diff --git a/.codex-sso/config.toml b/.codex-sso/config.toml index 40b0824..9234ecf 100644 --- a/.codex-sso/config.toml +++ b/.codex-sso/config.toml @@ -29,7 +29,9 @@ model_reasoning_effort = "xhigh" notify = ["/Users/jetpac/.codex-sso/computer-use/Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "turn-ended"] -approvals_reviewer = "guardian_subagent" +# approvals_reviewer = "guardian_subagent" +approvals_reviewer = "auto_review" + [features] multi_agent = true @@ -110,6 +112,9 @@ approval_mode = "approve" [mcp_servers.playwright.tools.browser_select_option] approval_mode = "approve" +[mcp_servers.playwright.tools.browser_evaluate] +approval_mode = "approve" + [mcp_servers.slack] command = "/Users/jetpac/.codex-sso/bin/slack-mcp-wrapper" startup_timeout_sec = 60.0 @@ -997,6 +1002,9 @@ trust_level = "trusted" [projects."/Users/jetpac/Documents/org"] trust_level = "trusted" +[projects."/Users/jetpac/Documents/akidr-ips"] +trust_level = "trusted" + [marketplaces.openai-bundled] last_updated = "2026-05-28T10:46:49Z" source_type = "local" diff --git a/.codex/config.toml b/.codex/config.toml index bbbbe74..46061a8 100644 --- a/.codex/config.toml +++ b/.codex/config.toml @@ -134,9 +134,10 @@ SLACK_MCP_ENABLE_WRITES = "true" # Slack write allowlist: @pnyc self-DM (D7PT0SXMK), @pzahradn DM (D9CF41WHG), # @jahorak DM (DFYAKGQFL), # Kavya Nair DM (D08G5NZAN2C), Jacob Paul DM (D090RLVUCUV), -# Owen Roberts DM (DEPU4A2QM), C0A71SCTQRM for Codex Slack MCP setup instructions, +# Owen Roberts DM (DEPU4A2QM), Colin Kavanagh DM (D02CNJ53H8X), +# C0A71SCTQRM for Codex Slack MCP setup instructions, # and C05RJJ18EAF for corparch-core-srv replies. -SLACK_MCP_WRITE_CHANNEL_ALLOWLIST = "D7PT0SXMK,D9CF41WHG,DFYAKGQFL,D08G5NZAN2C,D090RLVUCUV,DEPU4A2QM,C0A71SCTQRM,C05RJJ18EAF" +SLACK_MCP_WRITE_CHANNEL_ALLOWLIST = "D7PT0SXMK,D9CF41WHG,DFYAKGQFL,D08G5NZAN2C,D090RLVUCUV,DEPU4A2QM,D02CNJ53H8X,C0A71SCTQRM,C05RJJ18EAF" [mcp_servers.slack.tools.conversations_add_message] approval_mode = "approve" @@ -988,6 +989,9 @@ trust_level = "trusted" [projects."/Users/jetpac/.codex-sso"] trust_level = "trusted" +[projects."/Users/jetpac/.codex-sso-test"] +trust_level = "trusted" + [marketplaces.openai-bundled] last_updated = "2026-05-28T10:46:49Z" source_type = "local" diff --git a/bin/codex-wrapper.sh b/bin/codex-wrapper.sh index dba9f52..da833ff 100755 --- a/bin/codex-wrapper.sh +++ b/bin/codex-wrapper.sh @@ -12,6 +12,7 @@ CODEX_WRAPPER_DEFAULT_CODEX_PROFILE="${CODEX_WRAPPER_DEFAULT_CODEX_PROFILE:-gpt- CODEX_WRAPPER_AUTH_ENV_FILE="" CODEX_WRAPPER_DEDICATED_AGENT_PID="" CODEX_WRAPPER_DEDICATED_AGENT_SOCK="" +OCI_AUTH_CALLBACK_PORT="${OCI_AUTH_CALLBACK_PORT:-8181}" log() { print -u2 -- "$@" @@ -142,13 +143,70 @@ should_refresh_confluence_cookies() { confluence_selected } +terminate_stale_oci_auth_listener() { + local port="${1:-${OCI_AUTH_CALLBACK_PORT}}" pid cmd attempt + local -a terminated_pids=() + + if ! command -v lsof >/dev/null 2>&1 || ! command -v ps >/dev/null 2>&1; then + return 1 + fi + + while IFS= read -r pid || [[ -n "${pid}" ]]; do + [[ -n "${pid}" ]] || continue + + cmd="$(ps -p "${pid}" -o command= 2>/dev/null || true)" + if [[ "${cmd}" == *"oci session authenticate"* ]]; then + log "MCP Gateway auth preflight: terminating stale OCI session authenticate listener on port ${port} (pid ${pid})." + kill "${pid}" >/dev/null 2>&1 || true + terminated_pids+=("${pid}") + fi + done < <(lsof -nP -t -iTCP:"${port}" -sTCP:LISTEN 2>/dev/null || true) + + if [[ ${#terminated_pids[@]} -eq 0 ]]; then + return 1 + fi + + for pid in "${terminated_pids[@]}"; do + for attempt in {1..10}; do + if ! kill -0 "${pid}" >/dev/null 2>&1; then + break + fi + sleep 0.2 + done + + if kill -0 "${pid}" >/dev/null 2>&1; then + log "MCP Gateway auth preflight: OCI auth listener pid ${pid} did not exit; sending SIGKILL." + kill -KILL "${pid}" >/dev/null 2>&1 || true + fi + done + + return 0 +} + run_mcpgw_required() { local mcpgw_bin="$1" shift + local output rc log "MCP Gateway auth preflight: mcpgw $*" - "${mcpgw_bin}" "$@" 2>&1 | sanitize_mcpgw_output - local rc="${pipestatus[1]}" + + set +e + output="$("${mcpgw_bin}" "$@" 2>&1)" + rc=$? + set -e + printf '%s\n' "${output}" | sanitize_mcpgw_output + + if [[ ${rc} -ne 0 && "$*" == "refresh" && "${output}" == *"port ${OCI_AUTH_CALLBACK_PORT} is already in use"* ]]; then + if terminate_stale_oci_auth_listener "${OCI_AUTH_CALLBACK_PORT}"; then + log "MCP Gateway auth preflight: retrying mcpgw refresh after clearing stale OCI auth listener." + + set +e + output="$("${mcpgw_bin}" "$@" 2>&1)" + rc=$? + set -e + printf '%s\n' "${output}" | sanitize_mcpgw_output + fi + fi if [[ ${rc} -ne 0 ]]; then log "MCP Gateway auth preflight failed: mcpgw $* exited with ${rc}."