@leo000001/codex-mcp 2.0.2 → 2.1.1

package/README.md

@@ -19,7 +19,7 @@ MCP server that wraps [OpenAI Codex](https://github.com/openai/codex) `app-serve
 ## Prerequisites
 
 - [Node.js](https://nodejs.org) >= 18
-- [OpenAI Codex CLI](https://github.com/openai/codex) installed and configured (`codex` in PATH)
+- [OpenAI Codex CLI](https://github.com/openai/codex) installed and configured (`codex` or `codex-internal` in PATH)
 
 ## Quick Start
 
@@ -76,6 +76,46 @@ Or add to `~/.claude/settings.json`:
 }
 ```
 
+## Codex Executable Configuration
+
+By default, codex-mcp auto-detects the Codex CLI by searching PATH for `codex`, then `codex-internal`. You can override this with environment variables:
+
+| Variable | Description | Example |
+| --- | --- | --- |
+| `CODEX_MCP_DEFAULT_CODEX_COMMAND` | Bare command name (resolved from PATH) | `codex-internal` |
+| `CODEX_MCP_DEFAULT_CODEX_PATH` | Absolute or relative filesystem path to the executable | `/usr/local/bin/codex-internal` |
+
+- The two variables are **mutually exclusive** — setting both causes a startup error.
+- When neither is set, codex-mcp tries `codex` then `codex-internal` on PATH automatically.
+
+Examples:
+
+```bash
+# Use codex-internal instead of codex
+CODEX_MCP_DEFAULT_CODEX_COMMAND=codex-internal npx -y @leo000001/codex-mcp
+```
+
+```bash
+# Use an explicit path
+CODEX_MCP_DEFAULT_CODEX_PATH=/opt/codex/bin/codex npx -y @leo000001/codex-mcp
+```
+
+MCP client config with env override:
+
+```json
+{
+  "mcpServers": {
+    "codex": {
+      "command": "npx",
+      "args": ["-y", "@leo000001/codex-mcp"],
+      "env": {
+        "CODEX_MCP_DEFAULT_CODEX_COMMAND": "codex-internal"
+      }
+    }
+  }
+}
+```
+
 ## STDIO Guard Modes
 
 `codex-mcp` includes a startup preflight guard for stdout contamination risk.

package/dist/index.js

@@ -111,21 +111,38 @@ function resolveCodexInvocation(codexArgs, deps = {}) {
   const readFile = deps.readFile ?? ((p) => readFileSync(p, "utf8"));
   const pathApi = platform === "win32" ? path.win32 : path.posix;
   const delimiter = platform === "win32" ? ";" : ":";
+  const codexCommand = deps.codexCommand ?? "codex";
+  const codexIsPath = deps.codexIsPath ?? false;
+  if (codexIsPath) {
+    if (platform === "win32" && (codexCommand.toLowerCase().endsWith(".cmd") || codexCommand.toLowerCase().endsWith(".bat"))) {
+      const comspec2 = env.ComSpec || env.COMSPEC || "cmd.exe";
+      return {
+        cmd: comspec2,
+        args: ["/d", "/s", "/c", codexCommand, ...codexArgs],
+        spawnedViaCmd: true
+      };
+    }
+    return { cmd: codexCommand, args: codexArgs, spawnedViaCmd: false };
+  }
   if (platform !== "win32") {
-    return { cmd: "codex", args: codexArgs, spawnedViaCmd: false };
+    return { cmd: codexCommand, args: codexArgs, spawnedViaCmd: false };
   }
-  const shim = findOnPath("codex", env, exists, pathApi, delimiter, [".exe", ".cmd", ".bat"]);
+  const shim = findOnPath(codexCommand, env, exists, pathApi, delimiter, [".exe", ".cmd", ".bat"]);
   if (shim && shim.toLowerCase().endsWith(".exe")) {
     return { cmd: shim, args: codexArgs, spawnedViaCmd: false };
   }
   if (shim && (shim.toLowerCase().endsWith(".cmd") || shim.toLowerCase().endsWith(".bat"))) {
-    const script = tryResolveNodeScriptFromShim(shim, exists, readFile, pathApi);
+    const script = tryResolveNodeScriptFromShim(shim, codexCommand, exists, readFile, pathApi);
     if (script) {
       return { cmd: process.execPath, args: [script, ...codexArgs], spawnedViaCmd: false };
     }
   }
   const comspec = env.ComSpec || env.COMSPEC || "cmd.exe";
-  return { cmd: comspec, args: ["/d", "/s", "/c", "codex", ...codexArgs], spawnedViaCmd: true };
+  return {
+    cmd: comspec,
+    args: ["/d", "/s", "/c", codexCommand, ...codexArgs],
+    spawnedViaCmd: true
+  };
 }
 function findOnPath(base, env, exists, pathApi, delimiter, exts) {
   const pathEnv = env.PATH || env.Path || env.path || "";
@@ -146,7 +163,7 @@ function stripSurroundingQuotes(value) {
   }
   return value;
 }
-function tryResolveNodeScriptFromShim(shimPath, exists, readFile, pathApi) {
+function tryResolveNodeScriptFromShim(shimPath, codexCommand, exists, readFile, pathApi) {
   let contents;
   try {
     contents = readFile(shimPath);
@@ -161,7 +178,13 @@ function tryResolveNodeScriptFromShim(shimPath, exists, readFile, pathApi) {
     matches.push(m[1]);
   }
   if (matches.length === 0) return void 0;
-  const preferred = matches.find((m) => /codex/i.test(pathApi.basename(m))) ?? matches.find((m) => /@openai\\codex|\\codex\\|\/codex\//i.test(m)) ?? matches[matches.length - 1];
+  const escapedCommand = codexCommand.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const baseNameRe = new RegExp(escapedCommand, "i");
+  const pathRe = new RegExp(
+    `@openai\\\\${escapedCommand}|\\\\${escapedCommand}\\\\|\\/${escapedCommand}\\/`,
+    "i"
+  );
+  const preferred = matches.find((m) => baseNameRe.test(pathApi.basename(m))) ?? matches.find((m) => pathRe.test(m)) ?? matches[matches.length - 1];
   const shimDir = pathApi.dirname(shimPath);
   const dp0 = shimDir.endsWith(pathApi.sep) ? shimDir : shimDir + pathApi.sep;
   let resolved = preferred.replace(/%~dp0/gi, dp0).replace(/%dp0%/gi, dp0);
@@ -171,6 +194,139 @@ function tryResolveNodeScriptFromShim(shimPath, exists, readFile, pathApi) {
   return abs;
 }
 
+// src/utils/codex-executable.ts
+import { accessSync, constants, existsSync as existsSync2, statSync } from "fs";
+import path2 from "path";
+var CODEX_MCP_DEFAULT_CODEX_COMMAND = "CODEX_MCP_DEFAULT_CODEX_COMMAND";
+var CODEX_MCP_DEFAULT_CODEX_PATH = "CODEX_MCP_DEFAULT_CODEX_PATH";
+var AUTO_CODEX_COMMANDS = ["codex", "codex-internal"];
+var _resolved;
+var WINDOWS_SUPPORTED_EXTENSIONS = [".com", ".exe", ".bat", ".cmd"];
+function stripSurroundingQuotes2(value) {
+  if (value.length >= 2 && value.startsWith('"') && value.endsWith('"')) {
+    return value.slice(1, -1);
+  }
+  return value;
+}
+function normalizeMaybeQuotedToken(raw) {
+  return stripSurroundingQuotes2(raw.trim());
+}
+function normalizeWindowsExtension(value) {
+  const trimmed = stripSurroundingQuotes2(value.trim());
+  if (!trimmed) return void 0;
+  return trimmed.startsWith(".") ? trimmed.toLowerCase() : `.${trimmed.toLowerCase()}`;
+}
+function isExecutableFile(candidate) {
+  try {
+    const stat = statSync(candidate);
+    if (!stat.isFile()) return false;
+    if (process.platform === "win32") return true;
+    accessSync(candidate, constants.X_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getPathEntries(env) {
+  const pathEnv = env.PATH || env.Path || env.path || "";
+  return pathEnv.split(process.platform === "win32" ? ";" : ":").map((entry) => stripSurroundingQuotes2(entry.trim())).filter(Boolean);
+}
+function getPathExtensions(env) {
+  if (process.platform !== "win32") return [""];
+  const configured = env.PATHEXT ?? env.Pathext ?? env.pathext ?? process.env.PATHEXT ?? ".COM;.EXE;.BAT;.CMD";
+  const configuredExts = configured.split(";").map((entry) => normalizeWindowsExtension(entry)).filter((entry) => Boolean(entry));
+  const merged = configuredExts.filter(
+    (ext) => WINDOWS_SUPPORTED_EXTENSIONS.includes(ext)
+  );
+  for (const ext of WINDOWS_SUPPORTED_EXTENSIONS) {
+    if (!merged.includes(ext)) merged.push(ext);
+  }
+  return Array.from(new Set(merged));
+}
+function commandExistsOnPath(command, env) {
+  const dirs = getPathEntries(env);
+  const ext = process.platform === "win32" ? path2.extname(command) : "";
+  const names = process.platform === "win32" ? Array.from(
+    new Set(
+      ext ? [command] : [...getPathExtensions(env).map((suffix) => `${command}${suffix}`), command]
+    )
+  ) : [command];
+  for (const dir of dirs) {
+    for (const name of names) {
+      const candidate = path2.join(dir, name);
+      if (isExecutableFile(candidate)) return true;
+    }
+  }
+  return false;
+}
+function looksLikePath(value) {
+  return value.includes("/") || value.includes("\\");
+}
+function resolveDefaultCodexExecutable(env = process.env) {
+  const envPathRaw = env[CODEX_MCP_DEFAULT_CODEX_PATH]?.trim();
+  const envCommandRaw = env[CODEX_MCP_DEFAULT_CODEX_COMMAND]?.trim();
+  const envPath = envPathRaw ? normalizeMaybeQuotedToken(envPathRaw) : void 0;
+  const envCommand = envCommandRaw ? normalizeMaybeQuotedToken(envCommandRaw) : void 0;
+  if (envPath && envCommand) {
+    throw new Error(
+      `Cannot set both ${CODEX_MCP_DEFAULT_CODEX_PATH} and ${CODEX_MCP_DEFAULT_CODEX_COMMAND}. Use one or the other.`
+    );
+  }
+  if (envPath) {
+    const resolvedPath = path2.resolve(envPath);
+    if (!existsSync2(resolvedPath)) {
+      throw new Error(`${CODEX_MCP_DEFAULT_CODEX_PATH}="${envPath}" \u2014 file does not exist.`);
+    }
+    if (!isExecutableFile(resolvedPath)) {
+      throw new Error(`${CODEX_MCP_DEFAULT_CODEX_PATH}="${envPath}" \u2014 not an executable file.`);
+    }
+    return { command: resolvedPath, isPath: true, source: "env_path" };
+  }
+  if (envCommand) {
+    if (looksLikePath(envCommand)) {
+      throw new Error(
+        `${CODEX_MCP_DEFAULT_CODEX_COMMAND}="${envCommand}" looks like a path. Use ${CODEX_MCP_DEFAULT_CODEX_PATH} for filesystem paths.`
+      );
+    }
+    if (!commandExistsOnPath(envCommand, env)) {
+      throw new Error(`${CODEX_MCP_DEFAULT_CODEX_COMMAND}="${envCommand}" was not found in PATH.`);
+    }
+    return { command: envCommand, isPath: false, source: "env_command" };
+  }
+  for (const candidate of AUTO_CODEX_COMMANDS) {
+    if (commandExistsOnPath(candidate, env)) {
+      return { command: candidate, isPath: false, source: "auto_detect" };
+    }
+  }
+  return { command: "codex", isPath: false, source: "default" };
+}
+function getDefaultCodexExecutable() {
+  if (!_resolved) {
+    _resolved = resolveDefaultCodexExecutable();
+  }
+  return _resolved;
+}
+function checkDefaultCodexExecutableAvailability() {
+  const info = getDefaultCodexExecutable();
+  const label = info.isPath ? "path" : "command";
+  switch (info.source) {
+    case "env_path":
+      console.error(`[codex-executable] Using ${CODEX_MCP_DEFAULT_CODEX_PATH}: ${info.command}`);
+      break;
+    case "env_command":
+      console.error(`[codex-executable] Using ${CODEX_MCP_DEFAULT_CODEX_COMMAND}: ${info.command}`);
+      break;
+    case "auto_detect":
+      console.error(`[codex-executable] Auto-detected ${label}: ${info.command}`);
+      break;
+    case "default":
+      console.error(
+        `[codex-executable] No codex found on PATH; falling back to "${info.command}". Set ${CODEX_MCP_DEFAULT_CODEX_COMMAND} or ${CODEX_MCP_DEFAULT_CODEX_PATH} to configure.`
+      );
+      break;
+  }
+}
+
 // src/types.ts
 var APPROVAL_POLICIES = ["untrusted", "on-failure", "on-request", "never"];
 var SANDBOX_MODES = ["read-only", "workspace-write", "danger-full-access"];
@@ -191,6 +347,7 @@ var COMMAND_DECISIONS = [
   "accept",
   "acceptForSession",
   "acceptWithExecpolicyAmendment",
+  "applyNetworkPolicyAmendment",
   "decline",
   "cancel"
 ];
@@ -199,6 +356,7 @@ var ALL_DECISIONS = [
   "accept",
   "acceptForSession",
   "acceptWithExecpolicyAmendment",
+  "applyNetworkPolicyAmendment",
   "decline",
   "cancel"
 ];
@@ -233,7 +391,7 @@ var DEFAULT_TERMINAL_CLEANUP_MS = 5 * 60 * 1e3;
 var CLEANUP_INTERVAL_MS = 6e4;
 
 // src/app-server/client.ts
-var CLIENT_VERSION = true ? "2.0.2" : "0.0.0-dev";
+var CLIENT_VERSION = true ? "2.1.1" : "0.0.0-dev";
