Switch runtime to cloud config bundle#24622
Merged
joeflorencio-openai merged 3 commits intoJun 2, 2026
Merged
Conversation
Contributor
|
All contributors have signed the CLA ✍️ ✅ |
Contributor
Author
|
recheck |
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
f9a036b to
7f490c5
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
2 times, most recently
from
33f45ee to
78a0d84
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
2 times, most recently
from
9f9cea6 to
d38594c
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
78a0d84 to
438e65e
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
438e65e to
194afd0
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 438e65ef09
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
2 times, most recently
from
dc90f07 to
da8a6d7
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
2 times, most recently
from
cc9ec27 to
fae0096
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
da8a6d7 to
4b922aa
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
fae0096 to
ccc0c6a
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
4b922aa to
b14d255
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
ccc0c6a to
ee9df4f
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
b14d255 to
81a9b2c
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
ee9df4f to
1f13fcf
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
2 times, most recently
from
2d4d4ea to
f2b36ab
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
1f13fcf to
4333622
Compare
Contributor
Author
|
@codex review |
Contributor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f2b36ab920
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
4333622 to
be7117f
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
f2b36ab to
bd5f010
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
be7117f to
c4f0868
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
ce00443 to
9256aaa
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
a919f8f to
7be8ebe
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
9256aaa to
662d8ba
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
7be8ebe to
7fe4768
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
662d8ba to
cd05603
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
7fe4768 to
3bd41f0
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
4 times, most recently
from
fb6482e to
2396470
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
3bd41f0 to
bbf7c52
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
2396470 to
8d67707
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
bbf7c52 to
fbfc181
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
8d67707 to
42f2427
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
fbfc181 to
06b8025
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
1e185ff to
a1729b9
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/cloud-config-bundle-transport
branch
from
06b8025 to
486805b
Compare
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
5 times, most recently
from
ea0c385 to
3a5ae03
Compare
Base automatically changed from
dev/joeflorencio/cloud-config-bundle-transport
to
main
June 1, 2026 23:43
joeflorencio-openai
force-pushed
the
dev/joeflorencio/switch-runtime-cloud-config-bundle
branch
from
3a5ae03 to
4a1e94d
Compare
bolinfest
approved these changes
Jun 2, 2026
| } | ||
| Err(err) => { | ||
| warn!(error = %err, "Failed to preload config for cloud requirements"); | ||
| // TODO(gt): Make cloud requirements preload failures blocking once we can fail-closed. |
Collaborator
There was a problem hiding this comment.
Is this TODO still relevant?
Contributor
Author
There was a problem hiding this comment.
This TODO isn't worded quite right, but the general theme is still relevant. The TUI codepath fails closed in this case, where the app server doesn't and is left in a state that can't fetch config bundles. Let me replace this with a more accurate TODO comment, and can address it in a follow up PR.
Comment on lines
+56
to
+58
| const CLOUD_REQUIREMENTS_FETCH_ATTEMPT_METRIC: &str = "codex.cloud_config_bundle.fetch_attempt"; | ||
| const CLOUD_REQUIREMENTS_FETCH_FINAL_METRIC: &str = "codex.cloud_config_bundle.fetch_final"; | ||
| const CLOUD_REQUIREMENTS_LOAD_METRIC: &str = "codex.cloud_config_bundle.load"; |
Collaborator
There was a problem hiding this comment.
Is this change going to mess up any reporting?
Contributor
Author
There was a problem hiding this comment.
There's just an internal developer dashboard for this by a member on our team - don't think anyone is actively looking at it. Would rather have this metric have a correct name long term though. Will update the dash accordingly.
| const CLOUD_REQUIREMENTS_AUTH_RECOVERY_FAILED_MESSAGE: &str = concat!( | ||
| "Your authentication session could not be refreshed automatically. ", | ||
| "Please log out and sign in again." | ||
| ); | ||
| const CLOUD_REQUIREMENTS_CACHE_WRITE_HMAC_KEY: &[u8] = | ||
| b"codex-cloud-requirements-cache-v3-064f8542-75b4-494c-a294-97d3ce597271"; | ||
| b"codex-cloud-config-bundle-cache-v1-6160ae70-bcfd-4ca8-a99b-40f73b3b072e"; |
Collaborator
There was a problem hiding this comment.
I assume this was done in coordination with some backend system?
Contributor
Author
There was a problem hiding this comment.
No, this hash is purely local. There's a slack thread back in January started by George Thomas where you, Gav, and George discussed this and agreed on this repo local HMAC approach.
| cache_path: PathBuf, | ||
| codex_home: PathBuf, |
Collaborator
There was a problem hiding this comment.
