npm - @canonmsg/codex-plugin - Versions diffs - 0.6.0 → 0.6.1 - Mend

@canonmsg/codex-plugin 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/host-runtime.d.ts +0 -3
package/dist/host-runtime.js +4 -15
package/dist/host.js +34 -9
package/dist/permission-mode.d.ts +31 -0
package/dist/permission-mode.js +59 -0
package/package.json +3 -3

package/dist/host-runtime.d.ts CHANGED Viewed

@@ -28,9 +28,6 @@ export interface HostInboundParticipantContext {
 type HostInboundMessage = {
     text?: string | null;
     contentType?: CanonMessage['contentType'] | null;
-    audioUrl?: string | null;
-    audioDurationMs?: number | null;
-    imageUrl?: string | null;
     attachments?: CanonMessage['attachments'];
     senderType?: CanonMessage['senderType'];
     mentions?: string[] | null;

package/dist/host-runtime.js CHANGED Viewed

@@ -49,21 +49,10 @@ export function renderCanonHostInboundContent(message, materialized) {
     const body = message.text || '';
     const placeholders = [];
     const attachments = message.attachments ?? [];
-    if (attachments.length > 0) {
-        for (let i = 0; i < attachments.length; i += 1) {
-            const att = attachments[i];
-            const mat = materialized?.find((m) => m.index === i) ?? null;
-            placeholders.push(describeAttachment(att, mat));
-        }
-    }
-    else if (message.contentType === 'audio' && message.audioUrl) {
-        const duration = message.audioDurationMs
-            ? ` (${Math.round(message.audioDurationMs / 1000)}s)`
-            : '';
-        placeholders.push(`[Voice message${duration}]`);
-    }
-    else if (message.contentType === 'image' && message.imageUrl) {
-        placeholders.push('[Image attached]');
+    for (let i = 0; i < attachments.length; i += 1) {
+        const att = attachments[i];
+        const mat = materialized?.find((m) => m.index === i) ?? null;
+        placeholders.push(describeAttachment(att, mat));
     }
     const rendered = [...placeholders, body].filter(Boolean).join('\n');
     return rendered || '[Empty message]';

