fix: drop non-JSONL garbage on codex app-server stdout

[lask3802]

Summary

• Adds lib/jsonl.mjs#cleanProtocolLine(rawLine): strips ANSI/OSC escape sequences, trims whitespace, and returns the cleaned line only if it starts with a JSON delimiter ({ or [). Otherwise returns null.
• Rewires lib/app-server.mjs handleLine() to skip on null instead of treating non-JSON lines as protocol violations that tear the connection down.
• Adds tests/jsonl.test.mjs (11 cases) covering bracketed-paste prefix, OSC window-title, SGR colours, the exact CP-950 mojibake from Windows zh-TW: codex app-server JSONL parser crashes on Big5-encoded taskkill stdout leak #310, plain JSON passthrough, malformed-but-JSON-shaped fall-through to the parser, and non-string input.

Problem

handleLine() calls JSON.parse() on every line read from the codex app-server stdout pipe and, on failure, calls handleExit() — rejecting every in-flight request and closing the connection. In practice the codex CLI occasionally emits bytes onto stdout that have nothing to do with the protocol. Two known sources:

1. Terminal / shell init noise (issue Review fails with JSONL parse error: bracketed paste mode escape sequence in output ([?2004h) #23). zsh writes the bracketed-paste marker \x1b[?2004h when a subprocess inherits the parent's TTY. The user-visible error:

   Failed to parse codex app-server JSONL: Unexpected token '', "[?2004h" is not valid JSON
   

2. Localized OS messages on Windows non-English locales (issue Windows zh-TW: codex app-server JSONL parser crashes on Big5-encoded taskkill stdout leak #310 ⇄ root cause filed upstream as openai/codex#21957). On zh-TW (CP-950 / Big5), when codex.exe runs taskkill /T /F to clean up a failed MCP child and inadvertently routes taskkill's stdout to its own stdout, the JSONL stream receives:

   raw   : a6 a8 a5 5c 3a 20 50 49 44 20 ac b0 20 31 32 33 34 ...
   cp950 : 成功: PID 為 1234 ...
   utf-8 : ���\: PID �� 1234 ...
   

   which is the exact Unexpected token '�', "���\: PID "... reported in Windows zh-TW: codex app-server JSONL parser crashes on Big5-encoded taskkill stdout leak #310.

Both bug classes share the same correct fix at the plugin layer: lines that cannot possibly be JSONL records should be dropped, not treated as protocol violations. A JSONL record always begins with { or [. Any line whose first non-whitespace, post-strip-ANSI character is something else is definitively garbage from outside the protocol.

Why this approach over the existing PRs (#24, #97, #171)

#171 (the most recent of three open PRs) introduces a stripAnsi() helper and applies it before JSON.parse(). That correctly fixes #23 — but does not fix #310, because the leaked bytes are not ANSI escapes. They are localized OS text. After stripAnsi() the line is still not JSON, the parser still throws, the connection still dies.

The cleanProtocolLine() guard in this PR is a strict superset:

• It still strips ANSI/OSC sequences (so Review fails with JSONL parse error: bracketed paste mode escape sequence in output ([?2004h) #23 is covered identically to fix: strip ANSI escape sequences from JSONL parsing #171).
• It additionally drops anything whose post-strip first character is not { or [ (so Windows zh-TW: codex app-server JSONL parser crashes on Big5-encoded taskkill stdout leak #310 is covered).

If maintainers prefer to land #171 first I'm happy to rebase this onto it (the regex code can move to lib/strings.mjs#stripAnsi and cleanProtocolLine becomes a one-liner that imports it). Either order works; the unit tests stay the same.

What this PR explicitly does NOT do

• It does not patch the broker side (app-server-broker.mjs's socket data handler). That handler reads JSONRPC requests from the companion, which sends well-formed JSON; there is no observed corruption source on that path. fix: strip ANSI escape sequences from JSONL parsing #171 does patch it for symmetry — happy to add the same here if you'd like.
• It does not fix the upstream stdio leak in codex.exe. That is filed as openai/codex#21957 and is out of scope for this repo. This PR is defense-in-depth for any embedder of codex app-server.

