mirror of
https://github.com/openai/codex.git
synced 2026-04-30 09:26:44 +00:00
Promote Windows Sandbox (#11341)
1. Move Windows Sandbox NUX to right after trust directory screen 2. Don't offer read-only as an option in Sandbox NUX. Elevated/Legacy/Quit 3. Don't allow new untrusted directories. It's trust or quit 4. move experimental sandbox features to `[windows] sandbox="elevated|unelevatd"` 5. Copy tweaks = elevated -> default, non-elevated -> non-admin
This commit is contained in:
iceweasel-oai
@@ -1800,14 +1800,23 @@ impl CodexMessageProcessor {
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
// Persist windows sandbox feature.
|
||||
// Persist Windows sandbox mode.
|
||||
// TODO: persist default config in general.
|
||||
let mut request_overrides = request_overrides.unwrap_or_default();
|
||||
if cfg!(windows) && self.config.features.enabled(Feature::WindowsSandbox) {
|
||||
request_overrides.insert(
|
||||
"features.experimental_windows_sandbox".to_string(),
|
||||
serde_json::json!(true),
|
||||
);
|
||||
if cfg!(windows) {
|
||||
match WindowsSandboxLevel::from_config(&self.config) {
|
||||
WindowsSandboxLevel::Elevated => {
|
||||
request_overrides
|
||||
.insert("windows.sandbox".to_string(), serde_json::json!("elevated"));
|
||||
}
|
||||
WindowsSandboxLevel::RestrictedToken => {
|
||||
request_overrides.insert(
|
||||
"windows.sandbox".to_string(),
|
||||
serde_json::json!("unelevated"),
|
||||
);
|
||||
}
|
||||
WindowsSandboxLevel::Disabled => {}
|
||||
}
|
||||
}
|
||||
|
||||
let cloud_requirements = self.current_cloud_requirements();
|
||||
@@ -2933,13 +2942,22 @@ impl CodexMessageProcessor {
|
||||
read_history_cwd_from_state_db(&self.config, source_thread_id, rollout_path.as_path())
|
||||
.await;
|
||||
|
||||
// Persist windows sandbox feature.
|
||||
// Persist Windows sandbox mode.
|
||||
let mut cli_overrides = cli_overrides.unwrap_or_default();
|
||||
if cfg!(windows) && self.config.features.enabled(Feature::WindowsSandbox) {
|
||||
cli_overrides.insert(
|
||||
"features.experimental_windows_sandbox".to_string(),
|
||||
serde_json::json!(true),
|
||||
);
|
||||
if cfg!(windows) {
|
||||
match WindowsSandboxLevel::from_config(&self.config) {
|
||||
WindowsSandboxLevel::Elevated => {
|
||||
cli_overrides
|
||||
.insert("windows.sandbox".to_string(), serde_json::json!("elevated"));
|
||||
}
|
||||
WindowsSandboxLevel::RestrictedToken => {
|
||||
cli_overrides.insert(
|
||||
"windows.sandbox".to_string(),
|
||||
serde_json::json!("unelevated"),
|
||||
);
|
||||
}
|
||||
WindowsSandboxLevel::Disabled => {}
|
||||
}
|
||||
}
|
||||
let request_overrides = if cli_overrides.is_empty() {
|
||||
None
|
||||
@@ -3855,13 +3873,24 @@ impl CodexMessageProcessor {
|
||||
include_apply_patch_tool,
|
||||
} = overrides;
|
||||
|
||||
// Persist windows sandbox feature.
|
||||
// Persist Windows sandbox mode.
|
||||
let mut request_overrides = request_overrides.unwrap_or_default();
|
||||
if cfg!(windows) && self.config.features.enabled(Feature::WindowsSandbox) {
|
||||
request_overrides.insert(
|
||||
"features.experimental_windows_sandbox".to_string(),
|
||||
serde_json::json!(true),
|
||||
);
|
||||
if cfg!(windows) {
|
||||
match WindowsSandboxLevel::from_config(&self.config) {
|
||||
WindowsSandboxLevel::Elevated => {
|
||||
request_overrides.insert(
|
||||
"windows.sandbox".to_string(),
|
||||
serde_json::json!("elevated"),
|
||||
);
|
||||
}
|
||||
WindowsSandboxLevel::RestrictedToken => {
|
||||
request_overrides.insert(
|
||||
"windows.sandbox".to_string(),
|
||||
serde_json::json!("unelevated"),
|
||||
);
|
||||
}
|
||||
WindowsSandboxLevel::Disabled => {}
|
||||
}
|
||||
}
|
||||
|
||||
let typesafe_overrides = ConfigOverrides {
|
||||
@@ -4034,13 +4063,24 @@ impl CodexMessageProcessor {
|
||||
include_apply_patch_tool,
|
||||
} = overrides;
|
||||
|
||||
// Persist windows sandbox feature.
|
||||
// Persist Windows sandbox mode.
|
||||
let mut cli_overrides = cli_overrides.unwrap_or_default();
|
||||
if cfg!(windows) && self.config.features.enabled(Feature::WindowsSandbox) {
|
||||
cli_overrides.insert(
|
||||
"features.experimental_windows_sandbox".to_string(),
|
||||
serde_json::json!(true),
|
||||
);
|
||||
if cfg!(windows) {
|
||||
match WindowsSandboxLevel::from_config(&self.config) {
|
||||
WindowsSandboxLevel::Elevated => {
|
||||
cli_overrides.insert(
|
||||
"windows.sandbox".to_string(),
|
||||
serde_json::json!("elevated"),
|
||||
);
|
||||
}
|
||||
WindowsSandboxLevel::RestrictedToken => {
|
||||
cli_overrides.insert(
|
||||
"windows.sandbox".to_string(),
|
||||
serde_json::json!("unelevated"),
|
||||
);
|
||||
}
|
||||
WindowsSandboxLevel::Disabled => {}
|
||||
}
|
||||
}
|
||||
let request_overrides = if cli_overrides.is_empty() {
|
||||
None
|
||||
|
||||
Reference in New Issue
Block a user