From fd383af478ece727b26bb2e51162375caa9b61fe Mon Sep 17 00:00:00 2001
From: bft-codebot <bft-codebot@users.noreply.github.com>
Date: Thu, 26 Feb 2026 00:15:35 +0000
Subject: [PATCH] sync(bfmono): fix(gambit): add codex trust preflight for
 workbench chat (+19 more) (bfmono@2bfffaaae)

This PR is an automated gambitmono sync of bfmono Gambit packages.

- Source: `packages/gambit/`
- Core: `packages/gambit/packages/gambit-core/`
- bfmono rev: 2bfffaaae

Changes:
- 2bfffaaae fix(gambit): add codex trust preflight for workbench chat
- 9c16505d6 chore(gambit): cut 0.8.5-rc.11
- b4d5cdaef fix(simulator-ui): prevent feedback reason text from being clobbered
- 84952a652 fix(gambit-verify): align verify turn labels and stabilize initial run filtering
- c56b7f52f feat(gambit): improve verify report controls and harden concurrent calibrate persistence
- beb9435c0 feat(gambit-simulator-ui): extend listbox trigger and popover options
- 25f9fdcfc fix(gambit-simulator-ui): align verify outlier chip semantics and display
- a010b0ee1 feat(gambit-simulator-ui): add verify outliers to workbench chat chips
- 383f2500a refactor(simulator-ui): replace nested ternaries in main routing
- 13c4c8c22 fix(gambit): preserve shared references in safe session serialization
- ae392aa24 feat(gambit-simulator-ui): add grader error chips to workbench chat
- 1de6b335c fix(gambit): clamp deck-level maxTurns bounds in test run selection
- 01d7abbb9 fix(gambit): default verify tab bootstrap flag to enabled
- f3d186c7b fix(gambit): include extension schemas in exports and default serve to restored workspace
- a83b7cbe7 fix(gambit): move unbounded build timeout to deck opt-in
- acb2de627 fix(gambit): avoid strict json_schema 400s in openrouter responses
- 8aba573b6 fix(gambit-simulator-ui): treat errored calibrate runs as failed
- ca2028cf8 fix(gambit): prevent circular trace crashes in workspace test run API
- 7e41517e5 fix(gambit): make build assistant run timeout unbounded
- 24341143d feat(gambit): add deterministic verify fixture seeding

Do not edit this repo directly; make changes in bfmono and re-run the sync.
---
 simulator-ui/src/WorkbenchDrawer.tsx | 250 ++++++++++++++++++++++
 simulator-ui/src/styles.ts           |  61 ++++++
 src/providers/codex.ts               |   5 +
 src/server.ts                        | 299 +++++++++++++++++++++++++++
 4 files changed, 615 insertions(+)

diff --git a/simulator-ui/src/WorkbenchDrawer.tsx b/simulator-ui/src/WorkbenchDrawer.tsx
index a2949a97..4e63f227 100644
--- a/simulator-ui/src/WorkbenchDrawer.tsx
+++ b/simulator-ui/src/WorkbenchDrawer.tsx
@@ -95,9 +95,35 @@ export default function WorkbenchDrawer(props: WorkbenchDrawerProps) {
   const [chatHistoryLoading, setChatHistoryLoading] = useState(false);
   const [chatHistoryError, setChatHistoryError] = useState<string | null>(null);
   const [copiedStatePath, setCopiedStatePath] = useState(false);
+  const [copiedCodexLoginCommand, setCopiedCodexLoginCommand] = useState(false);
+  const [codexTrustPending, setCodexTrustPending] = useState(false);
+  const [codexTrustError, setCodexTrustError] = useState<string | null>(null);
+  const [codexTrustSuccess, setCodexTrustSuccess] = useState<string | null>(
+    null,
+  );
+  const [codexWorkspaceWriteEnabled, setCodexWorkspaceWriteEnabled] = useState<
+    boolean | null
+  >(null);
+  const [codexWorkspaceLoggedIn, setCodexWorkspaceLoggedIn] = useState<
+    boolean | null
+  >(null);
+  const [codexLoginStatusText, setCodexLoginStatusText] = useState<
+    string | null
+  >(null);
+  const [codexTrustedPath, setCodexTrustedPath] = useState<string | null>(null);
+  const [codexTrustOverlayDismissed, setCodexTrustOverlayDismissed] = useState(
+    false,
+  );
   const initializedChipTrackingRef = useRef(false);
   const seenRatingChipIdsRef = useRef(new Set<string>());
   const seenFlagChipIdsRef = useRef(new Set<string>());
+  const showCodexTrustOverlay = (codexWorkspaceWriteEnabled === false ||
+        codexWorkspaceLoggedIn === false) &&
+      !codexTrustOverlayDismissed || Boolean(codexTrustError);
+  const workspaceIdForTrust = (sessionId ?? run.id) || undefined;
+  const codexLoginCommand = codexTrustedPath
+    ? `CODEX_HOME="${codexTrustedPath}/.codex" codex login`
+    : 'CODEX_HOME="<workspace>/.codex" codex login';
   const resolvedStatePath = useMemo(() => {
     if (statePath) return statePath;
     const meta = sessionDetail?.meta;
@@ -327,8 +353,67 @@ export default function WorkbenchDrawer(props: WorkbenchDrawerProps) {
     initializedChipTrackingRef.current = false;
     seenRatingChipIdsRef.current.clear();
     seenFlagChipIdsRef.current.clear();
+    setCodexTrustPending(false);
+    setCodexTrustError(null);
+    setCodexTrustSuccess(null);
+    setCodexWorkspaceWriteEnabled(null);
+    setCodexWorkspaceLoggedIn(null);
+    setCodexLoginStatusText(null);
+    setCodexTrustedPath(null);
+    setCopiedCodexLoginCommand(false);
+    setCodexTrustOverlayDismissed(false);
   }, [sessionId]);
 
+  useEffect(() => {
+    if (!open) return;
+    if (!workspaceIdForTrust) return;
+    let canceled = false;
+    setCodexTrustError(null);
+    fetch(
+      `/api/codex/trust-workspace?workspaceId=${
+        encodeURIComponent(workspaceIdForTrust)
+      }`,
+    )
+      .then(async (response) => {
+        const payload = await response.json() as {
+          ok?: boolean;
+          trusted?: boolean;
+          writeEnabled?: boolean;
+          codexLoggedIn?: boolean;
+          codexLoginStatus?: string;
+          trustedPath?: string;
+          error?: string;
+        };
+        if (!response.ok || payload.ok === false) {
+          throw new Error(payload.error || response.statusText);
+        }
+        if (canceled) return;
+        setCodexWorkspaceWriteEnabled(payload.writeEnabled === true);
+        setCodexWorkspaceLoggedIn(payload.codexLoggedIn === true);
+        setCodexLoginStatusText(
+          typeof payload.codexLoginStatus === "string"
+            ? payload.codexLoginStatus
+            : null,
+        );
+        setCodexTrustedPath(
+          typeof payload.trustedPath === "string" ? payload.trustedPath : null,
+        );
+      })
+      .catch((err) => {
+        if (canceled) return;
+        setCodexWorkspaceWriteEnabled(null);
+        setCodexWorkspaceLoggedIn(null);
+        setCodexLoginStatusText(null);
+        setCodexTrustError(err instanceof Error ? err.message : String(err));
+      })
+      .finally(() => {
+        if (canceled) return;
+      });
+    return () => {
+      canceled = true;
+    };
+  }, [open, workspaceIdForTrust]);
+
   useEffect(() => {
     if (loading) return;
     const currentRatingChipIds = new Set(
@@ -482,6 +567,11 @@ export default function WorkbenchDrawer(props: WorkbenchDrawerProps) {
       window.setTimeout(() => setCopiedStatePath(false), 1200);
     };
   }, [resolvedStatePath]);
+  const handleCopyCodexLoginCommand = useCallback(() => {
+    navigator.clipboard?.writeText(codexLoginCommand);
+    setCopiedCodexLoginCommand(true);
+    window.setTimeout(() => setCopiedCodexLoginCommand(false), 1200);
+  }, [codexLoginCommand]);
   useEffect(() => {
     if (!open) return;
     if (!onClose) return;
@@ -493,6 +583,90 @@ export default function WorkbenchDrawer(props: WorkbenchDrawerProps) {
     window.addEventListener("keydown", handler);
     return () => window.removeEventListener("keydown", handler);
   }, [onClose, open]);
+  const trustWorkspaceInCodex = useCallback(async () => {
+    setCodexTrustPending(true);
+    setCodexTrustError(null);
+    setCodexTrustSuccess(null);
+    try {
+      const statusResponse = await fetch(
+        `/api/codex/trust-workspace?workspaceId=${
+          encodeURIComponent(workspaceIdForTrust ?? "")
+        }`,
+      );
+      const statusPayload = await statusResponse.json() as {
+        ok?: boolean;
+        trusted?: boolean;
+        writeEnabled?: boolean;
+        codexLoggedIn?: boolean;
+        codexLoginStatus?: string;
