Fix CrossVendorAudit codex invocation: non-git PAI dirs and OpenAI env overrides#1346
Open
lmbagley wants to merge 1 commit into
Open
Conversation
…v overrides
Two failure modes in invokeCodex():
1. codex exec refuses to run when the working directory is not a git
repository ('Not inside a trusted directory'), so the cross-vendor
audit always returns skipped on installs that persist the PAI
directory by means other than git. Pass --skip-git-repo-check.
2. The spawned codex process inherits the parent environment, and
codex's auth precedence puts OPENAI_API_KEY / OPENAI_BASE_URL above
~/.codex/auth.json and config.toml. A stray key in the parent shell
silently flips the audit from the user's configured codex auth
(e.g. ChatGPT subscription) to direct API billing. Scrub both vars
from the child env.
Verified live on a non-git PAI install: audit runs end-to-end and
persists a structured verdict where it previously logged
'skipped: codex exit 1'.
lmbagley
force-pushed
the
fix/crossvendoraudit-nongit-cwd-env-scrub
branch
from
02b005e to
17edbd4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
CrossVendorAudit.ts(the Cato cross-vendor audit harness) has two failure modes ininvokeCodex():Audit always skips on non-git PAI installs.
codex execrefuses to run when the working directory is not a git repository (Not inside a trusted directory), so on installs that persist the PAI directory by means other than git, every audit returnsskipped: codex exit 1and the cross-vendor audit never actually fires.Silent auth flip. The spawned codex process inherits the parent environment, and codex's auth precedence puts
OPENAI_API_KEY/OPENAI_BASE_URLabove~/.codex/auth.jsonandconfig.toml. A stray key in the parent shell silently moves the audit from the user's configured codex auth (e.g. ChatGPT subscription) to direct API billing, with no signal that it happened.Fix
--skip-git-repo-checktocodex exec(the read-only sandbox is still enforced by--sandbox read-only).OPENAI_API_KEY/OPENAI_BASE_URLbefore spawn — only when~/.codex/auth.jsonexists, so users who authenticate codex solely via the env var keep working unchanged; users with configured auth stop being silently overridden by stray shell keys.Testing
Verified live on a non-git PAI install: the audit runs end-to-end and persists a structured verdict to
cato-findings.jsonlwhere it previously loggedskipped: codex exit 1.bun buildpasses on the patched file.Note for maintainers
The change targets
Releases/v5.0.0/because a tree-wide search shows it is the only place this file ships — happy to retarget if release snapshots are frozen and there's a development home for it.