Test plan

• node --test tests/jsonl.test.mjs — 11/11 pass.
• node --test tests/*.test.mjs — all failures present on this branch (state.test.mjs, runtime.test.mjs, process.test.mjs — all Windows-only os.tmpdir() / MSYS path translation issues) reproduce against main from the same checkout, i.e. no regressions introduced by this PR.
• End-to-end: stop-time review gate fired during a Claude Code session running on Windows zh-TW reliably reproduced the original failure pre-patch; with this patch applied to the plugin cache, three back-to-back codex-companion.mjs task invocations (each preceded by killing the broker to force the leaky direct-spawn path) now all return {"status":0,...}.
• Manual: /codex:review from a zsh-default Claude Code session (issue Review fails with JSONL parse error: bracketed paste mode escape sequence in output ([?2004h) #23 case) — I do not have a zsh box handy; logically equivalent to PR fix: strip ANSI escape sequences from JSONL parsing #171's verification.

Closes / refs

• Closes Windows zh-TW: codex app-server JSONL parser crashes on Big5-encoded taskkill stdout leak #310
• Refs Review fails with JSONL parse error: bracketed paste mode escape sequence in output ([?2004h) #23 (also addressed by this PR — happy to mark Closes if you'd prefer to consolidate)
• Refs fix: strip ANSI escape sequences before JSONL parsing #24, fix: strip ANSI escape sequences from JSONL before parsing #97, fix: strip ANSI escape sequences from JSONL parsing #171 (alternative approaches to the same shape of bug)
• Refs root-cause issue: openai/codex#21957

[Copilot]

Pull request overview

This PR hardens the Codex app-server JSONL reader against “garbage” lines on stdout by sanitizing/guarding input before parsing, preventing the client from tearing down the connection on clearly non-protocol output (e.g., terminal escape noise and localized Windows messages).

Changes:

• Added cleanProtocolLine(rawLine) to strip ANSI/OSC escapes, trim whitespace, and drop lines that can’t be JSONL (don’t start with { or [).
• Updated AppServerClientBase.handleLine() to skip dropped lines instead of treating them as fatal protocol violations.
• Added unit tests covering ANSI/OSC stripping, mojibake/taskkill output, JSON passthrough, and malformed-but-JSON-shaped fall-through behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
tests/jsonl.test.mjs	Adds focused unit coverage for cleanProtocolLine behavior across real-world noise inputs.
plugins/codex/scripts/lib/jsonl.mjs	Introduces the protocol-line cleaning/guard helper and ANSI/OSC stripping regex.
plugins/codex/scripts/lib/app-server.mjs	Integrates cleanProtocolLine into the JSONL parsing path to avoid disconnecting on non-JSON lines.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[lask3802]

Thanks @copilot for the review — both points addressed in 2dc20bf:

1. CSI final-byte range (jsonl.mjs:38). Good catch on \x1b[200~ / \x1b[201~ — bracketed-paste content markers (final byte ~) sit between the on/off toggles, so a letter-only final would have left them in place and then the { / [ guard would have dropped a perfectly valid JSON record sandwiched between them. Regex broadened to the full ECMA-48 CSI grammar (params 0x30..0x3F, intermediates 0x20..0x2F, final 0x40..0x7E). New regression test covers \x1b[200~{...}\x1b[201~ plus the boundary finals @ (0x40) and ` (0x60).

2. JSDoc accuracy (jsonl.mjs:49). Updated @param to unknown to match the runtime contract (non-string short-circuits to null, asserted by a unit test). Note added in the prose too so editors don't mislead callers into pre-narrowing.

Full test run: node --test tests/jsonl.test.mjs → 12/12 pass.