Summary
The codex-companion.mjs task command currently supports two sandbox modes:
--write → sandbox: "workspace-write" (bubblewrap sandbox, no GPU access)- (default) →
sandbox: "read-only"
There is no way to reach sandbox: "danger-full-access" through the companion script's task command. This makes it impossible to use codex-companion.mjs task for workflows that require GPU/CUDA access (e.g., running pytest with GPU tests, ML model forward passes, CUDA-dependent verification).
Use Case
We use Codex for automated plan review and implementation audit in a multi-repo ML platform. The audit phase runs actual tests (including GPU tests) to verify implementations. Currently we use codex exec --dangerously-bypass-approvals-and-sandbox for this, but we want to migrate to the companion script to benefit from the app-server protocol (shared broker, JSON-RPC, auth checking, --prompt-file).
The migration is blocked because task --write uses workspace-write sandbox, which restricts GPU device access via bubblewrap on Linux.
Proposed Change
Add a --full-access boolean flag to the task command that maps to sandbox: "danger-full-access":
// In handleTask:
booleanOptions: ["json", "write", "full-access", "resume-last", "resume", "fresh", "background"],
// In executeTaskRun:
sandbox: request.fullAccess ? "danger-full-access" : (request.write ? "workspace-write" : "read-only"),
This is a 3-line change. The flag name --full-access mirrors the existing danger-full-access sandbox mode name while being more ergonomic than --dangerously-bypass-approvals-and-sandbox.
Workaround
We've patched this locally in codex-companion.mjs (lines 460, 573, 707, 725, 735-743, 753-762), but plugin updates will overwrite the patch.
Environment
- codex-cli 0.118.0
- Plugin version: 1.0.2
- Platform: Linux (bubblewrap sandbox)
Summary
The
codex-companion.mjs taskcommand currently supports two sandbox modes:--write→sandbox: "workspace-write"(bubblewrap sandbox, no GPU access)sandbox: "read-only"There is no way to reach
sandbox: "danger-full-access"through the companion script'staskcommand. This makes it impossible to usecodex-companion.mjs taskfor workflows that require GPU/CUDA access (e.g., runningpytestwith GPU tests, ML model forward passes, CUDA-dependent verification).Use Case
We use Codex for automated plan review and implementation audit in a multi-repo ML platform. The audit phase runs actual tests (including GPU tests) to verify implementations. Currently we use
codex exec --dangerously-bypass-approvals-and-sandboxfor this, but we want to migrate to the companion script to benefit from the app-server protocol (shared broker, JSON-RPC, auth checking,--prompt-file).The migration is blocked because
task --writeusesworkspace-writesandbox, which restricts GPU device access via bubblewrap on Linux.Proposed Change
Add a
--full-accessboolean flag to thetaskcommand that maps tosandbox: "danger-full-access":This is a 3-line change. The flag name
--full-accessmirrors the existingdanger-full-accesssandbox mode name while being more ergonomic than--dangerously-bypass-approvals-and-sandbox.Workaround
We've patched this locally in
codex-companion.mjs(lines 460, 573, 707, 725, 735-743, 753-762), but plugin updates will overwrite the patch.Environment