unified-agent-api-codex 0.3.5

Async wrapper around the Codex CLI for programmatic prompting
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

use tokio::{process::Command, time};

use crate::{
    process::{spawn_with_retry, tee_stream, ConsoleTarget},
    CodexClient, CodexError, SandboxCommandRequest, SandboxPlatform, SandboxRun, StdioToUdsRequest,
};

impl CodexClient {
    /// Spawns `codex stdio-to-uds <SOCKET_PATH>` with piped stdio for manual relays.
    ///
    /// Returns the child process so callers can write to stdin/read from stdout (e.g., to bridge a
    /// JSON-RPC transport over a Unix domain socket). Fails fast on empty socket paths and inherits
    /// the builder working directory when none is provided on the request.
    pub fn stdio_to_uds(
        &self,
        request: StdioToUdsRequest,
    ) -> Result<tokio::process::Child, CodexError> {
        let StdioToUdsRequest {
            socket_path,
            working_dir,
        } = request;

        if socket_path.as_os_str().is_empty() {
            return Err(CodexError::EmptySocketPath);
        }

        let mut command = Command::new(self.command_env.binary_path());
        command
            .arg("stdio-to-uds")
            .arg(&socket_path)
            .stdin(std::process::Stdio::piped())
            .stdout(std::process::Stdio::piped())
            .stderr(std::process::Stdio::piped())
            .kill_on_drop(true)
            .current_dir(self.sandbox_working_dir(working_dir)?);

        self.command_env.apply(&mut command)?;

        spawn_with_retry(&mut command, self.command_env.binary_path())
    }

    /// Runs `codex sandbox <platform> [--full-auto|--log-denials] [--config/--enable/--disable] -- <COMMAND...>`.
    ///
    /// Captures stdout/stderr and mirrors them according to the builder (`mirror_stdout` / `quiet`). Unlike
    /// `apply`/`diff`, non-zero exit codes are returned in [`SandboxRun::status`] without being wrapped in
    /// [`CodexError::NonZeroExit`]. macOS denial logging is enabled via [`SandboxCommandRequest::log_denials`]
    /// and ignored on other platforms. Linux uses the bundled `codex-linux-sandbox` helper; Windows sandboxing
    /// is experimental and relies on the upstream helper. The wrapper does not gate availability—unsupported
    /// installs will surface as non-zero statuses.
    pub async fn run_sandbox(
        &self,
        request: SandboxCommandRequest,
    ) -> Result<SandboxRun, CodexError> {
        if request.command.is_empty() {
            return Err(CodexError::EmptySandboxCommand);
        }

        let SandboxCommandRequest {
            platform,
            command,
            full_auto,
            log_denials,
            allow_unix_socket,
            config_overrides,
            feature_toggles,
            working_dir,
        } = request;

        let working_dir = self.sandbox_working_dir(working_dir)?;

        let mut process = Command::new(self.command_env.binary_path());
        process
            .arg("sandbox")
            .arg(platform.subcommand())
            .stdout(std::process::Stdio::piped())
            .stderr(std::process::Stdio::piped())
            .kill_on_drop(true)
            .current_dir(&working_dir);

        if full_auto {
            process.arg("--full-auto");
        }

        if log_denials && matches!(platform, SandboxPlatform::Macos) {
            process.arg("--log-denials");
        }

        if allow_unix_socket && matches!(platform, SandboxPlatform::Macos) {
            process.arg("--allow-unix-socket");
        }

        for override_ in config_overrides {
            process.arg("--config");
            process.arg(format!("{}={}", override_.key, override_.value));
        }

        for feature in feature_toggles.enable {
            process.arg("--enable");
            process.arg(feature);
        }

        for feature in feature_toggles.disable {
            process.arg("--disable");
            process.arg(feature);
        }

        process.arg("--");
        process.args(&command);

        self.command_env.apply(&mut process)?;

        let mut child = spawn_with_retry(&mut process, self.command_env.binary_path())?;

        let stdout = child.stdout.take().ok_or(CodexError::StdoutUnavailable)?;
        let stderr = child.stderr.take().ok_or(CodexError::StderrUnavailable)?;

        let stdout_task = tokio::spawn(tee_stream(
            stdout,
            ConsoleTarget::Stdout,
            self.mirror_stdout,
        ));
        let stderr_task = tokio::spawn(tee_stream(stderr, ConsoleTarget::Stderr, !self.quiet));

        let wait_task = async move {
            let status = child
                .wait()
                .await
                .map_err(|source| CodexError::Wait { source })?;
            let stdout_bytes = stdout_task
                .await
                .map_err(CodexError::Join)?
                .map_err(CodexError::CaptureIo)?;
            let stderr_bytes = stderr_task
                .await
                .map_err(CodexError::Join)?
                .map_err(CodexError::CaptureIo)?;
            Ok::<_, CodexError>((status, stdout_bytes, stderr_bytes))
        };

        let (status, stdout_bytes, stderr_bytes) = if self.timeout.is_zero() {
            wait_task.await?
        } else {
            match time::timeout(self.timeout, wait_task).await {
                Ok(result) => result?,
                Err(_) => {
                    return Err(CodexError::Timeout {
                        timeout: self.timeout,
                    });
                }
            }
        };

        Ok(SandboxRun {
            status,
            stdout: String::from_utf8(stdout_bytes)?,
            stderr: String::from_utf8(stderr_bytes)?,
        })
    }
}