@excitedjs/agent-runtime-codex 0.2.0-alpha.g0ddd418597ca

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 excitedjs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,44 @@
+# @excitedjs/agent-runtime-codex
+
+The built-in **Codex** Agent Runtime provider for
+[Dreamux](https://github.com/excitedjs/dreamux), published behind the stable
+`builtin:codex` alias.
+
+It implements the public `AgentRuntimeProvider` contract from
+[`@excitedjs/dreamux-types`](../../dreamux-types) against the Codex
+`app-server`: process supervision, the WebSocket RPC client, the `initialize`
+handshake, thread start/resume, the per-runtime turn manager, teammate
+completion delivery, and Codex doctor diagnostics.
+
+## Boundary
+
+This package depends on `@excitedjs/dreamux-types` **only**. It never imports
+`@excitedjs/dreamux` core. Everything host-specific — per-dispatcher paths, the
+volatile rendezvous-socket root, the durable state sink, the process `PATH`
+seeded from the host package bins, and bundled-skill installation — is supplied
+by the Dreamux host through the neutral `AgentRuntimeCreateContext` and the
+provider factory options. The package owns only Codex-engine mechanics and its
+own `~/.codex` home/config paths.
+
+The host resolves `builtin:codex` to this package and wraps it with a
+core-owned adapter that maps its private dispatcher objects onto the neutral
+contract; see
+`.agents/decisions/npm-package-split-and-channel-targets.md`.
+
+## Logger
+
+The package logs through the optional `DreamuxLogger` the host passes in. With
+no logger it falls back to a minimal `console.error`-backed sink for standalone
+use and tests.
+
+## Standalone use
+
+External callers can register this provider directly:
+
+```ts
+import { createCodexAgentRuntimeProvider } from '@excitedjs/agent-runtime-codex';
+```
+
+The factory accepts the neutral create context plus optional host hooks
+(socket allocator, base process env, workspace skill preparation, and test
+factories for the Codex process / WS client / home doctor).

package/dist/approval.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Approval handler for Codex server→client requests.
+ *
+ * Issue #2 §"信任模型" + §"实现陷阱":
+ *   - MVP runs Codex with approval-policy=never (or auto-approve).
+ *   - If a server-request still arrives (e.g. because policy was misconfigured
+ *     or codex escalates anyway), fail loudly — never return null. Silent null
+ *     is the trap that hangs the daemon.
+ *
+ * `onReject` is an observer hook for logs or metrics. Feishu user-visible
+ * output is MCP reply-only, so this handler must not send channel messages.
+ */
+import type { ServerRequest } from './types.js';
+export interface ApprovalHandlerOptions {
+    /**
+     * Called when a server-request is rejected. Errors thrown here are swallowed
+     * because the rejection itself still propagates to codex.
+     */
+    onReject?: (req: ServerRequest) => void | Promise<void>;
+}
+export declare function looksLikeApprovalRequest(method: string): boolean;
+/**
+ * Build a fail-fast server-request handler.
+ *
+ * The handler always throws — i.e. every server-request becomes an `error`
+ * response on the wire — but it tags approval-related methods with a
+ * user-readable message and notifies `onReject`.
+ */
+export declare function createFailFastApprovalHandler(opts?: ApprovalHandlerOptions): (req: ServerRequest) => Promise<unknown>;
+//# sourceMappingURL=approval.d.ts.map

package/dist/approval.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,aAAa,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACzD;AAKD,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAGhE;AAED;;;;;;GAMG;AACH,wBAAgB,6BAA6B,CAC3C,IAAI,GAAE,sBAA2B,IAEnB,KAAK,aAAa,KAAG,OAAO,CAAC,OAAO,CAAC,CAiBpD"}

