Conversation
💡 Codex Reviewcodex/codex-rs/windows-sandbox-rs/src/resolved_permissions.rs Lines 102 to 104 in 7fbefbb  Filter SlashTmp out of Windows writable roots
In the Windows sandbox path this now feeds the generic runtime filesystem policy directly into codex/codex-rs/windows-sandbox-rs/src/resolved_permissions.rs Lines 102 to 104 in 7fbefbb Avoid resolving Unix TMPDIR for Windows tmp grants
For profiles containing ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
Addressed the two Windows temp-root review items in the current stack.
Relevant code is in |
iceweasel-oai
left a comment
iceweasel-oai
left a comment
There was a problem hiding this comment.
approved - couple of nit/comments
## Why The Windows sandbox migration away from the legacy `SandboxPolicy` abstraction needs a small local bridge before IPC and core wiring can move to `PermissionProfile`. Leaf helpers currently branch directly on `WorkspaceWrite`, which spreads legacy assumptions through path planning and token setup code. This PR introduces a Windows-local resolved permissions view so those helpers can ask Windows-specific questions about runtime filesystem/network permissions without matching on the legacy policy enum everywhere. ## What changed - Added `ResolvedWindowsSandboxPermissions` in `windows-sandbox-rs/src/resolved_permissions.rs`, with legacy `SandboxPolicy` constructors for the current call sites. - Moved `allow.rs` writable-root and read-only-subpath planning onto the resolved permissions type. - Preserved Windows `TEMP`/`TMP` writable-root behavior when the effective policy includes writable tmpdir access. - Avoided resolving Unix `:slash_tmp` or parent-process `TMPDIR` while computing Windows writable roots. - Reused the shared allow-path result for setup write-root gathering and routed network-block selection through the resolved abstraction. ## Verification - `cargo test -p codex-windows-sandbox` - `just fix -p codex-windows-sandbox` - GitHub CI restarted on the amended commit; Windows Bazel is the required signal for the Windows-only code paths. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/22896). * #23715 * #23714 * #23167 * #22923 * #22918 * __->__ #22896
2 participants
Why
This is the next PR in the Windows sandbox migration stack after #22896. The bottom PR introduces a Windows-local resolved permissions helper while existing callers still start from legacy
SandboxPolicy. This PR moves the elevated runner IPC boundary toPermissionProfile, which makes the direction of the stack visible without changing the public core call sites yet.Because that changes the CLI-to-command-runner message shape, the framed IPC protocol version is bumped in the same PR so the boundary change is explicit.
What changed
policy_json_or_preset/sandbox_policy_cwdfields withpermission_profile/permission_profile_cwd.IPC_PROTOCOL_VERSION = 2and switched parent/runner frames to use the shared constant.PermissionProfilebefore sending the runner request.WindowsSandboxTokenModeresolution for managedPermissionProfilevalues and made the runner choose read-only vs writable-root capability tokens from that resolved profile.PermissionProfilepayloads and token-mode unit coverage for the resolved permission helper.Verification
cargo test -p codex-windows-sandboxjust fix -p codex-windows-sandboxcargo check -p codex-windows-sandbox --target x86_64-pc-windows-msvc --testswas attempted locally but blocked before crate type-checking because the macOS compiler environment lacks Windows C headers such aswindows.handassert.h; GitHub Windows CI is the required verification for the runner path.Stack created with Sapling. Best reviewed with ReviewStack.