feat: add support for OPENAI_ORGANIZATION and OPENAI_PROJECT env vars#435
Closed
rumple wants to merge 170 commits into
Closed
feat: add support for OPENAI_ORGANIZATION and OPENAI_PROJECT env vars#435rumple wants to merge 170 commits into
rumple wants to merge 170 commits into
Conversation
…-context mode Signed-off-by: Thibault Sottiaux <tibo@openai.com>
* remove unused express dep * update package-lock.json
Old docs had o3 as the default
* o3 instead of o3-mini
One of my favorite use cases is a read-only one; have `codex` suggest areas of the codebase that need attention. From here, it's also easy for the user to select one of the proposed tasks and have `codex` make the PR.
Signed-off-by: Adam Montgomery <montgomery.adam@gmail.com>
Signed-off-by: Hugo Biais <hugobiais75@gmail.com>
Signed-off-by: Thibault Sottiaux <tibo@openai.com>
Fix a typo where a p should have been a q
* Fix Docker container scripts Signed-off-by:: Eric Burke <eburke@openai.com> * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic <kylekosic@openai.com>
* [readme] security review recipe
* handle invalid commands * better test * format
* fix: developer typo * fix: typo
Making README more factually and grammatically exact.
* add: release script * add: src to npm module * fix: readme Signed-off-by: Fouad Matin <fouad@openai.com> --------- Signed-off-by: Fouad Matin <fouad@openai.com>
Signed-off-by: Isaac Gemal <isaacgemal@gmail.com>
* w Signed-off-by: Thibault Sottiaux <tibo@openai.com> * w Signed-off-by: Thibault Sottiaux <tibo@openai.com> * w Signed-off-by: Thibault Sottiaux <tibo@openai.com> * w Signed-off-by: Thibault Sottiaux <tibo@openai.com> * w Signed-off-by: Thibault Sottiaux <tibo@openai.com> --------- Signed-off-by: Thibault Sottiaux <tibo@openai.com>
Signed-off-by: Fouad Matin <fouad@openai.com>
Signed-off-by: Fouad Matin <fouad@openai.com>
Signed-off-by: Ilan Bigio <ilan@openai.com>
Signed-off-by: Jon Church <me@jonchurch.com>
## `0.1.2504211509` ### 🚀 Features - Support multiple providers via Responses-Completion transformation (openai#247) - Add user-defined safe commands configuration and approval logic openai#380 (openai#386) - Allow switching approval modes when prompted to approve an edit/command (openai#400) - Add support for `/diff` command autocomplete in TerminalChatInput (openai#431) - Auto-open model selector if user selects deprecated model (openai#427) - Read approvalMode from config file (openai#298) - `/diff` command to view git diff (openai#426) - Tab completions for file paths (openai#279) - Add /command autocomplete (openai#317) - Allow multi-line input (openai#438) ### 🐛 Bug Fixes - `full-auto` support in quiet mode (openai#374) - Enable shell option for child process execution (openai#391) - Configure husky and lint-staged for pnpm monorepo (openai#384) - Command pipe execution by improving shell detection (openai#437) - Name of the file not matching the name of the component (openai#354) - Allow proper exit from new Switch approval mode dialog (openai#453) - Ensure /clear resets context and exclude system messages from approximateTokenUsed count (openai#443) - `/clear` now clears terminal screen and resets context left indicator (openai#425) - Correct fish completion function name in CLI script (openai#485) - Auto-open model-selector when model is not found (openai#448) - Remove unnecessary isLoggingEnabled() checks (openai#420) - Improve test reliability for `raw-exec` (openai#434) - Unintended tear down of agent loop (openai#483) - Remove extraneous type casts (openai#462)
…penai#497) I saw cases where the first chunk of output from `ls -R` could be large enough to exceed `MAX_OUTPUT_BYTES` or `MAX_OUTPUT_LINES`, in which case the loop would exit early in `createTruncatingCollector()` such that nothing was appended to the `chunks` array. As a result, the reported `stdout` of `ls -R` would be empty. I asked Codex to add logic to handle this edge case and write a unit test. I used this as my test: ``` ./codex-cli/dist/cli.js -q 'what is the output of `ls -R`' ``` now it appears to include a ton of stuff whereas before this change, I saw: ``` {"type":"function_call_output","call_id":"call_a2QhVt7HRJYKjb3dIc8w1aBB","output":"{\"output\":\"\\n\\n[Output truncated: too many lines or bytes]\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.5}}"} ```
