mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
fbbe7706d6
## Why This is the second PR in the Windows fs-helper sandbox stack. The fs-helper path needs a Windows sandbox launcher that has the same argv-shaped contract as macOS `sandbox-exec` and `codex-linux-sandbox`, but this PR only introduces that hidden launcher. It does not route fs-helper through it yet. The hidden launcher still needs to be policy-complete before later direct-spawn callers use it. In particular, it has to carry the same Windows sandbox policy details that the existing spawn paths already understand: proxy enforcement, read/write root overrides, and deny-read/deny-write overrides. ## What Changed - Added the hidden `codex.exe --run-as-windows-sandbox` arg1 dispatch path. - Added `windows-sandbox-rs/src/wrapper.rs`, which parses the wrapper argv, launches the requested command through the shared Windows sandbox session runner from PR1, and forwards stdio. - Added `create_windows_sandbox_command_args_for_permission_profile()` so later direct-spawn callers can build the wrapper argv consistently. - Made the wrapper argv round-trip the full Windows sandbox policy surface it needs later: workspace roots, environment, permission profile, sandbox level, private desktop, proxy enforcement, read/write root overrides, and deny-read/deny-write overrides. - Carried `proxy_enforced` through the shared Windows session request so proxy-managed executions continue to use the offline/elevated sandbox identity. - Added wrapper argument round-trip coverage for the full policy fields. ## Verification - `just test -p codex-windows-sandbox windows_wrapper_args_round_trip` - `just test -p codex-arg0` - `just test -p codex-core exec::tests::windows_` - `just fix -p codex-windows-sandbox -p codex-core -p codex-cli` Local note: the full `just fmt` command still fails on this workstation in non-Rust formatter setup (`uv` cache access denied and missing `dotslash`/buildifier), but the Rust formatter phase completed.
34 lines
857 B
TOML
34 lines
857 B
TOML
[package]
|
|
name = "codex-arg0"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[lib]
|
|
name = "codex_arg0"
|
|
path = "src/lib.rs"
|
|
doctest = false
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[dependencies]
|
|
anyhow = { workspace = true }
|
|
codex-apply-patch = { workspace = true }
|
|
codex-exec-server = { workspace = true }
|
|
codex-install-context = { workspace = true }
|
|
codex-linux-sandbox = { workspace = true }
|
|
codex-sandboxing = { workspace = true }
|
|
codex-shell-escalation = { workspace = true }
|
|
codex-utils-absolute-path = { workspace = true }
|
|
codex-utils-home-dir = { workspace = true }
|
|
dotenvy = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
|
|
|
[target.'cfg(windows)'.dependencies]
|
|
codex-windows-sandbox = { workspace = true }
|
|
|
|
[dev-dependencies]
|
|
pretty_assertions = { workspace = true }
|