agentcord 0.2.0 → 2.1.0

package/.env.example

@@ -16,6 +16,11 @@ DISCORD_CLIENT_ID=your-application-client-id
 # Optional: Default working directory for new sessions
 # DEFAULT_DIRECTORY=/Users/me/Dev
 
+# Optional: Default Codex execution policy for new/resumed Codex sessions
+# CODEX_SANDBOX_MODE=workspace-write         # read-only | workspace-write | danger-full-access
+# CODEX_APPROVAL_POLICY=on-request           # never | on-request | on-failure | untrusted
+# CODEX_NETWORK_ACCESS_ENABLED=true          # true | false
+
 # Optional: Auto-delete messages older than N days
 # MESSAGE_RETENTION_DAYS=7
 

package/README.md

@@ -118,8 +118,15 @@ ALLOWED_USERS=123456789,987654321      # Comma-separated user IDs
 ALLOW_ALL_USERS=false                  # Or true to skip whitelist
 ALLOWED_PATHS=/Users/me/Dev            # Restrict accessible directories
 DEFAULT_DIRECTORY=/Users/me/Dev        # Default for new sessions
+CODEX_SANDBOX_MODE=workspace-write     # read-only | workspace-write | danger-full-access
+CODEX_APPROVAL_POLICY=on-request       # never | on-request | on-failure | untrusted
+CODEX_NETWORK_ACCESS_ENABLED=true      # true | false
 ```
 
+You can also override Codex policy per session when creating/resuming via:
+- `/session new ... sandbox-mode:<mode> approval-policy:<policy> network-access:<bool>`
+- `/session resume ... sandbox-mode:<mode> approval-policy:<policy> network-access:<bool>`
+
 ## Development
 
 ```bash

package/dist/{bot-HGP3MV5P.js → bot-C6RYOLAL.js}

@@ -20,6 +20,45 @@ function getEnvOrExit(name) {
   }
   return value;
 }
+var CODEX_SANDBOX_MODES = /* @__PURE__ */ new Set([
+  "read-only",
+  "workspace-write",
+  "danger-full-access"
+]);
+var CODEX_APPROVAL_POLICIES = /* @__PURE__ */ new Set([
+  "never",
+  "on-request",
+  "on-failure",
+  "untrusted"
+]);
+function parseCodexSandboxMode(value) {
+  if (!value) return void 0;
+  if (CODEX_SANDBOX_MODES.has(value)) {
+    return value;
+  }
+  console.error(
+    `ERROR: Invalid CODEX_SANDBOX_MODE "${value}". Expected one of: ${Array.from(CODEX_SANDBOX_MODES).join(", ")}`
+  );
+  process.exit(1);
+}
+function parseCodexApprovalPolicy(value) {
+  if (!value) return void 0;
+  if (CODEX_APPROVAL_POLICIES.has(value)) {
+    return value;
+  }
+  console.error(
+    `ERROR: Invalid CODEX_APPROVAL_POLICY "${value}". Expected one of: ${Array.from(CODEX_APPROVAL_POLICIES).join(", ")}`
+  );
+  process.exit(1);
+}
+function parseBoolean(name, value) {
+  if (value === void 0) return void 0;
+  const normalized = value.trim().toLowerCase();
+  if (normalized === "true") return true;
+  if (normalized === "false") return false;
+  console.error(`ERROR: Invalid ${name} "${value}". Expected "true" or "false".`);
+  process.exit(1);
+}
 var config = {
   token: getEnvOrExit("DISCORD_TOKEN"),
   clientId: getEnvOrExit("DISCORD_CLIENT_ID"),
@@ -29,7 +68,10 @@ var config = {
   allowedPaths: process.env.ALLOWED_PATHS?.split(",").map((p) => p.trim()).filter(Boolean) || [],
   defaultDirectory: process.env.DEFAULT_DIRECTORY || process.cwd(),
   messageRetentionDays: process.env.MESSAGE_RETENTION_DAYS ? parseInt(process.env.MESSAGE_RETENTION_DAYS, 10) : null,
-  rateLimitMs: process.env.RATE_LIMIT_MS ? parseInt(process.env.RATE_LIMIT_MS, 10) : 1e3
+  rateLimitMs: process.env.RATE_LIMIT_MS ? parseInt(process.env.RATE_LIMIT_MS, 10) : 1e3,
+  codexSandboxMode: parseCodexSandboxMode(process.env.CODEX_SANDBOX_MODE),
+  codexApprovalPolicy: parseCodexApprovalPolicy(process.env.CODEX_APPROVAL_POLICY),
+  codexNetworkAccessEnabled: parseBoolean("CODEX_NETWORK_ACCESS_ENABLED", process.env.CODEX_NETWORK_ACCESS_ENABLED)
 };
 if (config.allowedUsers.length > 0) {
   console.log(`User whitelist: ${config.allowedUsers.length} user(s) allowed`);
@@ -45,6 +87,13 @@ if (config.allowedPaths.length > 0) {
 if (config.messageRetentionDays) {
   console.log(`Message retention: ${config.messageRetentionDays} day(s)`);
 }
+if (config.codexSandboxMode || config.codexApprovalPolicy || config.codexNetworkAccessEnabled !== void 0) {
+  const bits = [];
+  if (config.codexSandboxMode) bits.push(`sandbox=${config.codexSandboxMode}`);
+  if (config.codexApprovalPolicy) bits.push(`approval=${config.codexApprovalPolicy}`);
+  if (config.codexNetworkAccessEnabled !== void 0) bits.push(`network=${config.codexNetworkAccessEnabled}`);
+  console.log(`Codex defaults: ${bits.join(", ")}`);
+}
 
