Move workspace roots onto thread/session state and stop using active permission profile modifications as an overlay for writable roots. Existing app-server threads now preserve their persisted PermissionProfile value across resume, fork, and turn updates; permissions requests on existing threads only update the active named profile after validating it exists. Workspace roots can be updated independently, and SandboxPolicy::WorkspaceWrite no longer stores its own writable_roots.

2026-05-26 22:15:13 +00:00 · 2026-05-11 15:23:15 -07:00
parent 3e10e09e24
commit 6579ec2f9d
141 changed files with 2384 additions and 2210 deletions
--- a/codex-rs/exec-server/src/fs_sandbox.rs
+++ b/codex-rs/exec-server/src/fs_sandbox.rs
@@ -109,6 +109,7 @@ impl FileSystemSandboxRunner {
                enforce_managed_network: false,
                network: None,
                sandbox_policy_cwd: cwd.as_path(),
+                workspace_roots: &sandbox_context.workspace_roots,
                codex_linux_sandbox_exe: self.runtime_paths.codex_linux_sandbox_exe.as_deref(),
                use_legacy_landlock: sandbox_context.use_legacy_landlock,
                windows_sandbox_level: sandbox_context.windows_sandbox_level,