harivansh-afk/sandbox-agent
1
0
Fork 0
mirror of https://github.com/harivansh-afk/sandbox-agent.git synced 2026-04-15 09:01:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: migrate codex app server

Browse source
This commit is contained in:
Nathan Flurry 2026-01-26 21:50:37 -08:00
parent c91595d338
commit 4b5b390b7f
9 changed files with 1266 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/packages/agent-management/Cargo.toml
View file

@ -7,6 +7,7 @@ license.workspace = true
[dependencies]
sandbox-agent-agent-credentials.workspace = true
sandbox-agent-extracted-agent-schemas.workspace = true
thiserror.workspace = true
serde.workspace = true
serde_json.workspace = true

404
server/packages/agent-management/src/agents.rs
View file

@ -1,12 +1,22 @@
use std::collections::HashMap;
use std::fmt;
use std::fs;
use std::io::{self, Read};
use std::io::{self, BufRead, BufReader, Read, Write};
use std::path::{Path, PathBuf};
use std::process::{Child, ChildStderr, ChildStdout, Command, ExitStatus, Stdio};
use std::process::{
Child,
ChildStderr,
ChildStdin,
ChildStdout,
Command,
ExitStatus,
Stdio,
};
use std::time::{Duration, Instant};
use flate2::read::GzDecoder;
use reqwest::blocking::Client;
use sandbox_agent_extracted_agent_schemas::codex as codex_schema;
use serde::{Deserialize, Serialize};
use serde_json::Value;
use thiserror::Error;
@ -163,6 +173,9 @@ impl AgentManager {
}
pub fn spawn(&self, agent: AgentId, options: SpawnOptions) -> Result<SpawnResult, AgentError> {
if agent == AgentId::Codex {
return self.spawn_codex_app_server(options);
}
let path = self.resolve_binary(agent)?;
let working_dir = options
.working_dir
@ -199,23 +212,7 @@ impl AgentManager {
if options.session_id.is_some() {
return Err(AgentError::ResumeUnsupported { agent });
}
command
.arg("exec")
.arg("--json");
match options.permission_mode.as_deref() {
Some("plan") => {
command.arg("--sandbox").arg("read-only");
}
Some("bypass") => {
command.arg("--dangerously-bypass-approvals-and-sandbox");
}
_ => {}
}
if let Some(model) = options.model.as_deref() {
command.arg("-m").arg(model);
}
let prompt = codex_prompt_for_mode(&options.prompt, options.agent_mode.as_deref());
command.arg(prompt);
command.arg("app-server");
}
AgentId::Opencode => {
command
@ -275,12 +272,225 @@ impl AgentManager {
agent: AgentId,
options: SpawnOptions,
) -> Result<StreamingSpawn, AgentError> {
let codex_options = if agent == AgentId::Codex {
Some(options.clone())
} else {
None
};
let mut command = self.build_command(agent, &options)?;
if agent == AgentId::Codex {
command.stdin(Stdio::piped());
}
command.stdout(Stdio::piped()).stderr(Stdio::piped());
let mut child = command.spawn().map_err(AgentError::Io)?;
let stdin = child.stdin.take();
let stdout = child.stdout.take();
let stderr = child.stderr.take();
Ok(StreamingSpawn { child, stdout, stderr })
Ok(StreamingSpawn {
child,
stdin,
stdout,
stderr,
codex_options,
})
}
fn spawn_codex_app_server(&self, options: SpawnOptions) -> Result<SpawnResult, AgentError> {
if options.session_id.is_some() {
return Err(AgentError::ResumeUnsupported { agent: AgentId::Codex });
}
let mut command = self.build_command(AgentId::Codex, &options)?;
command.stdin(Stdio::piped()).stdout(Stdio::piped()).stderr(Stdio::piped());
for (key, value) in options.env {
command.env(key, value);
}
let mut child = command.spawn().map_err(AgentError::Io)?;
let mut stdin = child.stdin.take().ok_or_else(|| {
AgentError::Io(io::Error::new(io::ErrorKind::Other, "missing codex stdin"))
})?;
let stdout = child.stdout.take().ok_or_else(|| {
AgentError::Io(io::Error::new(io::ErrorKind::Other, "missing codex stdout"))
})?;
let stderr = child.stderr.take().ok_or_else(|| {
AgentError::Io(io::Error::new(io::ErrorKind::Other, "missing codex stderr"))
})?;
let stderr_handle = std::thread::spawn(move || {
let mut buffer = String::new();
let _ = BufReader::new(stderr).read_to_string(&mut buffer);
buffer
});
let approval_policy = codex_approval_policy(options.permission_mode.as_deref());
let sandbox_mode = codex_sandbox_mode(options.permission_mode.as_deref());
let sandbox_policy = codex_sandbox_policy(options.permission_mode.as_deref());
let prompt = codex_prompt_for_mode(&options.prompt, options.agent_mode.as_deref());
let cwd = options
.working_dir
.as_ref()
.map(|path| path.to_string_lossy().to_string());
let mut next_id = 1i64;
let init_id = next_request_id(&mut next_id);
send_json_line(
&mut stdin,
&codex_schema::ClientRequest::Initialize {
id: init_id.clone(),
params: codex_schema::InitializeParams {
client_info: codex_schema::ClientInfo {
name: "sandbox-agent".to_string(),
title: Some("sandbox-agent".to_string()),
version: env!("CARGO_PKG_VERSION").to_string(),
},
},
},
)?;
let mut init_done = false;
let mut thread_start_sent = false;
let mut thread_start_id: Option<String> = None;
let mut turn_start_sent = false;
let mut thread_id: Option<String> = None;
let mut stdout_buffer = String::new();
let mut events = Vec::new();
let mut line = String::new();
let mut reader = BufReader::new(stdout);
let mut completed = false;
while reader.read_line(&mut line).map_err(AgentError::Io)? > 0 {
stdout_buffer.push_str(&line);
let trimmed = line.trim_end_matches(&['\r', '\n'][..]).to_string();
line.clear();
if trimmed.is_empty() {
continue;
}
let value: Value = match serde_json::from_str(&trimmed) {
Ok(value) => value,
Err(_) => continue,
};
let message: codex_schema::JsonrpcMessage =
match serde_json::from_value(value.clone()) {
Ok(message) => message,
Err(_) => continue,
};
match message {
codex_schema::JsonrpcMessage::Response(response) => {
let response_id = response.id.to_string();
if !init_done && response_id == init_id.to_string() {
init_done = true;
send_json_line(
&mut stdin,
&codex_schema::JsonrpcNotification {
method: "initialized".to_string(),
params: None,
},
)?;
let request_id = next_request_id(&mut next_id);
let request_id_str = request_id.to_string();
let mut params = codex_schema::ThreadStartParams::default();
params.approval_policy = approval_policy;
params.sandbox = sandbox_mode;
params.model = options.model.clone();
params.cwd = cwd.clone();
send_json_line(
&mut stdin,
&codex_schema::ClientRequest::ThreadStart { id: request_id, params },
)?;
thread_start_id = Some(request_id_str);
thread_start_sent = true;
} else if thread_start_id.as_deref() == Some(&response_id) && thread_id.is_none() {
thread_id = codex_thread_id_from_response(&response.result);
}
events.push(value);
}
codex_schema::JsonrpcMessage::Notification(_) => {
if let Ok(notification) =
serde_json::from_value::<codex_schema::ServerNotification>(value.clone())
{
if thread_id.is_none() {
thread_id = codex_thread_id_from_notification(&notification);
}
if matches!(
notification,
codex_schema::ServerNotification::TurnCompleted(_)
| codex_schema::ServerNotification::Error(_)
) {
completed = true;
}
if let codex_schema::ServerNotification::ItemCompleted(params) = &notification {
if matches!(params.item, codex_schema::ThreadItem::AgentMessage { .. }) {
completed = true;
}
}
}
events.push(value);
}
codex_schema::JsonrpcMessage::Request(_) => {
events.push(value);
}
codex_schema::JsonrpcMessage::Error(_) => {
events.push(value);
completed = true;
}
}
if thread_id.is_some() && thread_start_sent && !turn_start_sent {
let request_id = next_request_id(&mut next_id);
let params = codex_schema::TurnStartParams {
approval_policy,
collaboration_mode: None,
cwd: cwd.clone(),
effort: None,
input: vec![codex_schema::UserInput::Text {
text: prompt.clone(),
text_elements: Vec::new(),
}],
model: options.model.clone(),
output_schema: None,
personality: None,
sandbox_policy: sandbox_policy.clone(),
summary: None,
thread_id: thread_id.clone().unwrap_or_default(),
};
send_json_line(
&mut stdin,
&codex_schema::ClientRequest::TurnStart {
id: request_id,
params,
},
)?;
turn_start_sent = true;
}
if completed {
break;
}
}
drop(stdin);
let status = if completed {
let start = Instant::now();
loop {
if let Some(status) = child.try_wait().map_err(AgentError::Io)? {
break status;
}
if start.elapsed() > Duration::from_secs(5) {
let _ = child.kill();
break child.wait().map_err(AgentError::Io)?;
}
std::thread::sleep(Duration::from_millis(50));
}
} else {
child.wait().map_err(AgentError::Io)?
};
let stderr_output = stderr_handle.join().unwrap_or_default();
Ok(SpawnResult {
status,
stdout: stdout_buffer,
stderr: stderr_output,
session_id: extract_session_id(AgentId::Codex, &events),
result: extract_result_text(AgentId::Codex, &events),
events,
})
}
fn build_command(&self, agent: AgentId, options: &SpawnOptions) -> Result<Command, AgentError> {
@ -320,21 +530,7 @@ impl AgentManager {
if options.session_id.is_some() {
return Err(AgentError::ResumeUnsupported { agent });
}
command.arg("exec").arg("--json");
match options.permission_mode.as_deref() {
Some("plan") => {
command.arg("--sandbox").arg("read-only");
}
Some("bypass") => {
command.arg("--dangerously-bypass-approvals-and-sandbox");
}
_ => {}
}
if let Some(model) = options.model.as_deref() {
command.arg("-m").arg(model);
}
let prompt = codex_prompt_for_mode(&options.prompt, options.agent_mode.as_deref());
command.arg(prompt);
command.arg("app-server");
}
AgentId::Opencode => {
command.arg("run").arg("--format").arg("json");
@ -441,8 +637,10 @@ pub struct SpawnResult {
#[derive(Debug)]
pub struct StreamingSpawn {
pub child: Child,
pub stdin: Option<ChildStdin>,
pub stdout: Option<ChildStdout>,
pub stderr: Option<ChildStderr>,
pub codex_options: Option<SpawnOptions>,
}
#[derive(Debug, Error)]
@ -497,6 +695,83 @@ fn codex_prompt_for_mode(prompt: &str, mode: Option<&str>) -> String {
}
}
fn codex_approval_policy(mode: Option<&str>) -> Option<codex_schema::AskForApproval> {
match mode {
Some("plan") => Some(codex_schema::AskForApproval::Untrusted),
Some("bypass") => Some(codex_schema::AskForApproval::Never),
_ => None,
}
}
fn codex_sandbox_mode(mode: Option<&str>) -> Option<codex_schema::SandboxMode> {
match mode {
Some("plan") => Some(codex_schema::SandboxMode::ReadOnly),
Some("bypass") => Some(codex_schema::SandboxMode::DangerFullAccess),
_ => None,
}
}
fn codex_sandbox_policy(mode: Option<&str>) -> Option<codex_schema::SandboxPolicy> {
match mode {
Some("plan") => Some(codex_schema::SandboxPolicy::ReadOnly),
Some("bypass") => Some(codex_schema::SandboxPolicy::DangerFullAccess),
_ => None,
}
}
fn next_request_id(next_id: &mut i64) -> codex_schema::RequestId {
let id = *next_id;
*next_id += 1;
codex_schema::RequestId::from(id)
}
fn send_json_line<T: Serialize>(stdin: &mut ChildStdin, payload: &T) -> Result<(), AgentError> {
let line = serde_json::to_string(payload)
.map_err(|err| AgentError::Io(io::Error::new(io::ErrorKind::Other, err)))?;
writeln!(stdin, "{line}").map_err(AgentError::Io)?;
stdin.flush().map_err(AgentError::Io)?;
Ok(())
}
fn codex_thread_id_from_notification(
notification: &codex_schema::ServerNotification,
) -> Option<String> {
match notification {
codex_schema::ServerNotification::ThreadStarted(params) => Some(params.thread.id.clone()),
codex_schema::ServerNotification::TurnStarted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::TurnCompleted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemStarted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemCompleted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemAgentMessageDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemReasoningTextDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemReasoningSummaryTextDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemCommandExecutionOutputDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemFileChangeOutputDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemMcpToolCallProgress(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ThreadTokenUsageUpdated(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::TurnDiffUpdated(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::TurnPlanUpdated(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemCommandExecutionTerminalInteraction(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemReasoningSummaryPartAdded(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ThreadCompacted(params) => Some(params.thread_id.clone()),
_ => None,
}
}
fn codex_thread_id_from_response(result: &Value) -> Option<String> {
if let Some(id) = result
.get("thread")
.and_then(|thread| thread.get("id"))
.and_then(Value::as_str)
{
return Some(id.to_string());
}
if let Some(id) = result.get("threadId").and_then(Value::as_str) {
return Some(id.to_string());
}
None
}
fn extract_nested_string(value: &Value, path: &[&str]) -> Option<String> {
let mut current = value;
for key in path {
@ -517,19 +792,36 @@ fn extract_session_id(agent: AgentId, events: &[Value]) -> Option<String> {
return Some(id.to_string());
}
}
AgentId::Codex => {
if event.get("type").and_then(Value::as_str) == Some("thread.started") {
