Skip to content

fix(terminal): bootstrap the codex runtime in-sandbox + fix exec auth/sandbox flags#271

Merged
danielgwilson merged 1 commit into
mainfrom
fix/terminal-codex-bootstrap
Jul 9, 2026
Merged

fix(terminal): bootstrap the codex runtime in-sandbox + fix exec auth/sandbox flags#271
danielgwilson merged 1 commit into
mainfrom
fix/terminal-codex-bootstrap

Conversation

@danielgwilson

Copy link
Copy Markdown
Owner

Toward closing #159.

The terminal-product live rung was red: the stock E2B image has no codex on PATH (codex exec -> exit 127), and a job-wide OPENAI_API_KEY failed codex's bearer auth (both dated in-repo receipts). This ports the fixes the sibling oss-meta-lab lane already proved, so the lane can actually run an agent once a dedicated test E2B key is available.

What

  • Runtime bootstrap: an unkeyed in-sandbox step ensures Node (NodeSource 22, passwordless sudo, 5-min timeout vs the SDK's 60s default), recorded in the lifecycle ledger, fail-closed as a structured lane error so the keyed exec is skipped on failure.
  • Pinned runtime: npx -y @openai/codex@latest exec instead of a bare ambient codex.
  • Sandbox flag: --dangerously-bypass-approvals-and-sandbox — the E2B sandbox is the trust boundary; codex's inner sandbox would deny the study mission's network/file access (the review caught this; the oss-meta-lab lane carries the same flag).
  • Auth mapping: prefer CODEX_API_KEY; when only OPENAI_API_KEY is exported, inject the value under both names so codex exec's single-invocation auth channel is populated. Names-only metadata now lists exactly what was injected.

Credential boundary (re-verified in review)

Three commands.run calls: readiness probe (unkeyed), bootstrap (unkeyed), keyed exec (the only envs carrier). Sandbox.create carries no envs. The reviewer drove the real orchestrator end-to-end with dual-key injection and grepped all 10 persisted artifacts for the key value: zero hits, names only.

Proof

  • pnpm check: 885 passed / 10 skipped, build OK. pnpm public-surface:scan: ok.
  • Deterministic tests cover: npx pin + bypass flag, unkeyed-bootstrap-before-keyed-exec ordering with the 300000ms timeout, bootstrap failure fail-closed (throwing CommandExitError shape), and the three auth-name preference cases.
  • Hostile review ran mid-branch; its HIGH finding (missing sandbox-bypass flag) is fixed here.

Remaining for the live receipt (operator moment, not this PR)

A real live rung under docs/goals/terminal-product-lane/receipts/ needs a dedicated test E2B key (a separate E2B team, per #159's isolation ask) plus CODEX_API_KEY/OPENAI_API_KEY and HOMUN_LIVE_CODEX=1. This PR makes that rung runnable; it does not itself produce the receipt.

🤖 Generated with Claude Code

…/sandbox flags (#159)

The terminal-product live rung failed because the stock E2B image has no
codex on PATH (exit 127). Ports the proven fixes from the sibling
oss-meta-lab lane instead of assuming a preinstalled binary:

- unkeyed in-sandbox bootstrap step (ensure Node via NodeSource 22 with
  passwordless sudo, 5-min timeout since the SDK default is 60s), recorded
  in the lifecycle ledger, fail-closed as a structured lane error
- pin the runtime: npx -y @openai/codex@latest exec (never the bare
  ambient binary)
- --dangerously-bypass-approvals-and-sandbox: the E2B sandbox is the trust
  boundary; codex's redundant inner sandbox would block the study mission's
  network/file access (same flag the oss-meta-lab lane already carries)
- exec auth: prefer CODEX_API_KEY, and when only OPENAI_API_KEY is exported
  inject the value under both names so codex exec's documented
  single-invocation auth channel is always populated (the June bearer-auth
  receipt showed job-wide OPENAI_API_KEY alone failing)

Credential boundary unchanged and re-verified: bootstrap is unkeyed, the
value still lands only in the single keyed exec call, metadata/ledger
record names only and now list exactly what was injected.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@danielgwilson danielgwilson merged commit b85c8d8 into main Jul 9, 2026
3 checks passed
@danielgwilson danielgwilson deleted the fix/terminal-codex-bootstrap branch July 9, 2026 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant