From 41f1e2e1d0903ed251c7b5683bbbc2b51a014c64 Mon Sep 17 00:00:00 2001 From: Codex Date: Mon, 25 May 2026 04:39:06 +0000 Subject: [PATCH] Add Codex app-server upgrade skill --- .../skills/codex-app-server-upgrade/SKILL.md | 64 +++++++++++++++++++ .../agents/openai.yaml | 4 ++ README.md | 2 +- scripts/start-codex-app-server | 5 +- 4 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 .codex/skills/codex-app-server-upgrade/SKILL.md create mode 100644 .codex/skills/codex-app-server-upgrade/agents/openai.yaml diff --git a/.codex/skills/codex-app-server-upgrade/SKILL.md b/.codex/skills/codex-app-server-upgrade/SKILL.md new file mode 100644 index 0000000..737298a --- /dev/null +++ b/.codex/skills/codex-app-server-upgrade/SKILL.md @@ -0,0 +1,64 @@ +--- +name: codex-app-server-upgrade +description: Safely check, update, or self-upgrade the host Codex app-server and Codex CLI binary for this project. Use when asked to upgrade Codex, run app-server update checks, restart Codex after an update, or let Codex invoke its own app-server upgrade through the project script. +--- + +# Codex App Server Upgrade + +Use the project app-server script instead of manually replacing binaries. It is designed to be portable and self-upgrade-safe. + +## Locate the Script + +Work from the current project root when possible. The script is: + +```bash +scripts/start-codex-app-server +``` + +If the current directory is not the project root, find the nearest repository containing `scripts/start-codex-app-server` and run commands from that directory. Do not hardcode absolute paths. + +## Commands + +Check status: + +```bash +scripts/start-codex-app-server status +``` + +Check for updates without changing anything: + +```bash +scripts/start-codex-app-server check-updates +``` + +Apply an upgrade non-interactively: + +```bash +scripts/start-codex-app-server check-updates -y +``` + +`check-upgrade` is accepted as an alias for `check-updates`. + +## Self-Upgrade Behavior + +When the app-server is running, `check-updates -y` downloads and validates the new Codex binary first, then starts a detached worker to stop the app-server process group, replace the binary, and start the app-server again. This is the correct path even when Codex itself initiated the command. + +Expect the current Codex connection or tool call to be interrupted after the handoff. After a short delay, verify the outcome with: + +```bash +scripts/start-codex-app-server status +``` + +If needed, inspect the portable project-local upgrade log: + +```bash +sed -n '1,160p' run/codex-app-server-upgrade.log +``` + +## Safety Rules + +- Do not manually `kill`, `mv`, or overwrite the Codex binary for this workflow. +- Do not assume `/usr/local/bin/codex`, a specific home directory, or any machine-specific path. +- Use `CODEX_BIN=/absolute/path/to/codex` only when the user or environment explicitly requires a non-default binary. +- If the script reports that it cannot replace the binary without write permission, stop and report that non-interactive privileges or a writable `CODEX_BIN` are required. +- Do not run `check-updates -y` unless the user explicitly asked to upgrade or auto-approve the update. diff --git a/.codex/skills/codex-app-server-upgrade/agents/openai.yaml b/.codex/skills/codex-app-server-upgrade/agents/openai.yaml new file mode 100644 index 0000000..880bae1 --- /dev/null +++ b/.codex/skills/codex-app-server-upgrade/agents/openai.yaml @@ -0,0 +1,4 @@ +interface: + display_name: "Codex App Server Upgrade" + short_description: "Safely self-upgrade Codex app-server." + default_prompt: "Safely check for and apply a Codex app-server upgrade using the project script." diff --git a/README.md b/README.md index f910a7b..5342a60 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Docker Compose runs only the Go Telegram bot. Codex runs on the host through `co scripts/start-codex-app-server start ``` - The script supports `start`, `stop`, `status`, and `check-updates [-y]`. `start` launches Codex detached, writes `run/codex-app-server.pid`, logs to `run/codex-app-server.log`, and is idempotent if the socket is already live. `check-updates` compares the local `codex` binary with the latest OpenAI Codex GitHub release. With `-y`, it downloads and validates the matching platform archive before stopping a running app-server. If the app-server is running, the final stop/replace/start step is handed to a detached worker so the upgrade can complete even when invoked from Codex itself. If the upgraded server fails to start, the worker restores the previous binary and starts it again. + The script supports `start`, `stop`, `status`, `check-updates [-y]`, and the alias `check-upgrade [-y]`. `start` launches Codex detached, writes `run/codex-app-server.pid`, logs to `run/codex-app-server.log`, and is idempotent if the socket is already live. `check-updates` compares the local `codex` binary with the latest OpenAI Codex GitHub release. With `-y`, it downloads and validates the matching platform archive before stopping a running app-server. If the app-server is running, the final stop/replace/start step is handed to a detached worker so the upgrade can complete even when invoked from Codex itself. If the upgraded server fails to start, the worker restores the previous binary and starts it again. 3. Add at least one Telegram user and workspace: diff --git a/scripts/start-codex-app-server b/scripts/start-codex-app-server index be773a7..172507c 100755 --- a/scripts/start-codex-app-server +++ b/scripts/start-codex-app-server @@ -26,13 +26,14 @@ chmod 700 "$RUN_DIR" usage() { cat < [options] +Usage: $0 [options] Commands: start Start codex app-server if it is not already running. stop Stop codex app-server and remove stale runtime files. status Print whether codex app-server is running. check-updates [-y] Check GitHub releases and optionally install the latest Codex binary. + check-upgrade [-y] Alias for check-updates. Environment: CODEX_BIN Codex executable to replace. Defaults to the codex found on PATH. @@ -565,7 +566,7 @@ case "$cmd" in if [[ $# -ne 0 ]]; then usage; exit 2; fi status_server ;; - check-updates) + check-updates|check-upgrade) shift || true check_updates "$@" ;;