clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-06-02 19:31:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Trim session env file runtime churn

Browse Source
This commit is contained in:
Abhinav Vedmala
2026-05-28 21:30:27 -07:00
parent 8cb24dcd1f
commit fffe4d60f3
6 changed files with 75 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
codex-rs/core/src/tasks/user_shell.rs
View File

@@ -20,7 +20,7 @@ use crate::session::TurnInput;
use crate::session::turn_context::TurnContext;
use crate::state::TaskKind;
use crate::tools::format_exec_output_str;
use crate::tools::runtimes::maybe_wrap_shell_command_with_runtime_env;
use crate::tools::runtimes::maybe_wrap_shell_lc_with_snapshot;
use crate::turn_timing::now_unix_timestamp_ms;
use crate::user_shell_command::user_shell_command_record_item;
use codex_protocol::exec_output::ExecToolCallOutput;
@@ -148,7 +148,7 @@ pub(crate) async fn execute_user_shell_command(
exec_env_map.remove(PROXY_GIT_SSH_COMMAND_ENV_KEY);
}
}
let exec_command = maybe_wrap_shell_command_with_runtime_env(
let exec_command = maybe_wrap_shell_lc_with_snapshot(
&display_command,
session_shell.as_ref(),
#[allow(deprecated)]

70
codex-rs/core/src/tools/runtimes/mod.rs
View File

@@ -22,6 +22,7 @@ use codex_sandboxing::SandboxCommand;
use codex_sandboxing::SandboxType;
use codex_utils_absolute_path::AbsolutePathBuf;
use std::collections::HashMap;
#[cfg(unix)]
use std::path::Path;
pub(crate) mod apply_patch;
@@ -138,15 +139,18 @@ pub(crate) fn disable_powershell_profile_for_elevated_windows_sandbox(
command
}
/// POSIX-only wrapper for commands produced by `Shell::derive_exec_args` when a
/// login-shell snapshot must be sourced before the user script:
/// POSIX-only helper: for commands produced by `Shell::derive_exec_args`
/// for Bash/Zsh/sh of the form `[shell_path, "-lc", "<script>"]`, and
/// when a snapshot is configured on the session shell, rewrite the argv
/// to a single non-login shell that sources the snapshot before running
/// the original script:
///
/// shell -lc "<script>" with a matching snapshot
/// => user_shell -c ". SNAPSHOT; exec shell -c <script>"
/// shell -lc "<script>"
/// => user_shell -c ". SNAPSHOT (best effort); exec shell -c <script>"
///
/// This wrapper script uses POSIX constructs (`if`, `.`, `exec`) so it can
/// be run by Bash/Zsh/sh. A snapshot remains restricted to login commands in
/// its matching cwd.
/// be run by Bash/Zsh/sh. On non-matching commands, or when command cwd does
/// not match the snapshot cwd, this is a no-op.
///
/// `explicit_env_overrides` and `env` are intentionally separate inputs.
/// `explicit_env_overrides` contains policy-driven shell env overrides that
@@ -154,7 +158,7 @@ pub(crate) fn disable_powershell_profile_for_elevated_windows_sandbox(
/// environment. We need access to both so snapshot restore logic can preserve
/// runtime-only vars like `CODEX_THREAD_ID` without pretending they came from
/// the explicit override policy.
pub(crate) fn maybe_wrap_shell_command_with_runtime_env(
pub(crate) fn maybe_wrap_shell_lc_with_snapshot(
command: &[String],
session_shell: &Shell,
cwd: &AbsolutePathBuf,
@@ -162,7 +166,18 @@ pub(crate) fn maybe_wrap_shell_command_with_runtime_env(
env: &HashMap<String, String>,
) -> Vec<String> {
if cfg!(windows) {
// TODO: Support a Windows shell environment persistence contract.
return command.to_vec();
}
let Some(snapshot) = session_shell.shell_snapshot() else {
return command.to_vec();
};
if !snapshot.path.exists() {
return command.to_vec();
}
if !path_utils::paths_match_after_normalization(snapshot.cwd.as_path(), cwd) {
return command.to_vec();
}
@@ -175,13 +190,15 @@ pub(crate) fn maybe_wrap_shell_command_with_runtime_env(
return command.to_vec();
}
let Some(snapshot) = session_shell.shell_snapshot().filter(|snapshot| {
snapshot.path.exists()
&& path_utils::paths_match_after_normalization(snapshot.cwd.as_path(), cwd)
}) else {
return command.to_vec();
};
let snapshot_path = snapshot.path.to_string_lossy();
let shell_path = session_shell.shell_path.to_string_lossy();
let original_shell = shell_single_quote(&command[0]);
let original_script = shell_single_quote(&command[2]);
let snapshot_path = shell_single_quote(snapshot_path.as_ref());
let trailing_args = command[3..]
.iter()
.map(|arg| format!(" '{}'", shell_single_quote(arg)))
.collect::<String>();
let mut override_env = explicit_env_overrides.clone();
if let Some(thread_id) = env.get(CODEX_THREAD_ID_ENV_VAR) {
override_env.insert(CODEX_THREAD_ID_ENV_VAR.to_string(), thread_id.clone());
@@ -190,26 +207,17 @@ pub(crate) fn maybe_wrap_shell_command_with_runtime_env(
let (proxy_captures, proxy_exports) = build_proxy_env_exports();
let override_captures = join_shell_blocks([override_captures, proxy_captures]);
let override_exports = join_shell_blocks([override_exports, proxy_exports]);
let path = shell_single_quote(&snapshot.path.to_string_lossy());
let source_commands = format!("if . '{path}' >/dev/null 2>&1; then :; fi");
let original_shell = shell_single_quote(&command[0]);
let original_script = shell_single_quote(&command[2]);
let trailing_args = command[3..]
.iter()
.map(|arg| format!(" '{}'", shell_single_quote(arg)))
.collect::<String>();
let execution = format!("exec '{original_shell}' -c '{original_script}'{trailing_args}");
let rewritten_script = if override_exports.is_empty() {
format!("{source_commands}\n\n{execution}")
format!(
"if . '{snapshot_path}' >/dev/null 2>&1; then :; fi\n\nexec '{original_shell}' -c '{original_script}'{trailing_args}"
)
} else {
format!("{override_captures}\n\n{source_commands}\n\n{override_exports}\n\n{execution}")
format!(
"{override_captures}\n\nif . '{snapshot_path}' >/dev/null 2>&1; then :; fi\n\n{override_exports}\n\nexec '{original_shell}' -c '{original_script}'{trailing_args}"
)
};
vec![
session_shell.shell_path.to_string_lossy().to_string(),
"-c".to_string(),
rewritten_script,
]
vec![shell_path.to_string(), "-c".to_string(), rewritten_script]
}
fn build_override_exports(explicit_env_overrides: &HashMap<String, String>) -> (String, String) {