 // src/commands.ts
 import {
@@ -56,10 +105,28 @@ function getCommandDefinitions() {
   const session = new SlashCommandBuilder().setName("session").setDescription("Manage AI coding sessions").addSubcommand((sub) => sub.setName("new").setDescription("Create a new coding session").addStringOption((opt) => opt.setName("name").setDescription("Session name").setRequired(true)).addStringOption((opt) => opt.setName("provider").setDescription("AI provider").addChoices(
     { name: "Claude Code", value: "claude" },
     { name: "OpenAI Codex", value: "codex" }
-  )).addStringOption((opt) => opt.setName("directory").setDescription("Working directory (default: configured default)"))).addSubcommand((sub) => sub.setName("resume").setDescription("Resume an existing session from terminal").addStringOption((opt) => opt.setName("session-id").setDescription("Provider session ID").setRequired(true).setAutocomplete(true)).addStringOption((opt) => opt.setName("name").setDescription("Name for the Discord channel").setRequired(true)).addStringOption((opt) => opt.setName("provider").setDescription("AI provider").addChoices(
+  )).addStringOption((opt) => opt.setName("sandbox-mode").setDescription("Codex sandbox mode (Codex provider only)").addChoices(
+    { name: "Read-only", value: "read-only" },
+    { name: "Workspace write", value: "workspace-write" },
+    { name: "Danger full access", value: "danger-full-access" }
+  )).addStringOption((opt) => opt.setName("approval-policy").setDescription("Codex approval policy (Codex provider only)").addChoices(
+    { name: "Never ask", value: "never" },
+    { name: "On request", value: "on-request" },
+    { name: "On failure", value: "on-failure" },
+    { name: "Untrusted", value: "untrusted" }
+  )).addBooleanOption((opt) => opt.setName("network-access").setDescription("Allow network in workspace-write sandbox (Codex only)")).addStringOption((opt) => opt.setName("directory").setDescription("Working directory (default: configured default)"))).addSubcommand((sub) => sub.setName("resume").setDescription("Resume an existing session from terminal").addStringOption((opt) => opt.setName("session-id").setDescription("Provider session ID").setRequired(true).setAutocomplete(true)).addStringOption((opt) => opt.setName("name").setDescription("Name for the Discord channel").setRequired(true)).addStringOption((opt) => opt.setName("provider").setDescription("AI provider").addChoices(
     { name: "Claude Code", value: "claude" },
     { name: "OpenAI Codex", value: "codex" }
-  )).addStringOption((opt) => opt.setName("directory").setDescription("Working directory (default: configured default)"))).addSubcommand((sub) => sub.setName("list").setDescription("List active sessions")).addSubcommand((sub) => sub.setName("end").setDescription("End the session in this channel")).addSubcommand((sub) => sub.setName("continue").setDescription("Continue the last conversation")).addSubcommand((sub) => sub.setName("stop").setDescription("Stop current generation")).addSubcommand((sub) => sub.setName("output").setDescription("Show recent conversation output").addIntegerOption((opt) => opt.setName("lines").setDescription("Number of lines (default 50)").setMinValue(1).setMaxValue(500))).addSubcommand((sub) => sub.setName("attach").setDescription("Show tmux attach command for terminal access")).addSubcommand((sub) => sub.setName("sync").setDescription("Reconnect orphaned tmux sessions")).addSubcommand((sub) => sub.setName("model").setDescription("Change the model for this session").addStringOption((opt) => opt.setName("model").setDescription("Model name (e.g. claude-sonnet-4-5-20250929, gpt-5.3-codex)").setRequired(true))).addSubcommand((sub) => sub.setName("id").setDescription("Show the provider session ID for this channel")).addSubcommand((sub) => sub.setName("verbose").setDescription("Toggle showing tool calls and results in this session")).addSubcommand((sub) => sub.setName("mode").setDescription("Set session mode (auto/plan/normal)").addStringOption((opt) => opt.setName("mode").setDescription("Session mode").setRequired(true).addChoices(
+  )).addStringOption((opt) => opt.setName("sandbox-mode").setDescription("Codex sandbox mode (Codex provider only)").addChoices(
+    { name: "Read-only", value: "read-only" },
+    { name: "Workspace write", value: "workspace-write" },
+    { name: "Danger full access", value: "danger-full-access" }
+  )).addStringOption((opt) => opt.setName("approval-policy").setDescription("Codex approval policy (Codex provider only)").addChoices(
+    { name: "Never ask", value: "never" },
+    { name: "On request", value: "on-request" },
+    { name: "On failure", value: "on-failure" },
+    { name: "Untrusted", value: "untrusted" }
+  )).addBooleanOption((opt) => opt.setName("network-access").setDescription("Allow network in workspace-write sandbox (Codex only)")).addStringOption((opt) => opt.setName("directory").setDescription("Working directory (default: configured default)"))).addSubcommand((sub) => sub.setName("list").setDescription("List active sessions")).addSubcommand((sub) => sub.setName("end").setDescription("End the session in this channel")).addSubcommand((sub) => sub.setName("continue").setDescription("Continue the last conversation")).addSubcommand((sub) => sub.setName("stop").setDescription("Stop current generation")).addSubcommand((sub) => sub.setName("output").setDescription("Show recent conversation output").addIntegerOption((opt) => opt.setName("lines").setDescription("Number of lines (default 50)").setMinValue(1).setMaxValue(500))).addSubcommand((sub) => sub.setName("attach").setDescription("Show tmux attach command for terminal access")).addSubcommand((sub) => sub.setName("sync").setDescription("Reconnect orphaned tmux sessions")).addSubcommand((sub) => sub.setName("model").setDescription("Change the model for this session").addStringOption((opt) => opt.setName("model").setDescription("Model name (e.g. claude-sonnet-4-5-20250929, gpt-5.3-codex)").setRequired(true))).addSubcommand((sub) => sub.setName("id").setDescription("Show the provider session ID for this channel")).addSubcommand((sub) => sub.setName("verbose").setDescription("Toggle showing tool calls and results in this session")).addSubcommand((sub) => sub.setName("mode").setDescription("Set session mode (auto/plan/normal)").addStringOption((opt) => opt.setName("mode").setDescription("Session mode").setRequired(true).addChoices(
     { name: "Auto \u2014 full autonomy", value: "auto" },
     { name: "Plan \u2014 plan before executing", value: "plan" },
     { name: "Normal \u2014 ask before destructive ops", value: "normal" }
@@ -366,7 +433,7 @@ function installPackageGlobally(pkg) {
 async function loadCodexProvider() {
   const pkg = PROVIDER_PACKAGES.codex;
   try {
-    const { CodexProvider } = await import("./codex-provider-672ILQC2.js");
+    const { CodexProvider } = await import("./codex-provider-BB2OO3OK.js");
     providers.set("codex", new CodexProvider());
     codexLoaded = true;
     return;
@@ -382,7 +449,7 @@ async function loadCodexProvider() {
     }
   }
   try {
-    const { CodexProvider } = await import("./codex-provider-672ILQC2.js");
+    const { CodexProvider } = await import("./codex-provider-BB2OO3OK.js");
     providers.set("codex", new CodexProvider());
     codexLoaded = true;
