Skip to content

Default useful port integrations#103

Merged
nisavid merged 6 commits into
mainfrom
nisavid/default-useful-integrations
Jun 15, 2026
Merged

Default useful port integrations#103
nisavid merged 6 commits into
mainfrom
nisavid/default-useful-integrations

Conversation

@nisavid

@nisavid nisavid commented Jun 15, 2026

Copy link
Copy Markdown
Owner

Summary

  • Enable the broadly useful, compatible port integrations by default: Agent Workspaces, AppShots, wrapper updater, and Copilot reasoning effort.
  • Document the default-enabled integration control surfaces in the integration READMEs, threat model, and maintainer best practices, with the narrower/high-risk optional integrations left opt-in.
  • Fix Thorium Chrome plugin staging against the current generated Chrome browser client shape and leave the tolerated 7z extraction warning cleanup as follow-up Clarify tolerated 7z symlink warnings during DMG extraction #102.

Changes

  • Default integration descriptors now opt in the selected integrations while preserving explicit disable handling.
  • The bootstrap wizard now persists disabled ids so setup-time disables override manifest defaults.
  • The wrapper updater default is gated for manual-update packages: no-updater packages export CODEX_PACKAGE_HAS_UPDATER=0, hide the in-app wrapper updater, and clear stale pending markers.
  • AppShots availability patching now handles mixed already-normalized and legacy bundle gates.
  • Port integration docs and user-facing support notes describe default behavior, local config override points, control surfaces, and security boundaries.
  • Maintainer security docs refresh the app threat model and operational best practices for the newly default-enabled surfaces.
  • Thorium patching now recognizes the current browser-client.mjs profile-root shape and treats the current metadata/instance matching code as already compatible.

Verification

  • bash -n launcher/start.sh.template scripts/bootstrap-wizard.sh packaging/appimage/codex-appimage-runtime.sh packaging/linux/codex-packaged-runtime.sh port-integrations/codex-wrapper-updater/apply-pending.sh tests/scripts_smoke.sh passed.
  • node --test port-integrations/codex-wrapper-updater/test.js passed: 16 tests.
  • node --test port-integrations/*/test.js passed: 283 tests.
  • bash tests/scripts_smoke.sh passed.
  • git diff --check and git diff --cached --check passed.
  • Temp-config bootstrap smoke passed: CODEX_DISABLE_PORT_INTEGRATIONS=agent-workspace wrote disabled: ["agent-workspace"], and scripts/lib/port-integrations.js --enabled excluded agent-workspace while preserving the other defaults.
  • Wrapper-updater main-bundle tests now assert check-wrapper, status visibility, and direct install paths are gated by codex-linux-wrapper-updates-enabled, which defaults off.
  • npm_config_cache=/tmp/codex-npm-cache npm_config_logs_dir=/tmp/codex-npm-logs make build-app package passed after refreshing Codex.dmg because cached metadata differed from upstream; rebuilt dist/codex-app-26.609.41114-1-x86_64.pkg.tar.zst.
  • Generated build info shows thorium-chrome-plugin enabled with the other default integrations; generated Chrome plugin files include .config/thorium.
  • PACKAGE_WITH_UPDATER=0 make pacman passed; the no-updater package omits /usr/bin/codex-app-updater and the update-builder bundle, and renders CODEX_PACKAGE_HAS_UPDATER="0" in usr/lib/codex-app/packaged-runtime.sh.
  • Generated codex-app/start.sh exports packaged runtime env before feature prelaunch hooks, so CODEX_PACKAGE_HAS_UPDATER is visible to wrapper-updater hooks before they run.
  • make appimage is blocked on this host because appimagetool is not installed; bash tests/scripts_smoke.sh covers the AppImage builder path with a fake appimagetool and verifies CODEX_PACKAGE_HAS_UPDATER="0" in the staged AppImage runtime helper.

Follow-up

Summary by CodeRabbit

  • Documentation
    • Comprehensive updates clarifying port integrations, security boundaries, and default configurations.
    • Agent Workspaces, AppShots, Copilot reasoning effort, and wrapper updater integrations now enabled by default.

