chore(sync): merge linux-port upstream

[nisavid]

Summary

Syncs this fork with Linux-port upstream upstream/main through 60c62e38bbd12a5d5ddd4e2bf1d513ff4892fe94 (2026-06-02).

Imported upstream changes under this fork's local contracts:

• AppShots bare-modifier hotkeys now require distinct left/right modifier keycodes.
• Remote mobile control keeps outbound control reachable, skips unsupported SSH status reads, and carries the latest enrollment compatibility hardening.
• Webview patching adds the Linux-safe monospace font stack patch.
• Build info can expose sanitized GitHub source commit URLs while preserving Codex App, Official OpenAI DMG, and port integrations wording.
• Package staging recovers when the configured updater binary path points at a deleted source.
• Nix pins and changelog entries were refreshed from the Linux-port upstream.

Sync Ledger

• Refs fetched:
  • origin/main: 708e2b4
  • previous divergence baseline: b771d3d89d8a002d559a443a09a1aa25a4e6702a (2026-05-31)
  • synced Linux-port upstream: 60c62e38bbd12a5d5ddd4e2bf1d513ff4892fe94 (2026-06-02)
• Policy files read:
  • AGENTS.md
  • .agents/fork-sync-policy.toml
  • docs/maintainers/fork-sync-policy.md
  • docs/maintainers/fork-divergences.md
  • user-global syncing-forks-with-upstream skill
• Merge method:
  • local branch from origin/main
  • git merge --no-ff --no-commit upstream/main
  • committed as a normal merge commit to preserve upstream commit identity
• Rename-map reconciliation:
  • Upstream linux-features/appshots/* changes were ported to port-integrations/appshots/*.
  • Upstream linux-features/remote-mobile-control/* changes were ported to port-integrations/remote-mobile-control/*.
  • Local descriptor prefix remains integration:.
  • Local docs continue to say port integrations.
• Contract review:
  • Local product/package identity preserved: codex-app and codex-app-updater.
  • XDG/FHS layout preserved: /opt/codex-app, /usr/lib/codex-app, XDG config/state/cache paths.
  • Package versioning contract preserved: package version still comes from official OpenAI app bundle metadata.
  • Unprivileged updater boundary preserved.
  • Package payload shape preserved; package helper now recovers deleted updater source under the local codex-app-updater binary name.
  • Security/supply-chain gates preserved; build gate was run from a freshly downloaded official OpenAI DMG.
• Upstream user-facing docs review:
  • No upstream changes to README.md, docs/usage/build-and-run.md, or docs/usage/troubleshooting.md in this sync window.
  • README-relevant additions: already covered / no user-facing doc delta.
• Baseline update:
  • docs/maintainers/fork-divergences.md updated to 60c62e38bbd12a5d5ddd4e2bf1d513ff4892fe94.
• Policy gaps:
  • No new reusable sync-policy gap found. Existing rename-map and local-name rules covered the conflicts.
• Unresolved uncertainty:
  • None.

Follow-Up CI Fix

• Initial PR CI failed Nix Package Builds at Validate Nix pins against official DMG.
• Local reproduction:
  • scripts/ci/validate-nix-pins.sh /tmp/Codex.dmg reported Codex app version pin mismatch: expected '26.601.21317', got '26.527.60818'.
• Fix:
  • Refreshed flake.nix codexVersion to 26.601.21317.
  • Refreshed flake.nix codexDmg SRI to sha256-A/jmdYvGe3GvNSlcQokKaxEvvW1XienX1j5LMo4aBew=.
• Local post-fix validation:
  • scripts/ci/validate-nix-pins.sh /tmp/Codex.dmg passed.
  • Full Nix output build was not run locally because nix is not installed on this host.

Review Response Fix

• Addressed CodeRabbit review feedback after verifying each finding against the current branch.
• Already-addressed stale finding:
  • flake.nix already pins codexVersion = "26.601.21317" in follow-up commit 6aa6cd2.
• Fixes added in follow-up commit 5e5d1b4:
  • AppShots README now uses port integration helper terminology for bare-modifier-monitor.
  • Remote mobile control README now has one consolidated server-side rejection caveat.
  • Permissions-footer webview patching no longer depends on fixed Sm / Rm minified names.
  • Permissions-footer helper now retries the generic selectedModel:null summary before returning null.
• Local post-fix validation:
  • node --check scripts/patches/webview-assets.js passed.
  • node --test scripts/patch-linux-window-ui.test.js passed (168 tests).
  • git diff --check passed.
  • make build-app passed using cached Codex.dmg from 2026-06-02 20:09:09 -0400.
• Additional CodeRabbit trust-manifest follow-up:
  • Verified the review finding that updater/trusted-dmg-manifest.json must track the refreshed flake DMG pin.
  • Recomputed Codex.dmg SHA-256 locally as 03f8e6758bc67b71af35295c42890a6b112fbd6d5789e9d7d63e4b328e1a05ec.
  • Updated the trusted manifest to version 26.601.21317 and the matching SHA-256 in commit fa61b9a.
  • cargo test -p codex-app-updater trust passed (11 tests).
  • scripts/ci/validate-nix-pins.sh Codex.dmg passed after rerunning outside the sandbox for npm cache access.

Verification

• node --test port-integrations/appshots/test.js passed.
• node --test port-integrations/remote-mobile-control/test.js passed.
• node --test scripts/patch-linux-window-ui.test.js passed.
• bash -n tests/scripts_smoke.sh scripts/lib/package-common.sh passed.
• bash tests/scripts_smoke.sh passed.
• make build-app-fresh:
  • first sandboxed run downloaded Codex.dmg but failed when npm tried to write ~/.npm under sandbox restrictions;
  • approved rerun completed successfully.
  • Exact successful command: make build-app-fresh
  • Fresh DMG timestamp: 2026-06-02 20:09:09 -0400
  • Generated app version: 26.601.21317

Summary by CodeRabbit

• Bug Fixes

  • Improved Linux bare-modifier hotkey detection; preserve local file:// targets while blocking unsafe remote/file:data URLs; evict stale native-messaging clients; updater refuses stale/downgrade candidates and prunes heavy unreferenced workspaces; Nix builds rewrite crate downloads to a static CDN while preserving lockfile checksums.

• New Features

  • Bundled browser plugin auto-installs on startup; build info shows a commit URL with “Open Commit”; expanded Linux remote-control (outbound flows, SSH install handling, status-read guards).

• Documentation

  • Updated Linux AppShots, remote-control docs, and divergence baseline.

• Tests

  • Added Debian packaging smoke test and expanded integration/unit test coverage.

Follow-Up App Build Fix

• Reworked linux-fast-mode-model-guard to scan webview assets for the vulnerable serviceTiers.length / additionalSpeedTiers expression directly, so the required patch passes when the current official bundle is already guarded and still fails on recognizable unpatchable drift.
• Added patcher tests for vulnerable, drifted, unpatchable, and already-guarded current webview asset shapes.
• Verification:
  • node --test scripts/patch-linux-window-ui.test.js
  • node --check scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js
  • env CODEX_PATCH_REPORT_JSON=/tmp/codex-pr95-patch-report.json make build-app using cached Codex.dmg from 2026-06-02 20:09:09 -0400, app version 26.601.21317
  • node scripts/ci/validate-patch-report.js /tmp/codex-pr95-patch-report.json --profile official-dmg-build
  • git diff --check

Follow-Up Review Hardening

• Addressed latest CodeRabbit feedback on linux-fast-mode-model-guard: missing webview assets now return numeric changed: 0, and per-asset read/write failures are warned while the patcher continues scanning other candidates.
• Added a regression test proving one unreadable webview asset does not prevent another vulnerable asset from being patched.
• Verification:
  • node --test scripts/patch-linux-window-ui.test.js passed (174 tests).
  • node --check scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js passed.
  • git diff --check passed.
  • env CODEX_PATCH_REPORT_JSON=/tmp/codex-pr95-patch-report-review-fix.json make build-app passed using cached Codex.dmg from 2026-06-02 20:09:09 -0400, app version 26.601.21317.
  • node scripts/ci/validate-patch-report.js /tmp/codex-pr95-patch-report-review-fix.json --profile official-dmg-build passed.

Follow-Up Missing-Candidate Guard

• Addressed Codex review feedback that the required linux-fast-mode-model-guard descriptor must fail when no relevant webview asset is found.
• Candidate detection now recognizes both the old vulnerable serviceTiers / additionalSpeedTiers shape and the current official service-tier helper shape without additionalSpeedTiers; no relevant candidate emits a warning and records a required failure.
• Added regression coverage for the no-match failure path and updated the already-applied fixture to match the current official service-tier helper shape.
• Verification:
  • node --test --test-name-pattern "fast-mode" scripts/patch-linux-window-ui.test.js passed (7 tests).
  • node --test scripts/patch-linux-window-ui.test.js passed (175 tests).
  • node --check scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js passed.
  • git diff --check passed.
  • env CODEX_PATCH_REPORT_JSON=/tmp/codex-pr95-patch-report-current-shape-fix.json make build-app passed using cached Codex.dmg from 2026-06-02 20:09:09 -0400, app version 26.601.21317.
  • node scripts/ci/validate-patch-report.js /tmp/codex-pr95-patch-report-current-shape-fix.json --profile official-dmg-build passed; linux-fast-mode-model-guard reported already-applied.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds Linux platform updates: refined AppShots double-tap handling, extensive remote-mobile-control patches (UI, feature-sync, status guard, SSH install), build-info commit URL plumbing and UI, webview monospace/footer patches, updater bridge and updater-build selection changes, tests and packaging smoke, plus metadata/flake updates.

Changes

Linux Integration Updates and Enhancements

Layer / File(s)	Summary
Changelog, fork baseline, flake and trusted DMG CHANGELOG.md, docs/maintainers/fork-divergences.md, flake.nix, updater/trusted-dmg-manifest.json	CHANGELOG Unreleased→Fixed bullets added; fork-divergence baseline updated to a new upstream commit/date; installer SHA and codexVersion bumped; trusted DMG entry updated.
AppShots bare-modifier double-tap refinement port-integrations/appshots/bin/bare-modifier-monitor, port-integrations/appshots/README.md, port-integrations/appshots/test.js	Double-tap activation now records last_tap_code, requires alternating left/right modifier keycodes, resets state on non-target presses; README and tests updated.
Remote-control core patches & exports port-integrations/remote-mobile-control/patch.js	Adds Linux constants/gating for settings tabs and selected-tab resolver, refines enrollment/enrollment-start detection, reworks feature-sync to force Linux remote_control enablement with host scoping, adds SSH install action/release patches, and introduces applyLinuxRemoteControlStatusReadGuardPatch plus exports and patch list entry.
Remote-control tests & integration port-integrations/remote-mobile-control/test.js	Adds synthetic bundle generators and extensive tests for account compatibility, feature-sync composition, selected-tab resolver variants, SSH install UX, async VM status-read guard behavior, and integration patch-report assertions.
Build-info, packaging, updater bridge & smoke tests scripts/lib/build-info.js, scripts/lib/package-common.sh, scripts/lib/linux-update-bridge-patch.js, scripts/patch-linux-window-ui.test.js, tests/scripts_smoke.sh	Adds githubCommitUrl(remote, commit) and wires commitUrl into sanitized/staged metadata and UI; introduces updater_build_output_binary() and prefers built updater binary when available; widens updater-bridge dispatcher search window; adds tests for commitUrl, bridge injection, and a deb rebuild smoke test.
Webview asset patches (fonts & rate-limit footer) scripts/patches/webview-assets.js, scripts/patches/core/all-linux/webview/font-settings/patch.js, scripts/patch-linux-window-ui.test.js	Introduces applyLinuxSafeMonospaceFontStackPatch, extends applyPersistentRateLimitFooterPatch with permissions-based footer helpers/insertion, registers the font-settings patch, and updates tests.
Fast-mode guard on extracted app scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js	Patch now runs in extracted-app phase: scans extractedDir/webview/assets for .js candidates, applies fast-mode model guard per-file, and writes back changed files.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• nisavid/codex-app-linux#47: Overlaps on remote-mobile-control patches and webview permissions/rate-limit footer plumbing.
• nisavid/codex-app-linux#87: Related to build-info commit metadata and Linux build-info UI changes.
• nisavid/codex-app-linux#42: Overlaps with updater packaging/updater binary selection logic.

Poem

🐇 I twitch my whiskers near the keys,
Two taps must differ, not the same breeze.
Commits with links and fonts set right,
Updater rebuilt through the night—
Rabbity patches hop in delight.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'chore(sync): merge linux-port upstream' directly describes the primary change—syncing with the Linux-port upstream repository at a specific commit baseline.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nisavid]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d7ecdfb1a5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@flake.nix`:
- Line 87: Update the codexVersion value to the new generated version string:
replace codexVersion = "26.527.60818" with codexVersion = "26.601.21317" (keep
it as a quoted string), and verify any other occurrences of the codexVersion
symbol used in packaging or updater/version comparison logic are updated or
consistent with this new pinned build output.

In `@port-integrations/appshots/README.md`:
- Around line 41-44: Update the README phrasing to use the repository's
preferred "port integration" terminology: change the description of
`bare-modifier-monitor` to call it a "port integration helper" (or "port
integration module") instead of the current wording; keep references to
`resources/native/`, the need for left/right modifier keycodes, and the note
about X11 (`xinput`/`xmodmap`) while replacing instances of the old phrasing so
the sentence reads something like "The `bare-modifier-monitor` port integration
helper staged into `resources/native/`..." to maintain consistency with other
docs.

In `@port-integrations/remote-mobile-control/README.md`:
- Around line 150-152: Remove the duplicated known-risk bullet that repeats
"OpenAI may still reject Linux host enrollment or outbound authorization
server-side. This integration only removes local macOS-only blockers in the
repackaged app." by consolidating it with the identical caveat listed
immediately above into a single bullet; edit the README entry (the repeated
bullet text) to keep only one occurrence and ensure the combined bullet is clear
and singular.

In `@scripts/patches/webview-assets.js`:
- Around line 685-714: The detector currently bails out early because it
hard-codes the minified sentinel "function Sm(e){" (lines with Sm/Rm) causing
patches to stop applying when upstream renames those symbols; update
detectCurrentPermissionsRateLimitFooterSymbols to derive the insertion needle
from the actual matched footer shape instead of using the literal "function
Sm(e){" (or at minimum emit a warning when
jsxAlias/rateLimitAliasMatch/activeModeHook are found but the hard-coded needle
is missing). Concretely: remove the pre-check that looks for "function Sm(e){"
and "function Rm(e){", use the existing structural regex matches
(rateLimitAliasMatch and the activeModeHook match plus the jsxAlias) to locate
the footer insertion point (e.g., extract the matched substring or compute its
start index from the regex match) and set insertionNeedle dynamically, and add a
processLogger.warn/error when the structure is present but the old fixed needle
was not found so the patch fails soft; keep references to jsxAlias,
rateLimitAliasMatch (queryHook/queryKey/entriesFn/activeLimitFn/summaryFn),
activeModeHook, and insertionNeedle when making the change.
- Around line 768-770: The new codexLinuxRateLimitFooter function exits early
when summaryFn(..., {activeLimitName:i, selectedModel:t}) returns null; change
it to, upon a null result, call summaryFn again with selectedModel:null (i.e.,
retry with a model-agnostic fallback) before returning null so the footer can
use a generic limit summary; update the logic around
currentPermissionsFooterSymbols.summaryFn in codexLinuxRateLimitFooter
(referencing currentPermissionsFooterSymbols.activeModeHook, .queryHook,
.queryKey, .entriesFn, .activeLimitFn, and .jsxAlias) to attempt selectedModel:t
first and selectedModel:null second.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: bba16f0e-0fbe-4ab4-8337-472af3226c2a

📥 Commits

Reviewing files that changed from the base of the PR and between 708e2b4 and d7ecdfb.

📒 Files selected for processing (17)

• CHANGELOG.md
• docs/maintainers/fork-divergences.md
• flake.nix
• port-integrations/appshots/README.md
• port-integrations/appshots/bin/bare-modifier-monitor
• port-integrations/appshots/test.js
• port-integrations/remote-mobile-control/README.md
• port-integrations/remote-mobile-control/patch.js
• port-integrations/remote-mobile-control/test.js
• scripts/lib/build-info.js
• scripts/lib/linux-update-bridge-patch.js
• scripts/lib/package-common.sh
• scripts/patch-linux-window-ui.test.js
• scripts/patches/core/all-linux/webview/font-settings/patch.js
• scripts/patches/main-process.js
• scripts/patches/webview-assets.js
• tests/scripts_smoke.sh

[greptile-apps]

Greptile Summary

This PR syncs the fork with Linux-port upstream through 60c62e38 (2026-06-02), porting and adapting upstream changes under local naming conventions. It refreshes Nix/DMG pins, adds outbound remote-control flow support on Linux, hardens AppShots bare-modifier detection, improves the fast-mode model guard, adds a Linux monospace font-stack patch, and fixes updater binary staging when the source path points to a deleted file.

• AppShots: bare-modifier-monitor now tracks last_tap_code and requires distinct left/right keycodes for a double-tap, preventing single-key rapid presses from triggering AppShots.
• Remote mobile control: Adds SSH install-release pass-through, a status-read guard that skips slow SSH host reads, and updated selected-tab logic to keep the "Control other devices" tab reachable on Linux.
• Build / packaging: githubCommitUrl derives a GitHub commit URL for the tray build-info dialog; ensure_updater_binary recovers UPDATER_BINARY_SOURCE when cargo rebuilds to a path different from the stale configured one.

Confidence Score: 5/5

Well-scoped upstream sync with thorough inline tests for every new patch function; no regressions identified.

All new code paths are idempotency-guarded and exercised by dedicated unit and integration tests. The Nix DMG hash, trusted-dmg manifest SHA-256, and codexVersion are mutually consistent.

No files require special attention.

Important Files Changed

Filename	Overview
port-integrations/remote-mobile-control/patch.js	Large expansion adding SSH install-release pass-through, status-read guard for SSH hosts, host-scoped feature sync, and updated selected-tab resolution. All new code paths are idempotency-guarded and tested.
scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js	Switches from a fixed-filename webview-asset pattern to an extracted-app scan of all webview assets, correctly handling already-guarded, vulnerable, unreadable, and no-match cases.
scripts/patches/webview-assets.js	Adds applyLinuxSafeMonospaceFontStackPatch and a new detectCurrentPermissionsRateLimitFooterSymbols path for applyPersistentRateLimitFooterPatch; both include idempotency checks and warn on unrecognised shapes.
scripts/lib/build-info.js	Adds githubCommitUrl() to derive validated GitHub commit URLs from the remote + SHA; correctly validates SHA format, hostname, and owner/repo shape before returning a URL.
scripts/lib/package-common.sh	Adds updater_build_output_binary() helper and updates ensure_updater_binary to recover UPDATER_BINARY_SOURCE when cargo rebuilds to the standard target path.
scripts/lib/linux-update-bridge-patch.js	Removes the 1500-char hard-coded slice limit when searching for the message-dispatcher variable, fixing missed matches when the dispatcher appears further in the bundle.
port-integrations/appshots/bin/bare-modifier-monitor	Adds last_tap_code tracking so that Alt+Alt / Shift+Shift require distinct left/right modifier keycodes; logic is straightforward and well-tested.
scripts/patches/main-process.js	Extends codexLinuxBuildInfoDetail to include a commit URL line and adds an Open Commit button that calls shell.openExternal when a valid GitHub URL is available.
updater/trusted-dmg-manifest.json	Updated to version 26.601.21317 with refreshed SHA-256 matching the flake.nix pin, consistent with PR description and verified by cargo test.
flake.nix	Refreshes codexDmg SRI hash and codexVersion to 26.601.21317; consistent with trusted-dmg-manifest and validated by scripts/ci/validate-nix-pins.sh.

_{Reviews (5): Last reviewed commit: "fix(patcher): fail missing fast mode gua..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@flake.nix`:
- Line 84: The flake pin SHA was updated but the trusted DMG manifest entry
still contains the old digest; update the corresponding entry in
trusted-dmg-manifest.json so the URL+sha256 pair matches the new hash value (the
one set at hash = "sha256-A/jmdYvGe3GvNSlcQokKaxEvvW1XienX1j5LMo4aBew="). Ensure
the manifest entry uses that exact SHA256 string so the updater trust check
(used by trust.rs and wrapper_apply.rs) will find an exact URL+SHA match.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f1ab6616-db69-4d11-9a36-d3372e76c503

📥 Commits

Reviewing files that changed from the base of the PR and between d7ecdfb and 6aa6cd2.

📒 Files selected for processing (1)

• flake.nix

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5bdcaacc35

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js`:
- Line 14: The early return returns { changed: false, matched: 0 } which is
type-inconsistent with the normal return where "changed" is a number; update the
early return to return a numeric changed (0) instead of false so callers always
receive a number for "changed" (i.e., change the early return object to {
changed: 0, matched: 0 }), locating the statement that returns { changed: false,
matched: 0 } in the fast-mode-guard patch and keeping "matched" as-is.
- Around line 24-36: Wrap the per-file I/O inside the candidates loop in a
try-catch so a single inaccessible file won’t abort the whole patch run:
surround the fs.readFileSync(filePath, "utf8") and subsequent
applyLinuxFastModeModelGuardPatch(...) plus fs.writeFileSync(filePath, patched,
"utf8") with a try block and catch errors, incrementing matched/changed as
appropriate only on success and logging or counting failures inside the catch;
reference the loop variables (candidate, filePath, matched, changed) and
functions (applyLinuxFastModeModelGuardPatch, fs.readFileSync, fs.writeFileSync)
so failures are reported and processing continues to the next candidate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: a3395af0-1c27-4fc6-8a4f-ba669eb74c88

📥 Commits

Reviewing files that changed from the base of the PR and between fa61b9a and 5bdcaac.

📒 Files selected for processing (2)

• scripts/patch-linux-window-ui.test.js
• scripts/patches/core/all-linux/webview/fast-mode-guard/patch.js

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e8f7f9e76b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 172a293e7c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Respect relative CARGO_TARGET_DIR paths

When a package build is launched from a repo subdirectory with a relative CARGO_TARGET_DIR, Cargo writes artifacts relative to the caller's current directory (I verified CARGO_TARGET_DIR=rel from /tmp produces /tmp/rel). This branch instead rewrites every relative value under REPO_DIR, so ensure_updater_binary can fail with Failed to build updater binary after cargo build succeeds because it looks in the wrong release directory. Resolve the path the same way Cargo will, or pass an absolute target dir into Cargo before building.

Useful? React with 👍 / 👎.