Conversation
bolinfest
force-pushed
the
pr23833
branch
2 times, most recently
from
15357d3 to
32fe95c
Compare
shijie-oai
approved these changes
May 21, 2026
bolinfest
added a commit
that referenced
this pull request
May 21, 2026
## Why Installing `@openai/codex` currently places a Dotslash `rg` manifest at `node_modules/@openai/codex/bin/rg`, even though the native optional dependency already ships the actual helper under `vendor/<target>/codex-path/rg`. The launcher prepends that `codex-path` directory, so the top-level `bin/rg` file is redundant in the npm install. The remaining direct consumers of the manifest are package-building paths: `scripts/codex_package/ripgrep.py` and `codex-cli/scripts/install_native_deps.py`. Keeping the manifest under `codex-cli/bin` makes it look like a shipped npm binary, so this moves it next to the package-builder code that owns it. The checked-in `@openai/codex` package metadata should likewise describe only the meta package payload; generated platform packages continue to publish `vendor`. ## What Changed - Moved the Dotslash ripgrep manifest from `codex-cli/bin/rg` to `scripts/codex_package/rg`. - Updated the package builder, npm native-artifact hydrator, README, and CLI help text to reference the new manifest location. - Stopped `codex-cli/scripts/build_npm_package.py` from copying `rg` into the `@openai/codex` meta package. - Narrowed the checked-in meta package `files` whitelist to `bin/codex.js`. ## Verification - `python3 -m unittest discover -s scripts/codex_package -p "test_*.py"` - `python3 -m unittest discover -s codex-cli/scripts -p "test_*.py"` - `python3 -m py_compile codex-cli/scripts/build_npm_package.py codex-cli/scripts/install_native_deps.py scripts/codex_package/ripgrep.py scripts/codex_package/cli.py scripts/stage_npm_packages.py` - `codex-cli/scripts/build_npm_package.py --package codex --version 0.0.0-test --pack-output <tmp>/codex-meta-no-vendor.tgz` - `tar -tf <tmp>/codex-meta-no-vendor.tgz` showed only `package/bin/codex.js`, `package/package.json`, and `package/README.md`. - Direct staging check showed `codex` uses `files: ["bin/codex.js"]` while `codex-darwin-arm64` still uses `files: ["vendor"]`. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/23833). * #23836 * __->__ #23833
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
rust-releasenow publishescodex-package-<target>.tar.gzas the canonical native package payload. npm staging should consume those archives directly instead of keeping legacy synthesis code that fetchedrg, copied standalone binaries, and rebuilt an approximate package layout.That also means the package builder should not know the internal shape of
codex-package. It should extract and copy the target payload wholesale so future layout changes stay localized to the archive producer.The release job stages
codex,codex-responses-api-proxy, andcodex-sdktogether, so native artifact download should be filtered, observable, and shared across component installs. Since that native hydration is now only used by release staging, keeping a separateinstall_native_deps.pyCLI adds an extra wrapper without a real caller.What Changed
codex-packagesynthesis and related compatibility flags from npm staging.scripts/stage_npm_packages.pyand deletedcodex-cli/scripts/install_native_deps.py.codex-packagenative components under their component directory name instead of using a legacy destination map.CI=truedefault frombuild_npm_package.py; local CI-shaped runs should set that environment explicitly.npm packcache/log output in its temporary directory so packing does not write to the user npm cache.Verification
python3 -m py_compile scripts/stage_npm_packages.py codex-cli/scripts/build_npm_package.pypython3 -m unittest discover -s scripts/codex_package -p "test_*.py"scripts/stage_npm_packages.py --helpcodex-cli/scripts/build_npm_package.py --helprust-release.ymlagainst workflow run https://github.com/openai/codex/actions/runs/26240748758 withCI=trueset locally to match GitHub Actions:That completed successfully, downloaded only the six target artifacts once, reused the cache for
codex-responses-api-proxy, and produced all nine npm tarballs. Generated tarballs and staging/artifact temp dirs were cleaned afterward.