core-agent-ide

Agent IDE — Codex fork for AI-native development environment

Find a file

Michael Bolin dcc4d7b634 linux-sandbox: honor split filesystem policies in bwrap (#13453 ) ## Why After `#13449`, the Linux helper could receive split filesystem and network policies, but the bubblewrap mount builder still reconstructed filesystem access from the legacy `SandboxPolicy`. That loses explicit unreadable carveouts under writable roots, and it also mishandles `Root` read access paired with explicit deny carveouts. In those cases bubblewrap could still expose paths that the split filesystem policy intentionally blocked. ## What changed - switched bubblewrap mount generation to consume `FileSystemSandboxPolicy` directly at the implementation boundary; legacy `SandboxPolicy` configs still flow through the existing `FileSystemSandboxPolicy::from(&sandbox_policy)` bridge before reaching bwrap - kept the Linux helper and preflight path on the split filesystem policy all the way into bwrap - re-applied explicit unreadable carveouts after readable and writable mounts so blocked subpaths still win under bubblewrap - masked denied directories with `--tmpfs` plus `--remount-ro` and denied files with `--ro-bind-data`, preserving the backing fd until exec - added comments in the unreadable-root masking block to explain why the mount order and directory/file split are intentional - updated Linux helper call sites and tests for the split-policy bwrap path ## Verification - added protocol coverage for root carveouts staying scoped - added core coverage that root-write plus deny carveouts still requires a platform sandbox - added bwrap unit coverage for reapplying blocked carveouts after writable binds - added Linux integration coverage for explicit split-policy carveouts under bubblewrap - validated the final branch state with `cargo test -p codex-linux-sandbox`, `cargo clippy -p codex-linux-sandbox --all-targets -- -D warnings`, and the PR CI reruns --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/13453). * __->__ #13453 * #13452 * #13451 * #13449 * #13448 * #13445 * #13440 * #13439 --------- Co-authored-by: viyatb-oai <viyatb@openai.com>		2026-03-07 23:46:52 -08:00
.codex/skills	Add PR babysitting skill for this repo (#12513 )	2026-02-22 15:36:28 -08:00
.devcontainer	fix: include libcap-dev dependency when creating a devcontainer for building Codex (#13814 )	2026-03-06 16:21:14 -08:00
.github	Codex/winget auto update (#12943 )	2026-03-06 14:04:30 -08:00
.vscode	chore: rm --all-features flag from rust-analyzer (#13381 )	2026-03-03 11:44:54 -08:00
codex-cli	Update pnpm versions to fix cve-2026-24842 (#12009 )	2026-02-19 14:27:55 -08:00
codex-rs	linux-sandbox: honor split filesystem policies in bwrap (#13453 )	2026-03-07 23:46:52 -08:00
docs	docs: remove auth login logging plan (#13810 )	2026-03-06 23:32:53 +00:00
patches	[bazel] Bump rules_rs and llvm (#13366 )	2026-03-04 01:59:32 +00:00
scripts	Add Windows direct install script (#12741 )	2026-03-03 09:25:50 -08:00
sdk/typescript	Update pnpm versions to fix cve-2026-24842 (#12009 )	2026-02-19 14:27:55 -08:00
shell-tool-mcp	refactor: delete exec-server and move execve wrapper into shell-escalation (#12632 )	2026-02-23 20:10:22 -08:00
third_party	Add feature-gated freeform js_repl core runtime (#10674 )	2026-02-11 12:05:02 -08:00
.bazelignore	[bazel] Improve runfiles handling (#10098 )	2026-01-29 00:15:44 +00:00
.bazelrc	[bazel] Bump rules_rs and llvm (#13366 )	2026-03-04 01:59:32 +00:00
.bazelversion	[bazel] Upgrade to bazel9 (#9576 )	2026-01-21 13:25:36 +00:00
.codespellignore	feat(network-proxy): structured policy signaling and attempt correlation to core (#11662 )	2026-02-13 09:01:11 +00:00
.codespellrc	feat(network-proxy): structured policy signaling and attempt correlation to core (#11662 )	2026-02-13 09:01:11 +00:00
.gitignore	gitignore bazel-* (#8911 )	2026-01-08 07:50:58 -08:00
.markdownlint-cli2.yaml	fix(tui): document paste-burst state machine (#9020 )	2026-01-13 11:48:31 -08:00
.npmrc	chore: migrate to pnpm for improved monorepo management (#287 )	2025-04-18 16:25:15 -07:00
.prettierignore	[apply-patch] Clean up apply-patch tool definitions (#2539 )	2025-08-21 20:07:41 -07:00
.prettierrc.toml	Initial commit	2025-04-16 12:56:08 -04:00
AGENTS.md	feat: discourage the use of the --all-features flag (#12429 )	2026-02-20 23:02:24 -08:00
announcement_tip.toml	nit: test an (#10892 )	2026-02-06 14:41:53 +01:00
BUILD.bazel	[bazel] Bump rules_rs and llvm (#13366 )	2026-03-04 01:59:32 +00:00
CHANGELOG.md	Documentation improvement: add missing period (#3754 )	2025-10-30 13:01:33 -07:00
cliff.toml	docs(changelog): update install command to @openai/codex@<version> (#2073 )	2025-10-18 11:02:22 -07:00
defs.bzl	[bazel] Bump rules_rs and llvm (#13366 )	2026-03-04 01:59:32 +00:00
flake.lock	fix(nix): update flake for newer Rust toolchain requirements (#10302 )	2026-01-31 11:34:53 -08:00
flake.nix	fix(nix): use correct version from Cargo.toml in flake build (#11770 )	2026-02-13 12:19:25 -08:00
justfile	feat: discourage the use of the --all-features flag (#12429 )	2026-02-20 23:02:24 -08:00
LICENSE	Initial commit	2025-04-16 12:56:08 -04:00
MODULE.bazel	[bazel] Bump rules_rs and llvm (#13366 )	2026-03-04 01:59:32 +00:00
MODULE.bazel.lock	feat: track plugins mcps/apps and add plugin info to user_instructions (#13433 )	2026-03-04 19:46:13 -08:00
NOTICE	Add feature-gated freeform js_repl core runtime (#10674 )	2026-02-11 12:05:02 -08:00
package.json	Update pnpm versions to fix cve-2026-24842 (#12009 )	2026-02-19 14:27:55 -08:00
pnpm-lock.yaml	chore: ensure pnpm-workspace.yaml is up-to-date (#10140 )	2026-01-29 10:49:03 -08:00
pnpm-workspace.yaml	chore: ensure pnpm-workspace.yaml is up-to-date (#10140 )	2026-01-29 10:49:03 -08:00
rbe.bzl	[bazel] Bump rules_rs and llvm (#13366 )	2026-03-04 01:59:32 +00:00
README.md	docs: mention Codex app in README intro (#11926 )	2026-02-16 17:35:05 +01:00
SECURITY.md	docs: add codex security policy (#12193 )	2026-02-19 09:12:59 -08:00