   } catch (err) {
@@ -759,6 +826,7 @@ var MODE_PROMPTS = {
 var sessionStore = new Store("sessions.json");
 var sessions = /* @__PURE__ */ new Map();
 var channelToSession = /* @__PURE__ */ new Map();
+var saveQueue = Promise.resolve();
 function tmux(...args) {
   return new Promise((resolve2, reject) => {
     execFile("tmux", args, { encoding: "utf-8" }, (err, stdout) => {
@@ -775,10 +843,24 @@ async function tmuxSessionExists(tmuxName) {
     return false;
   }
 }
+function isPlaceholderChannelId(channelId) {
+  return !channelId || channelId === "pending";
+}
 async function loadSessions() {
   const data = await sessionStore.read();
   if (!data) return;
+  let cleaned = false;
   for (const s of data) {
+    if (isPlaceholderChannelId(s.channelId)) {
+      cleaned = true;
+      console.warn(`Skipping invalid persisted session "${s.id}" (missing channel ID).`);
+      continue;
+    }
+    if (channelToSession.has(s.channelId)) {
+      cleaned = true;
+      console.warn(`Skipping duplicate persisted session "${s.id}" (channel ${s.channelId} already linked).`);
+      continue;
+    }
     const provider = s.provider ?? "claude";
     const providerSessionId = s.providerSessionId ?? s.claudeSessionId;
     if (provider === "claude") {
@@ -801,11 +883,15 @@ async function loadSessions() {
     });
     channelToSession.set(s.channelId, s.id);
   }
+  if (cleaned) {
+    await saveSessions();
+  }
   console.log(`Restored ${sessions.size} session(s)`);
 }
-async function saveSessions() {
+async function persistSessionsNow() {
   const data = [];
   for (const [, s] of sessions) {
+    if (isPlaceholderChannelId(s.channelId)) continue;
     data.push({
       id: s.id,
       channelId: s.channelId,
@@ -815,6 +901,9 @@ async function saveSessions() {
       tmuxName: s.tmuxName,
       providerSessionId: s.providerSessionId,
       model: s.model,
+      sandboxMode: s.sandboxMode,
+      approvalPolicy: s.approvalPolicy,
+      networkAccessEnabled: s.networkAccessEnabled,
       agentPersona: s.agentPersona,
       verbose: s.verbose || void 0,
       mode: s.mode !== "auto" ? s.mode : void 0,
@@ -826,8 +915,24 @@ async function saveSessions() {
   }
   await sessionStore.write(data);
 }
-async function createSession(name, directory, channelId, projectName, provider = "claude", providerSessionId) {
+function saveSessions() {
+  saveQueue = saveQueue.catch(() => {
+  }).then(async () => {
+    try {
+      await persistSessionsNow();
+    } catch (err) {
+      console.error(`Failed to persist sessions: ${err.message}`);
+    }
+  });
+  return saveQueue;
+}
+async function createSession(name, directory, channelId, projectName, provider = "claude", providerSessionId, options = {}) {
   const resolvedDir = resolvePath(directory);
+  const effectiveOptions = provider === "codex" ? {
+    sandboxMode: options.sandboxMode ?? config.codexSandboxMode,
+    approvalPolicy: options.approvalPolicy ?? config.codexApprovalPolicy,
+    networkAccessEnabled: options.networkAccessEnabled ?? config.codexNetworkAccessEnabled
+  } : options;
   if (!isPathAllowed(resolvedDir, config.allowedPaths)) {
     throw new Error(`Directory not in allowed paths: ${resolvedDir}`);
   }
@@ -855,6 +960,9 @@ async function createSession(name, directory, channelId, projectName, provider =
     provider,
     tmuxName,
     providerSessionId,
+    sandboxMode: effectiveOptions.sandboxMode,
+    approvalPolicy: effectiveOptions.approvalPolicy,
+    networkAccessEnabled: effectiveOptions.networkAccessEnabled,
     verbose: false,
     mode: "auto",
     isGenerating: false,
@@ -864,8 +972,10 @@ async function createSession(name, directory, channelId, projectName, provider =
     totalCost: 0
   };
   sessions.set(id, session);
-  channelToSession.set(channelId, id);
-  await saveSessions();
+  if (!isPlaceholderChannelId(channelId)) {
+    channelToSession.set(channelId, id);
+    await saveSessions();
+  }
   return session;
 }
 function getSession(id) {
@@ -890,29 +1000,38 @@ async function endSession(id) {
     } catch {
     }
   }
-  channelToSession.delete(session.channelId);
+  if (!isPlaceholderChannelId(session.channelId)) {
+    channelToSession.delete(session.channelId);
+  }
   sessions.delete(id);
   await saveSessions();
 }
-function linkChannel(sessionId, channelId) {
+async function linkChannel(sessionId, channelId) {
   const session = sessions.get(sessionId);
-  if (session) {
+  if (!session) {
+    throw new Error(`Session "${sessionId}" not found`);
+  }
+  if (!isPlaceholderChannelId(session.channelId)) {
     channelToSession.delete(session.channelId);
-    session.channelId = channelId;
-    channelToSession.set(channelId, sessionId);
-    saveSessions();
   }
+  session.channelId = channelId;
+  channelToSession.set(channelId, sessionId);
+  await saveSessions();
 }
-function unlinkChannel(channelId) {
-  const sessionId = channelToSession.get(channelId);
-  if (sessionId) {
-    channelToSession.delete(channelId);
-    const session = sessions.get(sessionId);
-    if (session) {
-      sessions.delete(sessionId);
+async function unlinkChannel(channelId) {
+  let sessionId = channelToSession.get(channelId);
+  if (!sessionId) {
+    for (const [id, session] of sessions) {
+      if (session.channelId === channelId) {
+        sessionId = id;
+        break;
+      }
     }
-    saveSessions();
   }
+  if (!sessionId) return;
+  channelToSession.delete(channelId);
+  sessions.delete(sessionId);
+  await saveSessions();
 }
 function setModel(sessionId, model) {
   const session = sessions.get(sessionId);
@@ -969,6 +1088,9 @@ async function* sendPrompt(sessionId, prompt) {
       directory: session.directory,
       providerSessionId: session.providerSessionId,
       model: session.model,
+      sandboxMode: session.sandboxMode,
+      approvalPolicy: session.approvalPolicy,
+      networkAccessEnabled: session.networkAccessEnabled,
       systemPromptParts,
       abortController: controller
     });
@@ -1010,6 +1132,9 @@ async function* continueSession(sessionId) {
       directory: session.directory,
       providerSessionId: session.providerSessionId,
       model: session.model,
+      sandboxMode: session.sandboxMode,
+      approvalPolicy: session.approvalPolicy,
+      networkAccessEnabled: session.networkAccessEnabled,
       systemPromptParts,
       abortController: controller
     });
@@ -1929,9 +2054,28 @@ var PROVIDER_COLORS = {
   claude: 3447003,
   codex: 1090431
 };
+function resolveCodexSessionOptions(interaction, provider) {
+  if (provider !== "codex") return {};
+  const sandboxMode = interaction.options.getString("sandbox-mode") ?? config.codexSandboxMode;
+  const approvalPolicy = interaction.options.getString("approval-policy") ?? config.codexApprovalPolicy;
+  const networkAccessEnabled = interaction.options.getBoolean("network-access") ?? config.codexNetworkAccessEnabled;
+  return { sandboxMode, approvalPolicy, networkAccessEnabled };
+}
+function addCodexPolicyFields(fields, options) {
+  if (options.sandboxMode) {
+    fields.push({ name: "Sandbox", value: options.sandboxMode, inline: true });
+  }
+  if (options.approvalPolicy) {
+    fields.push({ name: "Approval", value: options.approvalPolicy, inline: true });
+  }
+  if (options.networkAccessEnabled !== void 0) {
+    fields.push({ name: "Network Access", value: options.networkAccessEnabled ? "enabled" : "disabled", inline: true });
+  }
+}
 async function handleSessionNew(interaction) {
   const name = interaction.options.getString("name", true);
   const provider = interaction.options.getString("provider") || "claude";
+  const codexOptions = resolveCodexSessionOptions(interaction, provider);
   let directory = interaction.options.getString("directory");
   if (!directory) {
     const parentId = interaction.channel?.parentId;
@@ -1943,18 +2087,19 @@ async function handleSessionNew(interaction) {
   }
   await interaction.deferReply();
   let channel;
+  let session;
   try {
     const guild = interaction.guild;
     const projectName = projectNameFromDir(directory);
     const { category } = await ensureProjectCategory(guild, projectName, directory);
-    const session = await createSession(name, directory, "pending", projectName, provider);
+    session = await createSession(name, directory, "pending", projectName, provider, void 0, codexOptions);
     channel = await guild.channels.create({
       name: `${provider}-${session.id}`,
       type: ChannelType.GuildText,
       parent: category.id,
       topic: `${PROVIDER_LABELS[provider]} session | Dir: ${directory}`
     });
-    linkChannel(session.id, channel.id);
+    await linkChannel(session.id, channel.id);
     const fields = [
       { name: "Channel", value: `#${provider}-${session.id}`, inline: true },
       { name: "Provider", value: PROVIDER_LABELS[provider], inline: true },
@@ -1964,6 +2109,7 @@ async function handleSessionNew(interaction) {
     if (session.tmuxName) {
       fields.push({ name: "Terminal", value: `\`tmux attach -t ${session.tmuxName}\``, inline: false });
     }
+    addCodexPolicyFields(fields, codexOptions);
     const embed = new EmbedBuilder3().setColor(3066993).setTitle(`Session Created: ${session.id}`).addFields(fields);
     await interaction.editReply({ embeds: [embed] });
     log(`Session "${session.id}" (${provider}) created by ${interaction.user.tag} in ${directory}`);
@@ -1974,6 +2120,7 @@ async function handleSessionNew(interaction) {
     if (session.tmuxName) {
       welcomeFields.push({ name: "Terminal Access", value: `\`tmux attach -t ${session.tmuxName}\``, inline: false });
     }
+    addCodexPolicyFields(welcomeFields, codexOptions);
     welcomeEmbed.addFields(welcomeFields);
     await channel.send({ embeds: [welcomeEmbed] });
   } catch (err) {
@@ -1983,6 +2130,12 @@ async function handleSessionNew(interaction) {
       } catch {
       }
     }
+    if (session) {
+      try {
+        await endSession(session.id);
+      } catch {
+      }
+    }
     await interaction.editReply(`Failed to create session: ${err.message}`);
   }
 }
@@ -2094,6 +2247,7 @@ async function handleSessionResume(interaction) {
   const providerSessionId = interaction.options.getString("session-id", true);
   const name = interaction.options.getString("name", true);
   const provider = interaction.options.getString("provider") || "claude";
+  const codexOptions = resolveCodexSessionOptions(interaction, provider);
   const directory = interaction.options.getString("directory") || config.defaultDirectory;
   if (provider === "claude") {
     const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
@@ -2107,18 +2261,27 @@ async function handleSessionResume(interaction) {
   }
   await interaction.deferReply();
   let channel;
+  let session;
   try {
     const guild = interaction.guild;
     const projectName = projectNameFromDir(directory);
     const { category } = await ensureProjectCategory(guild, projectName, directory);