package/dist/approval.js

@@ -0,0 +1,42 @@
+/**
+ * Approval handler for Codex server→client requests.
+ *
+ * Issue #2 §"信任模型" + §"实现陷阱":
+ *   - MVP runs Codex with approval-policy=never (or auto-approve).
+ *   - If a server-request still arrives (e.g. because policy was misconfigured
+ *     or codex escalates anyway), fail loudly — never return null. Silent null
+ *     is the trap that hangs the daemon.
+ *
+ * `onReject` is an observer hook for logs or metrics. Feishu user-visible
+ * output is MCP reply-only, so this handler must not send channel messages.
+ */
+/** A method name like `exec_command_approval`, `apply_patch_approval`, etc. */
+const APPROVAL_METHOD_HINTS = ['approval', 'approve', 'confirm', 'review'];
+export function looksLikeApprovalRequest(method) {
+    const m = method.toLowerCase();
+    return APPROVAL_METHOD_HINTS.some((h) => m.includes(h));
+}
+/**
+ * Build a fail-fast server-request handler.
+ *
+ * The handler always throws — i.e. every server-request becomes an `error`
+ * response on the wire — but it tags approval-related methods with a
+ * user-readable message and notifies `onReject`.
+ */
+export function createFailFastApprovalHandler(opts = {}) {
+    return async (req) => {
+        if (opts.onReject !== undefined) {
+            try {
+                await opts.onReject(req);
+            }
+            catch {
+                /* observer hook, must not mask the rejection itself */
+            }
+        }
+        if (looksLikeApprovalRequest(req.method)) {
+            throw new Error(`当前版本不支持审批（${req.method}）。请配置 codex approval-policy=never 或将本 dispatcher 部署在 trusted-local 环境。`);
+        }
+        throw new Error(`dispatcher 收到未支持的 codex server-request：${req.method}（id=${req.id}）`);
+    };
+}
+//# sourceMappingURL=approval.js.map

package/dist/approval.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.js","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAYH,+EAA+E;AAC/E,MAAM,qBAAqB,GAAG,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAE3E,MAAM,UAAU,wBAAwB,CAAC,MAAc;IACrD,MAAM,CAAC,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAC/B,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,6BAA6B,CAC3C,OAA+B,EAAE;IAEjC,OAAO,KAAK,EAAE,GAAkB,EAAoB,EAAE;QACpD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,uDAAuD;YACzD,CAAC;QACH,CAAC;QACD,IAAI,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,aAAa,GAAG,CAAC,MAAM,wEAAwE,CAChG,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,KAAK,CACb,0CAA0C,GAAG,CAAC,MAAM,OAAO,GAAG,CAAC,EAAE,GAAG,CACrE,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/args.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Parse `dispatchers.codex_args_json` into the CLI-arg array passed to
+ * the codex app-server child, AND validate that the trusted-local
+ * invariants from issue #2 §"信任模型" hold.
+ *
+ * Canonical shape:
+ *   {
+ *     "approvalPolicy": "never",            // from dispatchers[].runtime.config
+ *     "sandboxMode":    "workspace-write",  // from dispatchers[].runtime.config
+ *     "extraArgs":      ["--model", "..."]  // from runtime.config.extra_args
+ *   }
+ *
+ * This JSON is encoded per dispatcher from
+ * `dispatchers[].runtime.config` (every field carries a dispatcher-local
+ * default), so it is the sole source of truth. The optional `defaults` param
+ * remains a thin seam; with the top-level `codex` block removed there is no
+ * global layer, and a caller normally passes nothing.
+ *
+ * Precedence for each field (highest wins):
+ *   1. dispatchers.codex_args_json (this JSON)
+ *   2. `defaults` (optional caller seam)
+ *   3. hardcoded fallbacks (`'never'`, `'workspace-write'`, `[]`)
+ *
+ * `approvalPolicy` not in the trusted-local allowlist fails-fast at startup
+ * (issue #2 §"实现陷阱"): dispatcher refuses to come up if the policy may
+ * request approval AND no approval handler is wired.
+ *
+ * `sandboxMode` is similarly validated against the codex 0.134 enum so a
+ * typo doesn't reach the daemon (where the only feedback is a fatal early
+ * exit).
+ */
+export interface ParsedCodexArgs {
+    approvalPolicy: string;
+    sandboxMode: string;
+    extraArgs: string[];
+}
+export interface CodexArgsDefaults {
+    approvalPolicy?: string;
+    sandboxMode?: string;
+    extraArgs?: string[];
+}
+export declare function parseCodexArgs(json: string, defaults?: CodexArgsDefaults): ParsedCodexArgs;
+/**
+ * Build the codex CLI-arg model directly from the structured codex config
+ * block (`dispatchers[].runtime.config`), without round-tripping through JSON.
+ * Behavior-equivalent to encoding that block and calling {@link parseCodexArgs}:
+ * the same trusted-local invariants are enforced.
+ */
+export declare function codexArgsFromConfig(config: {
+    approval_policy: string;
+    sandbox_mode: string;
+    extra_args: string[];
+}): ParsedCodexArgs;
+export declare function codexArgsToCli(parsed: ParsedCodexArgs): string[];
+//# sourceMappingURL=args.d.ts.map

package/dist/args.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"args.d.ts","sourceRoot":"","sources":["../src/args.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAeH,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,QAAQ,GAAE,iBAAsB,GAC/B,eAAe,CAkCjB;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE;IAC1C,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB,GAAG,eAAe,CAMlB;AAmBD,wBAAgB,cAAc,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,EAAE,CAahE"}

package/dist/args.js

@@ -0,0 +1,113 @@
+/**
+ * Parse `dispatchers.codex_args_json` into the CLI-arg array passed to
+ * the codex app-server child, AND validate that the trusted-local
+ * invariants from issue #2 §"信任模型" hold.
+ *
+ * Canonical shape:
+ *   {
+ *     "approvalPolicy": "never",            // from dispatchers[].runtime.config
+ *     "sandboxMode":    "workspace-write",  // from dispatchers[].runtime.config
+ *     "extraArgs":      ["--model", "..."]  // from runtime.config.extra_args
+ *   }
+ *
+ * This JSON is encoded per dispatcher from
+ * `dispatchers[].runtime.config` (every field carries a dispatcher-local
+ * default), so it is the sole source of truth. The optional `defaults` param
+ * remains a thin seam; with the top-level `codex` block removed there is no
+ * global layer, and a caller normally passes nothing.
+ *
+ * Precedence for each field (highest wins):
+ *   1. dispatchers.codex_args_json (this JSON)
+ *   2. `defaults` (optional caller seam)
+ *   3. hardcoded fallbacks (`'never'`, `'workspace-write'`, `[]`)
+ *
+ * `approvalPolicy` not in the trusted-local allowlist fails-fast at startup
+ * (issue #2 §"实现陷阱"): dispatcher refuses to come up if the policy may
+ * request approval AND no approval handler is wired.
+ *
+ * `sandboxMode` is similarly validated against the codex 0.134 enum so a
+ * typo doesn't reach the daemon (where the only feedback is a fatal early
+ * exit).
+ */
+const TRUSTED_LOCAL_APPROVAL_POLICIES = new Set([
+    'never',
+    'auto',
+    'auto-approve',
+    'on-failure',
+]);
+const ALLOWED_SANDBOX_MODES = new Set([
+    'read-only',
+    'workspace-write',
+    'danger-full-access',
+]);
+export function parseCodexArgs(json, defaults = {}) {
+    let raw;
+    try {
+        raw = json.trim() === '' ? {} : JSON.parse(json);
+    }
+    catch (e) {
+        throw new Error(`codex_args_json is not valid JSON: ${e.message}`);
+    }
+    if (typeof raw !== 'object' || raw === null) {
+        throw new Error('codex_args_json must be a JSON object');
+    }
+    const obj = raw;
+    const approvalPolicy = typeof obj['approvalPolicy'] === 'string'
+        ? obj['approvalPolicy']
+        : (defaults.approvalPolicy ?? 'never');
+    const sandboxMode = typeof obj['sandboxMode'] === 'string'
+        ? obj['sandboxMode']
+        : (defaults.sandboxMode ?? 'workspace-write');
+    const perDispatcherExtra = Array.isArray(obj['extraArgs'])
+        ? obj['extraArgs'].map((x) => String(x))
+        : [];
+    // Any caller-provided default extraArgs go first; the dispatcher's own
+    // extraArgs are appended. codex's CLI is order-sensitive for `-c key=value`
+    // overrides — last write wins — so the dispatcher value overrides a same-key
+    // default.
+    const extraArgs = [
+        ...(defaults.extraArgs ?? []),
+        ...perDispatcherExtra,
+    ];
+    return validateCodexArgs({ approvalPolicy, sandboxMode, extraArgs });
+}
+/**
+ * Build the codex CLI-arg model directly from the structured codex config
+ * block (`dispatchers[].runtime.config`), without round-tripping through JSON.
+ * Behavior-equivalent to encoding that block and calling {@link parseCodexArgs}:
+ * the same trusted-local invariants are enforced.
+ */
+export function codexArgsFromConfig(config) {
+    return validateCodexArgs({
+        approvalPolicy: config.approval_policy,
+        sandboxMode: config.sandbox_mode,
+        extraArgs: [...config.extra_args],
+    });
+}
+function validateCodexArgs(parsed) {
+    if (!TRUSTED_LOCAL_APPROVAL_POLICIES.has(parsed.approvalPolicy)) {
+        throw new Error(`dispatcher startup refused: approvalPolicy='${parsed.approvalPolicy}' may request approval, ` +
+            `but the dreamux MVP only ships with a fail-fast approval handler ` +
+            `(issue #2 §"信任模型"). Configure approvalPolicy='never' or extend the trust model first.`);
+    }
+    if (!ALLOWED_SANDBOX_MODES.has(parsed.sandboxMode)) {
+        throw new Error(`dispatcher startup refused: sandboxMode='${parsed.sandboxMode}' is not one of ` +
+            `${Array.from(ALLOWED_SANDBOX_MODES).join(' | ')} (codex 0.134 enum).`);
+    }
+    return parsed;
+}
+export function codexArgsToCli(parsed) {
+    // codex >= 0.134 dropped --approval-policy and --sandbox at the
+    // app-server level; the remaining mechanism is `-c key=value` config
+    // overrides for both. Pass approval_policy first, then sandbox_mode,
+    // then the dispatcher's extra args — letting extra_args contain a same-key
+    // `-c` override that wins (codex parses last write wins).
+    return [
+        '-c',
+        `approval_policy=${parsed.approvalPolicy}`,
+        '-c',
+        `sandbox_mode=${parsed.sandboxMode}`,
+        ...parsed.extraArgs,
+    ];
+}
+//# sourceMappingURL=args.js.map