README.md

npm i -g @openai/codex
or brew install --cask codex

Codex CLI is a coding agent from OpenAI that runs locally on your computer.

Codex CLI splash

If you want Codex in your code editor (VS Code, Cursor, Windsurf), install in your IDE.
If you want the desktop app experience, run codex app or visit the Codex App page.
If you are looking for the cloud-based agent from OpenAI, Codex Web, go to chatgpt.com/codex.

Quickstart

Installing and running Codex CLI

Install globally with your preferred package manager:

# Install using npm
npm install -g @openai/codex

# Install using Homebrew
brew install --cask codex

Then simply run codex to get started.

You can also go to the latest GitHub Release and download the appropriate binary for your platform.

Each GitHub Release contains many executables, but in practice, you likely want one of these:

macOS
- Apple Silicon/arm64: codex-aarch64-apple-darwin.tar.gz
- x86_64 (older Mac hardware): codex-x86_64-apple-darwin.tar.gz
Linux
- x86_64: codex-x86_64-unknown-linux-musl.tar.gz
- arm64: codex-aarch64-unknown-linux-musl.tar.gz

Each archive contains a single entry with the platform baked into the name (e.g., codex-x86_64-unknown-linux-musl), so you likely want to rename it to codex after extracting it.

Using Codex with your ChatGPT plan

Run codex and select Sign in with ChatGPT. We recommend signing into your ChatGPT account to use Codex as part of your Plus, Pro, Team, Edu, or Enterprise plan. Learn more about what's included in your ChatGPT plan.

You can also use Codex with an API key, but this requires additional setup.

Docs

This repository is licensed under the Apache-2.0 License.