chore: move pty and windows sandbox to Rust 2024 (#15954)

## Why `codex-utils-pty` and `codex-windows-sandbox` were the remaining crates in `codex-rs` that still overrode the workspace's Rust 2024 edition. Moving them forward in a separate PR keeps the baseline edition update isolated from the follow-on Bazel clippy workflow in #15955, while making linting and formatting behavior consistent with the rest of the workspace. This PR also needs Cargo and Bazel to agree on the edition for `codex-windows-sandbox`. Without the Bazel-side sync, the experimental Bazel app-server builds fail once they compile `windows-sandbox-rs`. ## What changed - switch `codex-rs/utils/pty` and `codex-rs/windows-sandbox-rs` to `edition = "2024"` - update `codex-utils-pty` callsites and tests to use the collapsed `if let` form that Clippy expects under the new edition - fix the Rust 2024 fallout in `windows-sandbox-rs`, including the reserved `gen` identifier, `unsafe extern` requirements, and new Clippy findings that surfaced under the edition bump - keep the edition bump separate from a larger unsafe cleanup by temporarily allowing `unsafe_op_in_unsafe_fn` in the Windows entrypoint modules that now report it under Rust 2024 - update `codex-rs/windows-sandbox-rs/BUILD.bazel` to `crate_edition = "2024"` so Bazel compiles the crate with the same edition as Cargo --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/15954). * #15976 * #15955 * __->__ #15954
2026-04-30 17:36:40 +00:00 · 2026-03-27 02:31:08 -07:00
parent 2e849703cd
commit 2ef91b7140
30 changed files with 255 additions and 248 deletions
--- a/codex-rs/windows-sandbox-rs/src/elevated_impl.rs
+++ b/codex-rs/windows-sandbox-rs/src/elevated_impl.rs
@@ -16,37 +16,37 @@ pub struct ElevatedSandboxCaptureRequest<'a> {
 mod windows_impl {
    use super::ElevatedSandboxCaptureRequest;
    use crate::acl::allow_null_device;
-    use crate::allow::compute_allow_paths;
    use crate::allow::AllowDenyPaths;
+    use crate::allow::compute_allow_paths;
    use crate::cap::load_or_create_cap_sids;
    use crate::env::ensure_non_interactive_pager;
    use crate::env::inherit_path_env;
    use crate::env::normalize_null_device_env;
-    use crate::helper_materialization::resolve_helper_for_launch;
    use crate::helper_materialization::HelperExecutable;
+    use crate::helper_materialization::resolve_helper_for_launch;
    use crate::identity::require_logon_sandbox_creds;
-    use crate::ipc_framed::decode_bytes;
-    use crate::ipc_framed::read_frame;
-    use crate::ipc_framed::write_frame;
    use crate::ipc_framed::FramedMessage;
    use crate::ipc_framed::Message;
    use crate::ipc_framed::OutputStream;
    use crate::ipc_framed::SpawnRequest;
+    use crate::ipc_framed::decode_bytes;
+    use crate::ipc_framed::read_frame;
+    use crate::ipc_framed::write_frame;
    use crate::logging::log_failure;
    use crate::logging::log_note;
    use crate::logging::log_start;
    use crate::logging::log_success;
-    use crate::policy::parse_policy;
    use crate::policy::SandboxPolicy;
+    use crate::policy::parse_policy;
    use crate::token::convert_string_sid_to_sid;
    use crate::winutil::quote_windows_arg;
    use crate::winutil::resolve_sid;
    use crate::winutil::string_from_sid_bytes;
    use crate::winutil::to_wide;
    use anyhow::Result;
-    use rand::rngs::SmallRng;
    use rand::Rng;
    use rand::SeedableRng;
+    use rand::rngs::SmallRng;
    use std::collections::HashMap;
    use std::ffi::c_void;
    use std::fs::File;
@@ -84,16 +84,16 @@ mod windows_impl {
                return Some(cur);
            }
            if marker.is_file() {
-                if let Ok(txt) = std::fs::read_to_string(&marker) {
-                    if let Some(rest) = txt.trim().strip_prefix("gitdir:") {
-                        let gitdir = rest.trim();
-                        let resolved = if Path::new(gitdir).is_absolute() {
-                            PathBuf::from(gitdir)
-                        } else {
-                            cur.join(gitdir)
-                        };
-                        return resolved.parent().map(|p| p.to_path_buf()).or(Some(cur));
-                    }
+                if let Ok(txt) = std::fs::read_to_string(&marker)
+                    && let Some(rest) = txt.trim().strip_prefix("gitdir:")
+                {
+                    let gitdir = rest.trim();
+                    let resolved = if Path::new(gitdir).is_absolute() {
+                        PathBuf::from(gitdir)
+                    } else {
+                        cur.join(gitdir)
+                    };
+                    return resolved.parent().map(|p| p.to_path_buf()).or(Some(cur));
                }
                return Some(cur);
            }
@@ -143,7 +143,11 @@ mod windows_impl {
    /// Generates a unique named-pipe path used to communicate with the runner process.
    fn pipe_name(suffix: &str) -> String {
        let mut rng = SmallRng::from_entropy();
-        format!(r"\\.\pipe\codex-runner-{:x}-{}", rng.gen::<u128>(), suffix)
+        format!(
+            r"\\.\pipe\codex-runner-{:x}-{}",
+            rng.r#gen::<u128>(),
+            suffix
+        )
    }

    /// Creates a named pipe whose DACL only allows the sandbox user to connect.
@@ -507,8 +511,8 @@ pub use windows_impl::run_windows_sandbox_capture;
 #[cfg(not(target_os = "windows"))]
 mod stub {
    use super::ElevatedSandboxCaptureRequest;
-    use anyhow::bail;
    use anyhow::Result;
+    use anyhow::bail;

    #[derive(Debug, Default)]
    pub struct CaptureResult {