+        trustedPath?: string;
+        error?: string;
+      };
+      if (!statusResponse.ok || statusPayload.ok === false) {
+        throw new Error(statusPayload.error || statusResponse.statusText);
+      }
+      if (
+        statusPayload.writeEnabled === true &&
+        statusPayload.codexLoggedIn === true
+      ) {
+        setCodexWorkspaceWriteEnabled(true);
+        setCodexWorkspaceLoggedIn(true);
+        setCodexTrustSuccess(
+          "Workspace is already configured for Codex writes.",
+        );
+        setCodexTrustOverlayDismissed(true);
+        return;
+      }
+      setCodexWorkspaceWriteEnabled(statusPayload.writeEnabled === true);
+      setCodexWorkspaceLoggedIn(statusPayload.codexLoggedIn === true);
+      setCodexLoginStatusText(
+        typeof statusPayload.codexLoginStatus === "string"
+          ? statusPayload.codexLoginStatus
+          : null,
+      );
+      setCodexTrustedPath(
+        typeof statusPayload.trustedPath === "string"
+          ? statusPayload.trustedPath
+          : null,
+      );
+
+      const response = await fetch("/api/codex/trust-workspace", {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ workspaceId: workspaceIdForTrust }),
+      });
+      const payload = await response.json() as {
+        ok?: boolean;
+        error?: string;
+        trustedPath?: string;
+        writeEnabled?: boolean;
+        codexLoggedIn?: boolean;
+        codexLoginStatus?: string;
+      };
+      if (!response.ok || payload.ok === false) {
+        throw new Error(payload.error || response.statusText);
+      }
+      const trustedPath = typeof payload.trustedPath === "string"
+        ? payload.trustedPath
+        : "workspace";
+      setCodexTrustSuccess(`Codex write enabled for: ${trustedPath}`);
+      setCodexWorkspaceWriteEnabled(payload.writeEnabled === true);
+      setCodexWorkspaceLoggedIn(payload.codexLoggedIn === true);
+      setCodexLoginStatusText(
+        typeof payload.codexLoginStatus === "string"
+          ? payload.codexLoginStatus
+          : null,
+      );
+      setCodexTrustedPath(
+        typeof payload.trustedPath === "string" ? payload.trustedPath : null,
+      );
+      setCodexTrustOverlayDismissed(payload.codexLoggedIn === true);
+    } catch (err) {
+      setCodexTrustError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setCodexTrustPending(false);
+    }
+  }, [workspaceIdForTrust]);
   if (!open) return null;
   return (
     <aside className="workbench-drawer-docked" role="dialog">
@@ -605,6 +779,81 @@ export default function WorkbenchDrawer(props: WorkbenchDrawerProps) {
                         chatHistoryOpen ? " is-history" : ""
                       }`}
                     >
+                      {showCodexTrustOverlay && (
+                        <div className="workbench-chat-readonly-overlay">
+                          <div className="workbench-chat-readonly-card">
+                            <h3 className="workbench-chat-readonly-title">
+                              Codex setup required
+                            </h3>
+                            {codexWorkspaceWriteEnabled === false && (
+                              <p className="workbench-chat-readonly-copy">
+                                Codex write access is disabled for this
+                                workspace. Trust this workspace to enable file
+                                edits.
+                              </p>
+                            )}
+                            <div className="workbench-chat-readonly-actions">
+                              {codexWorkspaceWriteEnabled === false && (
+                                <Button
+                                  variant="primary"
+                                  onClick={() => trustWorkspaceInCodex()}
+                                  disabled={codexTrustPending}
+                                >
+                                  {codexTrustPending
+                                    ? "Trusting..."
