fix: restore latest build launch behavior#21
Merged
Conversation
…r-use-atspi-readback feat(computer-use): compact Linux AT-SPI state readback
…ackage-detection-clean [codex] fix Fedora package format detection
…l-fallback Fix Browser Use node_repl fallback install
Stage the upstream Browser Use plugin into Linux installs, sync the bundled copy into the Codex plugin cache on cold start, and keep the Linux node_repl/js bridge approved for the app-provided Browser Use server. Patch browser-client.mjs during staging so a Linux nodeRepl.fetch allowlist failure for the ChatGPT site_status preflight falls back to the existing Browser Use approval settings instead of blocking navigation before local allowed/blocked domain checks can run. Add smoke coverage for the patched Browser Use client and keep the existing patcher coverage for the node_repl approval config.
…tus-allowlist Fix Browser Use site_status allowlist fallback on Linux
Avoid full /proc scans during the normal cold-start path. The launcher now trusts app and webview pid files first, only scans for an already-running Electron process when the warm-start socket exists, and only performs webview discovery or stale-server cleanup when the webview port is actually in use. This keeps the defensive fallback behavior for stale ports and second-instance handoff while reducing startup overhead on systems with many processes. Validation: bash -n launcher/start.sh.template tests/scripts_smoke.sh; ./tests/scripts_smoke.sh; git diff --check
…c-scans Speed up launcher startup checks
Ensure the Linux quit-state helper is still injected when the current upstream main bundle no longer matches the older electron/path/fs require pattern. Without the helper, later tray and close-to-tray patches can leave references to codexLinuxIsQuitInProgress() that crash the Electron main process when closing a window. Add regression coverage for bundles where only the Electron require is recognizable. Validation: node --test scripts/patch-linux-window-ui.test.js; ./tests/scripts_smoke.sh; git diff --check
Fix Linux quit guard patch fallback
* upstream/main: Fix Linux quit guard patch fallback Speed up launcher startup checks Fix Browser Use Linux allowlist fallback Fix Browser Use node_repl fallback install tighten distro package detection fix Fedora package format detection feat(computer-use): add semantic element selectors feat(computer-use): compact Linux accessibility trees feat(computer-use): enrich Linux AT-SPI state readback # Conflicts: # Makefile # computer-use-linux/src/atspi_tree.rs # computer-use-linux/src/server.rs # launcher/start.sh.template # scripts/patch-linux-window-ui.js # scripts/patch-linux-window-ui.test.js # tests/scripts_smoke.sh Co-authored-by: Codex <noreply@openai.com>
Extract the ASAR webview into the generated Linux app tree instead of the temporary DMG app tree, and fail fast when a generated app is missing the bundle. Add smoke coverage for the extraction target. Co-authored-by: Codex <noreply@openai.com>
Keep the Linux quit-state helper at module scope so top-level tray and window classes can call it after startup. Add regression coverage for helper ordering in patched bundles. Co-authored-by: Codex <noreply@openai.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughCentralizes native package-format detection in the Makefile; adds AT‑SPI state and capped text readback, semantic element selectors, and tree compaction for accessibility resolution; refactors launcher webview/plugin-cache and bundled-plugin staging with ELF/Node‑REPL fallbacks; expands Linux bundle patching and tests; updates installer/webview extraction and updater package-kind priority. ChangesAccessibility Tree Enhancement
Launcher, Webview & Bundled Plugins
Linux Window UI Patching
Packaging and Updater
Sequence Diagram(s)sequenceDiagram
participant Client as Client
participant Server as Server
participant Cache as CachedNodes
participant ATSPI as AT-SPI
Client->>Server: click(params with selector)
Server->>Cache: build ElementSelector and query cached nodes
Server->>Server: resolve_semantic_node(selector, purpose=Click)
alt unique cached actionable match with bounds
Server->>Client: return coordinate click target (cached bounds)
else unique cached match without bounds
Server->>ATSPI: fetch primary AT‑SPI action for node
Server->>Client: return AT‑SPI action result (plain-click only)
else multiple matches
Server->>Client: return ambiguity error with matches
end
sequenceDiagram
participant Launcher as Launcher
participant FS as Filesystem
participant Cache as PluginCache
participant Web as WebviewServer
Launcher->>Launcher: detect cold start?
alt cold start
Launcher->>FS: read bundled plugin.json -> version
Launcher->>Cache: compare bundled browser-client.mjs with cached
alt mismatch
Launcher->>FS: stage bundled plugin, remove macOS sidecars, patch client
Launcher->>Cache: move staged dir to versioned cache
end
end
Launcher->>Web: ensure_webview_server()
alt port open & origin reachable
Launcher->>Launcher: adopt_discovered_webview_server()
else port serving verified content but not owned
Launcher->>Launcher: fail fast and exit
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Comment |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
nisavid has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
There was a problem hiding this comment.
Pull request overview
This PR merges the latest upstream main into the fork and restores correct packaged launch behavior on Linux by fixing webview extraction targeting and ensuring the Linux quit-guard is reliably module-scoped. It also brings in upstream improvements around launcher warm-start scanning, Browser Use fallback/runtime handling, Fedora package-format detection cleanup, and Linux Computer Use accessibility/selector updates.
Changes:
- Fix installer to extract/copy the webview bundle into the generated app tree and make the launcher fail fast when the bundle is missing.
- Make Linux quit-guard insertion more robust (including ordering before tray references) and expand patcher/smoke-test coverage.
- Improve Browser Use staging and node_repl runtime fallback behavior; enhance Linux Computer Use accessibility tree output and add semantic selector support.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
updater/src/install.rs |
Adjusts package-kind detection priority (OS release before installed package signals) and adds Fedora regression coverage. |
tests/scripts_smoke.sh |
Adds smoke coverage for webview extraction target, Browser Use node_repl fallback runtime, and quit-guard ordering/extraction assertions. |
scripts/patch-linux-window-ui.test.js |
Adds unit tests for quit-guard insertion fallback paths, tray reference ordering, and Browser Use node_repl approval patch. |
scripts/patch-linux-window-ui.js |
Improves quit-guard patch robustness, ensures quit-guard is applied for launch-action patch paths, and adds Browser Use node_repl approval patch. |
scripts/lib/webview-install.sh |
Changes extract_webview to target the generated install directory’s content/webview. |
scripts/lib/bundled-plugins.sh |
Improves Linux ELF validation for node/node_repl, stages Browser Use more safely, patches Browser Use allowlist fallback, and adds node_repl runtime archive fallback. |
launcher/start.sh.template |
Improves warm-start PID detection, adds webview port/origin checks + fast-fail for missing bundles, and syncs bundled Browser Use plugin cache on cold starts. |
install.sh |
Calls extract_webview with $INSTALL_DIR (generated app tree) instead of DMG app dir. |
docs/usage/troubleshooting.md |
Documents the new “webview bundle is missing or empty” failure mode and remediation. |
docs/maintainers/fork-divergences.md |
Updates upstream baseline hash/date to the new synced upstream commit. |
computer-use-linux/src/server.rs |
Compacts the accessibility tree, reports raw vs compacted counts, and adds semantic selector support for click/action/set_value. |
computer-use-linux/src/atspi_tree.rs |
Adds node state/text extraction, normalizes bounds, and extends tests. |
Makefile |
Adds distro/package-format auto-detection via /etc/os-release + tool fallback for make package and make install. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Use a fork-scoped Browser Use runtime cache path and remove an unreachable quit-guard warning branch. Add smoke coverage for the cache identity contract. Co-authored-by: Codex <noreply@openai.com>
There was a problem hiding this comment.
nisavid has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@computer-use-linux/src/server.rs`:
- Around line 1672-1674: Rename the function is_sentinel_or_missing_bounds to
is_missing_bounds since it only checks for None; update the function definition
(is_sentinel_or_missing_bounds -> is_missing_bounds) and replace all call sites
that reference is_sentinel_or_missing_bounds (e.g., the usage in the surrounding
logic that currently calls is_sentinel_or_missing_bounds) to call
is_missing_bounds instead so name matches behavior.
In `@Makefile`:
- Around line 224-230: The RPM install branch in the Makefile checks only for
`dnf` and misses systems with `dnf5`; update the conditional that currently
tests `command -v dnf` to also accept `dnf5` (e.g., check for `dnf` or `dnf5`)
so the branch that defines `rpm` (using `RPM`/`RPM_GLOB`) and runs `sudo dnf
install -y "$$rpm"` will execute when `dnf5` is present; ensure the chosen
command variable (or command invocation) uses the detected binary name so `dnf5`
is invoked instead of falling back to raw `rpm -Uvh`.
In `@scripts/lib/bundled-plugins.sh`:
- Around line 172-173: The fallback cache path uses "codex-desktop" and must
instead use this fork's namespace "codex-app": update the cache_dir assignment
that builds from CODEX_BROWSER_USE_RUNTIME_CACHE_DIR/XDG_CACHE_HOME/HOME to
replace the hardcoded segment "/codex-desktop/browser-use" with
"/codex-app/browser-use" so the variables cache_dir and archive continue to work
but store under codex-app; ensure you only change that string (refer to the
cache_dir variable and the subsequent archive="$cache_dir/$(basename "$url")"
use).
In `@scripts/patch-linux-window-ui.js`:
- Around line 916-923: The current early-return accepts any occurrence of "let
codexLinuxQuitInProgress=!1" even if it's nested; update the check so
quitGuardIndex is only treated as present when it's at module scope: after
finding quitGuardIndex, compute brace balance for patchedSource.slice(0,
quitGuardIndex) and only consider the guard valid if the count of '{' equals the
count of '}' (i.e., not inside an open block); keep the existing
electronRequireIndex and require(`electron`) checks and only early-return when
quitGuardIndex !== -1 AND (quitGuardIndex < electronRequireIndex ||
electronRequireIndex - quitGuardIndex < 1000) AND the brace-balance test passes,
ensuring codexLinuxIsQuitInProgress() references the module-scope guard.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 566d8b46-f698-44b5-938a-148c45262efe
📒 Files selected for processing (13)
Makefilecomputer-use-linux/src/atspi_tree.rscomputer-use-linux/src/server.rsdocs/maintainers/fork-divergences.mddocs/usage/troubleshooting.mdinstall.shlauncher/start.sh.templatescripts/lib/bundled-plugins.shscripts/lib/webview-install.shscripts/patch-linux-window-ui.jsscripts/patch-linux-window-ui.test.jstests/scripts_smoke.shupdater/src/install.rs
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (2)
tests/scripts_smoke.sh (1)
813-813:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winKeep the smoke fixture on the fork namespace.
This reintroduces
codex-desktopin a.shfile. Since the variable is unused here, it only normalizes the upstream name in the test surface instead of helping catch regressions.As per coding guidelines, "Preserve this fork's intentional names: the app, install roots, launchers, package names, desktop files, and XDG app state use
codex-app; the updater crate, binary, service, config, state, cache, and logs usecodex-app-updater. Do not adopt upstream names during syncs."🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/scripts_smoke.sh` at line 813, The smoke test sets CODEX_APP_ID to the upstream name "codex-desktop" but per our fork policy it must remain "codex-app"; update the assignment of the variable CODEX_APP_ID in tests/scripts_smoke.sh (the line currently setting CODEX_APP_ID="codex-desktop") to use "codex-app" so the fixture preserves the fork's intentional app name.scripts/patch-linux-window-ui.js (1)
916-922:⚠️ Potential issue | 🟠 Major | ⚡ Quick winDon't treat nested quit guards as "already patched".
indexOf("let codexLinuxQuitInProgress=!1")still matches stale nested guards. If that match happens before the Electron import, this early return skips the required module-scope injection and the top-level tray/launch helpers can callcodexLinuxIsQuitInProgress()out of scope.Suggested fix
const electronRequireIndex = patchedSource.indexOf("require(`electron`)"); const quitGuardIndex = patchedSource.indexOf("let codexLinuxQuitInProgress=!1"); + const quitGuardIsTopLevel = quitGuardIndex === -1 + ? false + : (() => { + const prefix = patchedSource.slice(0, quitGuardIndex); + let depth = 0; + for (const char of prefix) { + if (char === "{") depth += 1; + if (char === "}") depth -= 1; + } + return depth === 0; + })(); if ( electronRequireIndex !== -1 && quitGuardIndex !== -1 && - (quitGuardIndex < electronRequireIndex || quitGuardIndex - electronRequireIndex < 1000) + quitGuardIsTopLevel && + (quitGuardIndex < electronRequireIndex || quitGuardIndex - electronRequireIndex < 1000) ) { return patchedSource; }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/patch-linux-window-ui.js` around lines 916 - 922, The current check treats any earlier occurrence of "let codexLinuxQuitInProgress=!1" as "already patched" even if it's a stale nested guard; update the if-condition around patchedSource, electronRequireIndex and quitGuardIndex so that you only consider the guard as a valid existing module-scope guard when quitGuardIndex is after the Electron import and within the expected proximity (i.e., require quitGuardIndex !== -1 && quitGuardIndex > electronRequireIndex && quitGuardIndex - electronRequireIndex < 1000), otherwise proceed with the module-scope injection so codexLinuxIsQuitInProgress() and the top-level tray/launch helpers are defined in the correct scope.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@scripts/lib/bundled-plugins.sh`:
- Around line 178-185: The curl call that downloads the Browser Use node_repl
fallback (the block that checks if [ ! -f "$archive" ] and calls curl -L --fail
--progress-bar -o "$archive.part" "$url") needs timeout and retry bounds so a
stalled connection won't hang installation; replace the single curl invocation
with a bounded retry (e.g., 3 attempts) and explicit timeouts (use
--connect-timeout and --max-time and/or --retry and --retry-delay or loop with
sleep between attempts), keep writing to "$archive.part" and rm -f
"$archive.part" on each failed attempt, and if all attempts fail ensure you warn
"Failed to download Browser Use node_repl fallback runtime" and return 1 as
currently done.