if let Some(id) = event.get("thread_id").and_then(Value::as_str) {
return Some(id.to_string());
AgentId::Codex => {
if let Ok(notification) =
serde_json::from_value::<codex_schema::ServerNotification>(event.clone())
{
match notification {
codex_schema::ServerNotification::ThreadStarted(params) => {
return Some(params.thread.id);
}
}
if let Some(id) = event.get("thread_id").and_then(Value::as_str) {
return Some(id.to_string());
}
if let Some(id) = event.get("threadId").and_then(Value::as_str) {
return Some(id.to_string());
codex_schema::ServerNotification::TurnStarted(params) => {
return Some(params.thread_id);
}
codex_schema::ServerNotification::TurnCompleted(params) => {
return Some(params.thread_id);
}
codex_schema::ServerNotification::ItemStarted(params) => {
return Some(params.thread_id);
}
codex_schema::ServerNotification::ItemCompleted(params) => {
return Some(params.thread_id);
}
_ => {}
}
}
if let Some(id) = event.get("thread_id").and_then(Value::as_str) {
return Some(id.to_string());
}
if let Some(id) = event.get("threadId").and_then(Value::as_str) {
return Some(id.to_string());
}
}
AgentId::Opencode => {
if let Some(id) = event.get("session_id").and_then(Value::as_str) {
return Some(id.to_string());
@ -574,13 +866,25 @@ fn extract_result_text(agent: AgentId, events: &[Value]) -> Option<String> {
AgentId::Codex => {
let mut last = None;
for event in events {
if event.get("type").and_then(Value::as_str) == Some("item.completed") {
if let Some(item) = event.get("item") {
if item.get("type").and_then(Value::as_str) == Some("agent_message") {
if let Some(text) = item.get("text").and_then(Value::as_str) {
last = Some(text.to_string());
if let Ok(notification) =
serde_json::from_value::<codex_schema::ServerNotification>(event.clone())
{
match notification {
codex_schema::ServerNotification::ItemCompleted(params) => {
if let codex_schema::ThreadItem::AgentMessage { text, .. } = params.item
{
last = Some(text);
}
}
codex_schema::ServerNotification::TurnCompleted(params) => {
for item in params.turn.items.iter().rev() {
if let codex_schema::ThreadItem::AgentMessage { text, .. } = item {
last = Some(text.clone());
break;
}
}
}
_ => {}
}
}
if let Some(result) = event.get("result").and_then(Value::as_str) {

595
server/packages/sandbox-agent/src/router.rs
View file

@ -1,6 +1,6 @@
use std::collections::{HashMap, HashSet};
use std::convert::Infallible;
use std::io::{BufRead, BufReader};
use std::io::{BufRead, BufReader, Write};
use std::net::TcpListener;
use std::process::Stdio;
use std::sync::Arc;
@ -19,10 +19,26 @@ use tower_http::trace::TraceLayer;
use reqwest::Client;
use sandbox_agent_error::{AgentError, ErrorType, ProblemDetails, SandboxError};
use sandbox_agent_universal_agent_schema::{
convert_amp, convert_claude, convert_codex, convert_opencode, AttachmentSource, CrashInfo,
EventConversion, PermissionRequest, PermissionToolRef, QuestionInfo, QuestionOption,
QuestionRequest, QuestionToolRef, Started, UniversalEvent, UniversalEventData,
UniversalMessage, UniversalMessageParsed, UniversalMessagePart,
codex as codex_schema,
convert_amp,
convert_claude,
convert_codex,
convert_opencode,
AttachmentSource,
CrashInfo,
EventConversion,
PermissionRequest,
PermissionToolRef,
QuestionInfo,
QuestionOption,
QuestionRequest,
QuestionToolRef,
Started,
UniversalEvent,
UniversalEventData,
UniversalMessage,
UniversalMessageParsed,
UniversalMessagePart,
};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
@ -38,6 +54,7 @@ use sandbox_agent_agent_management::agents::{
use sandbox_agent_agent_management::credentials::{
extract_all_credentials, CredentialExtractionOptions, ExtractedCredentials,
};
use crate::ui;
#[derive(Debug)]
pub struct AppState {
@ -104,9 +121,13 @@ pub fn build_router(state: AppState) -> Router {
v1_router = v1_router.layer(axum::middleware::from_fn_with_state(shared, require_token));
}
Router::new()
.nest("/v1", v1_router)
.layer(TraceLayer::new_for_http())
let mut router = Router::new().nest("/v1", v1_router);
if ui::is_enabled() {
router = router.merge(ui::router());
}
router.layer(TraceLayer::new_for_http())
}
#[derive(OpenApi)]
@ -204,6 +225,7 @@ struct SessionState {
pending_permissions: HashSet<String>,
broadcaster: broadcast::Sender<UniversalEvent>,
opencode_stream_started: bool,
codex_sender: Option<mpsc::UnboundedSender<String>>,
}
impl SessionState {
@ -236,6 +258,7 @@ impl SessionState {
pending_permissions: HashSet::new(),
broadcaster,
opencode_stream_started: false,
codex_sender: None,
})
}
@ -274,6 +297,14 @@ impl SessionState {
event
}
fn set_codex_sender(&mut self, sender: Option<mpsc::UnboundedSender<String>>) {
self.codex_sender = sender;
}
fn codex_sender(&self) -> Option<mpsc::UnboundedSender<String>> {
self.codex_sender.clone()
}
fn normalize_event_data(&self, mut data: UniversalEventData) -> UniversalEventData {
match &mut data {
UniversalEventData::QuestionAsked { question_asked } => {
@ -627,7 +658,7 @@ impl SessionManager {
permission_id: &str,
reply: PermissionReply,
) -> Result<(), SandboxError> {
let (agent, agent_session_id) = {
let (agent, agent_session_id, codex_sender, codex_metadata) = {
let mut sessions = self.sessions.lock().await;
let session = sessions.get_mut(session_id).ok_or_else(|| SandboxError::SessionNotFound {
session_id: session_id.to_string(),
@ -640,10 +671,79 @@ impl SessionManager {
message: format!("unknown permission id: {permission_id}"),
});
}
(session.agent, session.agent_session_id.clone())
let codex_metadata = if session.agent == AgentId::Codex {
session.events.iter().find_map(|event| {
if let UniversalEventData::PermissionAsked { permission_asked } = &event.data {
if permission_asked.id == permission_id {
return Some(permission_asked.metadata.clone());
}
}
None
})
} else {
None
};
let codex_sender = if session.agent == AgentId::Codex {
session.codex_sender()
} else {
None
};
(
session.agent,
session.agent_session_id.clone(),
codex_sender,
codex_metadata,
)
};
if agent == AgentId::Opencode {
if agent == AgentId::Codex {
let sender = codex_sender.ok_or_else(|| SandboxError::InvalidRequest {
message: "codex session not active".to_string(),
})?;
let metadata = codex_metadata.ok_or_else(|| SandboxError::InvalidRequest {
message: "missing codex permission metadata".to_string(),
})?;
let request_id = codex_request_id_from_metadata(&metadata)
.or_else(|| codex_request_id_from_string(permission_id))
.ok_or_else(|| SandboxError::InvalidRequest {
message: "invalid codex permission request id".to_string(),
})?;
let request_kind = metadata
.get("codexRequestKind")
.and_then(Value::as_str)
.unwrap_or("");
let response_value = match request_kind {
"commandExecution" => {
let decision = codex_command_decision_for_reply(reply);
let response = codex_schema::CommandExecutionRequestApprovalResponse { decision };
serde_json::to_value(response).map_err(|err| SandboxError::InvalidRequest {
message: err.to_string(),
})?
}
"fileChange" => {
let decision = codex_file_change_decision_for_reply(reply);
let response = codex_schema::FileChangeRequestApprovalResponse { decision };
serde_json::to_value(response).map_err(|err| SandboxError::InvalidRequest {
message: err.to_string(),
})?
}
_ => {
return Err(SandboxError::InvalidRequest {
message: "unsupported codex permission request".to_string(),
});
}
};
let response = codex_schema::JsonrpcResponse {
id: request_id,
result: response_value,
};
let line = serde_json::to_string(&response).map_err(|err| SandboxError::InvalidRequest {
message: err.to_string(),
})?;
sender.send(line).map_err(|_| SandboxError::InvalidRequest {
message: "codex session not active".to_string(),
})?;
} else if agent == AgentId::Opencode {
let agent_session_id = agent_session_id.ok_or_else(|| SandboxError::InvalidRequest {
message: "missing OpenCode session id".to_string(),
})?;
@ -681,10 +781,17 @@ impl SessionManager {
) {
let StreamingSpawn {
mut child,
stdin,
stdout,
stderr,
codex_options,
} = spawn;
let (tx, mut rx) = mpsc::unbounded_channel::<String>();
let mut codex_state = codex_options
.filter(|_| agent == AgentId::Codex)
.map(CodexAppServerState::new);
let mut codex_sender: Option<mpsc::UnboundedSender<String>> = None;
let mut terminate_early = false;
if let Some(stdout) = stdout {
let tx_stdout = tx.clone();
@ -700,12 +807,52 @@ impl SessionManager {
}
drop(tx);
if agent == AgentId::Codex {
if let Some(stdin) = stdin {
let (writer_tx, writer_rx) = mpsc::unbounded_channel::<String>();
codex_sender = Some(writer_tx.clone());
{
let mut sessions = self.sessions.lock().await;
if let Some(session) = sessions.get_mut(&session_id) {
session.set_codex_sender(Some(writer_tx));
}
}
tokio::task::spawn_blocking(move || {
write_lines(stdin, writer_rx);
});
}
if let (Some(state), Some(sender)) = (codex_state.as_mut(), codex_sender.as_ref()) {
state.start(sender);
}
}
while let Some(line) = rx.recv().await {
if let Some(conversion) = parse_agent_line(agent, &line, &session_id) {
if agent == AgentId::Codex {
if let Some(state) = codex_state.as_mut() {
let outcome = state.handle_line(&line);
if let Some(conversion) = outcome.conversion {
let _ = self.record_conversion(&session_id, conversion).await;
}
if outcome.should_terminate {
terminate_early = true;
break;
}
}
} else if let Some(conversion) = parse_agent_line(agent, &line, &session_id) {
