Skip to content

Add DMG integrity guard for Linux settings patches#698

Open
joshyorko wants to merge 4 commits into
ilysenko:mainfrom
joshyorko:patchraptor/dmg-settings-integrity
Open

Add DMG integrity guard for Linux settings patches#698
joshyorko wants to merge 4 commits into
ilysenko:mainfrom
joshyorko:patchraptor/dmg-settings-integrity

Conversation

@joshyorko

@joshyorko joshyorko commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add a DMG-intel acceptance blocker for unresolved Linux settings patch symbols
  • run that integrity scan inside the patcher and carry findings through patch-report.json, so Codex.dmg + patch-report flows see post-patch webview failures
  • distinguish real var / let / const declarators from bare assignment expressions in Linux settings icon detection
  • update Agent Workspaces settings icon patching and Browser Use node_repl trust detection for current upstream chunk shapes

Verification

  • docker run --rm -v "$PWD":/workspaces/codex-desktop-linux -w /workspaces/codex-desktop-linux codex-desktop-linux-devcontainer:local node --test scripts/dev/upstream-dmg-intel.test.js scripts/patch-linux-window-ui.test.js (362/362)
  • docker run --rm -v "$PWD":/workspaces/codex-desktop-linux -w /workspaces/codex-desktop-linux codex-desktop-linux-devcontainer:local node --test scripts/patch-linux-window-ui.test.js linux-features/agent-workspace/test.js (378/378, run before the review-fix follow-up; the follow-up did not touch linux-features/agent-workspace)

@avifenesh avifenesh left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an auto review done by revuto.


Found two issues with the new DMG integrity guard wiring/detection that could let the intended blocker miss real post-patch failures.

Comment thread scripts/lib/upstream-dmg-intel.js
Comment thread scripts/lib/upstream-dmg-intel.js Outdated
@ilysenko

ilysenko commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Thanks for the PR. I found two blockers in the new integrity guard:

  1. The scan is wired to the raw --candidate inventory, so the normal Codex.dmg + patch-report flow cannot see Linux-injected settings symbols from the patched webview assets. It needs to inspect the patched app/extracted ASAR/installed webview assets, or run from the patcher while those files are available.

  2. hasLocalPatchSymbolDeclaration() treats bare assignments as declarations, so shapes like ;codexLinuxReadAloudSettingsIcon=e=>... or foo(),codexLinuxReadAloudSettingsIcon=e=>... are skipped even though they have no local declarator. Please distinguish real declarators from expression assignments and add regression coverage for that shape.

@Yo-DDV Yo-DDV left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick follow-up. Small correction from my side: 97a2c01 landed while I was finishing my previous review, so my first note was based on 9a06ba9.

I rechecked the new head. The bare-assignment reproducer now behaves as expected:

  • unresolved reference: finding
  • real const declaration: no finding
  • ;codexLinuxReadAloudSettingsIcon=e=>e: finding
  • foo(),codexLinuxReadAloudSettingsIcon=e=>e: finding

Local checks are green on 97a2c01:

  • node --test scripts/dev/upstream-dmg-intel.test.js scripts/patch-linux-window-ui.test.js — 362 pass
  • bash tests/scripts_smoke.sh
  • git diff --check

So the declaration blocker I flagged is fixed in the latest commit. I will leave the broader call to Ilya and CI, but this follow-up looks good for that specific point.

@joshyorko

Copy link
Copy Markdown
Contributor Author

@ilysenko addressed both blockers:

  • The patcher now scans the patched extracted app while those webview assets exist and writes post-patch integrity findings into patch-report.json; DMG-intel folds those findings into PATCH_INTEGRITY_BROKEN even when --candidate is the raw DMG.
  • hasLocalPatchSymbolDeclaration() now only accepts real function/variable declarators. Bare assignments like codexLinuxReadAloudSettingsIcon=e=>... and foo(),codexLinuxReadAloudSettingsIcon=e=>... are covered as failures.

Verified in the devcontainer with node --test scripts/dev/upstream-dmg-intel.test.js scripts/patch-linux-window-ui.test.js passing 362/362.

@ilysenko

ilysenko commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Thanks for the update. I found a blocker:

  • This PR touches drift-sensitive patch logic, but it still carries legacy upstream compatibility in the touched paths, including the old agent-workspace Settings visibility fallbacks and older Browser Use node_repl builder handling.
  • This repo targets only the latest CODEX.DMG, so please remove those old DMG shapes/fallback paths in the same PR instead of carrying them forward.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants