Skip to content

permissions: finish profile-backed app surfaces#19395

Open
bolinfest wants to merge 1 commit intopr19394from
pr19395
Open

permissions: finish profile-backed app surfaces#19395
bolinfest wants to merge 1 commit intopr19394from
pr19395

Conversation

@bolinfest
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest commented Apr 24, 2026

Why

Once core execution is profile-backed, user-facing and app-facing surfaces should stop presenting the legacy sandbox projection as authoritative. This is especially important for External and Disabled, which both look lax through old sandbox-mode summaries but mean different things operationally.

What Changed

  • Sends PermissionProfile from the in-process exec client for thread start, resume, and turn start instead of falling back to legacy sandbox mode.
  • Summarizes CLI sandbox output from profiles, including distinct labels for external-sandbox and danger-full-access plus writable-root summaries for managed profiles.
  • Updates app-server project-trust checks to ask whether the active/requested profile can write the project cwd, rather than matching legacy sandbox variants.
  • Computes bwrap warnings from whether the profile actually requires a platform sandbox.
  • Classifies analytics sandbox mode directly from profile filesystem/network state instead of a legacy round trip.
  • Adds CLI summary coverage for managed, disabled, and external profiles.

Verification

  • cargo test -p codex-core direct_write_roots
  • cargo test -p codex-core runtime_roots_to_legacy_projection
  • cargo test -p codex-app-server requested_permissions_trust_project_uses_permission_profile_intent

Stack created with Sapling. Best reviewed with ReviewStack.

Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6c1797f185

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/exec/src/event_processor_with_human_output_tests.rs Outdated
@bolinfest bolinfest force-pushed the pr19395 branch 2 times, most recently from 2cdb4ca to f697657 Compare April 24, 2026 16:19
@bolinfest bolinfest force-pushed the pr19394 branch 2 times, most recently from 55c2f31 to 7010512 Compare April 24, 2026 16:47
@bolinfest bolinfest force-pushed the pr19395 branch 2 times, most recently from 63d386f to 38fc750 Compare April 24, 2026 17:18
@bolinfest bolinfest force-pushed the pr19394 branch 2 times, most recently from 7642d2e to 5c02727 Compare April 24, 2026 17:28
@bolinfest bolinfest force-pushed the pr19395 branch 2 times, most recently from 2f73fca to 4145cae Compare April 24, 2026 18:08
@bolinfest bolinfest force-pushed the pr19394 branch 2 times, most recently from f044efc to f8fb073 Compare April 24, 2026 19:09
@bolinfest bolinfest force-pushed the pr19394 branch 2 times, most recently from a56d7b0 to 2a018fc Compare April 25, 2026 03:55
@bolinfest bolinfest force-pushed the pr19395 branch 2 times, most recently from f41f672 to c90fb0c Compare April 25, 2026 15:48
@bolinfest bolinfest force-pushed the pr19394 branch 2 times, most recently from 5408197 to 93f49ad Compare April 25, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant