Merged
Conversation
- Add note that source installs produce `cclid` (dev binary), not `ccli` - Fix MCP section: `ccli-mcp` binary doesn't exist; corrected to `cclid-mcp` - Fix config command signature from `[setting] [value]` to `<subcommand>` - Add missing `set` and `get` to config subcommands summary - Document `--pretty` flag for data export - Remove misleading `data export all -o` example (single -o with type `all` writes multiple files to the same path, overwriting each other) https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
- Remove non-existent flags (-k, -v, -e) from showExamples() output - Fix showHelp() config signature to show <subcommand> and list set/get - Fix displayAliases empty-state message to show correct command syntax - Fix data export all -o overwriting same file by suffixing per type - Add ISSUES.md documenting all known bugs and missing features https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
…ssions - MCP codex_run now checks confirm metadata and refuses execution unless force: true is passed (added force parameter to schema) - Add Windows clipboard support via clip command - Set 0600 permissions on all data files via atomicWriteFileSync - Set 0700 permissions on data directory creation - Export files also written with 0600 permissions - Update tests to match new permission parameters and clipboard behavior https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
All four P0 bugs were already resolved in the codebase: - showExamples() now uses valid flags - showHelp() config shows correct subcommand signature - displayAliases empty-state shows correct set command - data export all -o suffixes filenames by type https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
- #8: stdin piping for `set` (read value from piped input) - #9: `edit` command with $EDITOR/$VISUAL support - #10: MCP encryption (encrypt/password on set, decrypt/password on get) - #11: `confirm` as standalone export/import/reset type (CLI + MCP) - #12: Advisory file locking (lockfile-based, stale lock detection) - #13: Auto-backup before destructive operations (reset, non-merge import) - #14: --json output flag for `get` and `find` commands All 448 tests pass. https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
10 detailed enhancement writeups (issues #15-#24) with problem statements, desired behavior, relevant files, and acceptance criteria. Ready to be copy-pasted into GitHub Issues. https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
README: Add edit command (section, TOC, Command Reference), --json flag on get/find, stdin piping for set, confirm data type, auto-backup note, Windows clipboard, updated MCP tools table with encrypt/decrypt/force params, and new Features list entries. CHANGELOG: Add v0.1.1 with all 11 additions and 6 bug/security fixes from the P0-P2 audit. https://claude.ai/code/session_01PcTMpBG6xcAhRb7kA9u6XZ
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a comprehensive set of security improvements, platform compatibility enhancements, and feature additions to CodexCLI. The changes address multiple bug fixes documented in ISSUES.md (P0-P2 priority items) and add several highly-requested features including inline editing, JSON output for scripting, stdin piping, file locking for concurrent access protection, and automatic backups before destructive operations.
Changes:
- Security enhancements: Added file locking with stale-lock detection, restrictive file permissions (0o600/0o700), auto-backup before destructive operations, Windows clipboard support, and MCP encryption/decryption support
- New features:
editcommand with $EDITOR integration,--jsonoutput flag forgetandfind, stdin piping forset,confirmas standalone export/import/reset type - Bug fixes: Corrected help text and examples, fixed
data export all -ofile overwriting issue, updated empty-state messages, enforced confirm metadata checks in MCPcodex_run
Reviewed changes
Copilot reviewed 26 out of 27 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/utils/fileLock.ts | New advisory file locking implementation with atomic lock acquisition and stale lock detection |
| src/utils/autoBackup.ts | New auto-backup functionality creating timestamped backups before destructive operations |
| src/utils/saveJsonSorted.ts | Wrapped with file locking to prevent concurrent write corruption |
| src/utils/atomicWrite.ts | Added mode 0o600 to file writes for security |
| src/utils/paths.ts | Added mode 0o700 to directory creation for security |
| src/utils/clipboard.ts | Added Windows (win32) platform support using 'clip' command |
| src/types.ts | Added json option to GetOptions and SearchOptions interfaces |
| src/index.ts | Added stdin piping support, edit command registration, and --json flag |
| src/commands/index.ts | Exported editEntry function |
| src/commands/entries.ts | Implemented editEntry function with $EDITOR integration and --json output mode for getEntry |
| src/commands/search.ts | Added --json output mode for search results |
| src/commands/helpers.ts | Updated VALID_DATA_TYPES to include 'confirm', fixed alias empty-state message |
| src/commands/data-management.ts | Added auto-backup calls, confirm type support, fixed export filename suffixing for 'all' type |
| src/mcp-server.ts | Added encrypt/decrypt/password parameters to codex_set and codex_get, force parameter to codex_run, confirm type support across export/import/reset |
| src/formatting.ts | Updated help text and examples to reflect new commands and correct flags |
| README.md | Comprehensive documentation updates including new features, corrected binary names, installation notes |
| CHANGELOG.md | Added version 0.1.1 with complete changelog |
| ISSUES.md | New documentation file listing all known issues and their status |
| docs/P3-FEATURE-REQUESTS.md | New documentation file with P3 priority feature request templates |
| package-lock.json | Changed binary names from ccli-mcp to cclid-mcp for development builds |
| src/tests/*.test.ts | Updated test mocks and assertions to support new file locking operations |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
|
@seabearDEV I've opened a new pull request, #3, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
|
@seabearDEV I've opened a new pull request, #4, to work on those changes. Once the pull request is ready, I'll request review from you. |
Contributor
|
@seabearDEV I've opened a new pull request, #5, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: seabearDEV <40605056+seabearDEV@users.noreply.github.com>
…mpFile Co-authored-by: seabearDEV <40605056+seabearDEV@users.noreply.github.com>
Co-authored-by: seabearDEV <40605056+seabearDEV@users.noreply.github.com>
Co-authored-by: seabearDEV <40605056+seabearDEV@users.noreply.github.com>
Mask plaintext value in `codex_set` MCP response when encryption is used
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: seabearDEV <40605056+seabearDEV@users.noreply.github.com>
Replace busy-wait spin loop with Atomics.wait() in fileLock.ts
Fix command injection vulnerability in editor launch (execSync → spawnSync)
…terpolation, and more - Remove redundant resolveKey() call in editEntry (caller already resolves) - Add edit/e command and --json/-j flag to tab completions - Interpolate values in --json output mode for get command - Set process.exitCode=1 for not-found keys in JSON mode - Log debug warning instead of silently swallowing lock failures - Add TOCTOU mitigation comment on stale lock removal - Replace deprecated rmdirSync with rmSync - Replace dynamic imports with static fs/os/path imports in editEntry - Reset confirm keys when importing type=all without confirm key present - Always include searched sub-keys in JSON search output (even when empty) - Add comment explaining intentional undefined fallthrough in stdin path - Add backup rotation keeping only 10 most recent backups
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.