let _ = self.record_conversion(&session_id, conversion).await;
}
}
if agent == AgentId::Codex {
let mut sessions = self.sessions.lock().await;
if let Some(session) = sessions.get_mut(&session_id) {
session.set_codex_sender(None);
}
}
if terminate_early {
let _ = child.kill();
}
let status = tokio::task::spawn_blocking(move || child.wait()).await;
match status {
Ok(Ok(status)) if status.success() => {}
@ -1932,6 +2079,430 @@ fn read_lines<R: std::io::Read>(reader: R, sender: mpsc::UnboundedSender<String>
}
}
fn write_lines(mut stdin: std::process::ChildStdin, mut receiver: mpsc::UnboundedReceiver<String>) {
while let Some(line) = receiver.blocking_recv() {
if writeln!(stdin, "{line}").is_err() {
break;
}
if stdin.flush().is_err() {
break;
}
}
}
#[derive(Default)]
struct CodexLineOutcome {
conversion: Option<EventConversion>,
should_terminate: bool,
}
struct CodexAppServerState {
init_id: Option<String>,
thread_start_id: Option<String>,
init_done: bool,
thread_start_sent: bool,
turn_start_sent: bool,
thread_id: Option<String>,
next_id: i64,
prompt: String,
model: Option<String>,
cwd: Option<String>,
approval_policy: Option<codex_schema::AskForApproval>,
sandbox_mode: Option<codex_schema::SandboxMode>,
sandbox_policy: Option<codex_schema::SandboxPolicy>,
sender: Option<mpsc::UnboundedSender<String>>,
}
impl CodexAppServerState {
fn new(options: SpawnOptions) -> Self {
let prompt = codex_prompt_for_mode(&options.prompt, options.agent_mode.as_deref());
let cwd = options
.working_dir
.as_ref()
.map(|path| path.to_string_lossy().to_string());
Self {
init_id: None,
thread_start_id: None,
init_done: false,
thread_start_sent: false,
turn_start_sent: false,
thread_id: None,
next_id: 1,
prompt,
model: options.model.clone(),
cwd,
approval_policy: codex_approval_policy(options.permission_mode.as_deref()),
sandbox_mode: codex_sandbox_mode(options.permission_mode.as_deref()),
sandbox_policy: codex_sandbox_policy(options.permission_mode.as_deref()),
sender: None,
}
}
fn start(&mut self, sender: &mpsc::UnboundedSender<String>) {
self.sender = Some(sender.clone());
let request_id = self.next_request_id();
self.init_id = Some(request_id.to_string());
let request = codex_schema::ClientRequest::Initialize {
id: request_id,
params: codex_schema::InitializeParams {
client_info: codex_schema::ClientInfo {
name: "sandbox-agent".to_string(),
title: Some("sandbox-agent".to_string()),
version: env!("CARGO_PKG_VERSION").to_string(),
},
},
};
self.send_json(&request);
}
fn handle_line(&mut self, line: &str) -> CodexLineOutcome {
let trimmed = line.trim();
if trimmed.is_empty() {
return CodexLineOutcome::default();
}
let value: Value = match serde_json::from_str(trimmed) {
Ok(value) => value,
Err(_) => return CodexLineOutcome::default(),
};
let message: codex_schema::JsonrpcMessage = match serde_json::from_value(value.clone()) {
Ok(message) => message,
Err(_) => return CodexLineOutcome::default(),
};
match message {
codex_schema::JsonrpcMessage::Response(response) => {
self.handle_response(&response);
CodexLineOutcome::default()
}
codex_schema::JsonrpcMessage::Notification(_) => {
if let Ok(notification) =
serde_json::from_value::<codex_schema::ServerNotification>(value.clone())
{
self.maybe_capture_thread_id(&notification);
let conversion = convert_codex::notification_to_universal(&notification);
let should_terminate = matches!(
notification,
codex_schema::ServerNotification::TurnCompleted(_)
| codex_schema::ServerNotification::Error(_)
);
CodexLineOutcome {
conversion: Some(conversion),
should_terminate,
}
} else {
CodexLineOutcome::default()
}
}
codex_schema::JsonrpcMessage::Request(_) => {
if let Ok(request) =
serde_json::from_value::<codex_schema::ServerRequest>(value.clone())
{
let conversion = codex_request_to_universal(&request);
CodexLineOutcome {
conversion: Some(conversion),
should_terminate: false,
}
} else {
CodexLineOutcome::default()
}
}
codex_schema::JsonrpcMessage::Error(error) => CodexLineOutcome {
conversion: Some(codex_rpc_error_to_universal(&error)),
should_terminate: true,
},
}
}
fn handle_response(&mut self, response: &codex_schema::JsonrpcResponse) {
let response_id = response.id.to_string();
if !self.init_done {
if self
.init_id
.as_ref()
.is_some_and(|id| id == &response_id)
{
self.init_done = true;
self.send_initialized();
self.send_thread_start();
}
return;
}
if self.thread_id.is_none()
&& self
.thread_start_id
.as_ref()
.is_some_and(|id| id == &response_id)
{
self.send_turn_start();
}
}
fn maybe_capture_thread_id(&mut self, notification: &codex_schema::ServerNotification) {
if self.thread_id.is_some() {
