --test launcher --test model_catalog --test cdp_bridge

Manual validation

  • After two fresh provider-switch rounds, personalization settings were preserved.
  • After switching providers without VPN, Computer Use and Browser eventually became available.
  • After installing the latest local patch, the Fast badge appeared again in the composer bottom-right area.

… App 状态

为什么 / Why:
Codex++ 切换供应商时已经能保留会话,但 Codex App 的 persisted state 和 desktop settings 会丢失,导致工作区、输入习惯、布局和个性化体验回到默认值。
Provider switching already preserves conversations, but Codex App persisted state and desktop settings can be lost, resetting workspace roots, input behavior, layout, and personalization.

改动 / Changes:
- Add a safe allowlist-based .codex-global-state.json snapshot/merge module.
- Preserve safe workspace, project hint, service-tier, onboarding, layout, and personalization state.
- Preserve the live [desktop] table when writing provider config.toml, so settings such as Enter/Ctrl+Enter behavior and selected avatar are not overwritten by stale profile config.
- Back up global state before writing merged state.

安全边界 / Safety:
The sync deliberately excludes auth, API keys, prompt history, provider token cache, and permission maps.
同步刻意排除 auth、API Key、prompt history、provider token cache 和权限映射。
…供应商切换状态并加固内置插件守护

为什么 / Why:
Codex++ 的主要使用场景是自定义 URL + API key。切换供应商后,如果工作区状态、特殊插件本地缓存或 Computer Use 运行时配置被重置,用户会被迫重新安装工作区或开 VPN 进入一次官方环境。
Codex++ is commonly used with custom URLs and API keys. After switching providers, losing workspace state, special plugin cache, or Computer Use runtime config forces users to reinstall workspace state or open the official environment through VPN once.

改动 / Changes:
- Wire app-state capture/merge into launcher, relay switch, manager apply/clear paths.
- Make builtin plugin guard active when full enhancements and plugin marketplace unlock are enabled, while keeping the force switch for other cases.
- Preserve Browser, Chrome, Computer Use bundled plugin config and local openai-bundled marketplace state.
- Ensure js_repl, local_shell, computer_use, Windows unelevated sandbox, notify config, and runtime export compatibility.
- Set CODEX_ELECTRON_ENABLE_WINDOWS_COMPUTER_USE=1 for guarded Windows launches.
- Update manager UI/i18n so the old Computer Use switch is described as a force-enable guard.

安全边界 / Safety:
This is a local config/cache/runtime guard. It does not claim to bypass every possible organization or region gate inside Codex App ASAR.
这是本地 config/cache/runtime 兜底,不声称能 100% 绕过 Codex App ASAR 内部所有组织或地区 gate。
为什么 / Why:
Fast/service-tier 判断依赖当前模型。如果 active relay profile 的 model list 或 profile model 是旧值,而 live ~/.codex/config.toml 已经选择了 gpt-5.5,Codex++ 会误以为当前模型未读取或不支持。
Fast/service-tier decisions depend on the current model. If the active relay profile model list is stale while live ~/.codex/config.toml already selects gpt-5.5, Codex++ may think the current model is unread or unsupported.

改动 / Changes:
- Read the live Codex config model for the active relay profile catalog response.
- Put the effective current model first, then merge profile model and model list entries.
- Strip Codex++ model suffixes before catalog candidate dedupe.
- Add tests for live config winning over stale relay profile values.
… 注入并兼容新版 Codex 资产

为什么 / Why:
用户实际遇到过界面已选 gpt-5.5 且请求可用,但 Codex++ 仍提示“当前模型未读取”或隐藏 Fast 入口。新版 Codex Desktop 还移除了旧 app-server-manager-signals-* asset,并调整了 composer DOM,导致注入报错和右下角 Fast badge 缺失。
Users have seen gpt-5.5 selected and working while Codex++ still reports the current model as unread or hides Fast. Newer Codex Desktop builds also removed the old app-server-manager-signals-* asset and changed composer DOM, causing injection errors and missing composer Fast badge.

改动 / Changes:
- Treat unknown current model as pending, not unsupported; only known non-gpt-5.4 / gpt-5.5 models block Fast.
- Resolve model from request params, visible UI, backend catalog, and last-known supported model.
- Keep service_tier="priority" for pending supported paths instead of silently downgrading.
- Load old Codex app assets optionally and log skipped diagnostics when they are absent.
- Remove the hard-coded old app-server-manager asset import.
- Add composer placement fallbacks based on model buttons, textarea, contenteditable, and textbox nodes.
@Yuimi-chaya Yuimi-chaya marked this pull request as ready for review July 5, 2026 17:43
…e-plugin-fast

# Conflicts:
#	crates/codex-plus-core/src/relay_config.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant