Skip to content

Pass Windows metadata targets to direct exec#21032

Open
evawong-oai wants to merge 1 commit into
codex/windows-protected-metadata-setup-threadingfrom
codex/windows-protected-metadata-direct-exec
Open

Pass Windows metadata targets to direct exec#21032
evawong-oai wants to merge 1 commit into
codex/windows-protected-metadata-setup-threadingfrom
codex/windows-protected-metadata-direct-exec

Conversation

@evawong-oai
Copy link
Copy Markdown
Contributor

@evawong-oai evawong-oai commented May 4, 2026
edited
Loading

Summary

  1. Passes Windows protected metadata targets through direct sandbox execution.
  2. Keeps the direct exec path aligned with the setup request shape.

Why

  1. Direct exec is one of the Windows sandbox entry points that must enforce protected metadata.
  2. This PR wires only that entry point so review can confirm the request field is carried without mixing in session behavior.

Stack Relation

This PR is part 6 of 21 in the Windows protected metadata stack.

  1. PR 20889 Add Windows metadata adapter target type
  2. PR 20890 Add Windows metadata setup target type
  3. PR 20891 Add Windows metadata enforcement guard
  4. PR 21030 Plan Windows metadata targets from filesystem policy
  5. PR 21031 Thread Windows metadata targets through setup request
  6. PR 21032 Pass Windows metadata targets to direct exec
  7. PR 21033 Thread Windows metadata targets through sessions
  8. PR 21035 Enforce Windows protected metadata targets
  9. PR 21036 Deny Windows protected metadata symlink targets
  10. PR 21037 Use Windows metadata targets in debug sandbox
  11. PR 21038 Allow Windows sandbox Git signal pipes
  12. PR 21039 Add Windows legacy Git read root helpers
  13. PR 21040 Grant Windows legacy Git read roots
  14. PR 21041 Inject Git safe directory for Windows legacy sandbox
  15. PR 21042 Test Windows runtime metadata target preparation
  16. PR 21043 Document Windows metadata request boundary
  17. PR 21172 Add Windows missing metadata monitor runtime
  18. PR 21173 Wire Windows metadata monitor through sandbox exits
  19. PR 21174 Add Windows missing metadata deny sentinel
  20. PR 21175 Wire missing Windows metadata to deny sentinel
  21. PR 21184 Use direct deny ACLs for Windows metadata sentinels

Validation

  1. Stack head local format and Rust tests passed on 95ef124d6194bd2126c11928cb3973214f9ac63a.
  2. Azure Windows VM 56 case validation is running on 95ef124d6194bd2126c11928cb3973214f9ac63a.

This was referenced May 4, 2026
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
@evawong-oai evawong-oai force-pushed the codex/windows-protected-metadata-setup-threading branch from d4a25ea to f29e31e Compare May 5, 2026 10:51
@evawong-oai evawong-oai force-pushed the codex/windows-protected-metadata-direct-exec branch from 72abfca to 16cc0e9 Compare May 5, 2026 10:51
@evawong-oai evawong-oai force-pushed the codex/windows-protected-metadata-setup-threading branch from f29e31e to 230dcf4 Compare May 6, 2026 22:09
@evawong-oai evawong-oai force-pushed the codex/windows-protected-metadata-direct-exec branch from 16cc0e9 to 461f186 Compare May 6, 2026 22:09
@evawong-oai evawong-oai marked this pull request as ready for review May 7, 2026 00:45
@evawong-oai evawong-oai requested a review from a team as a code owner May 7, 2026 00:45
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 461f186a34

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/windows-sandbox-rs/src/lib.rs
mut env_map: HashMap<String, String>,
timeout_ms: Option<u64>,
additional_deny_write_paths: &[PathBuf],
_protected_metadata_targets: &[ProtectedMetadataTarget],
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Enforce metadata targets in legacy direct exec

The new direct-exec plumbing passes protected_metadata_targets to the non-elevated backend, but this callee names it _protected_metadata_targets and never applies prepare_protected_metadata_targets/deny paths or cleanup. When use_elevated is false, protected metadata remains writable/creatable despite the commit's stated enforcement goal.

Useful? React with 👍 / 👎.

This was referenced May 7, 2026
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@evawong-oai