Promote Windows Sandbox (#11341)

1. Move Windows Sandbox NUX to right after trust directory screen 2. Don't offer read-only as an option in Sandbox NUX. Elevated/Legacy/Quit 3. Don't allow new untrusted directories. It's trust or quit 4. move experimental sandbox features to `[windows] sandbox="elevated|unelevatd"` 5. Copy tweaks = elevated -> default, non-elevated -> non-admin
2026-05-04 03:16:31 +00:00 · 2026-02-11 11:48:33 -08:00
parent 24e6adbda5
commit 87279de434
21 changed files with 727 additions and 395 deletions
--- a/codex-rs/tui/src/chatwidget/snapshots/codex_tuichatwidgettests__approvals_selection_popup@windows_degraded.snap
+++ b/codex-rs/tui/src/chatwidget/snapshots/codex_tuichatwidgettests__approvals_selection_popup@windows_degraded.snap
@@ -8,7 +8,7 @@ expression: popup
 › 1. Read Only (current)             Codex can read files in the current
                                     workspace. Approval is required to edit
                                     files or access the internet.
-  2. Default (non-elevated sandbox)  Codex can read and edit files in the
+  2. Default (non-admin sandbox)  Codex can read and edit files in the
                                     current workspace, and run commands.
                                     Approval is required to access the
                                     internet or edit other files.
@@ -17,7 +17,7 @@ expression: popup
                                     asking for approval. Exercise caution
                                     when using.

-  The non-elevated sandbox protects your files and prevents network access under
+  The non-admin sandbox protects your files and prevents network access under
  most circumstances. However, it carries greater risk if prompt injected. To
-  upgrade to the elevated sandbox, run /setup-elevated-sandbox.
+  upgrade to the default sandbox, run /setup-default-sandbox.
  Press enter to confirm or esc to go back