RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge PR #1270: codex exec resume drops -C/-s flags, uses sandbox_mode config 

# Conflicts:
#	codex/SKILL.md
#	codex/SKILL.md.tmpl
This commit is contained in:
Garry Tan 2026-05-08 21:41:57 -07:00
parent 458b17310e 29c18e75ed
commit 9cffb1575d
No known key found for this signature in database
GPG Key ID: C1F69E85C74EFE1D
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
codex/SKILL.md
View File

@ -1235,7 +1235,7 @@ If no project-scoped match, fall back to `ls -t "$PLAN_ROOT"/*.md 2>/dev/null |
but warn: "Note: this plan may be from a different project — verify before sending to Codex."
**IMPORTANT — embed content, don't reference path:** Codex runs sandboxed to the repo
root (`-C`) and cannot access `~/.claude/plans/` or any files outside the repo. You MUST
root and cannot access `~/.claude/plans/` or any files outside the repo. You MUST
read the plan file yourself and embed its FULL CONTENT in the prompt below. Do NOT tell
Codex the file path or ask it to read the plan file — it will waste 10+ tool calls
searching and fail.
@ -1324,8 +1324,9 @@ if [ -z "$PYTHON_CMD" ]; then
echo "ERROR: Python 3 is required to parse Codex JSON output. Install python3 or python and retry." >&2
exit 1
fi
cd "$_REPO_ROOT" || exit 1
# Fix 1: wrap with timeout (gtimeout/timeout fallback chain via probe helper)
_gstack_codex_timeout_wrapper 600 codex exec resume <session-id> "<prompt>" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
_gstack_codex_timeout_wrapper 600 codex exec resume <session-id> "<prompt>" -c 'sandbox_mode="read-only"' -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
<same python streaming parser as above, with flush=True on all print() calls>
"
# Fix 1: same hang detection pattern as new-session block

5
codex/SKILL.md.tmpl
View File

@ -398,7 +398,7 @@ If no project-scoped match, fall back to `ls -t "$PLAN_ROOT"/*.md 2>/dev/null |
but warn: "Note: this plan may be from a different project — verify before sending to Codex."
**IMPORTANT — embed content, don't reference path:** Codex runs sandboxed to the repo
root (`-C`) and cannot access `~/.claude/plans/` or any files outside the repo. You MUST
root and cannot access `~/.claude/plans/` or any files outside the repo. You MUST
read the plan file yourself and embed its FULL CONTENT in the prompt below. Do NOT tell
Codex the file path or ask it to read the plan file — it will waste 10+ tool calls
searching and fail.
@ -487,8 +487,9 @@ if [ -z "$PYTHON_CMD" ]; then
echo "ERROR: Python 3 is required to parse Codex JSON output. Install python3 or python and retry." >&2
exit 1
fi
cd "$_REPO_ROOT" || exit 1
# Fix 1: wrap with timeout (gtimeout/timeout fallback chain via probe helper)
_gstack_codex_timeout_wrapper 600 codex exec resume <session-id> "<prompt>" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
_gstack_codex_timeout_wrapper 600 codex exec resume <session-id> "<prompt>" -c 'sandbox_mode="read-only"' -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 "$PYTHON_CMD" -u -c "
<same python streaming parser as above, with flush=True on all print() calls>
"
# Fix 1: same hang detection pattern as new-session block

10
test/skill-validation.test.ts
View File

@ -1297,6 +1297,16 @@ describe('Codex skill', () => {
expect(content).toContain('codex exec resume');
});
test('codex/SKILL.md resume command only uses resume-supported flags', () => {
const content = fs.readFileSync(path.join(ROOT, 'codex', 'SKILL.md'), 'utf-8');
const match = content.match(/codex exec resume[^\n]+/);
expect(match).not.toBeNull();
const resumeCommand = match![0];
expect(resumeCommand).not.toContain(' -C ');
expect(resumeCommand).not.toContain(' -s read-only');
expect(resumeCommand).toContain("-c 'sandbox_mode=\"read-only\"'");
});
test('codex/SKILL.md contains cost tracking', () => {
const content = fs.readFileSync(path.join(ROOT, 'codex', 'SKILL.md'), 'utf-8');
expect(content).toContain('tokens used');