CC: Record Codex native retention probe

2026-06-04 13:35:39 -04:00
parent d694ca5f8a
commit f1d9f7cc43
3 changed files with 222 additions and 1 deletions
@@ -36,6 +36,12 @@ Focused check:
 python3 tools/archive_codex_inactive_threads.py --check
 ```

+Native Codex retention probe:
+
+```bash
+python3 tools/probe_codex_native_retention.py --check
+```
+
 Approved archive-only execution:

 ```bash
@@ -56,6 +62,8 @@ python3 tools/archive_codex_inactive_threads.py --execute --approval-token "I ap
 - SQLite checkpoint or vacuum is blocked;
 - Core source mutation is blocked.

+Installed Codex `0.134.0` advertises `--ephemeral` prevention but no native cleanup/archive/retention command. Cached latest is `0.137.0`; update and re-probe before approved archive execution if latest native behavior should be considered.
+
 ## Backup

 Before any approved archive update, the executor backs up:
@@ -86,4 +94,5 @@ Use this executor only after JP gives the exact archive-only approval token. Kee
 ## New Issues

 - must-fix: obtain exact approval token before running `--execute`.
+- follow-up: decide whether to update Codex and re-run the native retention probe before archive-only execution.
 - follow-up: after archive-only execution, re-run retention planner and decide whether deletion is still worth separate approval.
@@ -42,6 +42,18 @@ The planner classifies:
 - top log pressure targets;
 - approval boundaries.

+## Native Codex Probe
+
+`python3 tools/probe_codex_native_retention.py` checks installed Codex CLI help, feature flags, and local version cache. It does not read transcript bodies, thread text fields, titles, previews, secrets, raw messages, or mutate Codex state.
+
+Probe result on 2026-06-04:
+
+- installed Codex version: `0.134.0`;
+- cached latest Codex version: `0.137.0`;
+- native cleanup/archive/retention command advertised by installed CLI: false;
+- prevention flag advertised: `codex exec --ephemeral`;
+- decision point: update Codex and re-run the probe before custom archive mutation if latest native behavior must be considered.
+
 ## Policy

 1. Prevention default: use `codex exec --ephemeral` for disposable non-interactive worker runs.
@@ -70,4 +82,4 @@ Next safe action is to ask for archive-only approval. Delete and vacuum stay sep

 - must-fix: obtain explicit archive-only approval before any `threads.archived` update.
 - must-fix: obtain separate destructive approval before session deletion, log deletion, checkpoint, or vacuum.
- follow-up: check native Codex retention support before custom mutation.
+- follow-up: native Codex retention support is checked for installed `0.134.0`; update/re-probe `0.137.0` before custom mutation if latest native behavior should be considered.
@@ -0,0 +1,200 @@
+#!/usr/bin/env python3
+"""Probe installed Codex CLI retention support without mutating Codex state."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import re
+import shutil
+import subprocess
+from pathlib import Path
+
+SCHEMA_VERSION = "cto-codex-native-retention-probe.v1"
+RETENTION_TERMS = ("retention", "cleanup", "prune", "archive")
+
+
+def run_help(codex_bin: str, args: list[str]) -> dict[str, object]:
+    command = [codex_bin, *args]
+    try:
+        completed = subprocess.run(
+            command,
+            check=False,
+            capture_output=True,
+            text=True,
+            timeout=10,
+        )
+    except Exception as exc:
+        return {
+            "command": command,
+            "returncode": None,
+            "stdout": "",
+            "stderr": str(exc),
+            "ok": False,
+        }
+    return {
+        "command": command,
+        "returncode": completed.returncode,
+        "stdout": completed.stdout,
+        "stderr": completed.stderr,
+        "ok": completed.returncode == 0,
+    }
+
+
+def parse_version(output: str) -> str | None:
+    match = re.search(r"(\d+\.\d+\.\d+)", output)
+    return match.group(1) if match else None
+
+
+def read_version_cache(codex_home: Path) -> dict[str, object]:
+    path = codex_home / "version.json"
+    if not path.exists():
+        return {"path": str(path), "present": False}
+    try:
+        payload = json.loads(path.read_text(encoding="utf-8"))
+    except json.JSONDecodeError as exc:
+        return {"path": str(path), "present": True, "parse_error": str(exc)}
+    return {
+        "path": str(path),
+        "present": True,
+        "latest_version": payload.get("latest_version"),
+        "last_checked_at": payload.get("last_checked_at"),
+        "dismissed_version": payload.get("dismissed_version"),
+    }
+
+
+def term_hits(text: str) -> list[str]:
+    lowered = text.lower()
+    return [term for term in RETENTION_TERMS if term in lowered]
+
+
+def build_probe(codex_home: Path, codex_bin: str | None) -> dict[str, object]:
+    resolved_bin = codex_bin or shutil.which("codex")
+    help_results: list[dict[str, object]] = []
+    installed_version = None
+    if resolved_bin:
+        version_result = run_help(resolved_bin, ["--version"])
+        installed_version = parse_version(str(version_result.get("stdout", "")))
+        help_results = [
+            run_help(resolved_bin, ["--help"]),
+            run_help(resolved_bin, ["exec", "--help"]),
+            run_help(resolved_bin, ["exec", "resume", "--help"]),
+            run_help(resolved_bin, ["resume", "--help"]),
+            run_help(resolved_bin, ["features", "list"]),
+        ]
+    combined_help = "\n".join(str(result.get("stdout", "")) for result in help_results)
+    version_cache = read_version_cache(codex_home)
+    latest_version = version_cache.get("latest_version")
+    update_available = bool(installed_version and latest_version and installed_version != latest_version)
+    retention_hits = term_hits(combined_help)
+    return {
+        "schema_version": SCHEMA_VERSION,
+        "codex_home": str(codex_home),
+        "codex_bin": resolved_bin,
+        "metadata_only": True,
+        "mutation_performed": False,
+        "raw_transcript_bodies_read": False,
+        "raw_thread_text_fields_read": False,
+        "state_db_mutation": False,
+        "session_jsonl_deleted": False,
+        "logs_deleted_or_truncated": False,
+        "installed_version": installed_version,
+        "version_cache": version_cache,
+        "update_available": update_available,
+        "native_retention_cleanup_command_advertised": bool(retention_hits),
+        "native_retention_terms_seen": retention_hits,
+        "ephemeral_prevention_advertised": "--ephemeral" in combined_help,
+        "help_surfaces_checked": [
+            "codex --help",
+            "codex exec --help",
+            "codex exec resume --help",
+            "codex resume --help",
+            "codex features list",
+        ],
+        "decision": (
+            "Installed Codex advertises ephemeral prevention but no native retention cleanup command."
+            if not retention_hits
+            else "Installed Codex advertises possible retention cleanup terms; inspect before custom mutation."
+        ),
+        "recommended_next": (
+            "Decide whether to update Codex and re-run this probe before archive-only execution."
+            if update_available
+            else "Use guarded archive executor only with exact approval token."
+        ),
+        "false_effects": {
+            "codex_update": False,
+            "archive_threads": False,
+            "delete_session_jsonl": False,
+            "delete_logs": False,
+            "sqlite_checkpoint_or_vacuum": False,
+            "raw_transcript_body_read": False,
+            "raw_thread_text_field_read": False,
+            "core_source_mutation": False,
+        },
+    }
+
+
+def validate_probe(probe: dict[str, object]) -> list[str]:
+    errors: list[str] = []
+    if probe.get("schema_version") != SCHEMA_VERSION:
+        errors.append("schema_version_invalid")
+    for field in [
+        "metadata_only",
+        "mutation_performed",
+        "raw_transcript_bodies_read",
+        "raw_thread_text_fields_read",
+        "state_db_mutation",
+        "session_jsonl_deleted",
+        "logs_deleted_or_truncated",
+    ]:
+        expected = field == "metadata_only"
+        if probe.get(field) is not expected:
+            errors.append(f"{field}_invalid")
+    if not probe.get("codex_bin"):
+        errors.append("codex_bin_missing")
+    if not probe.get("installed_version"):
+        errors.append("installed_version_missing")
+    if probe.get("ephemeral_prevention_advertised") is not True:
+        errors.append("ephemeral_prevention_not_advertised")
+    false_effects = probe.get("false_effects")
+    if not isinstance(false_effects, dict):
+        errors.append("false_effects_missing")
+    else:
+        for key, value in false_effects.items():
+            if value is not False:
+                errors.append(f"false_effect_not_false:{key}")
+    return errors
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--codex-home", default=os.environ.get("CODEX_HOME", str(Path.home() / ".codex")))
+    parser.add_argument("--codex-bin")
+    parser.add_argument("--check", action="store_true")
+    args = parser.parse_args()
+
+    probe = build_probe(Path(args.codex_home).expanduser(), args.codex_bin)
+    errors = validate_probe(probe)
+    if args.check:
+        print(
+            json.dumps(
+                {
+                    "ok": not errors,
+                    "validator": "cto-codex-native-retention-probe",
+                    "errors": errors,
+                    "warnings": [],
+                },
+                indent=2,
+                sort_keys=True,
+            )
+        )
+        return 0 if not errors else 1
+    probe["ok"] = not errors
+    probe["errors"] = errors
+    print(json.dumps(probe, indent=2, sort_keys=True))
+    return 0 if not errors else 1
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())