65
codex-rs/core/src/tools/runtimes/mod_tests.rs
View File

@@ -221,7 +221,7 @@ fn maybe_wrap_shell_lc_with_snapshot_bootstraps_in_user_shell() {
"echo hello".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -235,31 +235,6 @@ fn maybe_wrap_shell_lc_with_snapshot_bootstraps_in_user_shell() {
assert!(rewritten[2].contains("exec '/bin/bash' -c 'echo hello'"));
}
#[test]
fn maybe_wrap_shell_command_skips_non_login_command_without_snapshot() {
let dir = tempdir().expect("create temp dir");
let session_shell = Shell {
shell_type: ShellType::Bash,
shell_path: PathBuf::from("/bin/bash"),
shell_snapshot: crate::shell::empty_shell_snapshot_receiver(),
};
let command = vec![
"/bin/bash".to_string(),
"-c".to_string(),
"printf '%s' \"$FROM_SESSION_START\"".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
&command,
&session_shell,
&dir.path().abs(),
&HashMap::new(),
&HashMap::new(),
);
assert_eq!(rewritten, command);
}
#[test]
fn maybe_wrap_shell_lc_with_snapshot_escapes_single_quotes() {
let dir = tempdir().expect("create temp dir");
@@ -277,7 +252,7 @@ fn maybe_wrap_shell_lc_with_snapshot_escapes_single_quotes() {
"echo 'hello'".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -305,7 +280,7 @@ fn maybe_wrap_shell_lc_with_snapshot_uses_bash_bootstrap_shell() {
"echo hello".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -336,7 +311,7 @@ fn maybe_wrap_shell_lc_with_snapshot_uses_sh_bootstrap_shell() {
"echo hello".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -369,7 +344,7 @@ fn maybe_wrap_shell_lc_with_snapshot_preserves_trailing_args() {
"arg1".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -404,7 +379,7 @@ fn maybe_wrap_shell_lc_with_snapshot_skips_when_cwd_mismatch() {
"echo hello".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&command_cwd.abs(),
@@ -433,7 +408,7 @@ fn maybe_wrap_shell_lc_with_snapshot_accepts_dot_alias_cwd() {
];
let command_cwd = dir.path().join(".");
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&command_cwd.abs(),
@@ -469,7 +444,7 @@ fn maybe_wrap_shell_lc_with_snapshot_restores_explicit_override_precedence() {
];
let explicit_env_overrides =
HashMap::from([("TEST_ENV_SNAPSHOT".to_string(), "worktree".to_string())]);
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -509,7 +484,7 @@ fn maybe_wrap_shell_lc_with_snapshot_restores_codex_thread_id_from_env() {
"-lc".to_string(),
"printf '%s' \"$CODEX_THREAD_ID\"".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -551,7 +526,7 @@ fn maybe_wrap_shell_lc_with_snapshot_restores_proxy_env_from_process_env() {
"printf '%s\\n%s\\n%s\\n%s' \"$PIP_PROXY\" \"$HTTP_PROXY\" \"$http_proxy\" \"$GIT_SSH_COMMAND\""
.to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -608,7 +583,7 @@ fn maybe_wrap_shell_lc_with_snapshot_refreshes_codex_proxy_git_ssh_command() {
"-lc".to_string(),
format!("printf '%s' \"${PROXY_GIT_SSH_COMMAND_ENV_KEY}\""),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -653,7 +628,7 @@ fn maybe_wrap_shell_lc_with_snapshot_restores_custom_git_ssh_command() {
"-lc".to_string(),
format!("printf '%s' \"${PROXY_GIT_SSH_COMMAND_ENV_KEY}\""),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -699,7 +674,7 @@ fn maybe_wrap_shell_lc_with_snapshot_clears_stale_codex_git_ssh_command_without_
"if [ \"${{{PROXY_GIT_SSH_COMMAND_ENV_KEY}+x}}\" = x ]; then printf 'set'; else printf 'unset'; fi"
),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -736,7 +711,7 @@ fn maybe_wrap_shell_lc_with_snapshot_keeps_user_proxy_env_when_proxy_inactive()
"-lc".to_string(),
"printf '%s' \"$HTTP_PROXY\"".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -786,7 +761,7 @@ fn maybe_wrap_shell_lc_with_snapshot_restores_live_env_when_snapshot_proxy_activ
if [ \"${{{PROXY_ACTIVE_ENV_KEY}+x}}\" = x ]; then printf 'active:%s' \"${PROXY_ACTIVE_ENV_KEY}\"; else printf 'active:unset'; fi"
),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -831,7 +806,7 @@ fn maybe_wrap_shell_lc_with_snapshot_keeps_snapshot_path_without_override() {
"-lc".to_string(),
"printf '%s' \"$PATH\"".to_string(),
];
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -868,7 +843,7 @@ fn maybe_wrap_shell_lc_with_snapshot_applies_explicit_path_override() {
"printf '%s' \"$PATH\"".to_string(),
];
let explicit_env_overrides = HashMap::from([("PATH".to_string(), "/worktree/bin".to_string())]);
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -916,7 +891,7 @@ fn maybe_wrap_shell_lc_with_snapshot_preserves_zsh_fork_path_prepend() {
let mut env = HashMap::from([("PATH".to_string(), "/worktree/bin".to_string())]);
let mut explicit_env_overrides = HashMap::new();
apply_zsh_fork_path_prepend(&mut env, &mut explicit_env_overrides, zsh_path.as_path());
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -960,7 +935,7 @@ fn maybe_wrap_shell_lc_with_snapshot_does_not_embed_override_values_in_argv() {
"OPENAI_API_KEY".to_string(),
"super-secret-value".to_string(),
)]);
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),
@@ -1008,7 +983,7 @@ fn maybe_wrap_shell_lc_with_snapshot_preserves_unset_override_variables() {
"CODEX_TEST_UNSET_OVERRIDE".to_string(),
"worktree-value".to_string(),
)]);
let rewritten = maybe_wrap_shell_command_with_runtime_env(
let rewritten = maybe_wrap_shell_lc_with_snapshot(
&command,
&session_shell,
&dir.path().abs(),

