Skip to content

refactor: centralize filesystem permissions precedence#14174

Merged
viyatb-oai merged 8 commits intomainfrom
codex/viyatb/permissions-precedence
Mar 12, 2026
Merged

refactor: centralize filesystem permissions precedence#14174
viyatb-oai merged 8 commits intomainfrom
codex/viyatb/permissions-precedence

Conversation

@viyatb-oai
Copy link
Collaborator

@viyatb-oai viyatb-oai commented Mar 10, 2026
edited
Loading

Stack

fix: fail closed for unsupported split windows sandboxing #14172
fix: preserve split filesystem semantics in linux sandbox #14173
fix: align core approvals with split sandbox policies #14171
-> refactor: centralize filesystem permissions precedence #14174

Summary

  • add a shared per-path split filesystem precedence helper in FileSystemSandboxPolicy
  • derive readable, writable, and unreadable roots from the same most-specific resolution rules
  • add regression coverage for nested write / read / none carveouts and legacy bridge enforcement detection

Testing

  • cargo test -p codex-protocol
  • cargo clippy -p codex-protocol --tests -- -D warnings

@viyatb-oai viyatb-oai marked this pull request as ready for review March 10, 2026 04:37
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 10, 2026
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc46620ef4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@viyatb-oai
Copy link
Collaborator Author

viyatb-oai commented Mar 10, 2026

@codex review

@viyatb-oai viyatb-oai closed this Mar 10, 2026
@viyatb-oai viyatb-oai reopened this Mar 10, 2026
@viyatb-oai
Copy link
Collaborator Author

viyatb-oai commented Mar 10, 2026

https://github.com/codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 10, 2026
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc46620ef4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

This was referenced Mar 10, 2026
Merged
Merged
Open
@viyatb-oai
Copy link
Collaborator Author

viyatb-oai commented Mar 10, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 10, 2026
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e1d9f12b7f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@viyatb-oai viyatb-oai requested a review from bolinfest March 11, 2026 17:56
celia-oai
celia-oai reviewed Mar 11, 2026
View reviewed changes
This was referenced Mar 12, 2026
Closed
Open
@viyatb-oai viyatb-oai enabled auto-merge (squash) March 12, 2026 01:20
@viyatb-oai viyatb-oai merged commit f276325 into main Mar 12, 2026
32 checks passed
@viyatb-oai viyatb-oai deleted the codex/viyatb/permissions-precedence branch March 12, 2026 01:35
@github-actions github-actions bot locked and limited conversation to collaborators Mar 12, 2026
@viyatb-oai viyatb-oai restored the codex/viyatb/permissions-precedence branch March 12, 2026 01:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@celia-oai celia-oai celia-oai approved these changes

@dylan-hurd-oai dylan-hurd-oai Awaiting requested review from dylan-hurd-oai

@bolinfest bolinfest Awaiting requested review from bolinfest

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@viyatb-oai @celia-oai @dylan-hurd-oai