mirror of
https://github.com/openai/codex.git
synced 2026-02-17 14:23:48 +00:00
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
47795a6201 |
@@ -1639,13 +1639,30 @@ impl CodexMessageProcessor {
|
||||
let timeout_ms = params
|
||||
.timeout_ms
|
||||
.and_then(|timeout_ms| u64::try_from(timeout_ms).ok());
|
||||
let started_network_proxy = match self.config.network.as_ref() {
|
||||
Some(spec) => match spec.start_proxy().await {
|
||||
Ok(started) => Some(started),
|
||||
Err(err) => {
|
||||
let error = JSONRPCErrorError {
|
||||
code: INTERNAL_ERROR_CODE,
|
||||
message: format!("failed to start managed network proxy: {err}"),
|
||||
data: None,
|
||||
};
|
||||
self.outgoing.send_error(request, error).await;
|
||||
return;
|
||||
}
|
||||
},
|
||||
None => None,
|
||||
};
|
||||
let windows_sandbox_level = WindowsSandboxLevel::from_config(&self.config);
|
||||
let exec_params = ExecParams {
|
||||
command: params.command,
|
||||
cwd,
|
||||
expiration: timeout_ms.into(),
|
||||
env,
|
||||
network: self.config.network.clone(),
|
||||
network: started_network_proxy
|
||||
.as_ref()
|
||||
.map(|(proxy, _handle)| proxy.clone()),
|
||||
sandbox_permissions: SandboxPermissions::UseDefault,
|
||||
windows_sandbox_level,
|
||||
justification: None,
|
||||
@@ -1673,9 +1690,12 @@ impl CodexMessageProcessor {
|
||||
let outgoing = self.outgoing.clone();
|
||||
let request_for_task = request;
|
||||
let sandbox_cwd = self.config.cwd.clone();
|
||||
let started_network_proxy_for_task = started_network_proxy;
|
||||
let use_linux_sandbox_bwrap = self.config.features.enabled(Feature::UseLinuxSandboxBwrap);
|
||||
|
||||
tokio::spawn(async move {
|
||||
let _network_proxy_handle =
|
||||
started_network_proxy_for_task.map(|(_proxy, handle)| handle);
|
||||
match codex_core::exec::process_exec_tool_call(
|
||||
exec_params,
|
||||
&effective_policy,
|
||||
|
||||
@@ -42,6 +42,7 @@ use crate::turn_metadata::resolve_turn_metadata_header_with_timeout;
|
||||
use crate::util::error_or_panic;
|
||||
use async_channel::Receiver;
|
||||
use async_channel::Sender;
|
||||
use codex_network_proxy::NetworkProxy;
|
||||
use codex_protocol::ThreadId;
|
||||
use codex_protocol::approvals::ExecPolicyAmendment;
|
||||
use codex_protocol::config_types::ModeKind;
|
||||
@@ -525,6 +526,7 @@ pub(crate) struct TurnContext {
|
||||
pub(crate) personality: Option<Personality>,
|
||||
pub(crate) approval_policy: AskForApproval,
|
||||
pub(crate) sandbox_policy: SandboxPolicy,
|
||||
pub(crate) network: Option<NetworkProxy>,
|
||||
pub(crate) windows_sandbox_level: WindowsSandboxLevel,
|
||||
pub(crate) shell_environment_policy: ShellEnvironmentPolicy,
|
||||
pub(crate) tools_config: ToolsConfig,
|
||||
@@ -789,6 +791,7 @@ impl Session {
|
||||
session_configuration: &SessionConfiguration,
|
||||
per_turn_config: Config,
|
||||
model_info: ModelInfo,
|
||||
network: Option<NetworkProxy>,
|
||||
sub_id: String,
|
||||
) -> TurnContext {
|
||||
let reasoning_effort = session_configuration.collaboration_mode.reasoning_effort();
|
||||
@@ -828,6 +831,7 @@ impl Session {
|
||||
personality: session_configuration.personality,
|
||||
approval_policy: session_configuration.approval_policy.value(),
|
||||
sandbox_policy: session_configuration.sandbox_policy.get().clone(),
|
||||
network,
|
||||
windows_sandbox_level: session_configuration.windows_sandbox_level,
|
||||
shell_environment_policy: per_turn_config.shell_environment_policy.clone(),
|
||||
