fix(docs): document Codex Computer Use enabled setting

[bdjben]

Summary

• Clarify that computerUse.autoInstall opts Codex Computer Use in for turn-start setup.
• Document that /codex computer-use status is read-only and can still report disabled when no config opts Computer Use in.
• Clarify --source <marketplace-root> versus --marketplace-path <marketplace.json> for nonstandard Codex app paths.

Why

The current docs did not make the inferred opt-in and marketplace path/source split obvious. Users can confuse the bundled marketplace root with the local marketplace JSON path when running /codex computer-use install.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: Codex Computer Use setup docs now match the existing inferred opt-in and marketplace source/path behavior.
• Real environment tested: Maintainer source-backed docs review; docs-only change.
• Exact steps or command run after this patch: pnpm docs:list; CI check-docs on PR head 4bcc150a719c517a34b74a8a41ef781113809c6b.
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): CI check-docs passed; source review verified resolveCodexComputerUseConfig infers enabled from autoInstall, marketplaceSource, marketplacePath, or marketplaceName, and install passes configured marketplacePath directly while marketplaceSource goes through marketplace/add.
• Observed result after fix: The docs wording matches current source and tests for inferred opt-in and marketplace JSON path usage.
• What was not tested: No live Codex desktop install was run for this docs-only PR.
• Proof limitations or environment constraints: Maintainer applied proof: override because the external real-behavior gate should not block this docs-only clarification.

Verification

• pnpm docs:list
• CI: check-docs passed
• Source review: extensions/codex/src/app-server/config.ts, extensions/codex/src/app-server/computer-use.ts, and adjacent tests

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 27, 2026, 12:47 PM ET / 16:47 UTC.

Summary
The PR updates docs/plugins/codex-computer-use.md to clarify inferred Computer Use opt-in, read-only status behavior, and --source versus --marketplace-path setup.

PR surface: Docs +3. Total +3 across 1 file.

Reproducibility: not applicable. this is a docs-only PR rather than a runtime bug report. The documented behavior is source-proven from the resolver, setup flow, protocol types, and focused tests.

Review metrics: none identified.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🌊 off-meta tidepool
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• The live PR body still says explicit enabled: true is required, while the current diff documents inferred opt-in; maintainers should avoid carrying that stale wording into squash or release-note context.

Maintainer options:

1. Decide the mitigation before merge
   Land the docs clarification after normal maintainer review, with PR or squash wording kept aligned to the branch’s inferred opt-in behavior.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No repair lane is needed; the branch has no concrete code/docs defect for automation and is ready for normal maintainer review.

Security
Cleared: The diff changes only a public Markdown docs page and does not touch code execution, dependencies, workflows, credentials, or release surfaces.

Review details

Best possible solution:

Land the docs clarification after normal maintainer review, with PR or squash wording kept aligned to the branch’s inferred opt-in behavior.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a docs-only PR rather than a runtime bug report. The documented behavior is source-proven from the resolver, setup flow, protocol types, and focused tests.

Is this the best way to solve the issue?

Yes; the current diff is the narrow maintainable solution because it documents existing behavior without changing config defaults or adding a parallel setup path.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c285766d6232.

Label changes

Label justifications:

• P3: This is a low-risk docs clarification for a bounded Codex Computer Use setup path.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🌊 off-meta tidepool and patch quality is 🦞 diamond lobster.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: Real behavior proof is not required because this PR only changes files under docs/.

Evidence reviewed

PR surface:

Docs +3. Total +3 across 1 file.

View PR surface stats

Area	Files	Added	Removed	Net
Source	0	0	0	0
Tests	0	0	0	0
Docs	1	8	5	+3
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	1	8	5	+3

What I checked:

• Repository policy read: Root repository guidance and ClawSweeper review policy were read fully before judging this PR; the source-backed docs review and docs-only validation guidance apply. (AGENTS.md:1, c285766d6232)
• Docs policy read: The docs-scoped guide requires Mintlify-safe links, generic docs content, and source-aligned plugin terminology; the touched page stays within those rules. Public docs: docs/AGENTS.md. (docs/AGENTS.md:1, c285766d6232)
• PR diff reviewed: The current PR head changes only the Codex Computer Use docs page, adding wording for inferred opt-in, read-only status behavior, and marketplace root versus marketplace JSON file paths. Public docs: docs/plugins/codex-computer-use.md. (docs/plugins/codex-computer-use.md:79, 4bcc150a719c)
• Config contract supports inferred opt-in: resolveCodexComputerUseConfig resolves enabled explicitly first, then infers it from autoInstall, marketplace source, marketplace path, or marketplace name. (extensions/codex/src/app-server/config.ts:510, c285766d6232)
• Install and status behavior match the docs: Status returns disabled when config resolves disabled, while /codex computer-use install force-enables Computer Use and auto-install for the command path. (extensions/codex/src/app-server/computer-use.ts:127, c285766d6232)
• Marketplace path behavior is source-backed: The setup path passes configured marketplacePath directly as a local marketplace path, while source/root registration goes through marketplace/add before plugin installation uses the returned marketplace JSON path. (extensions/codex/src/app-server/computer-use.ts:333, c285766d6232)

Likely related people:

• steipete: Git blame and git log -S tie the current Codex Computer Use docs, config resolver, and setup implementation to commit 3e351b718e28664f4a9714af197f7a7bf13ae2be. (role: feature-history owner; confidence: high; commits: 3e351b718e28; files: docs/plugins/codex-computer-use.md, extensions/codex/src/app-server/config.ts, extensions/codex/src/app-server/computer-use.ts)
• sallyom: The current PR head commit 4bcc150a719c517a34b74a8a41ef781113809c6b rewrites the docs change into the reviewed source-aligned form, and the live PR metadata shows the same account assigned to the PR. (role: recent PR branch updater; confidence: medium; commits: 4bcc150a719c; files: docs/plugins/codex-computer-use.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Mossy Crabkin

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: guards the happy path.
Image traits: location diff observatory; accessory review stamp; palette coral, mint, and warm cream; mood mischievous; pose sitting proudly on a smooth stone; shell matte ceramic shell; lighting moonlit rim light; background tiny artifact crates.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Mossy Crabkin in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[bdjben]

It actually appears that the proposed fix is certainly necessary, but not by itself sufficient.

It seems that the "install" command also expects a json file, which is in the hidden /.agents folder within the typical path.

Does not work (subsequent "/codex computer-use status" attempts return a status of "disabled" and "not installed'):

/codex computer-use install --marketplace-path /Applications/Codex.app/Contents/Resources/plugins/openai-bundled

Works:

/codex computer-use install --marketplace-path /Applications/Codex.app/Contents/Resources/plugins/openai-bundled/.agents/plugins/marketplace.json

[steipete]

Landed via squash merge onto main.

• Head reviewed: 4bcc150
• Merge commit: 7691a8a
• Proof: GitHub check-docs passed; Real behavior proof passed after maintainer proof override because this is docs-only; local maintainer review verified the documented inferred opt-in and marketplace source/path behavior against the current Codex app-server source and adjacent tests.
• Body cleanup: updated the PR body before merge so the squash context matches the final docs wording.

Thanks @bdjben!