Skip to content

fix: require per-project Codex auth approval#2278

Open
time-attack wants to merge 1 commit into
garrytan:mainfrom
time-attack:codex/fix-965-codex-auth-profile
Open

fix: require per-project Codex auth approval#2278
time-attack wants to merge 1 commit into
garrytan:mainfrom
time-attack:codex/fix-965-codex-auth-profile

Conversation

@time-attack

@time-attack time-attack commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

What it does

Gstack now requires each project to approve a specific Codex profile before Codex can run.

How it works

The shared launcher resolves the current project, reads its saved Codex home, validates it, exports it as CODEX_HOME, and blocks invocation when approval is missing. Skills prompt the user to select a discovered profile or cancel, then disclose the selected path.

What was broken

Gstack could silently start Codex using whichever account happened to be authenticated globally, even when that account was inappropriate for the current project.

How it was fixed

I added a hard invocation-layer profile gate, per-project configuration, profile disclosure, and an eval-only bypass. I routed chained review and design calls through the same launcher and removed Codex from autoplan's automatic mechanical decisions.

Verification

The identical production-path probe failed on origin/main and passed after the fix in OneManCompany, gbrain, and zotero-arxiv-daily. Explicit bypass controls passed before and after in Plane and Twenty.

The focused regression and generated-skill suites passed: 434 tests, 0 failures.

Live evidence gate:

Environment Baseline Candidate
OneManCompany 1 (bug reproduced) 0
gbrain 1 (bug reproduced) 0
zotero-arxiv-daily 1 (bug reproduced) 0
Plane bypass control 0 0
Twenty bypass control 0 0

Issue coverage

Closes #965.

Related follow-ups that remain open because this PR does not satisfy their full scope:

@trunk-io

trunk-io Bot commented Jul 15, 2026

Copy link
Copy Markdown

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

After your PR is submitted to the merge queue, this comment will be automatically updated with its status. If the PR fails, failure details will also be posted here

@time-attack

Copy link
Copy Markdown
Contributor Author

@16francej merge pls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

/codex and /autoplan shell out to codex with no auth-profile gate or consent prompt

1 participant