core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/cli/src
History
Michael Bolin d61dea6fe6
feat: add support for CODEX_SECURE_MODE=1 to restrict process observability (#4220) 
Because the `codex` process could contain sensitive information in
memory, such as API keys, we add logic so that when
`CODEX_SECURE_MODE=1` is specified, we avail ourselves of whatever the
operating system provides to restrict observability/tampering, which
includes:

- disabling `ptrace(2)`, so it is not possible to attach to the process
with a debugger, such as `gdb`
- disabling core dumps

Admittedly, a user with root privileges can defeat these safeguards.

For now, we only add support for this in the `codex` multitool, but we
may ultimately want to support this in some of the smaller CLIs that are
buildable out of our Cargo workspace.
2025-09-25 10:02:28 -07:00
..
debug_sandbox.rs fix: ensure cwd for conversation and sandbox are separate concerns (#3874) 2025-09-18 14:37:06 -07:00
exit_status.rs feat: experimental env var: CODEX_SANDBOX_NETWORK_DISABLED (#879) 2025-05-09 18:29:34 -07:00
lib.rs feat: redesign sandbox config (#1373) 2025-06-24 16:59:47 -07:00
login.rs Simplify auth flow and reconcile differences between ChatGPT and API Key auth (#3189) 2025-09-11 09:16:34 -07:00
main.rs feat: add support for CODEX_SECURE_MODE=1 to restrict process observability (#4220) 2025-09-25 10:02:28 -07:00
mcp_cmd.rs timeouts for mcp tool calls (#3959) 2025-09-22 10:30:59 -07:00
pre_main_hardening.rs feat: add support for CODEX_SECURE_MODE=1 to restrict process observability (#4220) 2025-09-25 10:02:28 -07:00
proto.rs Simplify auth flow and reconcile differences between ChatGPT and API Key auth (#3189) 2025-09-11 09:16:34 -07:00