+                                    : "Trust workspace"}
+                                </Button>
+                              )}
+                            </div>
+                            {codexWorkspaceLoggedIn === false && (
+                              <>
+                                <p className="workbench-chat-readonly-copy">
+                                  Codex login is required for this workspace.
+                                </p>
+                                <p className="workbench-chat-readonly-copy">
+                                  Run this in this workspace to authenticate
+                                  Codex, then restart Gambit.
+                                </p>
+                                <div className="workbench-chat-command-row">
+                                  <pre className="workbench-chat-command-code">
+                                    <code>{codexLoginCommand}</code>
+                                  </pre>
+                                  <Button
+                                    variant="secondary"
+                                    size="small"
+                                    onClick={handleCopyCodexLoginCommand}
+                                  >
+                                    <Icon
+                                      name={copiedCodexLoginCommand
+                                        ? "copied"
+                                        : "copy"}
+                                      size={14}
+                                    />
+                                    {copiedCodexLoginCommand
+                                      ? "Copied"
+                                      : "Copy"}
+                                  </Button>
+                                </div>
+                              </>
+                            )}
+                            {codexLoginStatusText &&
+                              !/^not logged in$/i.test(
+                                codexLoginStatusText.trim(),
+                              ) && <Callout>{codexLoginStatusText}</Callout>}
+                            {codexTrustError && (
+                              <div className="error">{codexTrustError}</div>
+                            )}
+                            <Button
+                              variant="secondary"
+                              onClick={() =>
+                                setCodexTrustOverlayDismissed(true)}
+                              disabled={codexTrustPending}
+                            >
+                              Dismiss
+                            </Button>
+                          </div>
+                        </div>
+                      )}
                       <Chat
                         composerChips={composerChips}
                         onComposerChipsChange={onComposerChipsChange}
@@ -621,6 +870,7 @@ export default function WorkbenchDrawer(props: WorkbenchDrawerProps) {
             defaultOpen: false,
             content: (
               <div className="workbench-ratings">
+                {codexTrustSuccess && <Callout>{codexTrustSuccess}</Callout>}
                 {showCopyStatePath && handleCopyStatePath && (
                   <>
                     <Button variant="secondary" onClick={handleCopyStatePath}>
diff --git a/simulator-ui/src/styles.ts b/simulator-ui/src/styles.ts
index ec7e8b88..a0ddf9d8 100644
--- a/simulator-ui/src/styles.ts
+++ b/simulator-ui/src/styles.ts
@@ -2269,6 +2269,67 @@ code:not(pre *) {
 .workbench-chat-current.is-history {
   transform: translateX(85%);
 }
+.workbench-chat-readonly-overlay {
+  position: absolute;
+  inset: 0;
+  z-index: 2;
+  background: rgba(248, 250, 252, 0.88);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 16px;
+}
+.workbench-chat-readonly-card {
+  background: var(--color-surface);
+  border: 1px solid var(--color-border);
+  border-radius: calc(16px * var(--corner-radius-scale, 1));
+  corner-shape: squircle;
+  box-shadow: 0 12px 30px rgba(15, 23, 42, 0.08);
+  width: 100%;
+  max-width: 640px;
+  padding: 16px;
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+  text-align: left;
+}
