From 1ae9d12871d733c65665b0ca94db326da002e02b Mon Sep 17 00:00:00 2001 From: starr-openai Date: Wed, 13 May 2026 17:02:58 -0700 Subject: [PATCH] tests: avoid ambient temp sandbox roots --- codex-rs/app-server/tests/suite/v2/turn_start.rs | 4 ++-- .../tests/suite/v2/turn_start_zsh_fork.rs | 4 ++-- codex-rs/core/tests/suite/approvals.rs | 16 ++++++++-------- codex-rs/exec/tests/suite/sandbox.rs | 4 ++-- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/codex-rs/app-server/tests/suite/v2/turn_start.rs b/codex-rs/app-server/tests/suite/v2/turn_start.rs index 524b795b81..6b698de4d1 100644 --- a/codex-rs/app-server/tests/suite/v2/turn_start.rs +++ b/codex-rs/app-server/tests/suite/v2/turn_start.rs @@ -1895,8 +1895,8 @@ async fn turn_start_updates_sandbox_and_cwd_between_turns_v2() -> Result<()> { sandbox_policy: Some(codex_app_server_protocol::SandboxPolicy::WorkspaceWrite { writable_roots: vec![first_cwd.try_into()?], network_access: false, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }), permissions: None, model: Some("mock-model".to_string()), diff --git a/codex-rs/app-server/tests/suite/v2/turn_start_zsh_fork.rs b/codex-rs/app-server/tests/suite/v2/turn_start_zsh_fork.rs index 31247418e5..6fe93e36af 100644 --- a/codex-rs/app-server/tests/suite/v2/turn_start_zsh_fork.rs +++ b/codex-rs/app-server/tests/suite/v2/turn_start_zsh_fork.rs @@ -537,8 +537,8 @@ async fn turn_start_shell_zsh_fork_subcommand_decline_marks_parent_declined_v2() sandbox_policy: Some(codex_app_server_protocol::SandboxPolicy::WorkspaceWrite { writable_roots: vec![workspace.clone().try_into()?], network_access: false, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }), model: Some("mock-model".to_string()), effort: Some(codex_protocol::openai_models::ReasoningEffort::Medium), diff --git a/codex-rs/core/tests/suite/approvals.rs b/codex-rs/core/tests/suite/approvals.rs index 6db6495933..439eab5be2 100644 --- a/codex-rs/core/tests/suite/approvals.rs +++ b/codex-rs/core/tests/suite/approvals.rs @@ -829,8 +829,8 @@ fn scenarios() -> Vec { let workspace_write = |network_access| SandboxPolicy::WorkspaceWrite { writable_roots: vec![], network_access, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }; vec![ @@ -2049,8 +2049,8 @@ async fn approving_apply_patch_for_session_skips_future_prompts_for_same_file() let sandbox_policy = SandboxPolicy::WorkspaceWrite { writable_roots: vec![], network_access: false, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }; let sandbox_policy_for_config = sandbox_policy.clone(); @@ -2805,8 +2805,8 @@ allow_local_binding = true let sandbox_policy = SandboxPolicy::WorkspaceWrite { writable_roots: vec![], network_access: true, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }; let sandbox_policy_for_config = sandbox_policy.clone(); let mut builder = test_codex() @@ -3085,8 +3085,8 @@ allow_local_binding = true let turn_sandbox_policy = SandboxPolicy::WorkspaceWrite { writable_roots: vec![], network_access: true, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }; let mut builder = test_codex() .with_home(home) diff --git a/codex-rs/exec/tests/suite/sandbox.rs b/codex-rs/exec/tests/suite/sandbox.rs index feb1a7b8c8..8f8eac3237 100644 --- a/codex-rs/exec/tests/suite/sandbox.rs +++ b/codex-rs/exec/tests/suite/sandbox.rs @@ -183,8 +183,8 @@ async fn python_multiprocessing_lock_works_under_sandbox() { let policy = SandboxPolicy::WorkspaceWrite { writable_roots, network_access: false, - exclude_tmpdir_env_var: false, - exclude_slash_tmp: false, + exclude_tmpdir_env_var: true, + exclude_slash_tmp: true, }; let python_code = r#"import multiprocessing