feat: add Codex permission env fallback

[CoderLuii]

Summary

• Add CLOUDCLI_CODEX_PERMISSION_MODE as a server-side fallback for Codex chat requests that do not include permissionMode.
• Preserve explicit request permission modes and validate values against default, acceptEdits, and bypassPermissions.
• Document the fallback and the safety implications of bypassPermissions.

Why

Self-hosted and containerized CloudCLI deployments sometimes need a process-level Codex permission default for clients that do not send permissionMode. This keeps upstream defaults unchanged (default) while allowing trusted deployments to opt into acceptEdits or bypassPermissions explicitly.

Testing

• node --check server/openai-codex.js
• git diff --check

Summary by CodeRabbit

• Documentation

  • Added "Codex Permission Defaults" section explaining the three permission modes and showing example commands for configuring a server-side default and its fallback behavior.

• New Features

  • Server-side configuration for Codex permission mode via an environment variable, with validation and automatic fallback to the default mode when unset or invalid.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6028a456-8da6-40ba-8c67-aed813235c2e

📥 Commits

Reviewing files that changed from the base of the PR and between 84acd28 and fbd54d6.

📒 Files selected for processing (2)

• README.md
• server/openai-codex.js

✅ Files skipped from review due to trivial changes (1)

• README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• server/openai-codex.js

---

📝 Walkthrough

Walkthrough

This PR adds server-side environment-driven fallback for Codex permission modes. New helpers validate CLOUDCLI_CODEX_PERMISSION_MODE and resolve an effective permission mode when requests omit it. queryCodex now uses the resolver to determine sandboxMode and approvalPolicy. README documents the three modes and the fallback behavior.

Changes

Codex Permission Mode Environment Configuration

Layer / File(s)	Summary
Permission mode resolution helpers server/openai-codex.js	New functions read CLOUDCLI_CODEX_PERMISSION_MODE, validate it against default, acceptEdits, and bypassPermissions, warn on invalid config, default to default, and choose between explicit request mode vs. environment-configured fallback.
QueryCodex permission mode resolution server/openai-codex.js	queryCodex detects explicit permissionMode in options, computes effective mode via resolver, and derives sandboxMode and approvalPolicy before starting/resuming Codex thread.
Permission defaults documentation README.md	New "Codex Permission Defaults" section describes the three modes, how UI sends selected mode per request, server-side fallback via CLOUDCLI_CODEX_PERMISSION_MODE environment variable with default as the fallback, and includes example environment commands for each mode.

A rabbit hops through permission lands,
With modes to choose and fallbacks planned,
The server reads the env so kind,
And defaults what the user's mind
Did not specify—smart design! 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add Codex permission env fallback' directly matches the main change: adding an environment variable fallback for Codex permission modes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

server/openai-codex.js (1)

203-203: 💤 Low value

Include the invalid value in warning messages for easier debugging.

When operators misconfigure the environment variable or clients send invalid modes, the current warnings don't reveal what value was received. Including the offending value helps diagnose issues faster.

🔧 Proposed improvement

-  console.warn(`[Codex] Invalid ${CODEX_PERMISSION_MODE_ENV}; falling back to default`);
+  console.warn(`[Codex] Invalid ${CODEX_PERMISSION_MODE_ENV}="${normalizedPermissionMode}"; falling back to default`);

And for the request validation:

-  console.warn('[Codex] Invalid request permission mode; falling back to default');
+  console.warn(`[Codex] Invalid request permission mode="${normalizedPermissionMode}"; falling back to default`);

Also applies to: 217-217

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@server/openai-codex.js` at line 203, Update the warning log calls so they
include the actual invalid value received: where console.warn(`[Codex] Invalid
${CODEX_PERMISSION_MODE_ENV}; falling back to default`) is used, append the
runtime value (e.g. the env value or the variable being validated) into the
message so it reads something like "Invalid X: <value>; falling back to
default". Do the same for the other warning at the request validation site (the
other console.warn around line 217) so both console.warn calls include the
offending value for easier debugging; locate the console.warn calls and the
VARIABLE/identifier used to validate (CODEX_PERMISSION_MODE_ENV or the runtime
variable holding the mode) and interpolate it into the message.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Around line 155-162: Expand the "Codex Permission Defaults" section to
document the behavior of each mode (default, acceptEdits, bypassPermissions) so
operators can choose appropriately: describe what "default" enforces (strict
permission checks requiring explicit approval or admin-controlled decisions),
what "acceptEdits" permits (automatic acceptance of non-sensitive
client-suggested edits or a reduced-approval workflow), and clarify
"bypassPermissions" (full access with no approval, already mentioned); reference
the server-side env var CLOUDCLI_CODEX_PERMISSION_MODE and show an example usage
of setting it to each value so readers can test configurations.

---

Nitpick comments:
In `@server/openai-codex.js`:
- Line 203: Update the warning log calls so they include the actual invalid
value received: where console.warn(`[Codex] Invalid
${CODEX_PERMISSION_MODE_ENV}; falling back to default`) is used, append the
runtime value (e.g. the env value or the variable being validated) into the
message so it reads something like "Invalid X: <value>; falling back to
default". Do the same for the other warning at the request validation site (the
other console.warn around line 217) so both console.warn calls include the
offending value for easier debugging; locate the console.warn calls and the
VARIABLE/identifier used to validate (CODEX_PERMISSION_MODE_ENV or the runtime
variable holding the mode) and interpolate it into the message.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: de4756ba-7f68-4d67-9e0c-d6a7adf00c7a

📥 Commits

Reviewing files that changed from the base of the PR and between 10f721c and 84acd28.

📒 Files selected for processing (2)

• README.md
• server/openai-codex.js

[blackmammoth]

Hey @CoderLuii, thanks for the PR. Can u resolve the merge conflict and I'll review it.