Skip to content

fix(plugin-tinyplace): pre-trust Codex launch dir so first foreground-inject isn't swallowed#220

Merged
sanil-23 merged 1 commit into
tinyhumansai:mainfrom
sanil-23:feat/tinyplace-codex-trust
Jul 4, 2026
Merged

fix(plugin-tinyplace): pre-trust Codex launch dir so first foreground-inject isn't swallowed#220
sanil-23 merged 1 commit into
tinyhumansai:mainfrom
sanil-23:feat/tinyplace-codex-trust

Conversation

@sanil-23

@sanil-23 sanil-23 commented Jul 4, 2026

Copy link
Copy Markdown
Collaborator

Follow-up to #219 (this commit was pushed just after #219 merged, so it missed the merge).

What & why

Verified live that tmux send-keys wakes an idle Codex TUI and drives a turn (Codex replied with the exact injected token) — the same primitive foreground-inject uses, now confirmed on Codex as well as Claude.

But a fresh isolated CODEX_HOME shows Codex's "Do you trust this directory?" dialog on first launch, and an injected trigger arriving then lands on the dialog instead of the composer (observed: it ate the first word of the injected text). The generated config.toml now pre-trusts the launch cwd:

[projects."<cwd>"]
trust_level = "trusted"

so Codex boots straight to the composer and the first foreground-inject trigger is processed. Scoped to the one directory the user explicitly launched tinyplace in (equivalent to their "Yes, continue"); the launcher threads process.cwd() into the adapter's prepare(ctx).

Testing

adapter-contract + harness green; verified the generated config.toml contains the trust block ahead of the MCP server config. Live-verified the injection primitive on Codex (two send-keys round-trips returned the exact tokens).

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes
    • Improved first-run behavior so the initial injected turn is less likely to be lost behind a trust prompt.
    • Made foreground injection more reliable across supported AI tools.
  • Documentation
    • Updated guidance to clarify the trusted-launch behavior and injection compatibility.

…lowed

Verified live that tmux send-keys wakes an idle Codex TUI and drives a turn (it
replied with the exact injected token) — the same primitive foreground-inject uses,
now confirmed on Codex as well as Claude.

But a fresh isolated CODEX_HOME shows Codex's "Do you trust this directory?" dialog on
first launch, and an injected trigger arriving then lands on the dialog instead of the
composer. The generated config.toml now pre-trusts the launch cwd
([projects."<cwd>"] trust_level = "trusted"), so Codex boots straight to the composer
and the first foreground-inject trigger is processed. Scoped to the one directory the
user explicitly launched tinyplace in (equivalent to their "Yes, continue"); the
launcher threads process.cwd() into the adapter's prepare(ctx).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@vercel

vercel Bot commented Jul 4, 2026

Copy link
Copy Markdown

@sanil-23 is attempting to deploy a commit to the Vezures Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 97ec87f2-3e57-4c7e-95ea-58f8617bcec5

📥 Commits

Reviewing files that changed from the base of the PR and between 21a940a and 096cb7c.

📒 Files selected for processing (3)
  • sdk/plugin-tinyplace/DESIGN.md
  • sdk/plugin-tinyplace/adapters/codex.mjs
  • sdk/plugin-tinyplace/bin/tinyplace.mjs

📝 Walkthrough

Walkthrough

The Codex adapter's ensureIsolatedHome now accepts a cwd parameter and injects a trust block into generated config.toml for that directory. The launcher passes cwd: process.cwd() into ADAPTER.launch.prepare(...). Documentation is updated to describe this pre-trust behavior.

Changes

Codex directory pre-trust

Layer / File(s) Summary
Launcher passes cwd to adapter
sdk/plugin-tinyplace/bin/tinyplace.mjs
launch() now includes cwd: process.cwd() when calling ADAPTER.launch.prepare(...).
Codex adapter pre-trusts cwd in config.toml
sdk/plugin-tinyplace/adapters/codex.mjs
ensureIsolatedHome accepts a new cwd parameter and inserts a conditional trust block for that directory into generated config.toml before the [mcp_servers.tinyplace] section.
Design doc updated for trust behavior
sdk/plugin-tinyplace/DESIGN.md
Documentation expands on TINYPLACE_INJECT_COOLDOWN_MS, noting send-keys injection works on Claude and Codex, and that Codex pre-trusts the working directory to avoid the trust prompt blocking the first injection.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • tinyhumansai/tiny.place#215: Directly extends the same ensureIsolatedHome and launcher flow to pass cwd and pre-trust the working directory in config.toml.

Poem

A rabbit hops to the working tree,
"Trust this burrow!" — no prompt to see. 🐇
Codex and Claude, both now aware,
The first turn lands without a scare.
Config.toml, snug and neat,
Pre-trusted paths beneath my feet.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: pre-trusting Codex’s launch directory to prevent the first foreground injection from being swallowed.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Comment @coderabbitai help to get the list of available commands.

@sanil-23 sanil-23 merged commit 21f6ef3 into tinyhumansai:main Jul 4, 2026
9 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant