mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
dev
4 Commits
-
Uprev Rust toolchain pins to 1.95.0 (#24684)
## Summary - Bump the workspace Rust toolchain from `1.93.0` to `1.95.0` across Cargo, Bazel, CI, release workflows, devcontainers, and the Codex environment config. - Refresh `MODULE.bazel.lock` so the Bazel Rust toolchain artifacts match the new version. - Leave purpose-specific toolchains unchanged, including the `argument-comment-lint` nightly and the upstream `rusty_v8` `1.91.0` build pin. - Includes fixes for new lints from `just fix` and a few codex-authored fixes for lints without a suggestion.
Adam Perry @ OpenAI ·
2026-05-26 20:59:47 -07:00 -
Harden package-manager install policy (#19163)
## Summary This PR hardens package-manager usage across the repo to reduce dependency supply-chain risk. It also removes the stale `codex-cli` Docker path, which was already broken on `main`, instead of keeping a bitrotted container workflow alive. ## What changed - Updated pnpm package manager pins and workspace install settings. - Removed stale `codex-cli` Docker assets instead of trying to keep a broken local container path alive. - Added uv settings and lockfiles for the Python SDK packages. - Updated Python SDK setup docs to use `uv sync`. ## Why This is primarily a security hardening change. It reduces package-install and supply-chain risk by ensuring dependency installs go through pinned package managers, committed lockfiles, release-age settings, and reviewed build-script controls. For `codex-cli`, the right follow-up was to remove the local Docker path rather than keep patching it: - `codex-cli/Dockerfile` installed `codex.tgz` with `npm install -g`, which bypassed the repo lockfile and age-gated pnpm settings. - The local `codex-cli/scripts/build_container.sh` helper was already broken on `main`: it called `pnpm run build`, but `codex-cli/package.json` does not define a `build` script. - The container path itself had bitrotted enough that keeping it would require extra packaging-specific behavior that was not otherwise needed by the repo. ## Gaps addressed - Global npm installs bypassed the repo lockfile in Docker and CLI reinstall paths, including `codex-cli/Dockerfile` and `codex-cli/bin/codex.js`. - CI and Docker pnpm installs used `--frozen-lockfile`, but the repo was missing stricter pnpm workspace settings for dependency build scripts. - Python SDK projects had `pyproject.toml` metadata but no committed `uv.lock` coverage or uv age/index settings in `sdk/python` and `sdk/python-runtime`. - The secure devcontainer install path used npm/global install behavior without a local locked package-manager boundary. - The local `codex-cli` Docker helper was already broken on `main`, so this PR removes that stale Docker path instead of preserving a broken surface. - pnpm was already pinned, but not to the current repo-wide pnpm version target. ## Verification - `pnpm install --frozen-lockfile` - `.devcontainer/codex-install`: `pnpm install --prod --frozen-lockfile` - `.devcontainer/codex-install`: `./node_modules/.bin/codex --version` - `sdk/python`: `uv lock --check`, `uv sync --locked --all-extras --dry-run`, `uv build` - `sdk/python-runtime`: `uv lock --check`, `uv sync --locked --dry-run`, `uv build --wheel` - `pnpm -r --filter ./sdk/typescript run build` - `pnpm -r --filter ./sdk/typescript run lint` - `pnpm -r --filter ./sdk/typescript run test` - `node --check codex-cli/bin/codex.js` - `docker build -f .devcontainer/Dockerfile.secure -t codex-secure-test .` - `cargo build -p codex-cli` - repo-wide package-manager audit
mcgrew-oai ·
2026-04-24 14:36:19 -04:00 -
[codex] Support bubblewrap in secure Docker devcontainer (#17547)
## Summary - leave the default contributor devcontainer on its lightweight platform-only Docker runtime - install bubblewrap in setuid mode only in the secure devcontainer image for running Codex inside Docker - add Docker run args to the secure profile for bubblewrap's required capabilities - use explicit `seccomp=unconfined` and `apparmor=unconfined` in the secure profile instead of shipping a custom seccomp profile - document that the relaxed Docker security options are scoped to the secure profile ## Why Docker's default seccomp profile blocks bubblewrap with `pivot_root: Operation not permitted`, even when the container has `CAP_SYS_ADMIN`. Docker's default AppArmor profile also blocks bubblewrap with `Failed to make / slave: Permission denied`. A custom seccomp profile works, but it is hard for customers to audit and understand. Using Docker's standard `seccomp=unconfined` option is clearer: the secure profile intentionally relaxes Docker's outer sandbox just enough for Codex to construct its own bubblewrap/seccomp sandbox inside the container. The default contributor profile does not get these expanded runtime settings. ## Validation - `sed '/\\/\\*/,/\\*\\//d' .devcontainer/devcontainer.json | jq empty` - `jq empty .devcontainer/devcontainer.secure.json` - `git diff --check` - `docker build --platform=linux/arm64 -t codex-devcontainer-bwrap-test-arm64 ./.devcontainer` - `docker build --platform=linux/arm64 -f .devcontainer/Dockerfile.secure -t codex-devcontainer-secure-bwrap-test-arm64 .` - interactive `docker run -it` smoke tests: - verified non-root users `ubuntu` and `vscode` - verified secure image `/usr/bin/bwrap` is setuid - verified user/pid namespace, user/network namespace, and preserved-fd `--ro-bind-data` bwrap commands - reran secure-image smoke test with simplified `seccomp=unconfined` setup: - `bwrap-basic-ok` - `bwrap-netns-ok` - `codex-ok` - ran Codex inside the secure image: - `codex --version` -> `codex-cli 0.120.0` - `codex sandbox linux --full-auto -- /bin/sh -lc '...'` -> exited 0 and printed `codex-inner-ok` Note: direct `bwrap --proc /proc` is still denied by this Docker runtime, and Codex's existing proc-mount preflight fallback handles that by retrying without `--proc`. --------- Co-authored-by: Codex <noreply@openai.com>
viyatb-oai ·
2026-04-12 10:49:50 -07:00 -
feat(devcontainer): add separate secure customer profile (#10431)
## Description Keeps the existing Codex contributor devcontainer in place and adds a separate secure profile for customer use. ## What changed - leaves `.devcontainer/devcontainer.json` and the contributor `Dockerfile` aligned with `main` - adds `.devcontainer/devcontainer.secure.json` and `.devcontainer/Dockerfile.secure` - adds secure-profile bootstrap scripts: - `post_install.py` - `post-start.sh` - `init-firewall.sh` - updates `.devcontainer/README.md` to explain when to use each path ## Secure profile behavior The new secure profile is opt-in and is meant for running Codex in a stricter project container: - preinstalls the Codex CLI plus common build tools - uses persistent volumes for Codex state, Cargo, Rustup, and GitHub auth - applies an allowlist-driven outbound firewall at startup - blocks IPv6 by default so the allowlist cannot be bypassed via AAAA routes - keeps the stricter networking isolated from the default contributor workflow ## Resulting behavior - `devcontainer.json` remains the low-friction Codex contributor setup - `devcontainer.secure.json` is the customer-facing secure option - the repo supports both workflows without forcing the secure profile on Codex contributors
viyatb-oai ·
2026-04-10 23:32:06 -07:00