Wire remote app-server auth through the client#14853
Conversation
|
@codex review |
|
@codex security review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Security Review
Here are some automated security review suggestions for this pull request.
Reviewed commit: 4db9879e8b
ℹ️ About Codex security reviews in GitHub
This is an experimental Codex feature. Security reviews are triggered when:
- You comment "@codex security review"
- A regular code review gets triggered (for example, "@codex review" or when a PR is opened), and you’re opted in so security review runs alongside code review
Once complete, Codex will leave suggestions, or a comment if no findings are found.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f79c5a45ab
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
etraut-openai
force-pushed
the
etraut/app-server-ws-security
branch
from
f79c5a4 to
4c9f62b
Compare
etraut-openai
changed the title
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
codex/codex-rs/cli/src/main.rs
Lines 712 to 713 in 4c9f62b
Reject remote flags for internal schema generation
app-server generate-internal-json-schema skips reject_remote_mode_for_subcommand, so --remote-auth-token is accepted on a non-interactive command and silently ignored. The new CLI behavior/messages state remote flags are interactive-only, so this is inconsistent and can mislead users into thinking the token was validated/applied.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex security review |
There was a problem hiding this comment.
💡 Codex Security Review
Here are some automated security review suggestions for this pull request.
Reviewed commit: 48595f092d
ℹ️ About Codex security reviews in GitHub
This is an experimental Codex feature. Security reviews are triggered when:
- You comment "@codex security review"
- A regular code review gets triggered (for example, "@codex review" or when a PR is opened), and you’re opted in so security review runs alongside code review
Once complete, Codex will leave suggestions, or a comment if no findings are found.
|
@codex review |
|
Codex Review: Didn't find any major issues. Chef's kiss. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
etraut-openai
force-pushed
the
etraut/app-server-ws-security
branch
from
3cb3daf to
3e07efa
Compare
|
@codex review |
|
Codex Review: Didn't find any major issues. Keep them coming! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
etraut-openai
force-pushed
the
etraut/app-server-ws-security
branch
from
4731f1b to
dad654e
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: dad654e276
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
etraut-openai
force-pushed
the
etraut/app-server-ws-security
branch
from
01dc602 to
a168af4
Compare
etraut-openai
force-pushed
the
etraut/app-server-ws-security
branch
from
217461b to
d149ba4
Compare
fcoury
left a comment
fcoury
left a comment
There was a problem hiding this comment.
Looks good aside from those minor potential issues.
etraut-openai
force-pushed
the
etraut/app-server-ws-security
branch
from
770008b to
47a89da
Compare
2 participants
For app-server websocket auth, support the two server-side mechanisms from
PR #14847:
--ws-auth capability-token --ws-token-file /abs/path--ws-auth signed-bearer-token --ws-shared-secret-file /abs/pathwith optional
--ws-issuer,--ws-audience, and--ws-max-clock-skew-secondsOn the client side, add interactive remote support via:
--remote ws://host:portor--remote wss://host:port--remote-auth-token-env <ENV_VAR>Codex reads the bearer token from the named environment variable and sends it
as
Authorization: Bearer <token>during the websocket handshake. Remote authtokens are only allowed for
wss://URLs or loopbackws://URLs.Testing: