codex-api-proxy 0.1.0__tar.gz → 0.1.1__tar.gz

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codex-api-proxy
-Version: 0.1.0
+Version: 0.1.1
 Summary: Local OpenAI-compatible HTTP proxy backed by Codex CLI
 Author: codex-api-proxy contributors
 License-Expression: MIT
@@ -40,8 +40,9 @@ If you start with `--host 0.0.0.0` or another non-loopback bind address without
 With the default `exec` engine, Codex subprocesses are launched with `--ignore-user-config` and `--ignore-rules`. This prevents proxy requests from loading user Codex config, MCP servers, plugins, skills, and rule files.
 
 Codex subprocesses also use `--sandbox read-only` and `--ephemeral` by default. This keeps calls closer to one-shot model calls where the caller owns conversation context.
+Use `--agent` only for trusted clients when you want Codex to use agent tools and create or modify files under the selected workspace.
 
-The experimental `app-server` engine uses Codex's long-lived app-server protocol to reduce process startup latency and stream assistant deltas. Each API request starts a fresh Codex thread and archives it after completion, so callers must continue sending full chat history in `messages`. The app-server process uses an isolated `CODEX_HOME` at `~/.codex-api-proxy/codex-home` by default. `codex-api-proxy` symlinks only the current Codex `auth.json` into that isolated home, so the app-server worker can reuse the existing login while not seeing the current user's `config.toml`, MCP config, or plugins. The app-server process is also started with `--disable apps`, `--disable plugins`, `--disable skill_mcp_dependency_install`, and `-c mcp_servers={}`. To keep skills out of the model-visible prompt, `codex-api-proxy` generates a `skills.config=[{name=...,enabled=false}]` override for known system skills and locally discovered skill names. Each request uses an empty `dynamicTools` list, empty `environments`, `approvalPolicy: never`, `sandbox: read-only`, and `ephemeral: true` by default.
+The experimental `app-server` engine uses Codex's long-lived app-server protocol to reduce process startup latency and stream assistant deltas. Each API request starts a fresh Codex thread and archives it after completion, so callers must continue sending full chat history in `messages`. The app-server process uses an isolated `CODEX_HOME` at `~/.codex-api-proxy/codex-home` by default. `codex-api-proxy` symlinks only the current Codex `auth.json` into that isolated home, so the app-server worker can reuse the existing login while not seeing the current user's `config.toml`, MCP config, or plugins. The app-server process is also started with `--disable apps`, `--disable plugins`, `--disable skill_mcp_dependency_install`, and `-c mcp_servers={}`. To keep skills out of the model-visible prompt, `codex-api-proxy` generates a `skills.config=[{name=...,enabled=false}]` override for known system skills and locally discovered skill names. Each request uses `approvalPolicy: never`, `sandbox: read-only`, empty `dynamicTools`, empty `environments`, and `ephemeral: true` by default. With `--agent`, app-server requests use `sandbox: workspace-write` and omit the empty tool/environment overrides so Codex can use its normal agent tools.
 
 ## Install
 
@@ -155,6 +156,7 @@ CLI options:
 - `--app-server-codex-home`: isolated `CODEX_HOME` used by `app-server` workers, default `~/.codex-api-proxy/codex-home`
 - `--codex-config`: Codex config override passed as `-c key=value`, repeatable
 - `--ephemeral`: run `codex exec` with `--ephemeral`, enabled by default
+- `--agent` / `--no-agent`: enable or disable Codex agent tools and workspace writes, default disable
 - `--fast`: use fast defaults: `--codex-config model_reasoning_effort="low"`
 - `--default-cwd`: default Codex working directory, default `~/.codex-api-proxy/workspace`
 - `--allowed-root`: allowed cwd root, repeatable, default `--default-cwd`
@@ -182,6 +184,7 @@ Environment variables are also supported when running the FastAPI app directly:
 - `CODEX_PROXY_APP_SERVER_CODEX_HOME`: isolated `CODEX_HOME` used by `app-server` workers
 - `CODEX_PROXY_CODEX_CONFIGS`: `;;`-separated Codex config overrides passed as repeated `-c`
 - `CODEX_PROXY_EPHEMERAL`: set to `1`, `true`, or `yes` to run `codex exec` with `--ephemeral`; defaults to `true`
+- `CODEX_PROXY_AGENT`: set to `1`, `true`, or `yes` to enable Codex agent tools and workspace writes; defaults to `false`
 - `CODEX_PROXY_DEFAULT_CWD`: default Codex working directory, default current directory
 - `CODEX_PROXY_ALLOWED_ROOTS`: colon-separated allowed cwd roots, default `CODEX_PROXY_DEFAULT_CWD`
 - `CODEX_PROXY_TIMEOUT_SECONDS`: per-request timeout, default `300`

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/README.md

@@ -15,8 +15,9 @@ If you start with `--host 0.0.0.0` or another non-loopback bind address without
 With the default `exec` engine, Codex subprocesses are launched with `--ignore-user-config` and `--ignore-rules`. This prevents proxy requests from loading user Codex config, MCP servers, plugins, skills, and rule files.
 
 Codex subprocesses also use `--sandbox read-only` and `--ephemeral` by default. This keeps calls closer to one-shot model calls where the caller owns conversation context.
+Use `--agent` only for trusted clients when you want Codex to use agent tools and create or modify files under the selected workspace.
 
-The experimental `app-server` engine uses Codex's long-lived app-server protocol to reduce process startup latency and stream assistant deltas. Each API request starts a fresh Codex thread and archives it after completion, so callers must continue sending full chat history in `messages`. The app-server process uses an isolated `CODEX_HOME` at `~/.codex-api-proxy/codex-home` by default. `codex-api-proxy` symlinks only the current Codex `auth.json` into that isolated home, so the app-server worker can reuse the existing login while not seeing the current user's `config.toml`, MCP config, or plugins. The app-server process is also started with `--disable apps`, `--disable plugins`, `--disable skill_mcp_dependency_install`, and `-c mcp_servers={}`. To keep skills out of the model-visible prompt, `codex-api-proxy` generates a `skills.config=[{name=...,enabled=false}]` override for known system skills and locally discovered skill names. Each request uses an empty `dynamicTools` list, empty `environments`, `approvalPolicy: never`, `sandbox: read-only`, and `ephemeral: true` by default.
+The experimental `app-server` engine uses Codex's long-lived app-server protocol to reduce process startup latency and stream assistant deltas. Each API request starts a fresh Codex thread and archives it after completion, so callers must continue sending full chat history in `messages`. The app-server process uses an isolated `CODEX_HOME` at `~/.codex-api-proxy/codex-home` by default. `codex-api-proxy` symlinks only the current Codex `auth.json` into that isolated home, so the app-server worker can reuse the existing login while not seeing the current user's `config.toml`, MCP config, or plugins. The app-server process is also started with `--disable apps`, `--disable plugins`, `--disable skill_mcp_dependency_install`, and `-c mcp_servers={}`. To keep skills out of the model-visible prompt, `codex-api-proxy` generates a `skills.config=[{name=...,enabled=false}]` override for known system skills and locally discovered skill names. Each request uses `approvalPolicy: never`, `sandbox: read-only`, empty `dynamicTools`, empty `environments`, and `ephemeral: true` by default. With `--agent`, app-server requests use `sandbox: workspace-write` and omit the empty tool/environment overrides so Codex can use its normal agent tools.
 
 ## Install
 
@@ -130,6 +131,7 @@ CLI options:
 - `--app-server-codex-home`: isolated `CODEX_HOME` used by `app-server` workers, default `~/.codex-api-proxy/codex-home`
 - `--codex-config`: Codex config override passed as `-c key=value`, repeatable
 - `--ephemeral`: run `codex exec` with `--ephemeral`, enabled by default
+- `--agent` / `--no-agent`: enable or disable Codex agent tools and workspace writes, default disable
 - `--fast`: use fast defaults: `--codex-config model_reasoning_effort="low"`
 - `--default-cwd`: default Codex working directory, default `~/.codex-api-proxy/workspace`
 - `--allowed-root`: allowed cwd root, repeatable, default `--default-cwd`
@@ -157,6 +159,7 @@ Environment variables are also supported when running the FastAPI app directly:
 - `CODEX_PROXY_APP_SERVER_CODEX_HOME`: isolated `CODEX_HOME` used by `app-server` workers
 - `CODEX_PROXY_CODEX_CONFIGS`: `;;`-separated Codex config overrides passed as repeated `-c`
 - `CODEX_PROXY_EPHEMERAL`: set to `1`, `true`, or `yes` to run `codex exec` with `--ephemeral`; defaults to `true`
+- `CODEX_PROXY_AGENT`: set to `1`, `true`, or `yes` to enable Codex agent tools and workspace writes; defaults to `false`
 - `CODEX_PROXY_DEFAULT_CWD`: default Codex working directory, default current directory
 - `CODEX_PROXY_ALLOWED_ROOTS`: colon-separated allowed cwd roots, default `CODEX_PROXY_DEFAULT_CWD`
 - `CODEX_PROXY_TIMEOUT_SECONDS`: per-request timeout, default `300`

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "codex-api-proxy"
-version = "0.1.0"
+version = "0.1.1"
 description = "Local OpenAI-compatible HTTP proxy backed by Codex CLI"
 readme = "README.md"
 requires-python = ">=3.11"

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy/__init__.py

@@ -1,3 +1,3 @@
 """OpenAI-compatible HTTP proxy backed by the local Codex CLI."""
 
-__version__ = "0.1.0"
+__version__ = "0.1.1"

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy/app_server_runner.py

@@ -362,6 +362,7 @@ async def stream_app_server_turn(
     model: str | None,
     codex_configs: list[str],
     ephemeral: bool,
+    agent_enabled: bool = False,
     timeout_seconds: float,
     latency_callback: LatencyCallback | None = None,
 ) -> AsyncIterator[str]:
@@ -372,12 +373,13 @@ async def stream_app_server_turn(
         "approvalPolicy": "never",
         "config": config,
         "cwd": str(cwd),
-        "dynamicTools": [],
-        "environments": [],
         "ephemeral": ephemeral,
         "model": model,
-        "sandbox": "read-only",
+        "sandbox": "workspace-write" if agent_enabled else "read-only",
     }
+    if not agent_enabled:
+        thread_params["dynamicTools"] = []
+        thread_params["environments"] = []
     phase_started_at = time.perf_counter()
     start_response = await asyncio.wait_for(client.request("thread/start", thread_params), timeout=timeout_seconds)
     _record_latency(latency_callback, "app_server_thread_start", phase_started_at)
@@ -482,6 +484,7 @@ class AppServerWorkerPool:
         model: str | None,
         codex_configs: list[str],
         ephemeral: bool,
+        agent_enabled: bool = False,
         timeout_seconds: float,
         latency_callback: LatencyCallback | None = None,
     ) -> AsyncIterator[str]:
@@ -495,6 +498,7 @@ class AppServerWorkerPool:
                 model=model,
                 codex_configs=codex_configs,
                 ephemeral=ephemeral,
+                agent_enabled=agent_enabled,
                 timeout_seconds=timeout_seconds,
                 latency_callback=latency_callback,
             ):

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy/cli.py

@@ -92,6 +92,13 @@ def add_settings_args(parser: argparse.ArgumentParser, *, defaults: bool = True)
         help="Codex config override passed as -c key=value. May be repeated.",
     )
     parser.add_argument("--ephemeral", action="store_true", default=True, help="Run codex exec with --ephemeral.")
+    parser.add_argument(
+        "--agent",
+        dest="agent_enabled",
+        action=argparse.BooleanOptionalAction,
+        default=False if defaults else None,
+        help="Enable Codex agent tools and workspace writes. Defaults to disabled.",
+    )
     parser.add_argument("--fast", action="store_true", help="Use fast defaults: low reasoning config.")
     parser.add_argument(
         "--default-cwd",
@@ -202,6 +209,7 @@ def settings_from_args(args: argparse.Namespace) -> Settings:
         model=model,
         codex_configs=codex_configs,
         ephemeral=ephemeral,
+        agent_enabled=bool(args.agent_enabled),
         engine=args.engine,
         workers=args.workers,
         max_queue_size=args.max_queue_size,
@@ -230,6 +238,7 @@ def state_from_args(args: argparse.Namespace) -> dict[str, object]:
         "model": settings.model,
         "codex_configs": settings.codex_configs or [],
         "ephemeral": settings.ephemeral,
+        "agent_enabled": settings.agent_enabled,
         "engine": settings.engine,
         "workers": settings.workers,
         "max_queue_size": settings.max_queue_size,
@@ -294,6 +303,7 @@ def print_start_summary(args: argparse.Namespace, *, pid: int) -> None:
     print(f"  app_server_codex_home: {settings.app_server_codex_home or '<default>'}")
     print(f"  codex_configs: {', '.join(settings.codex_configs or []) if settings.codex_configs else '<none>'}")
     print(f"  ephemeral: {settings.ephemeral}")
+    print(f"  agent_enabled: {settings.agent_enabled}")
     print(f"  default_cwd: {settings.default_cwd}")
     print(f"  allowed_roots: {', '.join(str(root) for root in allowed_roots)}")
     print(f"  timeout_seconds: {settings.request_timeout_seconds}")
@@ -336,6 +346,11 @@ def args_from_state(state: dict[str, object], overrides: argparse.Namespace) ->
     )
     codex_configs = overrides.codex_configs if overrides.codex_configs is not None else state.get("codex_configs", [])
     ephemeral = overrides.ephemeral or bool(state.get("ephemeral", False))
+    agent_enabled = (
+        overrides.agent_enabled
+        if overrides.agent_enabled is not None
+        else bool(state.get("agent_enabled", state.get("workspace_write", False)))
+    )
     if overrides.fast:
         if overrides.model is None:
             model = FAST_MODEL
@@ -357,6 +372,7 @@ def args_from_state(state: dict[str, object], overrides: argparse.Namespace) ->
         app_server_codex_home=app_server_codex_home,
         codex_configs=list(codex_configs or []),
         ephemeral=ephemeral,
+        agent_enabled=agent_enabled,
         default_cwd=default_cwd,
         allowed_roots=allowed_roots or None,
         timeout_seconds=(
@@ -451,6 +467,8 @@ def start(args: argparse.Namespace) -> int:
         command.extend(["--codex-config", config])
     if args.ephemeral:
         command.append("--ephemeral")
+    if args.agent_enabled:
+        command.append("--agent")
     if args.fast:
         command.append("--fast")
     if args.api_key:
@@ -532,6 +550,7 @@ def status(args: argparse.Namespace) -> int:
             print(f"  proxy: {state.get('proxy') or '<none>'}")
             print(f"  model: {state.get('model') or '<default>'}")
             print(f"  engine: {state.get('engine', 'exec')}")
+            print(f"  agent_enabled: {state.get('agent_enabled', state.get('workspace_write', False))}")
             print(f"  workers: {state.get('workers', 1)}")
             print(f"  max_queue_size: {state.get('max_queue_size', 64)}")
             print(f"  queue_timeout_seconds: {state.get('queue_timeout_seconds', 30)}")

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy/codex_runner.py

@@ -131,6 +131,7 @@ def build_codex_command(
     model: str | None,
     codex_configs: list[str],
     ephemeral: bool,
+    agent_enabled: bool = False,
 ) -> list[str]:
     has_sandbox_override = any(config.strip().startswith("sandbox_mode") for config in codex_configs)
     command = [
@@ -142,7 +143,7 @@ def build_codex_command(
         "--ignore-rules",
     ]
     if not has_sandbox_override:
-        command.extend(["--sandbox", "read-only"])
+        command.extend(["--sandbox", "workspace-write" if agent_enabled else "read-only"])
     command.extend(["--cd", str(cwd)])
     if model:
         command.extend(["--model", model])
@@ -231,6 +232,7 @@ async def run_codex_exec(
     model: str | None = None,
     codex_configs: list[str] | None = None,
     ephemeral: bool = False,
+    agent_enabled: bool = False,
     latency_callback: Callable[[str, float], None] | None = None,
 ) -> str:
     command_started_at = time.perf_counter()
@@ -240,6 +242,7 @@ async def run_codex_exec(
         model=model,
         codex_configs=codex_configs or [],
         ephemeral=ephemeral,
+        agent_enabled=agent_enabled,
     )
     if latency_callback:
         latency_callback("codex_command_build", (time.perf_counter() - command_started_at) * 1000)

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy/config.py

@@ -25,6 +25,7 @@ class Settings:
     model: str | None = None
     codex_configs: list[str] | None = None
     ephemeral: bool = True
+    agent_enabled: bool = False
     engine: str = "exec"
     workers: int = 1
     max_queue_size: int = 64
@@ -55,6 +56,7 @@ class Settings:
                 if item
             ],
             ephemeral=os.environ.get("CODEX_PROXY_EPHEMERAL", "true").lower() in {"1", "true", "yes"},
+            agent_enabled=os.environ.get("CODEX_PROXY_AGENT", "false").lower() in {"1", "true", "yes"},
             engine=os.environ.get("CODEX_PROXY_ENGINE", "exec"),
             workers=int(os.environ.get("CODEX_PROXY_WORKERS", "1")),
             max_queue_size=int(os.environ.get("CODEX_PROXY_MAX_QUEUE_SIZE", "64")),

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy/main.py

@@ -322,6 +322,7 @@ def create_app(
                 "model": active_settings.model if request.model == "codex-local" else request.model,
                 "codex_configs": active_settings.codex_configs or [],
                 "ephemeral": active_settings.ephemeral,
+                "agent_enabled": active_settings.agent_enabled,
                 "timeout_seconds": active_settings.request_timeout_seconds,
                 "latency_callback": record_codex_phase,
             }
@@ -436,6 +437,7 @@ def create_app(
                     model=active_settings.model,
                     codex_configs=active_settings.codex_configs or [],
                     ephemeral=active_settings.ephemeral,
+                    agent_enabled=active_settings.agent_enabled,
                     latency_callback=record_codex_phase,
                 )
                 phases_ms["codex_exec"] = _elapsed_ms(codex_started_at)

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/src/codex_api_proxy.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codex-api-proxy
-Version: 0.1.0
+Version: 0.1.1
 Summary: Local OpenAI-compatible HTTP proxy backed by Codex CLI
 Author: codex-api-proxy contributors
 License-Expression: MIT
@@ -40,8 +40,9 @@ If you start with `--host 0.0.0.0` or another non-loopback bind address without
 With the default `exec` engine, Codex subprocesses are launched with `--ignore-user-config` and `--ignore-rules`. This prevents proxy requests from loading user Codex config, MCP servers, plugins, skills, and rule files.
 
 Codex subprocesses also use `--sandbox read-only` and `--ephemeral` by default. This keeps calls closer to one-shot model calls where the caller owns conversation context.
+Use `--agent` only for trusted clients when you want Codex to use agent tools and create or modify files under the selected workspace.
 
-The experimental `app-server` engine uses Codex's long-lived app-server protocol to reduce process startup latency and stream assistant deltas. Each API request starts a fresh Codex thread and archives it after completion, so callers must continue sending full chat history in `messages`. The app-server process uses an isolated `CODEX_HOME` at `~/.codex-api-proxy/codex-home` by default. `codex-api-proxy` symlinks only the current Codex `auth.json` into that isolated home, so the app-server worker can reuse the existing login while not seeing the current user's `config.toml`, MCP config, or plugins. The app-server process is also started with `--disable apps`, `--disable plugins`, `--disable skill_mcp_dependency_install`, and `-c mcp_servers={}`. To keep skills out of the model-visible prompt, `codex-api-proxy` generates a `skills.config=[{name=...,enabled=false}]` override for known system skills and locally discovered skill names. Each request uses an empty `dynamicTools` list, empty `environments`, `approvalPolicy: never`, `sandbox: read-only`, and `ephemeral: true` by default.
+The experimental `app-server` engine uses Codex's long-lived app-server protocol to reduce process startup latency and stream assistant deltas. Each API request starts a fresh Codex thread and archives it after completion, so callers must continue sending full chat history in `messages`. The app-server process uses an isolated `CODEX_HOME` at `~/.codex-api-proxy/codex-home` by default. `codex-api-proxy` symlinks only the current Codex `auth.json` into that isolated home, so the app-server worker can reuse the existing login while not seeing the current user's `config.toml`, MCP config, or plugins. The app-server process is also started with `--disable apps`, `--disable plugins`, `--disable skill_mcp_dependency_install`, and `-c mcp_servers={}`. To keep skills out of the model-visible prompt, `codex-api-proxy` generates a `skills.config=[{name=...,enabled=false}]` override for known system skills and locally discovered skill names. Each request uses `approvalPolicy: never`, `sandbox: read-only`, empty `dynamicTools`, empty `environments`, and `ephemeral: true` by default. With `--agent`, app-server requests use `sandbox: workspace-write` and omit the empty tool/environment overrides so Codex can use its normal agent tools.
 
 ## Install
 
@@ -155,6 +156,7 @@ CLI options:
 - `--app-server-codex-home`: isolated `CODEX_HOME` used by `app-server` workers, default `~/.codex-api-proxy/codex-home`
 - `--codex-config`: Codex config override passed as `-c key=value`, repeatable
 - `--ephemeral`: run `codex exec` with `--ephemeral`, enabled by default
+- `--agent` / `--no-agent`: enable or disable Codex agent tools and workspace writes, default disable
 - `--fast`: use fast defaults: `--codex-config model_reasoning_effort="low"`
 - `--default-cwd`: default Codex working directory, default `~/.codex-api-proxy/workspace`
 - `--allowed-root`: allowed cwd root, repeatable, default `--default-cwd`
@@ -182,6 +184,7 @@ Environment variables are also supported when running the FastAPI app directly:
 - `CODEX_PROXY_APP_SERVER_CODEX_HOME`: isolated `CODEX_HOME` used by `app-server` workers
 - `CODEX_PROXY_CODEX_CONFIGS`: `;;`-separated Codex config overrides passed as repeated `-c`
 - `CODEX_PROXY_EPHEMERAL`: set to `1`, `true`, or `yes` to run `codex exec` with `--ephemeral`; defaults to `true`
+- `CODEX_PROXY_AGENT`: set to `1`, `true`, or `yes` to enable Codex agent tools and workspace writes; defaults to `false`
 - `CODEX_PROXY_DEFAULT_CWD`: default Codex working directory, default current directory
 - `CODEX_PROXY_ALLOWED_ROOTS`: colon-separated allowed cwd roots, default `CODEX_PROXY_DEFAULT_CWD`
 - `CODEX_PROXY_TIMEOUT_SECONDS`: per-request timeout, default `300`

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/tests/test_api.py

@@ -247,6 +247,7 @@ def test_chat_completion_passes_proxy_to_runner(tmp_path: Path) -> None:
         assert kwargs["model"] == "gpt-5-mini"
         assert kwargs["codex_configs"] == ['model_reasoning_effort="low"']
         assert kwargs["ephemeral"] is True
+        assert kwargs["agent_enabled"] is True
         return "hello"
 
     app = create_app(
@@ -257,6 +258,7 @@ def test_chat_completion_passes_proxy_to_runner(tmp_path: Path) -> None:
             model="gpt-5-mini",
             codex_configs=['model_reasoning_effort="low"'],
             ephemeral=True,
+            agent_enabled=True,
         ),
         runner=fake_runner,
     )
@@ -278,11 +280,18 @@ def test_chat_completion_uses_app_server_engine(tmp_path: Path) -> None:
         assert kwargs["cwd"] == tmp_path.resolve()
         assert kwargs["prompt"] == "[user]\nhi\n"
         assert kwargs["model"] == "gpt-5-mini"
+        assert kwargs["agent_enabled"] is True
         yield "he"
         yield "llo"
 
     app = create_app(
-        Settings(default_cwd=tmp_path, allowed_roots=[tmp_path], engine="app-server", model="gpt-5-mini"),
+        Settings(
+            default_cwd=tmp_path,
+            allowed_roots=[tmp_path],
+            engine="app-server",
+            model="gpt-5-mini",
+            agent_enabled=True,
+        ),
         runner=fake_exec_runner,
         app_server_runner=fake_app_server_runner,
     )

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/tests/test_app_server_runner.py

@@ -72,6 +72,7 @@ async def test_stream_app_server_turn_creates_fresh_thread_and_streams_deltas(tm
             model="gpt-5-mini",
             codex_configs=['model_reasoning_effort="low"'],
             ephemeral=True,
+            agent_enabled=False,
             timeout_seconds=30,
             latency_callback=lambda name, elapsed: phases.append((name, elapsed)),
         )
@@ -124,12 +125,39 @@ async def test_app_server_pool_rejects_when_queue_is_full() -> None:
             model=None,
             codex_configs=[],
             ephemeral=True,
+            agent_enabled=False,
             timeout_seconds=1,
             latency_callback=None,
         ):
             pass
 
 
+@pytest.mark.asyncio
+async def test_stream_app_server_turn_enables_tools_and_workspace_write_when_agent_enabled(tmp_path: Path) -> None:
+    client = FakeClient()
+
+    chunks = [
+        chunk
+        async for chunk in stream_app_server_turn(
+            client=client,
+            cwd=tmp_path,
+            prompt="[user]\nhi",
+            model=None,
+            codex_configs=[],
+            ephemeral=True,
+            agent_enabled=True,
+            timeout_seconds=30,
+            latency_callback=None,
+        )
+    ]
+
+    assert chunks == ["he", "llo"]
+    thread_start_params = client.requests[0][1]
+    assert thread_start_params["sandbox"] == "workspace-write"
+    assert "dynamicTools" not in thread_start_params
+    assert "environments" not in thread_start_params
+
+
 def test_prepare_isolated_codex_home_reuses_only_auth_file(tmp_path: Path) -> None:
     source_home = tmp_path / "source-codex"
     isolated_home = tmp_path / "isolated-codex"

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/tests/test_cli.py

@@ -108,16 +108,32 @@ def test_start_accepts_overrides(tmp_path: Path) -> None:
     assert settings.max_concurrency == 3
     assert settings.proxy == "http://127.0.0.1:7890"
     assert settings.engine == "exec"
+    assert settings.agent_enabled is False
     assert settings.workers == 1
     assert settings.max_queue_size == 64
     assert settings.queue_timeout_seconds == 30
     assert settings.app_server_codex_home == default_app_server_codex_home()
 
 
+def test_start_accepts_agent_switch(tmp_path: Path) -> None:
+    parser = build_parser()
+    args = parser.parse_args(["start", "--default-cwd", str(tmp_path), "--agent"])
+
+    settings = settings_from_args(args)
+
+    assert settings.agent_enabled is True
+
+
 def test_start_rejects_removed_direct_options(tmp_path: Path) -> None:
     parser = build_parser()
 
-    for option in ("--backend", "--no-direct-fallback", "--codex-auth-file", "--codex-config-file"):
+    for option in (
+        "--backend",
+        "--no-direct-fallback",
+        "--codex-auth-file",
+        "--codex-config-file",
+        "--workspace-write",
+    ):
         with pytest.raises(SystemExit):
             parser.parse_args(["start", option, str(tmp_path / "value")])
 
@@ -231,6 +247,7 @@ def test_start_state_round_trip_restricts_permissions(tmp_path: Path) -> None:
             "9999",
             "--proxy",
             "http://127.0.0.1:8118",
+            "--agent",
             "--default-cwd",
             str(root),
             "--allowed-root",
@@ -253,6 +270,7 @@ def test_start_state_round_trip_restricts_permissions(tmp_path: Path) -> None:
     assert loaded["model"] is None
     assert loaded["codex_configs"] == []
     assert loaded["ephemeral"] is True
+    assert loaded["agent_enabled"] is True
     assert loaded["engine"] == "exec"
     assert loaded["workers"] == 1
     assert loaded["max_queue_size"] == 64
@@ -314,6 +332,7 @@ def test_restart_reuses_state_and_allows_overrides(tmp_path: Path, monkeypatch)
             "8765",
             "--proxy",
             "http://127.0.0.1:8118",
+            "--agent",
             "--default-cwd",
             str(root),
             "--pid-file",
@@ -334,7 +353,18 @@ def test_restart_reuses_state_and_allows_overrides(tmp_path: Path, monkeypatch)
 
     def fake_start(args):
         assert args.fast is False
-        calls.append(("start", args.host, args.port, args.proxy, args.default_cwd, args.pid_file, args.log_file))
+        calls.append(
+            (
+                "start",
+                args.host,
+                args.port,
+                args.proxy,
+                args.agent_enabled,
+                args.default_cwd,
+                args.pid_file,
+                args.log_file,
+            )
+        )
         return 0
 
     monkeypatch.setattr(cli, "stop", fake_stop)
@@ -343,7 +373,7 @@ def test_restart_reuses_state_and_allows_overrides(tmp_path: Path, monkeypatch)
     assert restart(restart_args) == 0
     assert calls == [
         ("stop", pid_file),
-        ("start", "127.0.0.1", 9999, "http://127.0.0.1:8118", root, pid_file, log_file),
+        ("start", "127.0.0.1", 9999, "http://127.0.0.1:8118", True, root, pid_file, log_file),
     ]
 
 
@@ -392,6 +422,7 @@ def test_start_prints_state_file_and_effective_parameters(tmp_path: Path, monkey
     assert "chat_completions_url: http://127.0.0.1:9999/v1/chat/completions" in output
     assert "proxy: http://127.0.0.1:8118" in output
     assert "engine: exec" in output
+    assert "agent_enabled: False" in output
     assert "workers: 1" in output
     assert "max_queue_size: 64" in output
     assert "queue_timeout_seconds: 30" in output
@@ -485,6 +516,7 @@ def test_status_verbose_prints_runtime_details_from_state(tmp_path: Path, monkey
             "9999",
             "--proxy",
             "http://127.0.0.1:8118",
+            "--agent",
             "--pid-file",
             str(pid_file),
             "--log-file",
@@ -502,6 +534,7 @@ def test_status_verbose_prints_runtime_details_from_state(tmp_path: Path, monkey
     output = capsys.readouterr().out
 
     assert "engine: app-server" in output
+    assert "agent_enabled: True" in output
     assert "workers: 2" in output
     assert "proxy: http://127.0.0.1:8118" in output
     assert f"log: {log_file}" in output

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/tests/test_codex_runner.py

@@ -120,6 +120,7 @@ def test_build_codex_command_omits_optional_flags(tmp_path) -> None:
         model=None,
         codex_configs=[],
         ephemeral=False,
+        agent_enabled=False,
     )
 
     assert "--model" not in command
@@ -131,18 +132,19 @@ def test_build_codex_command_omits_optional_flags(tmp_path) -> None:
     assert "read-only" in command
 
 
-def test_build_codex_command_does_not_add_read_only_sandbox_when_config_overrides(tmp_path) -> None:
+def test_build_codex_command_uses_workspace_write_sandbox_when_agent_enabled(tmp_path) -> None:
     command = build_codex_command(
         codex_bin="codex",
         cwd=tmp_path,
         model=None,
-        codex_configs=['sandbox_mode="workspace-write"'],
+        codex_configs=[],
         ephemeral=True,
+        agent_enabled=True,
     )
 
-    assert "--sandbox" not in command
-    assert "-c" in command
-    assert 'sandbox_mode="workspace-write"' in command
+    assert "--sandbox" in command
+    sandbox_index = command.index("--sandbox")
+    assert command[sandbox_index + 1] == "workspace-write"
 
 
 def test_summarize_process_error_prefers_stdout_error_when_stderr_empty() -> None:

{codex_api_proxy-0.1.0 → codex_api_proxy-0.1.1}/tests/test_config.py

@@ -34,6 +34,7 @@ def test_child_cwd_is_allowed(tmp_path: Path) -> None:
 def test_from_env_reads_engine_worker_and_queue_settings(tmp_path: Path, monkeypatch) -> None:
     monkeypatch.setenv("CODEX_PROXY_DEFAULT_CWD", str(tmp_path))
     monkeypatch.setenv("CODEX_PROXY_ENGINE", "app-server")
+    monkeypatch.setenv("CODEX_PROXY_AGENT", "true")
     monkeypatch.setenv("CODEX_PROXY_WORKERS", "4")
     monkeypatch.setenv("CODEX_PROXY_MAX_QUEUE_SIZE", "8")
     monkeypatch.setenv("CODEX_PROXY_QUEUE_TIMEOUT_SECONDS", "2.5")
@@ -43,6 +44,7 @@ def test_from_env_reads_engine_worker_and_queue_settings(tmp_path: Path, monkeyp
     settings = Settings.from_env()
 
     assert settings.engine == "app-server"
+    assert settings.agent_enabled is True
     assert settings.workers == 4
     assert settings.max_queue_size == 8
     assert settings.queue_timeout_seconds == 2.5