Fix Windows danger-full-access exec dispatch

2026-05-05 03:47:01 +00:00 · 2026-05-04 09:38:08 -07:00
2 changed files with 20 additions and 1 deletions
--- a/codex-rs/core/src/exec.rs
+++ b/codex-rs/core/src/exec.rs
@@ -482,7 +482,11 @@ async fn get_raw_output_result(
    >,
 ) -> Result<RawExecToolCallOutput> {
    #[cfg(target_os = "windows")]
-    if sandbox == SandboxType::WindowsRestrictedToken {
+    if should_use_windows_restricted_token_sandbox(
+        sandbox,
+        sandbox_policy,
+        &FileSystemSandboxPolicy::from(sandbox_policy),
+    ) {
        return exec_windows_sandbox(params, sandbox_policy, windows_sandbox_filesystem_overrides)
            .await;
    }
--- a/codex-rs/core/src/exec_tests.rs
+++ b/codex-rs/core/src/exec_tests.rs
@@ -377,6 +377,21 @@ async fn process_exec_tool_call_preserves_full_buffer_capture_policy() -> Result
    Ok(())
 }

+#[test]
+fn windows_restricted_token_skips_danger_full_access_policies() {
+    let policy = SandboxPolicy::DangerFullAccess;
+    let file_system_policy = FileSystemSandboxPolicy::from(&policy);
+
+    assert_eq!(
+        should_use_windows_restricted_token_sandbox(
+            SandboxType::WindowsRestrictedToken,
+            &policy,
+            &file_system_policy,
+        ),
+        false
+    );
+}
+
 #[test]
 fn windows_restricted_token_skips_external_sandbox_policies() {
    let policy = SandboxPolicy::ExternalSandbox {