 var DEFAULT_REQUEST_TIMEOUT = 3e4;
 var STARTUP_REQUEST_TIMEOUT = 9e4;
 var MAX_WRITE_QUEUE_BYTES = 5 * 1024 * 1024;
@@ -262,7 +420,11 @@ var AppServerClient = class extends EventEmitter {
     const args = buildAppServerArgs(opts);
     const env = { ...process.env };
     const stdio = ["pipe", "pipe", "pipe"];
-    const invocation = resolveCodexInvocation(args);
+    const exe = getDefaultCodexExecutable();
+    const invocation = resolveCodexInvocation(args, {
+      codexCommand: exe.command,
+      codexIsPath: exe.isPath
+    });
     this.spawnedViaCmd = invocation.spawnedViaCmd;
     this.spawnedDetached = process.platform !== "win32";
     const proc = spawn(invocation.cmd, invocation.args, {
@@ -622,16 +784,16 @@ var AppServerClient = class extends EventEmitter {
 };
 
 // src/utils/cwd.ts
-import { existsSync as existsSync2, statSync } from "fs";
-import path2 from "path";
+import { existsSync as existsSync3, statSync as statSync2 } from "fs";
+import path3 from "path";
 function resolveAndValidateCwd(inputCwd, baseCwd) {
   const candidate = inputCwd ?? baseCwd;
-  const resolved = path2.isAbsolute(candidate) ? candidate : path2.resolve(baseCwd, candidate);
-  if (!existsSync2(resolved)) {
+  const resolved = path3.isAbsolute(candidate) ? candidate : path3.resolve(baseCwd, candidate);
+  if (!existsSync3(resolved)) {
     throw new Error(`Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd does not exist: ${resolved}`);
   }
   try {
-    const stat = statSync(resolved);
+    const stat = statSync2(resolved);
     if (!stat.isDirectory()) {
       throw new Error(`Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: cwd is not a directory: ${resolved}`);
     }
@@ -653,15 +815,15 @@ function redactPaths(message) {
 }
 
 // src/utils/files.ts
-import { existsSync as existsSync3, statSync as statSync2 } from "fs";
-import path3 from "path";
+import { existsSync as existsSync4, statSync as statSync3 } from "fs";
+import path4 from "path";
 function resolveAndValidateFilePath(inputPath, baseDir, label = "path") {
-  const resolved = path3.isAbsolute(inputPath) ? inputPath : path3.resolve(baseDir, inputPath);
-  if (!existsSync3(resolved)) {
+  const resolved = path4.isAbsolute(inputPath) ? inputPath : path4.resolve(baseDir, inputPath);
+  if (!existsSync4(resolved)) {
     throw new Error(`Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${label} does not exist: ${resolved}`);
   }
   try {
-    const stat = statSync2(resolved);
+    const stat = statSync3(resolved);
     if (!stat.isFile()) {
       throw new Error(`Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: ${label} is not a file: ${resolved}`);
     }
@@ -1119,6 +1281,10 @@ var SessionManager = class {
             approvalId: req.approvalId,
             commandActions: req.commandActions,
             proposedExecpolicyAmendment: req.proposedExecpolicyAmendment,
+            availableDecisions: req.availableDecisions,
+            proposedNetworkPolicyAmendments: req.proposedNetworkPolicyAmendments,
+            additionalPermissions: req.additionalPermissions,
+            networkApprovalContext: req.networkApprovalContext,
             createdAt: req.createdAt
           });
         }
@@ -1220,6 +1386,17 @@ var SessionManager = class {
       );
     }
     if (req.kind === "command") {
+      const available = parseAvailableDecisionSet(req.availableDecisions);
+      if (available && !available.has(decision)) {
+        throw new Error(
+          `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Decision '${decision}' is not available for this approval prompt`
+        );
+      }
+      if (!available && decision === "applyNetworkPolicyAmendment") {
+        throw new Error(
+          `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Decision '${decision}' is not supported by this Codex CLI version (missing availableDecisions)`
