metame-cli 1.5.4 → 1.5.5

package/scripts/daemon-command-router.js

@@ -20,7 +20,6 @@ function createCommandRouter(deps) {
     getNoSleepProcess,
     activeProcesses,
     messageQueue,
-    sleep,
     log,
     agentTools,
     pendingAgentFlows,
@@ -29,6 +28,71 @@ function createCommandRouter(deps) {
     getDefaultEngine,
   } = deps;
 
+  function clearQueuedTimer(chatId) {
+    const q = messageQueue && messageQueue.get(chatId);
+    if (q && q.timer) {
+      clearTimeout(q.timer);
+      q.timer = null;
+    }
+  }
+
+  function interruptActiveProcess(chatId) {
+    const proc = activeProcesses.get(chatId);
+    if (proc && proc.child) {
+      proc.aborted = true;
+      const signal = proc.killSignal || 'SIGTERM';
+      try { process.kill(-proc.child.pid, signal); } catch { try { proc.child.kill(signal); } catch { /* */ } }
+      return true;
+    }
+    return false;
+  }
+
+  function shouldPauseAndMergeFollowUps(chatId) {
+    const proc = activeProcesses.get(chatId);
+    return !!(proc && proc.engine === 'codex');
+  }
+
+  function getFollowUpDebounceMs(config) {
+    const raw = Number(config && config.daemon && config.daemon.follow_up_debounce_ms);
+    if (Number.isFinite(raw) && raw >= 300) return raw;
+    return 2500;
+  }
+
+  function buildMergedFollowUpPrompt(messages) {
+    return [
+      '继续上面的工作，并结合我刚刚连续补充的消息统一处理：',
+      '',
+      messages.join('\n'),
+    ].join('\n');
+  }
+
+  function scheduleQueuedResume(bot, chatId, config, readOnly, senderId) {
+    const q = messageQueue.get(chatId);
+    if (!q || q.mode !== 'resume-after-pause') return;
+    clearQueuedTimer(chatId);
+    const delay = getFollowUpDebounceMs(config);
+    q.timer = setTimeout(async () => {
+      const pending = messageQueue.get(chatId);
+      if (!pending || pending.mode !== 'resume-after-pause') return;
+      if (activeProcesses.has(chatId)) {
+        scheduleQueuedResume(bot, chatId, config, readOnly, senderId);
+        return;
+      }
+      const msgs = pending.messages.splice(0);
+      messageQueue.delete(chatId);
+      if (msgs.length === 0) return;
+      log('INFO', `Follow-up: resuming with ${msgs.length} merged queued message(s) for ${chatId}`);
+      resetCooldown(chatId);
+      try {
+        await askClaude(bot, chatId, buildMergedFollowUpPrompt(msgs), config, readOnly, senderId);
+      } catch (err) {
+        log('WARN', `Follow-up resume failed for ${chatId}: ${err.message}`);
+        try { await bot.sendMessage(chatId, `⚠️ 继续处理补充消息失败：${err.message}`); } catch { /* */ }
+      }
+    }, delay);
+    if (typeof q.timer.unref === 'function') q.timer.unref();
+  }
+
   function resolveFlowTtlMs() {
     const raw = typeof agentFlowTtlMs === 'function' ? agentFlowTtlMs() : agentFlowTtlMs;
     const num = Number(raw);
@@ -214,10 +278,19 @@ function createCommandRouter(deps) {
     return null;
   }
 
