mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
7baf7e467e
## Why Codex Apps tools can mark arguments with `openai/fileParams`, but the execution path resolved and opened those files directly on the host. That bypassed the selected turn environment and prevented annotated file arguments from working with remote environments. ## What changed - resolve annotated file arguments against the primary turn environment - read file metadata and contents through that environment's sandboxed `ExecutorFileSystem` - reject files over the 512 MiB limit from metadata before reading or transferring them - retain the buffered upload-size check as defense in depth - make the OpenAI upload API accept a filename and buffered contents instead of owning local filesystem access - describe the model-visible argument as a path in the primary environment This builds on #27927, which added `size` to internal filesystem metadata. ## Testing - `just test -p codex-api upload_openai_file_returns_canonical_uri` - `just test -p codex-mcp tool_with_model_visible_input_schema_masks_file_params` - `just test -p codex-core mcp_openai_file` - `just test -p codex-core codex_apps_file_params_upload_environment_files_before_mcp_tool_call`
44 lines
1.2 KiB
TOML
44 lines
1.2 KiB
TOML
[package]
|
|
name = "codex-api"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[dependencies]
|
|
async-channel = { workspace = true }
|
|
base64 = { workspace = true }
|
|
bytes = { workspace = true }
|
|
chrono = { workspace = true }
|
|
codex-client = { workspace = true }
|
|
codex-protocol = { workspace = true }
|
|
codex-utils-rustls-provider = { workspace = true }
|
|
futures = { workspace = true }
|
|
http = { workspace = true }
|
|
reqwest = { workspace = true, features = ["json", "stream"] }
|
|
schemars = { workspace = true }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
thiserror = { workspace = true }
|
|
tokio = { workspace = true, features = ["fs", "macros", "net", "rt", "sync", "time"] }
|
|
tokio-tungstenite = { workspace = true }
|
|
tungstenite = { workspace = true }
|
|
tracing = { workspace = true }
|
|
eventsource-stream = { workspace = true }
|
|
regex-lite = { workspace = true }
|
|
tokio-util = { workspace = true, features = ["codec", "io"] }
|
|
url = { workspace = true }
|
|
|
|
[dev-dependencies]
|
|
anyhow = { workspace = true }
|
|
assert_matches = { workspace = true }
|
|
pretty_assertions = { workspace = true }
|
|
tokio-test = { workspace = true }
|
|
wiremock = { workspace = true }
|
|
reqwest = { workspace = true }
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[lib]
|
|
doctest = false
|