Skip to content

exec-server: canonicalize bound filesystem paths#25149

Open
starr-openai wants to merge 4 commits into
starr/skills-path-ref-1-env-path-reffrom
starr/skills-path-ref-1b-bound-canonicalize
Open

exec-server: canonicalize bound filesystem paths#25149
starr-openai wants to merge 4 commits into
starr/skills-path-ref-1-env-path-reffrom
starr/skills-path-ref-1b-bound-canonicalize

Conversation

@starr-openai
Copy link
Copy Markdown
Contributor

@starr-openai starr-openai commented May 29, 2026

Summary

  • add executor filesystem canonicalization as a bound-path operation
  • route remote canonicalization through the exec-server filesystem RPC surface
  • keep path normalization attached to the filesystem that owns the path

Stack

Validation

  • cd /Users/starr/code/codex-worktrees/pr-25098-restack4/codex-rs && just fmt
  • GitHub CI pending on rewritten head

@starr-openai starr-openai mentioned this pull request May 29, 2026
Draft
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ab25267ba1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/exec-server/src/environment_path.rs Outdated
Comment thread codex-rs/exec-server/src/remote_file_system.rs Outdated
Comment thread codex-rs/exec-server/src/client.rs
@starr-openai starr-openai force-pushed the starr/skills-path-ref-1b-bound-canonicalize branch 3 times, most recently from 865271a to 1170d1c Compare May 29, 2026 22:14
@starr-openai starr-openai force-pushed the starr/skills-path-ref-1-env-path-ref branch from f1f663f to b444724 Compare May 29, 2026 22:29
@starr-openai starr-openai force-pushed the starr/skills-path-ref-1b-bound-canonicalize branch 2 times, most recently from 1119f59 to 641000f Compare May 29, 2026 22:44
@starr-openai starr-openai force-pushed the starr/skills-path-ref-1-env-path-ref branch from b444724 to 55ec07d Compare May 29, 2026 22:50
@starr-openai starr-openai force-pushed the starr/skills-path-ref-1b-bound-canonicalize branch from 641000f to 8c24577 Compare May 29, 2026 22:50
jif-oai
jif-oai approved these changes May 30, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jif-oai jif-oai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good for me after having double checked my comments

Comment thread codex-rs/exec-server/src/local_file_system.rs
base_path: &AbsolutePathBuf,
path: &Path,
) -> FileSystemResult<AbsolutePathBuf> {
Ok(base_path.join(path))
Copy link
Copy Markdown
Collaborator

@jif-oai jif-oai May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be crazy... but what if

  1. A user gets an EnvironmentPathRef for one allowed skill/root path.
  2. Some later code calls something like join("../outside"), join("/absolute/path"), or join("~/.codex")
  3. AbsolutePathBuf::join normalizes that into a valid absolute path outside the original ref.
  4. Now the caller has a same-filesystem EnvironmentPathRef to a path it was
    never handed

I we want to preserve path authority, should we do everything in relative for this function?
I might be completely wrong here so I invite you to double check

Comment thread codex-rs/exec-server/src/environment_path.rs
.map(|path| path.map(|path| self.with_path(path)))
}

pub async fn canonicalize(
Copy link
Copy Markdown
Collaborator

@jif-oai jif-oai May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new canonicalize method accepts a sandbox, but local() binds LOCAL_FS, which has no runtime paths, so won't the callers hit the helper-path error instead of sandboxed canonicalization?

Comment thread codex-rs/exec-server/src/environment_path.rs
EnvironmentPathRef::new(Arc::clone(&LOCAL_FS), path)
}

#[async_trait]
Copy link
Copy Markdown
Collaborator

@jif-oai jif-oai May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note but if you want to learn cool stuff about Rust, ask ChatGPT more about async_trait, how does it work, why this is useful and why this is necessary
This is a very interesting example

@github-actions github-actions Bot mentioned this pull request May 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@jif-oai jif-oai jif-oai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@starr-openai @jif-oai