npm - agent-relay-server - Versions diffs - 0.3.6 → 0.3.7 - Mend

agent-relay-server 0.3.6 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -77,6 +77,31 @@ codex-relay
 incoming messages as live turns, and cleans up sidecar processes when Codex
 exits.
+### Codex approval prompts
+Replying to relay messages is usually done with a shell command (`curl` to
+`/api/messages`), so Codex may prompt for approval in stricter modes.
+`codex-relay` now forwards your Codex runtime mode to the sidecar, including
+`--ask-for-approval`, `--sandbox`, `--full-auto`, and `--yolo`.
+Useful setups:
+```bash
+# no approval prompts, still sandboxed to workspace boundaries
+codex-relay -- --ask-for-approval never --sandbox workspace-write
+```
+```python
+# ~/.codex/rules/default.rules
+# allow only relay message sends without repeated prompts
+prefix_rule(
+    pattern = ["curl", "-sS", "-X", "POST", "http://127.0.0.1:4850/api/messages"],
+    decision = "allow",
+    justification = "Allow local Agent Relay message posts",
+)
+```
 Use a remote relay server by setting:
 ```bash

package/bin/agent-relay-codex.ts CHANGED Viewed

@@ -329,6 +329,56 @@ function spawnFallbackSidecar(runDir: string, env: Record<string, string | undef
   return sidecar.pid;
 }
+type SessionPermissions = {
+  approvalPolicy?: string;
+  sandbox?: string;
+};
+function resolveSessionPermissions(codexArgs: string[]): SessionPermissions {
+  let approvalPolicy: string | undefined;
+  let sandbox: string | undefined;
+  for (let index = 0; index < codexArgs.length; index += 1) {
+    const arg = codexArgs[index]!;
+    if (arg === "--yolo" || arg === "--dangerously-bypass-approvals-and-sandbox") {
+      approvalPolicy = "never";
+      sandbox = "danger-full-access";
+      continue;
+    }
+    if (arg === "--full-auto") {
+      approvalPolicy = "on-request";
+      sandbox = "workspace-write";
+      continue;
+    }
+    if (arg === "--ask-for-approval" || arg === "-a") {
+      const next = codexArgs[index + 1];
+      if (next && !next.startsWith("-")) {
+        approvalPolicy = next;
+        index += 1;
+      }
+      continue;
+    }
+    if (arg.startsWith("--ask-for-approval=")) {
+      approvalPolicy = arg.slice("--ask-for-approval=".length);
+      continue;
+    }
+    if (arg === "--sandbox" || arg === "-s") {
+      const next = codexArgs[index + 1];
+      if (next && !next.startsWith("-")) {
+        sandbox = next;
+        index += 1;
+      }
+      continue;
+    }
+    if (arg.startsWith("--sandbox=")) {
+      sandbox = arg.slice("--sandbox=".length);
+      continue;
+    }
+  }
+  return { approvalPolicy, sandbox };
+}
 function cleanupRun(runDir: string, appServer: ReturnType<typeof Bun.spawn> | null): void {
   if (existsSync(runDir)) {
     const pidsPath = join(runDir, "sidecar-pids.txt");
@@ -489,6 +539,7 @@ async function start(args: string[]): Promise<void> {
   }
   if (!listenUrl) listenUrl = await pickLoopbackUrl();
+  const permissions = resolveSessionPermissions(codexArgs);
   mkdirSync(runtimeRoot, { recursive: true });
   const runId = `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
@@ -502,6 +553,8 @@ async function start(args: string[]): Promise<void> {
     AGENT_RELAY_CODEX_RUN_ID: runId,
     AGENT_RELAY_CODEX_RUNTIME_DIR: runDir,
     CODEX_APP_SERVER_URL: listenUrl,
+    CODEX_LIVE_APPROVAL_POLICY: permissions.approvalPolicy,
+    CODEX_LIVE_SANDBOX: permissions.sandbox,
   };
   const appLog = Bun.file(join(runDir, "app-server.log"));

package/codex/README.md CHANGED Viewed

@@ -52,6 +52,31 @@ starts Codex with
 `--remote`, lets the SessionStart hook attach a sidecar to the actual thread,
 and kills sidecars plus the app-server when Codex exits.
+## Approvals and prompts
+Relay replies are usually sent with a shell command (`curl` to
+`/api/messages`), so Codex can prompt for approval in stricter modes.
+`codex-relay` forwards your launch mode to the sidecar, including
+`--ask-for-approval`, `--sandbox`, `--full-auto`, and `--yolo`.
+Example: no prompt loop, still workspace sandboxing:
+```bash
+codex-relay -- --ask-for-approval never --sandbox workspace-write
+```
+If you prefer prompts for everything else but want relay sends auto-approved,
+add a rule in `~/.codex/rules/default.rules` (adjust URL when using a remote relay):
+```python
+prefix_rule(
+    pattern = ["curl", "-sS", "-X", "POST", "http://127.0.0.1:4850/api/messages"],
+    decision = "allow",
+    justification = "Allow local Agent Relay message posts",
+)
+```
 For local development from this repo:
 ```bash

