You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#23813 switches the Windows sandbox runner path to PermissionProfile, but it still left one runtime anchor for resolving symbolic :workspace_roots entries. That is not enough once a turn has multiple effective workspace roots: exact entries and deny globs under :workspace_roots need to be materialized for every runtime root before the command runner chooses token mode or builds ACL plans.
What Changed
Replaces the Windows runner/setup permission_profile_cwd plumbing with workspace_roots: Vec<AbsolutePathBuf>.
Resolves Windows-local PermissionProfile data with materialize_project_roots_with_workspace_roots(...) instead of the single-cwd helper.
Threads Config::effective_workspace_roots() through core execution, unified exec, TUI setup/read-grant flows, app-server setup, and debug sandbox on Windows.
Updates elevated runner IPC SpawnRequest to send workspace_roots and bumps the framed IPC protocol version to 3 for the payload shape change.
Adds Windows-local resolver coverage for expanding exact and glob :workspace_roots entries across multiple roots.
A local macOS cross-check with cargo check --target x86_64-pc-windows-msvc ... did not reach crate Rust code because native dependencies require Windows SDK headers (windows.h / assert.h) in this environment; Windows CI remains the real target validation.
Pass workspace-roots slice to setup refresh helper
run_setup_refresh now takes workspace_roots: &[AbsolutePathBuf], but this test still passes command_cwd.as_path() as the second argument. On Windows test builds, that is a type mismatch and prevents codex-windows-sandbox tests from compiling at all, so CI for this crate will fail before running any tests. The same argument mismatch appears again in the run_setup_refresh_with_extra_read_roots call immediately below.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pass workspace-roots slice to setup refresh helper
Why
#23813 switches the Windows sandbox runner path to
PermissionProfile, but it still left one runtime anchor for resolving symbolic:workspace_rootsentries. That is not enough once a turn has multiple effective workspace roots: exact entries and deny globs under:workspace_rootsneed to be materialized for every runtime root before the command runner chooses token mode or builds ACL plans.What Changed
permission_profile_cwdplumbing withworkspace_roots: Vec<AbsolutePathBuf>.PermissionProfiledata withmaterialize_project_roots_with_workspace_roots(...)instead of the single-cwd helper.Config::effective_workspace_roots()through core execution, unified exec, TUI setup/read-grant flows, app-server setup, anddebug sandboxon Windows.SpawnRequestto sendworkspace_rootsand bumps the framed IPC protocol version to3for the payload shape change.:workspace_rootsentries across multiple roots.Verification
cargo check -p codex-windows-sandbox -p codex-core -p codex-tui -p codex-cli -p codex-app-servercargo test -p codex-windows-sandboxcargo test -p codex-core windows_sandboxcargo test -p codex-app-server windows_sandboxcargo test -p codex-tui windows_sandboxcargo test -p codex-cli debug_sandboxjust fix -p codex-windows-sandbox -p codex-core -p codex-tui -p codex-cli -p codex-app-serverjust fix -p codex-windows-sandboxA local macOS cross-check with
cargo check --target x86_64-pc-windows-msvc ...did not reach crate Rust code because native dependencies require Windows SDK headers (windows.h/assert.h) in this environment; Windows CI remains the real target validation.Stack created with Sapling. Best reviewed with ReviewStack.