- Add `store: boolean` to `AgentLoop` to enable client-side storage of response items - Add `--disable-response-storage` arg + `disableResponseStorage` config
## `0.1.2504220136` ### 🚀 Features - Add support for ZDR orgs (openai#481) - Include fractional portion of chunk that exceeds stdout/stderr limit (openai#497)
This all started because I was going to write a script to autogenerate the Table of Contents in the root `README.md`, but I noticed that the `href` for the "Why Codex?" heading was `#whycodex` instead of `#why-codex`. This piqued my curiosity and it turned out that the space in "Why Codex?" was not an ASCII space but **U+00A0**, a non-breaking space, and so GitHub ignored it when generating the `href` for the heading. This also meant that when I did a text search for `why codex` in the `README.md` in VS Code, the "Why Codex" heading did not match because of the presence of **U+00A0**. In short, these types of Unicode characters seem like a hazard, so I decided to introduce this script to flag them, and if desired, to replace them with "good enough" ASCII equivalents. For now, this only applies to the root `README.md` file, but I think we should ultimately apply this across our source code, as well, as we seem to have quite a lot of non-ASCII Unicode and it's probably going to cause `rg` to miss things. Contributions of this PR: * `./scripts/asciicheck.py`, which takes a list of filepaths and returns non-zero if any of them contain non-ASCII characters. (Currently, there is one exception for ✨ aka **U+2728**, though I would like to default to an empty allowlist and then require all exceptions to be specified as flags.) * A `--fix` option that will attempt to rewrite files with violations using a equivalents from a hardcoded substitution list. * An update to `ci.yml` to verify `./scripts/asciicheck.py README.md` succeeds. * A cleanup of `README.md` using the `--fix` option as well as some editorial decisions on my part. * I tried to update the `href`s in the Table of Contents to reflect the changes in the heading titles. (TIL that if a heading has a character like `&` surrounded by spaces, it becomes `--` in the generated `href`.)
openai#530) Without this I get an issue running codex it in a docker container. I receive: ``` { "answer": "{\"role\":\"user\",\"content\":[{\"type\":\"input_text\",\"text\":\"\\\"Say hello world\\\"\"}],\"type\":\"message\"}\n{\"id\":\"error-1745325184914\",\"type\":\"message\",\"role\":\"system\",\"content\":[{\"type\":\"input_text\",\"text\":\"⚠️ OpenAI rejected the request (request ID: req_f9027b59ebbce00061e9cd2dbb2d529a). Error details: Status: 400, Code: invalid_function_parameters, Type: invalid_request_error, Message: 400 Invalid schema for function 'shell': In context=(), 'required' is required to be supplied and to be an array including every key in properties. Missing 'workdir'.. Please verify your settings and try again.\"}]}\n" } ``` This fix makes it work.
A recent commit introduced the ability to use third-party model providers. (Really appreciate it!) However, the usage is inconsistent: some pieces of code use the custom providers, whereas others still have the old behavior. Additionally, `OPENAI_BASE_URL` is now being disregarded when it shouldn't be. This PR normalizes the usage to `getApiKey` and `getBaseUrl`, and enables the use of `OPENAI_BASE_URL` if present. --------- Co-authored-by: Gabriel Bianconi <GabrielBianconi@users.noreply.github.com>
…ack-off (openai#506) As requested by @tibo-openai at openai#357 (comment), this attempts a more minimal implementation of openai#357 that preserves as much as possible of the existing code's exponential backoff logic. Adds a small retry wrapper around the streaming for‑await loop so that HTTP 429s which occur *after* the stream has started no longer crash the CLI. Highlights • Re‑uses existing RATE_LIMIT_RETRY_WAIT_MS constant and 5‑attempt limit. • Exponential back‑off identical to initial request handling. This comment is probably more useful here in the PR: // The OpenAI SDK may raise a 429 (rate‑limit) *after* the stream has // started. Prior logic already retries the initial `responses.create` // call, but we need to add equivalent resilience for mid‑stream // failures. We keep the implementation minimal by wrapping the // existing `for‑await` loop in a small retry‑for‑loop that re‑creates // the stream with exponential back‑off.
