From 05447a841e5e4477c0a4b6ecefa23439a13c820c Mon Sep 17 00:00:00 2001 From: ben Date: Fri, 27 Mar 2026 03:01:13 -0400 Subject: [PATCH] improve codex coverage in base sandbox --- sandboxes/base/Dockerfile | 2 +- sandboxes/base/README.md | 10 ++++++++++ sandboxes/base/policy.yaml | 11 +++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/sandboxes/base/Dockerfile b/sandboxes/base/Dockerfile index 70fed35..e9c6d37 100644 --- a/sandboxes/base/Dockerfile +++ b/sandboxes/base/Dockerfile @@ -74,7 +74,7 @@ RUN npm install -g \ tar@7.5.11 \ @hono/node-server@1.19.11 \ opencode-ai@1.2.18 \ - @openai/codex@0.111.0 \ + @openai/codex@0.117.0 \ @github/copilot@1.0.9 # GitHub CLI diff --git a/sandboxes/base/README.md b/sandboxes/base/README.md index 06fb417..7a661b5 100644 --- a/sandboxes/base/README.md +++ b/sandboxes/base/README.md @@ -56,3 +56,13 @@ FROM ${BASE_IMAGE} ``` See `sandboxes/openclaw/` for an example. + +## Codex authentication + +For remote or headless OpenShell environments, if browser login hangs, try authenticating Codex with: + +```bash +codex login --device-auth +``` + +If device-code login is unreliable in your environment, you can authenticate on another machine and copy ~/.codex/auth.json into the sandbox. \ No newline at end of file diff --git a/sandboxes/base/policy.yaml b/sandboxes/base/policy.yaml index df7473a..0e9bd72 100644 --- a/sandboxes/base/policy.yaml +++ b/sandboxes/base/policy.yaml @@ -172,3 +172,14 @@ network_policies: - { host: default.exp-tas.com, port: 443 } binaries: - { path: /usr/lib/node_modules/@github/copilot/node_modules/@github/**/copilot } + + codex: + name: codex + endpoints: + - { host: api.openai.com, port: 443 } + - { host: auth.openai.com, port: 443 } + - { host: chatgpt.com, port: 443 } + binaries: + - { path: /usr/bin/codex } + - { path: /usr/bin/node } + - { path: "/usr/lib/node_modules/@openai/**" }