linco-connect 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/agents/codex.js +34 -1
package/package.json
CHANGED
package/src/agents/codex.js
CHANGED
|
@@ -232,6 +232,7 @@ function ensureThread(session) {
|
|
|
232
232
|
threadId: session.agentSessionId,
|
|
233
233
|
cwd: session.workspace,
|
|
234
234
|
approvalPolicy: 'untrusted',
|
|
235
|
+
...buildCodexThreadSandbox(session),
|
|
235
236
|
}).then(result => {
|
|
236
237
|
return session.agentSessionId;
|
|
237
238
|
}).catch(err => {
|
|
@@ -250,6 +251,7 @@ function startNewThread(session, agentConfig) {
|
|
|
250
251
|
cwd: session.workspace,
|
|
251
252
|
model: agentConfig.model || null,
|
|
252
253
|
approvalPolicy: 'untrusted',
|
|
254
|
+
...buildCodexThreadSandbox(session),
|
|
253
255
|
}).then(result => {
|
|
254
256
|
const threadId = result?.thread?.id || result?.id || result?.threadId;
|
|
255
257
|
if (threadId) {
|
|
@@ -359,6 +361,37 @@ function sendJsonRpc(child, message) {
|
|
|
359
361
|
}
|
|
360
362
|
}
|
|
361
363
|
|
|
364
|
+
function buildCodexThreadSandbox(session) {
|
|
365
|
+
const writableRoots = [session.workspace, session.outboxDir].filter(Boolean);
|
|
366
|
+
return {
|
|
367
|
+
sandbox: 'workspace-write',
|
|
368
|
+
config: {
|
|
369
|
+
sandbox_mode: 'workspace-write',
|
|
370
|
+
sandbox_workspace_write: {
|
|
371
|
+
writable_roots: [...new Set(writableRoots)],
|
|
372
|
+
network_access: false,
|
|
373
|
+
exclude_tmpdir_env_var: false,
|
|
374
|
+
exclude_slash_tmp: false,
|
|
375
|
+
},
|
|
376
|
+
},
|
|
377
|
+
};
|
|
378
|
+
}
|
|
379
|
+
|
|
380
|
+
function buildCodexPermissionGrant(session) {
|
|
381
|
+
const writableRoots = [session.outboxDir].filter(Boolean);
|
|
382
|
+
return {
|
|
383
|
+
fileSystem: {
|
|
384
|
+
read: null,
|
|
385
|
+
write: writableRoots,
|
|
386
|
+
entries: writableRoots.map(root => ({
|
|
387
|
+
path: { type: 'path', path: root },
|
|
388
|
+
access: 'write',
|
|
389
|
+
})),
|
|
390
|
+
},
|
|
391
|
+
network: { enabled: false },
|
|
392
|
+
};
|
|
393
|
+
}
|
|
394
|
+
|
|
362
395
|
function handleServerRequest(message, session) {
|
|
363
396
|
const method = message.method || '';
|
|
364
397
|
const params = message.params || {};
|
|
@@ -434,7 +467,7 @@ function handleServerRequest(message, session) {
|
|
|
434
467
|
sendJsonRpc(session.codexAppServer, {
|
|
435
468
|
jsonrpc: '2.0',
|
|
436
469
|
id: message.id,
|
|
437
|
-
result: { permissions:
|
|
470
|
+
result: { permissions: buildCodexPermissionGrant(session), scope: 'session' },
|
|
438
471
|
});
|
|
439
472
|
return;
|
|
440
473
|
}
|