Skip to content

Commit fd87d0d

Browse files
committed
fix: allow omitted permission helper flags
1 parent 0d2a018 commit fd87d0d

3 files changed

Lines changed: 96 additions & 42 deletions

File tree

dist/main.js

Lines changed: 7 additions & 5 deletions
Large diffs are not rendered by default.

src/main.ts

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -146,13 +146,15 @@ export async function main() {
146146
"--output-schema <SCHEMA>",
147147
"Inline schema contents to pass to `codex exec --output-schema`."
148148
)
149-
.requiredOption(
149+
.option(
150150
"--sandbox <SANDBOX>",
151-
"Legacy sandbox mode override to pass to `codex exec` (may be empty)."
151+
"Legacy sandbox mode override to pass to `codex exec` (may be empty).",
152+
""
152153
)
153-
.requiredOption(
154+
.option(
154155
"--permission-profile <PROFILE>",
155-
"Permission profile to select through `default_permissions` (may be empty)."
156+
"Permission profile to select through `default_permissions` (may be empty).",
157+
""
156158
)
157159
.requiredOption("--model <model>", "Model the agent should use")
158160
.requiredOption("--effort <effort>", "Reasoning effort the agent should use")

test/runCodexExec.test.mjs

Lines changed: 83 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ const mainPath = fileURLToPath(new URL("../dist/main.js", import.meta.url));
2323
function runCodexExecWithFakeCodex({
2424
sandbox = "",
2525
permissionProfile = "",
26+
includeSandbox = true,
27+
includePermissionProfile = true,
2628
extraArgs = "",
2729
safetyStrategy = "drop-sudo",
2830
} = {}) {
@@ -56,40 +58,46 @@ writeFileSync(args[outputIndex + 1], "fake final message\\n");
5658
"utf8"
5759
);
5860

61+
const cliArgs = [
62+
mainPath,
63+
"run-codex-exec",
64+
"--prompt",
65+
"test prompt",
66+
"--prompt-file",
67+
"",
68+
"--codex-home",
69+
"",
70+
"--cd",
71+
tempDir,
72+
"--extra-args",
73+
extraArgs,
74+
"--output-file",
75+
outputPath,
76+
"--output-schema-file",
77+
"",
78+
"--output-schema",
79+
"",
80+
];
81+
if (includeSandbox) {
82+
cliArgs.push("--sandbox", sandbox);
83+
}
84+
if (includePermissionProfile) {
85+
cliArgs.push("--permission-profile", permissionProfile);
86+
}
87+
cliArgs.push(
88+
"--model",
89+
"",
90+
"--effort",
91+
"",
92+
"--safety-strategy",
93+
safetyStrategy,
94+
"--codex-user",
95+
""
96+
);
97+
5998
const result = spawnSync(
6099
process.execPath,
61-
[
62-
mainPath,
63-
"run-codex-exec",
64-
"--prompt",
65-
"test prompt",
66-
"--prompt-file",
67-
"",
68-
"--codex-home",
69-
"",
70-
"--cd",
71-
tempDir,
72-
"--extra-args",
73-
extraArgs,
74-
"--output-file",
75-
outputPath,
76-
"--output-schema-file",
77-
"",
78-
"--output-schema",
79-
"",
80-
"--sandbox",
81-
sandbox,
82-
"--permission-profile",
83-
permissionProfile,
84-
"--model",
85-
"",
86-
"--effort",
87-
"",
88-
"--safety-strategy",
89-
safetyStrategy,
90-
"--codex-user",
91-
"",
92-
],
100+
cliArgs,
93101
{
94102
encoding: "utf8",
95103
env: {
@@ -117,8 +125,50 @@ test("preserves workspace-write as the default legacy sandbox", () => {
117125
assert.deepEqual(capturedArgs.slice(-2), ["--sandbox", "workspace-write"]);
118126
});
119127

120-
test("selects a permission profile without passing --sandbox", () => {
128+
test("allows permission-profile to be omitted", () => {
129+
const { result, capturedArgs } = runCodexExecWithFakeCodex({
130+
includePermissionProfile: false,
131+
});
132+
133+
assert.equal(result.status, 0, result.stderr);
134+
assert.deepEqual(capturedArgs.slice(-2), ["--sandbox", "workspace-write"]);
135+
});
136+
137+
test("allows sandbox to be omitted", () => {
138+
const { result, capturedArgs } = runCodexExecWithFakeCodex({
139+
includeSandbox: false,
140+
});
141+
142+
assert.equal(result.status, 0, result.stderr);
143+
assert.deepEqual(capturedArgs.slice(-2), ["--sandbox", "workspace-write"]);
144+
});
145+
146+
test("allows sandbox and permission-profile to both be omitted", () => {
147+
const { result, capturedArgs } = runCodexExecWithFakeCodex({
148+
includeSandbox: false,
149+
includePermissionProfile: false,
150+
});
151+
152+
assert.equal(result.status, 0, result.stderr);
153+
assert.deepEqual(capturedArgs.slice(-2), ["--sandbox", "workspace-write"]);
154+
});
155+
156+
test("selects a permission profile with an empty sandbox", () => {
157+
const { result, capturedArgs } = runCodexExecWithFakeCodex({
158+
permissionProfile: "public-review",
159+
});
160+
161+
assert.equal(result.status, 0, result.stderr);
162+
assert.equal(capturedArgs.includes("--sandbox"), false);
163+
assert.deepEqual(capturedArgs.slice(-2), [
164+
"--config",
165+
'default_permissions="public-review"',
166+
]);
167+
});
168+
169+
test("selects a permission profile when sandbox is omitted", () => {
121170
const { result, capturedArgs } = runCodexExecWithFakeCodex({
171+
includeSandbox: false,
122172
permissionProfile: "public-review",
123173
});
124174

0 commit comments

Comments
 (0)