+  function buildSessionChatId(chatId, projectKey = null) {
+    const rawChatId = String(chatId || '');
+    const inferredKey = projectKey || projectKeyFromVirtualChatId(rawChatId);
+    if (rawChatId.startsWith('_agent_') || rawChatId.startsWith('_scope_')) return rawChatId;
+    return inferredKey ? `_bound_${inferredKey}` : rawChatId;
+  }
+
   function getBoundProjectForChat(chatId, cfg) {
     const map = {
       ...(cfg.telegram ? cfg.telegram.chat_agent_map : {}),
       ...(cfg.feishu ? cfg.feishu.chat_agent_map : {}),
+      ...(cfg.imessage ? cfg.imessage.chat_agent_map : {}),
+      ...(cfg.siri_bridge ? cfg.siri_bridge.chat_agent_map : {}),
     };
     const key = map[String(chatId)];
     const proj = key && cfg.projects ? cfg.projects[key] : null;
@@ -585,18 +658,28 @@ function createCommandRouter(deps) {
     // --- chat_agent_map: auto-switch agent based on dedicated chatId ---
     // Configure in daemon.yaml: feishu.chat_agent_map or telegram.chat_agent_map
     //   e.g.  chat_agent_map: { "oc_xxx": "personal", "oc_yyy": "metame" }
-    const chatAgentMap = { ...(config.telegram ? config.telegram.chat_agent_map : {}), ...(config.feishu ? config.feishu.chat_agent_map : {}) };
+    const chatAgentMap = {
+      ...(config.telegram ? config.telegram.chat_agent_map : {}),
+      ...(config.feishu ? config.feishu.chat_agent_map : {}),
+      ...(config.imessage ? config.imessage.chat_agent_map : {}),
+      ...(config.siri_bridge ? config.siri_bridge.chat_agent_map : {}),
+    };
     const _chatIdStr = String(chatId);
     const mappedKey = chatAgentMap[_chatIdStr] ||
       projectKeyFromVirtualChatId(_chatIdStr);
     if (mappedKey && config.projects && config.projects[mappedKey]) {
       const proj = config.projects[mappedKey];
       const projCwd = normalizeCwd(proj.cwd);
-      const cur = loadState().sessions?.[chatId];
-      const curEngine = String((cur && cur.engine) || getDefaultEngine()).toLowerCase();
+      const sessionChatId = buildSessionChatId(chatId, mappedKey);
+      const cur = loadState().sessions?.[sessionChatId];
       const projEngine = String((proj && proj.engine) || getDefaultEngine()).toLowerCase();
-      if (!cur || cur.cwd !== projCwd || curEngine !== projEngine) {
-        attachOrCreateSession(chatId, projCwd, proj.name || mappedKey, proj.engine || getDefaultEngine());
+      // Multi-engine format stores engines in cur.engines object; legacy format uses cur.engine string.
+      // Check whether the session already has a slot for the project's configured engine.
+      const curHasEngine = cur && (
+        cur.engines ? !!cur.engines[projEngine] : String(cur.engine || '').toLowerCase() === projEngine
+      );
+      if (!cur || cur.cwd !== projCwd || !curHasEngine) {
+        attachOrCreateSession(sessionChatId, projCwd, proj.name || mappedKey, proj.engine || getDefaultEngine());
       }
     }
 
@@ -609,7 +692,7 @@ function createCommandRouter(deps) {
       return;
     }
 
-    const adminResult = await handleAdminCommand({ bot, chatId, text, config, state });
+    const adminResult = await handleAdminCommand({ bot, chatId, text, config, state, senderId });
     if (adminResult.handled) {
       config = adminResult.config || config;
       return;
@@ -673,16 +756,10 @@ function createCommandRouter(deps) {
     if (activeProcesses.has(chatId) && INTERRUPT_RE.test(text.trim())) {
       // Kill current process but preserve session for resume
       if (messageQueue.has(chatId)) {
-        const q = messageQueue.get(chatId);
-        if (q.timer) clearTimeout(q.timer);
+        clearQueuedTimer(chatId);
         messageQueue.delete(chatId);
       }
-      const proc = activeProcesses.get(chatId);
-      if (proc && proc.child) {
-        proc.aborted = true;
-        const signal = proc.killSignal || 'SIGTERM';
-        try { process.kill(-proc.child.pid, signal); } catch { try { proc.child.kill(signal); } catch { /* */ } }
-      }
+      interruptActiveProcess(chatId);
       await bot.sendMessage(chatId, '⏸ 好的，听你说');
       return;
     }
@@ -695,31 +772,60 @@ function createCommandRouter(deps) {
       if (handled) {
         // /last attached the session — now send "继续" to actually resume the conversation
         resetCooldown(chatId);
-        await askClaude(bot, chatId, '继续上面的工作', config, readOnly);
+        await askClaude(bot, chatId, '继续上面的工作', config, readOnly, senderId);
         return;
       }
       // No session found — fall through to normal askClaude
     }
 
-    // If a task is running: queue message, DON'T kill — will be sent as follow-up after completion
+    // While collecting follow-up messages after a pause, keep merging them until the debounce window closes.
+    if (messageQueue.has(chatId)) {
+      const q = messageQueue.get(chatId);
+      if (q && q.mode === 'resume-after-pause') {
+        q.messages.push(text);
+        scheduleQueuedResume(bot, chatId, config, readOnly, senderId);
+        return;
+      }
+    }
+
+    // If a task is running: pause it, collect the user's burst of messages, then resume with a merged follow-up.
     if (activeProcesses.has(chatId)) {
+      if (!shouldPauseAndMergeFollowUps(chatId)) {
+        const isFirst = !messageQueue.has(chatId);
+        if (isFirst) {
+          messageQueue.set(chatId, { messages: [] });
+        }
+        const q = messageQueue.get(chatId);
+        if (q.messages.length >= 10) {
+          await bot.sendMessage(chatId, '⚠️ 排队已满（10条），请等当前任务完成');
+          return;
+        }
+        q.messages.push(text);
+        if (isFirst) {
+          await bot.sendMessage(chatId, '📝 收到，完成后继续处理');
+        }
+        return;
+      }
       const isFirst = !messageQueue.has(chatId);
       if (isFirst) {
-        messageQueue.set(chatId, { messages: [] });
+        messageQueue.set(chatId, { messages: [], mode: 'resume-after-pause', timer: null });
       }
       const q = messageQueue.get(chatId);
-      if (q.messages.length >= 10) {
-        await bot.sendMessage(chatId, '⚠️ 排队已满（10条），请等当前任务完成');
-        return;
-      }
       q.messages.push(text);
       if (isFirst) {
-        await bot.sendMessage(chatId, '📝 收到，完成后继续处理');
+        interruptActiveProcess(chatId);
+        await bot.sendMessage(chatId, '⏸ 已暂停当前任务，你可以继续连发，我会自动合并后续内容再继续');
       }
+      scheduleQueuedResume(bot, chatId, config, readOnly, senderId);
       return;
     }
     // Strict mode: chats with a fixed agent in chat_agent_map must not cross-dispatch
-    const _strictChatAgentMap = { ...(config.telegram ? config.telegram.chat_agent_map : {}), ...(config.feishu ? config.feishu.chat_agent_map : {}) };
+    const _strictChatAgentMap = {
+      ...(config.telegram ? config.telegram.chat_agent_map : {}),
+      ...(config.feishu ? config.feishu.chat_agent_map : {}),
+      ...(config.imessage ? config.imessage.chat_agent_map : {}),
+      ...(config.siri_bridge ? config.siri_bridge.chat_agent_map : {}),
+    };
     const _isStrictChat = !!(_strictChatAgentMap[String(chatId)] || projectKeyFromVirtualChatId(String(chatId)));
 
     // Nickname-only switch: bypass cooldown + budget (no Claude call)
@@ -729,7 +835,7 @@ function createCommandRouter(deps) {
       if (quickAgent && !quickAgent.rest) {
         const { key, proj } = quickAgent;
         const projCwd = normalizeCwd(proj.cwd);
-        attachOrCreateSession(chatId, projCwd, proj.name || key, proj.engine || getDefaultEngine());
+        attachOrCreateSession(buildSessionChatId(chatId, key), projCwd, proj.name || key, proj.engine || getDefaultEngine());
         log('INFO', `Agent switch via nickname: ${key} (${projCwd})`);
         await bot.sendMessage(chatId, `${proj.icon || '🤖'} ${proj.name || key} 在线`);
         return;
@@ -755,7 +861,7 @@ function createCommandRouter(deps) {
       await bot.sendMessage(chatId, 'Daily token budget exceeded.');
       return;
     }
-    const claudeResult = await askClaude(bot, chatId, text, config, readOnly);
+    const claudeResult = await askClaude(bot, chatId, text, config, readOnly, senderId);
     const claudeFailed = !!(claudeResult && claudeResult.ok === false);
     const claudeAborted = !!(claudeResult && claudeResult.error === 'Stopped by user');
     if (claudeFailed && !claudeAborted && !macLocalFirst && macFallbackEnabled && allowLocalMacControl) {
@@ -773,13 +879,14 @@ function createCommandRouter(deps) {
     // Use while-loop instead of recursion to avoid unbounded stack growth
     while (messageQueue.has(chatId)) {
       const q = messageQueue.get(chatId);
+      if (q && q.mode === 'resume-after-pause') break;
       const msgs = q.messages.splice(0);
       messageQueue.delete(chatId);
       if (msgs.length === 0) break;
       const combined = msgs.join('\n');
       log('INFO', `Follow-up: processing ${msgs.length} queued message(s) for ${chatId}`);
       resetCooldown(chatId);
-      const followUp = await askClaude(bot, chatId, combined, config, readOnly);
+      const followUp = await askClaude(bot, chatId, combined, config, readOnly, senderId);
       if (followUp && followUp.error === 'Stopped by user') break;
     }
 

package/scripts/daemon-command-session-route.js

@@ -0,0 +1,118 @@
+'use strict';
+
+function createCommandSessionResolver(deps) {
+  const {
+    path,
+    loadConfig,
+    loadState,
+    getSession,
+    getSessionForEngine,
+    getDefaultEngine = () => 'claude',
+  } = deps;
+
+  function normalizeEngineName(name) {
+    return String(name || '').trim().toLowerCase() === 'codex' ? 'codex' : getDefaultEngine();
+  }
+
+  function inferStoredEngine(rawSession) {
+    if (!rawSession || typeof rawSession !== 'object') return getDefaultEngine();
+    if (rawSession.engine) return normalizeEngineName(rawSession.engine);
+    const slots = rawSession.engines && typeof rawSession.engines === 'object' ? rawSession.engines : null;
+    if (!slots) return getDefaultEngine();
+    const started = Object.entries(slots).find(([, slot]) => slot && slot.started);
+    if (started) return normalizeEngineName(started[0]);
+    const available = Object.keys(slots);
+    return available.length === 1 ? normalizeEngineName(available[0]) : getDefaultEngine();
+  }
+
+  function buildBoundSessionChatId(projectKey) {
+    const key = String(projectKey || '').trim();
+    return key ? `_bound_${key}` : '';
+  }
+
+  function normalizeRouteCwd(cwd) {
+    if (!cwd) return null;
+    try {
+      return path.resolve(String(cwd));
+    } catch {
+      return String(cwd);
+    }
+  }
+
+  function getSessionRoute(chatId) {
+    const cfg = loadConfig();
+    const state = loadState();
+    const chatKey = String(chatId);
+    const agentMap = { ...(cfg.telegram ? cfg.telegram.chat_agent_map : {}), ...(cfg.feishu ? cfg.feishu.chat_agent_map : {}) };
+    const boundKey = agentMap[chatKey] || null;
+    const boundProj = boundKey && cfg.projects ? cfg.projects[boundKey] : null;
+    const stickyKey = state && state.team_sticky ? state.team_sticky[chatKey] : null;
+    const stickyMember = stickyKey && boundProj && Array.isArray(boundProj.team)
+      ? boundProj.team.find((m) => m && m.key === stickyKey)
+      : null;
+
+    if (stickyMember) {
+      return {
+        sessionChatId: `_agent_${stickyMember.key}`,
+        cwd: normalizeRouteCwd(stickyMember.cwd || (boundProj && boundProj.cwd) || null),
+        engine: normalizeEngineName(stickyMember.engine || (boundProj && boundProj.engine)),
+      };
+    }
+
+    if (boundProj) {
+      return {
+        sessionChatId: buildBoundSessionChatId(boundKey),
+        cwd: normalizeRouteCwd(boundProj.cwd || null),
+        engine: normalizeEngineName(boundProj.engine),
+      };
+    }
+
+    const rawSession = getSession(chatId);
+    return {
+      sessionChatId: String(chatId),
+      cwd: rawSession && rawSession.cwd ? normalizeRouteCwd(rawSession.cwd) : null,
+      engine: inferStoredEngine(rawSession),
+    };
+  }
+
+  function getActiveSession(chatId) {
+    const route = getSessionRoute(chatId);
+    const rawSession = getSession(route.sessionChatId) || getSession(chatId);
+    const engine = normalizeEngineName((rawSession && rawSession.engine) || route.engine);
+    const engineSession = getSessionForEngine(route.sessionChatId, engine)
+      || getSessionForEngine(chatId, engine);
+    if (engineSession && engineSession.id) {
+      return {
+        route,
+        sessionKey: route.sessionChatId,
+        engine,
+        session: engineSession,
+      };
+    }
+    if (rawSession && rawSession.id) {
+      return {
+        route,
+        sessionKey: route.sessionChatId,
+        engine,
+        session: { cwd: rawSession.cwd, engine, id: rawSession.id, started: !!rawSession.started },
+      };
+    }
+    return {
+      route,
+      sessionKey: route.sessionChatId,
+      engine,
+      session: null,
+    };
+  }
+
+  return {
+    normalizeEngineName,
+    inferStoredEngine,
+    buildBoundSessionChatId,
+    normalizeRouteCwd,
+    getSessionRoute,
+    getActiveSession,
+  };
+}
+
+module.exports = { createCommandSessionResolver };

