permissions: move workspace roots onto thread state

2026-05-26 14:04:48 +00:00 · 2026-05-12 23:22:45 -07:00
parent fbfbfe5fc5
commit 8a76af2354
168 changed files with 3246 additions and 3357 deletions
--- a/codex-rs/thread-store/src/local/create_thread.rs
+++ b/codex-rs/thread-store/src/local/create_thread.rs
@@ -22,6 +22,7 @@ pub(super) async fn create_thread(
        codex_home: store.config.codex_home.clone(),
        sqlite_home: store.config.sqlite_home.clone(),
        cwd,
+        workspace_roots: params.metadata.workspace_roots,
        model_provider_id: params.metadata.model_provider.clone(),
        generate_memories: matches!(params.metadata.memory_mode, ThreadMemoryMode::Enabled),
    };
--- a/codex-rs/thread-store/src/local/list_threads.rs
+++ b/codex-rs/thread-store/src/local/list_threads.rs
@@ -44,6 +44,7 @@ pub(super) async fn list_threads(
        codex_home: store.config.codex_home.clone(),
        sqlite_home: store.config.sqlite_home.clone(),
        cwd: store.config.codex_home.clone(),
+        workspace_roots: Vec::new(),
        model_provider_id: store.config.default_model_provider_id.clone(),
        generate_memories: false,
    };
--- a/codex-rs/thread-store/src/local/live_writer.rs
+++ b/codex-rs/thread-store/src/local/live_writer.rs
@@ -62,6 +62,7 @@ pub(super) async fn resume_thread(
        codex_home: store.config.codex_home.clone(),
        sqlite_home: store.config.sqlite_home.clone(),
        cwd,
+        workspace_roots: params.metadata.workspace_roots,
        model_provider_id: params.metadata.model_provider.clone(),
        generate_memories: matches!(params.metadata.memory_mode, ThreadMemoryMode::Enabled),
    };
--- a/codex-rs/thread-store/src/local/mod.rs
+++ b/codex-rs/thread-store/src/local/mod.rs
@@ -526,6 +526,7 @@ mod tests {
                include_archived: false,
                metadata: ThreadPersistenceMetadata {
                    cwd: Some(home.path().to_path_buf()),
+                    workspace_roots: Vec::new(),
                    model_provider: "different-provider".to_string(),
                    memory_mode: ThreadMemoryMode::Enabled,
                },
@@ -581,6 +582,7 @@ mod tests {
                include_archived: false,
                metadata: ThreadPersistenceMetadata {
                    cwd: Some(home.path().to_path_buf()),
+                    workspace_roots: Vec::new(),
                    model_provider: "different-provider".to_string(),
                    memory_mode: ThreadMemoryMode::Enabled,
                },
@@ -795,6 +797,7 @@ mod tests {
                include_archived: true,
                metadata: ThreadPersistenceMetadata {
                    cwd: None,
+                    workspace_roots: Vec::new(),
                    model_provider: "test-provider".to_string(),
                    memory_mode: ThreadMemoryMode::Enabled,
                },
@@ -1025,6 +1028,7 @@ mod tests {
    fn thread_metadata() -> ThreadPersistenceMetadata {
        ThreadPersistenceMetadata {
            cwd: Some(std::env::current_dir().expect("cwd")),
+            workspace_roots: Vec::new(),
            model_provider: "test-provider".to_string(),
            memory_mode: ThreadMemoryMode::Enabled,
        }
--- a/codex-rs/thread-store/src/local/update_thread_metadata.rs
+++ b/codex-rs/thread-store/src/local/update_thread_metadata.rs
@@ -1510,6 +1510,7 @@ mod tests {
    fn test_thread_metadata() -> ThreadPersistenceMetadata {
        ThreadPersistenceMetadata {
            cwd: Some(std::env::current_dir().expect("cwd")),
+            workspace_roots: Vec::new(),
            model_provider: "test-provider".to_string(),
            memory_mode: ThreadMemoryMode::Enabled,
        }
--- a/codex-rs/thread-store/src/thread_metadata_sync.rs
+++ b/codex-rs/thread-store/src/thread_metadata_sync.rs
@@ -533,6 +533,7 @@ mod tests {
            include_archived: false,
            metadata: ThreadPersistenceMetadata {
                cwd: None,
+                workspace_roots: Vec::new(),
                model_provider: "test-provider".to_string(),
                memory_mode: ThreadMemoryMode::Enabled,
            },
--- a/codex-rs/thread-store/src/types.rs
+++ b/codex-rs/thread-store/src/types.rs
@@ -14,6 +14,7 @@ use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::ThreadMemoryMode as MemoryMode;
 use codex_protocol::protocol::ThreadSource;
 use codex_protocol::protocol::TokenUsage;
+use codex_utils_absolute_path::AbsolutePathBuf;
 use serde::Deserialize;
 use serde::Deserializer;
 use serde::Serialize;
@@ -59,6 +60,9 @@ pub struct ThreadPersistenceMetadata {
    ///
    /// `None` means the thread has no filesystem/environment context.
    pub cwd: Option<PathBuf>,
+    /// Thread-scoped workspace roots used to materialize permission profiles.
+    #[serde(default)]
+    pub workspace_roots: Vec<AbsolutePathBuf>,
    /// Model provider associated with the thread.
    pub model_provider: String,
    /// Memory mode associated with the live thread.