加固 Browser/Chrome/Computer Use 内置插件保护 / Harden bundled Browser, Chrome and Computer Use protection#1537
Open
Yuimi-chaya wants to merge 3 commits into
Open
Conversation
Yuimi-chaya
marked this pull request as ready for review
July 16, 2026 13:21
Yuimi-chaya
marked this pull request as draft
July 16, 2026 13:39
Yuimi-chaya
marked this pull request as ready for review
July 16, 2026 14:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
中文
为什么需要这个改动
Codex++ 目前已经有插件市场解锁和 Computer Use Guard,能够准备部分本地配置、缓存与运行环境。但这些保护主要针对既有的初始化路径和 Computer Use。随着 Codex App 持续更新并整合进 ChatGPT Desktop,
openai-bundled市场、插件可用状态和浏览器能力会在启动及供应商切换期间被异步刷新,已经完成的本地修复可能再次被后到的官方状态覆盖。这不是重复实现原有保护,而是补上它面对新版异步刷新时缺少的持续一致性。对以 API Key 和第三方 URL 使用 Codex App 的用户而言,如果 Browser、Chrome 或 Computer Use 在切换供应商后重新变成不可用,就会再次依赖联网、VPN 或手动刷新来恢复,与 Codex++ 降低接入成本的目标相冲突。
真实遇到的竞态
真人测试中曾观察到:从 Codex++ 启动后立即打开“设置 -> 浏览器”,页面会先显示“内置浏览器使用”;下一瞬间又变为“应用内浏览器不可用”。继续等待时,它还可能自行恢复,几秒后又再次消失。
这说明问题并非简单的“插件没有安装”,而是 Codex 原生异步初始化、
openai-bundled市场响应与 Codex++ 本地保护之间存在时序竞争。只在启动时修一次配置,无法保证稍后的官方刷新不会把状态覆盖回去。本 PR 做了什么
openai-bundled快照再次执行三项白名单过滤,避免过期缓存恢复 Latex、Visualize 或未来出现的无关官方插件。plugin_auto_expand_finished诊断,减少启动保护过程中的无效日志写盘。兼容边界
本 PR 不修改 Codex App 的 MSIX/ASAR,也不修改用户安装的插件包。它增强的是 Codex++ 启动、供应商切换、缓存恢复和 renderer 合并路径。
如果未来 Codex App 在 ASAR 内新增更强的组织、地区或账号门控,本地状态保护仍不保证能够 100% 绕过;届时需要针对新的原生门控单独评估。本 PR 也不会恢复白名单之外的所有历史 bundled 插件。
验证
npm run check2/215/1571/71101/1015/5node --check assets/inject/renderer-inject.jscargo fmt --all -- --checkgit diff --checkEnglish
Why this change is needed
Codex++ already provides plugin marketplace unlocking and a Computer Use Guard that prepares part of the local configuration, cache, and runtime environment. Those protections, however, were designed around earlier initialization paths and were primarily focused on Computer Use. As Codex App continues to change and becomes integrated into ChatGPT Desktop, the
openai-bundledmarketplace, plugin availability, and browser capability are refreshed asynchronously during startup and provider switching. A local repair that has already succeeded can therefore be overwritten by a later native refresh.This PR does not duplicate the existing guard. It extends that guard so bundled tool state remains coherent across newer asynchronous refresh paths. This matters especially to API-key and custom-URL users: if Browser, Chrome, or Computer Use becomes unavailable again after a provider switch, users may once more need external connectivity, a VPN, or manual refreshes to recover it.
Observed Browser race
During real-user testing, opening
Settings -> Browserimmediately after launching through Codex++ could first show the in-app Browser control, then switch to “in-app browser unavailable” a moment later. It could recover by itself after waiting, only to disappear again several seconds later.This behavior indicates a timing race between native Codex initialization, asynchronous
openai-bundledresponses, and the Codex++ local guard. A one-time configuration repair at startup is not sufficient when a later native refresh can replace the repaired state.What this PR changes
Codex Enhancements -> Interface & Startup -> Force-enable Windows Computer Use Guardoption for other modes.plugin_auto_expand_finisheddiagnostics, reducing unnecessary log writes during plugin protection cycles.Compatibility boundary
This PR does not modify the Codex App MSIX/ASAR or any installed plugin package. It strengthens the Codex++ startup, provider-switch, cache-recovery, and renderer-merge paths.
If a future Codex App release introduces stronger organization, region, or account gates inside its ASAR, local state recovery still cannot guarantee a complete bypass. Such native gates require separate investigation. This PR also intentionally does not preserve every historical bundled plugin outside the three-item allowlist.
Validation
npm run check2/215/1571/71101/1015/5node --check assets/inject/renderer-inject.jscargo fmt --all -- --checkgit diff --check