History

Michael Bolin 5221575f23 refactor: normalize unix module layout for exec-server and shell-escalation (#12556 ) ## Why Shell execution refactoring in `exec-server` had become split between duplicated code paths, which blocked a clean introduction of the new reusable shell escalation flow. This commit creates a dedicated foundation crate so later shell tooling changes can share one implementation. ## What changed - Added the `codex-shell-escalation` crate and moved the core escalation pieces (`mcp` protocol/socket/session flow, policy glue) that were previously in `exec-server` into it. - Normalized `exec-server` Unix structure under a dedicated `unix` module layout and kept non-Unix builds narrow. - Wired crate/build metadata so `shell-escalation` is a first-class workspace dependency for follow-on integration work. ## Verification - Built and linted the stack at this commit point with `just clippy`. [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/12556). * #12584 * #12583 * __->__ #12556		2026-02-23 09:28:17 -08:00
..
src	refactor: normalize unix module layout for exec-server and shell-escalation (#12556 )	2026-02-23 09:28:17 -08:00
tests	test: vendor zsh fork via DotSlash and stabilize zsh-fork tests (#12518 )	2026-02-22 19:39:56 -08:00
BUILD.bazel	feat: add support for building with Bazel (#8875 )	2026-01-09 11:09:43 -08:00
Cargo.toml	refactor: normalize unix module layout for exec-server and shell-escalation (#12556 )	2026-02-23 09:28:17 -08:00
README.md	feat(shell-tool-mcp): add patched zsh build pipeline (#11668 )	2026-02-13 01:34:48 +00:00

README.md

codex-exec-server

This crate contains the code for two executables:

codex-exec-mcp-server is an MCP server that provides a tool named shell that runs a shell command inside a sandboxed shell process. Every resulting execve(2) call made within that shell is intercepted and run via the executable defined by the EXEC_WRAPPER environment variable within the shell process. In practice, EXEC_WRAPPER is set to codex-execve-wrapper.
codex-execve-wrapper is the executable that takes the arguments to the execve(2) call and "escalates" it to the MCP server via a shared file descriptor (specified by the CODEX_ESCALATE_SOCKET environment variable) for consideration. Based on the Codex .rules, the MCP server replies with one of:
- Run: codex-execve-wrapper should invoke execve(2) on itself to run the original command within Bash
- Escalate: forward the file descriptors of the current process to the MCP server so the command can be run faithfully outside the sandbox. Because the MCP server will have the original FDs for stdout and stderr, it can write those directly. When the process completes, the MCP server forwards the exit code to codex-execve-wrapper so that it exits in a consistent manner.
- Deny: the MCP server has declared the proposed command to be "forbidden," so codex-execve-wrapper will print an error to stderr and exit with 1.

Patched Bash

We carry a small patch to execute_cmd.c (see patches/bash-exec-wrapper.patch) that adds support for EXEC_WRAPPER. The original commit message is “add support for BASH_EXEC_WRAPPER” and the patch applies cleanly to a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b from https://github.com/bminor/bash. To rebuild manually:

git clone https://github.com/bminor/bash
git checkout a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b
git apply /path/to/patches/bash-exec-wrapper.patch
./configure --without-bash-malloc
make -j"$(nproc)"

Release workflow

.github/workflows/shell-tool-mcp.yml builds the Rust binaries, compiles the patched Bash variants, assembles the vendor/ tree, and creates codex-shell-tool-mcp-npm-<version>.tgz for inclusion in the Rust GitHub Release. When the version is a stable or alpha tag, the workflow also publishes the tarball to npm using OIDC. The workflow is invoked from rust-release.yml so the package ships alongside other Codex artifacts.