fix: tighten codex runtime config ownership

2026-06-10 08:05:14 +02:00 · 2026-06-01 17:41:20 +02:00 · 2026-06-01 17:41:20 +02:00 · f07f3f320b
commit f07f3f320b
parent 074c9c3d97
4 changed files with 11 additions and 19 deletions
--- a/packages/cli/src/context/llm/codex-runtime-config.ts
+++ b/packages/cli/src/context/llm/codex-runtime-config.ts
@ -12,18 +12,14 @@ export interface BuildCodexRuntimeConfigInput {

 export interface CodexRuntimeConfig {
  configOverrides: Record<string, unknown>;
-  env: NodeJS.ProcessEnv;
+  env: Record<string, string>;
 }

 export function buildCodexRuntimeConfig(input: BuildCodexRuntimeConfigInput): CodexRuntimeConfig {
  const configOverrides: Record<string, unknown> = {
-    model: input.model,
-    approval_policy: 'never',
-    sandbox_mode: 'read-only',
-    web_search: 'disabled',
    history: { persistence: 'none' },
  };
-  const env: NodeJS.ProcessEnv = {};
+  const env: Record<string, string> = {};

  if (input.mcp) {
    configOverrides.mcp_servers = {
--- a/packages/cli/src/context/llm/codex-runtime.ts
+++ b/packages/cli/src/context/llm/codex-runtime.ts
@ -79,6 +79,10 @@ async function mcpForTools(input: {
  });
 }

+function runtimeToolNames(toolSet: KtxRuntimeToolSet | undefined): string[] {
+  return Object.values(toolSet ?? {}).map((descriptor) => descriptor.name);
+}
+
 export class CodexKtxLlmRuntime implements KtxLlmRuntimePort {
  private readonly runner: CodexSdkRunner;
  private readonly logger: KtxLogger;
@ -105,7 +109,7 @@ export class CodexKtxLlmRuntime implements KtxLlmRuntimePort {
                url: mcp.url,
                bearerTokenEnvVar: mcp.bearerTokenEnvVar,
                bearerToken: mcp.bearerToken,
-                toolNames: Object.keys(input.tools ?? {}),
+                toolNames: runtimeToolNames(input.tools),
              },
            }
          : {}),
@ -146,7 +150,7 @@ export class CodexKtxLlmRuntime implements KtxLlmRuntimePort {
                url: mcp.url,
                bearerTokenEnvVar: mcp.bearerTokenEnvVar,
                bearerToken: mcp.bearerToken,
-                toolNames: Object.keys(input.tools ?? {}),
+                toolNames: runtimeToolNames(input.tools),
              },
            }
          : {}),
@ -187,7 +191,7 @@ export class CodexKtxLlmRuntime implements KtxLlmRuntimePort {
                url: mcp.url,
                bearerTokenEnvVar: mcp.bearerTokenEnvVar,
                bearerToken: mcp.bearerToken,
-                toolNames: Object.keys(params.toolSet),
+                toolNames: runtimeToolNames(params.toolSet),
              },
            }
          : {}),