In `@scripts/patch-linux-window-ui.js`:
- Around line 1345-1353: The current replace uses a broad needle
("startup_timeout_sec:120,env:{") which can match other MCP server blocks;
instead locate the specific Browser Use node_repl block first (e.g., find the
node_repl object that contains the "Browser Use" label) and only inject
approvalPatch into that block. Update the logic around currentSource, needle and
approvalPatch so you: (1) find the start/end of the node_repl block that
mentions "Browser Use", (2) ensure the needle occurs inside that block, and (3)
apply replacement only within that substring (then splice it back into
currentSource) rather than calling currentSource.replace globally. Use the
existing variable names (needle, currentSource, approvalPatch, node_repl/Browser
Use identifier) to locate and modify the correct region.
---
Duplicate comments:
In `@scripts/patch-linux-window-ui.js`:
- Around line 916-922: The current check treats any earlier occurrence of "let
codexLinuxQuitInProgress=!1" as "already patched" even if it's a stale nested
guard; update the if-condition around patchedSource, electronRequireIndex and
quitGuardIndex so that you only consider the guard as a valid existing
module-scope guard when quitGuardIndex is after the Electron import and within
the expected proximity (i.e., require quitGuardIndex !== -1 && quitGuardIndex >
electronRequireIndex && quitGuardIndex - electronRequireIndex < 1000), otherwise
proceed with the module-scope injection so codexLinuxIsQuitInProgress() and the
top-level tray/launch helpers are defined in the correct scope.
In `@tests/scripts_smoke.sh`:
- Line 813: The smoke test sets CODEX_APP_ID to the upstream name
"codex-desktop" but per our fork policy it must remain "codex-app"; update the
assignment of the variable CODEX_APP_ID in tests/scripts_smoke.sh (the line
currently setting CODEX_APP_ID="codex-desktop") to use "codex-app" so the
fixture preserves the fork's intentional app name.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: b7a227bb-ca63-4e90-a8b5-6146f9dec2b5
📒 Files selected for processing (3)
scripts/lib/bundled-plugins.shscripts/patch-linux-window-ui.jstests/scripts_smoke.sh
Handle dnf5 installs before falling back to raw RPM paths, bound Browser Use runtime downloads, and scope ASAR patcher idempotency to the intended module-level and Browser Use node_repl targets. Co-authored-by: Codex <noreply@openai.com>
There was a problem hiding this comment.
nisavid has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@Makefile`:
- Around line 22-56: The fallback logic in NATIVE_PKG_FORMAT_CMD uses rpmbuild
(in the series of command -v checks) which is a build tool and mismatches the
updater's runtime detection; update the fallback checks inside
NATIVE_PKG_FORMAT_CMD (the command -v branches that currently test for rpmbuild)
to test for actual RPM install/runtime tools such as dnf, dnf5, zypper, or rpm
instead so the format variable is set to "rpm" when an RPM package manager is
available; keep os_release_token_match and the format variable usage unchanged,
only replace the rpmbuild occurrences in the fallback detection to align with
updater/src/install.rs behavior.
