From a667fb589be76bccd7a7326a0f70cf6ae17d03de Mon Sep 17 00:00:00 2001
From: viyatb-oai <viyatb@openai.com>
Date: Tue, 5 May 2026 11:22:04 -0700
Subject: [PATCH] fix: repair sandbox audit CI

Co-authored-by: Codex <noreply@openai.com>
---
 codex-rs/core/src/tools/runtimes/unified_exec.rs  | 5 ++++-
 codex-rs/core/src/unified_exec/process_manager.rs | 1 +
 codex-rs/sandboxing/src/violation.rs              | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/codex-rs/core/src/tools/runtimes/unified_exec.rs b/codex-rs/core/src/tools/runtimes/unified_exec.rs
index 62707b5fd2..a1991d23be 100644
--- a/codex-rs/core/src/tools/runtimes/unified_exec.rs
+++ b/codex-rs/core/src/tools/runtimes/unified_exec.rs
@@ -386,7 +386,10 @@ mod tests {
     #[test]
     fn unified_exec_options_combines_default_timeout_with_network_denial_cancellation() {
         let cancellation = CancellationToken::new();
-        let options = unified_exec_options(Some(cancellation.clone()), None);
+        let options = unified_exec_options(
+            Some(cancellation.clone()),
+            /*sandbox_violation_context*/ None,
+        );
 
         assert_eq!(options.capture_policy, ExecCapturePolicy::ShellTool);
         match options.expiration {
diff --git a/codex-rs/core/src/unified_exec/process_manager.rs b/codex-rs/core/src/unified_exec/process_manager.rs
index d5a330f340..7aedcb6f81 100644
--- a/codex-rs/core/src/unified_exec/process_manager.rs
+++ b/codex-rs/core/src/unified_exec/process_manager.rs
@@ -941,6 +941,7 @@ impl UnifiedExecProcessManager {
             return UnifiedExecProcess::from_spawned(
                 spawned.map_err(|err| UnifiedExecError::create_process(err.to_string()))?,
                 request.sandbox,
+                request.sandbox_violation_context.clone(),
                 spawn_lifecycle,
             )
             .await;
diff --git a/codex-rs/sandboxing/src/violation.rs b/codex-rs/sandboxing/src/violation.rs
index c62a15a3fd..8b42588bb1 100644
--- a/codex-rs/sandboxing/src/violation.rs
+++ b/codex-rs/sandboxing/src/violation.rs
@@ -3,6 +3,7 @@ use codex_network_proxy::BlockedRequest;
 use codex_protocol::exec_output::ExecToolCallOutput;
 use tracing::warn;
 
+#[cfg(unix)]
 const EXIT_CODE_SIGNAL_BASE: i32 = 128;
 const OUTPUT_SNIPPET_MAX_CHARS: usize = 512;