package/dist/host.js CHANGED Viewed

@@ -9,6 +9,7 @@ import { buildCanonHostPrompt, buildHydratedInboundContext, createConversationMe
 import { buildInboundContextLines, decideAutoReply, } from './inbound-policy.js';
 import { CodexConversationAdapter, } from './adapter.js';
 import { clearStoredThreadId, loadStoredThreadId, saveStoredThreadId, } from './session-store.js';
+import { deriveCodexPermissionEnvelope, mapCanonPermissionToCodex, } from './permission-mode.js';
 const MAX_SESSIONS = 12;
 const IDLE_TIMEOUT_MS = 30 * 60 * 1000;
 const HEARTBEAT_MS = 30_000;
@@ -42,7 +43,11 @@ async function publishAgentRuntime(agentId, runtime) {
     await publishHostAgentRuntime(agentId, 'codex', runtime);
 }
 async function loadSessionConfig(conversationId, agentId) {
-    return loadHostSessionConfig({ conversationId, agentId });
+    return loadHostSessionConfig({
+        conversationId,
+        agentId,
+        extraStringFields: ['permissionMode'],
+    });
 }
 const SESSION_EXECUTION_MODE_REQUIRED = 'Session execution mode required; please select a mode before starting the session.';
 function requireSessionExecutionMode(config) {
@@ -265,6 +270,14 @@ async function main() {
                 const sessionCwd = environment.cwd;
                 const sessionModel = config?.model ?? (typeof args.model === 'string' ? args.model : undefined);
                 const storedThreadId = loadStoredThreadId(agentId, conversationId, sessionCwd);
+                if (config?.permissionMode
+                    && !codexPermissionEnvelope.availablePermissionModes.some((option) => option.value === config.permissionMode)) {
+                    throw new ExecutionEnvironmentError(`Permission mode "${config.permissionMode}" is not supported by this Codex host.`, 'This Canon host was started with stricter approval settings. Choose one of the advertised permission modes or restart the host with more permissive flags.');
+                }
+                const approvalOverride = mapCanonPermissionToCodex(config?.permissionMode);
+                const defaultSandbox = (typeof args.sandbox === 'string' ? args.sandbox : null);
+                const defaultFullAuto = Boolean(args['full-auto']);
+                const defaultBypass = Boolean(args['dangerously-bypass-approvals-and-sandbox']);
                 const session = {
                     conversationId,
                     cwd: sessionCwd,
@@ -274,15 +287,17 @@ async function main() {
                         threadId: storedThreadId,
                         codexBin: typeof args['codex-bin'] === 'string' ? args['codex-bin'] : 'codex',
                         model: sessionModel ?? null,
-                        sandbox: (typeof args.sandbox === 'string' ? args.sandbox : null),
+                        sandbox: approvalOverride ? approvalOverride.sandbox : defaultSandbox,
                         approvalPolicy: (typeof args['ask-for-approval'] === 'string'
                             ? args['ask-for-approval']
                             : null),
                         codexProfile: typeof args['codex-profile'] === 'string' ? args['codex-profile'] : null,
                         addDirs: args['add-dir'] ?? [],
                         configOverrides: args.config ?? [],
-                        fullAuto: Boolean(args['full-auto']),
-                        bypassApprovalsAndSandbox: Boolean(args['dangerously-bypass-approvals-and-sandbox']),
+                        fullAuto: approvalOverride ? approvalOverride.fullAuto : defaultFullAuto,
+                        bypassApprovalsAndSandbox: approvalOverride
+                            ? approvalOverride.bypassApprovalsAndSandbox
+                            : defaultBypass,
                     }),
                     queue: [],
                     running: false,
@@ -334,10 +349,7 @@ async function main() {
             try {
                 materialized = await materializeMessageMedia({
                     id: input.message.id,
-                    attachments: input.message.attachments,
-                    imageUrl: input.message.imageUrl ?? null,
-                    audioUrl: input.message.audioUrl ?? null,
-                    audioDurationMs: input.message.audioDurationMs ?? null,
+                    attachments: input.message.attachments ?? [],
                 }, { agentId, conversationId: input.conversationId });
             }
             catch (error) {
@@ -538,11 +550,16 @@ async function main() {
     const hostAvailableExecutionModes = allowWorktrees
         ? [...EXECUTION_ENVIRONMENT_MODES]
         : ['locked'];
+    const codexPermissionEnvelope = deriveCodexPermissionEnvelope(args);
     let runtimeDescriptor = {
         defaultWorkspaceId: workspaceOptions[0]?.id,
         ...(typeof args.model === 'string' ? { defaultModel: args.model } : {}),
         availableWorkspaces: buildPublicWorkspaceOptions(workspaceOptions),
         availableExecutionModes: hostAvailableExecutionModes,
+        availablePermissionModes: [...codexPermissionEnvelope.availablePermissionModes],
+        ...(codexPermissionEnvelope.defaultPermissionMode
+            ? { defaultPermissionMode: codexPermissionEnvelope.defaultPermissionMode }
+            : {}),
     };
     const publishRuntimeHeartbeat = async () => {
         if (!streamConnected)
@@ -587,6 +604,10 @@ async function main() {
             ...(typeof args.model === 'string' ? { defaultModel: args.model } : {}),
             availableWorkspaces: buildPublicWorkspaceOptions(workspaceOptions),
             availableExecutionModes: hostAvailableExecutionModes,
+            availablePermissionModes: [...codexPermissionEnvelope.availablePermissionModes],
+            ...(codexPermissionEnvelope.defaultPermissionMode
+                ? { defaultPermissionMode: codexPermissionEnvelope.defaultPermissionMode }
+                : {}),
         };
     }
     catch {
@@ -594,6 +615,10 @@ async function main() {
             defaultWorkspaceId: workspaceOptions[0]?.id,
             availableWorkspaces: buildPublicWorkspaceOptions(workspaceOptions),
             availableExecutionModes: hostAvailableExecutionModes,
+            availablePermissionModes: [...codexPermissionEnvelope.availablePermissionModes],
+            ...(codexPermissionEnvelope.defaultPermissionMode
+                ? { defaultPermissionMode: codexPermissionEnvelope.defaultPermissionMode }
+                : {}),
         };
     }
     try {
@@ -661,7 +686,7 @@ async function main() {
                                     writeState(session);
                                 }
                                 if (control.permissionMode) {
-                                    console.error(`[canon-codex] [${conversationId.slice(0, 8)}] permissionMode control is not mapped yet (${control.permissionMode})`);
+                                    console.error(`[canon-codex] [${conversationId.slice(0, 8)}] approval mode is session-creation-only; ignoring mid-session change request (${control.permissionMode})`);
                                 }
                                 if (control.effort) {
                                     console.error(`[canon-codex] [${conversationId.slice(0, 8)}] effort control is not mapped yet (${control.effort})`);

