Move workspace roots onto thread/session state and stop using active permission profile modifications as an overlay for writable roots. Existing app-server threads now preserve their persisted PermissionProfile value across resume, fork, and turn updates; permissions requests on existing threads only update the active named profile after validating it exists. Workspace roots can be updated independently, and SandboxPolicy::WorkspaceWrite no longer stores its own writable_roots.

2026-05-18 18:22:39 +00:00 · 2026-05-11 11:23:30 -07:00
parent cf6342b75b
commit 50719c6d17
140 changed files with 2297 additions and 2053 deletions
--- a/codex-rs/exec-server/src/fs_sandbox.rs
+++ b/codex-rs/exec-server/src/fs_sandbox.rs
@@ -109,6 +109,7 @@ impl FileSystemSandboxRunner {
                enforce_managed_network: false,
                network: None,
                sandbox_policy_cwd: cwd.as_path(),
+                workspace_roots: &sandbox_context.workspace_roots,
                codex_linux_sandbox_exe: self.runtime_paths.codex_linux_sandbox_exe.as_deref(),
                use_legacy_landlock: sandbox_context.use_legacy_landlock,
                windows_sandbox_level: sandbox_context.windows_sandbox_level,