return;
}
let thread_id = match notification {
codex_schema::ServerNotification::ThreadStarted(params) => Some(params.thread.id.clone()),
codex_schema::ServerNotification::TurnStarted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::TurnCompleted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemStarted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemCompleted(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemAgentMessageDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemReasoningTextDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemReasoningSummaryTextDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemCommandExecutionOutputDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemFileChangeOutputDelta(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemMcpToolCallProgress(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ThreadTokenUsageUpdated(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::TurnDiffUpdated(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::TurnPlanUpdated(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemCommandExecutionTerminalInteraction(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ItemReasoningSummaryPartAdded(params) => Some(params.thread_id.clone()),
codex_schema::ServerNotification::ThreadCompacted(params) => Some(params.thread_id.clone()),
_ => None,
};
if let Some(thread_id) = thread_id {
self.thread_id = Some(thread_id);
self.send_turn_start();
}
}
fn send_initialized(&self) {
let notification = codex_schema::JsonrpcNotification {
method: "initialized".to_string(),
params: None,
};
self.send_json(&notification);
}
fn send_thread_start(&mut self) {
if self.thread_start_sent {
return;
}
let request_id = self.next_request_id();
self.thread_start_id = Some(request_id.to_string());
let mut params = codex_schema::ThreadStartParams::default();
params.approval_policy = self.approval_policy;
params.sandbox = self.sandbox_mode;
params.model = self.model.clone();
params.cwd = self.cwd.clone();
let request = codex_schema::ClientRequest::ThreadStart { id: request_id, params };
self.thread_start_sent = true;
self.send_json(&request);
}
fn send_turn_start(&mut self) {
if self.turn_start_sent {
return;
}
let thread_id = match self.thread_id.clone() {
Some(thread_id) => thread_id,
None => return,
};
let request_id = self.next_request_id();
let params = codex_schema::TurnStartParams {
approval_policy: self.approval_policy,
collaboration_mode: None,
cwd: self.cwd.clone(),
effort: None,
input: vec![codex_schema::UserInput::Text {
text: self.prompt.clone(),
text_elements: Vec::new(),
}],
model: self.model.clone(),
output_schema: None,
personality: None,
sandbox_policy: self.sandbox_policy.clone(),
summary: None,
thread_id,
};
let request = codex_schema::ClientRequest::TurnStart { id: request_id, params };
self.turn_start_sent = true;
self.send_json(&request);
}
fn next_request_id(&mut self) -> codex_schema::RequestId {
let id = self.next_id;
self.next_id += 1;
codex_schema::RequestId::from(id)
}
fn send_json<T: Serialize>(&self, payload: &T) {
let Some(sender) = self.sender.as_ref() else {
return;
};
let Ok(line) = serde_json::to_string(payload) else {
return;
};
let _ = sender.send(line);
}
}
fn codex_prompt_for_mode(prompt: &str, mode: Option<&str>) -> String {
match mode {
Some("plan") => format!("Make a plan before acting.\n\n{prompt}"),
_ => prompt.to_string(),
}
}
fn codex_approval_policy(mode: Option<&str>) -> Option<codex_schema::AskForApproval> {
match mode {
Some("plan") => Some(codex_schema::AskForApproval::Untrusted),
Some("bypass") => Some(codex_schema::AskForApproval::Never),
_ => None,
}
}
fn codex_sandbox_mode(mode: Option<&str>) -> Option<codex_schema::SandboxMode> {
match mode {
Some("plan") => Some(codex_schema::SandboxMode::ReadOnly),
Some("bypass") => Some(codex_schema::SandboxMode::DangerFullAccess),
_ => None,
}
}
fn codex_sandbox_policy(mode: Option<&str>) -> Option<codex_schema::SandboxPolicy> {
match mode {
Some("plan") => Some(codex_schema::SandboxPolicy::ReadOnly),
Some("bypass") => Some(codex_schema::SandboxPolicy::DangerFullAccess),
_ => None,
}
}
fn codex_request_to_universal(request: &codex_schema::ServerRequest) -> EventConversion {
match request {
codex_schema::ServerRequest::ItemCommandExecutionRequestApproval { id, params } => {
let mut metadata = serde_json::Map::new();
metadata.insert(
"codexRequestKind".to_string(),
Value::String("commandExecution".to_string()),
);
metadata.insert(
"codexRequestId".to_string(),
serde_json::to_value(id).unwrap_or(Value::Null),
);
metadata.insert("threadId".to_string(), Value::String(params.thread_id.clone()));
