fix(codex): trust launch home directory

bot_bottle/backend/docker/provision/provider_auth.py

@@ -9,6 +9,7 @@ import subprocess
 from ..bottle_plan import DockerBottlePlan
 
 
+_CODEX_HOME_PROJECT = "/home/node"
 _CODEX_WORKSPACE = "/home/node/workspace"
 
 
@@ -16,9 +17,10 @@ def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
     """Prepare Codex home state inside a Docker bottle.
 
     Every Codex bottle gets a minimal config.toml that trusts the
-    in-container workspace path. When host credentials are forwarded,
+    in-container launch directory and workspace path. When host
-    auth.json contains no real access or refresh token values; it only
+    credentials are forwarded, auth.json contains no real access or
-    nudges Codex into the same user/device auth branch as the host.
+    refresh token values; it only nudges Codex into the same user/device
+    auth branch as the host.
     """
     if plan.agent_provider_template != "codex":
         return
@@ -42,6 +44,9 @@ def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
     )
     config_path = f"{auth_dir}/config.toml"
     config = (
+        f'[projects."{_CODEX_HOME_PROJECT}"]\n'
+        'trust_level = "trusted"\n'
+        "\n"
         f'[projects."{_CODEX_WORKSPACE}"]\n'
         'trust_level = "trusted"\n'
     )

bot_bottle/backend/smolmachines/provision/provider_auth.py

@@ -11,6 +11,7 @@ from ..bottle_plan import SmolmachinesBottlePlan
 
 
 _DEFAULT_GUEST_HOME = "/home/node"
+_CODEX_HOME_PROJECT = "/home/node"
 _CODEX_WORKSPACE = "/home/node/workspace"
 
 
@@ -18,9 +19,10 @@ def provision_provider_auth(plan: SmolmachinesBottlePlan, target: str) -> None:
     """Prepare Codex home state inside the smolmachine.
 
     Every Codex bottle gets a minimal config.toml that trusts the
-    in-guest workspace path. When host credentials are forwarded, the
+    in-guest launch directory and workspace path. When host credentials
-    real host access token remains in the egress bundle env; auth.json
+    are forwarded, the real host access token remains in the egress
-    only selects Codex's user/device auth code path.
+    bundle env; auth.json only selects Codex's user/device auth code
+    path.
     """
     if plan.agent_provider_template != "codex":
         return
@@ -70,6 +72,9 @@ def provision_provider_auth(plan: SmolmachinesBottlePlan, target: str) -> None:
 
     config_path = f"{auth_dir}/config.toml"
     config = (
+        f'[projects."{_CODEX_HOME_PROJECT}"]\n'
+        'trust_level = "trusted"\n'
+        "\n"
         f'[projects."{_CODEX_WORKSPACE}"]\n'
         'trust_level = "trusted"\n'
     )

tests/unit/test_docker_provision_provider_auth.py

@@ -90,6 +90,7 @@ class TestProvisionProviderAuth(unittest.TestCase):
             a for a in argvs
             if a[:6] == ["docker", "exec", "-u", "0", "bot-bottle-demo-abc12", "sh"]
         )
+        self.assertIn('[projects."/home/node"]', trust_config[-1])
         self.assertIn('[projects."/home/node/workspace"]', trust_config[-1])
         self.assertIn('trust_level = "trusted"', trust_config[-1])
         self.assertIn(

tests/unit/test_smolmachines_provision.py

@@ -228,6 +228,7 @@ class TestProvisionProviderAuth(unittest.TestCase):
             a for a in argv_seen
             if a[:2] == ["sh", "-c"] and "config.toml" in a[2]
         )
+        self.assertIn('[projects."/home/node"]', trust_config[2])
         self.assertIn('[projects."/home/node/workspace"]', trust_config[2])
         self.assertIn('trust_level = "trusted"', trust_config[2])
         self.assertIn(