Skip to content

[codex] fix install.sh validators: optional peer header + parenthesized plugin list state#2632

Open
ZaynJarvis wants to merge 1 commit into
mainfrom
followup/install-sh-validators
Open

[codex] fix install.sh validators: optional peer header + parenthesized plugin list state#2632
ZaynJarvis wants to merge 1 commit into
mainfrom
followup/install-sh-validators

Conversation

@ZaynJarvis

@ZaynJarvis ZaynJarvis commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Problem

Re-running setup-helper/install.sh non-interactively after #2598 surfaces two false-positive validator warnings on a no-peer config (e.g. local unauth OV):

!! Install validation: codex plugin list does not show openviking-memory@openviking-plugins-local as installed, enabled
!! Install validation: cached .mcp.json is missing X-OpenViking-Actor-Peer header mapping
xx Plugin install validation failed in non-interactive mode.

Both are validator bugs, not actual install regressions — codex plugin list shows the plugin as installed, enabled and the cached .mcp.json is correct.

Root cause

  1. Actor-peer validator unconditional. [codex] tighten memory recall, capture, and resume #2598 commit 216dbb5 made syncMcpConfig omit the X-OpenViking-Actor-Peer header when no peer is configured (symmetric to bearer_token_env_var / HAS_API_KEY). The install validator at install.sh:613 still required the header unconditionally, so every no-peer install gets flagged.

  2. codex plugin list regex too strict. The validator grep at install.sh:591 was ${PLUGIN_ID}[[:space:]]+installed, enabled, but codex CLI prints openviking-memory@openviking-plugins-local (installed, enabled) with parens. The regex never matches the current CLI output. This is older brittleness (not a [codex] tighten memory recall, capture, and resume #2598 regression) and surfaces now because the actor-peer false-positive ran the validator long enough to notice.

Fix

  • ov-credentials.mjs: new has-peer-id CLI command, symmetric to has-api-key. Returns 1/0 based on resolveOpenVikingCredentials().peerId. Underlying resolution is already covered by existing tests 1–3 in ov-credentials.test.mjs.
  • install.sh: new HAS_PEER_ID="$(detect_peer_id)" mirrors HAS_API_KEY. Validator becomes conditional both ways:
    • HAS_PEER_ID=1 + header missing → flag (required header dropped)
    • HAS_PEER_ID=0 + header present → flag (stale header, should be dropped)
    • Other two cases → ok
  • install.sh plugin list regex: relaxed to \(?installed, enabled\)? to accept both the parenthesized and bare forms codex CLI has shipped at different points.

Verification

$ bash examples/codex-memory-plugin/setup-helper/install.sh < /dev/null
…
6. Install validation
==> Plugin install looks valid.

Hand-traced both HAS_PEER_ID branches × both X-OpenViking-Actor-Peer presence states to confirm the four-case truth table.

$ node --test examples/codex-memory-plugin/scripts/ov-credentials.test.mjs \
              examples/codex-memory-plugin/scripts/recall-compressor-profile.test.mjs
# tests 20 # pass 20 # fail 0
$ find examples/codex-memory-plugin/scripts -name '*.mjs' | xargs node --check    # OK
$ bash -n / zsh -n examples/codex-memory-plugin/setup-helper/*.sh                  # OK
$ git diff --check                                                                  # OK

Follow-up direction (out of scope)

@ZaynJarvis suggested the longer-term home is openviking@openai-curated rather than the self-hosted openviking-plugins-local marketplace. That requires upstream coordination with codex's curated marketplace and is not part of this validator fix.

@ZaynJarvis
[codex] fix install.sh validators: optional peer + parenthesized plug…
8334fb8 
…in list state

Two false-positive validations surfaced when re-running the installer
on a no-peer config after #2598 merged:

1. cached .mcp.json validator unconditionally required the
   X-OpenViking-Actor-Peer mapping. Since syncMcpConfig now omits that
   header when no peer is configured (#2598 commit 216dbb5), the
   validator failed every no-peer install. Make it conditional, and
   symmetrically flag a stale header when no peer is configured (the
   same way bearer_token_env_var handles HAS_API_KEY both ways).

2. 'codex plugin list' validator grep expected '<id>  installed,
   enabled' but codex CLI actually prints '<id> (installed, enabled)'
   with parens. Loosen the regex to accept both forms.

- ov-credentials.mjs gains a 'has-peer-id' CLI command symmetric to
  'has-api-key', so install.sh can detect peer presence via the same
  resolver used at render time. Underlying peerId resolution is
  already covered by ov-credentials.test.mjs cases 1, 2, and 3.
- install.sh detects HAS_PEER_ID, mirrors the bearer pattern at the
  validator, and makes the codex-plugin-list regex tolerate the
  parenthesized state form.

Verified by re-running setup-helper/install.sh non-interactively
against the no-peer ovcli.conf: 'Plugin install looks valid.' now
prints with no warnings. Hand-traced both HAS_PEER_ID branches of
the new validator (peer-configured / peer-absent, header-present
/ header-absent) to confirm the four cases behave correctly.
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶

2598 - Partially compliant

Compliant requirements:

  • Added detect_peer_id function in install.sh
  • Updated plugin list regex to accept parenthesized state
  • Added has-peer-id command in ov-credentials.mjs
  • Made X-OpenViking-Actor-Peer header validation conditional

Non-compliant requirements:

  • No new tests added for has-peer-id command (existing tests cover resolution)

Requires further human verification:

  • Smoke test stale env + OPENVIKING_CLI_CONFIG_FILE=ovcli.conf.zeus
⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🏅 Score: 90
🧪 No relevant tests
🔒 No security concerns identified
✅ No TODO sections
🔀 No multiple PR themes
⚡ Recommended focus areas for review

Regex Robustness

The plugin list regex uses \(?installed, enabled\)? which allows mismatched parentheses (e.g., (installed, enabled or installed, enabled)). While unlikely to occur in practice, this could lead to false positives.

 
if ! codex plugin list 2>/dev/null | grep -E -q "${PLUGIN_ID}[[:space:]]+\(?installed, enabled\)?"; then

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

PR Code Suggestions ✨

No code suggestions found for the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

OpenViking project
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZaynJarvis