refactoring with_escalated_permissions to use SandboxPermissions instead (#7750)

helpful in the future if we want more granularity for requesting escalated permissions: e.g when running in readonly sandbox, model can request to escalate to a sandbox that allows writes
2026-04-24 22:54:54 +00:00 · 2025-12-10 09:18:48 -08:00
parent 97b90094cd
commit e0fb3ca1db
27 changed files with 216 additions and 179 deletions
--- a/codex-rs/exec-server/src/posix.rs
+++ b/codex-rs/exec-server/src/posix.rs
@@ -63,6 +63,7 @@ use anyhow::Context as _;
 use clap::Parser;
 use codex_core::config::find_codex_home;
 use codex_core::is_dangerous_command::command_might_be_dangerous;
+use codex_core::sandboxing::SandboxPermissions;
 use codex_execpolicy::Decision;
 use codex_execpolicy::Policy;
 use codex_execpolicy::RuleMatch;
@@ -202,13 +203,19 @@ pub(crate) fn evaluate_exec_policy(
            && rule_match.decision() == evaluation.decision
    });

+    let sandbox_permissions = if decision_driven_by_policy {
+        SandboxPermissions::RequireEscalated
+    } else {
+        SandboxPermissions::UseDefault
+    };
+
    Ok(match evaluation.decision {
        Decision::Forbidden => ExecPolicyOutcome::Forbidden,
        Decision::Prompt => ExecPolicyOutcome::Prompt {
-            run_with_escalated_permissions: decision_driven_by_policy,
+            sandbox_permissions,
        },
        Decision::Allow => ExecPolicyOutcome::Allow {
-            run_with_escalated_permissions: decision_driven_by_policy,
+            sandbox_permissions,
        },
    })
 }
@@ -231,6 +238,7 @@ async fn load_exec_policy() -> anyhow::Result<Policy> {
 #[cfg(test)]
 mod tests {
    use super::*;
+    use codex_core::sandboxing::SandboxPermissions;
    use codex_execpolicy::Decision;
    use codex_execpolicy::Policy;
    use pretty_assertions::assert_eq;
@@ -247,7 +255,7 @@ mod tests {
        assert_eq!(
            outcome,
            ExecPolicyOutcome::Prompt {
-                run_with_escalated_permissions: false
+                sandbox_permissions: SandboxPermissions::UseDefault
            }
        );
    }
@@ -276,7 +284,7 @@ mod tests {
        assert_eq!(
            outcome,
            ExecPolicyOutcome::Allow {
-                run_with_escalated_permissions: true
+                sandbox_permissions: SandboxPermissions::RequireEscalated
            }
        );
    }
--- a/codex-rs/exec-server/src/posix/escalate_server.rs
+++ b/codex-rs/exec-server/src/posix/escalate_server.rs
@@ -10,6 +10,7 @@ use path_absolutize::Absolutize as _;

 use codex_core::SandboxState;
 use codex_core::exec::process_exec_tool_call;
+use codex_core::sandboxing::SandboxPermissions;
 use tokio::process::Command;
 use tokio_util::sync::CancellationToken;

@@ -85,7 +86,7 @@ impl EscalateServer {
                cwd: PathBuf::from(&workdir),
                expiration: ExecExpiration::Cancellation(cancel_rx),
                env,
-                with_escalated_permissions: None,
+                sandbox_permissions: SandboxPermissions::UseDefault,
                justification: None,
                arg0: None,
            },
--- a/codex-rs/exec-server/src/posix/mcp_escalation_policy.rs
+++ b/codex-rs/exec-server/src/posix/mcp_escalation_policy.rs
@@ -1,5 +1,6 @@
 use std::path::Path;

+use codex_core::sandboxing::SandboxPermissions;
 use codex_execpolicy::Policy;
 use rmcp::ErrorData as McpError;
 use rmcp::RoleServer;
@@ -18,10 +19,10 @@ use tokio::sync::RwLock;
 #[derive(Debug, PartialEq, Eq)]
 pub(crate) enum ExecPolicyOutcome {
    Allow {
-        run_with_escalated_permissions: bool,
+        sandbox_permissions: SandboxPermissions,
    },
    Prompt {
-        run_with_escalated_permissions: bool,
+        sandbox_permissions: SandboxPermissions,
    },
    Forbidden,
 }
@@ -108,16 +109,16 @@ impl EscalationPolicy for McpEscalationPolicy {
            crate::posix::evaluate_exec_policy(&policy, file, argv, self.preserve_program_paths)?;
        let action = match outcome {
            ExecPolicyOutcome::Allow {
-                run_with_escalated_permissions,
+                sandbox_permissions,
            } => {
-                if run_with_escalated_permissions {
+                if sandbox_permissions.requires_escalated_permissions() {
                    EscalateAction::Escalate
                } else {
                    EscalateAction::Run
                }
            }
            ExecPolicyOutcome::Prompt {
-                run_with_escalated_permissions,
+                sandbox_permissions,
            } => {
                let result = self
                    .prompt(file, argv, workdir, self.context.clone())
@@ -125,7 +126,7 @@ impl EscalationPolicy for McpEscalationPolicy {
                // TODO: Extract reason from `result.content`.
                match result.action {
                    ElicitationAction::Accept => {
-                        if run_with_escalated_permissions {
+                        if sandbox_permissions.requires_escalated_permissions() {
                            EscalateAction::Escalate
                        } else {
                            EscalateAction::Run