protocol: preserve glob scan depth in permission profiles (#18713)

mirror of https://github.com/openai/codex.git synced 2026-04-30 09:26:44 +00:00

## Why

#18274 made `PermissionProfile` the canonical file-system permissions
shape, but the round-trip from `FileSystemSandboxPolicy` to
`PermissionProfile` still dropped one piece of policy metadata:
`glob_scan_max_depth`.

That field is security-relevant for deny-read globs such as `**/*.env`.
On Linux, bubblewrap sandbox construction uses it to bound unreadable
glob expansion. If a profile copied from active runtime permissions
loses this value and is submitted back as an override, the resulting
`FileSystemSandboxPolicy` can behave differently even though the visible
permission entries look equivalent.

## What changed

- Add `glob_scan_max_depth` to protocol `FileSystemPermissions` and
preserve it when converting to/from `FileSystemSandboxPolicy`.
- Keep legacy `read`/`write` JSON for simple path-only permissions, but
force canonical JSON when glob scan depth is present so the metadata is
not silently dropped.
- Carry `globScanMaxDepth` through app-server
`AdditionalFileSystemPermissions`, generated JSON/TypeScript schemas,
and app-server/TUI conversion call sites.
- Preserve the metadata through sandboxing permission normalization,
merging, and intersection.
- Carry the merged scan depth into the effective
`FileSystemSandboxPolicy` used for command execution, so bounded
deny-read globs reach Linux bubblewrap materialization.

## Verification

- `cargo test -p codex-sandboxing glob_scan -- --nocapture`
- `cargo test -p codex-sandboxing policy_transforms -- --nocapture`
- `just fix -p codex-sandboxing`





---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed
with [ReviewStack](https://reviewstack.dev/openai/codex/pull/18713).
* #18288
* #18287
* #18286
* #18285
* #18284
* #18283
* #18282
* #18281
* #18280
* #18279
* #18278
* #18277
* #18276
* #18275
* __->__ #18713

This commit is contained in:

Michael Bolin

2026-04-20 19:42:45 -07:00

committed by

GitHub

parent 6e9e2c2eef

commit 3d2f123895

18 changed files with 352 additions and 12 deletions

									
										1

codex-rs/app-server/tests/suite/v2/request_permissions.rs
									
												View File
												
				@@ -93,6 +93,7 @@ async fn request_permissions_round_trip() -> Result<()> {

				                file_system: Some(codex_app_server_protocol::AdditionalFileSystemPermissions {

				                    read: None,

				                    write: Some(vec![requested_writes[0].clone()]),

				                    glob_scan_max_depth: None,

				                    entries: None,

				                }),

				            },

protocol: preserve glob scan depth in permission profiles (#18713)

1 codex-rs/app-server/tests/suite/v2/request_permissions.rs Unescape Escape View File

1

codex-rs/app-server/tests/suite/v2/request_permissions.rs

View File