mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-09 08:21:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

docs(codex): document --sandbox danger-full-access for gateway bubblewrap failures (#40619)

Browse source 
Salvaged from #40435; re-verified on main, tightened, tested.

Co-authored-by: ziwon <ziwon@users.noreply.github.com>
This commit is contained in:
Teknium 2026-06-07 18:36:18 -07:00 committed by GitHub
parent b97cd81c78
commit d3b670e63e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 38 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
skills/autonomous-ai-agents/codex/SKILL.md
View file

@ -74,6 +74,25 @@ process(action="kill", session_id="<id>")
| `exec "prompt"` | One-shot execution, exits when done |
| `--full-auto` | Sandboxed but auto-approves file changes in workspace |
| `--yolo` | No sandbox, no approvals (fastest, most dangerous) |
| `--sandbox danger-full-access` | No Codex sandbox; useful when the host service context breaks bubblewrap |
## Hermes Gateway Caveat
When invoking the Codex CLI from a Hermes gateway/service context (for example,
Telegram-driven agent sessions), Codex `workspace-write` sandboxing may fail even
when the same command works in the user's interactive shell. A typical symptom is
bubblewrap/user-namespace errors such as `setting up uid map: Permission denied`
or `loopback: Failed RTM_NEWADDR: Operation not permitted`.
In that context, prefer:
```
codex exec --sandbox danger-full-access "<task>"
```
Use process boundaries as the safety layer instead: explicit `workdir`, clean git
status before launch, narrow task prompts, `git diff` review, targeted tests, and
human/agent confirmation before committing broad changes.
## PR Reviews

19
website/docs/user-guide/skills/bundled/autonomous-ai-agents/autonomous-ai-agents-codex.md
View file

@ -92,6 +92,25 @@ process(action="kill", session_id="<id>")
| `exec "prompt"` | One-shot execution, exits when done |
| `--full-auto` | Sandboxed but auto-approves file changes in workspace |
| `--yolo` | No sandbox, no approvals (fastest, most dangerous) |
| `--sandbox danger-full-access` | No Codex sandbox; useful when the host service context breaks bubblewrap |
## Hermes Gateway Caveat
When invoking the Codex CLI from a Hermes gateway/service context (for example,
Telegram-driven agent sessions), Codex `workspace-write` sandboxing may fail even
when the same command works in the user's interactive shell. A typical symptom is
bubblewrap/user-namespace errors such as `setting up uid map: Permission denied`
or `loopback: Failed RTM_NEWADDR: Operation not permitted`.
In that context, prefer:
```
codex exec --sandbox danger-full-access "<task>"
```
Use process boundaries as the safety layer instead: explicit `workdir`, clean git
status before launch, narrow task prompts, `git diff` review, targeted tests, and
human/agent confirmation before committing broad changes.
## PR Reviews