package/dist/args.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"args.js","sourceRoot":"","sources":["../src/args.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAC;IAC9C,OAAO;IACP,MAAM;IACN,cAAc;IACd,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,WAAW;IACX,iBAAiB;IACjB,oBAAoB;CACrB,CAAC,CAAC;AAcH,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,WAA8B,EAAE;IAEhC,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sCAAuC,CAAW,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,gBAAgB,CAAC,KAAK,QAAQ;QACvC,CAAC,CAAE,GAAG,CAAC,gBAAgB,CAAY;QACnC,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,IAAI,OAAO,CAAC,CAAC;IAC3C,MAAM,WAAW,GACf,OAAO,GAAG,CAAC,aAAa,CAAC,KAAK,QAAQ;QACpC,CAAC,CAAE,GAAG,CAAC,aAAa,CAAY;QAChC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,IAAI,iBAAiB,CAAC,CAAC;IAClD,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACxD,CAAC,CAAE,GAAG,CAAC,WAAW,CAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC,CAAC,EAAE,CAAC;IACP,uEAAuE;IACvE,4EAA4E;IAC5E,6EAA6E;IAC7E,WAAW;IACX,MAAM,SAAS,GAAG;QAChB,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAC7B,GAAG,kBAAkB;KACtB,CAAC;IAEF,OAAO,iBAAiB,CAAC,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC;AACvE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAInC;IACC,OAAO,iBAAiB,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,SAAS,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAuB;IAChD,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CACb,+CAA+C,MAAM,CAAC,cAAc,0BAA0B;YAC5F,mEAAmE;YACnE,uFAAuF,CAC1F,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,CAAC,WAAW,kBAAkB;YAC9E,GAAG,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,sBAAsB,CACzE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAuB;IACpD,gEAAgE;IAChE,qEAAqE;IACrE,qEAAqE;IACrE,2EAA2E;IAC3E,0DAA0D;IAC1D,OAAO;QACL,IAAI;QACJ,mBAAmB,MAAM,CAAC,cAAc,EAAE;QAC1C,IAAI;QACJ,gBAAgB,MAAM,CAAC,WAAW,EAAE;QACpC,GAAG,MAAM,CAAC,SAAS;KACpB,CAAC;AACJ,CAAC"}

package/dist/bin.d.ts

@@ -0,0 +1,14 @@
+import type { DreamuxEnvironment } from '@excitedjs/dreamux-types';
+/**
+ * Final codex binary path for one runtime. The `CODEX_HOST_CODEX_BIN`
+ * environment variable is a deliberate host-level override that takes precedence
+ * over the configured `runtime.config.bin`; otherwise the configured bin
+ * (default `"codex"`) is used. `env` defaults to the live process environment
+ * for the runtime spawn path; doctor passes the installed service unit's
+ * environment so it checks what the service will run.
+ *
+ * Lives in its own module so both the provider (spawn path) and the diagnostic
+ * (doctor path) import it without forming an import cycle.
+ */
+export declare function resolveCodexBinPath(configBin: string, env?: DreamuxEnvironment): string;
+//# sourceMappingURL=bin.d.ts.map

package/dist/bin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAEnE;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,MAAM,EACjB,GAAG,GAAE,kBAAgC,GACpC,MAAM,CAIR"}

package/dist/bin.js

@@ -0,0 +1,18 @@
+/**
+ * Final codex binary path for one runtime. The `CODEX_HOST_CODEX_BIN`
+ * environment variable is a deliberate host-level override that takes precedence
+ * over the configured `runtime.config.bin`; otherwise the configured bin
+ * (default `"codex"`) is used. `env` defaults to the live process environment
+ * for the runtime spawn path; doctor passes the installed service unit's
+ * environment so it checks what the service will run.
+ *
+ * Lives in its own module so both the provider (spawn path) and the diagnostic
+ * (doctor path) import it without forming an import cycle.
+ */
+export function resolveCodexBinPath(configBin, env = process.env) {
+    const fromEnv = env['CODEX_HOST_CODEX_BIN'];
+    if (fromEnv !== undefined && fromEnv.trim() !== '')
+        return fromEnv;
+    return configBin;
+}
+//# sourceMappingURL=bin.js.map

package/dist/bin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CACjC,SAAiB,EACjB,MAA0B,OAAO,CAAC,GAAG;IAErC,MAAM,OAAO,GAAG,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAC5C,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,OAAO,CAAC;IACnE,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/codex-home.d.ts

@@ -0,0 +1,42 @@
+import type { DreamuxEnvironment } from '@excitedjs/dreamux-types';
+export declare const DISPATCHER_APP_SERVER_SOCKET_PATH_MAX_BYTES = 103;
+export interface DispatcherCodexHomeDoctorContext {
+    dispatcherId: string;
+    codexHome: string;
+    configPath: string;
+    /**
+     * The runtime working directory. Optional/empty by default: the validation
+     * never reads it, so a caller that does not have it (e.g. doctor) omits it.
+     */
+    dispatcherCwd: string;
+    /**
+     * A representative socket allocation (issue #182: sockets are random per
+     * start, so this is a sample of the policy, not the path a runtime will
+     * bind). Doctor checks placement (never shared /tmp) and the path budget. An
+     * empty string skips the socket checks (no host candidate dirs were supplied).
+     */
+    socketPath: string;
+    codexCliArgs: string[];
+}
+export interface DispatcherCodexHomeDoctorResult {
+    ok: boolean;
+    errors: string[];
+    context: DispatcherCodexHomeDoctorContext;
+}
+export type DispatcherCodexHomeDoctor = (context: DispatcherCodexHomeDoctorContext) => void | Promise<void>;
+interface DoctorContextOptions {
+    codexCliArgs?: string[];
+    dispatcherCwd?: string;
+    /** Representative socket sample (from the path context's `runtimeSocketDirs()`). */
+    socketPath?: string;
+}
+interface DoctorOptions {
+    env?: DreamuxEnvironment;
+    codexCliArgs?: string[];
+}
+export declare function dispatcherCodexHomeDoctorContext(dispatcherId: string, options?: DoctorContextOptions): DispatcherCodexHomeDoctorContext;
+export declare function validateDispatcherCodexHome(input: string | DispatcherCodexHomeDoctorContext, options?: DoctorOptions): Promise<DispatcherCodexHomeDoctorResult>;
+export declare function assertDispatcherCodexHomeReady(context: DispatcherCodexHomeDoctorContext): Promise<void>;
+export declare function formatDispatcherCodexHomeErrors(result: DispatcherCodexHomeDoctorResult): string;
+export {};
+//# sourceMappingURL=codex-home.d.ts.map

package/dist/codex-home.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex-home.d.ts","sourceRoot":"","sources":["../src/codex-home.ts"],"names":[],"mappings":"AAsBA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAInE,eAAO,MAAM,2CAA2C,MACpB,CAAC;AAErC,MAAM,WAAW,gCAAgC;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;;;;OAKG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,+BAA+B;IAC9C,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,gCAAgC,CAAC;CAC3C;AAED,MAAM,MAAM,yBAAyB,GAAG,CACtC,OAAO,EAAE,gCAAgC,KACtC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE1B,UAAU,oBAAoB;IAC5B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,UAAU,aAAa;IACrB,GAAG,CAAC,EAAE,kBAAkB,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,wBAAgB,gCAAgC,CAC9C,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,oBAAyB,GACjC,gCAAgC,CASlC;AAED,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,MAAM,GAAG,gCAAgC,EAChD,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,+BAA+B,CAAC,CAyD1C;AAED,wBAAsB,8BAA8B,CAClD,OAAO,EAAE,gCAAgC,GACxC,OAAO,CAAC,IAAI,CAAC,CAIf;AAED,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,+BAA+B,GACtC,MAAM,CAGR"}

