agent-relay-server 0.3.5 → 0.3.7

package/README.md

@@ -77,6 +77,31 @@ codex-relay
 incoming messages as live turns, and cleans up sidecar processes when Codex
 exits.
 
+### Codex approval prompts
+
+Replying to relay messages is usually done with a shell command (`curl` to
+`/api/messages`), so Codex may prompt for approval in stricter modes.
+
+`codex-relay` now forwards your Codex runtime mode to the sidecar, including
+`--ask-for-approval`, `--sandbox`, `--full-auto`, and `--yolo`.
+
+Useful setups:
+
+```bash
+# no approval prompts, still sandboxed to workspace boundaries
+codex-relay -- --ask-for-approval never --sandbox workspace-write
+```
+
+```python
+# ~/.codex/rules/default.rules
+# allow only relay message sends without repeated prompts
+prefix_rule(
+    pattern = ["curl", "-sS", "-X", "POST", "http://127.0.0.1:4850/api/messages"],
+    decision = "allow",
+    justification = "Allow local Agent Relay message posts",
+)
+```
+
 Use a remote relay server by setting:
 
 ```bash

package/bin/agent-relay-codex.ts

@@ -329,6 +329,56 @@ function spawnFallbackSidecar(runDir: string, env: Record<string, string | undef
   return sidecar.pid;
 }
 
+type SessionPermissions = {
+  approvalPolicy?: string;
+  sandbox?: string;
+};
+
+function resolveSessionPermissions(codexArgs: string[]): SessionPermissions {
+  let approvalPolicy: string | undefined;
+  let sandbox: string | undefined;
+
+  for (let index = 0; index < codexArgs.length; index += 1) {
+    const arg = codexArgs[index]!;
+    if (arg === "--yolo" || arg === "--dangerously-bypass-approvals-and-sandbox") {
+      approvalPolicy = "never";
+      sandbox = "danger-full-access";
+      continue;
+    }
+    if (arg === "--full-auto") {
+      approvalPolicy = "on-request";
+      sandbox = "workspace-write";
+      continue;
+    }
+    if (arg === "--ask-for-approval" || arg === "-a") {
+      const next = codexArgs[index + 1];
+      if (next && !next.startsWith("-")) {
+        approvalPolicy = next;
+        index += 1;
+      }
+      continue;
+    }
+    if (arg.startsWith("--ask-for-approval=")) {
+      approvalPolicy = arg.slice("--ask-for-approval=".length);
+      continue;
+    }
+    if (arg === "--sandbox" || arg === "-s") {
+      const next = codexArgs[index + 1];
+      if (next && !next.startsWith("-")) {
+        sandbox = next;
+        index += 1;
+      }
+      continue;
+    }
+    if (arg.startsWith("--sandbox=")) {
+      sandbox = arg.slice("--sandbox=".length);
+      continue;
+    }
+  }
+
+  return { approvalPolicy, sandbox };
+}
+
 function cleanupRun(runDir: string, appServer: ReturnType<typeof Bun.spawn> | null): void {
   if (existsSync(runDir)) {
     const pidsPath = join(runDir, "sidecar-pids.txt");
@@ -489,6 +539,7 @@ async function start(args: string[]): Promise<void> {
   }
 
   if (!listenUrl) listenUrl = await pickLoopbackUrl();
+  const permissions = resolveSessionPermissions(codexArgs);
 
   mkdirSync(runtimeRoot, { recursive: true });
   const runId = `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
@@ -502,6 +553,8 @@ async function start(args: string[]): Promise<void> {
     AGENT_RELAY_CODEX_RUN_ID: runId,
     AGENT_RELAY_CODEX_RUNTIME_DIR: runDir,
     CODEX_APP_SERVER_URL: listenUrl,
+    CODEX_LIVE_APPROVAL_POLICY: permissions.approvalPolicy,
+    CODEX_LIVE_SANDBOX: permissions.sandbox,
   };
 
   const appLog = Bun.file(join(runDir, "app-server.log"));

package/codex/README.md

@@ -52,6 +52,31 @@ starts Codex with
 `--remote`, lets the SessionStart hook attach a sidecar to the actual thread,
 and kills sidecars plus the app-server when Codex exits.
 
+## Approvals and prompts
+
+Relay replies are usually sent with a shell command (`curl` to
+`/api/messages`), so Codex can prompt for approval in stricter modes.
+
+`codex-relay` forwards your launch mode to the sidecar, including
+`--ask-for-approval`, `--sandbox`, `--full-auto`, and `--yolo`.
+
+Example: no prompt loop, still workspace sandboxing:
+
+```bash
+codex-relay -- --ask-for-approval never --sandbox workspace-write
+```
+
+If you prefer prompts for everything else but want relay sends auto-approved,
+add a rule in `~/.codex/rules/default.rules` (adjust URL when using a remote relay):
+
+```python
+prefix_rule(
+    pattern = ["curl", "-sS", "-X", "POST", "http://127.0.0.1:4850/api/messages"],
+    decision = "allow",
+    justification = "Allow local Agent Relay message posts",
+)
+```
+
 For local development from this repo:
 
