jetpac/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

before SSO migration

Browse Source
This commit is contained in:
Petr Nyc
2026-06-01 10:11:31 +02:00
parent bdc17cef59
commit 9919b59057
7 changed files with 316 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

223
.codex/config.toml
View File

@@ -11,11 +11,8 @@
# #+end_src # #+end_src
# model = "oca/gpt-5.1-codex-mini"
# profile = "gpt-5-1-codex-mini"
model = "gpt-5.5" model = "gpt-5.5"
profile = "gpt-5-5"
# web_search is deprecated # web_search is deprecated
@@ -31,9 +28,12 @@ personality = "pragmatic"
model_reasoning_effort = "medium" model_reasoning_effort = "medium"
notify = ["/Users/jetpac/.codex/computer-use/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"]
[features] [features]
multi_agent = true multi_agent = true
goals = true goals = true
js_repl = false
# remote_control = true # remote_control = true
[agents] [agents]
@@ -43,6 +43,7 @@ max_depth = 2
[tui] [tui]
alternate_screen = "always" alternate_screen = "always"
status_line = ["model-with-reasoning", "current-dir", "git-branch", "run-state", "codex-version", "context-remaining"] status_line = ["model-with-reasoning", "current-dir", "git-branch", "run-state", "codex-version", "context-remaining"]
pet = "codex"
[tui.model_availability_nux] [tui.model_availability_nux]
"gpt-5.5" = 4 "gpt-5.5" = 4
@@ -65,125 +66,7 @@ stream_max_retries = 20
request_max_retries = 20 request_max_retries = 20
[model_providers.oca-chat]
base_url = "https://code-internal.aiservice.us-chicago-1.oci.oraclecloud.com/20250206/app/litellm"
http_headers = { "client" = "codex-cli", "client-version" = "0" }
model = "gpt5"
name = "Oracle Code Assist Chat"
wire_api = "responses"
[profiles.grok-4]
model = "grok4"
model_provider = "oca-chat"
review_model = "grok4"
[profiles.grok-4-fast-reasoning]
model = "grok4-fast-reasoning"
model_provider = "oca-chat"
review_model = "grok4-fast-reasoning"
[profiles.grok-code-fast-1]
model = "grok-code-fast-1"
model_provider = "oca-chat"
review_model = "grok-code-fast-1"
[profiles.gpt-4-1]
model = "gpt-4.1"
model_provider = "oca-chat"
review_model = "gpt-4.1"
[profiles.gpt-5]
model = "gpt5"
model_provider = "oca-responses"
review_model = "gpt5"
[profiles.gpt-5-1]
model = "gpt-5.1"
model_provider = "oca-chat"
review_model = "gpt-5.1"
[profiles.gpt-5-2]
model = "gpt-5.2"
model_provider = "oca-responses"
review_model = "gpt-5.2"
[profiles.gpt-5-codex]
model = "gpt-5-codex"
model_provider = "oca-responses"
review_model = "gpt-5-codex"
personality = "pragmatic"
[profiles.gpt-5-1-codex-high]
model = "gpt-5.1-codex"
model_provider = "oca-responses"
review_model = "gpt-5.1-codex"
personality = "pragmatic"
model_reasoning_effort = "high"
[profiles.gpt-5-1-codex]
model = "gpt-5.1-codex"
model_provider = "oca-responses"
review_model = "gpt-5.1-codex"
personality = "pragmatic"
model_reasoning_effort = "medium"
[profiles.gpt-5-1-codex-mini]
model = "gpt-5.1-codex-mini"
model_provider = "oca-responses"
review_model = "gpt-5.1-codex-mini"
personality = "pragmatic"
[profiles.gpt-5-2-codex-high]
model = "gpt-5.2-codex"
model_provider = "oca-responses"
review_model = "gpt-5.2-codex"
personality = "pragmatic"
model_reasoning_effort = "high"
[profiles.gpt-5-2-codex]
model = "gpt-5.2-codex"
model_provider = "oca-responses"
review_model = "gpt-5.2-codex"
personality = "pragmatic"
model_reasoning_effort = "medium"
[profiles.gpt-5-2-codex-mini]
model = "gpt-5.2-codex-mini"
model_provider = "oca-responses"
