@c4t4/heyamigo 0.8.13 → 0.8.15

package/dist/ai/codex.js

@@ -12,11 +12,11 @@
 //
 // Configurable via config.codex:
 //   - model: optional `-m <model>` override. Default = Codex's default.
-//   - yolo (default true): emits --dangerously-bypass-approvals-and-sandbox
-//     (the documented canonical flag; --yolo is an alias in newer builds).
-//     Bundles no-approvals + full sandbox + skip-trust-check. Right
-//     default for a headless owner-bot; set false to honor runTask's
-//     mode-driven sandbox.
+//   - yolo (default true): emits --yolo, which bundles no-approvals +
+//     full sandbox + skip-trust-check. The narrower verbose flag
+//     (--dangerously-bypass-approvals-and-sandbox) does NOT skip the
+//     trust check on all versions and can hang the process — use --yolo.
+//     Set false to honor runTask's mode-driven sandbox.
 //   - skipGitRepoCheck (default true): adds --skip-git-repo-check when
 //     yolo is off. Codex refuses to run in untrusted cwds without it.
 //   - extraArgs: appended verbatim. Escape hatch for version drift.
@@ -65,6 +65,9 @@ function sandboxFor(mode) {
 function laneTimeoutMs(lane) {
     return TIMEOUT_MS[lane];
 }
+// Returns { args, prompt }. The prompt is the final text that should be
+// piped to stdin (system prompt prepended when applicable). args ends with
+// `-` so codex reads from stdin.
 function buildExecArgs(params) {
     const cfg = config.codex;
     const args = ['exec', '--json'];
@@ -72,11 +75,12 @@ function buildExecArgs(params) {
         args.push('-m', cfg.model);
     }
     if (cfg.yolo) {
-        // Canonical "no approvals + full sandbox + no trust check" switch.
-        // Some newer Codex builds expose --yolo as an alias for the same
-        // behavior; we use the documented name to stay portable. mode is
-        // ignored on this path.
-        args.push('--dangerously-bypass-approvals-and-sandbox');
+        // --yolo bundles all three bypasses: no approvals, full sandbox,
+        // and skip-trust-check. Empirically the right switch — the more
+        // narrowly-scoped --dangerously-bypass-approvals-and-sandbox does
+        // NOT subsume the trust-directory gate on some Codex versions and
+        // causes the process to hang waiting for stdin.
+        args.push('--yolo');
     }
     else {
         if (cfg.skipGitRepoCheck)
@@ -103,10 +107,12 @@ function buildExecArgs(params) {
             params.prompt = `${systemPrompt()}\n\n---\n\n${params.prompt}`;
         }
     }
-    // Prompt as positional arg. `codex exec` reads stdin only with `-`, and
-    // passing it positionally avoids ambiguity with the spawn pipe.
-    args.push(params.prompt);
-    return args;
+    // Pass prompt via stdin (positional `-` is the documented way). Large
+    // prompts — system prompt + memory preamble + history — can blow past
+    // Linux's ARG_MAX when shoved into argv, causing the spawn to hang
+    // silently. stdin has no such cap.
+    args.push('-');
+    return { args, prompt: params.prompt };
 }
 function extractReply(ev) {
     // Primary shape: item.completed with item.type === 'agent_message'
@@ -192,19 +198,22 @@ function parseCodexOutput(stdout) {
     };
 }
 async function runCodexTask(params) {
-    const args = buildExecArgs({
+    const { args, prompt } = buildExecArgs({
         mode: params.mode,
         addDirs: params.addDirs,
         sessionId: params.sessionId,
         includeSystemPrompt: params.includeSystemPrompt,
         prompt: params.input,
     });
-    logger.debug({ caller: params.caller, resume: !!params.sessionId }, 'spawning codex exec');
-    // input is empty here — the prompt rides in argv (Codex exec semantics).
-    // Empty stdin end() is harmless.
+    logger.info({
+        caller: params.caller,
+        resume: !!params.sessionId,
+        argv: args,
+        promptChars: prompt.length,
+    }, 'spawning codex exec');
     const { stdout, stderr, durationMs } = await runClaude({
         args,
-        input: '',
+        input: prompt,
         timeoutMs: laneTimeoutMs(params.lane),
         caller: params.caller,
         bin: 'codex',

package/dist/config.js

@@ -41,11 +41,11 @@ const ConfigSchema = z.object({
         // Optional model override. If unset, Codex uses its default. Passed
         // as `-m <model>` to `codex exec`.
         model: z.string().optional(),
-        // Field name kept catchy, but the actual flag emitted is the
-        // documented one: --dangerously-bypass-approvals-and-sandbox. Some
-        // newer Codex builds also accept --yolo as an alias; we use the
-        // canonical name for portability. Right default for a headless
-        // owner-bot. Set to false to honor runTask's mode-driven sandbox.
+        // Emits --yolo, which bundles no-approvals + full sandbox + skip-
+        // trust-check. The narrower verbose flag does not subsume the trust
+        // gate on all versions and hangs the process, so --yolo is the safe
+        // default. Right setting for a headless owner-bot. Set to false to
+        // honor runTask's mode-driven sandbox.
         yolo: z.boolean().default(true),
         // When yolo=false, still bypass the trust-directory prompt. Codex
         // refuses to run in an "untrusted" cwd otherwise.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@c4t4/heyamigo",
-  "version": "0.8.13",
+  "version": "0.8.15",
   "description": "WhatsApp AI bot powered by Claude with long-term memory, browser control, and role-based access",
   "type": "module",
   "main": "dist/index.js",