- Around line 257-263: The Makefile install branch for DEB packages uses sudo
dpkg -i which doesn't resolve dependencies; update the deb install logic (the
block using variables DEB and DEB_GLOB and the "$$deb" selection) to first
attempt a dependency-resolving install with sudo apt install -y "./$$deb" (or
sudo apt install -y /path/to/$$deb) and, if that fails or apt is unavailable,
fall back to sudo dpkg -i "$$deb" followed by sudo apt-get -f install -y to fix
missing dependencies; ensure the echo/log lines remain descriptive and preserve
the same variable names (DEB, DEB_GLOB, $$deb) so the change integrates cleanly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 5e2f0b5b-9856-46c3-a8b0-7d2e4be20ac1
📒 Files selected for processing (6)
Makefilecomputer-use-linux/src/server.rsscripts/lib/bundled-plugins.shscripts/patch-linux-window-ui.jsscripts/patch-linux-window-ui.test.jstests/scripts_smoke.sh
Detect RPM package formats through runtime install tools and prefer apt for Debian package installs before falling back to dpkg dependency repair. Co-authored-by: Codex <noreply@openai.com>
There was a problem hiding this comment.
nisavid has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@Makefile`:
- Around line 43-55: The shell conditional that sets the format variable
contains unreachable duplicate branches; remove the redundant final elif blocks
that re-check rpm/pacman (the duplicate branches after the dpkg-deb check) and
keep a single, clear ordering of checks that sets format (e.g., check pacman
with !dpkg-deb, then rpm/dnf/zypper with !dpkg-deb, then dpkg-deb as the dpkg
case). Update the conditional that assigns format so there are no duplicated
rpm/pacman branches and the logic is deterministic.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 0f872999-ad91-4b82-86b2-8eab87c15eb7
📒 Files selected for processing (2)
Makefiletests/scripts_smoke.sh
Remove unreachable duplicate RPM and pacman fallback branches after the Debian package-tool check. Co-authored-by: Codex <noreply@openai.com>
There was a problem hiding this comment.
nisavid has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@Makefile`:
- Around line 268-271: The Makefile recipe currently runs an unguarded sudo dpkg
-i "$$deb" (when $$installed equals 0) which will cause the shell to exit early
under -e if dependency errors occur; replace that single unguarded dpkg
invocation with a guarded conditional (keeping the same $$deb and $$installed
checks) so that a non-zero exit from dpkg does not stop the recipe and the
subsequent apt-get -f install -y repair step still runs (i.e., run dpkg in a
conditional or OR-fallback that swallows failure and allows the apt-get -f
install branch to execute).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Guard dpkg fallback so dependency repair can run, and recompute compacted accessibility node depths from their remapped parent chains. Co-authored-by: Codex <noreply@openai.com>
There was a problem hiding this comment.
nisavid has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
This was referenced May 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Merge the latest upstream
maininto this fork and rebase the launch-fix branch on top of it. The upstream sync brings the current Linux quit-guard fallback, launcher startup scan improvements, Browser Use plugin fallback fixes, Fedora package-format detection cleanup, and Linux Computer Use accessibility updates while preserving this fork'scodex-appidentity, package layout, updater naming, and release/security gates.The branch also fixes two launch regressions seen with the latest DMG build. First, the installer was extracting webview assets into the temporary DMG app tree instead of the generated Linux app tree, which left packaged launches without the local webview bundle and could produce an apparently launched but unusable black window. Second, the Linux quit-state helper could be emitted inside a startup helper block, while top-level tray/window classes referenced it during quit handling. That made the tray quit path unreliable and could leave a stale app process and tray icon behind.
Details
The upstream merge is preserved as a merge commit through upstream
2b3bd253cd9e9fa3d149a666db70c931aca3f30a, with conflict resolutions in the Makefile, Linux Computer Use backend, launcher, ASAR patcher, and smoke tests. Resolutions keep upstream's new semantic accessibility selectors and launcher scan behavior, while retaining fork-specific package detection, names, zypper handling, updater paths, andcodex-appwording.The installer fix sends
extract_webviewto the generated install directory and makes the launcher fail fast if the webview bundle is missing. The ASAR patcher fix keeps the Linux quit guard module-scoped, handles upstream's broader Electron-require fallback, and adds regression coverage that the guard is declared before top-level tray references.Verification
node --check scripts/patch-linux-window-ui.jsnode --test scripts/patch-linux-window-ui.test.jsbash -n launcher/start.sh.template tests/scripts_smoke.sh install.sh scripts/lib/webview-install.shbash tests/scripts_smoke.shcargo fmt --manifest-path computer-use-linux/Cargo.toml --checkcargo test --manifest-path computer-use-linux/Cargo.tomlstat -c '%n %Y %y' Codex.dmgconfirmed the cached DMG was from2026-05-03 01:54:45 -0400, under 24 hours old at build time.make build-app DMG=Codex.dmgtest -s codex-app/content/webview/index.htmlmake pacman DMG=Codex.dmgBuilt package:
dist/codex-app-26.429.30905-1-x86_64.pkg.tar.zst.Summary by CodeRabbit