tools_config,
|
||||
@@ -1045,6 +1049,19 @@ impl Session {
|
||||
};
|
||||
session_configuration.thread_name = thread_name.clone();
|
||||
let state = SessionState::new(session_configuration.clone());
|
||||
let started_network_proxy = match config.network.as_ref() {
|
||||
Some(spec) => {
|
||||
let (proxy, handle) = spec.start_proxy().await.map_err(|err| {
|
||||
anyhow::anyhow!("failed to start managed network proxy: {err}")
|
||||
})?;
|
||||
Some((proxy, handle))
|
||||
}
|
||||
None => None,
|
||||
};
|
||||
let (network_proxy, network_proxy_handle) = match started_network_proxy {
|
||||
Some((proxy, handle)) => (Some(proxy), Some(handle)),
|
||||
None => (None, None),
|
||||
};
|
||||
|
||||
let services = SessionServices {
|
||||
mcp_connection_manager: Arc::new(RwLock::new(McpConnectionManager::default())),
|
||||
@@ -1066,6 +1083,8 @@ impl Session {
|
||||
skills_manager,
|
||||
file_watcher,
|
||||
agent_control,
|
||||
network_proxy,
|
||||
_network_proxy_handle: network_proxy_handle,
|
||||
state_db: state_db_ctx.clone(),
|
||||
model_client: ModelClient::new(
|
||||
Some(Arc::clone(&auth_manager)),
|
||||
@@ -1477,6 +1496,7 @@ impl Session {
|
||||
&session_configuration,
|
||||
per_turn_config,
|
||||
model_info,
|
||||
self.services.network_proxy.clone(),
|
||||
sub_id,
|
||||
);
|
||||
|
||||
@@ -3607,6 +3627,7 @@ async fn spawn_review_thread(
|
||||
personality: parent_turn_context.personality,
|
||||
approval_policy: parent_turn_context.approval_policy,
|
||||
sandbox_policy: parent_turn_context.sandbox_policy.clone(),
|
||||
network: parent_turn_context.network.clone(),
|
||||
windows_sandbox_level: parent_turn_context.windows_sandbox_level,
|
||||
shell_environment_policy: parent_turn_context.shell_environment_policy.clone(),
|
||||
cwd: parent_turn_context.cwd.clone(),
|
||||
@@ -5917,6 +5938,8 @@ mod tests {
|
||||
skills_manager,
|
||||
file_watcher,
|
||||
agent_control,
|
||||
network_proxy: None,
|
||||
_network_proxy_handle: None,
|
||||
state_db: None,
|
||||
model_client: ModelClient::new(
|
||||
Some(auth_manager.clone()),
|
||||
@@ -5940,6 +5963,7 @@ mod tests {
|
||||
&session_configuration,
|
||||
per_turn_config,
|
||||
model_info,
|
||||
None,
|
||||
"turn_id".to_string(),
|
||||
);
|
||||
|
||||
@@ -6049,6 +6073,8 @@ mod tests {
|
||||
skills_manager,
|
||||
file_watcher,
|
||||
agent_control,
|
||||
network_proxy: None,
|
||||
_network_proxy_handle: None,
|
||||
state_db: None,
|
||||
model_client: ModelClient::new(
|
||||
Some(Arc::clone(&auth_manager)),
|
||||
@@ -6072,6 +6098,7 @@ mod tests {
|
||||
&session_configuration,
|
||||
per_turn_config,
|
||||
model_info,
|
||||
None,
|
||||
"turn_id".to_string(),
|
||||
));
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ use crate::config_loader::ConstrainedWithSource;
|
||||
use crate::config_loader::LoaderOverrides;
|
||||
use crate::config_loader::McpServerIdentity;
|
||||
use crate::config_loader::McpServerRequirement;
|
||||
use crate::config_loader::NetworkConstraints;
|
||||
use crate::config_loader::ResidencyRequirement;
|
||||
use crate::config_loader::Sourced;
|
||||
use crate::config_loader::load_config_layers_state;
|
||||
@@ -45,9 +46,18 @@ use crate::project_doc::LOCAL_PROJECT_DOC_FILENAME;
|
||||
use crate::protocol::AskForApproval;
|
||||
use crate::protocol::SandboxPolicy;
|
||||
use crate::windows_sandbox::WindowsSandboxLevelExt;
|
||||
use async_trait::async_trait;
|
||||
use codex_app_server_protocol::Tools;
|
||||
use codex_app_server_protocol::UserSavedConfig;
|
||||
use codex_network_proxy::ConfigReloader;
|
||||
use codex_network_proxy::ConfigState;
|
||||
use codex_network_proxy::NetworkProxy;
|
||||
use codex_network_proxy::NetworkProxyConfig;
|
||||
use codex_network_proxy::NetworkProxyConstraints;
|
||||
use codex_network_proxy::NetworkProxyHandle;
|
||||
use codex_network_proxy::NetworkProxyState;
|
||||
use codex_network_proxy::build_config_state;
|
||||
use codex_network_proxy::validate_policy_against_constraints;
|
||||
use codex_protocol::config_types::AltScreenMode;
|
||||
use codex_protocol::config_types::ForcedLoginMethod;
|
||||
use codex_protocol::config_types::ModeKind;
|
||||
@@ -71,6 +81,7 @@ use std::collections::HashMap;
|
||||
use std::io::ErrorKind;
|
||||
use std::path::Path;
|
||||
use std::path::PathBuf;
|
||||
use std::sync::Arc;
|
||||
#[cfg(test)]
|
||||
use tempfile::tempdir;
|
||||
|
||||
@@ -101,6 +112,168 @@ pub(crate) const DEFAULT_AGENT_MAX_THREADS: Option<usize> = Some(6);
|
||||
|
||||
pub const CONFIG_TOML_FILE: &str = "config.toml";
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct NetworkProxySpec {
|
||||
config: NetworkProxyConfig,
|
||||
constraints: NetworkProxyConstraints,
|
||||
cfg_path: PathBuf,
|
||||
}
|
||||
|
||||
impl PartialEq for NetworkProxySpec {
|
||||
fn eq(&self, other: &Self) -> bool {
|
||||
let this = &self.config.network;
|
||||
let that = &other.config.network;
|
||||
self.constraints == other.constraints
|
||||
&& self.cfg_path == other.cfg_path
|
||||
&& this.enabled == that.enabled
|
||||
&& this.proxy_url == that.proxy_url
|
||||
&& this.admin_url == that.admin_url
|
||||
&& this.enable_socks5 == that.enable_socks5
|
||||
&& this.socks_url == that.socks_url
|
||||
&& this.enable_socks5_udp == that.enable_socks5_udp
|
||||
&& this.allow_upstream_proxy == that.allow_upstream_proxy
|
||||
&& this.dangerously_allow_non_loopback_proxy
|
||||
== that.dangerously_allow_non_loopback_proxy
|
||||
&& this.dangerously_allow_non_loopback_admin
|
||||
== that.dangerously_allow_non_loopback_admin
|
||||
&& this.mode == that.mode
|
||||
&& this.allowed_domains == that.allowed_domains
|
||||
&& this.denied_domains == that.denied_domains
|
||||
&& this.allow_unix_sockets == that.allow_unix_sockets
|
||||
&& this.allow_local_binding == that.allow_local_binding
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
struct StaticNetworkProxyReloader {
|
||||
state: ConfigState,
|
||||
}
|
||||
|
||||
impl StaticNetworkProxyReloader {
|
||||
fn new(state: ConfigState) -> Self {
|
||||
Self { state }
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl ConfigReloader for StaticNetworkProxyReloader {
|
||||
async fn maybe_reload(&self) -> anyhow::Result<Option<ConfigState>> {
|
||||
Ok(None)
|
||||
}
|
||||
|
||||
async fn reload_now(&self) -> anyhow::Result<ConfigState> {
|
||||
Ok(self.state.clone())
|
||||
}
|
||||
}
|
||||
|
||||
impl NetworkProxySpec {
|
||||
fn from_constraints(
|
||||
merged_toml: TomlValue,
|
||||
requirements: NetworkConstraints,
|
||||
cfg_path: PathBuf,
|
||||
) -> std::io::Result<Self> {
|
||||
let config: NetworkProxyConfig = merged_toml.try_into().map_err(|err| {
|
||||
std::io::Error::new(
|
||||
std::io::ErrorKind::InvalidData,
|
||||
format!("failed to deserialize network proxy config: {err}"),
|
||||
)
|
||||
})?;
|
||||
let (config, constraints) = Self::apply_requirements(config, &requirements);
|
||||
validate_policy_against_constraints(&config, &constraints).map_err(|err| {
|
||||
std::io::Error::new(
|
||||
std::io::ErrorKind::InvalidInput,
|
||||
format!("network proxy constraints are invalid: {err}"),
|
||||
)
|
||||
})?;
|
||||
Ok(Self {
|
||||
config,
|
||||
constraints,
|
||||
cfg_path,
|
||||
})
|
||||
}
|
||||
|
||||
pub async fn start_proxy(&self) -> std::io::Result<(NetworkProxy, NetworkProxyHandle)> {
|
||||
let state = build_config_state(
|
||||
self.config.clone(),
|
||||
self.constraints.clone(),
|
||||
self.cfg_path.clone(),
|
||||
)
|
||||
.map_err(|err| {
|
||||
std::io::Error::other(format!("failed to build network proxy state: {err}"))
|
||||
})?;
|
||||
let reloader = Arc::new(StaticNetworkProxyReloader::new(state.clone()));
|
||||
let state = NetworkProxyState::with_reloader(state, reloader);
|
||||
let proxy = NetworkProxy::builder()
|
||||
.state(Arc::new(state))
|
||||
.build()
|
||||
.await
|
||||
.map_err(|err| {
|
||||
std::io::Error::other(format!("failed to build network proxy: {err}"))
|
||||
})?;
|
||||
let handle = proxy
|
||||
.run()
|
||||
.await
|
||||
.map_err(|err| std::io::Error::other(format!("failed to run network proxy: {err}")))?;
|
||||
Ok((proxy, handle))
|
||||
}
|
||||
|
||||
fn apply_requirements(
|
||||
mut config: NetworkProxyConfig,
|
||||
requirements: &NetworkConstraints,
|
||||
) -> (NetworkProxyConfig, NetworkProxyConstraints) {
|
||||
let mut constraints = NetworkProxyConstraints::default();
|
||||
|
||||
if let Some(enabled) = requirements.enabled {
|
||||
config.network.enabled = enabled;
|
||||
constraints.enabled = Some(enabled);
|
||||
}
|
||||
if let Some(http_port) = requirements.http_port {
|
||||
config.network.proxy_url = format!("http://127.0.0.1:{http_port}");
|
||||
}
|
||||
if let Some(socks_port) = requirements.socks_port {
|
||||
config.network.socks_url = format!("http://127.0.0.1:{socks_port}");
|
||||
}
|
||||
if let Some(allow_upstream_proxy) = requirements.allow_upstream_proxy {
|
||||
config.network.allow_upstream_proxy = allow_upstream_proxy;
|
||||
constraints.allow_upstream_proxy = Some(allow_upstream_proxy);
|
||||
}
|
||||
if let Some(dangerously_allow_non_loopback_proxy) =
|
||||
requirements.dangerously_allow_non_loopback_proxy
|
||||
{
|
||||
config.network.dangerously_allow_non_loopback_proxy =
|
||||
dangerously_allow_non_loopback_proxy;
|
||||
constraints.dangerously_allow_non_loopback_proxy =
|
||||
Some(dangerously_allow_non_loopback_proxy);
|
||||
}
|
||||
if let Some(dangerously_allow_non_loopback_admin) =
|
||||
requirements.dangerously_allow_non_loopback_admin
|
||||
{
|
||||
config.network.dangerously_allow_non_loopback_admin =
|
||||
dangerously_allow_non_loopback_admin;
|
||||
constraints.dangerously_allow_non_loopback_admin =
|
||||
Some(dangerously_allow_non_loopback_admin);
|
||||
}
|
||||
if let Some(allowed_domains) = requirements.allowed_domains.clone() {
|
||||
config.network.allowed_domains = allowed_domains.clone();
|
||||
constraints.allowed_domains = Some(allowed_domains);
|
||||
}
|
||||
if let Some(denied_domains) = requirements.denied_domains.clone() {
|
||||
config.network.denied_domains = denied_domains.clone();
|
||||
constraints.denied_domains = Some(denied_domains);
|
||||
}
|
||||
if let Some(allow_unix_sockets) = requirements.allow_unix_sockets.clone() {
|
||||
config.network.allow_unix_sockets = allow_unix_sockets.clone();
|
||||
constraints.allow_unix_sockets = Some(allow_unix_sockets);
|
||||
}
|
||||
if let Some(allow_local_binding) = requirements.allow_local_binding {
|
||||
config.network.allow_local_binding = allow_local_binding;
|
||||
constraints.allow_local_binding = Some(allow_local_binding);
|
||||
}
|
||||
|
||||
(config, constraints)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
pub(crate) fn test_config() -> Config {
|
||||
let codex_home = tempdir().expect("create temp dir");
|
||||
@@ -154,7 +327,7 @@ pub struct Config {
|
||||
pub enforce_residency: Constrained<Option<ResidencyRequirement>>,
|
||||
|
||||
/// Effective network configuration applied to all spawned processes.
|
||||
pub network: Option<NetworkProxy>,
|
||||
pub network: Option<NetworkProxySpec>,
|
||||
|
||||
/// True if the user passed in an override or set a value in config.toml
|
||||
/// for either of approval_policy or sandbox_mode.
|
||||
@@ -1650,6 +1823,7 @@ impl Config {
|
||||
|
||||
// Ensure that every field of ConfigRequirements is applied to the final
|
||||
// Config.
|
||||
let merged_toml = config_layer_stack.effective_config();
|
||||
let ConfigRequirements {
|
||||
approval_policy: mut constrained_approval_policy,
|
||||
sandbox_policy: mut constrained_sandbox_policy,
|
||||
@@ -1657,7 +1831,7 @@ impl Config {
|
||||
mcp_servers,
|
||||
exec_policy: _,
|
||||
enforce_residency,
|
||||
network: _network_requirements,
|
||||
network: network_requirements,
|
||||
} = requirements;
|
||||
|
||||
apply_requirement_constrained_value(
|
||||
@@ -1682,6 +1856,21 @@ impl Config {
|
||||
let mcp_servers = constrain_mcp_servers(cfg.mcp_servers.clone(), mcp_servers.as_ref())
|
||||
.map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidInput, format!("{e}")))?;
|
||||
|
||||
let network = match network_requirements {
|
||||
Some(Sourced { value, source }) => {
|
||||
let cfg_path = codex_home.join(CONFIG_TOML_FILE);
|
||||
let network = NetworkProxySpec::from_constraints(merged_toml, value, cfg_path)
|
||||
.map_err(|err| {
|
||||
std::io::Error::new(
|
||||
err.kind(),
|
||||
format!("failed to build managed network proxy from {source}: {err}"),
|
||||
)
|
||||
})?;
|
||||
Some(network)
|
||||
}
|
||||
None => None,
|
||||
};
|
||||
|
||||
let config = Self {
|
||||
model,
|
||||
review_model,
|
||||
@@ -1694,7 +1883,7 @@ impl Config {
|
||||
approval_policy: constrained_approval_policy.value,
|
||||
sandbox_policy: constrained_sandbox_policy.value,
|
||||
enforce_residency: enforce_residency.value,
|
||||
network: None,
|
||||
network,
|
||||
did_user_set_custom_approval_policy_or_sandbox_mode,
|
||||
forced_auto_mode_downgraded_on_windows,
|
||||
shell_environment_policy,
|
||||
|
||||
@@ -14,6 +14,8 @@ use crate::skills::SkillsManager;
|
||||
use crate::state_db::StateDbHandle;
|
||||
use crate::tools::sandboxing::ApprovalStore;
|
||||
use crate::unified_exec::UnifiedExecProcessManager;
|
||||
use codex_network_proxy::NetworkProxy;
|
||||
use codex_network_proxy::NetworkProxyHandle;
|
||||
use codex_otel::OtelManager;
|
||||
use tokio::sync::Mutex;
|
||||
use tokio::sync::RwLock;
|
||||
@@ -36,6 +38,8 @@ pub(crate) struct SessionServices {
|
||||
pub(crate) skills_manager: Arc<SkillsManager>,
|
||||
pub(crate) file_watcher: Arc<FileWatcher>,
|
||||
pub(crate) agent_control: AgentControl,
|
||||
pub(crate) network_proxy: Option<NetworkProxy>,
|
||||
pub(crate) _network_proxy_handle: Option<NetworkProxyHandle>,
|
||||
pub(crate) state_db: Option<StateDbHandle>,
|
||||
/// Session-scoped model client shared across turns.
|
||||
pub(crate) model_client: ModelClient,
|
||||
|
||||
@@ -164,7 +164,7 @@ pub(crate) async fn execute_user_shell_command(
|
||||
exec_env,
|
||||
&sandbox_policy,
|
||||
stdout_stream,
|
||||
turn_context.config.network.clone(),
|
||||
turn_context.network.clone(),
|
||||
)
|
||||
.or_cancel(&cancellation_token)
|
||||
.await;
|
||||
|
||||
@@ -53,7 +53,7 @@ impl ShellHandler {
|
||||
cwd: turn_context.resolve_path(params.workdir.clone()),
|
||||
expiration: params.timeout_ms.into(),
|
||||
env: create_env(&turn_context.shell_environment_policy, Some(thread_id)),
|
||||
network: turn_context.config.network.clone(),
|
||||
network: turn_context.network.clone(),
|
||||
sandbox_permissions: params.sandbox_permissions.unwrap_or_default(),
|
||||
windows_sandbox_level: turn_context.windows_sandbox_level,
|
||||
justification: params.justification.clone(),
|
||||
@@ -82,7 +82,7 @@ impl ShellCommandHandler {
|
||||
cwd: turn_context.resolve_path(params.workdir.clone()),
|
||||
expiration: params.timeout_ms.into(),
|
||||
env: create_env(&turn_context.shell_environment_policy, Some(thread_id)),
|
||||
network: turn_context.config.network.clone(),
|
||||
network: turn_context.network.clone(),
|
||||
sandbox_permissions: params.sandbox_permissions.unwrap_or_default(),
|
||||
windows_sandbox_level: turn_context.windows_sandbox_level,
|
||||
justification: params.justification.clone(),
|
||||
@@ -444,7 +444,7 @@ mod tests {
|
||||
assert_eq!(exec_params.command, expected_command);
|
||||
assert_eq!(exec_params.cwd, expected_cwd);
|
||||
assert_eq!(exec_params.env, expected_env);
|
||||
assert_eq!(exec_params.network, turn_context.config.network);
|
||||
assert_eq!(exec_params.network, turn_context.network);
|
||||
assert_eq!(exec_params.expiration.timeout_ms(), timeout_ms);
|
||||
assert_eq!(exec_params.sandbox_permissions, sandbox_permissions);
|
||||
assert_eq!(exec_params.justification, justification);
|
||||
|
||||
@@ -505,7 +505,7 @@ impl UnifiedExecProcessManager {
|
||||
command: request.command.clone(),
|
||||
cwd,
|
||||
env,
|
||||
network: context.turn.config.network.clone(),
|
||||
network: context.turn.network.clone(),
|
||||
tty: request.tty,
|
||||
sandbox_permissions: request.sandbox_permissions,
|
||||
justification: request.justification.clone(),
|
||||
|
||||
Reference in New Issue
Block a user