+        );
+      }
       if (!COMMAND_DECISIONS.includes(decision)) {
         throw new Error(
           `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Invalid command decision '${decision}'`
@@ -1230,6 +1407,33 @@ var SessionManager = class {
           `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: execpolicy_amendment required for acceptWithExecpolicyAmendment`
         );
       }
+      if (decision !== "acceptWithExecpolicyAmendment" && extra?.execpolicy_amendment !== void 0) {
+        throw new Error(
+          `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: execpolicy_amendment is only valid for acceptWithExecpolicyAmendment`
+        );
+      }
+      if (decision === "applyNetworkPolicyAmendment") {
+        const amendment = extra?.network_policy_amendment;
+        if (!amendment) {
+          throw new Error(
+            `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment required for applyNetworkPolicyAmendment`
+          );
+        }
+        if (amendment.action !== "allow" && amendment.action !== "deny") {
+          throw new Error(
+            `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment.action must be 'allow' or 'deny'`
+          );
+        }
+        if (!amendment.host) {
+          throw new Error(
+            `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment.host required for applyNetworkPolicyAmendment`
+          );
+        }
+      } else if (extra?.network_policy_amendment !== void 0) {
+        throw new Error(
+          `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment is only valid for applyNetworkPolicyAmendment`
+        );
+      }
     } else if (req.kind === "fileChange") {
       if (!FILE_CHANGE_DECISIONS.includes(decision)) {
         throw new Error(
@@ -1243,7 +1447,10 @@ var SessionManager = class {
     }
     let response;
     if (req.kind === "command") {
-      response = buildCommandApprovalResponse(decision, extra?.execpolicy_amendment);
+      response = buildCommandApprovalResponse(decision, {
+        execpolicy_amendment: extra?.execpolicy_amendment,
+        network_policy_amendment: extra?.network_policy_amendment
+      });
     } else if (req.kind === "fileChange") {
       response = { decision };
     }
@@ -1501,6 +1708,12 @@ var SessionManager = class {
           const proposedExecpolicyAmendment = normalizeStringArrayOrNull(
             approvalParams.proposedExecpolicyAmendment
           );
+          const availableDecisions = Array.isArray(approvalParams.availableDecisions) ? approvalParams.availableDecisions : null;
+          const proposedNetworkPolicyAmendments = Array.isArray(
+            approvalParams.proposedNetworkPolicyAmendments
+          ) ? approvalParams.proposedNetworkPolicyAmendments : null;
+          const additionalPermissions = "additionalPermissions" in approvalParams ? approvalParams.additionalPermissions : void 0;
+          const networkApprovalContext = "networkApprovalContext" in approvalParams ? approvalParams.networkApprovalContext : void 0;
           const pending = {
             requestId,
             kind: "command",
@@ -1512,6 +1725,10 @@ var SessionManager = class {
             approvalId,
             commandActions,
             proposedExecpolicyAmendment,
+            availableDecisions,
+            proposedNetworkPolicyAmendments,
+            additionalPermissions,
+            networkApprovalContext,
             createdAt: (/* @__PURE__ */ new Date()).toISOString(),
             resolved: false,
             respond: (result) => client.respondToServer(id, result)
@@ -1559,7 +1776,11 @@ var SessionManager = class {
               cwd: approvalParams.cwd,
               reason,
               commandActions,
-              proposedExecpolicyAmendment
+              proposedExecpolicyAmendment,
+              availableDecisions,
+              proposedNetworkPolicyAmendments,
+              additionalPermissions,
+              networkApprovalContext
             },
             true
           );
@@ -1878,7 +2099,11 @@ function compactActionsForBudget(actions) {
     itemId: action.itemId,
     createdAt: action.createdAt,
     commandActions: action.commandActions,
-    proposedExecpolicyAmendment: action.proposedExecpolicyAmendment
+    proposedExecpolicyAmendment: action.proposedExecpolicyAmendment,
+    availableDecisions: action.availableDecisions,
+    additionalPermissions: action.additionalPermissions,
+    networkApprovalContext: action.networkApprovalContext,
+    proposedNetworkPolicyAmendments: action.proposedNetworkPolicyAmendments
   }));
 }
 function compactActionParamsForBudget(action) {
@@ -1911,7 +2136,11 @@ function compactActionsToMinimum(actions) {
       itemId: first.itemId,
       createdAt: first.createdAt,
       commandActions: first.commandActions,
-      proposedExecpolicyAmendment: first.proposedExecpolicyAmendment
+      proposedExecpolicyAmendment: first.proposedExecpolicyAmendment,
+      availableDecisions: first.availableDecisions,
+      additionalPermissions: first.additionalPermissions,
+      networkApprovalContext: first.networkApprovalContext,
+      proposedNetworkPolicyAmendments: first.proposedNetworkPolicyAmendments
     }
   ];
 }
@@ -2135,8 +2364,9 @@ function toSensitiveInfo(session) {
     config: session.config
   };
 }
-function buildCommandApprovalResponse(decision, execpolicy_amendment) {
+function buildCommandApprovalResponse(decision, extra) {
   if (decision === "acceptWithExecpolicyAmendment") {
+    const execpolicy_amendment = extra?.execpolicy_amendment;
     if (!execpolicy_amendment || execpolicy_amendment.length === 0) {
       throw new Error(
         `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: execpolicy_amendment required for acceptWithExecpolicyAmendment`
@@ -2150,11 +2380,41 @@ function buildCommandApprovalResponse(decision, execpolicy_amendment) {
       }
     };
   }
+  if (decision === "applyNetworkPolicyAmendment") {
+    const amendment = extra?.network_policy_amendment;
+    if (!amendment) {
+      throw new Error(
+        `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment required for applyNetworkPolicyAmendment`
+      );
+    }
+    return {
+      decision: {
+        applyNetworkPolicyAmendment: {
+          network_policy_amendment: amendment
+        }
+      }
+    };
+  }
   return { decision };
 }
 function isRecord(value) {
   return typeof value === "object" && value !== null;
 }
+function parseAvailableDecisionSet(available) {
+  if (!Array.isArray(available) || available.length === 0) return null;
+  const set = /* @__PURE__ */ new Set();
+  for (const entry of available) {
+    if (typeof entry === "string") {
+      set.add(entry);
+      continue;
+    }
+    if (isRecord(entry)) {
+      if ("acceptWithExecpolicyAmendment" in entry) set.add("acceptWithExecpolicyAmendment");
+      if ("applyNetworkPolicyAmendment" in entry) set.add("applyNetworkPolicyAmendment");
+    }
+  }
+  return set.size > 0 ? set : null;
+}
 function extractThreadId(result) {
   if (!isRecord(result)) {
     throw new Error(`Error [${"INTERNAL" /* INTERNAL */}]: Invalid thread response: expected object`);
@@ -2272,9 +2532,9 @@ function executeCodexCheck(args, sessionManager) {
   const pollOptions = args.pollOptions;
   switch (args.action) {
     case "poll": {
-      if (args.requestId !== void 0 || args.decision !== void 0 || args.execpolicy_amendment !== void 0 || args.denyMessage !== void 0 || args.answers !== void 0) {