review_model = "gpt-5.2-codex-mini"
personality = "pragmatic"
[profiles.gpt-5-3-codex]
model = "gpt-5.3-codex"
model_provider = "oca-responses"
review_model = "gpt-5.3-codex"
personality = "pragmatic"
model_reasoning_effort = "high"
[profiles.gpt-5-4]
model = "gpt-5.5"
model_provider = "oca-responses"
review_model = "gpt-5.4"
personality = "pragmatic"
model_reasoning_effort = "medium"
plan_mode_reasoning_effort = "high"
[profiles.gpt-5-4-pro]
model = "gpt-5.4-pro"
model_provider = "oca-responses"
review_model = "gpt-5.4"
personality = "pragmatic"
# model_reasoning_effort = "high"
[profiles.gpt-5-5]
model = "gpt-5.5"
model_provider = "oca-responses"
review_model = "gpt-5.5"
personality = "pragmatic"
model_reasoning_effort = "high"
plan_mode_reasoning_effort = "high"
[profiles.gpt-5-5.features]
terminal_resize_reflow = true
memories = false
external_migration = false
goals = true
prevent_idle_sleep = false
[profiles.gpt-5-5-pro] [profiles.gpt-5-5-pro]
model = "gpt-5.5-pro" model = "gpt-5.5-pro"
@@ -219,6 +102,12 @@ approval_mode = "approve"
[mcp_servers.playwright.tools.browser_tabs] [mcp_servers.playwright.tools.browser_tabs]
approval_mode = "approve" approval_mode = "approve"
[mcp_servers.playwright.tools.browser_run_code]
approval_mode = "approve"
[mcp_servers.playwright.tools.browser_select_option]
approval_mode = "approve"
[mcp_servers.slack] [mcp_servers.slack]
command = "/Users/jetpac/.codex/bin/slack-mcp-wrapper" command = "/Users/jetpac/.codex/bin/slack-mcp-wrapper"
startup_timeout_sec = 60.0 startup_timeout_sec = 60.0
@@ -243,8 +132,11 @@ enabled_tools = [
[mcp_servers.slack.env] [mcp_servers.slack.env]
SLACK_MCP_ENABLE_WRITES = "true" SLACK_MCP_ENABLE_WRITES = "true"
# Slack write allowlist: @pnyc self-DM (D7PT0SXMK), @pzahradn DM (D9CF41WHG), # Slack write allowlist: @pnyc self-DM (D7PT0SXMK), @pzahradn DM (D9CF41WHG),
# Kavya Nair DM (D08G5NZAN2C), and C0A71SCTQRM for Codex Slack MCP setup instructions. # @jahorak DM (DFYAKGQFL),
SLACK_MCP_WRITE_CHANNEL_ALLOWLIST = "D7PT0SXMK,D9CF41WHG,D08G5NZAN2C,C0A71SCTQRM" # Kavya Nair DM (D08G5NZAN2C), Jacob Paul DM (D090RLVUCUV),
# Owen Roberts DM (DEPU4A2QM), C0A71SCTQRM for Codex Slack MCP setup instructions,
# and C05RJJ18EAF for corparch-core-srv replies.
SLACK_MCP_WRITE_CHANNEL_ALLOWLIST = "D7PT0SXMK,D9CF41WHG,DFYAKGQFL,D08G5NZAN2C,D090RLVUCUV,DEPU4A2QM,C0A71SCTQRM,C05RJJ18EAF"
[mcp_servers.slack.tools.conversations_add_message] [mcp_servers.slack.tools.conversations_add_message]
approval_mode = "approve" approval_mode = "approve"
@@ -598,6 +490,12 @@ approval_mode = "approve"
[mcp_servers.vm.tools.vm_list_machines] [mcp_servers.vm.tools.vm_list_machines]
approval_mode = "approve" approval_mode = "approve"
[mcp_servers.vm.tools.vm_manage_disk]
approval_mode = "approve"
[mcp_servers.vm.tools.vm_get_resources]
approval_mode = "approve"
[mcp_servers.vcap] [mcp_servers.vcap]
command = "node" command = "node"
args = ["/Users/jetpac/Documents/codex-tools/MCPs/vcap-mcp/dist/index.js"] args = ["/Users/jetpac/Documents/codex-tools/MCPs/vcap-mcp/dist/index.js"]
@@ -610,6 +508,36 @@ VCAP_MCP_API_KEY = "b6e395b4-7e4b-4ba0-bdcd-a803c5dedbbb"
VCAP_MCP_BASE_URL = "https://vcap.us.oracle.com/vcap" VCAP_MCP_BASE_URL = "https://vcap.us.oracle.com/vcap"
VCAP_MCP_ALLOW_MUTATIONS = "false" VCAP_MCP_ALLOW_MUTATIONS = "false"
[mcp_servers.vcap.tools.vcap_list_templates]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_request]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_list_networks]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_list_groups]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_list_machines]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_list_users]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_get_group]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_list_logs]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_get_machine]
approval_mode = "approve"
[mcp_servers.vcap.tools.vcap_get_template]
approval_mode = "approve"
[mcp_servers.oracle-bitbucket] [mcp_servers.oracle-bitbucket]
command = "node" command = "node"
args = ["/Users/jetpac/Documents/codex-tools/MCPs/bitbucket-mcp/build/index.js"] args = ["/Users/jetpac/Documents/codex-tools/MCPs/bitbucket-mcp/build/index.js"]
@@ -1045,8 +973,23 @@ trust_level = "trusted"
[projects."/Users/jetpac/PycharmProjects/ips-trunk"] [projects."/Users/jetpac/PycharmProjects/ips-trunk"]
trust_level = "trusted" trust_level = "trusted"
[projects."/Users/jetpac/Documents/OSD/oci-desktop-service-console-plugin"]
trust_level = "trusted"
[projects."/Users/jetpac/PycharmProjects/ips-trunk/solaris/ips/build"]
trust_level = "trusted"
[projects."/private/tmp/shity"]
trust_level = "trusted"
[projects."/Users/jetpac/Documents/codex-tools/codex-src/codex"]
trust_level = "trusted"
[projects."/Users/jetpac/.codex-sso"]
trust_level = "trusted"
[marketplaces.openai-bundled] [marketplaces.openai-bundled]
last_updated = "2026-05-05T21:54:34Z" last_updated = "2026-05-28T10:46:49Z"
source_type = "local" source_type = "local"
source = "/Users/jetpac/.codex/.tmp/bundled-marketplaces/openai-bundled" source = "/Users/jetpac/.codex/.tmp/bundled-marketplaces/openai-bundled"
@@ -1064,9 +1007,22 @@ enabled = true
[plugins."presentations@openai-primary-runtime"] [plugins."presentations@openai-primary-runtime"]
enabled = true enabled = true
[plugins."browser-use@openai-bundled"] [plugins."browser@openai-bundled"]
enabled = true enabled = true
[desktop]
appearanceTheme = "system"
composerEnterBehavior = "cmdIfMultiline"
preventSleepWhileRunning = false
keepRemoteControlAwakeWhilePluggedIn = false
[desktop.open-in-target-preferences]
global = "iterm2"
[desktop.open-in-target-preferences.perPath]
"/Users/jetpac/Documents/codex-worktrees/mail" = "iterm2"
"/Users/jetpac/Documents/OSD/tigera-v1.40.9/tigera-operator-new" = "iterm2"
# [projects."/Users/jetpac/Documents/codex-tools/MCPs/ident-scm-mcp"] # [projects."/Users/jetpac/Documents/codex-tools/MCPs/ident-scm-mcp"]
# trust_level = "trusted" # trust_level = "trusted"
@@ -1255,3 +1211,20 @@ approval_mode = "approve"
[mcp_servers.mcp_gateway.tools.devops__get_region_build_status] [mcp_servers.mcp_gateway.tools.devops__get_region_build_status]
approval_mode = "approve" approval_mode = "approve"
[mcp_servers.node_repl]
args = []
command = "/Applications/Codex.app/Contents/Resources/node_repl"
startup_timeout_sec = 120
[mcp_servers.node_repl.env]
NODE_REPL_NATIVE_PIPE_CONNECT_TIMEOUT_MS = "1000"
NODE_REPL_NODE_MODULE_DIRS = ""
NODE_REPL_NODE_PATH = "/Applications/Codex.app/Contents/Resources/node"
NODE_REPL_TRUSTED_CODE_PATHS = "/Users/jetpac/.codex"
CODEX_HOME = "/Users/jetpac/.codex"
NODE_REPL_TRUSTED_BROWSER_CLIENT_SHA256S = "496c7b3cb95b4bc20cff49b513150606e0da0000c92bf752206bee5a6c248423"
BROWSER_USE_AVAILABLE_BACKENDS = "iab"
BROWSER_USE_MARKETPLACE_NAME = "openai-bundled"
NODE_REPL_UNTRUSTED_ENV_ALLOWLIST = "BROWSER_USE_MARKETPLACE_NAME"
CODEX_CLI_PATH = "/Applications/Codex.app/Contents/Resources/codex"