-    const session = await createSession(name, directory, "pending", projectName, provider, providerSessionId);
+    session = await createSession(
+      name,
+      directory,
+      "pending",
+      projectName,
+      provider,
+      providerSessionId,
+      codexOptions
+    );
     channel = await guild.channels.create({
       name: `${provider}-${session.id}`,
       type: ChannelType.GuildText,
       parent: category.id,
       topic: `${PROVIDER_LABELS[provider]} session (resumed) | Dir: ${directory}`
     });
-    linkChannel(session.id, channel.id);
+    await linkChannel(session.id, channel.id);
     const fields = [
       { name: "Channel", value: `#${provider}-${session.id}`, inline: true },
       { name: "Provider", value: PROVIDER_LABELS[provider], inline: true },
@@ -2129,6 +2292,7 @@ async function handleSessionResume(interaction) {
     if (session.tmuxName) {
       fields.push({ name: "Terminal", value: `\`tmux attach -t ${session.tmuxName}\``, inline: false });
     }
+    addCodexPolicyFields(fields, codexOptions);
     const embed = new EmbedBuilder3().setColor(15105570).setTitle(`Session Resumed: ${session.id}`).addFields(fields);
     await interaction.editReply({ embeds: [embed] });
     log(`Session "${session.id}" (${provider}, resumed ${providerSessionId}) created by ${interaction.user.tag} in ${directory}`);
@@ -2139,6 +2303,7 @@ async function handleSessionResume(interaction) {
     if (session.tmuxName) {
       welcomeFields.push({ name: "Terminal Access", value: `\`tmux attach -t ${session.tmuxName}\``, inline: false });
     }
+    addCodexPolicyFields(welcomeFields, codexOptions);
     await channel.send({
       embeds: [
         new EmbedBuilder3().setColor(15105570).setTitle(`${PROVIDER_LABELS[provider]} Session (Resumed)`).setDescription(
@@ -2153,6 +2318,12 @@ async function handleSessionResume(interaction) {
       } catch {
       }
     }
+    if (session) {
+      try {
+        await endSession(session.id);
+      } catch {
+      }
+    }
     await interaction.editReply(`Failed to resume session: ${err.message}`);
   }
 }
@@ -2174,7 +2345,13 @@ async function handleSessionList(interaction) {
       const status = s.isGenerating ? "\u{1F7E2} generating" : "\u26AA idle";
       const modeEmoji = { auto: "\u26A1", plan: "\u{1F4CB}", normal: "\u{1F6E1}\uFE0F" }[s.mode] || "\u26A1";
       const providerTag = `[${s.provider}]`;
-      return `**${s.id}** ${providerTag} \u2014 ${status} ${modeEmoji} ${s.mode} | ${formatUptime(s.createdAt)} uptime | ${s.messageCount} msgs | $${s.totalCost.toFixed(4)} | ${formatLastActivity(s.lastActivity)}`;
+      const codexPolicy = s.provider === "codex" ? [
+        s.sandboxMode ? `sandbox:${s.sandboxMode}` : "",
+        s.approvalPolicy ? `approval:${s.approvalPolicy}` : "",
+        s.networkAccessEnabled !== void 0 ? `network:${s.networkAccessEnabled ? "on" : "off"}` : ""
+      ].filter(Boolean).join(" ") : "";
+      const policySuffix = codexPolicy ? ` | ${codexPolicy}` : "";
+      return `**${s.id}** ${providerTag} \u2014 ${status} ${modeEmoji} ${s.mode} | ${formatUptime(s.createdAt)} uptime | ${s.messageCount} msgs | $${s.totalCost.toFixed(4)} | ${formatLastActivity(s.lastActivity)}${policySuffix}`;
     });
     embed.addFields({ name: `\u{1F4C1} ${project}`, value: lines.join("\n") });
   }
@@ -3530,7 +3707,7 @@ async function startBot() {
   client.on("messageCreate", handleMessage);
   client.on("channelDelete", (channel) => {
     if (channel.type === ChannelType2.GuildText) {
-      unlinkChannel(channel.id);
+      void unlinkChannel(channel.id);
     }
   });
   client.once("ready", async () => {

