cyrus-codex-runner 0.2.64-test.6 → 0.2.64

package/dist/config/mcpConfigTranslator.js

@@ -0,0 +1,245 @@
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+const CODEX_MCP_DOCS_URL = "https://platform.openai.com/docs/docs-mcp";
+const CODEX_MCP_APPROVE_MODE = "approve";
+function autoDetectMcpConfigPath(workingDirectory) {
+    if (!workingDirectory) {
+        return undefined;
+    }
+    const mcpPath = join(workingDirectory, ".mcp.json");
+    if (!existsSync(mcpPath)) {
+        return undefined;
+    }
+    try {
+        JSON.parse(readFileSync(mcpPath, "utf8"));
+        return mcpPath;
+    }
+    catch {
+        console.warn(`[CodexRunner] Found .mcp.json at ${mcpPath} but it is invalid JSON, skipping`);
+        return undefined;
+    }
+}
+function loadMcpConfigFromPaths(configPaths) {
+    if (!configPaths) {
+        return {};
+    }
+    const paths = Array.isArray(configPaths) ? configPaths : [configPaths];
+    let mcpServers = {};
+    for (const configPath of paths) {
+        try {
+            const mcpConfigContent = readFileSync(configPath, "utf8");
+            const mcpConfig = JSON.parse(mcpConfigContent);
+            const servers = mcpConfig &&
+                typeof mcpConfig === "object" &&
+                !Array.isArray(mcpConfig) &&
+                mcpConfig.mcpServers &&
+                typeof mcpConfig.mcpServers === "object" &&
+                !Array.isArray(mcpConfig.mcpServers)
+                ? mcpConfig.mcpServers
+                : {};
+            mcpServers = { ...mcpServers, ...servers };
+            console.log(`[CodexRunner] Loaded MCP config from ${configPath}: ${Object.keys(servers).join(", ")}`);
+        }
+        catch (error) {
+            console.warn(`[CodexRunner] Failed to load MCP config from ${configPath}: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    return mcpServers;
+}
+function parseMcpAllowedTool(toolPattern) {
+    const trimmed = toolPattern.trim();
+    if (!trimmed.startsWith("mcp__")) {
+        return null;
+    }
+    const parts = trimmed.split("__");
+    const serverName = parts[1]?.trim();
+    if (!serverName) {
+        return null;
+    }
+    if (parts.length === 2) {
+        return { serverName };
+    }
+    const toolName = parts.slice(2).join("__").trim();
+    return toolName ? { serverName, toolName } : { serverName };
+}
+function buildMcpAllowedToolsFilters(allowedTools) {
+    const filters = new Map();
+    for (const allowedTool of allowedTools ?? []) {
+        const parsed = parseMcpAllowedTool(allowedTool);
+        if (!parsed) {
+            continue;
+        }
+        const filter = filters.get(parsed.serverName) ?? {
+            allowAll: false,
+            tools: [],
+        };
+        if (!parsed.toolName) {
+            filter.allowAll = true;
+            filter.tools = [];
+        }
+        else if (!filter.allowAll && !filter.tools.includes(parsed.toolName)) {
+            filter.tools.push(parsed.toolName);
+        }
+        filters.set(parsed.serverName, filter);
+    }
+    return filters;
+}
+function normalizeMcpServerFilterName(serverName) {
+    return serverName.replace(/[-_]+/g, "").toLowerCase();
+}
+function mergeMcpAllowedToolsFilters(filters) {
+    if (filters.length === 0) {
+        return undefined;
+    }
+    const merged = {
+        allowAll: false,
+        tools: [],
+    };
+    for (const filter of filters) {
+        if (filter.allowAll) {
+            return { allowAll: true, tools: [] };
+        }
+        for (const tool of filter.tools) {
+            if (!merged.tools.includes(tool)) {
+                merged.tools.push(tool);
+            }
+        }
+    }
+    return merged;
+}
+function getMcpAllowedToolsFilter(filters, serverName) {
+    const matchingFilters = [];
+    const exact = filters.get(serverName);
+    if (exact) {
+        matchingFilters.push(exact);
+    }
+    const normalizedServerName = normalizeMcpServerFilterName(serverName);
+    for (const [allowedServerName, filter] of filters.entries()) {
+        if (allowedServerName === serverName) {
+            continue;
+        }
+        if (normalizeMcpServerFilterName(allowedServerName) === normalizedServerName) {
+            matchingFilters.push(filter);
+        }
+    }
+    return mergeMcpAllowedToolsFilters(matchingFilters);
+}
+function applyCyrusMcpAllowedToolsSemantics(mapped, allowedToolsFilter, options) {
+    const shouldGenerateToolFilter = !allowedToolsFilter.allowAll &&
+        allowedToolsFilter.tools.length > 0 &&
+        !options.hasNativeToolFilter;
+    if (shouldGenerateToolFilter) {
+        mapped.enabled_tools = allowedToolsFilter.tools;
+    }
+    // Codex separates tool visibility (`enabled_tools`) from MCP approval. Cyrus
+    // allowedTools are already the operator's allow-list, so generated allowances
+    // must also be approved for non-interactive Codex exec runs.
+    if (!Object.hasOwn(mapped, "default_tools_approval_mode")) {
+        mapped.default_tools_approval_mode = CODEX_MCP_APPROVE_MODE;
+    }
+}
+function copyConfigString(target, source, key) {
+    if (typeof source[key] === "string") {
+        target[key] = source[key];
+    }
+}
+function copyConfigNumber(target, source, key) {
+    if (typeof source[key] === "number") {
+        target[key] = source[key];
+    }
+}
+function copyConfigBoolean(target, source, key) {
+    if (typeof source[key] === "boolean") {
+        target[key] = source[key];
+    }
+}
+function copyConfigArray(target, source, key) {
+    if (Array.isArray(source[key])) {
+        target[key] = source[key];
+    }
+}
+function copyConfigObject(target, source, sourceKey, targetKey = sourceKey) {
+    const value = source[sourceKey];
+    if (value && typeof value === "object" && !Array.isArray(value)) {
+        target[targetKey] =
+            value;
+    }
+}
+/**
+ * Translate Cyrus MCP server configs (file-based + inline) and Cyrus
+ * `allowedTools` semantics into Codex-native `mcp_servers` config overrides.
+ *
+ * Reference: {@link https://platform.openai.com/docs/docs-mcp}
+ */
+export function buildCodexMcpServersConfig(input) {
+    const autoDetectedPath = autoDetectMcpConfigPath(input.workingDirectory);
+    const configPaths = autoDetectedPath ? [autoDetectedPath] : [];
+    if (input.mcpConfigPath) {
+        const explicitPaths = Array.isArray(input.mcpConfigPath)
+            ? input.mcpConfigPath
+            : [input.mcpConfigPath];
+        configPaths.push(...explicitPaths);
+    }
+    const fileBasedServers = loadMcpConfigFromPaths(configPaths);
+    const mergedServers = input.mcpConfig
+        ? { ...fileBasedServers, ...input.mcpConfig }
+        : fileBasedServers;
+    if (Object.keys(mergedServers).length === 0) {
+        return undefined;
+    }
+    const allowedToolsFilters = buildMcpAllowedToolsFilters(input.allowedTools);
+    const codexServers = {};
+    for (const [serverName, rawConfig] of Object.entries(mergedServers)) {
+        const configAny = rawConfig;
+        if (typeof configAny.listTools === "function" ||
+            typeof configAny.callTool === "function") {
+            console.warn(`[CodexRunner] Skipping MCP server '${serverName}' because in-process SDK server instances cannot be mapped to codex config`);
+            continue;
+        }
+        const mapped = {};
+        copyConfigString(mapped, configAny, "command");
+        copyConfigArray(mapped, configAny, "args");
+        copyConfigObject(mapped, configAny, "env");
+        copyConfigArray(mapped, configAny, "env_vars");
+        copyConfigString(mapped, configAny, "cwd");
+        copyConfigString(mapped, configAny, "experimental_environment");
+        copyConfigString(mapped, configAny, "url");
+        copyConfigObject(mapped, configAny, "http_headers");
+        copyConfigObject(mapped, configAny, "headers", "http_headers");
+        copyConfigObject(mapped, configAny, "env_http_headers");
+        copyConfigString(mapped, configAny, "bearer_token_env_var");
+        copyConfigNumber(mapped, configAny, "timeout");
+        copyConfigNumber(mapped, configAny, "startup_timeout_sec");
+        copyConfigNumber(mapped, configAny, "tool_timeout_sec");
+        copyConfigBoolean(mapped, configAny, "enabled");
+        copyConfigBoolean(mapped, configAny, "required");
+        copyConfigArray(mapped, configAny, "enabled_tools");
+        copyConfigArray(mapped, configAny, "disabled_tools");
+        copyConfigString(mapped, configAny, "default_tools_approval_mode");
+        copyConfigObject(mapped, configAny, "tools");
+        if (!mapped.command && !mapped.url) {
+            console.warn(`[CodexRunner] Skipping MCP server '${serverName}' because it has no command/url transport`);
+            continue;
+        }
+        const allowedToolsFilter = getMcpAllowedToolsFilter(allowedToolsFilters, serverName);
+        const hasNativeToolFilter = Object.hasOwn(mapped, "enabled_tools") ||
+            Object.hasOwn(mapped, "disabled_tools");
+        if (allowedToolsFilter) {
+            applyCyrusMcpAllowedToolsSemantics(mapped, allowedToolsFilter, {
+                hasNativeToolFilter,
+            });
+        }
+        // If the MCP config already contains Codex-native enabled_tools or
+        // disabled_tools, keep those exact filters. They are more specific to
+        // Codex than Claude-style Cyrus allowedTools entries. A bare
+        // `mcp__server` intentionally emits no enabled_tools filter because it
+        // means "allow every tool exposed by this configured server".
+        codexServers[serverName] = mapped;
+    }
+    if (Object.keys(codexServers).length === 0) {
+        return undefined;
+    }
+    console.log(`[CodexRunner] Configured ${Object.keys(codexServers).length} MCP server(s) for codex config (docs: ${CODEX_MCP_DOCS_URL})`);
+    return codexServers;
+}
+//# sourceMappingURL=mcpConfigTranslator.js.map

package/dist/config/mcpConfigTranslator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpConfigTranslator.js","sourceRoot":"","sources":["../../src/config/mcpConfigTranslator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAIjC,MAAM,kBAAkB,GAAG,2CAA2C,CAAC;AACvE,MAAM,sBAAsB,GAAG,SAAS,CAAC;AAezC,SAAS,uBAAuB,CAC/B,gBAAyB;IAEzB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACJ,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,CAAC,IAAI,CACX,oCAAoC,OAAO,mCAAmC,CAC9E,CAAC;QACF,OAAO,SAAS,CAAC;IAClB,CAAC;AACF,CAAC;AAED,SAAS,sBAAsB,CAC9B,WAA0C;IAE1C,IAAI,CAAC,WAAW,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC;IACX,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACvE,IAAI,UAAU,GAAoC,EAAE,CAAC;IAErD,KAAK,MAAM,UAAU,IAAI,KAAK,EAAE,CAAC;QAChC,IAAI,CAAC;YACJ,MAAM,gBAAgB,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAC/C,MAAM,OAAO,GACZ,SAAS;gBACT,OAAO,SAAS,KAAK,QAAQ;gBAC7B,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;gBACzB,SAAS,CAAC,UAAU;gBACpB,OAAO,SAAS,CAAC,UAAU,KAAK,QAAQ;gBACxC,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC;gBACnC,CAAC,CAAE,SAAS,CAAC,UAA8C;gBAC3D,CAAC,CAAC,EAAE,CAAC;YACP,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,GAAG,OAAO,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CACV,wCAAwC,UAAU,KAAK,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,IAAI,CACX,gDAAgD,UAAU,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvH,CAAC;QACH,CAAC;IACF,CAAC;IAED,OAAO,UAAU,CAAC;AACnB,CAAC;AAED,SAAS,mBAAmB,CAC3B,WAAmB;IAEnB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,UAAU,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,EAAE,UAAU,EAAE,CAAC;IACvB,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,2BAA2B,CACnC,YAAkC;IAElC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IACzD,KAAK,MAAM,WAAW,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,SAAS;QACV,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI;YAChD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,EAAE;SACT,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC;YACvB,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC;QACnB,CAAC;aAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACpC,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC;AAED,SAAS,4BAA4B,CAAC,UAAkB;IACvD,OAAO,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,2BAA2B,CACnC,OAAgC;IAEhC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAA0B;QACrC,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,EAAE;KACT,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC9B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACtC,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzB,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,MAAM,CAAC;AACf,CAAC;AAED,SAAS,wBAAwB,CAChC,OAA2C,EAC3C,UAAkB;IAElB,MAAM,eAAe,GAA4B,EAAE,CAAC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACtC,IAAI,KAAK,EAAE,CAAC;QACX,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,oBAAoB,GAAG,4BAA4B,CAAC,UAAU,CAAC,CAAC;IACtE,KAAK,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC7D,IAAI,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACtC,SAAS;QACV,CAAC;QACD,IACC,4BAA4B,CAAC,iBAAiB,CAAC,KAAK,oBAAoB,EACvE,CAAC;YACF,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;IACF,CAAC;IAED,OAAO,2BAA2B,CAAC,eAAe,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,kCAAkC,CAC1C,MAA4B,EAC5B,kBAAyC,EACzC,OAAyC;IAEzC,MAAM,wBAAwB,GAC7B,CAAC,kBAAkB,CAAC,QAAQ;QAC5B,kBAAkB,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QACnC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IAE9B,IAAI,wBAAwB,EAAE,CAAC;QAC9B,MAAM,CAAC,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC;IACjD,CAAC;IAED,6EAA6E;IAC7E,8EAA8E;IAC9E,6DAA6D;IAC7D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,6BAA6B,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,2BAA2B,GAAG,sBAAsB,CAAC;IAC7D,CAAC;AACF,CAAC;AAED,SAAS,gBAAgB,CACxB,MAA4B,EAC5B,MAA+B,EAC/B,GAAW;IAEX,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,GAAG,CAAW,CAAC;IACrC,CAAC;AACF,CAAC;AAED,SAAS,gBAAgB,CACxB,MAA4B,EAC5B,MAA+B,EAC/B,GAAW;IAEX,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,GAAG,CAAW,CAAC;IACrC,CAAC;AACF,CAAC;AAED,SAAS,iBAAiB,CACzB,MAA4B,EAC5B,MAA+B,EAC/B,GAAW;IAEX,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,GAAG,CAAY,CAAC;IACtC,CAAC;AACF,CAAC;AAED,SAAS,eAAe,CACvB,MAA4B,EAC5B,MAA+B,EAC/B,GAAW;IAEX,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CACnB,GAAG,CACiD,CAAC;IACvD,CAAC;AACF,CAAC;AAED,SAAS,gBAAgB,CACxB,MAA4B,EAC5B,MAA+B,EAC/B,SAAiB,EACjB,YAAoB,SAAS;IAE7B,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAChC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjE,MAAM,CAAC,SAAS,CAAC;YAChB,KAAyD,CAAC;IAC5D,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CACzC,KAA0B;IAE1B,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,EAAe,CAAC;IAC7E,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC;YACvD,CAAC,CAAC,KAAK,CAAC,aAAa;YACrB,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACzB,WAAW,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,WAAW,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS;QACpC,CAAC,CAAC,EAAE,GAAG,gBAAgB,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE;QAC7C,CAAC,CAAC,gBAAgB,CAAC;IACpB,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7C,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,MAAM,mBAAmB,GAAG,2BAA2B,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE5E,MAAM,YAAY,GAAyC,EAAE,CAAC;IAC9D,KAAK,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QACrE,MAAM,SAAS,GAAG,SAAoC,CAAC;QACvD,IACC,OAAO,SAAS,CAAC,SAAS,KAAK,UAAU;YACzC,OAAO,SAAS,CAAC,QAAQ,KAAK,UAAU,EACvC,CAAC;YACF,OAAO,CAAC,IAAI,CACX,sCAAsC,UAAU,4EAA4E,CAC5H,CAAC;YACF,SAAS;QACV,CAAC;QAED,MAAM,MAAM,GAAyB,EAAE,CAAC;QACxC,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAC/C,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAC3C,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAC3C,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC/C,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAC3C,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,0BAA0B,CAAC,CAAC;QAChE,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAC3C,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QACpD,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;QAC/D,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;QACxD,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,sBAAsB,CAAC,CAAC;QAC5D,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAC/C,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;QAC3D,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;QACxD,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAChD,iBAAiB,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACjD,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;QACpD,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;QACrD,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,6BAA6B,CAAC,CAAC;QACnE,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAE7C,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,CACX,sCAAsC,UAAU,2CAA2C,CAC3F,CAAC;YACF,SAAS;QACV,CAAC;QAED,MAAM,kBAAkB,GAAG,wBAAwB,CAClD,mBAAmB,EACnB,UAAU,CACV,CAAC;QACF,MAAM,mBAAmB,GACxB,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;QACzC,IAAI,kBAAkB,EAAE,CAAC;YACxB,kCAAkC,CAAC,MAAM,EAAE,kBAAkB,EAAE;gBAC9D,mBAAmB;aACnB,CAAC,CAAC;QACJ,CAAC;QACD,mEAAmE;QACnE,sEAAsE;QACtE,6DAA6D;QAC7D,uEAAuE;QACvE,8DAA8D;QAE9D,YAAY,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;IACnC,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CACV,4BAA4B,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,0CAA0C,kBAAkB,GAAG,CAC3H,CAAC;IACF,OAAO,YAAY,CAAC;AACrB,CAAC"}

package/dist/config/sandboxPolicy.d.ts

@@ -0,0 +1,43 @@
+import type { SandboxMode } from "@openai/codex-sdk";
+import type { ResolvedCodexSandbox } from "../backend/types.js";
+/** Stable id for the per-thread permission profile Cyrus builds. */
+export declare const CYRUS_SANDBOX_PROFILE_ID = "cyrus-sandbox";
+/**
+ * Cyrus filesystem sandbox intent (subset of the agent SDK `SandboxSettings`).
+ * Paths are expected absolute by the time they reach here (the EdgeWorker layer
+ * resolves `~`/`.`/relative entries before plumbing them in).
+ *
+ * Reads are an allow-list: a path is readable only if it is the worktree
+ * (`:workspace_roots`), a platform default (`:minimal`), or appears in
+ * `allowRead`/`allowWrite`. Anything else (e.g. the home directory) is denied.
+ * `denyRead` is honored by omission — a denied path simply never appears in the
+ * allow-list. Sub-path denies inside an allowed root are not expressible (and
+ * not needed by Cyrus's deny-broad / allow-narrow posture).
+ */
+export interface CyrusSandboxFilesystem {
+    allowRead?: string[];
+    allowWrite?: string[];
+    denyRead?: string[];
+}
+export interface SandboxResolveInput {
+    /** Coarse Codex sandbox mode (defaults to workspace-write upstream). */
+    mode: SandboxMode;
+    /** Session working directory (the worktree; maps to `:workspace_roots`). */
+    workingDirectory?: string;
+    /** Extra writable roots (e.g. multi-repo sub-worktrees), already absolute. */
+    writableRoots: string[];
+    networkAccess: boolean;
+    /** When present, produces a granular `profile`; otherwise a `workspace-mode`. */
+    sandboxSettings?: CyrusSandboxFilesystem;
+}
+/**
+ * Resolve the per-thread sandbox decision.
