Skip to content

Guard Codex launches with managed network requirements#6495

Open
nwparker wants to merge 1 commit into
mainfrom
nwparker/bug-error-turn-start-failed-in-tui-error-operati
Open

Guard Codex launches with managed network requirements#6495
nwparker wants to merge 1 commit into
mainfrom
nwparker/bug-error-turn-start-failed-in-tui-error-operati

Conversation

@nwparker

Copy link
Copy Markdown
Contributor

Summary

  • detect managed Codex requirements that enable permission-profile networking from macOS MDM preferences and system requirements files
  • replace affected local macOS Codex startup commands with a clear terminal diagnostic instead of launching into the opaque TUI crash
  • cover the detector and local PTY guard with focused tests

Reproduction

Reproduced #6493 on macOS by installing a managed Codex requirements payload via defaults write com.openai.codex requirements_toml_base64 <base64 TOML> where [permissions.github_only.network] has enabled = true, then running codex --no-alt-screen '--dangerously-bypass-approvals-and-sandbox' 'reply with the single word OKDONE'. Codex exited with Error: turn/start failed in TUI / Operation not permitted (os error 1).

Validation

  • npx vitest run src/main/codex/codex-managed-network-requirements.test.ts src/main/providers/local-pty-provider.test.ts
  • pnpm run typecheck:node
  • npx oxlint src/main/codex/codex-managed-network-requirements.ts src/main/codex/codex-managed-network-requirements.test.ts src/main/providers/local-pty-provider.ts src/main/providers/local-pty-provider.test.ts

Fixes #6493

@coderabbitai

coderabbitai Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 9b8c8294-0fe4-4c54-bcb2-fb997ac89c1c

📥 Commits

Reviewing files that changed from the base of the PR and between 6291812 and b6c3661.

📒 Files selected for processing (4)
  • src/main/codex/codex-managed-network-requirements.test.ts
  • src/main/codex/codex-managed-network-requirements.ts
  • src/main/providers/local-pty-provider.test.ts
  • src/main/providers/local-pty-provider.ts

📝 Walkthrough

Walkthrough

Added a managed Codex network requirements module that reads platform-specific requirements TOML, checks for [permissions.*.network] enabled = true, and builds a shell-quoted warning command. LocalPtyProvider now checks this on macOS for Codex launches and swaps in the warning command when the requirement is present. Tests were added for detection, command generation, and the PTY spawn path.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description has summary, reproduction, and validation, but it omits required template sections like Screenshots, AI Review Report, Security Audit, and Notes. Add the missing template sections, including screenshots or no visual change, the AI review report, security audit, notes, and a checkbox-style testing section.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: blocking Codex launches when managed network requirements are present.
Linked Issues check ✅ Passed The changes address #6493 by detecting managed network requirements on macOS and replacing the failing Codex launch with a clear diagnostic.
Out of Scope Changes check ✅ Passed The edits are confined to the network-requirements detector, local PTY guard, and their tests, with no unrelated feature work evident.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Error: turn/start failed in TUI Error: Operation not permitted (os error 1)

1 participant