Adds a new flag to cli `--version` that prints the current version and exits --------- Co-authored-by: Thibault Sottiaux <tibo@openai.com>
…enai#541) This introduces a Python script (written by Codex!) to verify that the table of contents in the root `README.md` matches the headings. Like `scripts/asciicheck.py` in openai#513, it reports differences by default (and exits non-zero if there are any) and also has a `--fix` option to synchronize the ToC with the headings. This will be enforced by CI and the changes to `README.md` in this PR were generated by the script, so you can see that our ToC was missing some entries prior to this PR.
…ng (openai#496) While here, I also moved the Nix stuff to the end of the **Contributing** section and replaced some examples with `npm` to use `pnpm`.
Change errors on missing api key of other providers from <img width="854" alt="image" src="https://github.com/user-attachments/assets/f488a247-5040-4b02-92d6-90a2204419ff" /> (missing deepseek key but still throws error for openai) to <img width="854" alt="image" src="https://github.com/user-attachments/assets/8333d24a-91f8-4ba8-9a51-ed22a7e8a074" /> This should help new users figure out the issue easier and go to the right place to get api keys OpenAI key missing would popup with the right link <img width="854" alt="image" src="https://github.com/user-attachments/assets/0ecc9320-380f-425c-972e-4312bf610955" />
Fixes openai#540 # Skip API key validation for Ollama provider ## Description This PR modifies the CLI to not require an API key when using Ollama as the provider ## Changes - Modified the validation logic to skip API key checks for these providers - Updated the README to clarify that Ollama doesn't require an API key
Resolved issue where an OLLAMA_BASE_URL was not properly handled (openai#516).
Collaborator
|
@rumple Looks like this has drifted, could you look at freshening this up and resolving the merge conflicts? |
- Fixes post-merge of openai#506 --------- Co-authored-by: Ilan Bigio <ilan@openai.com>
…ainst workdir, if specified (openai#556) Previously, we were ignoring the `workdir` field in an `ExecInput` when running it through `canAutoApprove()`. For ordinary `exec()` calls, that was sufficient, but for `apply_patch`, we need the `workdir` to resolve relative paths in the `apply_patch` argument so that we can check them in `isPathConstrainedTowritablePaths()`. Likewise, we also need the workdir when running `execApplyPatch()` because the paths need to be resolved again. Ideally, the `ApplyPatchCommand` returned by `canAutoApprove()` would not be a simple `patch: string`, but the parsed patch with all of the paths resolved, in which case `execApplyPatch()` could expect absolute paths and would not need `workdir`.
## `0.1.2504221401` ### 🚀 Features - Show actionable errors when api keys are missing (openai#523) - Add CLI `--version` flag (openai#492) ### 🐛 Bug Fixes - Agent loop for ZDR (`disableResponseStorage`) (openai#543) - Fix relative `workdir` check for `apply_patch` (openai#556) - Minimal mid-stream openai#429 retry loop using existing back-off (openai#506) - Inconsistent usage of base URL and API key (openai#507) - Remove requirement for api key for ollama (openai#546) - Support `[provider]_BASE_URL` (openai#542)
In reference to [Issue 548](openai#548) - part 1.
apply_patch doesn't create parent directories when creating a new file leading to confusion and flailing by the agent. This will create parent directories automatically when absent. --------- Co-authored-by: Thibault Sottiaux <tibo@openai.com>
… before stream (openai#563) Gemini's API is finicky, it 400's without an error when you pass content: null Also fixed the rate limiting issues by throwing outside of the iterator. I think there's a separate issue with the second isRateLimit check in agent-loop - turnInput is cleared by that time, so it retries without the last message.
Contributor
Author
|
Recheck |
Contributor
Author
|
@tibo-openai Not sure what is missing here. Can you help? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added support for OpenAI-Organization and OpenAI-Project headers through environment variables, allowing users with multiple organizations to specify which organization and project to use for API requests.