nils-codex-cli 0.7.3

CLI crate for nils-codex-cli in the nils-cli workspace.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

use codex_cli::runtime;
use nils_test_support::{EnvGuard, GlobalStateLock, StubBinDir, prepend_path};
use pretty_assertions::assert_eq;

#[test]
fn runtime_exec_contract_missing_prompt_is_rejected() {
    let mut stderr = Vec::new();
    let code = runtime::exec_dangerous("", "caller", &mut stderr);

    assert_eq!(code, 1);
    assert!(String::from_utf8_lossy(&stderr).contains("_codex_exec_dangerous: missing prompt"));
}

#[test]
fn runtime_exec_contract_disabled_policy_reports_validation_message() {
    let lock = GlobalStateLock::new();
    let _danger = EnvGuard::set(&lock, "CODEX_ALLOW_DANGEROUS_ENABLED", "false");

    let (enabled, message) = runtime::allow_dangerous_status(Some("adapter"));
    assert!(!enabled);
    assert!(
        message
            .expect("message")
            .contains("adapter: disabled (set CODEX_ALLOW_DANGEROUS_ENABLED=true)")
    );

    let check = runtime::check_allow_dangerous(Some("adapter")).expect_err("disabled policy error");
    assert_eq!(check.code, "disabled-policy");
    assert!(!check.retryable);
}

#[test]
fn runtime_exec_contract_missing_binary_fails_without_panicking() {
    let lock = GlobalStateLock::new();
    let _danger = EnvGuard::set(&lock, "CODEX_ALLOW_DANGEROUS_ENABLED", "true");
    let _path = EnvGuard::set(&lock, "PATH", "");

    let mut stderr = Vec::new();
    let code = runtime::exec_dangerous("ping", "caller", &mut stderr);

    assert_eq!(code, 1);
    assert!(String::from_utf8_lossy(&stderr).contains("failed to run codex exec"));
}

#[test]
fn runtime_exec_contract_success_path_uses_expected_command_shape() {
    let lock = GlobalStateLock::new();
    let stub = StubBinDir::new();
    let args_log = tempfile::NamedTempFile::new().expect("args log");
    let args_log_path = args_log.path().to_string_lossy().to_string();

    stub.write_exe(
        "codex",
        r#"#!/bin/bash
set -euo pipefail
out="${CODEX_TEST_ARGV_LOG:?missing CODEX_TEST_ARGV_LOG}"
: > "$out"
for a in "$@"; do
  echo "$a" >> "$out"
done
"#,
    );

    let _path = prepend_path(&lock, stub.path());
    let _danger = EnvGuard::set(&lock, "CODEX_ALLOW_DANGEROUS_ENABLED", "true");
    let _ephemeral = EnvGuard::remove(&lock, "CODEX_CLI_EPHEMERAL_ENABLED");
    let _model = EnvGuard::set(&lock, "CODEX_CLI_MODEL", "gpt-test");
    let _reason = EnvGuard::set(&lock, "CODEX_CLI_REASONING", "high");
    let _argv_log = EnvGuard::set(&lock, "CODEX_TEST_ARGV_LOG", &args_log_path);

    let mut stderr = Vec::new();
    let code = runtime::exec_dangerous("hello world", "caller", &mut stderr);

    assert_eq!(code, 0);
    assert!(stderr.is_empty());

    let args = std::fs::read_to_string(args_log.path())
        .expect("read args")
        .lines()
        .map(|line| line.to_string())
        .collect::<Vec<_>>();

    assert_eq!(
        args,
        vec![
            "exec",
            "--dangerously-bypass-approvals-and-sandbox",
            "-s",
            "workspace-write",
            "-m",
            "gpt-test",
            "-c",
            "model_reasoning_effort=\"high\"",
            "--",
            "hello world",
        ]
        .into_iter()
        .map(|value| value.to_string())
        .collect::<Vec<_>>()
    );
}

#[test]
fn runtime_exec_contract_env_ephemeral_adds_exec_flag() {
    let lock = GlobalStateLock::new();
    let stub = StubBinDir::new();
    let args_log = tempfile::NamedTempFile::new().expect("args log");
    let args_log_path = args_log.path().to_string_lossy().to_string();

    stub.write_exe(
        "codex",
        r#"#!/bin/bash
set -euo pipefail
out="${CODEX_TEST_ARGV_LOG:?missing CODEX_TEST_ARGV_LOG}"
: > "$out"
for a in "$@"; do
  echo "$a" >> "$out"
done
"#,
    );

    let _path = prepend_path(&lock, stub.path());
    let _danger = EnvGuard::set(&lock, "CODEX_ALLOW_DANGEROUS_ENABLED", "true");
    let _model = EnvGuard::set(&lock, "CODEX_CLI_MODEL", "gpt-test");
    let _reason = EnvGuard::set(&lock, "CODEX_CLI_REASONING", "high");
    let _ephemeral = EnvGuard::set(&lock, "CODEX_CLI_EPHEMERAL_ENABLED", "true");
    let _argv_log = EnvGuard::set(&lock, "CODEX_TEST_ARGV_LOG", &args_log_path);

    let mut stderr = Vec::new();
    let code = runtime::exec_dangerous("hello world", "caller", &mut stderr);

    assert_eq!(code, 0);
    assert!(stderr.is_empty());

    let args = std::fs::read_to_string(args_log.path())
        .expect("read args")
        .lines()
        .map(|line| line.to_string())
        .collect::<Vec<_>>();

    assert_eq!(
        args,
        vec![
            "exec",
            "--dangerously-bypass-approvals-and-sandbox",
            "-s",
            "workspace-write",
            "-m",
            "gpt-test",
            "-c",
            "model_reasoning_effort=\"high\"",
            "--ephemeral",
            "--",
            "hello world",
        ]
        .into_iter()
        .map(|value| value.to_string())
        .collect::<Vec<_>>()
    );
}