Conversation
bolinfest
added a commit
that referenced
this pull request
May 19, 2026
## Why Codex CLI packaging is currently split across npm staging, standalone installers, and release bundle creation, which makes it hard to define and validate a single valid package directory. This adds the first standalone package builder so later release paths can converge on the same canonical layout. ## What changed - Added `scripts/build_codex_package.py` as the stable executable wrapper around `scripts/codex_package`. - Added modules for CLI parsing, target metadata, grouped cargo builds, package layout validation, and archive writing. - The builder creates a package directory with `codex-package.json`, `bin/`, `codex-resources/`, and `codex-path`, and can serialize it as `.tar.gz`, `.tar.zst`, or `.zip`. - Source-built artifacts are built by one grouped `cargo build`: `codex` for all targets, `bwrap` for Linux, and the Windows sandbox helpers for Windows. `rg` remains an input because it is vendored from upstream rather than built from this repo. - Added `scripts/codex_package/README.md` to document the package layout, source-built artifacts, and cargo profile behavior. ## Verification - Ran wrapper/module syntax compilation. - Ran `scripts/build_codex_package.py --help` from `/private/tmp`. - Ran fake-cargo package/archive builds for macOS, Linux, and Windows target layouts, including an assertion that generated tar archives contain no duplicate member names. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/23513). * #23526 * __->__ #23513
viyatb-oai
approved these changes
May 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The Codex package builder should produce a complete package without requiring callers to pre-populate
rgundercodex-cli/vendoror havedotslashinstalled onPATH. The repo already tracks the authoritative DotSlash manifest incodex-cli/bin/rg, so the builder can read that metadata directly and fetch the correct ripgrep archive for the target it is packaging.What changed
scripts/codex_package/ripgrep.pyto parsecodex-cli/bin/rgafter stripping the shebang, select the target platform entry, download the configured artifact, and verify the recorded size and SHA-256 digest.$TMPDIR/codex-package/<target>-rgso verified archives can be reused without fetching again.rg/rg.exefromtar.gzandzipartifacts into the package-builder cache, then copied that intocodex-paththrough the existing package layout flow.--rg-binas an explicit local override for offline tests and unusual local workflows.rgfetch/cache behavior inscripts/codex_package/README.md.Verification
scripts/build_codex_package.py --helpfrom/private/tmp.tar.gzextraction,zipextraction, size/SHA-256 verification, and cache reuse after deleting the original source archives.--rg-bin, including an assertion that generated tar archives contain no duplicate member names.Stack created with Sapling. Best reviewed with ReviewStack.