fix(codex): honor sandbox when full-auto is enabled

[dyxushuai]

Why

• --full-auto forces workspace-write and overrides user-selected sandbox
• This prevents Codex tool calls (e.g., agent-browser) from accessing required paths

How

• Use global "-a on-request" when fullAuto is true and sandbox is customized
• Keep --full-auto only for the default workspace-write sandbox
• Add a test to lock the behavior

Tests

• bun run typecheck
• bun run build

Summary by CodeRabbit

• Bug Fixes

  • Corrected argument ordering and flag handling when full-auto is enabled with custom sandboxes so approval flow and sandbox flags behave correctly.

• Tests

  • Added tests for full-auto with different custom sandboxes (read-only, danger-full-access) to verify generated argument order and sandbox propagation.

• Documentation

  • Clarified default vs custom sandbox behaviour with examples and added an informational callout describing the CLI argument patterns.

[vercel]

@dyxushuai is attempting to deploy a commit to the plgeek Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

CodexAgentPlugin.buildArgs now separates preliminary args (preArgs) from main args and changes fullAuto handling: when fullAuto is set and sandbox is not workspace-write, the plugin emits -a on-request in preArgs and omits --full-auto; exec placement adjusted. Tests and docs added for custom sandboxes.

Changes

Cohort / File(s)	Summary
Codex agent implementation & tests src/plugins/agents/builtin/codex.ts, src/plugins/agents/builtin/codex.test.ts	Introduce preArgs and return combined [...]preArgs, ...args; emit -a on-request in preArgs when fullAuto && sandbox !== workspace-write; only emit --full-auto when sandbox is workspace-write. Added tests verifying argument order (-a before exec) and sandbox flag propagation for danger-full-access and read-only.
Documentation website/content/docs/plugins/agents/codex.mdx	Add callout describing Codex custom sandbox behaviour with fullAuto; update CLI examples showing default sandbox flow (uses --full-auto) and custom sandbox flow (uses -a on-request before exec, with --sandbox danger-full-access).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: ensuring that custom sandbox settings are honoured when full-auto mode is enabled, which is the core fix addressed throughout the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR fixes an issue where the --full-auto flag in the Codex CLI agent was forcing the workspace-write sandbox mode, overriding user-selected custom sandboxes. This prevented Codex tool calls from accessing required paths when users specified alternative sandbox modes.

Changes:

• Modified the argument building logic to use -a on-request global flag when fullAuto is enabled with a non-default sandbox
• Introduced preArgs array to properly order global flags before the subcommand
• Added test coverage to verify the new behavior with custom sandbox configurations

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/plugins/agents/builtin/codex.ts	Updated buildArgs method to conditionally use approval flag instead of --full-auto when custom sandbox is specified, ensuring global flags are placed before subcommand
src/plugins/agents/builtin/codex.test.ts	Added test case to verify that approval flag is used correctly when fullAuto is enabled with a custom sandbox

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
ralph-tui	Ignored	Preview	Feb 3, 2026 6:26pm

[subsy]

thanks for this @dyxushuai 🤘
Addressed some PR feedback and added docs

[codecov]

Codecov Report

❌ Patch coverage is 60.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 43.49%. Comparing base (b86661d) to head (45538bd).
⚠️ Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
src/plugins/agents/builtin/codex.ts	60.00%	4 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #245   +/-   ##
=======================================
  Coverage   43.49%   43.49%           
=======================================
  Files          92       92           
  Lines       28351    28358    +7     
=======================================
+ Hits        12330    12334    +4     
- Misses      16021    16024    +3     

Files with missing lines	Coverage Δ
src/plugins/agents/builtin/codex.ts	49.01% <60.00%> (+0.14%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.