+      if (args.requestId !== void 0 || args.decision !== void 0 || args.execpolicy_amendment !== void 0 || args.network_policy_amendment !== void 0 || args.denyMessage !== void 0 || args.answers !== void 0) {
         return {
-          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: requestId/decision/execpolicy_amendment/denyMessage/answers are only valid for respond_* actions`,
+          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: requestId/decision/execpolicy_amendment/network_policy_amendment/denyMessage/answers are only valid for respond_* actions`,
           isError: true
         };
       }
@@ -2310,6 +2570,31 @@ function executeCodexCheck(args, sessionManager) {
           isError: true
         };
       }
+      if (args.decision === "applyNetworkPolicyAmendment") {
+        if (!args.network_policy_amendment) {
+          return {
+            error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment required for applyNetworkPolicyAmendment`,
+            isError: true
+          };
+        }
+        if (args.network_policy_amendment.action !== "allow" && args.network_policy_amendment.action !== "deny") {
+          return {
+            error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment.action must be 'allow' or 'deny'`,
+            isError: true
+          };
+        }
+        if (!args.network_policy_amendment.host) {
+          return {
+            error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment.host required for applyNetworkPolicyAmendment`,
+            isError: true
+          };
+        }
+      } else if (args.network_policy_amendment !== void 0) {
+        return {
+          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: network_policy_amendment is only valid with decision='applyNetworkPolicyAmendment'`,
+          isError: true
+        };
+      }
       if (!ALL_DECISIONS.includes(args.decision)) {
         return {
           error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: Unknown decision '${args.decision}'`,
@@ -2319,6 +2604,7 @@ function executeCodexCheck(args, sessionManager) {
       try {
         sessionManager.resolveApproval(args.sessionId, args.requestId, args.decision, {
           execpolicy_amendment: args.execpolicy_amendment,
+          network_policy_amendment: args.network_policy_amendment,
           denyMessage: args.denyMessage
         });
       } catch (err) {
@@ -2338,9 +2624,9 @@ function executeCodexCheck(args, sessionManager) {
           isError: true
         };
       }
-      if (args.decision !== void 0 || args.execpolicy_amendment !== void 0 || args.denyMessage !== void 0) {
+      if (args.decision !== void 0 || args.execpolicy_amendment !== void 0 || args.network_policy_amendment !== void 0 || args.denyMessage !== void 0) {
         return {
-          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: decision/execpolicy_amendment/denyMessage are only valid for respond_permission`,
+          error: `Error [${"INVALID_ARGUMENT" /* INVALID_ARGUMENT */}]: decision/execpolicy_amendment/network_policy_amendment/denyMessage are only valid for respond_permission`,
           isError: true
         };
       }
@@ -2935,7 +3221,7 @@ function registerResources(server, deps) {
 }
 
 // src/server.ts
-var SERVER_VERSION = true ? "2.0.2" : "0.0.0-dev";
+var SERVER_VERSION = true ? "2.1.1" : "0.0.0-dev";
 function formatErrorMessage(err) {
   const message = err instanceof Error ? err.message : String(err);
   const m = /^Error \[([A-Z_]+)\]:\s*(.*)$/.exec(message);
@@ -3004,9 +3290,13 @@ function createServer(serverCwd) {
     // respond_permission
     requestId: z.string().optional().describe("Request ID from actions[]"),
     decision: z.enum(ALL_DECISIONS).optional().describe(
-      "Approval decision for respond_permission. acceptWithExecpolicyAmendment requires execpolicy_amendment."
+      "Approval decision for respond_permission. acceptWithExecpolicyAmendment requires execpolicy_amendment; applyNetworkPolicyAmendment requires network_policy_amendment."
     ),
     execpolicy_amendment: z.array(z.string()).optional().describe("For acceptWithExecpolicyAmendment only"),
+    network_policy_amendment: z.object({
+      action: z.enum(["allow", "deny"]),
+      host: z.string().min(1)
+    }).optional().describe("For applyNetworkPolicyAmendment only"),
     denyMessage: z.string().optional().describe("Deny reason (not sent to agent)"),
     // respond_user_input
     answers: z.record(
@@ -3016,10 +3306,10 @@ function createServer(serverCwd) {
       })
     ).optional().describe("question-id -> answers map (id from actions[] user_input request).")
   }).superRefine((value, ctx) => {
-    const addIssue = (path4, message) => {
+    const addIssue = (path5, message) => {
       ctx.addIssue({
         code: z.ZodIssueCode.custom,
-        path: [path4],
+        path: [path5],
         message
       });
     };
@@ -3043,6 +3333,12 @@ function createServer(serverCwd) {
             "execpolicy_amendment is only allowed for action='respond_permission'."
           );
         }
+        if (value.network_policy_amendment !== void 0) {
+          addIssue(
+            "network_policy_amendment",
+            "network_policy_amendment is only allowed for action='respond_permission'."
+          );
+        }
         if (value.denyMessage !== void 0) {
           addIssue("denyMessage", "denyMessage is only allowed for action='respond_permission'.");
         }
@@ -3062,6 +3358,7 @@ function createServer(serverCwd) {
           addIssue("answers", "answers is only allowed for action='respond_user_input'.");
         }
         const needsExecpolicy = value.decision === "acceptWithExecpolicyAmendment";
+        const needsNetworkPolicy = value.decision === "applyNetworkPolicyAmendment";
         if (needsExecpolicy && (!value.execpolicy_amendment || value.execpolicy_amendment.length === 0)) {
           addIssue(
             "execpolicy_amendment",
@@ -3074,6 +3371,18 @@ function createServer(serverCwd) {
             "execpolicy_amendment is only allowed when decision='acceptWithExecpolicyAmendment'."
           );
         }
+        if (needsNetworkPolicy && !value.network_policy_amendment) {
+          addIssue(
+            "network_policy_amendment",
+            "network_policy_amendment is required when decision='applyNetworkPolicyAmendment'."
+          );
+        }
+        if (!needsNetworkPolicy && value.network_policy_amendment !== void 0) {
+          addIssue(
+            "network_policy_amendment",
+            "network_policy_amendment is only allowed when decision='applyNetworkPolicyAmendment'."
+          );
+        }
         break;
       }
       case "respond_user_input": {
@@ -3092,6 +3401,12 @@ function createServer(serverCwd) {
             "execpolicy_amendment is only allowed for action='respond_permission'."
           );
         }
+        if (value.network_policy_amendment !== void 0) {
+          addIssue(
+            "network_policy_amendment",
+            "network_policy_amendment is only allowed for action='respond_permission'."
+          );
+        }
         if (value.denyMessage !== void 0) {
           addIssue("denyMessage", "denyMessage is only allowed for action='respond_permission'.");
         }
@@ -3390,6 +3705,7 @@ async function main() {
       "STDIO preflight failed in strict mode due to blocking stdout contamination risk"
     );
   }
+  checkDefaultCodexExecutableAvailability();
   const serverCwd = process.cwd();
   const server = createServer(serverCwd);
   const transport = new StdioServerTransport();