13
.spacemacs
View File

@@ -1382,7 +1382,8 @@ This function is called at the very end of Spacemacs initialization."
("Solaris" ("Solaris"
. "tag:solaris") . "tag:solaris")
("OCI" ("OCI"
. "tag:oci")) . "tag:oci")
)
:filter :filter
"date:1/1/2026.. and (tag:important and tag:action)" "date:1/1/2026.. and (tag:important and tag:action)"
:show-empty-searches :show-empty-searches
@@ -1400,10 +1401,18 @@ This function is called at the very end of Spacemacs initialization."
. "tag:announcement") . "tag:announcement")
("Deployment Calendar events" ("Deployment Calendar events"
. "tag:calendar") . "tag:calendar")
("SGD" . "tag:sgd")) ("SGD" . "tag:sgd")
)
:filter :filter
"tag:osd and date:12/1/2025.. and (tag:unread or tag:important or tag:action)" "tag:osd and date:12/1/2025.. and (tag:unread or tag:important or tag:action)"
:show-empty-searches nil) :show-empty-searches nil)
(notmuch-hello-insert-searches
"Active dev projects needing focus"
(
("Linux images" . "tag:linux-images")
("AK IPS delivery" . "tag:ak-ips or tag:akidr-ips")
)
)
(notmuch-hello-insert-searches (notmuch-hello-insert-searches
"Solaris Focused" "Solaris Focused"
(("Solaris" (("Solaris"

3
.ssh/config.oci
View File

@@ -8,6 +8,9 @@ Host bitbucket.oci.oraclecorp.com
HostkeyAlgorithms +ssh-rsa HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
Host github.com
IdentityFile ~/.ssh/github.com
Host dabel dabel.us.oracle.com andel andel.us.oracle.com gates gates.us.oracle.com on10-patch.us.oracle.com scapen* Host dabel dabel.us.oracle.com andel andel.us.oracle.com gates gates.us.oracle.com on10-patch.us.oracle.com scapen*
User pnyc User pnyc
IdentityFile ~/.ssh/dabel.key IdentityFile ~/.ssh/dabel.key

2
.ssh/config.solaris
View File

@@ -35,7 +35,7 @@ Host solaris-reviews.us.oracle.com
User hg User hg
IdentityFile ~/.ssh/id_phabricator IdentityFile ~/.ssh/id_phabricator
Host hetzner Host hetzner u444067.your-storagebox.de
HostName u444067.your-storagebox.de HostName u444067.your-storagebox.de
User u444067 User u444067
Port 23 Port 23

