From 5aea783bc69d11b9fb1c1735fb5a9897cd502e29 Mon Sep 17 00:00:00 2001 From: iceweasel-oai Date: Wed, 22 Apr 2026 14:46:26 -0700 Subject: [PATCH 1/4] guide Windows to use -WindowStyle Hidden for Start-Process calls --- codex-rs/tools/src/local_tool.rs | 11 ++++++----- codex-rs/tools/src/local_tool_tests.rs | 6 +++--- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/codex-rs/tools/src/local_tool.rs b/codex-rs/tools/src/local_tool.rs index 3e369ab1e331..49c18bfda100 100644 --- a/codex-rs/tools/src/local_tool.rs +++ b/codex-rs/tools/src/local_tool.rs @@ -72,7 +72,7 @@ pub fn create_exec_command_tool(options: CommandToolOptions) -> ToolSpec { description: if cfg!(windows) { format!( "Runs a command in a PTY, returning output or a session ID for ongoing interaction.\n\n{}", - windows_destructive_filesystem_guidance() + windows_shell_guidance() ) } else { "Runs a command in a PTY, returning output or a session ID for ongoing interaction." @@ -173,7 +173,7 @@ Examples of valid command strings: - running an inline Python script: ["powershell.exe", "-Command", "@'\\nprint('Hello, world!')\\n'@ | python -"] {}"#, - windows_destructive_filesystem_guidance() + windows_shell_guidance() ) } else { r#"Runs a shell command and returns its output. @@ -244,7 +244,7 @@ Examples of valid command strings: - running an inline Python script: "@'\\nprint('Hello, world!')\\n'@ | python -" {}"#, - windows_destructive_filesystem_guidance() + windows_shell_guidance() ) } else { r#"Runs a shell command and returns its output. @@ -421,10 +421,11 @@ fn file_system_permissions_schema() -> JsonSchema { ) } -fn windows_destructive_filesystem_guidance() -> &'static str { +fn windows_shell_guidance() -> &'static str { r#"Windows safety rules: - Do not compose destructive filesystem commands across shells. Do not enumerate paths in PowerShell and then pass them to `cmd /c`, batch builtins, or another shell for deletion or moving. Use one shell end-to-end, prefer native PowerShell cmdlets such as `Remove-Item` / `Move-Item` with `-LiteralPath`, and avoid string-built shell commands for file operations. -- Before any recursive delete or move on Windows, verify the resolved absolute target paths stay within the intended workspace or explicitly named target directory. Never issue a recursive delete or move against a computed path if the final target has not been checked."# +- Before any recursive delete or move on Windows, verify the resolved absolute target paths stay within the intended workspace or explicitly named target directory. Never issue a recursive delete or move against a computed path if the final target has not been checked. +- When using `Start-Process` to launch a background helper or service, pass `-WindowStyle Hidden` unless the user explicitly asked for a visible interactive window. Use visible windows only for interactive tools the user needs to see or control."# } #[cfg(test)] diff --git a/codex-rs/tools/src/local_tool_tests.rs b/codex-rs/tools/src/local_tool_tests.rs index b751545b3ace..2980931e7cb3 100644 --- a/codex-rs/tools/src/local_tool_tests.rs +++ b/codex-rs/tools/src/local_tool_tests.rs @@ -3,7 +3,7 @@ use pretty_assertions::assert_eq; use std::collections::BTreeMap; fn windows_shell_safety_description() -> String { - format!("\n\n{}", windows_destructive_filesystem_guidance()) + format!("\n\n{}", windows_shell_guidance()) } #[test] @@ -24,7 +24,7 @@ Examples of valid command strings: - setting an env var: ["powershell.exe", "-Command", "$env:FOO='bar'; echo $env:FOO"] - running an inline Python script: ["powershell.exe", "-Command", "@'\\nprint('Hello, world!')\\n'@ | python -"]"# .to_string() - + &windows_shell_safety_description() + + &windows_shell_guidance() } else { r#"Runs a shell command and returns its output. - The arguments to `shell` will be passed to execvp(). Most terminal commands should be prefixed with ["bash", "-lc"]. @@ -269,7 +269,7 @@ Examples of valid command strings: - running an inline Python script: ["powershell.exe", "-Command", "@'\\nprint('Hello, world!')\\n'@ | python -"] {}"#, - windows_destructive_filesystem_guidance() + windows_shell_guidance() ) } else { r#"Runs a shell command and returns its output. From a301c30efbea1b73a3328ea59eff3e8a28cdddfe Mon Sep 17 00:00:00 2001 From: iceweasel-oai Date: Wed, 22 Apr 2026 14:53:14 -0700 Subject: [PATCH 2/4] cargo fmt --- codex-rs/tools/src/local_tool.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codex-rs/tools/src/local_tool.rs b/codex-rs/tools/src/local_tool.rs index 49c18bfda100..ed4080d5f474 100644 --- a/codex-rs/tools/src/local_tool.rs +++ b/codex-rs/tools/src/local_tool.rs @@ -173,7 +173,7 @@ Examples of valid command strings: - running an inline Python script: ["powershell.exe", "-Command", "@'\\nprint('Hello, world!')\\n'@ | python -"] {}"#, - windows_shell_guidance() + windows_shell_guidance() ) } else { r#"Runs a shell command and returns its output. From c771eda9865aa46f18de091a0d9f26f2a50624e9 Mon Sep 17 00:00:00 2001 From: iceweasel-oai Date: Wed, 22 Apr 2026 15:09:51 -0700 Subject: [PATCH 3/4] fix tests. --- codex-rs/tools/src/local_tool_tests.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/codex-rs/tools/src/local_tool_tests.rs b/codex-rs/tools/src/local_tool_tests.rs index 2980931e7cb3..ede4c9348c72 100644 --- a/codex-rs/tools/src/local_tool_tests.rs +++ b/codex-rs/tools/src/local_tool_tests.rs @@ -2,7 +2,7 @@ use super::*; use pretty_assertions::assert_eq; use std::collections::BTreeMap; -fn windows_shell_safety_description() -> String { +fn windows_shell_guidance_description() -> String { format!("\n\n{}", windows_shell_guidance()) } @@ -24,7 +24,7 @@ Examples of valid command strings: - setting an env var: ["powershell.exe", "-Command", "$env:FOO='bar'; echo $env:FOO"] - running an inline Python script: ["powershell.exe", "-Command", "@'\\nprint('Hello, world!')\\n'@ | python -"]"# .to_string() - + &windows_shell_guidance() + + &windows_shell_guidance_description() } else { r#"Runs a shell command and returns its output. - The arguments to `shell` will be passed to execvp(). Most terminal commands should be prefixed with ["bash", "-lc"]. @@ -101,7 +101,7 @@ fn exec_command_tool_matches_expected_spec() { let description = if cfg!(windows) { format!( "Runs a command in a PTY, returning output or a session ID for ongoing interaction.{}", - windows_shell_safety_description() + windows_shell_guidance() ) } else { "Runs a command in a PTY, returning output or a session ID for ongoing interaction." @@ -346,7 +346,7 @@ Examples of valid command strings: - setting an env var: "$env:FOO='bar'; echo $env:FOO" - running an inline Python script: "@'\\nprint('Hello, world!')\\n'@ | python -""# .to_string() - + &windows_shell_safety_description() + + &windows_shell_guidance_description() } else { r#"Runs a shell command and returns its output. - Always set the `workdir` param when using the shell_command function. Do not use `cd` unless absolutely necessary."# From 70ce000bfbe7e9aad61a77bd45169e722bff99ff Mon Sep 17 00:00:00 2001 From: David Wiesen Date: Thu, 23 Apr 2026 14:13:25 -0700 Subject: [PATCH 4/4] Fix Windows exec_command spec test Use the shared Windows guidance helper so the expected exec_command description keeps the blank-line separator before the Windows safety rules. Co-authored-by: Codex --- codex-rs/tools/src/local_tool_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codex-rs/tools/src/local_tool_tests.rs b/codex-rs/tools/src/local_tool_tests.rs index ede4c9348c72..a219263e1ae8 100644 --- a/codex-rs/tools/src/local_tool_tests.rs +++ b/codex-rs/tools/src/local_tool_tests.rs @@ -101,7 +101,7 @@ fn exec_command_tool_matches_expected_spec() { let description = if cfg!(windows) { format!( "Runs a command in a PTY, returning output or a session ID for ongoing interaction.{}", - windows_shell_guidance() + windows_shell_guidance_description() ) } else { "Runs a command in a PTY, returning output or a session ID for ongoing interaction."