Codex
Cordium does not simply provide an isolated sandbox for Codex. Every Workspace operates as an identity-aware execution environment backed by Octelium, allowing the agent to securely access authorized infrastructure resources, including APIs, databases, Kubernetes clusters, SSH targets, and internal services through policy-driven, secretless access mechanism provided by the underlying Octelium Cluster without exposing raw credentials such as API tokens, SSH private keys, passwords, or kubeconfigs inside the Workspace itself. All Workspace activity and infrastructure access are emitted via OpenTelemetry-native identity-based application-layer-aware visibility in real-time. Here is an example:
spec:
image:
registry:
url: ubuntu:24.04
repository:
url: https://github.com/example/payment-service
vars:
name: PROMPT
value: |
The test suite is failing.
Analyze the repository, fix the failing tests,
run the tests again, and create a git commit
describing the fix.
runtime:
autoStop: true
envVars:
- key: OPENAI_API_KEY
fromSecret: openai-api-key
- key: OPENAI_MODEL
value: o4-mini
- key: GIT_AUTHOR_NAME
value: cordium-codex
- key: GIT_AUTHOR_EMAIL
value: codex@example.com
tasks:
- name: setup
type: ON_CREATE
run: |
apt-get update
apt-get install -y git curl nodejs npm
npm install -g @openai/codex
npm ci
- name: run-tests
type: POST_START
run: |
npm test
onFailure: ON_FAILURE_CONTINUE
- name: codex-remediation
type: POST_START
run: |
codex exec "${{ vars.PROMPT}}"
- name: push-branch
type: POST_START
run: |
BRANCH=codex-fix-$(date +%s)
git checkout -b $BRANCH
git push origin $BRANCH
limit:
cpu:
millicores: 4000
memory:
megabytes: 8192
storage:
megabytes: 30000