Codex Remote v0.1.23

Fixes repeated Authorize device prompts on Deno by enforcing canonical https://.deno.dev origin in self-host scripts and adding canonical-host redirecting in orbit-deno.

Codex Remote v0.1.22

Codex Remote v0.1.22

This patch fixes Cloudflare self-host auth instability caused by Pages preview origins.

Fixed

• self-host now deploys Pages explicitly to production branch (--branch main) on both PowerShell and bash scripts.
• Pages URL is normalized before setting auth-related secrets.
• codex-remote update now uses the same production Pages deploy behavior.

Impact

This prevents origin mismatch between PASSKEY_ORIGIN and the UI URL, which previously led to Auth backend unavailable on /login and /register.

Codex Remote v0.1.21

Codex Remote v0.1.21

This release delivers three major improvements: full Git workflow controls in thread UI, robust Deno self-host auth persistence, and smoother setup/login behavior.

Thread Git Workflow

• New Git Changes panel in thread view.
• File-level selection with Select all support.
• Commit Selected with optional Push after commit.
• Per-file Revert, Revert selected, and Revert all actions.
• Automatic status refresh so changes appear without manual refresh.

Deno Self-Host and Device Auth Reliability

• Credentials now use a stable global path by default to avoid re-authorizing when launch paths differ.
• Automatic migration from legacy local credentials.
• Canonical Deno URL selection in self-host scripts.
• Reuse of existing Deno secrets on repeated setup runs.
• Added explicit support for CODEX_REMOTE_ANCHOR_JWT_SECRET across launcher and setup scripts.
• Anchor fallback auth now supports persisted machine binding (legacy secret path) to reduce repeated device-code prompts.

Installer and CLI Fixes

• Added/cleaned self-host --login flow behavior.
• Fixed PowerShell argument parsing edge cases in self-host command.
• Improved .env parsing robustness.
• Improved CLI output sanitization in message rendering.

Validation

• bun run lint
• bun run test
• bun run ci:local

All checks passed for this release.

v0.1.20

Added

• Deno provider: full TOTP support for register/login/setup endpoints
• Thread dialog: structured file diff viewer with per-file +/- stats
• Thread dialog: open changed files for read-only preview via new nchor.file.read RPC

Changed

• Deno auth/session now reports hasTotp based on KV factors
• README updated to reflect TOTP availability on Deno provider

Notes

• Local wrangler config changes were intentionally not included in this release

v0.1.19

What's New

• Added full Deno Deploy self-host provider flow (codex-remote self-host --provider deno)
• Added integrated post-setup login control (--login / --no-login)
• Added in/self-host-deno.sh and in/self-host-deno.ps1 setup wizards
• Added provider-aware update redeploy logic for Cloudflare and Deno
• Added Deno Orbit runtime in services/orbit-deno
• Improved Deno token auth flow (DENO_DEPLOY_TOKEN) and diagnostics
• Fixed Deno relay routing for client RPCs without threadId (unblocks session/config loading)
• Updated install and docs for provider selection and Deno setup

v0.1.18

Highlights

• Added unified self-host auth flow: codex-remote self-host --login now runs login immediately after setup.
• Added --no-login and interactive post-setup login prompt for self-host.
• Improved dependency handling for self-host/update: Wrangler can run via managed Bun mode (�unx/�un x) when global wrangler is not installed.
• Self-host wizard now performs broader preflight checks (git/python/bun), auto-installs Bun when missing, and no longer requires OpenSSL for JWT secret generation.
• Updated docs for new self-host/login behavior and flags.

v0.1.17

v0.1.17 — Thread stability, streaming correctness, and usable artifacts timeline

Что исправлено

• Исправлен зависающий статус thread/composer, когда backend завершал turn событием turn/cancelled или turn/failed, а фронт ждал только turn/completed.
• Исправлено дублирование/«каша» в потоковом выводе при перекрывающихся чанках и snapshot-чанках.
• Исправлен пропуск артефактов в таймлайне, когда backend присылал числовой id.
• Улучшена читаемость Artifacts Timeline: отображаются более понятные типы и извлечённые пути файлов (например, artifact.txt).
• Стабилизирована загрузка thread: устранён цикл повторных запросов артефактов, который мог приводить к росту CPU/RAM.

