Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ee8f15407f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (arg === "--config" || arg === "-c") { | ||
| return args[index + 1]?.trimStart().startsWith("sandbox_mode") ?? false; | ||
| } | ||
| return ( | ||
| arg.startsWith("--config=sandbox_mode") || | ||
| arg.startsWith("-c=sandbox_mode") |
There was a problem hiding this comment.
Reject sandbox_workspace_write overrides with profiles
When permission-profile is set and callers pass codex-args like --config sandbox_workspace_write.network_access=true, this check returns false, so the action still starts Codex with both default_permissions and a legacy workspace sandbox override. The Codex permissions docs state that default_permissions/[permissions] must not be combined with sandbox_mode/sandbox_workspace_write (https://developers.openai.com/codex/permissions), so this bypasses the new mutual-exclusion guard and can make the requested profile ineffective or rejected only after startup. Please treat sandbox_workspace_write overrides the same as sandbox_mode here.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Good catch: addressed.
b654a71 to
cfdaae5
Compare
Why
Codex permission profiles provide the new unified filesystem and network policy model. However,
codex-actioncurrently appends--sandboxto everycodex execinvocation, which explicitly optsthe session into the legacy sandbox model and prevents
default_permissionsfrom taking effect.This makes it impossible for action users to select profiles such as a read-only workspace with a
narrow network allowlist.
What changed
permission-profileaction input that selects a built-in or configured profile throughdefault_permissions.--sandboxwhen a permission profile is selected.with the legacy
workspace-writesandbox; explicitsandboxcallers continue to use that model.sandbox, theread-onlysafety strategy, or a sandbox override incodex-args.0.138.0minimum, and the distinction betweencommand permissions and process-level
safety-strategyprotections.Example action configuration after defining
public-reviewin the selected Codex home:See the Codex permission profile documentation for the profile schema.
Testing
codexexecutable. These cover the legacydefault, profile selection without
--sandbox, and incompatible input combinations.pnpm testpnpm run checkDocumentation
After this input is released, the Codex GitHub Action page on
developers.openai.comshould listpermission-profileand explain its relationship with the legacysandboxinput.