Skip to content

chore: sync upstream/main through v1.0.3 + codex tool mode#3

Merged
janbam merged 82 commits into
mainfrom
chore/sync-upstream-main
Jul 1, 2026
Merged

chore: sync upstream/main through v1.0.3 + codex tool mode#3
janbam merged 82 commits into
mainfrom
chore/sync-upstream-main

Conversation

@janbam

@janbam janbam commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Summary

Syncs our fork with upstream/main through v1.0.3 + the merged codex-tool-mode PR (Waishnav#26), bringing DevSpace to feature parity with upstream while preserving our fork's DEVSPACE_TRUST_PROXY_HOPS hardening.

Key upstream additions pulled in:

  • codex tool mode (DEVSPACE_TOOL_MODE=codex): replaces edit/write/bash surface with apply_patch + exec_command + write_stdin (resumable PTY-backed process sessions).
  • Short tool names only: legacy tool naming dropped; read/edit/bash/etc.
  • Desktop PTY support: node-pty with optional native build, Windows/macOS/Linux process management.
  • Skill discovery fixes (Include ~/.agents/skills in default skill discovery paths Waishnav/devspace#28 agent skill paths, pi project skills opt-in).
  • Show-changes schema simplification + refined review timing.

Why both features survive (merge intent)

The two conflict regions addressed orthogonal concerns, so both are kept:

  • Upstream rewrote the tool-surface config: boolean minimalTools/parseMinimalTools → enum ToolMode = "minimal" | "full" | "codex" with parseToolMode. This carries the codex tool surface (apply_patch, exec_command, PTY, codex cards).
  • Our fork's only divergent commit (b589d0a) is DEVSPACE_TRUST_PROXY_HOPS — Express trust proxy hop counting behind tunnels, independent of the tool surface. Upstream never adopted it, so dropping it would lose real security hardening.

No semantic overlap. The conflicts were positional: our trust-proxy helpers were inserted adjacent to parseMinimalTools, which upstream rewrote.

Conflicts resolved (2)

Both in code we own on the fork side that touched the same regions upstream rewrote:

  1. src/config.ts — Kept our trust-proxy helpers (parseTrustProxyHopsRaw, isLoopbackHost, resolveTrustProxyHops). Adopted upstream's parseToolMode/toolMode (string enum) instead of our deleted parseMinimalTools/minimalTools (boolean). loadConfig already references toolMode correctly.
  2. src/server.ts — Imports: kept our describeTrustProxy/trustForwardedHeaders imports alongside upstream's new applyPatch import and existing WidgetMode/ServerConfig/loadConfig.

Verification

$ npm install                           # pulled node-pty native module
$ npm rebuild node-pty --ignore-scripts=false   # Linux native build (prebuilds shipped only for darwin/win32)
$ npm run typecheck                     # tsc -p tsconfig.json --noEmit  → clean
$ npm test                              # 12/12 suites green
  src/config.test.ts                   OK
  src/ui/card-types.test.ts             OK
  src/ui/patch-display.test.ts         OK
  src/apply-patch.test.ts               OK
  src/process-platform.test.ts          OK
  src/process-sessions.test.ts          OK   (after native node-pty rebuild)
  src/roots.test.ts                     OK
  src/skills.test.ts                    OK
  src/workspaces.test.ts                OK
  src/review-checkpoints.test.ts        OK
  src/oauth-store.test.ts               OK
  src/cli.test.ts                       OK

DEVSPACE_TOOL_MODE=codex confirmed active server-side: open_workspace registered and called successfully (codex/minimal/full share this tool; codex adds apply_patch/exec_command/write_stdin and suppresses edit/write/grep/glob/ls).

Migration note for Linux installs

Upstream ships node-pty prebuilds for darwin/win32 only. On Linux, a clean npm install (with global ignore-scripts on) leaves node-pty unbuilt — process-sessions.test.ts errors with "PTY support requires the optional node-pty dependency" and PTY-backed tty: true shells fail at runtime. Fix:

npm rebuild node-pty --ignore-scripts=false

Non-PTY paths work without the rebuild.

Out of scope (separate issue)

ChatGPT Apps _meta.ui.domain ("Widget domain is not set… A unique domain is required for app submission") is not addressed here — tracked in #2.

Waishnav and others added 30 commits June 22, 2026 02:28
Waishnav and others added 27 commits June 29, 2026 19:09
…ll-paths

Discover standard agent skill paths
…ames-only

# Conflicts:
#	src/config.test.ts
#	src/config.ts
#	src/server.ts
#	src/ui/card-types.ts
#	src/ui/workspace-app.tsx
Improve apply_patch diff UI and validation
…ructions

Clarify show changes review timing
# Conflicts:
#	src/config.ts
#	src/server.ts
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednode-pty@​1.1.09310010096100

View full report

@janbam
janbam merged commit 22fe62d into main Jul 1, 2026
2 checks passed
@janbam
janbam deleted the chore/sync-upstream-main branch July 1, 2026 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants