codex/.devcontainer/devcontainer.secure.json

{
  "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json",
  "name": "Codex (Secure)",
  "build": {
    "dockerfile": "Dockerfile.secure",
    "context": "..",
    "args": {
      "TZ": "${localEnv:TZ:UTC}",
      "NODE_MAJOR": "22",
      "RUST_TOOLCHAIN": "1.92.0",
      "CODEX_NPM_VERSION": "latest"
    }
  },
  "runArgs": [
    "--cap-add=SYS_ADMIN",
    "--cap-add=SYS_CHROOT",
    "--cap-add=SETUID",
    "--cap-add=SETGID",
    "--cap-add=SYS_PTRACE",
    "--security-opt=seccomp=unconfined",
    "--security-opt=apparmor=unconfined",
    "--cap-add=NET_ADMIN",
    "--cap-add=NET_RAW"
  ],
  "init": true,
  "updateRemoteUserUID": true,
  "remoteUser": "vscode",
  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=delegated",
  "workspaceFolder": "/workspace",
  "mounts": [
    "source=codex-commandhistory-${devcontainerId},target=/commandhistory,type=volume",
    "source=codex-home-${devcontainerId},target=/home/vscode/.codex,type=volume",
    "source=codex-gh-${devcontainerId},target=/home/vscode/.config/gh,type=volume",
    "source=codex-cargo-registry-${devcontainerId},target=/home/vscode/.cargo/registry,type=volume",
    "source=codex-cargo-git-${devcontainerId},target=/home/vscode/.cargo/git,type=volume",
    "source=codex-rustup-${devcontainerId},target=/home/vscode/.rustup,type=volume",
    "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,readonly"
  ],
  "containerEnv": {
    "RUST_BACKTRACE": "1",
    "CODEX_UNSAFE_ALLOW_NO_SANDBOX": "1",
    "CODEX_ENABLE_FIREWALL": "1",
    "CODEX_INCLUDE_GITHUB_META_RANGES": "1",
    "OPENAI_ALLOWED_DOMAINS": "api.openai.com auth.openai.com github.com api.github.com codeload.github.com raw.githubusercontent.com objects.githubusercontent.com crates.io index.crates.io static.crates.io static.rust-lang.org registry.npmjs.org pypi.org files.pythonhosted.org",
    "CARGO_TARGET_DIR": "/workspace/.cache/cargo-target",
    "GIT_CONFIG_GLOBAL": "/home/vscode/.gitconfig.local",
    "COREPACK_ENABLE_DOWNLOAD_PROMPT": "0",
    "PYTHONDONTWRITEBYTECODE": "1",
    "PIP_DISABLE_PIP_VERSION_CHECK": "1"
  },
  "remoteEnv": {
    "OPENAI_API_KEY": "${localEnv:OPENAI_API_KEY}"
  },
  "postCreateCommand": "python3 /opt/post_install.py",
  "postStartCommand": "bash /opt/post_start.sh",
  "waitFor": "postStartCommand",
  "customizations": {
    "vscode": {
      "settings": {
        "terminal.integrated.defaultProfile.linux": "zsh",
        "terminal.integrated.profiles.linux": {
          "bash": {
            "path": "bash",
            "icon": "terminal-bash"
          },
          "zsh": {
            "path": "zsh"
          }
        },
        "files.trimTrailingWhitespace": true,
        "files.insertFinalNewline": true,
        "files.trimFinalNewlines": true
      },
      "extensions": [
        "openai.chatgpt",
        "rust-lang.rust-analyzer",
        "tamasfe.even-better-toml",
        "vadimcn.vscode-lldb",
        "ms-azuretools.vscode-docker"
      ]
    }
  }
}