package/dist/codex-home.js

@@ -0,0 +1,112 @@
+/**
+ * Codex home/auth pre-start validation (issue #209 cleanup — relocated from
+ * Dreamux core into the owning package).
+ *
+ * This is the codex-engine readiness check: it validates that Codex's own global
+ * home (`~/.codex`) exists, parses its `config.toml`, carries usable auth, and
+ * that the representative app-server socket placement is sane. It is
+ * codex-specific and carries NO `~/.dreamux` knowledge — the host's socket
+ * placement arrives as a neutral sample (`socketPath`) computed from the path
+ * context's `runtimeSocketDirs()`, and `dispatcherCwd` is optional (the
+ * validation never reads it).
+ */
+import { readFile } from 'node:fs/promises';
+import { join, normalize, sep } from 'node:path';
+import { parse as parseToml, TomlError } from 'smol-toml';
+import { DREAMUX_UNIX_SOCKET_PATH_MAX_BYTES, pathExists, unixSocketPathFitsBudget, } from '@excitedjs/dreamux-utils';
+import { dispatcherCodexConfigPath, dispatcherCodexHome } from './paths.js';
+export const DISPATCHER_APP_SERVER_SOCKET_PATH_MAX_BYTES = DREAMUX_UNIX_SOCKET_PATH_MAX_BYTES;
+export function dispatcherCodexHomeDoctorContext(dispatcherId, options = {}) {
+    return {
+        dispatcherId,
+        codexHome: dispatcherCodexHome(dispatcherId),
+        configPath: dispatcherCodexConfigPath(dispatcherId),
+        dispatcherCwd: options.dispatcherCwd ?? '',
+        socketPath: options.socketPath ?? '',
+        codexCliArgs: options.codexCliArgs ?? [],
+    };
+}
+export async function validateDispatcherCodexHome(input, options = {}) {
+    const context = typeof input === 'string'
+        ? dispatcherCodexHomeDoctorContext(input, {
+            codexCliArgs: options.codexCliArgs,
+        })
+        : {
+            ...input,
+            codexCliArgs: options.codexCliArgs ?? input.codexCliArgs,
+        };
+    const errors = [];
+    const env = options.env ?? process.env;
+    if (await pathExists(context.configPath)) {
+        try {
+            const parsed = parseToml(await readFile(context.configPath, 'utf8'));
+            if (!isRecord(parsed)) {
+                errors.push(`Codex config must be a TOML table: ${context.configPath}`);
+            }
+        }
+        catch (err) {
+            errors.push(formatTomlError(err, context.configPath));
+        }
+    }
+    if (!(await pathExists(context.codexHome))) {
+        errors.push(`missing Codex home directory: ${context.codexHome}`);
+    }
+    // An empty socketPath means no host candidate dirs were supplied — skip the
+    // placement/budget checks (a real allocation still fails loud at start time).
+    if (context.socketPath !== '') {
+        if (isTmpPath(context.socketPath)) {
+            errors.push(`dispatcher app-server socket must not be under /tmp: ${context.socketPath}`);
+        }
+        if (!unixSocketPathFitsBudget(context.socketPath)) {
+            const bytes = Buffer.byteLength(context.socketPath, 'utf8');
+            errors.push(`dispatcher app-server socket path is too long for Unix sockets (${bytes} bytes > ${DISPATCHER_APP_SERVER_SOCKET_PATH_MAX_BYTES} safe bytes): ${context.socketPath}`);
+        }
+    }
+    // The bundled dispatcher skill is no longer symlinked into the workspace
+    // (issue #209 slice 6); core injects it at runtime by role via
+    // `skills/extraRoots/set`, so the doctor no longer checks for an on-disk skill.
+    if (!(await hasAuth(context.codexHome, env))) {
+        errors.push(`missing Codex auth state in ${context.codexHome} or a supported auth environment variable`);
+    }
+    return {
+        ok: errors.length === 0,
+        errors,
+        context,
+    };
+}
+export async function assertDispatcherCodexHomeReady(context) {
+    const result = await validateDispatcherCodexHome(context);
+    if (result.ok)
+        return;
+    throw new Error(formatDispatcherCodexHomeErrors(result));
+}
+export function formatDispatcherCodexHomeErrors(result) {
+    const header = `dispatcher '${result.context.dispatcherId}' Codex home is not ready`;
+    return [header, ...result.errors.map((e) => `- ${e}`)].join('\n');
+}
+function formatTomlError(err, file) {
+    if (err instanceof TomlError) {
+        const where = typeof err.line === 'number' && typeof err.column === 'number'
+            ? `${file}:${err.line}:${err.column}`
+            : file;
+        return `Codex config parse error at ${where}: ${err.message}`;
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return `Codex config parse error in ${file}: ${msg}`;
+}
+async function hasAuth(codexHome, env) {
+    if (await pathExists(join(codexHome, 'auth.json')))
+        return true;
+    return ['OPENAI_API_KEY', 'CODEX_API_KEY', 'CODEX_ACCESS_TOKEN'].some((name) => {
+        const value = env[name];
+        return value !== undefined && value.trim() !== '';
+    });
+}
+function isTmpPath(path) {
+    const normalized = normalize(path);
+    return normalized === '/tmp' || normalized.startsWith(`/tmp${sep}`);
+}
+function isRecord(value) {
+    return value !== null && typeof value === 'object' && !Array.isArray(value);
+}
+//# sourceMappingURL=codex-home.js.map