Prefer AbsolutePathBuf to PathBuf.
| @@ -614,6 +674,11 @@ impl CloudRequirementsService { | |||
| if !verify_cache_signature(&payload_bytes, &cache_file.signature) { | |||
| return Err(CacheLoadStatus::CacheSignatureInvalid); | |||
| } | |||
| if cache_file.signed_payload.version != CLOUD_CONFIG_BUNDLE_CACHE_VERSION { | |||
Collaborator
There was a problem hiding this comment.
Are we confident that when CLOUD_CONFIG_BUNDLE_CACHE_VERSION inevitably changes, we'll be sure to support both old and new versions? Should we be embedding v1 into any type names?
Contributor
Author
There was a problem hiding this comment.
We just need to be able to signal incompatibility - backwards compatibility is not necessary. Since this is just locally caching a remote payload, a version mismatch means the cache file on disk is generated from a different codex harness that uses an incompatible format, and we should just refetch and store a new cache file.
| /// any unset fields. | ||
| /// If available, load requirements from the platform system `requirements.toml` | ||
| /// location as a requirements layer. | ||
| #[doc(hidden)] |
Collaborator
There was a problem hiding this comment.
Can you delete this #[doc(hidden)] thing while you're here?
| /// If available, apply requirements from the platform system | ||
| /// `requirements.toml` location to `config_requirements_toml` by filling in | ||
| /// any unset fields. | ||
| /// If available, load requirements from the platform system `requirements.toml` |
|
|
||
| for (source, config) in managed_config_from_mdm | ||
| .map(|config| { | ||
| let mut layers = Vec::new(); |
Collaborator
There was a problem hiding this comment.
If you want to get fancy:
Suggested change
| let mut layers = Vec::new(); | |
| let mut layers = Vec::with_capacity(managed_config.len() + managed_config_from_mdm.map_or(0, |_| 1)); |
|
|
||
| #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)] | ||
| pub struct CloudConfigBundle { | ||
| pub config_toml: CloudConfigTomlBundle, |
Collaborator
There was a problem hiding this comment.
Should all these fields be pub?
Contributor
Author
There was a problem hiding this comment.
codex-cloud-config uses these fields, so they need to be public with how the code is currently structured.
| mod skills_config; | ||
| mod state; | ||
| mod strict_config; | ||
| #[doc(hidden)] |
Adapt the moved codex-cloud-config crate from the legacy cloud requirements endpoint to the new config bundle endpoint, while keeping the implementation in one file so the prior PR's move remains easy to review. The loader still preserves the old cloud requirements cache/fetch semantics where intentional: account-scoped signed cache, 30 minute TTL, 5 minute background refresh cadence, auth recovery, retry/backoff, and fail-closed startup loading. The cached payload changes from a single requirements TOML string to the backend-delivered config bundle, and validation now ensures malformed config or requirements fragments are rejected before cache write/use.\n\nSwitch runtime consumers from CloudRequirementsLoader to CloudConfigBundleLoader so config construction uses one shared bundle for both cloud-delivered config and requirements. This removes the legacy cloud requirements domain loader path, wires the bundle through app-server, TUI, exec, core config construction, hooks/network tests, and updates diagnostics/error handling to report cloud config bundle failures.\n\nKeep codex-cloud-config monolithic in this PR for review lineage. The follow-up PR is a pure module split that moves the same implementation back into focused files once the behavior diff has been reviewed.\n\nVerification: just fmt; just test -p codex-cloud-config; git diff --cached --check.
Clarify the app-server preload TODO now that bootstrap config preload failures can leave non-strict startup without installed cloud/thread config loaders. Store cloud config service paths as AbsolutePathBuf, use whole-object assertions in cache/auth tests, rename the cache test helper to create_test_service, and clean up the requirements loader docs and allocation per review feedback.
Update the remaining core connector test to use CloudConfigBundleFixture instead of the removed CloudRequirementsLoader path. Add the cache-test-local Path import after moving cloud-config service paths to AbsolutePathBuf so Bazel test compilation sees the type in module scope.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
codex-cloud-configcrate from the legacy cloud requirements endpoint to the new config bundle endpoint.CloudRequirementsLoadertoCloudConfigBundleLoaderso one shared bundle supplies cloud-delivered config and requirements.Details
This intentionally keeps
codex-cloud-configmonolithic for review lineage: the previous PR establishes the crate move, and this PR shows the behavior change against that moved implementation. A follow-up PR splits the module back into focused files.The new bundle path preserves the important cloud requirements loader semantics where intended: account-scoped signed cache, 30 minute TTL, 5 minute refresh cadence, retry/backoff, auth recovery, and fail-closed startup loading. The cached payload changes from a single requirements TOML string to the backend-delivered bundle, and validation rejects malformed config or requirements fragments before cache write/use.