add support for -w,--writable-root to add more writable roots for sandbox (#263)

This adds support for a new flag, `-w,--writable-root`, that can be specified multiple times to _amend_ the list of folders that should be configured as "writable roots" by the sandbox used in `full-auto` mode. Values that are passed as relative paths will be resolved to absolute paths. Incidentally, this required updating a number of the `agent*.test.ts` files: it feels like some of the setup logic across those tests could be consolidated. In my testing, it seems that this might be slightly out of distribution for the model, as I had to explicitly tell it to run `apply_patch` and that it had the permissions to write those files (initially, it just showed me a diff and told me to apply it myself). Nevertheless, I think this is a good starting point.
2025-04-17 15:39:26 -07:00
parent d5eed65963
commit ae5b1b5cb5
22 changed files with 103 additions and 13 deletions
--- a/codex-cli/src/cli.tsx
+++ b/codex-cli/src/cli.tsx
@@ -53,13 +53,14 @@ const cli = meow(
    $ codex completion <bash|zsh|fish>

  Options
-    -h, --help                 Show usage and exit
-    -m, --model <model>        Model to use for completions (default: o4-mini)
-    -i, --image <path>         Path(s) to image files to include as input
-    -v, --view <rollout>       Inspect a previously saved rollout instead of starting a session
-    -q, --quiet                Non-interactive mode that only prints the assistant's final output
-    -c, --config               Open the instructions file in your editor
-    -a, --approval-mode <mode> Override the approval policy: 'suggest', 'auto-edit', or 'full-auto'
+    -h, --help                      Show usage and exit
+    -m, --model <model>             Model to use for completions (default: o4-mini)
+    -i, --image <path>              Path(s) to image files to include as input
+    -v, --view <rollout>            Inspect a previously saved rollout instead of starting a session
+    -q, --quiet                     Non-interactive mode that only prints the assistant's final output
+    -c, --config                    Open the instructions file in your editor
+    -w, --writable-root <path>      Writable folder for sandbox in full-auto mode (can be specified multiple times)
+    -a, --approval-mode <mode>      Override the approval policy: 'suggest', 'auto-edit', or 'full-auto'

    --auto-edit                Automatically approve file edits; still prompt for commands
    --full-auto                Automatically approve edits and commands when executed in the sandbox
@@ -122,6 +123,13 @@ const cli = meow(
        description:
          "Determine the approval mode for Codex (default: suggest) Values: suggest, auto-edit, full-auto",
      },
+      writableRoot: {
+        type: "string",
+        isMultiple: true,
+        aliases: ["w"],
+        description:
+          "Writable folder for sandbox in full-auto mode (can be specified multiple times)",
+      },
      noProjectDoc: {
        type: "boolean",
        description: "Disable automatic inclusion of project‑level codex.md",
@@ -276,6 +284,11 @@ if (fullContextMode) {
  process.exit(0);
 }

+// Ensure that all values in additionalWritableRoots are absolute paths.
+const additionalWritableRoots: ReadonlyArray<string> = (
+  cli.flags.writableRoot ?? []
+).map((p) => path.resolve(p));
+
 // If we are running in --quiet mode, do that and exit.
 const quietMode = Boolean(cli.flags.quiet);
 const autoApproveEverything = Boolean(
@@ -298,6 +311,7 @@ if (quietMode) {
    approvalPolicy: autoApproveEverything
      ? AutoApprovalMode.FULL_AUTO
      : AutoApprovalMode.SUGGEST,
+    additionalWritableRoots,
    config,
  });
  onExit();
@@ -332,6 +346,7 @@ const instance = render(
    rollout={rollout}
    imagePaths={imagePaths}
    approvalPolicy={approvalPolicy}
+    additionalWritableRoots={additionalWritableRoots}
    fullStdout={fullStdout}
  />,
  {
@@ -393,11 +408,13 @@ async function runQuietMode({
  prompt,
  imagePaths,
  approvalPolicy,
+  additionalWritableRoots,
  config,
 }: {
  prompt: string;
  imagePaths: Array<string>;
  approvalPolicy: ApprovalPolicy;
+  additionalWritableRoots: ReadonlyArray<string>;
  config: AppConfig;
 }): Promise<void> {
  const agent = new AgentLoop({
@@ -405,6 +422,7 @@ async function runQuietMode({
    config: config,
    instructions: config.instructions,
    approvalPolicy,
+    additionalWritableRoots,
    onItem: (item: ResponseItem) => {
      // eslint-disable-next-line no-console
      console.log(formatResponseItemForQuietMode(item));