Технические детали

• src/lib/messages.svelte.ts
  • Добавлена обработка terminal turn-событий: turn/failed, turn/cancelled, turn/interrupted.
  • Нормализация статуса в TurnStatus (Completed/Failed/Interrupted) для корректного снятия блокировки composer.
• src/lib/messages.test.ts
  • Новые unit-тесты на переходы состояния для turn/cancelled и turn/failed.
• src/lib/message-limits.ts
  • Вместо слепой конкатенации реализовано merge-поведение для stream-чанков (snapshot/overlap dedupe).
• src/lib/message-limits.test.ts
  • Добавлены тесты на дедупликацию snapshot- и overlap-чанков.
• src/lib/artifacts.ts
  • Поддержка numeric artifact ids.
  • Улучшенная нормализация type/title/summary и извлечение путей из payload/command.
• src/lib/artifacts.test.ts
  • Тесты на numeric id и на извлечение путей файлов из command payload.
• src/lib/components/ArtifactsTimeline.svelte
  • Добавлен вывод чипов путей файла для артефактов.

Верификация

• bun run ci:local — PASS
  • lint, typecheck, tests, build
• Дополнительно проверено в Chrome DevTools:
  • репродукция рабочего сценария в thread,
  • проверка консоли/состояния стора,
  • подтверждение отображения артефактов в таймлайне.

Ключевые коммиты в релизе

• 80d4c4f fix(thread): stop artifacts polling loop that stalls thread view
• 51ffd6f fix(stream): dedupe overlapping chunks to prevent repeated output
• 2eec99a fix(artifacts): accept numeric backend ids in timeline parser
• 3cac3a0 feat(artifacts): surface file paths and readable timeline metadata
• ab6955e fix(thread): handle cancelled/failed terminal events to unblock composer

v0.1.16

Что исправлено

Исправлен баг дублирования/«каши» в стриминговом выводе сообщений и tool-ошибок (когда фрагменты приходят перекрывающимися или как снимок целого текста, а не чистый delta).

Симптомы до фикса

• Повторяющиеся куски текста в ответах (например, Готово...Готово... и т.п.).
• Нечитаемые длинные строки в сообщениях и ошибках инструментов.

Root cause

Клиентская функция склейки стрима в src/lib/message-limits.ts всегда делала простое current + delta.
При перекрывающихся чанках или snapshot-чанках это порождало экспоненциальные повторы текста в UI.

Технические изменения

src/lib/message-limits.ts

• Добавлен mergeStreamingChunk(current, chunk):
  • если chunk уже содержит current как префикс -> берём chunk;
  • если current уже заканчивается chunk -> оставляем current;
  • иначе ищем максимальный overlap (suffix(current) == prefix(chunk)) и добавляем только недостающую часть;
  • fallback: обычная конкатенация.
• appendDeltaWithCap(...) теперь использует merge перед ограничением длины и безопасной обрезкой.

src/lib/message-limits.test.ts

• Добавлены тесты:
  • snapshot-чанки не дублируют текст;
  • overlap-чанки склеиваются один раз без повторов.

Проверка

• bun run test src/lib/message-limits.test.ts — PASS
• bun run ci:local — PASS (lint + typecheck + tests + build)

Коммит

• 51ffd6f fix(stream): dedupe overlapping chunks to prevent repeated output

v0.1.15

Summary

This release fixes a regression where opening /thread/:id could become non-responsive and trigger runaway resource usage in the browser.

User-facing impact

• Fixes blank or never-finishing thread page loads for affected sessions.
• Prevents CPU spikes (up to 100%) and excessive RAM growth (2-3 GB) caused by repeated artifact fetch churn.
• Improves thread stability under local development and reconnect scenarios.

Root cause

A reactive effect in src/routes/Thread.svelte requested thread artifacts on connection, but the call path could participate in reactive invalidation and repeatedly re-trigger the same fetch for an unchanged (threadId, anchorId) pair.
This produced a request/render loop that degraded frontend performance and could lead to websocket instability symptoms.

Fix details

Updated file

• src/routes/Thread.svelte

Changes

• Added untrack(...) around artifactsStore.requestThread(...) to prevent unintended reactive dependency capture.
• Added a request-key guard (lastArtifactsRequestKey) so repeated requests are skipped when threadId and anchorId are unchanged.
• Reset the request-key guard when connection or thread context is not ready.

Validation

• bun run test passed.
• bun run ci:local passed (lint, typecheck, tests, build).

Commit

• 80d4c4f fix(thread): stop artifacts polling loop that stalls thread view

v0.1.14

v0.1.14