valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b8ccfe9b65d1784bedff507021503081782dce14
llmx/codex-rs
History
Jeremy Rose b8ccfe9b65 core: expand default sandbox (#3483) 
this adds some more capabilities to the default sandbox which I feel are
safe. Most are in the
[renderer.sb](https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/renderer.sb)
sandbox for chrome renderers, which i feel is fair game for codex
commands.

Specific changes:

1. Allow processes in the sandbox to send signals to any other process
in the same sandbox (e.g. child processes or daemonized processes),
instead of just themselves.
2. Allow user-preference-read
3. Allow process-info* to anything in the same sandbox. This is a bit
wider than Chromium allows, but it seems OK to me to allow anything in
the sandbox to get details about other processes in the same sandbox.
Bazel uses these to e.g. wait for another process to exit.
4. Allow all CPU feature detection, this seems harmless to me. It's
wider than Chromium, but Chromium is concerned about fingerprinting, and
tightly controls what CPU features they actually care about, and we
don't have either that restriction or that advantage.
5. Allow new sysctl-reads:
   ```
     (sysctl-name "vm.loadavg")
     (sysctl-name-prefix "kern.proc.pgrp.")
     (sysctl-name-prefix "kern.proc.pid.")
     (sysctl-name-prefix "net.routetable.")
   ```
bazel needs these for waiting on child processes and for communicating
with its local build server, i believe. I wonder if we should just allow
all (sysctl-read), as reading any arbitrary info about the system seems
fine to me.
6. Allow iokit-open on RootDomainUserClient. This has to do with power
management I believe, and Chromium allows renderers to do this, so okay.
Bazel needs it to boot successfully, possibly for sleep/wake callbacks?
7. Mach lookup to `com.apple.system.opendirectoryd.libinfo`, which has
to do with user data, and which Chrome allows.
8. Mach lookup to `com.apple.PowerManagement.control`. Chromium allows
its GPU process to do this, but not its renderers. Bazel needs this to
boot, probably relatedly to sleep/wake stuff.
2025-09-12 14:03:02 -07:00
..
ansi-escape
prefer ratatui Stylized for constructing lines/spans (#3068)
2025-09-02 23:19:54 +00:00
apply-patch
if a command parses as a patch, do not attempt to run it (#3382)
2025-09-12 13:47:41 -07:00
arg0
[BREAKING] Stop loading project .env files (#3184)
2025-09-05 09:10:41 -07:00
chatgpt
Simplify auth flow and reconcile differences between ChatGPT and API Key auth (#3189)
2025-09-11 09:16:34 -07:00
cli
Simplify auth flow and reconcile differences between ChatGPT and API Key auth (#3189)
2025-09-11 09:16:34 -07:00
common
feat: reasoning effort as optional (#3527)
2025-09-12 12:06:33 -07:00
core
core: expand default sandbox (#3483)
2025-09-12 14:03:02 -07:00
docs
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
2025-04-24 13:31:40 -07:00
exec
feat: include reasoning_effort in NewConversationResponse (#3506)
2025-09-11 21:04:40 -07:00
execpolicy
chore: enable clippy::redundant_clone (#3489)
2025-09-11 11:59:37 -07:00
file-search
Improve @ file search: include specific hidden dirs such as .github, .gitlab (#2981)
2025-09-03 10:03:57 -07:00
linux-sandbox
feat: Run cargo shear during CI (#3338)
2025-09-09 01:05:08 +00:00
login
chore: enable clippy::redundant_clone (#3489)
2025-09-11 11:59:37 -07:00
mcp-client
fix: ensure output of codex-rs/mcp-types/generate_mcp_types.py matches codex-rs/mcp-types/src/lib.rs (#3439)
2025-09-10 16:14:41 -07:00
mcp-server
feat: reasoning effort as optional (#3527)
2025-09-12 12:06:33 -07:00
mcp-types
fix: add check to ensure output of generate_mcp_types.py matches codex-rs/mcp-types/src/lib.rs (#3450)
2025-09-10 23:31:28 -07:00
ollama
feat: Run cargo shear during CI (#3338)
2025-09-09 01:05:08 +00:00
protocol
feat: context compaction (#3446)
2025-09-12 13:07:10 -07:00
protocol-ts
feat: added SetDefaultModel to JSON-RPC server (#3512)
2025-09-11 23:44:17 -07:00
scripts
fix: change create_github_release to take either --publish-alpha or --publish-release (#3231)
2025-09-05 22:08:34 -07:00
tui
Update interruption error message styling (#3470)
2025-09-12 16:17:02 -04:00
.gitignore
fix: support arm64 build for Linux (#1225)
2025-06-05 20:29:46 -07:00
Cargo.lock
feat: context compaction (#3446)
2025-09-12 13:07:10 -07:00
Cargo.toml
chore: enable clippy::redundant_clone (#3489)
2025-09-11 11:59:37 -07:00
clippy.toml
fix: clean up styles & colors and define in styles.md (#2401)
2025-08-18 08:26:29 -07:00
config.md
Added back codex-rs/config.md to link to new location (#2778)
2025-08-27 18:37:41 +00:00
default.nix
restructure flake for codex-rs (#888)
2025-05-13 13:08:42 -07:00
justfile
chore: add just test, which runs cargo nextest (#3508)
2025-09-12 08:44:44 -07:00
README.md
docs: fix codex exec heading typo (#2703)
2025-09-10 10:39:53 -07:00
rust-toolchain.toml
chore: upgrade to Rust 1.89 (#2465)
2025-08-19 13:22:02 -07:00
rustfmt.toml
Update cargo to 2024 edition (#842)
2025-05-07 08:37:48 -07:00

README.md

Codex CLI (Rust Implementation)

We provide Codex CLI as a standalone, native executable to ensure a zero-dependency install.

Installing Codex

Today, the easiest way to install Codex is via npm, though we plan to publish Codex to other package managers soon.

npm i -g @openai/codex@native
codex

You can also download a platform-specific release directly from our GitHub Releases.

What's new in the Rust CLI

While we are working to close the gap between the TypeScript and Rust implementations of Codex CLI, note that the Rust CLI has a number of features that the TypeScript CLI does not!

Config

Codex supports a rich set of configuration options. Note that the Rust CLI uses config.toml instead of config.json. See docs/config.md for details.

Model Context Protocol Support

Codex CLI functions as an MCP client that can connect to MCP servers on startup. See the mcp_servers section in the configuration documentation for details.

It is still experimental, but you can also launch Codex as an MCP server by running codex mcp. Use the @modelcontextprotocol/inspector to try it out:

npx @modelcontextprotocol/inspector codex mcp

Notifications

You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The notify documentation includes a detailed example that explains how to get desktop notifications via terminal-notifier on macOS.

codex exec to run Codex programmatically/non-interactively

To run Codex non-interactively, run codex exec PROMPT (you can also pass the prompt via stdin) and Codex will work on your task until it decides that it is done and exits. Output is printed to the terminal directly. You can set the RUST_LOG environment variable to see more about what's going on.

Use @ for file search

Typing @ triggers a fuzzy-filename search over the workspace root. Use up/down to select among the results and Tab or Enter to replace the @ with the selected path. You can use Esc to cancel the search.

EscEsc to edit a previous message

When the chat composer is empty, press Esc to prime “backtrack” mode. Press Esc again to open a transcript preview highlighting the last user message; press Esc repeatedly to step to older user messages. Press Enter to confirm and Codex will fork the conversation from that point, trim the visible transcript accordingly, and prefill the composer with the selected user message so you can edit and resubmit it.

In the transcript preview, the footer shows an Esc edit prev hint while editing is active.

--cd/-C flag

Sometimes it is not convenient to cd to the directory you want Codex to use as the "working root" before running Codex. Fortunately, codex supports a --cd option so you can specify whatever folder you want. You can confirm that Codex is honoring --cd by double-checking the workdir it reports in the TUI at the start of a new session.

Shell completions

Generate shell completion scripts via:

codex completion bash
codex completion zsh
codex completion fish

Experimenting with the Codex Sandbox

To test to see what happens when a command is run under the sandbox provided by Codex, we provide the following subcommands in Codex CLI:

# macOS
codex debug seatbelt [--full-auto] [COMMAND]...

# Linux
codex debug landlock [--full-auto] [COMMAND]...

Selecting a sandbox policy via --sandbox

The Rust CLI exposes a dedicated --sandbox (-s) flag that lets you pick the sandbox policy without having to reach for the generic -c/--config option:

# Run Codex with the default, read-only sandbox
codex --sandbox read-only

# Allow the agent to write within the current workspace while still blocking network access
codex --sandbox workspace-write

# Danger! Disable sandboxing entirely (only do this if you are already running in a container or other isolated env)
codex --sandbox danger-full-access

The same setting can be persisted in ~/.codex/config.toml via the top-level sandbox_mode = "MODE" key, e.g. sandbox_mode = "workspace-write".

Code Organization

This folder is the root of a Cargo workspace. It contains quite a bit of experimental code, but here are the key crates:

  • core/ contains the business logic for Codex. Ultimately, we hope this to be a library crate that is generally useful for building other Rust/native applications that use Codex.
  • exec/ "headless" CLI for use in automation.
  • tui/ CLI that launches a fullscreen TUI built with Ratatui.
  • cli/ CLI multitool that provides the aforementioned CLIs via subcommands.
Reference in New Issue View Git Blame Copy Permalink