codex-cli-sdk is a local SDK that wraps the OpenAI Codex CLI process via stdio. It does not make network connections itself — all network access is managed by the underlying CLI binary.

The SDK handles:

• Process spawning and lifecycle management
• JSONL parsing of CLI output
• Approval callback dispatch
• Sandbox policy enforcement (delegated to the CLI)

If you discover a security vulnerability, please report it responsibly:

1. Preferred: Open a GitHub Security Advisory
2. Alternative: Email the maintainers directly (see repository contacts)

Please do not open a public issue for security vulnerabilities.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix and disclosure: Coordinated with reporter

• The SDK spawns child processes — ensure cli_path is trusted if set explicitly
• ApprovalPolicy::Never auto-approves all agent actions — use only in trusted environments
• SandboxPolicy::DangerFullAccess removes all filesystem restrictions — use with care
• Environment variables passed via CodexConfig::env are forwarded to the child process
• Output schemas are written to temp files — they are cleaned up automatically after each turn