package/scripts/daemon-default.yaml

@@ -4,12 +4,14 @@
 telegram:
   enabled: false
   bot_token: null
+  admin_chat_id: null
   allowed_chat_ids: []
 
 feishu:
   enabled: false
   app_id: null
   app_secret: null
+  admin_chat_id: null
   allowed_chat_ids: []
   remote_dispatch:
     enabled: false

package/scripts/daemon-engine-runtime.js

@@ -239,7 +239,7 @@ function parseCodexStreamEvent(line) {
 }
 
 function buildClaudeArgs(options = {}) {
-  const { model = ENGINE_MODEL_CONFIG.claude.main, readOnly = false, daemonCfg = {}, session = {} } = options;
+  const { model = ENGINE_MODEL_CONFIG.claude.main, readOnly = false, session = {} } = options;
   const args = ['-p', '--model', model];
   if (readOnly) {
     const readOnlyTools = ['Read', 'Glob', 'Grep', 'WebSearch', 'WebFetch', 'Task'];
@@ -260,8 +260,76 @@ function buildClaudeArgs(options = {}) {
   return args;
 }
 
+function normalizeCodexSandboxMode(value, fallback = 'danger-full-access') {
+  const text = String(value || '').trim().toLowerCase();
+  if (!text) return fallback;
+  if (text === 'read-only' || text === 'readonly') return 'read-only';
+  if (text === 'workspace-write' || text === 'workspace') return 'workspace-write';
+  if (
+    text === 'danger-full-access'
+    || text === 'dangerous'
+    || text === 'full-access'
+    || text === 'full'
+    || text === 'bypass'
+    || text === 'writable'
+  ) return 'danger-full-access';
+  return fallback;
+}
+
+function normalizeCodexApprovalPolicy(value, fallback = 'never') {
+  const text = String(value || '').trim().toLowerCase();
+  if (!text) return fallback;
+  if (text === 'never' || text === 'no' || text === 'none') return 'never';
+  if (text === 'on-failure' || text === 'on_failure' || text === 'failure') return 'on-failure';
+  if (text === 'on-request' || text === 'on_request' || text === 'request') return 'on-request';
+  if (text === 'untrusted') return 'untrusted';
+  return fallback;
+}
+
+function resolveCodexPermissionProfile(options = {}) {
+  const { readOnly = false, daemonCfg = {}, session = {} } = options;
+  if (readOnly) {
+    return {
+      sandboxMode: 'read-only',
+      approvalPolicy: 'never',
+      permissionMode: 'read-only',
+    };
+  }
+
+  const codexCfg = (daemonCfg && daemonCfg.codex && typeof daemonCfg.codex === 'object') ? daemonCfg.codex : {};
+  const sandboxMode = normalizeCodexSandboxMode(
+    codexCfg.sandbox_mode
+      || codexCfg.sandboxMode
+      || codexCfg.sandbox
+      || codexCfg.permission_mode
+      || codexCfg.permissionMode
+      || session.sandboxMode
+      || session.permissionMode,
+    'danger-full-access'
+  );
+  const approvalPolicy = normalizeCodexApprovalPolicy(
+    codexCfg.approval_policy
+      || codexCfg.approvalPolicy
+      || session.approvalPolicy,
+    sandboxMode === 'danger-full-access' ? 'never' : 'on-failure'
+  );
+
+  return {
+    sandboxMode,
+    approvalPolicy,
+    permissionMode: sandboxMode,
+  };
+}
+
 function buildCodexArgs(options = {}) {
-  const { model = ENGINE_MODEL_CONFIG.codex.main, readOnly = false, daemonCfg = {}, session = {}, cwd } = options;
+  const {
+    model = ENGINE_MODEL_CONFIG.codex.main,
+    readOnly = false,
+    daemonCfg = {},
+    session = {},
+    cwd,
+    permissionProfile = null,
+  } = options;
   const isResume = (session && session.started && session.id && session.id !== '__continue__');
   const args = isResume
     ? ['exec', 'resume', session.id]
@@ -272,16 +340,13 @@ function buildCodexArgs(options = {}) {
   // -C (cwd) is only supported on fresh exec, not resume
   if (cwd && !isResume) args.push('-C', cwd);
 
-  // Permission flags are only valid on fresh exec, not resume.
-  // `codex exec resume` does not accept -s or --dangerously-bypass-approvals-and-sandbox.
-  if (!isResume) {
-    if (readOnly) {
-      args.push('-s', 'read-only');
-    } else {
-      // Mobile sessions: user cannot click permission dialogs.
-      // Security relies on allowed_chat_ids whitelist, not tool restrictions.
-      args.push('--dangerously-bypass-approvals-and-sandbox');
-    }
+  const effectivePermissionProfile = permissionProfile || resolveCodexPermissionProfile({ readOnly, daemonCfg, session });
+  if (effectivePermissionProfile.sandboxMode === 'danger-full-access' && effectivePermissionProfile.approvalPolicy === 'never') {
+    // Keep the legacy shortcut for the fully-trusted mobile/default path.
+    args.push('--dangerously-bypass-approvals-and-sandbox');
+  } else {
+    // codex 0.114.0 removed --ask-for-approval; only -s <sandboxMode> is needed
+    args.push('-s', effectivePermissionProfile.sandboxMode);
   }
 
   // "-" means prompt is read from stdin.
@@ -289,6 +354,18 @@ function buildCodexArgs(options = {}) {
   return args;
 }
 
+function buildCodexEnv(baseEnv = {}, { metameProject = '', metameSenderId = '' } = {}) {
+  const env = { ...baseEnv, METAME_PROJECT: metameProject, METAME_SENDER_ID: String(metameSenderId || '') };
+  const strippedKeys = [
+    'CODEX_THREAD_ID',
+    'METAME_ACTIVE_SESSION',
+    'CLAUDE_CODE_SSE_PORT',
+  ];
+  for (const key of strippedKeys) delete env[key];
+  if (env.CODEX_HOME && !fs.existsSync(env.CODEX_HOME)) delete env.CODEX_HOME;
+  return env;
+}
+
 function createEngineRuntimeFactory(deps = {}) {
   const home = deps.HOME || os.homedir();
   const claudeBin = deps.CLAUDE_BIN || resolveBinary('claude', { ...deps, HOME: home });
@@ -308,12 +385,7 @@ function createEngineRuntimeFactory(deps = {}) {
         killSignal: 'SIGTERM',
         timeouts: { idleMs: 10 * 60 * 1000, toolMs: 25 * 60 * 1000, ceilingMs: 60 * 60 * 1000 },
         buildArgs: buildCodexArgs,
-        buildEnv: ({ metameProject = '' } = {}) => {
-          const env = { ...process.env, METAME_PROJECT: metameProject };
-          // Unset CODEX_HOME if it points to a non-existent path (corrupted env var)
-          if (env.CODEX_HOME && !fs.existsSync(env.CODEX_HOME)) delete env.CODEX_HOME;
-          return env;
-        },
+        buildEnv: ({ metameProject = '', metameSenderId = '' } = {}) => buildCodexEnv(process.env, { metameProject, metameSenderId }),
         parseStreamEvent: parseCodexStreamEvent,
         classifyError: classifyEngineError,
       };
@@ -326,9 +398,9 @@ function createEngineRuntimeFactory(deps = {}) {
       killSignal: 'SIGTERM',
       timeouts: { idleMs: 5 * 60 * 1000, toolMs: 25 * 60 * 1000, ceilingMs: 60 * 60 * 1000 },
       buildArgs: buildClaudeArgs,
-      buildEnv: ({ metameProject = '' } = {}) => ({
+      buildEnv: ({ metameProject = '', metameSenderId = '' } = {}) => ({
         ...(() => {
-          const env = { ...process.env, ...getActiveProviderEnv(), METAME_PROJECT: metameProject };
+          const env = { ...process.env, ...getActiveProviderEnv(), METAME_PROJECT: metameProject, METAME_SENDER_ID: String(metameSenderId || '') };
           delete env.CLAUDECODE;
           return env;
         })(),
@@ -354,6 +426,10 @@ module.exports = {
     parseCodexStreamEvent,
     buildClaudeArgs,
     buildCodexArgs,
+    buildCodexEnv,
+    normalizeCodexSandboxMode,
+    normalizeCodexApprovalPolicy,
+    resolveCodexPermissionProfile,
     BUILTIN_CLAUDE_MODEL_VALUES,
   },
 };