Skip to content

feat: bring back -s option to specify sandbox permissions #739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bolinfest merged 1 commit into from
Apr 30, 2025
Merged

feat: bring back -s option to specify sandbox permissions #739

bolinfest merged 1 commit into from
Apr 30, 2025

Conversation

@bolinfest
Copy link
Collaborator

@bolinfest bolinfest commented Apr 29, 2025
edited
Loading

This PR updates core/src/approval_mode_cli_arg.rs to have a SandboxPermissionOption that we can include across our CLIs via:

#[clap(flatten)]
pub sandbox: SandboxPermissionOption,

I then updated our CLIs so that when Option<Vec<SandboxPermission>> is Some, the permissions are used to create the corresponding SandboxPolicy.

To test, I updated my ~/.codex/config.toml to be:

model = "o3"

approval_policy = "on-failure"

sandbox_permissions = [
    "disk-full-read-access",
    "disk-write-platform-user-temp-folder",
    "disk-write-platform-global-temp-folder",
    "disk-write-cwd",
]

And when I launch the TUI, the codex session details are as I expect:

image

Alternatively, I could also do:

cargo run -- -s disk-full-read-access -s disk-write-platform-user-temp-folder -s disk-write-platform-global-temp-folder -s disk-write-cwd

Stack created with Sapling. Best reviewed with ReviewStack.

@bolinfest bolinfest mentioned this pull request Apr 29, 2025
Merged
@bolinfest bolinfest mentioned this pull request Apr 29, 2025
Merged
oai-ragona
oai-ragona approved these changes Apr 30, 2025
View reviewed changes
Copy link
Collaborator

@oai-ragona oai-ragona left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! I like this a whole lot better than the inverse.

@bolinfest bolinfest merged commit 27bc451 into main Apr 30, 2025
8 checks passed
@bolinfest bolinfest deleted the pr738 branch April 30, 2025 01:42
@github-actions github-actions bot locked and limited conversation to collaborators Apr 30, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@oai-ragona oai-ragona oai-ragona approved these changes

@fouad-openai fouad-openai Awaiting requested review from fouad-openai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bolinfest @oai-ragona