Spread AbsolutePathBuf (#17792)

Mechanical change to promote absolute paths through code.
2026-04-25 07:05:38 +00:00 · 2026-04-14 14:26:10 -07:00
parent dae56994da
commit dd1321d11b
166 changed files with 1638 additions and 1214 deletions
--- a/codex-rs/exec/tests/event_processor_with_json_output.rs
+++ b/codex-rs/exec/tests/event_processor_with_json_output.rs
@@ -1,5 +1,3 @@
-use std::path::PathBuf;
-
 use codex_app_server_protocol::CollabAgentState as ApiCollabAgentState;
 use codex_app_server_protocol::CollabAgentStatus as ApiCollabAgentStatus;
 use codex_app_server_protocol::CollabAgentTool;
@@ -34,6 +32,8 @@ use codex_protocol::models::WebSearchAction;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::SandboxPolicy;
 use codex_protocol::protocol::SessionConfiguredEvent;
+use codex_utils_absolute_path::test_support::PathBufExt;
+use codex_utils_absolute_path::test_support::test_path_buf;
 use pretty_assertions::assert_eq;
 use serde_json::json;

@@ -115,7 +115,7 @@ fn session_configured_produces_thread_started_event() {
        approval_policy: AskForApproval::Never,
        approvals_reviewer: codex_protocol::config_types::ApprovalsReviewer::User,
        sandbox_policy: SandboxPolicy::new_read_only_policy(),
-        cwd: PathBuf::from("/tmp/project"),
+        cwd: test_path_buf("/tmp/project").abs(),
        reasoning_effort: None,
        history_log_id: 0,
        history_entry_count: 0,
@@ -165,7 +165,7 @@ fn command_execution_started_and_completed_translate_to_thread_events() {
    let command_item = ThreadItem::CommandExecution {
        id: "cmd-1".to_string(),
        command: "ls".to_string(),
-        cwd: PathBuf::from("/tmp/project"),
+        cwd: test_path_buf("/tmp/project").abs(),
        process_id: Some("123".to_string()),
        source: CommandExecutionSource::UserShell,
        status: ApiCommandExecutionStatus::InProgress,
@@ -204,7 +204,7 @@ fn command_execution_started_and_completed_translate_to_thread_events() {
            item: ThreadItem::CommandExecution {
                id: "cmd-1".to_string(),
                command: "ls".to_string(),
-                cwd: PathBuf::from("/tmp/project"),
+                cwd: test_path_buf("/tmp/project").abs(),
                process_id: Some("123".to_string()),
                source: CommandExecutionSource::UserShell,
                status: ApiCommandExecutionStatus::Completed,
@@ -1278,7 +1278,7 @@ fn turn_completion_reconciles_started_items_from_turn_items() {
            item: ThreadItem::CommandExecution {
                id: "cmd-1".to_string(),
                command: "ls".to_string(),
-                cwd: PathBuf::from("/tmp/project"),
+                cwd: test_path_buf("/tmp/project").abs(),
                process_id: Some("123".to_string()),
                source: CommandExecutionSource::UserShell,
                status: ApiCommandExecutionStatus::InProgress,
@@ -1316,7 +1316,7 @@ fn turn_completion_reconciles_started_items_from_turn_items() {
                items: vec![ThreadItem::CommandExecution {
                    id: "cmd-1".to_string(),
                    command: "ls".to_string(),
-                    cwd: PathBuf::from("/tmp/project"),
+                    cwd: test_path_buf("/tmp/project").abs(),
                    process_id: Some("123".to_string()),
                    source: CommandExecutionSource::UserShell,
                    status: ApiCommandExecutionStatus::Completed,
--- a/codex-rs/exec/tests/suite/sandbox.rs
+++ b/codex-rs/exec/tests/suite/sandbox.rs
@@ -2,11 +2,10 @@
 use codex_core::spawn::StdioPolicy;
 use codex_protocol::protocol::SandboxPolicy;
 use codex_utils_absolute_path::AbsolutePathBuf;
+use codex_utils_absolute_path::test_support::PathBufExt;
 use std::collections::HashMap;
 use std::future::Future;
 use std::io;
-use std::path::Path;
-use std::path::PathBuf;
 use std::process::ExitStatus;
 use tokio::fs::create_dir_all;
 use tokio::process::Child;
@@ -14,9 +13,9 @@ use tokio::process::Child;
 #[cfg(target_os = "macos")]
 async fn spawn_command_under_sandbox(
    command: Vec<String>,
-    command_cwd: PathBuf,
+    command_cwd: AbsolutePathBuf,
    sandbox_policy: &SandboxPolicy,
-    sandbox_cwd: &Path,
+    sandbox_cwd: &AbsolutePathBuf,
    stdio_policy: StdioPolicy,
    env: HashMap<String, String>,
 ) -> std::io::Result<Child> {
@@ -36,9 +35,9 @@ async fn spawn_command_under_sandbox(
 #[cfg(target_os = "linux")]
 async fn spawn_command_under_sandbox(
    command: Vec<String>,
-    command_cwd: PathBuf,
+    command_cwd: AbsolutePathBuf,
    sandbox_policy: &SandboxPolicy,
-    sandbox_cwd: &Path,
+    sandbox_cwd: &AbsolutePathBuf,
    stdio_policy: StdioPolicy,
    env: HashMap<String, String>,
 ) -> std::io::Result<Child> {
@@ -67,13 +66,11 @@ async fn spawn_command_under_sandbox(
 /// (for example on kernels or container profiles where Landlock is not
 /// enforced).
 async fn linux_sandbox_test_env() -> Option<HashMap<String, String>> {
-    let command_cwd = std::env::current_dir().ok()?;
+    let command_cwd = AbsolutePathBuf::current_dir().ok()?;
    let sandbox_cwd = command_cwd.clone();
    let policy = SandboxPolicy::new_read_only_policy();

-    if can_apply_linux_sandbox_policy(&policy, &command_cwd, sandbox_cwd.as_path(), HashMap::new())
-        .await
-    {
+    if can_apply_linux_sandbox_policy(&policy, &command_cwd, &sandbox_cwd, HashMap::new()).await {
        return Some(HashMap::new());
    }

@@ -89,13 +86,13 @@ async fn linux_sandbox_test_env() -> Option<HashMap<String, String>> {
 /// Landlock enforcement is actually active.
 async fn can_apply_linux_sandbox_policy(
    policy: &SandboxPolicy,
-    command_cwd: &Path,
-    sandbox_cwd: &Path,
+    command_cwd: &AbsolutePathBuf,
+    sandbox_cwd: &AbsolutePathBuf,
    env: HashMap<String, String>,
 ) -> bool {
    let spawn_result = spawn_command_under_sandbox(
        vec!["/usr/bin/true".to_string()],
-        command_cwd.to_path_buf(),
+        command_cwd.clone(),
        policy,
        sandbox_cwd,
        StdioPolicy::RedirectForShellTool,
@@ -155,7 +152,7 @@ if __name__ == '__main__':
    p.join()
 "#;

-    let command_cwd = std::env::current_dir().expect("should be able to get current dir");
+    let command_cwd = AbsolutePathBuf::current_dir().expect("should be able to get current dir");
    let sandbox_cwd = command_cwd.clone();
    let mut child = spawn_command_under_sandbox(
        vec![
@@ -165,7 +162,7 @@ if __name__ == '__main__':
        ],
        command_cwd,
        &policy,
-        sandbox_cwd.as_path(),
+        &sandbox_cwd,
        StdioPolicy::Inherit,
        sandbox_env,
    )
@@ -197,7 +194,7 @@ async fn python_getpwuid_works_under_sandbox() {
    }

    let policy = SandboxPolicy::new_read_only_policy();
-    let command_cwd = std::env::current_dir().expect("should be able to get current dir");
+    let command_cwd = AbsolutePathBuf::current_dir().expect("should be able to get current dir");
    let sandbox_cwd = command_cwd.clone();

    let mut child = spawn_command_under_sandbox(
@@ -208,7 +205,7 @@ async fn python_getpwuid_works_under_sandbox() {
        ],
        command_cwd,
        &policy,
-        sandbox_cwd.as_path(),
+        &sandbox_cwd,
        StdioPolicy::RedirectForShellTool,
        sandbox_env,
    )
@@ -234,12 +231,13 @@ async fn sandbox_distinguishes_command_and_policy_cwds() {
    let sandbox_env = HashMap::new();
    let temp = tempfile::tempdir().expect("should be able to create temp dir");
    let sandbox_root = temp.path().join("sandbox");
-    let command_root = temp.path().join("command");
+    let command_root = temp.path().join("command").abs();
    create_dir_all(&sandbox_root).await.expect("mkdir");
    create_dir_all(&command_root).await.expect("mkdir");
    let canonical_sandbox_root = tokio::fs::canonicalize(&sandbox_root)
        .await
-        .expect("canonicalize sandbox root");
+        .expect("canonicalize sandbox root")
+        .abs();
    let canonical_allowed_path = canonical_sandbox_root.join("allowed.txt");

    let disallowed_path = command_root.join("forbidden.txt");
@@ -264,7 +262,7 @@ async fn sandbox_distinguishes_command_and_policy_cwds() {
        ],
        command_root.clone(),
        &policy,
-        canonical_sandbox_root.as_path(),
+        &canonical_sandbox_root,
        StdioPolicy::Inherit,
        sandbox_env.clone(),
    )
@@ -295,7 +293,7 @@ async fn sandbox_distinguishes_command_and_policy_cwds() {
        ],
        command_root,
        &policy,
-        canonical_sandbox_root.as_path(),
+        &canonical_sandbox_root,
        StdioPolicy::Inherit,
        sandbox_env,
    )
@@ -325,7 +323,7 @@ async fn sandbox_blocks_first_time_dot_codex_creation() {
    let sandbox_env = HashMap::new();

    let temp = tempfile::tempdir().expect("should be able to create temp dir");
-    let repo_root = temp.path().join("repo");
+    let repo_root = temp.path().join("repo").abs();
    create_dir_all(&repo_root).await.expect("mkdir repo");
    let dot_codex = repo_root.join(".codex");
    let config_toml = dot_codex.join("config.toml");
@@ -346,7 +344,7 @@ async fn sandbox_blocks_first_time_dot_codex_creation() {
        ],
        repo_root.clone(),
        &policy,
-        repo_root.as_path(),
+        &repo_root,
        StdioPolicy::RedirectForShellTool,
        sandbox_env,
    )
@@ -493,13 +491,14 @@ where
        cmds.push(test_selector.into());

        // Your existing launcher:
-        let command_cwd = std::env::current_dir().expect("should be able to get current dir");
+        let command_cwd =
+            AbsolutePathBuf::current_dir().expect("should be able to get current dir");
        let sandbox_cwd = command_cwd.clone();
        let mut child = spawn_command_under_sandbox(
            cmds,
            command_cwd,
            policy,
-            sandbox_cwd.as_path(),
+            &sandbox_cwd,
            stdio_policy,
            HashMap::from([("IN_SANDBOX".into(), "1".into())]),
        )