vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-28 23:06:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4ffbd07c06a8b2fa5d8a5b8bf10363dbbf37ce72
openclaw/extensions/codex/src/commands.ts
Josh Avant ba06376c79 fix: harden codex sandbox execution 
Harden the Codex app-server native execution bridge for OpenClaw sandboxed runs. The change keeps core sandbox policy in OpenClaw while exposing the process, filesystem, and HTTP relay behavior Codex needs inside a scoped exec server.

The large exec-server/test files were split into focused modules before landing, and the PR was rebased onto current main with focused tests, Testbox changed checks, CI, and Codex autoreview green.

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-05-21 23:47:32 +01:00

66 lines
2.3 KiB
TypeScript
Raw Blame History

import type {
OpenClawPluginCommandDefinition,
PluginCommandContext,
PluginCommandResult,
} from "openclaw/plugin-sdk/plugin-entry";
import { describeControlFailure } from "./app-server/capabilities.js";
import { formatCodexDisplayText } from "./command-formatters.js";
import type { CodexCommandDeps } from "./command-handlers.js";
type CodexCommandOptions = {
pluginConfig?: unknown;
deps?: Partial<CodexCommandDeps>;
};
type CodexSubcommandHandler = (
ctx: PluginCommandContext,
options: CodexCommandOptions,
) => Promise<PluginCommandResult>;
type CodexCommandInternalOptions = CodexCommandOptions & {
loadSubcommandHandler?: () => Promise<CodexSubcommandHandler>;
};
export function createCodexCommand(options: CodexCommandOptions): OpenClawPluginCommandDefinition {
return {
name: "codex",
description: "Inspect and control the Codex app-server harness",
ownership: "reserved",
agentPromptGuidance: [
{
text: "Native Codex app-server plugin is available (`/codex ...`). For Codex bind/control/thread/resume/steer/stop requests, prefer `/codex bind`, `/codex threads`, `/codex resume`, `/codex steer`, and `/codex stop` over ACP. When OpenClaw sandboxing is active, native Codex execution modes are unavailable; use normal Codex harness turns.",
surfaces: ["pi_main"],
},
{
text: "Use ACP for Codex only when the user explicitly asks for ACP/acpx or wants to test the ACP path.",
surfaces: ["pi_main"],
},
],
acceptsArgs: true,
requireAuth: true,
handler: (ctx) => handleCodexCommand(ctx, options),
};
}
export async function handleCodexCommand(
ctx: PluginCommandContext,
options: CodexCommandInternalOptions = {},
): Promise<PluginCommandResult> {
const { loadSubcommandHandler, ...subcommandOptions } = options;
try {
const handleCodexSubcommand = loadSubcommandHandler
? await loadSubcommandHandler()
: await loadDefaultCodexSubcommandHandler();
return await handleCodexSubcommand(ctx, subcommandOptions);
} catch (error) {
return {
text: `Codex command failed: ${formatCodexDisplayText(describeControlFailure(error))}`,
};
}
}
async function loadDefaultCodexSubcommandHandler(): Promise<CodexSubcommandHandler> {
const { handleCodexSubcommand } = await import("./command-handlers.js");
return handleCodexSubcommand;
}
Reference in New Issue View Git Blame Copy Permalink