+ *
+ * - No `sandboxSettings` → `workspace-mode` (the coarse Codex mode with broad
+ *   reads — unchanged default behavior).
+ * - `sandboxSettings` present → a granular permission `profile` that restricts
+ *   reads to an allow-list (worktree + platform defaults + explicit reads) and
+ *   writes to the worktree + explicit writable roots.
+ */
+export declare function resolveCodexSandbox(input: SandboxResolveInput): ResolvedCodexSandbox;
+//# sourceMappingURL=sandboxPolicy.d.ts.map

package/dist/config/sandboxPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandboxPolicy.d.ts","sourceRoot":"","sources":["../../src/config/sandboxPolicy.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAEX,oBAAoB,EACpB,MAAM,qBAAqB,CAAC;AAE7B,oEAAoE;AACpE,eAAO,MAAM,wBAAwB,kBAAkB,CAAC;AAExD;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,sBAAsB;IACtC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IACnC,wEAAwE;IACxE,IAAI,EAAE,WAAW,CAAC;IAClB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,8EAA8E;IAC9E,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,iFAAiF;IACjF,eAAe,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAMD;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAClC,KAAK,EAAE,mBAAmB,GACxB,oBAAoB,CAiDtB"}

package/dist/config/sandboxPolicy.js

@@ -0,0 +1,56 @@
+import { isAbsolute } from "node:path";
+/** Stable id for the per-thread permission profile Cyrus builds. */
+export const CYRUS_SANDBOX_PROFILE_ID = "cyrus-sandbox";
+function uniqueAbsolute(paths) {
+    return [...new Set(paths.filter((p) => p && isAbsolute(p)))];
+}
+/**
+ * Resolve the per-thread sandbox decision.
+ *
+ * - No `sandboxSettings` → `workspace-mode` (the coarse Codex mode with broad
+ *   reads — unchanged default behavior).
+ * - `sandboxSettings` present → a granular permission `profile` that restricts
+ *   reads to an allow-list (worktree + platform defaults + explicit reads) and
+ *   writes to the worktree + explicit writable roots.
+ */
+export function resolveCodexSandbox(input) {
+    const { mode, workingDirectory, writableRoots, networkAccess } = input;
+    if (!input.sandboxSettings) {
+        return {
+            kind: "workspace-mode",
+            mode,
+            writableRoots: uniqueAbsolute([
+                ...(workingDirectory ? [workingDirectory] : []),
+                ...writableRoots,
+            ]),
+            networkAccess,
+        };
+    }
+    const { allowRead = [], allowWrite = [] } = input.sandboxSettings;
+    const cwd = workingDirectory;
+    // Extra writable roots beyond the worktree (cwd is covered by :workspace_roots).
+    const writableAbs = uniqueAbsolute([...writableRoots, ...allowWrite]).filter((p) => p !== cwd);
+    // Readable-only roots: explicit reads not already writable / the worktree.
+    const readableAbs = uniqueAbsolute(allowRead).filter((p) => p !== cwd && !writableAbs.includes(p));
+    // Danger-full-access keeps broad access; read-only forbids writes; the
+    // default (workspace-write) makes the worktree writable.
