Respect Codex sandbox config in plugin threads#241
Respect Codex sandbox config in plugin threads#241msl2246 wants to merge 1 commit intoopenai:mainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e0a1e31c73
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const result = await runAppServerTurn(context.repoRoot, { | ||
| prompt, | ||
| model: request.model, | ||
| sandbox: "read-only", | ||
| outputSchema: readOutputSchema(REVIEW_SCHEMA), | ||
| onProgress: request.onProgress |
There was a problem hiding this comment.
This call no longer pins a sandbox mode for adversarial reviews, so /codex:adversarial-review now inherits the user's global Codex sandbox. In environments configured as workspace-write or danger-full-access, the review turn can run with write-capable tooling and mutate the repo, which breaks the command’s documented read-only contract (README.md says adversarial review "does not fix code"). Please keep review flows explicitly read-only (or otherwise enforce read-only behavior independent of global task defaults).
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Addressed in 56cb002. Native and adversarial review flows now keep the default read-only sandbox, preserving the documented review-only contract. The Codex-config inheritance path is now explicit via CODEX_COMPANION_SANDBOX_MODE=inherit, with README and regression coverage for the opt-in behavior.
| defaultPrompt: resumeThreadId ? DEFAULT_CONTINUE_PROMPT : "", | ||
| model: request.model, | ||
| effort: request.effort, |
There was a problem hiding this comment.
executeTaskRun no longer maps request.write into the thread sandbox request, so task --write and read-only task runs now send the same sandbox params unless some external caller injects one. For users whose Codex config is read-only, --write silently loses its functional effect and rescue workflows that depend on write-capable runs will be unable to apply edits.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Addressed in 56cb002. task --write now defaults back to workspace-write, while read-only task runs default to read-only. The only way to omit/override that sandbox request is the new explicit CODEX_COMPANION_SANDBOX_MODE escape hatch, so --write keeps its functional effect for users with read-only Codex defaults.
msl2246
force-pushed
the
fix/inherit-codex-sandbox-config
branch
from
e0a1e31 to
56cb002
Compare
|
@codex review |
|
Codex Review: Didn't find any major issues. Delightful! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
msl2246
force-pushed
the
fix/inherit-codex-sandbox-config
branch
from
56cb002 to
f89b868
Compare
|
Follow-up for the rescue path: I added the same sandbox escape-hatch guidance to the |
|
@codex review |
|
Codex Review: Didn't find any major issues. Keep it up! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
1 participant
Summary
Fixes #240.
The plugin previously had no escape hatch for environments where Codex's Linux sandbox cannot initialize. At the same time, review commands need to keep their documented read-only contract and
task --writeneeds to request a writable sandbox by default.This change keeps the existing safe defaults:
read-onlyread-onlyread-onlytask --writeusesworkspace-writeIt adds an explicit
CODEX_COMPANION_SANDBOX_MODEoverride for plugin-launched Codex threads. Setting it toinheritomits the sandbox field so the Codex app server applies the user's configuredsandbox_mode; it also acceptsread-only,workspace-write, anddanger-full-accessfor explicit forcing.The rescue agent and
codex-cli-runtimeskill now document when to preserve or apply that override, so Claude Code can route bwrap/bubblewrap sandbox failures through the same single helper command.Testing
npm testnode --test tests/commands.test.mjsnode --check plugins/codex/scripts/codex-companion.mjsnode --check plugins/codex/scripts/lib/codex.mjsgit diff --checkNotes
Also updates the existing result/cancel command test expectations to match the currently quoted
$ARGUMENTScommand text.