+.workbench-chat-readonly-title {
+  margin: 0;
+  font-size: 16px;
+}
+.workbench-chat-readonly-copy {
+  margin: 0;
+  font-size: 13px;
+  color: var(--color-text-muted);
+}
+.workbench-chat-readonly-actions {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: center;
+  gap: 8px;
+}
+.workbench-chat-command-row {
+  display: flex;
+  align-items: flex-start;
+  gap: 8px;
+}
+.workbench-chat-command-code {
+  margin: 0;
+  flex: 1;
+  max-width: 100%;
+  padding: 10px 12px;
+  border: 1px solid var(--color-border);
+  border-radius: calc(10px * var(--corner-radius-scale, 1));
+  corner-shape: squircle;
+  background: var(--color-surface-muted);
+  overflow-x: auto;
+}
+.workbench-chat-command-code code {
+  font-size: 12px;
+  line-height: 1.4;
+  white-space: pre-wrap;
+  word-break: break-all;
+}
 .gds-accordion .gds-accordion-open-only {
   display: none;
 }
diff --git a/src/providers/codex.ts b/src/providers/codex.ts
index 8b204f16..dab1bdba 100644
--- a/src/providers/codex.ts
+++ b/src/providers/codex.ts
@@ -616,9 +616,14 @@ function defaultCommandRunner(input: {
   onStdoutLine?: (line: string) => void;
 }): Promise<CommandOutput> {
   const codexBin = Deno.env.get(CODEX_BIN_ENV)?.trim() || "codex";
+  const env = Deno.env.toObject();
+  if (!env.CODEX_HOME || env.CODEX_HOME.trim().length === 0) {
+    env.CODEX_HOME = path.join(input.cwd, ".codex");
+  }
   const child = new Deno.Command(codexBin, {
     args: input.args,
     cwd: input.cwd,
+    env,
     stdout: "piped",
     stderr: "piped",
   }).spawn();
diff --git a/src/server.ts b/src/server.ts
index 437e839b..bf4211a1 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -65,6 +65,7 @@ import type {
 import type { ZodTypeAny } from "zod";
 
 const GAMBIT_TOOL_RESPOND = "gambit_respond";
+const CODEX_BIN_ENV = "GAMBIT_CODEX_BIN";
 
 const logger = console;
 const moduleLocation = (() => {
@@ -1375,6 +1376,255 @@ export function startWebSocketSimulator(opts: {
     return root;
   };
 
+  const resolveCodexConfigPath = (workspaceRoot: string): string =>
+    path.join(workspaceRoot, ".codex", "config.toml");
+
+  const toTomlQuoted = (value: string): string =>
+    value.replaceAll("\\", "\\\\").replaceAll('"', '\\"');
+
+  const hasTomlSection = (content: string, sectionHeader: string): boolean =>
+    new RegExp(
+      `^${sectionHeader.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\s*$`,
+      "m",
+    )
+      .test(content);
+
+  const splitTomlTopLevel = (
+    content: string,
+  ): { topLevel: string; sections: string } => {
+    const sectionMatch = content.match(/^\s*\[[^\]]+\]\s*$/m);
+    if (!sectionMatch || sectionMatch.index === undefined) {
+      return { topLevel: content, sections: "" };
+    }
+    const index = sectionMatch.index;
+    return {
+      topLevel: content.slice(0, index),
+      sections: content.slice(index),
+    };
+  };
+
+  const hasTomlScalar = (
+    content: string,
+    key: string,
+    expectedValue: string,
+  ): boolean =>
+    new RegExp(`^\\s*${key}\\s*=\\s*${expectedValue}\\s*$`, "m").test(content);
+
+  const upsertTopLevelTomlScalar = (
+    content: string,
+    key: string,
+    expectedValue: string,
+  ): { next: string; changed: boolean } => {
+    const desiredLine = `${key} = ${expectedValue}`;
+    const linePattern = new RegExp(`^\\s*${key}\\s*=\\s*.*$`, "m");
+    const { topLevel, sections } = splitTomlTopLevel(content);
+    if (linePattern.test(topLevel)) {
+      const nextTopLevel = topLevel.replace(linePattern, desiredLine);
+      const next = `${nextTopLevel}${sections}`;
+      return { next, changed: next !== content };
+    }
+    const prefix = topLevel.trim().length === 0
+      ? ""
+      : `${topLevel.replace(/\s*$/, "")}\n`;
+    const next = `${prefix}${desiredLine}\n${sections}`;
+    return { next, changed: true };
+  };
+
+  const ensureCodexDefaults = (
+    content: string,
+  ): { next: string; changed: boolean } => {
+    let next = content;
+    let changed = false;
+    for (
+      const [key, expectedValue] of [
+        ["profile", '"codebot"'],
+        ["sandbox_mode", '"danger-full-access"'],
+        ["approval_policy", '"never"'],
+      ] as const
+    ) {
+      const updated = upsertTopLevelTomlScalar(next, key, expectedValue);
+      next = updated.next;
+      changed = changed || updated.changed;
+    }
+    if (!hasTomlSection(next, "[profiles.codebot]")) {
+      const prefix = next.trim().length === 0
+        ? ""
+        : `${next.replace(/\s*$/, "")}\n\n`;
+      next = `${prefix}[profiles.codebot]\n`;
+      changed = true;
+    }
+    return { next, changed };
+  };
+
+  const evaluateCodexWriteEnabled = (args: {
+    content: string;
+    trustedPath: string;
+  }): { trusted: boolean; writeEnabled: boolean } => {
+    const { content, trustedPath } = args;
+    const { topLevel } = splitTomlTopLevel(content);
+    const sectionHeader = `[projects."${toTomlQuoted(trustedPath)}"]`;
+    const sectionStart = content.indexOf(sectionHeader);
+    let trusted = false;
+    if (sectionStart >= 0) {
+      const sectionEndMarker = content.indexOf("\n[", sectionStart + 1);
+      const sectionEnd = sectionEndMarker >= 0
+        ? sectionEndMarker
+        : content.length;
+      const section = content.slice(sectionStart, sectionEnd);
+      trusted = /^\s*trust_level\s*=\s*"trusted"\s*$/m.test(section);
+    }
+    const hasProfile = hasTomlScalar(topLevel, "profile", '"codebot"');
+    const hasSandbox = hasTomlScalar(
+      topLevel,
+      "sandbox_mode",
+      '"danger-full-access"',
+    );
+    const hasApproval = hasTomlScalar(topLevel, "approval_policy", '"never"');
+    const hasCodebotProfileSection = hasTomlSection(
+      content,
+      "[profiles.codebot]",
+    );
+    return {
+      trusted,
+      writeEnabled: trusted && hasProfile && hasSandbox && hasApproval &&
+        hasCodebotProfileSection,
+    };
+  };
+
+  const readCodexLoginStatus = async (
+    workspaceRoot: string,
+  ): Promise<{ codexLoggedIn: boolean; codexLoginStatus: string }> => {
+    const env = Deno.env.toObject();
+    env.CODEX_HOME = path.join(workspaceRoot, ".codex");
+    const codexBin = Deno.env.get(CODEX_BIN_ENV)?.trim() || "codex";
+    try {
+      const output = await new Deno.Command(codexBin, {
+        args: ["login", "status"],
+        env,
+        stdout: "piped",
+        stderr: "piped",
+      }).output();
+      const stdout = new TextDecoder().decode(output.stdout).trim();
+      const stderr = new TextDecoder().decode(output.stderr).trim();
+      const detail = stdout || stderr || "Unknown login status";
+      if (output.success) {
+        return { codexLoggedIn: true, codexLoginStatus: detail };
+      }
+      return { codexLoggedIn: false, codexLoginStatus: detail };
+    } catch (err) {
+      if (err instanceof Deno.errors.NotFound) {
+        return {
+          codexLoggedIn: false,
+          codexLoginStatus: "Codex CLI not found in PATH.",
+        };
+      }
+      return {
+        codexLoggedIn: false,
+        codexLoginStatus: err instanceof Error ? err.message : String(err),
+      };
+    }
+  };
+
+  const readCodexTrustStatus = async (
+    workspaceId?: string | null,
+  ): Promise<{
+    configPath: string;
+    trustedPath: string;
+    trusted: boolean;
+    writeEnabled: boolean;
+    codexLoggedIn: boolean;
+    codexLoginStatus: string;
+  }> => {
+    const trustedPath = await resolveBuildBotRoot(workspaceId);
+    const configPath = resolveCodexConfigPath(trustedPath);
+    let current = "";
+    try {
+      current = await Deno.readTextFile(configPath);
+    } catch (err) {
+      if (err instanceof Deno.errors.NotFound) {
+        const login = await readCodexLoginStatus(trustedPath);
+        return {
+          configPath,
+          trustedPath,
+          trusted: false,
+          writeEnabled: false,
+          ...login,
+        };
+      }
+      throw err;
+    }
+    const evaluated = evaluateCodexWriteEnabled({
+      content: current,
+      trustedPath,
+    });
+    const login = await readCodexLoginStatus(trustedPath);
+    return { configPath, trustedPath, ...evaluated, ...login };
+  };
+
+  const trustWorkspaceInCodexConfig = async (
+    workspaceId?: string | null,
+  ): Promise<{
+    configPath: string;
+    trustedPath: string;
+    changed: boolean;
+    trusted: boolean;
+    writeEnabled: boolean;
+    codexLoggedIn: boolean;
+    codexLoginStatus: string;
+  }> => {
+    const trustedPath = await resolveBuildBotRoot(workspaceId);
+    const configPath = resolveCodexConfigPath(trustedPath);
+    await ensureDir(path.dirname(configPath));
+    let current = "";
+    try {
+      current = await Deno.readTextFile(configPath);
+    } catch (err) {
+      if (!(err instanceof Deno.errors.NotFound)) throw err;
+    }
+    const defaultsApplied = ensureCodexDefaults(current);
+    let updated = defaultsApplied.next;
+    let changed = defaultsApplied.changed;
+
+    const sectionHeader = `[projects."${toTomlQuoted(trustedPath)}"]`;
+    const sectionStart = updated.indexOf(sectionHeader);
+
+    if (sectionStart >= 0) {
+      const sectionEndMarker = updated.indexOf("\n[", sectionStart + 1);
+      const sectionEnd = sectionEndMarker >= 0
+        ? sectionEndMarker
+        : updated.length;
+      const section = updated.slice(sectionStart, sectionEnd);
+      const trustedLinePattern = /^\s*trust_level\s*=\s*"trusted"\s*$/m;
+      const trustLevelLinePattern = /^\s*trust_level\s*=\s*"[^"]*"\s*$/m;
+      if (!trustedLinePattern.test(section)) {
+        const nextSection = trustLevelLinePattern.test(section)
+          ? section.replace(trustLevelLinePattern, 'trust_level = "trusted"')
+          : `${section}\ntrust_level = "trusted"`;
+        updated = `${updated.slice(0, sectionStart)}${nextSection}${
+          updated.slice(sectionEnd)
+        }`;
+        changed = true;
+      }
+    } else {
+      const prefix = updated.trim().length === 0
+        ? ""
+        : `${updated.replace(/\s*$/, "")}\n\n`;
+      updated = `${prefix}${sectionHeader}\ntrust_level = "trusted"\n`;
+      changed = true;
+    }
+
+    if (changed) {
+      await Deno.writeTextFile(configPath, updated);
+    }
+
+    const evaluated = evaluateCodexWriteEnabled({
+      content: updated,
+      trustedPath,
+    });
+    const login = await readCodexLoginStatus(trustedPath);
+    return { configPath, trustedPath, changed, ...evaluated, ...login };
+  };
+
   const logWorkspaceBotRoot = async (
     endpoint: string,
     workspaceId?: string | null,
@@ -5537,6 +5787,55 @@ export function startWebSocketSimulator(opts: {
         }
       }
 
+      if (url.pathname === "/api/codex/trust-workspace") {
+        if (req.method !== "POST" && req.method !== "GET") {
+          return new Response("Method not allowed", { status: 405 });
+        }
+        let workspaceId: string | undefined;
+        if (req.method === "POST") {
+          try {
+            const body = await req.json() as { workspaceId?: unknown };
+            if (typeof body.workspaceId === "string") {
+              workspaceId = body.workspaceId;
+            }
+          } catch {
+            // ignore malformed body and fall back to active/default workspace
+          }
+        } else {
+          const queryWorkspaceId = url.searchParams.get("workspaceId");
+          if (queryWorkspaceId && queryWorkspaceId.trim().length > 0) {
+            workspaceId = queryWorkspaceId.trim();
+          }
+        }
+        try {
+          await logWorkspaceBotRoot("/api/codex/trust-workspace", workspaceId);
+          if (req.method === "GET") {
+            const status = await readCodexTrustStatus(workspaceId);
+            return new Response(
+              JSON.stringify({
+                ok: true,
+                ...status,
+              }),
+              { headers: { "content-type": "application/json" } },
+            );
+          }
+          const result = await trustWorkspaceInCodexConfig(workspaceId);
+          return new Response(
+            JSON.stringify({
+              ok: true,
+              ...result,
+            }),
+            { headers: { "content-type": "application/json" } },
+          );
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return new Response(
+            JSON.stringify({ ok: false, error: message }),
+            { status: 400, headers: { "content-type": "application/json" } },
+          );
+        }
+      }
+
       if (url.pathname === "/api/build/file") {
         if (req.method !== "GET") {
           return new Response("Method not allowed", { status: 405 });