metadata.insert("turnId".to_string(), Value::String(params.turn_id.clone()));
metadata.insert("itemId".to_string(), Value::String(params.item_id.clone()));
if let Some(command) = params.command.as_ref() {
metadata.insert("command".to_string(), Value::String(command.clone()));
}
if let Some(reason) = params.reason.as_ref() {
metadata.insert("reason".to_string(), Value::String(reason.clone()));
}
let permission = PermissionRequest {
id: id.to_string(),
session_id: params.thread_id.clone(),
permission: "commandExecution".to_string(),
patterns: params
.command
.as_ref()
.map(|command| vec![command.clone()])
.unwrap_or_default(),
metadata,
always: Vec::new(),
tool: None,
};
EventConversion::new(UniversalEventData::PermissionAsked {
permission_asked: permission,
})
.with_session(Some(params.thread_id.clone()))
}
codex_schema::ServerRequest::ItemFileChangeRequestApproval { id, params } => {
let mut metadata = serde_json::Map::new();
metadata.insert(
"codexRequestKind".to_string(),
Value::String("fileChange".to_string()),
);
metadata.insert(
"codexRequestId".to_string(),
serde_json::to_value(id).unwrap_or(Value::Null),
);
metadata.insert("threadId".to_string(), Value::String(params.thread_id.clone()));
metadata.insert("turnId".to_string(), Value::String(params.turn_id.clone()));
metadata.insert("itemId".to_string(), Value::String(params.item_id.clone()));
if let Some(reason) = params.reason.as_ref() {
metadata.insert("reason".to_string(), Value::String(reason.clone()));
}
if let Some(grant_root) = params.grant_root.as_ref() {
metadata.insert("grantRoot".to_string(), Value::String(grant_root.clone()));
}
let permission = PermissionRequest {
id: id.to_string(),
session_id: params.thread_id.clone(),
permission: "fileChange".to_string(),
patterns: params
.grant_root
.as_ref()
.map(|root| vec![root.clone()])
.unwrap_or_default(),
metadata,
always: Vec::new(),
tool: None,
};
EventConversion::new(UniversalEventData::PermissionAsked {
permission_asked: permission,
})
.with_session(Some(params.thread_id.clone()))
}
_ => EventConversion::new(UniversalEventData::Unknown {
raw: serde_json::to_value(request).unwrap_or(Value::Null),
}),
}
}
fn codex_rpc_error_to_universal(error: &codex_schema::JsonrpcError) -> EventConversion {
let message = error.error.message.clone();
let crash = CrashInfo {
message,
kind: Some("jsonrpc.error".to_string()),
details: serde_json::to_value(error).ok(),
};
EventConversion::new(UniversalEventData::Error { error: crash })
}
fn codex_request_id_from_metadata(
metadata: &serde_json::Map<String, Value>,
) -> Option<codex_schema::RequestId> {
let value = metadata.get("codexRequestId")?;
codex_request_id_from_value(value)
}
fn codex_request_id_from_string(value: &str) -> Option<codex_schema::RequestId> {
if let Ok(number) = value.parse::<i64>() {
return Some(codex_schema::RequestId::from(number));
}
Some(codex_schema::RequestId::Variant0(value.to_string()))
}
fn codex_request_id_from_value(value: &Value) -> Option<codex_schema::RequestId> {
match value {
Value::String(value) => Some(codex_schema::RequestId::Variant0(value.clone())),
Value::Number(value) => value.as_i64().map(codex_schema::RequestId::from),
_ => None,
}
}
fn codex_command_decision_for_reply(
reply: PermissionReply,
) -> codex_schema::CommandExecutionApprovalDecision {
match reply {
PermissionReply::Once => codex_schema::CommandExecutionApprovalDecision::Accept,
PermissionReply::Always => codex_schema::CommandExecutionApprovalDecision::AcceptForSession,
PermissionReply::Reject => codex_schema::CommandExecutionApprovalDecision::Decline,
}
}
fn codex_file_change_decision_for_reply(
reply: PermissionReply,
) -> codex_schema::FileChangeApprovalDecision {
match reply {
PermissionReply::Once => codex_schema::FileChangeApprovalDecision::Accept,
PermissionReply::Always => codex_schema::FileChangeApprovalDecision::AcceptForSession,
PermissionReply::Reject => codex_schema::FileChangeApprovalDecision::Decline,
}
}
fn parse_agent_line(agent: AgentId, line: &str, session_id: &str) -> Option<EventConversion> {
let trimmed = line.trim();
if trimmed.is_empty() {

9
server/packages/sandbox-agent/tests/snapshots/http_sse_snapshots__approval_flow_snapshots@question_reply_events_claude.snap
View file

@ -1,5 +1,6 @@
---
source: server/packages/sandbox-agent/tests/http_sse_snapshots.rs
assertion_line: 1045
expression: normalize_events(&question_events)
---
- agent: claude
@ -20,3 +21,11 @@ expression: normalize_events(&question_events)
type: text
role: assistant
seq: 3
- agent: claude
kind: message
message:
parts:
- text: "<redacted>"
type: text
role: assistant
seq: 4