sandboxing: plumb split sandbox policies through runtime

2026-05-05 11:57:33 +00:00 · 2026-03-06 13:03:45 -08:00
parent 929eeaf2c9
commit b4e9baaaff
18 changed files with 655 additions and 64 deletions
--- a/codex-rs/core/src/tools/sandboxing.rs
+++ b/codex-rs/core/src/tools/sandboxing.rs
@@ -7,6 +7,8 @@
 use crate::codex::Session;
 use crate::codex::TurnContext;
 use crate::error::CodexErr;
+use crate::protocol::FileSystemSandboxPolicy;
+use crate::protocol::NetworkSandboxPolicy;
 use crate::protocol::SandboxPolicy;
 use crate::sandboxing::CommandSpec;
 use crate::sandboxing::SandboxManager;
@@ -318,6 +320,8 @@ pub(crate) trait ToolRuntime<Req, Out>: Approvable<Req> + Sandboxable {
 pub(crate) struct SandboxAttempt<'a> {
    pub sandbox: crate::exec::SandboxType,
    pub policy: &'a crate::protocol::SandboxPolicy,
+    pub file_system_policy: &'a FileSystemSandboxPolicy,
+    pub network_policy: NetworkSandboxPolicy,
    pub enforce_managed_network: bool,
    pub(crate) manager: &'a SandboxManager,
    pub(crate) sandbox_cwd: &'a Path,
@@ -336,6 +340,8 @@ impl<'a> SandboxAttempt<'a> {
            .transform(crate::sandboxing::SandboxTransformRequest {
                spec,
                policy: self.policy,
+                file_system_policy: self.file_system_policy,
+                network_policy: self.network_policy,
                sandbox: self.sandbox,
                enforce_managed_network: self.enforce_managed_network,
                network,