diff --git a/codex-rs/Cargo.lock b/codex-rs/Cargo.lock index 464b7d72a..cb359a45c 100644 --- a/codex-rs/Cargo.lock +++ b/codex-rs/Cargo.lock @@ -2288,9 +2288,9 @@ dependencies = [ "async-trait", "base64 0.22.1", "codex-app-server-protocol", - "codex-exec-server", "codex-execpolicy", "codex-features", + "codex-file-system", "codex-git-utils", "codex-model-provider-info", "codex-network-proxy", @@ -2609,6 +2609,7 @@ dependencies = [ "bytes", "codex-app-server-protocol", "codex-client", + "codex-file-system", "codex-protocol", "codex-sandboxing", "codex-test-binary-support", @@ -2719,6 +2720,16 @@ dependencies = [ "tokio", ] +[[package]] +name = "codex-file-system" +version = "0.0.0" +dependencies = [ + "async-trait", + "codex-protocol", + "codex-utils-absolute-path", + "serde", +] + [[package]] name = "codex-git-utils" version = "0.0.0" @@ -2726,7 +2737,7 @@ dependencies = [ "anyhow", "assert_matches", "chrono", - "codex-exec-server", + "codex-file-system", "codex-protocol", "codex-utils-absolute-path", "futures", diff --git a/codex-rs/Cargo.toml b/codex-rs/Cargo.toml index 85c947aea..1bbb13834 100644 --- a/codex-rs/Cargo.toml +++ b/codex-rs/Cargo.toml @@ -36,6 +36,7 @@ members = [ "hooks", "secrets", "exec", + "file-system", "exec-server", "execpolicy", "execpolicy-legacy", @@ -142,6 +143,7 @@ codex-core-plugins = { path = "core-plugins" } codex-core-skills = { path = "core-skills" } codex-device-key = { path = "device-key" } codex-exec = { path = "exec" } +codex-file-system = { path = "file-system" } codex-exec-server = { path = "exec-server" } codex-execpolicy = { path = "execpolicy" } codex-experimental-api-macros = { path = "codex-experimental-api-macros" } diff --git a/codex-rs/config/Cargo.toml b/codex-rs/config/Cargo.toml index 3c7e5a829..8cef4070c 100644 --- a/codex-rs/config/Cargo.toml +++ b/codex-rs/config/Cargo.toml @@ -16,9 +16,9 @@ anyhow = { workspace = true } async-trait = { workspace = true } base64 = { workspace = true } codex-app-server-protocol = { workspace = true } -codex-exec-server = { workspace = true } codex-execpolicy = { workspace = true } codex-features = { workspace = true } +codex-file-system = { workspace = true } codex-git-utils = { workspace = true } codex-model-provider-info = { workspace = true } codex-network-proxy = { workspace = true } diff --git a/codex-rs/config/src/loader/layer_io.rs b/codex-rs/config/src/loader/layer_io.rs index 773a71f3b..9c15df727 100644 --- a/codex-rs/config/src/loader/layer_io.rs +++ b/codex-rs/config/src/loader/layer_io.rs @@ -5,7 +5,7 @@ use super::macos::load_managed_admin_config_layer; use crate::diagnostics::config_error_from_toml; use crate::diagnostics::io_error_from_config_error; use crate::state::LoaderOverrides; -use codex_exec_server::ExecutorFileSystem; +use codex_file_system::ExecutorFileSystem; use codex_utils_absolute_path::AbsolutePathBuf; use std::io; use std::path::Path; diff --git a/codex-rs/config/src/loader/mod.rs b/codex-rs/config/src/loader/mod.rs index 637549035..28e5ff342 100644 --- a/codex-rs/config/src/loader/mod.rs +++ b/codex-rs/config/src/loader/mod.rs @@ -25,7 +25,7 @@ use crate::state::LoaderOverrides; use crate::thread_config::ThreadConfigContext; use crate::thread_config::ThreadConfigLoader; use codex_app_server_protocol::ConfigLayerSource; -use codex_exec_server::ExecutorFileSystem; +use codex_file_system::ExecutorFileSystem; use codex_git_utils::resolve_root_git_project_for_trust; use codex_protocol::config_types::ApprovalsReviewer; use codex_protocol::config_types::SandboxMode; diff --git a/codex-rs/exec-server/Cargo.toml b/codex-rs/exec-server/Cargo.toml index 21701d518..5f31ca432 100644 --- a/codex-rs/exec-server/Cargo.toml +++ b/codex-rs/exec-server/Cargo.toml @@ -17,6 +17,7 @@ base64 = { workspace = true } bytes = { workspace = true } codex-app-server-protocol = { workspace = true } codex-client = { workspace = true } +codex-file-system = { workspace = true } codex-protocol = { workspace = true } codex-sandboxing = { workspace = true } codex-utils-absolute-path = { workspace = true } diff --git a/codex-rs/exec-server/src/environment.rs b/codex-rs/exec-server/src/environment.rs index 377a7a38d..b934ec8d9 100644 --- a/codex-rs/exec-server/src/environment.rs +++ b/codex-rs/exec-server/src/environment.rs @@ -3,10 +3,10 @@ use std::sync::Arc; use crate::ExecServerError; use crate::ExecServerRuntimePaths; +use crate::ExecutorFileSystem; use crate::HttpClient; use crate::client::LazyRemoteExecServerClient; use crate::client::http_client::ReqwestHttpClient; -use crate::file_system::ExecutorFileSystem; use crate::local_file_system::LocalFileSystem; use crate::local_process::LocalProcess; use crate::process::ExecBackend; diff --git a/codex-rs/exec-server/src/fs_sandbox.rs b/codex-rs/exec-server/src/fs_sandbox.rs index 32cbba957..8f084a50e 100644 --- a/codex-rs/exec-server/src/fs_sandbox.rs +++ b/codex-rs/exec-server/src/fs_sandbox.rs @@ -20,7 +20,6 @@ use tokio::process::Command; use crate::ExecServerRuntimePaths; use crate::FileSystemSandboxContext; -use crate::file_system::file_system_policy_has_cwd_dependent_entries; use crate::fs_helper::CODEX_FS_HELPER_ARG1; use crate::fs_helper::FsHelperPayload; use crate::fs_helper::FsHelperRequest; @@ -115,8 +114,7 @@ fn sandbox_cwd(sandbox: &FileSystemSandboxContext) -> Result Self { + pub fn has_cwd_dependent_permissions(&self) -> bool { let file_system_policy = self.permissions.file_system_sandbox_policy(); - if !file_system_policy_has_cwd_dependent_entries(&file_system_policy) { + file_system_policy_has_cwd_dependent_entries(&file_system_policy) + } + + pub fn drop_cwd_if_unused(mut self) -> Self { + if !self.has_cwd_dependent_permissions() { self.cwd = None; } self } } -pub(crate) fn file_system_policy_has_cwd_dependent_entries( +fn file_system_policy_has_cwd_dependent_entries( file_system_policy: &FileSystemSandboxPolicy, ) -> bool { file_system_policy @@ -125,6 +129,8 @@ pub(crate) fn file_system_policy_has_cwd_dependent_entries( pub type FileSystemResult = io::Result; +/// Abstract filesystem access used by components that may operate locally or via +/// a remote executor. #[async_trait] pub trait ExecutorFileSystem: Send + Sync { async fn read_file( diff --git a/codex-rs/git-utils/Cargo.toml b/codex-rs/git-utils/Cargo.toml index 0154cfc03..3da8a1114 100644 --- a/codex-rs/git-utils/Cargo.toml +++ b/codex-rs/git-utils/Cargo.toml @@ -11,7 +11,7 @@ workspace = true [dependencies] anyhow = { workspace = true } chrono = { workspace = true } -codex-exec-server = { workspace = true } +codex-file-system = { workspace = true } codex-protocol = { workspace = true } codex-utils-absolute-path = { workspace = true } futures = { workspace = true, features = ["alloc"] } diff --git a/codex-rs/git-utils/src/info.rs b/codex-rs/git-utils/src/info.rs index e7642a865..067dd1586 100644 --- a/codex-rs/git-utils/src/info.rs +++ b/codex-rs/git-utils/src/info.rs @@ -4,7 +4,7 @@ use std::ffi::OsStr; use std::path::Path; use std::path::PathBuf; -use codex_exec_server::ExecutorFileSystem; +use codex_file_system::ExecutorFileSystem; use codex_utils_absolute_path::AbsolutePathBuf; use futures::future::join_all; use schemars::JsonSchema;