core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/app-server-test-client
History
Celia Chen e6773f856c
Feat: Preserve network access on read-only sandbox policies (#13409) 
## Summary

`PermissionProfile.network` could not be preserved when additional or
compiled permissions resolved to
`SandboxPolicy::ReadOnly`, because `ReadOnly` had no network_access
field. This change makes read-only + network
enabled representable directly and threads that through the protocol,
app-server v2 mirror, and permission-
  merging logic.

## What changed

- Added `network_access: bool` to `SandboxPolicy::ReadOnly` in the core
protocol and app-server v2 protocol.
- Kept backward compatibility by defaulting the new field to false, so
legacy read-only payloads still
    deserialize unchanged.
- Updated `has_full_network_access()` and sandbox summaries to respect
read-only network access.
  - Preserved PermissionProfile.network when:
      - compiling skill permission profiles into sandbox policies
      - normalizing additional permissions
      - merging additional permissions into existing sandbox policies
- Updated the approval overlay to show network in the rendered
permission rule when requested.
  - Regenerated app-server schema fixtures for the new v2 wire shape.
2026-03-04 02:41:57 +00:00
..
src Feat: Preserve network access on read-only sandbox policies (#13409) 2026-03-04 02:41:57 +00:00
BUILD.bazel chore: add codex debug app-server tooling (#10367) 2026-02-03 23:17:34 +00:00
Cargo.toml app-server-test-client websocket client and thread tools (#11755) 2026-02-13 17:34:35 +00:00
README.md app-server: Add an ability to watch events in the test client (#13080) 2026-02-27 17:19:53 -08:00

README.md

App Server Test Client

Quickstart for running and hitting codex app-server.

Quickstart

Run from <reporoot>/codex-rs.

# 1) Build debug codex binary
cargo build -p codex-cli --bin codex

# 2) Start websocket app-server in background
cargo run -p codex-app-server-test-client -- \
  --codex-bin ./target/debug/codex \
  serve --listen ws://127.0.0.1:4222 --kill

# 3) Call app-server (defaults to ws://127.0.0.1:4222)
cargo run -p codex-app-server-test-client -- model-list

Watching Raw Inbound Traffic

Initialize a connection, then print every inbound JSON-RPC message until you stop it with Ctrl+C:

cargo run -p codex-app-server-test-client -- watch

Testing Thread Rejoin Behavior

Build and start an app server using commands above. The app-server log is written to /tmp/codex-app-server-test-client/app-server.log

1) Get a thread id

Create at least one thread, then list threads:

cargo run -p codex-app-server-test-client -- send-message-v2 "seed thread for rejoin test"
cargo run -p codex-app-server-test-client -- thread-list --limit 5

Copy a thread id from the thread-list output.

2) Rejoin while a turn is in progress (two terminals)

Terminal A:

cargo run --bin codex-app-server-test-client -- \
  resume-message-v2 <THREAD_ID> "respond with thorough docs on the rust core"

Terminal B (while Terminal A is still streaming):

cargo run --bin codex-app-server-test-client -- thread-resume <THREAD_ID>