feat: support sandbox extra path grants by qiyaoq-oai · Pull Request #2920 · openai/openai-agents-python

qiyaoq-oai · 2026-04-17T02:21:05Z

Add SandboxPathGrant manifest support for explicit access to absolute paths outside sandbox workspace.
Centralize path handling in WorkspacePathPolicy.normalize_path(...), including extra grant matching, symlink-aware host validation, and most-specific grant selection.
Harden access boundaries by rejecting filesystem-root grants, // root aliases, and grants that resolve to /.
Preserve nested grant semantics, including writable parent + read-only child cases through remote symlink targets and macOS exec confinement.
Update sandbox provider integrations to use shared path policy across Docker, Unix-local, Runloop, Vercel, Cloudflare, E2B, Modal, Daytona, and Blaxel.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2da3f45ba3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c9deeda4d2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b3ed127e50

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

openai-agents-python/src/agents/extensions/sandbox/daytona/sandbox.py

Line 789 in 44ada78

workspace_path = self.normalize_path(path)

Validate Daytona read paths via remote realpath helper

DaytonaSandboxSession.read() still uses lexical self.normalize_path(path) instead of _validate_path_access. A workspace symlink (for example link/secret.txt) can resolve outside /workspace and still be downloaded via fs.download_file, bypassing extra_path_grants confinement for SDK reads. This leaves ungranted filesystem reads possible through symlink targets.

openai-agents-python/src/agents/extensions/sandbox/blaxel/sandbox.py

Line 384 in 44ada78

workspace_path = self.normalize_path(path)

Validate Blaxel read paths via remote realpath helper

BlaxelSandboxSession.read() also calls lexical self.normalize_path(path) and then fs.read_binary. If a path inside the workspace traverses a symlink to an ungranted location, the read can still succeed, so read boundaries do not match the new extra-grant model. Use _validate_path_access (remote realpath check) before invoking the file API.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

qiyaoq-oai · 2026-04-17T21:18:31Z

@codex review again please

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 926cd4c7db

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

qiyaoq-oai changed the title ~~Feat/allow extra path~~ Support sandbox extra path grants Apr 17, 2026

github-actions bot added documentation Improvements or additions to documentation enhancement New feature or request feature:extensions feature:sandboxes labels Apr 17, 2026

chatgpt-codex-connector bot reviewed Apr 17, 2026

View reviewed changes

Comment thread src/agents/extensions/sandbox/runloop/sandbox.py Outdated

seratch added this to the 0.14.x milestone Apr 17, 2026

seratch changed the title ~~Support sandbox extra path grants~~ feat: support sandbox extra path grants Apr 17, 2026

alfozan approved these changes Apr 17, 2026

View reviewed changes

qiyaoq-oai added 3 commits April 17, 2026 12:29

add extra_path_grants for manifest

a436416

fix nested extra path issue

b60142e

address comment

a7a8d6d

chatgpt-codex-connector bot reviewed Apr 17, 2026

View reviewed changes

Comment thread src/agents/extensions/sandbox/daytona/sandbox.py Outdated

Comment thread src/agents/extensions/sandbox/blaxel/sandbox.py Outdated

fix lint

b3ed127

qiyaoq-oai force-pushed the feat/allow-extra-path branch from c9deeda to b3ed127 Compare April 17, 2026 19:36

github-actions bot added the dependencies label Apr 17, 2026

chatgpt-codex-connector bot reviewed Apr 17, 2026

View reviewed changes

Comment thread src/agents/extensions/sandbox/vercel/sandbox.py Outdated

use remote access validator for sandboxes

44ada78

chatgpt-codex-connector bot reviewed Apr 17, 2026

View reviewed changes

Comment thread src/agents/extensions/sandbox/vercel/sandbox.py Outdated

address comments

926cd4c

chatgpt-codex-connector bot reviewed Apr 17, 2026

View reviewed changes

Comment thread src/agents/extensions/sandbox/blaxel/sandbox.py Outdated

Comment thread src/agents/extensions/sandbox/daytona/sandbox.py Outdated

more normalize_path replace

c2d61da

qiyaoq-oai merged commit 3772047 into main Apr 17, 2026
9 checks passed

qiyaoq-oai deleted the feat/allow-extra-path branch April 17, 2026 22:26

github-actions bot mentioned this pull request Apr 17, 2026

docs: update translated document pages #2935

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: support sandbox extra path grants#2920

feat: support sandbox extra path grants#2920
qiyaoq-oai merged 7 commits intomainfrom
feat/allow-extra-path

qiyaoq-oai commented Apr 17, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

Uh oh!

qiyaoq-oai commented Apr 17, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

qiyaoq-oai commented Apr 17, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

qiyaoq-oai commented Apr 17, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants