# Codex-as-API on a Hugging Face Docker Space. # Wraps the OpenAI Codex CLI (authed via your ChatGPT login) behind an # OpenAI-compatible HTTP API. Auth + sessions persist in the /data bucket. FROM node:20-bookworm-slim # Python (for the FastAPI wrapper) + git (Codex expects a git context) + ca-certs. RUN apt-get update && apt-get install -y --no-install-recommends \ python3 python3-pip python3-venv git ca-certificates tini \ && rm -rf /var/lib/apt/lists/* # Install the Codex CLI globally. RUN npm install -g @openai/codex && codex --version # HF Spaces run as uid 1000. The node base image already ships a `node` user at # uid 1000, so reuse it instead of creating a duplicate. ENV HOME=/home/node \ PATH=/home/node/.local/bin:$PATH \ # CODEX_HOME on FAST LOCAL disk (Codex's SQLite I/O on a network bucket is the # main latency killer). Use /tmp — always writable on HF Spaces regardless of # the runtime user. auth.json is seeded from / synced back to the bucket. CODEX_HOME=/tmp/.codex \ AUTH_PERSIST_DIR=/data/.codex \ # Defaults (override via Space variables/secrets). CODEX_SANDBOX=workspace-write \ CODEX_EFFORT=low \ PORT=7860 WORKDIR /app # Python deps (installed system-wide so the node user can run uvicorn). COPY --chown=node requirements.txt /app/requirements.txt RUN pip3 install --no-cache-dir --break-system-packages -r /app/requirements.txt # Data-analysis libraries available to the agent's Python (headless plotting). RUN pip3 install --no-cache-dir --break-system-packages \ pandas numpy matplotlib scikit-learn ENV MPLBACKEND=Agg COPY --chown=node app.py /app/app.py COPY --chown=node codex_engine.py /app/codex_engine.py COPY --chown=node codex_pool.py /app/codex_pool.py COPY --chown=node start.sh /app/start.sh COPY --chown=node AGENTS.global.md /app/AGENTS.global.md COPY --chown=node global_system.md /app/global_system.md RUN chmod +x /app/start.sh USER node EXPOSE 7860 ENTRYPOINT ["/usr/bin/tini", "--"] CMD ["/app/start.sh"]