package/codex/live-sidecar.ts CHANGED Viewed

@@ -20,6 +20,8 @@ interface Config {
   threadMode: "auto" | "resume" | "start";
   threadId?: string;
   model?: string;
+  approvalPolicy?: string;
+  sandbox?: string;
 }
 interface RuntimeState {
@@ -196,8 +198,7 @@ class CodexLiveSidecar {
       const resumed = await this.app.threadResume({
         threadId,
         cwd: this.config.cwd,
-        approvalPolicy: "on-request",
-        sandbox: "workspace-write",
+        ...this.threadPermissions(),
         persistExtendedHistory: false,
       });
       return normalizeThread(resumed.thread);
@@ -213,8 +214,7 @@ class CodexLiveSidecar {
       const resumed = await this.app.threadResume({
         threadId: this.config.threadId,
         cwd: this.config.cwd,
-        approvalPolicy: "on-request",
-        sandbox: "workspace-write",
+        ...this.threadPermissions(),
         persistExtendedHistory: false,
       });
       return normalizeThread(resumed.thread);
@@ -238,8 +238,7 @@ class CodexLiveSidecar {
         const resumed = await this.app.threadResume({
           threadId: latest.id,
           cwd: this.config.cwd,
-          approvalPolicy: "on-request",
-          sandbox: "workspace-write",
+          ...this.threadPermissions(),
           persistExtendedHistory: false,
         });
         return normalizeThread(resumed.thread);
@@ -248,8 +247,7 @@ class CodexLiveSidecar {
     const started = await this.app.threadStart({
       cwd: this.config.cwd,
-      approvalPolicy: "on-request",
-      sandbox: "workspace-write",
+      ...this.threadPermissions(),
       ephemeral: false,
       sessionStartSource: "startup",
       model: this.config.model ?? null,
@@ -257,6 +255,13 @@ class CodexLiveSidecar {
     return normalizeThread(started.thread);
   }
+  private threadPermissions(): Record<string, string> {
+    const payload: Record<string, string> = {};
+    if (this.config.approvalPolicy) payload.approvalPolicy = this.config.approvalPolicy;
+    if (this.config.sandbox) payload.sandbox = this.config.sandbox;
+    return payload;
+  }
   private async readThreadWithFallback(threadId: string): Promise<Thread> {
     try {
       const read = await this.app.threadRead(threadId, true);
@@ -595,6 +600,8 @@ function loadConfig(): Config {
     threadMode: (process.env.CODEX_THREAD_MODE as Config["threadMode"]) || "auto",
     threadId: process.env.CODEX_THREAD_ID || undefined,
     model: process.env.CODEX_MODEL || undefined,
+    approvalPolicy: process.env.CODEX_LIVE_APPROVAL_POLICY || undefined,
+    sandbox: process.env.CODEX_LIVE_SANDBOX || undefined,
   };
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-relay-server",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "description": "Lightweight HTTP message relay for inter-agent communication across machines",
   "module": "src/index.ts",
   "type": "module",