app-server: require absolute cwd for windowsSandbox/setupStart (#13833)

## Summary - require windowsSandbox/setupStart.cwd to be an AbsolutePathBuf - reject relative cwd values at request parsing instead of normalizing them later in the setup flow - add RPC-layer coverage for relative cwd rejection and update the checked-in protocol schemas/docs ## Why windowsSandbox/setupStart was carrying the client-provided cwd as a raw PathBuf for command_cwd while config derivation normalized the same value into an absolute policy_cwd. That left room for relative-path ambiguity in the setup path, especially for inputs like cwd: "repo". Making the RPC accept only absolute paths removes that split entirely: the handler now receives one already-validated absolute path and uses it for both config derivation and setup. This keeps the trust model unchanged. Trusted clients could already choose the session cwd; this change is only about making the setup RPC reject relative paths so command_cwd and policy_cwd cannot diverge. ## Testing - cargo test -p codex-app-server windows_sandbox_setup (run locally by user) - cargo test -p codex-app-server-protocol windows_sandbox (run locally by user)
2026-04-25 07:05:38 +00:00 · 2026-03-06 22:47:08 -08:00
parent b0ce16c47a
commit 4b4f61d379
9 changed files with 71 additions and 20 deletions
--- a/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartParams.json
@@ -1,6 +1,10 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
    "WindowsSandboxSetupMode": {
      "enum": [
        "elevated",
@@ -11,9 +15,13 @@
  },
  "properties": {
    "cwd": {
-      "type": [
-        "string",
-        "null"
+      "anyOf": [
+        {
+          "$ref": "#/definitions/AbsolutePathBuf"
+        },
+        {
+          "type": "null"
+        }
      ]
    },
    "mode": {
@@ -25,4 +33,4 @@
  ],
  "title": "WindowsSandboxSetupStartParams",
  "type": "object"
-}
+}