5
.zshenv
View File

@@ -2,7 +2,7 @@ set -o vi
export LC_ALL=en_US.UTF-8 export LC_ALL=en_US.UTF-8
export PATH=/Users/jetpac/.asdf/shims/:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/jetpac/work/flutter/bin:$HOME/.rd/bin:$HOME/bin:$PATH:$HOME/.fzf/bin export PATH=/Users/jetpac/.asdf/shims/:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/jetpac/work/flutter/bin:$HOME/.rd/bin:$HOME/bin:$PATH:$HOME/.fzf/bin:$HOME/Documents/codex-tools/mcpgw-cli/
# homebrew config # homebrew config
# output of brew shellenv # output of brew shellenv
@@ -23,6 +23,9 @@ alias mc='SHELL=/bin/bash mc'
alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME' alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME'
alias -g N="2>&1 " alias -g N="2>&1 "
alias pig='ping' alias pig='ping'
alias ops='OCI_CLI_PROFILE=solarisx86-us-phoenix-1-apikey ops'
# export PATH=$HOME/.rd/bin # export PATH=$HOME/.rd/bin
# #

66
bin/codex-devops-auth.sh
View File

@@ -17,6 +17,9 @@ OCI_PROFILE_SYNC_PYTHON="${OCI_PROFILE_SYNC_PYTHON:-python3}"
OCI_SESSION_VALIDATE_TIMEOUT_SECONDS="${OCI_SESSION_VALIDATE_TIMEOUT_SECONDS:-2}" OCI_SESSION_VALIDATE_TIMEOUT_SECONDS="${OCI_SESSION_VALIDATE_TIMEOUT_SECONDS:-2}"
RESET_AGENT="${RESET_AGENT:-0}" RESET_AGENT="${RESET_AGENT:-0}"
CODEX_DEVOPS_AUTH_ENV_OUT="${CODEX_DEVOPS_AUTH_ENV_OUT:-}" CODEX_DEVOPS_AUTH_ENV_OUT="${CODEX_DEVOPS_AUTH_ENV_OUT:-}"
CODEX_DEVOPS_AUTH_CODEX_BIN="${CODEX_DEVOPS_AUTH_CODEX_BIN:-/opt/homebrew/bin/codex}"
CODEX_DEVOPS_AUTH_CODEX_PROFILE="${CODEX_DEVOPS_AUTH_CODEX_PROFILE:-}"
CODEX_DEVOPS_AUTH_DEFAULT_CODEX_PROFILE="${CODEX_DEVOPS_AUTH_DEFAULT_CODEX_PROFILE:-gpt-5-5}"
DEDICATED_AGENT_PID="" DEDICATED_AGENT_PID=""
DEDICATED_AGENT_SOCK="" DEDICATED_AGENT_SOCK=""
PRESERVE_DEDICATED_AGENT="0" PRESERVE_DEDICATED_AGENT="0"
@@ -35,6 +38,59 @@ run_oci() {
"${OCI_BIN}" --profile "${OCI_PROFILE_NAME}" "$@" "${OCI_BIN}" --profile "${OCI_PROFILE_NAME}" "$@"
} }
codex_home() {
print -r -- "${CODEX_HOME:-${HOME}/.codex}"
}
codex_profile_file_exists() {
local profile="$1"
[[ -r "$(codex_home)/${profile}.config.toml" ]]
}
resolve_codex_profile() {
if [[ -n "${CODEX_DEVOPS_AUTH_CODEX_PROFILE}" ]]; then
print -r -- "${CODEX_DEVOPS_AUTH_CODEX_PROFILE}"
return 0
fi
if codex_profile_file_exists "${CODEX_DEVOPS_AUTH_DEFAULT_CODEX_PROFILE}"; then
print -r -- "${CODEX_DEVOPS_AUTH_DEFAULT_CODEX_PROFILE}"
fi
return 0
}
args_include_codex_profile() {
local arg
for arg in "$@"; do
case "${arg}" in
--profile|-p|--profile=*|-p=*|--profile-v2|--profile-v2=*)
return 0
;;
esac
done
return 1
}
codex_profile_flag() {
local version_output version major minor rest
version_output="$("${CODEX_DEVOPS_AUTH_CODEX_BIN}" --version 2>/dev/null || true)"
version="${version_output##* }"
major="${version%%.*}"
rest="${version#*.}"
minor="${rest%%.*}"
if [[ "${major}" == "0" && "${minor}" =~ '^[0-9]+$' && "${minor}" -lt 134 ]]; then
print -r -- "--profile-v2"
return 0
fi
print -r -- "--profile"
}
resolve_timeout_bin() { resolve_timeout_bin() {
local candidate local candidate
@@ -568,4 +624,12 @@ if [[ -n "${CODEX_DEVOPS_AUTH_ENV_OUT}" ]]; then
exit 0 exit 0
fi fi
/opt/homebrew/bin/codex "$@" codex_args=()
if ! args_include_codex_profile "$@"; then
resolved_codex_profile="$(resolve_codex_profile)"
if [[ -n "${resolved_codex_profile}" ]]; then
codex_args+=("$(codex_profile_flag)" "${resolved_codex_profile}")
fi
fi
codex_args+=("$@")
"${CODEX_DEVOPS_AUTH_CODEX_BIN}" "${codex_args[@]}"