+    const dangerFull = mode === "danger-full-access";
+    const workspaceAccess = mode === "read-only" ? "read" : "write";
+    const filesystem = dangerFull
+        ? { ":root": "write" }
+        : {
+            ":minimal": "read",
+            ":workspace_roots": workspaceAccess,
+            ":tmpdir": "write",
+            ":slash_tmp": "write",
+            ...Object.fromEntries(writableAbs.map((p) => [p, "write"])),
+            ...Object.fromEntries(readableAbs.map((p) => [p, "read"])),
+        };
+    return {
+        kind: "profile",
+        profileId: CYRUS_SANDBOX_PROFILE_ID,
+        filesystem,
+        networkAccess,
+    };
+}
+//# sourceMappingURL=sandboxPolicy.js.map

package/dist/config/sandboxPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandboxPolicy.js","sourceRoot":"","sources":["../../src/config/sandboxPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAOvC,oEAAoE;AACpE,MAAM,CAAC,MAAM,wBAAwB,GAAG,eAAe,CAAC;AAgCxD,SAAS,cAAc,CAAC,KAAe;IACtC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAClC,KAA0B;IAE1B,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,KAAK,CAAC;IAEvE,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAC5B,OAAO;YACN,IAAI,EAAE,gBAAgB;YACtB,IAAI;YACJ,aAAa,EAAE,cAAc,CAAC;gBAC7B,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/C,GAAG,aAAa;aAChB,CAAC;YACF,aAAa;SACb,CAAC;IACH,CAAC;IAED,MAAM,EAAE,SAAS,GAAG,EAAE,EAAE,UAAU,GAAG,EAAE,EAAE,GAAG,KAAK,CAAC,eAAe,CAAC;IAClE,MAAM,GAAG,GAAG,gBAAgB,CAAC;IAC7B,iFAAiF;IACjF,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,GAAG,aAAa,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,CAC3E,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAChB,CAAC;IACF,2EAA2E;IAC3E,MAAM,WAAW,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC,MAAM,CACnD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAC5C,CAAC;IAEF,uEAAuE;IACvE,yDAAyD;IACzD,MAAM,UAAU,GAAG,IAAI,KAAK,oBAAoB,CAAC;IACjD,MAAM,eAAe,GACpB,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAEzC,MAAM,UAAU,GAA0C,UAAU;QACnE,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE;QACtB,CAAC,CAAC;YACA,UAAU,EAAE,MAAM;YAClB,kBAAkB,EAAE,eAAe;YACnC,SAAS,EAAE,OAAO;YAClB,YAAY,EAAE,OAAO;YACrB,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,OAAgB,CAAC,CAAC,CAAC;YACpE,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,MAAe,CAAC,CAAC,CAAC;SACnE,CAAC;IAEJ,OAAO;QACN,IAAI,EAAE,SAAS;QACf,SAAS,EAAE,wBAAwB;QACnC,UAAU;QACV,aAAa;KACb,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -1,4 +1,6 @@
+export type { NormalizedCodexEvent, NormalizedCodexItem, } from "./backend/types.js";
+export { CodexEventMapper, type MapperContext } from "./CodexEventMapper.js";
 export { CodexRunner } from "./CodexRunner.js";
 export { SimpleCodexRunner } from "./SimpleCodexRunner.js";
-export type { CodexJsonEvent, CodexRunnerConfig, CodexRunnerEvents, CodexSessionInfo, } from "./types.js";
+export type { CodexRunnerConfig, CodexRunnerEvents, CodexSessionInfo, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EACX,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,GAChB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACX,oBAAoB,EACpB,mBAAmB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,KAAK,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,YAAY,EACX,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,GAChB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -1,3 +1,4 @@
+export { CodexEventMapper } from "./CodexEventMapper.js";
 export { CodexRunner } from "./CodexRunner.js";
 export { SimpleCodexRunner } from "./SimpleCodexRunner.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAsB,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/types.d.ts

@@ -1,15 +1,12 @@
-import type { ApprovalMode, ModelReasoningEffort, SandboxMode, ThreadEvent, WebSearchMode } from "@openai/codex-sdk";
+import type { ApprovalMode, ModelReasoningEffort, SandboxMode, WebSearchMode } from "@openai/codex-sdk";
 import type { AgentRunnerConfig, AgentSessionInfo, SDKMessage } from "cyrus-core";
+import type { CyrusSandboxFilesystem } from "./config/sandboxPolicy.js";
 export type CodexConfigValue = string | number | boolean | CodexConfigValue[] | {
     [key: string]: CodexConfigValue;
 };
 export type CodexConfigOverrides = {
     [key: string]: CodexConfigValue;
 };
-/**
- * Typed event shape emitted by Codex SDK thread streams.