 ```bash

package/codex/live-sidecar.ts

@@ -20,6 +20,8 @@ interface Config {
   threadMode: "auto" | "resume" | "start";
   threadId?: string;
   model?: string;
+  approvalPolicy?: string;
+  sandbox?: string;
 }
 
 interface RuntimeState {
@@ -196,8 +198,7 @@ class CodexLiveSidecar {
       const resumed = await this.app.threadResume({
         threadId,
         cwd: this.config.cwd,
-        approvalPolicy: "on-request",
-        sandbox: "workspace-write",
+        ...this.threadPermissions(),
         persistExtendedHistory: false,
       });
       return normalizeThread(resumed.thread);
@@ -213,8 +214,7 @@ class CodexLiveSidecar {
       const resumed = await this.app.threadResume({
         threadId: this.config.threadId,
         cwd: this.config.cwd,
-        approvalPolicy: "on-request",
-        sandbox: "workspace-write",
+        ...this.threadPermissions(),
         persistExtendedHistory: false,
       });
       return normalizeThread(resumed.thread);
@@ -238,8 +238,7 @@ class CodexLiveSidecar {
         const resumed = await this.app.threadResume({
           threadId: latest.id,
           cwd: this.config.cwd,
-          approvalPolicy: "on-request",
-          sandbox: "workspace-write",
+          ...this.threadPermissions(),
           persistExtendedHistory: false,
         });
         return normalizeThread(resumed.thread);
@@ -248,8 +247,7 @@ class CodexLiveSidecar {
 
     const started = await this.app.threadStart({
       cwd: this.config.cwd,
-      approvalPolicy: "on-request",
-      sandbox: "workspace-write",
+      ...this.threadPermissions(),
       ephemeral: false,
       sessionStartSource: "startup",
       model: this.config.model ?? null,
@@ -257,6 +255,13 @@ class CodexLiveSidecar {
     return normalizeThread(started.thread);
   }
 
+  private threadPermissions(): Record<string, string> {
+    const payload: Record<string, string> = {};
+    if (this.config.approvalPolicy) payload.approvalPolicy = this.config.approvalPolicy;
+    if (this.config.sandbox) payload.sandbox = this.config.sandbox;
+    return payload;
+  }
+
   private async readThreadWithFallback(threadId: string): Promise<Thread> {
     try {
       const read = await this.app.threadRead(threadId, true);
@@ -595,6 +600,8 @@ function loadConfig(): Config {
     threadMode: (process.env.CODEX_THREAD_MODE as Config["threadMode"]) || "auto",
     threadId: process.env.CODEX_THREAD_ID || undefined,
     model: process.env.CODEX_MODEL || undefined,
+    approvalPolicy: process.env.CODEX_LIVE_APPROVAL_POLICY || undefined,
+    sandbox: process.env.CODEX_LIVE_SANDBOX || undefined,
   };
 }
 

package/codex/plugin/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-relay",
-  "version": "0.3.5",
+  "version": "0.3.6",
   "description": "Agent Relay integration for Codex sessions",
   "author": {
     "name": "Edin Mujkanovic"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-relay-server",
-  "version": "0.3.5",
+  "version": "0.3.7",
   "description": "Lightweight HTTP message relay for inter-agent communication across machines",
   "module": "src/index.ts",
   "type": "module",

package/public/index.html

@@ -875,7 +875,7 @@ function relay() {
     },
 
     get composeAgents() {
-      return this.showOffline ? this.agents : this.agents.filter(a => a.status === 'online');
+      return this.showOffline ? this.agents : this.agents.filter(a => a.status !== 'offline');
     },
 
     get uniqueLabels() {