fix(codex): trust bottle workspace on launch

2026-06-01 17:13:48 -04:00
parent ac1aa197d4
commit 8e6583fcb7
4 changed files with 162 additions and 17 deletions
@@ -3,29 +3,72 @@
 from __future__ import annotations

 import os
+import shlex
 import subprocess

 from ..bottle_plan import DockerBottlePlan


-def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
-    """Copy a dummy Codex auth marker when host credentials are
-    forwarded through egress.
+_CODEX_WORKSPACE = "/home/node/workspace"

-    The file contains no real access or refresh token values; it only
+
+def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
+    """Prepare Codex home state inside a Docker bottle.
+
+    Every Codex bottle gets a minimal config.toml that trusts the
+    in-container workspace path. When host credentials are forwarded,
+    auth.json contains no real access or refresh token values; it only
    nudges Codex into the same user/device auth branch as the host.
    """
-    if not plan.codex_auth_file:
+    if plan.agent_provider_template != "codex":
        return
    container_home = os.environ.get("BOT_BOTTLE_CONTAINER_HOME", "/home/node")
    auth_dir = f"{container_home}/.codex"
-    auth_path = f"{auth_dir}/auth.json"

    subprocess.run(
        ["docker", "exec", "-u", "0", target, "mkdir", "-p", auth_dir],
        stdout=subprocess.DEVNULL,
        check=True,
    )
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "chown", "node:node", auth_dir],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "chmod", "700", auth_dir],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    config_path = f"{auth_dir}/config.toml"
+    config = (
+        f'[projects."{_CODEX_WORKSPACE}"]\n'
+        'trust_level = "trusted"\n'
+    )
+    subprocess.run(
+        [
+            "docker", "exec", "-u", "0", target,
+            "sh", "-c",
+            f"printf %s {shlex.quote(config)} > {shlex.quote(config_path)}",
+        ],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "chown", "node:node", config_path],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "chmod", "600", config_path],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+
+    if not plan.codex_auth_file:
+        return
+
+    auth_path = f"{auth_dir}/auth.json"
    subprocess.run(
        ["docker", "cp", str(plan.codex_auth_file), f"{target}:{auth_path}"],
        stdout=subprocess.DEVNULL,