Guard Codex launches with managed network requirements#6495
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughAdded a managed Codex network requirements module that reads platform-specific requirements TOML, checks for 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✨ Finishing Touches📝 Generate docstrings
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
Reproduction
Reproduced #6493 on macOS by installing a managed Codex requirements payload via
defaults write com.openai.codex requirements_toml_base64 <base64 TOML>where[permissions.github_only.network]hasenabled = true, then runningcodex --no-alt-screen '--dangerously-bypass-approvals-and-sandbox' 'reply with the single word OKDONE'. Codex exited withError: turn/start failed in TUI/Operation not permitted (os error 1).Validation
npx vitest run src/main/codex/codex-managed-network-requirements.test.ts src/main/providers/local-pty-provider.test.tspnpm run typecheck:nodenpx oxlint src/main/codex/codex-managed-network-requirements.ts src/main/codex/codex-managed-network-requirements.test.ts src/main/providers/local-pty-provider.ts src/main/providers/local-pty-provider.test.tsFixes #6493