package/dist/permission-mode.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import type { CodexSandboxMode } from './adapter.js';
+export declare const CODEX_PERMISSION_OPTIONS: readonly [{
+    readonly value: "readonly";
+    readonly label: "Read-only";
+}, {
+    readonly value: "workspace";
+    readonly label: "Workspace-write";
+}, {
+    readonly value: "full-auto";
+    readonly label: "Full auto";
+}, {
+    readonly value: "bypass";
+    readonly label: "Bypass (dangerous)";
+}];
+export type CodexPermissionMode = (typeof CODEX_PERMISSION_OPTIONS)[number]['value'];
+export type CodexApprovalShape = {
+    sandbox: CodexSandboxMode | null;
+    fullAuto: boolean;
+    bypassApprovalsAndSandbox: boolean;
+};
+export type CodexPermissionEnvelope = {
+    defaultPermissionMode?: CodexPermissionMode;
+    availablePermissionModes: ReadonlyArray<(typeof CODEX_PERMISSION_OPTIONS)[number]>;
+};
+export declare function mapCanonPermissionToCodex(mode: string | null | undefined): CodexApprovalShape | null;
+export declare function deriveCodexPermissionEnvelope(args: {
+    'full-auto'?: unknown;
+    'dangerously-bypass-approvals-and-sandbox'?: unknown;
+    'ask-for-approval'?: unknown;
+    sandbox?: unknown;
+}): CodexPermissionEnvelope;

package/dist/permission-mode.js ADDED Viewed

@@ -0,0 +1,59 @@
+export const CODEX_PERMISSION_OPTIONS = [
+    { value: 'readonly', label: 'Read-only' },
+    { value: 'workspace', label: 'Workspace-write' },
+    { value: 'full-auto', label: 'Full auto' },
+    { value: 'bypass', label: 'Bypass (dangerous)' },
+];
+export function mapCanonPermissionToCodex(mode) {
+    switch (mode) {
+        case 'readonly':
+            return { sandbox: 'read-only', fullAuto: false, bypassApprovalsAndSandbox: false };
+        case 'workspace':
+            return { sandbox: 'workspace-write', fullAuto: false, bypassApprovalsAndSandbox: false };
+        case 'full-auto':
+            return { sandbox: 'workspace-write', fullAuto: true, bypassApprovalsAndSandbox: false };
+        case 'bypass':
+            return { sandbox: null, fullAuto: false, bypassApprovalsAndSandbox: true };
+        default:
+            return null;
+    }
+}
+function codexOptionsThrough(mode) {
+    const index = CODEX_PERMISSION_OPTIONS.findIndex((option) => option.value === mode);
+    return index >= 0 ? CODEX_PERMISSION_OPTIONS.slice(0, index + 1) : [];
+}
+function isLegacyFullAuto(args) {
+    return args['ask-for-approval'] === 'never'
+        && (args.sandbox === 'workspace-write' || args.sandbox == null);
+}
+export function deriveCodexPermissionEnvelope(args) {
+    if (args.sandbox === 'read-only') {
+        return {
+            defaultPermissionMode: 'readonly',
+            availablePermissionModes: codexOptionsThrough('readonly'),
+        };
+    }
+    if (args.sandbox === 'danger-full-access') {
+        return {
+            availablePermissionModes: args['dangerously-bypass-approvals-and-sandbox']
+                ? [...CODEX_PERMISSION_OPTIONS]
+                : codexOptionsThrough('full-auto'),
+        };
+    }
+    if (args['dangerously-bypass-approvals-and-sandbox']) {
+        return {
+            defaultPermissionMode: 'bypass',
+            availablePermissionModes: [...CODEX_PERMISSION_OPTIONS],
+        };
+    }
+    if (args['full-auto'] || isLegacyFullAuto(args)) {
+        return {
+            defaultPermissionMode: 'full-auto',
+            availablePermissionModes: codexOptionsThrough('full-auto'),
+        };
+    }
+    return {
+        defaultPermissionMode: 'workspace',
+        availablePermissionModes: codexOptionsThrough('workspace'),
+    };
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@canonmsg/codex-plugin",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "Canon host integration for Codex CLI",
   "type": "module",
   "main": "dist/host.js",
@@ -22,8 +22,8 @@
     "prepack": "npm run build"
   },
   "dependencies": {
-    "@canonmsg/agent-sdk": "^0.8.0",
-    "@canonmsg/core": "^0.7.0"
+    "@canonmsg/agent-sdk": "^0.8.1",
+    "@canonmsg/core": "^0.7.1"
   },
   "engines": {
     "node": ">=18.0.0"