Skip to content

Add Codex permission profile support#113

Merged
bolinfest merged 1 commit into
mainfrom
pr113
Jul 3, 2026
Merged

Add Codex permission profile support#113
bolinfest merged 1 commit into
mainfrom
pr113

Conversation

@bolinfest

@bolinfest bolinfest commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Why

Codex permission profiles provide the new unified filesystem and network policy model. However,
codex-action currently appends --sandbox to every codex exec invocation, which explicitly opts
the session into the legacy sandbox model and prevents default_permissions from taking effect.
This makes it impossible for action users to select profiles such as a read-only workspace with a
narrow network allowlist.

What changed

  • Add a permission-profile action input that selects a built-in or configured profile through
    default_permissions.
  • Omit --sandbox when a permission profile is selected.
  • Keep existing behavior compatible: when neither input is supplied, the action still invokes Codex
    with the legacy workspace-write sandbox; explicit sandbox callers continue to use that model.
  • Reject combinations that would silently disable profiles, including an explicit sandbox, the
    read-only safety strategy, or a sandbox override in codex-args.
  • Document profile configuration, the Codex CLI 0.138.0 minimum, and the distinction between
    command permissions and process-level safety-strategy protections.
  • Rebuild the checked-in action bundle.

Example action configuration after defining public-review in the selected Codex home:

- uses: openai/codex-action@v1
  with:
    openai-api-key: ${{ secrets.OPENAI_API_KEY }}
    permission-profile: public-review
    prompt: Review the public change.

See the Codex permission profile documentation for the profile schema.

Testing

  • Add end-to-end command-construction tests with a fake codex executable. These cover the legacy
    default, profile selection without --sandbox, and incompatible input combinations.
  • pnpm test
  • pnpm run check

Documentation

After this input is released, the Codex GitHub Action page on developers.openai.com should list
permission-profile and explain its relationship with the legacy sandbox input.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ee8f15407f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/runCodexExec.ts Outdated
Comment on lines +389 to +394
if (arg === "--config" || arg === "-c") {
return args[index + 1]?.trimStart().startsWith("sandbox_mode") ?? false;
}
return (
arg.startsWith("--config=sandbox_mode") ||
arg.startsWith("-c=sandbox_mode")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject sandbox_workspace_write overrides with profiles

When permission-profile is set and callers pass codex-args like --config sandbox_workspace_write.network_access=true, this check returns false, so the action still starts Codex with both default_permissions and a legacy workspace sandbox override. The Codex permissions docs state that default_permissions/[permissions] must not be combined with sandbox_mode/sandbox_workspace_write (https://developers.openai.com/codex/permissions), so this bypasses the new mutual-exclusion guard and can make the requested profile ineffective or rejected only after startup. Please treat sandbox_workspace_write overrides the same as sandbox_mode here.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch: addressed.

@bolinfest bolinfest force-pushed the pr113 branch 2 times, most recently from b654a71 to cfdaae5 Compare July 3, 2026 05:50
@bolinfest bolinfest merged commit 6b77185 into main Jul 3, 2026
2 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 3, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant