[Bugfix #1128] Bump @openai/codex-sdk to ^0.142.5: restore the codex consult lane on macOS (XProtect kill)#1141
Open
amrmelsayed wants to merge 6 commits into
Open
[Bugfix #1128] Bump @openai/codex-sdk to ^0.142.5: restore the codex consult lane on macOS (XProtect kill)#1141amrmelsayed wants to merge 6 commits into
amrmelsayed wants to merge 6 commits into
Conversation
…eveloper ID-signed codex binary The codex vendor binary shipped by @openai/codex 0.130.0 (pinned exactly by codex-sdk 0.130.0) is unsigned; macOS 26 XProtect SIGKILLs it on first launch and auto-trashes it, after which every consult -m codex fails with a raw spawn ENOENT. @openai/codex 0.142.5 ships the same binary Developer ID-signed (OpenAI OpCo, LLC / 2DC432GLL2, hardened runtime), which XProtect accepts. The old caret range could never pick this up on its own: for 0.x versions, ^0.130.0 only spans 0.130.x. Verified on macOS 26 (darwin-arm64): codesign --verify --strict passes with the full Developer ID chain; the binary launches cleanly and survives exec; consult -m codex round-trips end-to-end from the worktree build; all 3432 codev tests pass with the new SDK (API surface unchanged for our usage).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps
@openai/codex-sdkfrom^0.130.0to^0.142.5inpackages/codev. This restores theconsult -m codexlane on macOS 26, where XProtect SIGKILLs the unsigned 0.130.0 vendor binary on first launch, auto-trashes it, and leaves every subsequent invocation failing with a rawspawn ... ENOENT.Fixes #1128
Root Cause
@openai/codex-sdk 0.130.0pins@openai/codex 0.130.0exactly, and that version's darwin vendor binary (~192 MB Mach-O) is not code-signed. macOS 26 XProtect flags it as malware at exec time, kills it, and the default dialog action moves it to Trash, which is why the first failure is SIGKILL and every later one is ENOENT.Investigation finding that reshaped the fix:
@openai/codex 0.142.5ships the same binary Developer ID-signed (Developer ID Application: OpenAI OpCo, LLC (2DC432GLL2), hardened runtime, full Apple chain). Upstream fixed the root cause between 0.130.0 and 0.142.5. The old caret range could never pick this up on its own: for 0.x versions,^0.130.0only spans0.130.x.Fix
packages/codev/package.json:@openai/codex-sdk^0.130.0→^0.142.5pnpm-lock.yaml: refreshed; zero remaining references to0.130.0runCodexConsultationuses (verified against the published.d.ts, and by clean TypeScript compile + full test suite)Scope decisions agreed with the architect on #1128:
codesign --remove-signature && --sign -over a valid Developer ID signature would downgrade it to an ad-hoc identity. May return later as a conditional fixup if Apple revokes a future hash; architect will re-scope on consult: codex XProtect / Gatekeeper blocks the vendor binary on macOS (SIGKILL then ENOENT after auto-Trash) #1128.No regression test added: this is a pure dependency bump. The failure mode (XProtect trashing an unsigned third-party binary) is environmental and not reachable from unit tests; verification below is the evidence.
Test Plan
All on macOS 26, darwin-arm64, in the builder worktree:
consult -m codexfails withspawn .../codex-darwin-arm64/vendor/aarch64-apple-darwin/codex/codex ENOENT(binary already trashed by XProtect)codesign --verify --strictpasses on the 0.142.5 vendor binary; authority chain is OpenAI OpCo, LLC (2DC432GLL2) → Developer ID CA → Apple Root CA, hardened runtime flag setspctl --assess --type executereturns "rejected (the code is valid but does not seem to be an app)": identical output to the known-good standalone codex CLI used daily on this machine; this is spctl's standard response for any signed non-app-bundle CLI, not a Gatekeeper failurecodex-cli 0.142.5, exit 0) with no SIGKILL and no XProtect dialog, and survives on disk after exec (the old failure mode deleted it at this point)node ./bin/consult.js -m codex --prompt "Reply with the single word: ping"from the worktree build round-trips in 7s, exit 0pnpm build(root, core first) clean; fullpnpm testinpackages/codev: 3432 passed, 0 failed