148
bin/codex-wrapper.sh
View File

@@ -7,6 +7,8 @@ MCPGW_SELECTED_SERVERS_FILE="${MCPGW_SELECTED_SERVERS_FILE:-${HOME}/.ora-gateway
MCPGW_OP_TOKEN_FILE="${MCPGW_OP_TOKEN_FILE:-${HOME}/.ora-gateway/op-token}" MCPGW_OP_TOKEN_FILE="${MCPGW_OP_TOKEN_FILE:-${HOME}/.ora-gateway/op-token}"
CODEX_DEVOPS_AUTH_SCRIPT="${CODEX_DEVOPS_AUTH_SCRIPT:-${HOME}/bin/codex-devops-auth.sh}" CODEX_DEVOPS_AUTH_SCRIPT="${CODEX_DEVOPS_AUTH_SCRIPT:-${HOME}/bin/codex-devops-auth.sh}"
CODEX_BIN="${CODEX_BIN:-/opt/homebrew/bin/codex}" CODEX_BIN="${CODEX_BIN:-/opt/homebrew/bin/codex}"
CODEX_WRAPPER_CODEX_PROFILE="${CODEX_WRAPPER_CODEX_PROFILE:-}"
CODEX_WRAPPER_DEFAULT_CODEX_PROFILE="${CODEX_WRAPPER_DEFAULT_CODEX_PROFILE:-gpt-5-5}"
CODEX_WRAPPER_AUTH_ENV_FILE="" CODEX_WRAPPER_AUTH_ENV_FILE=""
CODEX_WRAPPER_DEDICATED_AGENT_PID="" CODEX_WRAPPER_DEDICATED_AGENT_PID=""
CODEX_WRAPPER_DEDICATED_AGENT_SOCK="" CODEX_WRAPPER_DEDICATED_AGENT_SOCK=""
@@ -59,6 +61,59 @@ is_truthy() {
esac esac
} }
codex_home() {
print -r -- "${CODEX_HOME:-${HOME}/.codex}"
}
codex_profile_file_exists() {
local profile="$1"
[[ -r "$(codex_home)/${profile}.config.toml" ]]
}
resolve_codex_profile() {
if [[ -n "${CODEX_WRAPPER_CODEX_PROFILE}" ]]; then
print -r -- "${CODEX_WRAPPER_CODEX_PROFILE}"
return 0
fi
if codex_profile_file_exists "${CODEX_WRAPPER_DEFAULT_CODEX_PROFILE}"; then
print -r -- "${CODEX_WRAPPER_DEFAULT_CODEX_PROFILE}"
fi
return 0
}
args_include_codex_profile() {
local arg
for arg in "$@"; do
case "${arg}" in
--profile|-p|--profile=*|-p=*|--profile-v2|--profile-v2=*)
return 0
;;
esac
done
return 1
}
codex_profile_flag() {
local version_output version major minor rest
version_output="$("${CODEX_BIN}" --version 2>/dev/null || true)"
version="${version_output##* }"
major="${version%%.*}"
rest="${version#*.}"
minor="${rest%%.*}"
if [[ "${major}" == "0" && "${minor}" =~ '^[0-9]+$' && "${minor}" -lt 134 ]]; then
print -r -- "--profile-v2"
return 0
fi
print -r -- "--profile"
}
confluence_selected() { confluence_selected() {
local selected_servers_file="${MCPGW_SELECTED_SERVERS_FILE}" local selected_servers_file="${MCPGW_SELECTED_SERVERS_FILE}"
@@ -103,13 +158,39 @@ run_mcpgw_required() {
prepare_codex_auth() { prepare_codex_auth() {
if [[ ! -x "${CODEX_DEVOPS_AUTH_SCRIPT}" ]]; then if [[ ! -x "${CODEX_DEVOPS_AUTH_SCRIPT}" ]]; then
log "Codex DevOps auth helper not found or not executable: ${CODEX_DEVOPS_AUTH_SCRIPT}" log "Warning: Codex DevOps auth helper not found or not executable: ${CODEX_DEVOPS_AUTH_SCRIPT}"
exit 1 return 1
fi fi
CODEX_WRAPPER_AUTH_ENV_FILE="$(mktemp "${TMPDIR:-/tmp}/codex-devops-auth.XXXXXX")" if ! CODEX_WRAPPER_AUTH_ENV_FILE="$(mktemp "${TMPDIR:-/tmp}/codex-devops-auth.XXXXXX")"; then
log "Warning: could not create temporary Codex auth environment file."
return 1
fi
set +e
CODEX_DEVOPS_AUTH_ENV_OUT="${CODEX_WRAPPER_AUTH_ENV_FILE}" "${CODEX_DEVOPS_AUTH_SCRIPT}" CODEX_DEVOPS_AUTH_ENV_OUT="${CODEX_WRAPPER_AUTH_ENV_FILE}" "${CODEX_DEVOPS_AUTH_SCRIPT}"
local auth_rc=$?
set -e
if [[ ${auth_rc} -ne 0 ]]; then
log "Warning: Codex DevOps auth helper failed with exit code ${auth_rc}; could not refresh OP token."
return 1
fi
if [[ ! -s "${CODEX_WRAPPER_AUTH_ENV_FILE}" ]]; then
log "Warning: Codex DevOps auth helper did not write an auth environment; could not refresh OP token."
return 1
fi
set +e
source "${CODEX_WRAPPER_AUTH_ENV_FILE}" source "${CODEX_WRAPPER_AUTH_ENV_FILE}"
local source_rc=$?
set -e
if [[ ${source_rc} -ne 0 ]]; then
log "Warning: could not load Codex auth environment from ${CODEX_WRAPPER_AUTH_ENV_FILE}; could not refresh OP token."
return 1
fi
CODEX_WRAPPER_DEDICATED_AGENT_PID="${SSH_AGENT_PID:-}" CODEX_WRAPPER_DEDICATED_AGENT_PID="${SSH_AGENT_PID:-}"
CODEX_WRAPPER_DEDICATED_AGENT_SOCK="${SSH_AUTH_SOCK:-}" CODEX_WRAPPER_DEDICATED_AGENT_SOCK="${SSH_AUTH_SOCK:-}"
@@ -120,21 +201,44 @@ write_gateway_op_token() {
local token_dir tmp local token_dir tmp
if [[ -z "${OP_TOKEN:-}" ]]; then if [[ -z "${OP_TOKEN:-}" ]]; then
log "Cannot write MCP Gateway OP token: OP_TOKEN is empty." log "Warning: cannot write MCP Gateway OP token: OP_TOKEN is empty."
exit 1 return 1
fi fi
token_dir="$(dirname -- "${token_file}")" token_dir="$(dirname -- "${token_file}")"
mkdir -p "${token_dir}" if ! mkdir -p "${token_dir}"; then
tmp="$(mktemp "${token_file}.XXXXXX")" log "Warning: could not create MCP Gateway token directory: ${token_dir}"
printf '%s\n' "${OP_TOKEN}" > "${tmp}" return 1
chmod 600 "${tmp}" fi
mv -f "${tmp}" "${token_file}"
if ! tmp="$(mktemp "${token_file}.XXXXXX")"; then
log "Warning: could not create temporary MCP Gateway OP token file for ${token_file}."
return 1
fi
if ! printf '%s\n' "${OP_TOKEN}" > "${tmp}"; then
log "Warning: could not write temporary MCP Gateway OP token file: ${tmp}"
rm -f "${tmp}" >/dev/null 2>&1 || true
return 1
fi
if ! chmod 600 "${tmp}"; then
log "Warning: could not set permissions on temporary MCP Gateway OP token file: ${tmp}"
rm -f "${tmp}" >/dev/null 2>&1 || true
return 1
fi
if ! mv -f "${tmp}" "${token_file}"; then
log "Warning: could not install MCP Gateway OP token file: ${token_file}"
rm -f "${tmp}" >/dev/null 2>&1 || true
return 1
fi
log "MCP Gateway auth preflight: wrote fresh operator token to ${token_file}." log "MCP Gateway auth preflight: wrote fresh operator token to ${token_file}."
} }
refresh_gateway_auth() { refresh_gateway_auth() {
local mcpgw_bin local mcpgw_bin op_token_refreshed=0
mcpgw_bin="$(command -v mcpgw 2>/dev/null || true)" mcpgw_bin="$(command -v mcpgw 2>/dev/null || true)"
if [[ -n "${mcpgw_bin}" ]]; then if [[ -n "${mcpgw_bin}" ]]; then
@@ -143,13 +247,21 @@ refresh_gateway_auth() {
log "Warning: mcpgw not found on PATH; skipping MCP Gateway auth refresh." log "Warning: mcpgw not found on PATH; skipping MCP Gateway auth refresh."
fi fi
prepare_codex_auth if prepare_codex_auth && write_gateway_op_token; then
write_gateway_op_token op_token_refreshed=1
else
log "Warning: could not refresh OP token; continuing with existing MCP Gateway token state."
fi
if [[ -z "${mcpgw_bin}" ]]; then if [[ -z "${mcpgw_bin}" ]]; then
return 0 return 0
fi fi
if [[ "${op_token_refreshed}" != "1" ]]; then
log "MCP Gateway auth preflight: skipping token-dependent checks because OP token refresh failed."
return 0
fi
if should_refresh_confluence_cookies; then if should_refresh_confluence_cookies; then
run_mcpgw_required "${mcpgw_bin}" refresh-cookies run_mcpgw_required "${mcpgw_bin}" refresh-cookies
else else
@@ -172,4 +284,12 @@ if is_truthy "${CODEX_WRAPPER_DRY_RUN:-}"; then
exit 0 exit 0
fi fi
"${CODEX_BIN}" -a on-request -s danger-full-access "$@" codex_args=()
if ! args_include_codex_profile "$@"; then
resolved_codex_profile="$(resolve_codex_profile)"
if [[ -n "${resolved_codex_profile}" ]]; then
codex_args+=("$(codex_profile_flag)" "${resolved_codex_profile}")
fi
fi
codex_args+=(-a on-request -s danger-full-access "$@")
"${CODEX_BIN}" "${codex_args[@]}"