Summary by CodeRabbit

  • New Features
    • Expanded the default set of enabled port integrations (including Agent Workspaces, AppShots, wrapper updater, Copilot reasoning effort, remote-control UI, mobile-control host patches, Read Aloud + MCP, conversation mode, and Open target discovery).
  • Bug Fixes
    • Improved AppShots availability/capture behavior with safer per-run temp staging and normalized availability gating.
    • Made wrapper updater UI/actions and pending markers correctly reflect whether updater support is available.
  • Documentation
    • Updated integration, build/run, and security/threat-model guidance to match the expanded defaults and clarify OpenAI-hosted policy requirements.
  • Tests
    • Refreshed and expanded coverage for default enablement and patching behavior.

@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 2eb4bf23-3108-41a7-8030-cb15dc790b5d

📥 Commits

Reviewing files that changed from the base of the PR and between af2200a and 52398ff.

📒 Files selected for processing (3)
  • port-integrations/codex-wrapper-updater/README.md
  • port-integrations/codex-wrapper-updater/patch.js
  • port-integrations/codex-wrapper-updater/test.js

📝 Walkthrough

Walkthrough

Four port integrations (agent-workspace, appshots, codex-wrapper-updater, copilot-reasoning-effort) are promoted from opt-in to default-enabled via integration.json flag changes and README updates. The AppShots patch is hardened with mkdtemp-based temp-file staging and normalized availability-gate regex rewriting. The wrapper updater gains manager-availability gating and stale-marker cleanup logic. Thorium Chrome plugin patching gains a new user-data directory and broader idempotency checks. All per-integration test fixtures are synchronized to the expanded default set, and comprehensive security documentation (best practices, threat model entries T5c/T5d/T5e, backlog issues #99/#100) is added. General documentation is updated to enumerate the expanded defaults and clarify that OpenAI-hosted account-policy mechanisms remain unaffected.