8
codex-rs/core/src/tools/runtimes/shell.rs
View File

@@ -25,7 +25,7 @@ use crate::tools::runtimes::apply_zsh_fork_path_prepend;
use crate::tools::runtimes::build_sandbox_command;
use crate::tools::runtimes::disable_powershell_profile_for_elevated_windows_sandbox;
use crate::tools::runtimes::exec_env_for_sandbox_permissions;
use crate::tools::runtimes::maybe_wrap_shell_command_with_runtime_env;
use crate::tools::runtimes::maybe_wrap_shell_lc_with_snapshot;
use crate::tools::sandboxing::Approvable;
use crate::tools::sandboxing::ApprovalCtx;
use crate::tools::sandboxing::ExecApprovalRequirement;
@@ -248,7 +248,7 @@ impl ToolRuntime<ShellRequest, ExecToolCallOutput> for ShellRuntime {
}
(env, explicit_env_overrides)
};
let command = maybe_wrap_shell_command_with_runtime_env(
let command = maybe_wrap_shell_lc_with_snapshot(
&req.command,
session_shell.as_ref(),
&req.cwd,
@@ -278,8 +278,8 @@ impl ToolRuntime<ShellRequest, ExecToolCallOutput> for ShellRuntime {
}
}
let additional_permissions = req.additional_permissions.clone();
let command = build_sandbox_command(&command, &req.cwd, &env, additional_permissions)?;
let command =
build_sandbox_command(&command, &req.cwd, &env, req.additional_permissions.clone())?;
let mut expiration: crate::exec::ExecExpiration = req.timeout_ms.into();
expiration = expiration.with_cancellation(req.cancellation_token.clone());
if let Some(cancellation) = attempt.network_denial_cancellation_token.clone() {

4
codex-rs/core/src/tools/runtimes/shell/unix_escalation.rs
View File

@@ -119,8 +119,8 @@ pub(super) async fn try_run_zsh_fork(
let mut env = exec_env_for_sandbox_permissions(&req.env, req.sandbox_permissions);
prepend_zsh_fork_bin_to_path(&mut env, shell_zsh_path);
let additional_permissions = req.additional_permissions.clone();
let command = build_sandbox_command(command, &req.cwd, &env, additional_permissions)?;
let command =
build_sandbox_command(command, &req.cwd, &env, req.additional_permissions.clone())?;
let options = ExecOptions {
expiration: req.timeout_ms.into(),
capture_policy: ExecCapturePolicy::ShellTool,

15
codex-rs/core/src/tools/runtimes/unified_exec.rs
View File

@@ -22,7 +22,7 @@ use crate::tools::runtimes::apply_zsh_fork_path_prepend;
use crate::tools::runtimes::build_sandbox_command;
use crate::tools::runtimes::disable_powershell_profile_for_elevated_windows_sandbox;
use crate::tools::runtimes::exec_env_for_sandbox_permissions;
use crate::tools::runtimes::maybe_wrap_shell_command_with_runtime_env;
use crate::tools::runtimes::maybe_wrap_shell_lc_with_snapshot;
use crate::tools::runtimes::shell::zsh_fork_backend;
use crate::tools::sandboxing::Approvable;
use crate::tools::sandboxing::ApprovalCtx;
@@ -276,10 +276,11 @@ impl<'a> ToolRuntime<UnifiedExecRequest, UnifiedExecProcess> for UnifiedExecRunt
}
explicit_env_overrides
};
let command = if req.environment.is_remote() {
let environment_is_remote = req.environment.is_remote();
let command = if environment_is_remote {
base_command.to_vec()
} else {
maybe_wrap_shell_command_with_runtime_env(
maybe_wrap_shell_lc_with_snapshot(
base_command,
session_shell.as_ref(),
&req.cwd,
@@ -298,11 +299,10 @@ impl<'a> ToolRuntime<UnifiedExecRequest, UnifiedExecProcess> for UnifiedExecRunt
} else {
command
};
let additional_permissions = req.additional_permissions.clone();
if let UnifiedExecShellMode::ZshFork(zsh_fork_config) = &self.shell_mode {
let command =
build_sandbox_command(&command, &req.cwd, &env, additional_permissions.clone())
build_sandbox_command(&command, &req.cwd, &env, req.additional_permissions.clone())
.map_err(|_| ToolError::Rejected("missing command line for PTY".to_string()))?;
let options = unified_exec_options(attempt.network_denial_cancellation_token.clone());
let mut exec_env = attempt
@@ -352,8 +352,9 @@ impl<'a> ToolRuntime<UnifiedExecRequest, UnifiedExecProcess> for UnifiedExecRunt
}
}
}
let command = build_sandbox_command(&command, &req.cwd, &env, additional_permissions)
.map_err(|_| ToolError::Rejected("missing command line for PTY".to_string()))?;
let command =
build_sandbox_command(&command, &req.cwd, &env, req.additional_permissions.clone())
.map_err(|_| ToolError::Rejected("missing command line for PTY".to_string()))?;
let options = unified_exec_options(attempt.network_denial_cancellation_token.clone());
let mut exec_env = attempt
.env_for(command, options, managed_network)