package/dist/cli.js

@@ -4,7 +4,7 @@
 var command = process.argv[2];
 switch (command) {
   case "setup": {
-    const { runSetup } = await import("./setup-FO4HRB3B.js");
+    const { runSetup } = await import("./setup-VHXX7YM6.js");
     await runSetup();
     break;
   }
@@ -18,7 +18,7 @@ switch (command) {
       console.log("Run \x1B[36magentcord setup\x1B[0m to configure.\n");
       process.exit(1);
     }
-    const { startBot } = await import("./bot-HGP3MV5P.js");
+    const { startBot } = await import("./bot-C6RYOLAL.js");
     console.log("agentcord starting...");
     await startBot();
     break;

package/dist/{codex-provider-672ILQC2.js → codex-provider-BB2OO3OK.js}

@@ -96,6 +96,11 @@ var CodexProvider = class {
         skipGitRepoCheck: true
       };
       if (options.model) threadOptions.model = options.model;
+      if (options.sandboxMode) threadOptions.sandboxMode = options.sandboxMode;
+      if (options.approvalPolicy) threadOptions.approvalPolicy = options.approvalPolicy;
+      if (options.networkAccessEnabled !== void 0) {
+        threadOptions.networkAccessEnabled = options.networkAccessEnabled;
+      }
       const thread = options.providerSessionId ? codex.resumeThread(options.providerSessionId, threadOptions) : codex.startThread(threadOptions);
       const { events } = await thread.runStreamed(input);
       yield* this.translateEvents(events, options.abortController);
@@ -118,6 +123,11 @@ var CodexProvider = class {
         skipGitRepoCheck: true
       };
       if (options.model) threadOptions.model = options.model;
+      if (options.sandboxMode) threadOptions.sandboxMode = options.sandboxMode;
+      if (options.approvalPolicy) threadOptions.approvalPolicy = options.approvalPolicy;
+      if (options.networkAccessEnabled !== void 0) {
+        threadOptions.networkAccessEnabled = options.networkAccessEnabled;
+      }
       const thread = codex.resumeThread(options.providerSessionId, threadOptions);
       const { events } = await thread.runStreamed("Continue from where you left off.");
       yield* this.translateEvents(events, options.abortController);

package/dist/{setup-FO4HRB3B.js → setup-VHXX7YM6.js}

@@ -40,6 +40,7 @@ function writeEnvFile(env) {
     { comment: "# Discord App", keys: ["DISCORD_TOKEN", "DISCORD_CLIENT_ID", "DISCORD_GUILD_ID"] },
     { comment: "# Security", keys: ["ALLOWED_USERS", "ALLOW_ALL_USERS"] },
     { comment: "# Paths", keys: ["ALLOWED_PATHS", "DEFAULT_DIRECTORY"] },
+    { comment: "# Codex Defaults", keys: ["CODEX_SANDBOX_MODE", "CODEX_APPROVAL_POLICY", "CODEX_NETWORK_ACCESS_ENABLED"] },
     { comment: "# Optional", keys: ["MESSAGE_RETENTION_DAYS", "RATE_LIMIT_MS"] }
   ];
   for (const section of sections) {
@@ -237,6 +238,9 @@ async function runSetup() {
   if (allowedPaths) env.ALLOWED_PATHS = allowedPaths;
   if (existing.MESSAGE_RETENTION_DAYS) env.MESSAGE_RETENTION_DAYS = existing.MESSAGE_RETENTION_DAYS;
   if (existing.RATE_LIMIT_MS) env.RATE_LIMIT_MS = existing.RATE_LIMIT_MS;
+  if (existing.CODEX_SANDBOX_MODE) env.CODEX_SANDBOX_MODE = existing.CODEX_SANDBOX_MODE;
+  if (existing.CODEX_APPROVAL_POLICY) env.CODEX_APPROVAL_POLICY = existing.CODEX_APPROVAL_POLICY;
+  if (existing.CODEX_NETWORK_ACCESS_ENABLED) env.CODEX_NETWORK_ACCESS_ENABLED = existing.CODEX_NETWORK_ACCESS_ENABLED;
   const s = p.spinner();
   s.start("Writing .env file");
   writeEnvFile(env);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentcord",
-  "version": "0.2.0",
+  "version": "2.1.0",
   "type": "module",
   "description": "Discord bot for managing AI coding agent sessions (Claude Code, Codex, and more)",
   "bin": {