- */
-export type CodexJsonEvent = ThreadEvent;
 /**
  * Configuration for CodexRunner.
  */
@@ -38,8 +35,14 @@ export interface CodexRunnerConfig extends AgentRunnerConfig {
     skipGitRepoCheck?: boolean;
     /** Additional global Codex config overrides passed through SDK `config` */
     configOverrides?: CodexConfigOverrides;
-    /** JSON Schema for structured output (passed to thread.runStreamed as outputSchema) */
+    /** JSON Schema for structured output (passed to turn/start as outputSchema) */
     outputSchema?: unknown;
+    /**
+     * Filesystem sandbox intent (allow/deny read, allow write). When present, the
+     * session runs under a granular per-thread sandbox policy instead of the
+     * coarse default mode. Paths must be absolute.
+     */
+    sandboxSettings?: CyrusSandboxFilesystem;
 }
 /**
  * Session metadata for CodexRunner.
@@ -54,6 +57,5 @@ export interface CodexRunnerEvents {
     message: (message: SDKMessage) => void;
     error: (error: Error) => void;
     complete: (messages: SDKMessage[]) => void;
-    streamEvent: (event: CodexJsonEvent) => void;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,YAAY,EACZ,oBAAoB,EACpB,WAAW,EACX,WAAW,EACX,aAAa,EACb,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EACX,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,EACV,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,gBAAgB,GACzB,MAAM,GACN,MAAM,GACN,OAAO,GACP,gBAAgB,EAAE,GAClB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAAE,CAAC;AAEvC,MAAM,MAAM,oBAAoB,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAAE,CAAC;AAEvE;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AAEzC;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,iBAAiB;IAC3D,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,kDAAkD;IAClD,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,qDAAqD;IACrD,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B,mCAAmC;IACnC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,0DAA0D;IAC1D,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,2EAA2E;IAC3E,eAAe,CAAC,EAAE,oBAAoB,CAAC;IACvC,uFAAuF;IACvF,YAAY,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,gBAAgB;IACzD,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IACjC,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,KAAK,IAAI,CAAC;IACvC,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAC9B,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC;IAC3C,WAAW,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;CAC7C"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,YAAY,EACZ,oBAAoB,EACpB,WAAW,EACX,aAAa,EACb,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EACX,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,EACV,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAExE,MAAM,MAAM,gBAAgB,GACzB,MAAM,GACN,MAAM,GACN,OAAO,GACP,gBAAgB,EAAE,GAClB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAAE,CAAC;AAEvC,MAAM,MAAM,oBAAoB,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAAE,CAAC;AAEvE;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,iBAAiB;IAC3D,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,kDAAkD;IAClD,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,qDAAqD;IACrD,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B,mCAAmC;IACnC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,0DAA0D;IAC1D,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,2EAA2E;IAC3E,eAAe,CAAC,EAAE,oBAAoB,CAAC;IACvC,+EAA+E;IAC/E,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB;;;;OAIG;IACH,eAAe,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,gBAAgB;IACzD,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IACjC,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,KAAK,IAAI,CAAC;IACvC,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAC9B,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC;CAC3C"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyrus-codex-runner",
-  "version": "0.2.64-test.6",
+  "version": "0.2.64",
   "description": "Codex CLI process wrapper for Cyrus",
   "type": "module",
   "main": "dist/index.js",
@@ -9,9 +9,10 @@
     "dist"
   ],
   "dependencies": {
-    "@openai/codex-sdk": "^0.125.0",
-    "cyrus-simple-agent-runner": "0.2.64-test.6",
-    "cyrus-core": "0.2.64-test.6"
+    "@openai/codex": "^0.137.0",
+    "@openai/codex-sdk": "^0.137.0",
+    "cyrus-core": "0.2.64",
+    "cyrus-simple-agent-runner": "0.2.64"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",