@@ -23,6 +23,8 @@ const mainPath = fileURLToPath(new URL("../dist/main.js", import.meta.url));
2323function runCodexExecWithFakeCodex ( {
2424 sandbox = "" ,
2525 permissionProfile = "" ,
26+ includeSandbox = true ,
27+ includePermissionProfile = true ,
2628 extraArgs = "" ,
2729 safetyStrategy = "drop-sudo" ,
2830} = { } ) {
@@ -56,40 +58,46 @@ writeFileSync(args[outputIndex + 1], "fake final message\\n");
5658 "utf8"
5759 ) ;
5860
61+ const cliArgs = [
62+ mainPath ,
63+ "run-codex-exec" ,
64+ "--prompt" ,
65+ "test prompt" ,
66+ "--prompt-file" ,
67+ "" ,
68+ "--codex-home" ,
69+ "" ,
70+ "--cd" ,
71+ tempDir ,
72+ "--extra-args" ,
73+ extraArgs ,
74+ "--output-file" ,
75+ outputPath ,
76+ "--output-schema-file" ,
77+ "" ,
78+ "--output-schema" ,
79+ "" ,
80+ ] ;
81+ if ( includeSandbox ) {
82+ cliArgs . push ( "--sandbox" , sandbox ) ;
83+ }
84+ if ( includePermissionProfile ) {
85+ cliArgs . push ( "--permission-profile" , permissionProfile ) ;
86+ }
87+ cliArgs . push (
88+ "--model" ,
89+ "" ,
90+ "--effort" ,
91+ "" ,
92+ "--safety-strategy" ,
93+ safetyStrategy ,
94+ "--codex-user" ,
95+ ""
96+ ) ;
97+
5998 const result = spawnSync (
6099 process . execPath ,
61- [
62- mainPath ,
63- "run-codex-exec" ,
64- "--prompt" ,
65- "test prompt" ,
66- "--prompt-file" ,
67- "" ,
68- "--codex-home" ,
69- "" ,
70- "--cd" ,
71- tempDir ,
72- "--extra-args" ,
73- extraArgs ,
74- "--output-file" ,
75- outputPath ,
76- "--output-schema-file" ,
77- "" ,
78- "--output-schema" ,
79- "" ,
80- "--sandbox" ,
81- sandbox ,
82- "--permission-profile" ,
83- permissionProfile ,
84- "--model" ,
85- "" ,
86- "--effort" ,
87- "" ,
88- "--safety-strategy" ,
89- safetyStrategy ,
90- "--codex-user" ,
91- "" ,
92- ] ,
100+ cliArgs ,
93101 {
94102 encoding : "utf8" ,
95103 env : {
@@ -117,8 +125,50 @@ test("preserves workspace-write as the default legacy sandbox", () => {
117125 assert . deepEqual ( capturedArgs . slice ( - 2 ) , [ "--sandbox" , "workspace-write" ] ) ;
118126} ) ;
119127
120- test ( "selects a permission profile without passing --sandbox" , ( ) => {
128+ test ( "allows permission-profile to be omitted" , ( ) => {
129+ const { result, capturedArgs } = runCodexExecWithFakeCodex ( {
130+ includePermissionProfile : false ,
131+ } ) ;
132+
133+ assert . equal ( result . status , 0 , result . stderr ) ;
134+ assert . deepEqual ( capturedArgs . slice ( - 2 ) , [ "--sandbox" , "workspace-write" ] ) ;
135+ } ) ;
136+
137+ test ( "allows sandbox to be omitted" , ( ) => {
138+ const { result, capturedArgs } = runCodexExecWithFakeCodex ( {
139+ includeSandbox : false ,
140+ } ) ;
141+
142+ assert . equal ( result . status , 0 , result . stderr ) ;
143+ assert . deepEqual ( capturedArgs . slice ( - 2 ) , [ "--sandbox" , "workspace-write" ] ) ;
144+ } ) ;
145+
146+ test ( "allows sandbox and permission-profile to both be omitted" , ( ) => {
147+ const { result, capturedArgs } = runCodexExecWithFakeCodex ( {
148+ includeSandbox : false ,
149+ includePermissionProfile : false ,
150+ } ) ;
151+
152+ assert . equal ( result . status , 0 , result . stderr ) ;
153+ assert . deepEqual ( capturedArgs . slice ( - 2 ) , [ "--sandbox" , "workspace-write" ] ) ;
154+ } ) ;
155+
156+ test ( "selects a permission profile with an empty sandbox" , ( ) => {
157+ const { result, capturedArgs } = runCodexExecWithFakeCodex ( {
158+ permissionProfile : "public-review" ,
159+ } ) ;
160+
161+ assert . equal ( result . status , 0 , result . stderr ) ;
162+ assert . equal ( capturedArgs . includes ( "--sandbox" ) , false ) ;
163+ assert . deepEqual ( capturedArgs . slice ( - 2 ) , [
164+ "--config" ,
165+ 'default_permissions="public-review"' ,
166+ ] ) ;
167+ } ) ;
168+
169+ test ( "selects a permission profile when sandbox is omitted" , ( ) => {
121170 const { result, capturedArgs } = runCodexExecWithFakeCodex ( {
171+ includeSandbox : false ,
122172 permissionProfile : "public-review" ,
123173 } ) ;
124174
0 commit comments