package/dist/codex-home.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex-home.js","sourceRoot":"","sources":["../src/codex-home.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAE1D,OAAO,EACL,kCAAkC,EAClC,UAAU,EACV,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAE5E,MAAM,CAAC,MAAM,2CAA2C,GACtD,kCAAkC,CAAC;AA2CrC,MAAM,UAAU,gCAAgC,CAC9C,YAAoB,EACpB,UAAgC,EAAE;IAElC,OAAO;QACL,YAAY;QACZ,SAAS,EAAE,mBAAmB,CAAC,YAAY,CAAC;QAC5C,UAAU,EAAE,yBAAyB,CAAC,YAAY,CAAC;QACnD,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE;QAC1C,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,EAAE;QACpC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,KAAgD,EAChD,UAAyB,EAAE;IAE3B,MAAM,OAAO,GACX,OAAO,KAAK,KAAK,QAAQ;QACvB,CAAC,CAAC,gCAAgC,CAAC,KAAK,EAAE;YACtC,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC;QACJ,CAAC,CAAC;YACE,GAAG,KAAK;YACR,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC,YAAY;SACzD,CAAC;IACR,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAEvC,IAAI,MAAM,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;YACrE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,sCAAsC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,iCAAiC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,4EAA4E;IAC5E,8EAA8E;IAC9E,IAAI,OAAO,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;QAC9B,IAAI,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CACT,wDAAwD,OAAO,CAAC,UAAU,EAAE,CAC7E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAC5D,MAAM,CAAC,IAAI,CACT,mEAAmE,KAAK,YAAY,2CAA2C,iBAAiB,OAAO,CAAC,UAAU,EAAE,CACrK,CAAC;QACJ,CAAC;IACH,CAAC;IACD,yEAAyE;IACzE,+DAA+D;IAC/D,gFAAgF;IAEhF,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CACT,+BAA+B,OAAO,CAAC,SAAS,2CAA2C,CAC5F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QACvB,MAAM;QACN,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAyC;IAEzC,MAAM,MAAM,GAAG,MAAM,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC1D,IAAI,MAAM,CAAC,EAAE;QAAE,OAAO;IACtB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,MAAuC;IAEvC,MAAM,MAAM,GAAG,eAAe,MAAM,CAAC,OAAO,CAAC,YAAY,2BAA2B,CAAC;IACrF,OAAO,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,eAAe,CAAC,GAAY,EAAE,IAAY;IACjD,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;QAC7B,MAAM,KAAK,GACT,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;YAC5D,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE;YACrC,CAAC,CAAC,IAAI,CAAC;QACX,OAAO,+BAA+B,KAAK,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;IAChE,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,+BAA+B,IAAI,KAAK,GAAG,EAAE,CAAC;AACvD,CAAC;AAED,KAAK,UAAU,OAAO,CACpB,SAAiB,EACjB,GAAuB;IAEvB,IAAI,MAAM,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChE,OAAO,CAAC,gBAAgB,EAAE,eAAe,EAAE,oBAAoB,CAAC,CAAC,IAAI,CACnE,CAAC,IAAI,EAAE,EAAE;QACP,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QACxB,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;IACpD,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACnC,OAAO,UAAU,KAAK,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Builtin `builtin:codex` runtime config: schema type, defaults, reader, and
+ * the typed accessor.
+ *
+ * Codex runtime config is owned by this package (the `builtin:codex` provider),
+ * not by the Dreamux host config module. It depends only on the shared neutral
+ * validation primitives (`@excitedjs/dreamux-utils`) and the package-local
+ * provider ref, never on `@excitedjs/dreamux` core. The Dreamux host config
+ * module re-exports these so
+ * the non-builtin callers (doctor, daemon, tests) keep their import paths.
+ */
+/**
+ * Builtin Codex runtime settings under a named `agents[].config` entry (provider
