Phase 1: Repository & Infrastructure Setup

- Renamed directories: codex-rs -> llmx-rs, codex-cli -> llmx-cli
- Updated package.json files:
  - Root: llmx-monorepo
  - CLI: @llmx/llmx
  - SDK: @llmx/llmx-sdk
- Updated pnpm workspace configuration
- Renamed binary: codex.js -> llmx.js
- Updated environment variables: CODEX_* -> LLMX_*
- Changed repository URLs to valknar/llmx

🤖 Generated with Claude Code

llmx-cli/scripts/run_in_container.sh

@@ -0,0 +1,95 @@
+#!/bin/bash
+set -e
+
+# Usage:
+#   ./run_in_container.sh [--work_dir directory] "COMMAND"
+#
+#   Examples:
+#     ./run_in_container.sh --work_dir project/code "ls -la"
+#     ./run_in_container.sh "echo Hello, world!"
+
+# Default the work directory to WORKSPACE_ROOT_DIR if not provided.
+WORK_DIR="${WORKSPACE_ROOT_DIR:-$(pwd)}"
+# Default allowed domains - can be overridden with OPENAI_ALLOWED_DOMAINS env var
+OPENAI_ALLOWED_DOMAINS="${OPENAI_ALLOWED_DOMAINS:-api.openai.com}"
+
+# Parse optional flag.
+if [ "$1" = "--work_dir" ]; then
+  if [ -z "$2" ]; then
+    echo "Error: --work_dir flag provided but no directory specified."
+    exit 1
+  fi
+  WORK_DIR="$2"
+  shift 2
+fi
+
+WORK_DIR=$(realpath "$WORK_DIR")
+
+# Generate a unique container name based on the normalized work directory
+CONTAINER_NAME="codex_$(echo "$WORK_DIR" | sed 's/\//_/g' | sed 's/[^a-zA-Z0-9_-]//g')"
+
+# Define cleanup to remove the container on script exit, ensuring no leftover containers
+cleanup() {
+  docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
+}
+# Trap EXIT to invoke cleanup regardless of how the script terminates
+trap cleanup EXIT
+
+# Ensure a command is provided.
+if [ "$#" -eq 0 ]; then
+  echo "Usage: $0 [--work_dir directory] \"COMMAND\""
+  exit 1
+fi
+
+# Check if WORK_DIR is set.
+if [ -z "$WORK_DIR" ]; then
+  echo "Error: No work directory provided and WORKSPACE_ROOT_DIR is not set."
+  exit 1
+fi
+
+# Verify that OPENAI_ALLOWED_DOMAINS is not empty
+if [ -z "$OPENAI_ALLOWED_DOMAINS" ]; then
+  echo "Error: OPENAI_ALLOWED_DOMAINS is empty."
+  exit 1
+fi
+
+# Kill any existing container for the working directory using cleanup(), centralizing removal logic.
+cleanup
+
+# Run the container with the specified directory mounted at the same path inside the container.
+docker run --name "$CONTAINER_NAME" -d \
+  -e OPENAI_API_KEY \
+  --cap-add=NET_ADMIN \
+  --cap-add=NET_RAW \
+  -v "$WORK_DIR:/app$WORK_DIR" \
+  codex \
+  sleep infinity
+
+# Write the allowed domains to a file in the container
+docker exec --user root "$CONTAINER_NAME" bash -c "mkdir -p /etc/codex"
+for domain in $OPENAI_ALLOWED_DOMAINS; do
+  # Validate domain format to prevent injection
+  if [[ ! "$domain" =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Error: Invalid domain format: $domain"
+    exit 1
+  fi
+  echo "$domain" | docker exec --user root -i "$CONTAINER_NAME" bash -c "cat >> /etc/codex/allowed_domains.txt"
+done
+
+# Set proper permissions on the domains file
+docker exec --user root "$CONTAINER_NAME" bash -c "chmod 444 /etc/codex/allowed_domains.txt && chown root:root /etc/codex/allowed_domains.txt"
+
+# Initialize the firewall inside the container as root user
+docker exec --user root "$CONTAINER_NAME" bash -c "/usr/local/bin/init_firewall.sh"
+
+# Remove the firewall script after running it
+docker exec --user root "$CONTAINER_NAME" bash -c "rm -f /usr/local/bin/init_firewall.sh"
+
+# Execute the provided command in the container, ensuring it runs in the work directory.
+# We use a parameterized bash command to safely handle the command and directory.
+
+quoted_args=""
+for arg in "$@"; do
+  quoted_args+=" $(printf '%q' "$arg")"
+done
+docker exec -it "$CONTAINER_NAME" bash -c "cd \"/app$WORK_DIR\" && codex --full-auto ${quoted_args}"