Add cloud-managed config layer support#24620
Merged
joeflorencio-openai merged 3 commits intoMay 31, 2026
Merged
Conversation
Contributor
|
All contributors have signed the CLA ✍️ ✅ |
Contributor
Author
|
recheck |
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
1cb64a8 to
07a0174
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
b101656 to
294d540
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
07a0174 to
fac7c71
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
294d540 to
9f75a0d
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
fac7c71 to
d111844
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
9f75a0d to
77a4f11
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
d111844 to
c098926
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
77a4f11 to
59169b7
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
c098926 to
f3be81e
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
59169b7 to
3b02af1
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
f3be81e to
60a7ca5
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
2 times, most recently
from
a625482 to
c10ad58
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
2 times, most recently
from
d2be0ea to
bb62203
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
2 times, most recently
from
80e1984 to
50c1b29
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
bb62203 to
08256d2
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
2 times, most recently
from
a33262f to
f66be22
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
08256d2 to
339ae23
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
3 times, most recently
from
b4df089 to
8640374
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
8640374 to
7ac5708
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-requirements-composition
branch
from
a460c16 to
833506f
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
2 times, most recently
from
0d9b613 to
106eae7
Compare
bolinfest
approved these changes
May 31, 2026
Base automatically changed from
dev/joeflorencio/cloud-managed-requirements-composition
to
main
May 31, 2026 22:14
Introduce an explicit enterprise-managed config layer source and the client-side machinery to materialize cloud-delivered config TOML fragments into the normal config stack. The new ConfigLayerSource::EnterpriseManaged variant carries the backend layer id and display name so diagnostics and debug output can point admins at the exact cloud layer that needs fixing. Add codex_config::cloud_config_layers to build config layers from delivered fragments. The composition keeps backend layer order deterministic, resolves relative path settings against a supplied base directory for consistency with existing MDM-delivered config semantics, and stores the raw TOML with that base directory on ConfigLayerEntry so typed diagnostics can reparse non-file layers without relying on a synthetic filesystem path. Keep this v1 pull-based and snapshot-oriented. The bundle loader/cache work can feed these helpers, but this change does not introduce dynamic refresh or announce/push semantics. Consumers continue to read the config state they are already handed. Tighten provenance and diagnostics for non-file layers: enterprise-managed layers render as enterprise-managed config values in debug output, syntax/type errors use the layer display name, and synthetic hook source paths include the enterprise layer name/id when a filesystem path is needed for existing hook metadata surfaces. Split hook provenance semantically by adding HookSource::CloudManagedConfig. Hooks delivered through enterprise-managed config layers now report cloud_managed_config / cloudManagedConfig, while hooks delivered through requirements remain CloudRequirements. The TUI labels the new source as Cloud-managed config, and analytics/core metric mappings were updated to include the new source. Regenerate app-server protocol JSON and TypeScript schema fixtures for the new ConfigLayerSource and HookSource wire values. Verification: just write-app-server-schema; cargo test -p codex-app-server-protocol; cargo test -p codex-hooks hook_metadata_for_config_layer_source; cargo test -p codex-core hook_run_metric_tags; cargo test -p codex-analytics hook_run_metadata; just fmt; just fix -p codex-protocol -p codex-app-server-protocol -p codex-hooks -p codex-analytics -p codex-core -p codex-tui.
Keeps cloud_config_layers.rs focused on implementation by moving its unit tests into cloud_config_layers_tests.rs, following the requirements_layers organization feedback. Adds a module overview comment for the cloud fragment-to-layer conversion path; behavior is unchanged.
Move ConfigLayerSource display formatting into codex-config so diagnostics and the TUI use the same labels for config layers. Keep the config_toml_file argument explicit so project-layer labels remain consistent with callers that already thread the configured TOML filename through diagnostics.
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-managed-config-layers
branch
from
da3eaef to
5904619
Compare
joeflorencio-openai
deleted the
dev/joeflorencio/cloud-managed-config-layers
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR 3 of 5 in the cloud-managed config client stack.
Adds enterprise-managed cloud config as a first-class config layer source. The layer metadata is preserved through config loading, diagnostics, debug output, hook attribution, and app-server protocol surfaces.
Details
idand displaynameattached for provenance.HookSource::CloudManagedConfig.Validation
Validated through the targeted stack checks after rebasing onto current
main:codex-coreandcodex-app-servercloud_config_bundletestscargo shear --deny-warningsargument-comment-lintfor config/hooks