+ * `builtin:codex`), referenced by a dispatcher via `dispatchers[].agentRuntime`.
+ * Every field carries a built-in default, so an agent that omits any config
+ * field runs with these constants. There is no top-level `codex` block anymore;
+ * runtime config lives in `agents[]`.
+ *
+ * `bin` is the dispatcher's Codex binary path; the `CODEX_HOST_CODEX_BIN`
+ * environment variable is a host-level override that takes precedence over it
+ * (resolved by the codex builtin's `resolveCodexBinPath`).
+ * `initialize_timeout_ms` is that
+ * dispatcher's handshake timeout. `turn_timeout_ms` bounds a single TeamMate
+ * worker turn (issue #126): if a per-task Codex app-server reaches `running`
+ * but its turn never emits `turn/completed` (a stall in turn execution —
+ * commonly auth, network, or model quota), the worker fails that task instead
+ * of leaving it `running` forever. It does not affect the dispatcher's own
+ * long-lived runtime, only per-task workers.
+ */
+export interface DispatcherCodexConfig {
+    bin: string;
+    approval_policy: string;
+    sandbox_mode: string;
+    extra_args: string[];
+    extra_env: Record<string, string>;
+    initialize_timeout_ms: number;
+    turn_timeout_ms: number;
+}
+/**
+ * Default `dispatchers[].runtime.config.bin`. The Codex binary path is
+ * dispatcher-local; `CODEX_HOST_CODEX_BIN` is a host-level override above it,
+ * not the source.
+ */
+export declare const DEFAULT_CODEX_BIN = "codex";
+/** Default `dispatchers[].runtime.config.initialize_timeout_ms` (handshake timeout, ms). */
+export declare const DEFAULT_INITIALIZE_TIMEOUT_MS = 10000;
+/**
+ * Default per-turn deadline for a `builtin:codex` TeamMate worker (ms).
+ * Generous enough not to interrupt a legitimately long tool-using turn, but
+ * finite so a worker whose turn stalls after start cannot sit `running` with no
+ * visible outcome (issue #126). Operators override via
+ * `dispatchers[].runtime.config.turn_timeout_ms`.
+ */
+export declare const DEFAULT_CODEX_TURN_TIMEOUT_MS = 600000;
+/** Default `dispatchers[].runtime.config.approval_policy` when omitted. */
+export declare const DEFAULT_APPROVAL_POLICY = "never";
+/** Default `dispatchers[].runtime.config.sandbox_mode` when omitted. */
+export declare const DEFAULT_SANDBOX_MODE = "workspace-write";
+export declare const ALLOWED_APPROVAL_POLICIES: Set<string>;
+export declare const ALLOWED_SANDBOX_MODES: Set<string>;
+export declare function defaultDispatcherCodexConfig(): DispatcherCodexConfig;
+export declare function readDispatcherCodexConfig(rawCodex: Record<string, unknown>, file: string, prefix: string): DispatcherCodexConfig;
+/**
+ * Typed accessor for a dispatcher's resolved codex runtime config. Typed
+ * structurally (not against `DispatcherConfig`) so this module never imports
+ * the host config type — a full `DispatcherConfig` still satisfies it at the
+ * call sites.
+ */
+export declare function dispatcherCodexConfig(dispatcher: {
+    id: string;
+    runtime: {
+        provider: string;
+        config: unknown;
+    };
+}): DispatcherCodexConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAWH;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,UAAU,CAAC;AAEzC,4FAA4F;AAC5F,eAAO,MAAM,6BAA6B,QAAS,CAAC;AAEpD;;;;;;GAMG;AACH,eAAO,MAAM,6BAA6B,SAAU,CAAC;AAErD,2EAA2E;AAC3E,eAAO,MAAM,uBAAuB,UAAU,CAAC;AAE/C,wEAAwE;AACxE,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AAEtD,eAAO,MAAM,yBAAyB,aAKpC,CAAC;AAEH,eAAO,MAAM,qBAAqB,aAIhC,CAAC;AAEH,wBAAgB,4BAA4B,IAAI,qBAAqB,CAUpE;AAED,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,GACb,qBAAqB,CA0EvB;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC;CAChD,GAAG,qBAAqB,CAOxB"}