Changes

Port Integrations Promoted to Default-Enabled with Security Documentation

Layer / File(s) Summary
Integration manifests and per-integration READMEs
port-integrations/agent-workspace/integration.json, port-integrations/agent-workspace/README.md, port-integrations/appshots/integration.json, port-integrations/appshots/README.md, port-integrations/codex-wrapper-updater/integration.json, port-integrations/codex-wrapper-updater/README.md, port-integrations/copilot-reasoning-effort/integration.json, port-integrations/copilot-reasoning-effort/README.md, port-integrations/README.md
Flips defaultEnabled from false to true in four manifests; rewrites each integration's README to describe opt-out-by-default configuration via disabled list; adds security notes for agent-workspace bridge precedence (issue #99) and copilot-reasoning-effort server-side authority (issue #100); updates top-level integrations README with expanded default-set descriptions and disable examples.
AppShots patch: temp-dir staging and availability-gate normalization
port-integrations/appshots/patch.js, port-integrations/appshots/test.js
Rewrites applyLinuxAppshotAvailabilityPatch to detect already-normalized gates and use regex-based rewriting into a consistent parenthesized form; reworks codexLinuxAppshotScreenshot to stage capture/crop files inside a mkdtempSync directory (chmod 0o700) with recursive cleanup in finally; adds extensive test coverage for gate upgrade paths and temp-directory assertions.
Wrapper updater: manager-availability gating, stale-marker cleanup, and runtime environment
port-integrations/codex-wrapper-updater/apply-pending.sh, port-integrations/codex-wrapper-updater/patch.js, port-integrations/codex-wrapper-updater/test.js, port-integrations/codex-wrapper-updater/README.md, packaging/linux/codex-packaged-runtime.sh, packaging/appimage/codex-appimage-runtime.sh, launcher/start.sh.template, tests/scripts_smoke.sh
Adds package_has_updater() to apply-pending.sh for interpreting CODEX_PACKAGE_HAS_UPDATER and clearing stale pending markers when unavailable; extends patch.js with manager-availability detection to gate status reporting and install actions; exports CODEX_PACKAGE_HAS_UPDATER from both packaged runtimes; moves packaged runtime environment export earlier in launcher startup; adds test coverage for stale-marker clearing, manager-unavailable scenarios, and boot-order invariants.
Thorium Chrome plugin: user-data-dir and idempotency broadening
port-integrations/thorium-chrome-plugin/patch-chrome-plugin.js, port-integrations/thorium-chrome-plugin/test.js
Adds .config/thorium to codexLinuxChromeUserDataDirectories() for Thorium profile discovery; broadens alreadyText conditions for two patches from single strings to arrays of acceptable patterns; adds end-to-end integration test that synthesizes browser-client.mjs, patches twice, and asserts no missing-target stderr output.
Test fixture synchronization for expanded default set
port-integrations/agent-workspace/test.js, port-integrations/appshots/test.js, port-integrations/codex-wrapper-updater/test.js, port-integrations/conversation-mode/test.js, port-integrations/copilot-reasoning-effort/test.js, port-integrations/open-target-discovery/test.js, port-integrations/remote-control-ui/test.js, port-integrations/zed-opener/test.js
Updates DEFAULT_INTEGRATION_IDS constants across eight per-integration test files to include four newly default-enabled IDs; extends withTempIntegrationConfig helpers to emit both enabled and disabled fields in generated integrations.json; adds assertions for availability-gate upgrade paths, capture temp-directory behavior, descriptor gating when disabled, and stale-marker clearing.
Threat model expansion and security best-practices documentation
docs/maintainers/security-best-practices.md, docs/maintainers/threat-model.md, docs/maintainers/security-backlog.md
Introduces security-best-practices.md with maintainer review rules and integration-specific pre-integration checklist; extensively expands threat-model.md with new trust boundaries for four default integrations, security invariants for renderer-UI untrust and trusted-sink enforcement, and three new threat entries (T5c: Agent Workspaces helper bridge, T5d: AppShots captures, T5e: wrapper/Copilot authority); extends security-backlog.md with best-practices link and migrated issues #99#100.
General documentation updates for expanded defaults
README.md, docs/README.md, docs/port-integrations-architecture.md, docs/maintainers/fork-divergences.md, docs/maintainers/package-runtime-maintenance.md, docs/usage/build-and-run.md, docs/usage/support-routing.md
Enumerates the expanded default integration set across all docs; documents local opt-out configuration; clarifies that OpenAI-hosted account-policy mechanisms (rollouts, MFA, connected-client, audio, remote-control enrollment, host network) are not bypassed; links to new security best-practices documentation; updates architecture doc to remove defaultEnabled: true rejection and document port-integrations.json sanitization.
Bootstrap wizard: enabled/disabled config handling
scripts/bootstrap-wizard.sh
Rewrites Python-embedded config parsing to read and write both enabled and disabled arrays (instead of single combined list); adds resolved_enabled_ids() helper to compute effective enabled set from both lists; validates unknown IDs against checkout/current config; updates warnings and per-integration display to use resolved enabled set.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Possibly related PRs

Poem

🐇 Hop hop, the defaults have grown!
Agent workspaces, AppShots—now fully shown.
A mkdtemp dir keeps screenshots tidy and neat,
Copilot reasoning effort: default-complete.
The threat model blooms with T5c, d, and e—
Secure by default, as a rabbit should be! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 5.26% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely summarizes the main objective: enabling four useful port integrations by default (Agent Workspaces, AppShots, wrapper updater, Copilot reasoning effort).
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Comment @coderabbitai help to get the list of available commands and usage tips.

@nisavid nisavid marked this pull request as ready for review June 15, 2026 18:56

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dd7cd80c76

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread port-integrations/agent-workspace/integration.json
Comment thread port-integrations/codex-wrapper-updater/integration.json
@greptile-apps

greptile-apps Bot commented Jun 15, 2026

Copy link
Copy Markdown

Greptile Summary

This PR expands the default-enabled port integration set from six to ten integrations (adding Agent Workspaces, AppShots, Copilot reasoning-effort defaults, and the wrapper updater), gates each new default behind its own control surface, and ships the documentation and security guidance to match. Across the codebase it also fixes an operator-precedence bug in the AppShots availability gate and moves export_packaged_runtime_env earlier in the start-up sequence so CODEX_PACKAGE_HAS_UPDATER reaches prelaunch hooks.

  • appshots/patch.js: The old Linux availability expression n===\linux`||n===`macOS`&&flagsilently evaluated aslinux||(macOS&&flag)` due to JS operator precedence; the new patch wraps the OR in parentheses and adds an idempotent upgrade path for already-patched bundles.
  • codex-wrapper-updater/patch.js + apply-pending.sh: Adds CODEX_PACKAGE_HAS_UPDATER awareness so AppImage and PACKAGE_WITH_UPDATER=0 builds hide the in-app updater UI and clear stale pending markers instead of looping on a missing manager.
  • scripts/bootstrap-wizard.sh: Extends the Python integration resolver to read defaultEnabled from manifests and persist disabled ids so setup-time disables override manifest defaults across rebuilds.

Confidence Score: 5/5

Safe to merge; all functional changes are well-tested and the security surfaces of the newly default-enabled integrations are explicitly gated and documented.

The four newly default-enabled integrations each carry their own opt-out control surface, and the safety-critical changes (AppShots operator-precedence fix, per-capture private temp directory, CODEX_PACKAGE_HAS_UPDATER gating, and the start.sh env-ordering fix) are all covered by new or updated tests. The bootstrap-wizard logic for persisting disabled IDs is straightforward and verified by the smoke tests. The one gap flagged — no warning for stale disabled IDs in the written config — is a minor UX inconvenience, not a correctness issue.

No files require special attention; the scripts/bootstrap-wizard.sh disabled-ID handling and port-integrations/appshots/patch.js regex logic are the most intricate changes but are both covered by tests.

Important Files Changed

Filename Overview
port-integrations/appshots/patch.js Fixes operator-precedence bug in Linux availability expression and upgrades older already-patched bundle shapes; per-capture private temp directory replaces ad-hoc filename randomness.
scripts/bootstrap-wizard.sh Refactored integration resolution to respect defaultEnabled manifests and persist disabled ids; no warning is emitted for stale/unknown disabled ids (see comment), but this is a minor UX gap, not a correctness bug.
port-integrations/codex-wrapper-updater/patch.js Added CODEX_PACKAGE_HAS_UPDATER gating via codexLinuxWrapManagerAvailable; codexLinuxWrapStatusPayload now exposes enabled/available fields and skips status reads when manager is absent.
port-integrations/codex-wrapper-updater/apply-pending.sh New package_has_updater() function correctly handles unset, empty, whitespace-only, and falsy string values, falling back to AppImage detection; stale markers are cleared early for no-updater packages.
launcher/start.sh.template Moved export_packaged_runtime_env from just before cold-start hooks to just after source_feature_env_files, ensuring CODEX_PACKAGE_HAS_UPDATER is visible to all prelaunch hooks.
port-integrations/thorium-chrome-plugin/patch-chrome-plugin.js Added new bundle-shape variant for browser-client.mjs and updated alreadyText to accept arrays for both old and new profile-root shapes.
port-integrations/copilot-reasoning-effort/test.js Updated withTempIntegrationConfig default disabled parameter to derive from the full defaultEnabledIntegrationIds list (including copilot-reasoning-effort), resolving the previously flagged helper-mismatch concern.
packaging/appimage/codex-appimage-runtime.sh Added CODEX_PACKAGE_HAS_UPDATER="0" export so AppImage runtime correctly signals no-updater status to the wrapper-updater integration.
packaging/linux/codex-packaged-runtime.sh Added CODEX_PACKAGE_HAS_UPDATER="__CODEX_PACKAGE_ENABLE_UPDATER__" template placeholder rendered at build time.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[integration.json
defaultEnabled: true/false] -->|read by| B[bootstrap-wizard.sh
discover_integrations]
    C[integrations.json
enabled / disabled arrays] -->|read by| D[read_config_ids]
    B --> E[resolved_enabled_ids]
    D --> E
    E -->|defaultEnabled + config_enabled
minus config_disabled| F[final_resolved]
    F -->|written to| G[port-integrations.json
persisted config]
    G -->|read by| H[scripts/lib/port-integrations.js]
    H -->|enabled set| I[ASAR patch pipeline]
    I --> J[agent-workspace patch]
    I --> K[appshots patch
operator-precedence fix]
    I --> L[codex-wrapper-updater patch
CODEX_PACKAGE_HAS_UPDATER gate]
    I --> M[copilot-reasoning-effort patch]
    N[appimage-runtime.sh
CODEX_PACKAGE_HAS_UPDATER=0] -->|env var| O[launcher/start.sh
export_packaged_runtime_env
moved before prelaunch hooks]
    P[codex-packaged-runtime.sh
CODEX_PACKAGE_HAS_UPDATER=__FLAG__] -->|build substitution| O
    O -->|visible to| L
    L -->|codexLinuxWrapManagerAvailable| Q{updater present?}
    Q -- No --> R[hide UI, clear stale marker]
    Q -- Yes --> S[normal wrapper update flow]
Loading

Reviews (4): Last reviewed commit: "fix(port-integrations/wrapper-updater): ..." | Re-trigger Greptile

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/port-integrations-architecture.md`:
- Around line 225-230: The design rule requiring default-enabled integrations to
have "control and security surfaces documented and match the maintainer security
best practices" references a non-existent document
`maintainers/security-best-practices.md`. Create this missing document with
enumerated requirements for the four promoted integrations (agent-workspace,
appshots, codex-wrapper-updater, and copilot-reasoning-effort). Additionally,
ensure each of these four integration READMEs includes explicit section headings
documenting control surfaces (like agent-workspace-linux), local gates, and
security boundaries, with copilot-reasoning-effort serving as the template
example that already has a "## Security Boundary" section.

In `@port-integrations/appshots/patch.js`:
- Around line 15-17: The early return condition in the test on line 15 (checking
for the pattern with `linux` and `macOS` in parentheses) prevents the function
from fully normalizing remaining legacy availability gates in mixed-shape
bundles. Remove this early return check so the function continues processing and
normalizes all legacy gates (including unparenthesized or macOS-only gates)
before returning the patched source.

In `@README.md`:
- Around line 235-242: Resolve the inconsistency between the README
policy-boundary claims at lines 235-242 and the threat model documentation. The
README states that audio availability and host network exposure are policy gates
controlled by OpenAI-hosted services, but the threat model and
security-best-practices docs do not explicitly enumerate these boundaries.
Either expand the threat model documentation to formally enumerate audio
availability and host network exposure as documented policy gates, or revise the
README text to remove references to these specific boundaries and only mention
the policy gates that are actually documented in the maintainer security
documentation. Ensure both documents consistently enumerate the same set of
OpenAI-hosted policy boundaries.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 326cc25b-9e4c-477b-af85-5893c30b1e47

📥 Commits

Reviewing files that changed from the base of the PR and between 284e089 and dd7cd80.

📒 Files selected for processing (30)
  • README.md
  • docs/README.md
  • docs/maintainers/fork-divergences.md
  • docs/maintainers/package-runtime-maintenance.md
  • docs/maintainers/security-backlog.md
  • docs/maintainers/security-best-practices.md
  • docs/maintainers/threat-model.md
  • docs/port-integrations-architecture.md
  • docs/usage/build-and-run.md
  • docs/usage/support-routing.md
  • port-integrations/README.md
  • port-integrations/agent-workspace/README.md
  • port-integrations/agent-workspace/integration.json
  • port-integrations/agent-workspace/test.js
  • port-integrations/appshots/README.md
  • port-integrations/appshots/integration.json
  • port-integrations/appshots/patch.js
  • port-integrations/appshots/test.js
  • port-integrations/codex-wrapper-updater/README.md
  • port-integrations/codex-wrapper-updater/integration.json
  • port-integrations/codex-wrapper-updater/test.js
  • port-integrations/conversation-mode/test.js
  • port-integrations/copilot-reasoning-effort/README.md
  • port-integrations/copilot-reasoning-effort/integration.json
  • port-integrations/copilot-reasoning-effort/test.js
  • port-integrations/open-target-discovery/test.js
  • port-integrations/remote-control-ui/test.js
  • port-integrations/thorium-chrome-plugin/patch-chrome-plugin.js
  • port-integrations/thorium-chrome-plugin/test.js
  • port-integrations/zed-opener/test.js

