1 add codex exec support as an llm provider using pre existing chatgpt pro accts

[Schuyler Ankele (shoesCodeFor)]

Fixes #

Read the full contributing guidelines: https://docs.langchain.com/oss/python/contributing/overview

All contributions must be in English. See the language policy.

If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!

Thank you for contributing to Deep Agents! Follow these steps to have your pull request considered as ready for review.

1. PR title: Should follow the format: TYPE(SCOPE): DESCRIPTION

• Examples:
  • fix(sdk): resolve flag parsing error
  • feat(cli): add multi-tenant support
  • test(acp): update API usage tests
• Allowed TYPE and SCOPE values: https://github.com/langchain-ai/deepagents/blob/main/.github/workflows/pr_lint.yml

2. PR description:

• Write 1-2 sentences summarizing the change.
• If this PR addresses a specific issue, please include "Fixes #ISSUE_NUMBER" in the description to automatically close the issue when the PR is merged.
• If there are any breaking changes, please clearly describe them.
• If this PR depends on another PR being merged first, please include "Depends on #PR_NUMBER" in the description.

3. Run make format, make lint and make test from the root of the package(s) you've modified.

• We will not consider a PR unless these three are passing in CI.

4. How did you verify your code works?

Additional guidelines:

• We ask that if you use generative AI for your contribution, you include a disclaimer.
• PRs should not touch more than one package unless absolutely necessary.
• Do not update the uv.lock files or add dependencies to pyproject.toml files (even optional ones) unless you have explicit permission to do so by a maintainer.

Social handles (optional)

Twitter: @
LinkedIn: https://linkedin.com/in/

[github-actions]

This PR has been automatically closed because it does not link to an approved issue.

All external contributions must reference an approved issue or discussion. Please:

1. Find or open an issue describing the change
2. Wait for a maintainer to approve and assign you
3. Add Fixes #<issue_number>, Closes #<issue_number>, or Resolves #<issue_number> to your PR description and the PR will be reopened automatically

Maintainers: reopen this PR or remove the missing-issue-link label to bypass this check.

[corridor-security]

Security Issues

• Argument Injection
  The prompt string is passed as a positional argument to an external CLI (codex exec) without an end-of-options marker. If the prompt begins with a dash (e.g., "--help"), the codex CLI may interpret it as a flag rather than data, altering execution or causing unintended behavior.

• Sensitive Information Exposure via Process Arguments
  User/LLM-controlled prompt content is sent as a command-line argument to the codex binary. On many systems, process command-line arguments are visible to other local users (e.g., via ps or /proc), potentially exposing sensitive data contained in prompts.

[corridor-security]

The prompt is passed directly as a positional argument to an external CLI without an end-of-options marker. If the prompt begins with a dash (e.g., "--help"), the codex CLI may interpret it as a flag (argument injection), altering behavior or causing unintended execution paths.

result = subprocess.run(
    ["codex", "exec", "--model", self.model, prompt],  # noqa: S603, S607
    capture_output=True,
    text=True,
    timeout=self.timeout_seconds,
    check=False,
)

Remediation: Add the conventional -- end-of-options sentinel before the prompt to ensure it is always treated as data, not as flags.

Suggested change

	["codex", "exec", "--model", self.model, prompt], # noqa: S603, S607
	["codex", "exec", "--model", self.model, "--", prompt], # noqa: S603, S607

For more details, see the finding in Corridor.

Provide feedback: Reply with whether this is a valid vulnerability or false positive to help improve Corridor's accuracy.

[Schuyler Ankele (shoesCodeFor)]

Sorry about this, I had not meant for this to open a PR against the upstream. Just experimenting with codex support on an experimental fork.