Comment thread docs/port-integrations-architecture.md Outdated
Comment thread port-integrations/appshots/patch.js Outdated
Comment thread README.md
@coderabbitai coderabbitai Bot added the github_actions Pull requests that update GitHub Actions code label Jun 15, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3a0314f75b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread packaging/linux/codex-packaged-runtime.sh
Comment thread port-integrations/codex-wrapper-updater/integration.json

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
port-integrations/copilot-reasoning-effort/README.md (1)

12-21: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use the canonical config filename in opt-out instructions.

Line 12 still points to port-integrations/integrations.json, while this PR’s documentation set standardizes on port-integrations.json. Keeping this legacy path here creates conflicting operator instructions for the same control path.

As per coding guidelines, “the implementation path and config APIs are port-integrations/, port-integrations.json, and CODEX_PORT_INTEGRATIONS_*; use those exact names only for source paths, file paths, and environment variables.”

Suggested doc fix
-Disable it by copying `port-integrations/integrations.example.json` to
-`port-integrations/integrations.json` and adding the integration id:
+Disable it in `port-integrations.json` and add the integration id:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@port-integrations/copilot-reasoning-effort/README.md` around lines 12 - 21,
Update the file path references in the opt-out instructions section to use the
standardized canonical configuration filenames. Replace the legacy path
`port-integrations/integrations.json` with the canonical path
`port-integrations.json` in the instruction text that describes copying from the
example file. This ensures consistency with the PR's documentation standards and
follows the coding guidelines that specify `port-integrations.json` as the
canonical config filename for source paths and file paths.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@port-integrations/codex-wrapper-updater/apply-pending.sh`:
- Around line 17-22: The package_has_updater() function evaluates the raw
CODEX_PACKAGE_HAS_UPDATER variable without normalization, so values like " False
" with whitespace and mixed case are treated as truthy. However, patch.js
normalizes the value by trimming and converting to lowercase before evaluation.
Normalize the CODEX_PACKAGE_HAS_UPDATER variable inside package_has_updater() by
trimming whitespace and converting to lowercase before the case statement to
match the behavior of the JavaScript runtime code and ensure consistent gating
between the hook and UI.

---

Outside diff comments:
In `@port-integrations/copilot-reasoning-effort/README.md`:
- Around line 12-21: Update the file path references in the opt-out instructions
section to use the standardized canonical configuration filenames. Replace the
legacy path `port-integrations/integrations.json` with the canonical path
`port-integrations.json` in the instruction text that describes copying from the
example file. This ensures consistency with the PR's documentation standards and
follows the coding guidelines that specify `port-integrations.json` as the
canonical config filename for source paths and file paths.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 90d92a37-17c2-4aec-8d11-e46a1e503dbd

📥 Commits

Reviewing files that changed from the base of the PR and between dd7cd80 and 3a0314f.

📒 Files selected for processing (15)
  • docs/maintainers/security-best-practices.md
  • docs/maintainers/threat-model.md
  • docs/port-integrations-architecture.md
  • packaging/linux/codex-packaged-runtime.sh
  • port-integrations/agent-workspace/README.md
  • port-integrations/appshots/README.md
  • port-integrations/appshots/patch.js
  • port-integrations/appshots/test.js
  • port-integrations/codex-wrapper-updater/README.md
  • port-integrations/codex-wrapper-updater/apply-pending.sh
  • port-integrations/codex-wrapper-updater/patch.js
  • port-integrations/codex-wrapper-updater/test.js
  • port-integrations/copilot-reasoning-effort/README.md
  • port-integrations/copilot-reasoning-effort/test.js
  • scripts/bootstrap-wizard.sh

Comment thread port-integrations/codex-wrapper-updater/apply-pending.sh
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 15, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: af2200a1a8

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread port-integrations/codex-wrapper-updater/patch.js Outdated
@nisavid nisavid merged commit 1647175 into main Jun 15, 2026
15 checks passed
@nisavid nisavid deleted the nisavid/default-useful-integrations branch June 15, 2026 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant