windows setup: derive sandbox from permission profile

exec tests: derive thread sandbox from profile
2026-05-06 12:26:38 +00:00 · 2026-04-30 05:26:50 -07:00 · 2026-04-30 05:21:34 -07:00
3 changed files with 22 additions and 13 deletions
--- a/codex-rs/app-server/src/codex_message_processor.rs
+++ b/codex-rs/app-server/src/codex_message_processor.rs
@@ -8072,9 +8072,7 @@ impl CodexMessageProcessor {
                Ok(config) => {
                    let setup_request = WindowsSandboxSetupRequest {
                        mode,
-                        policy: config
-                            .permissions
-                            .legacy_sandbox_policy(config.cwd.as_path()),
+                        permission_profile: config.permissions.permission_profile(),
                        policy_cwd: config.cwd.to_path_buf(),
                        command_cwd,
                        env_map: std::env::vars().collect(),
--- a/codex-rs/core/src/windows_sandbox.rs
+++ b/codex-rs/core/src/windows_sandbox.rs
@@ -9,7 +9,9 @@ use codex_features::FeaturesToml;
 use codex_login::default_client::originator;
 use codex_otel::sanitize_metric_tag_value;
 use codex_protocol::config_types::WindowsSandboxLevel;
+use codex_protocol::models::PermissionProfile;
 use codex_protocol::protocol::SandboxPolicy;
+use codex_sandboxing::compatibility_sandbox_policy_for_permission_profile;
 use std::collections::BTreeMap;
 use std::collections::HashMap;
 use std::path::Path;
@@ -272,7 +274,7 @@ pub enum WindowsSandboxSetupMode {
 #[derive(Debug, Clone)]
 pub struct WindowsSandboxSetupRequest {
    pub mode: WindowsSandboxSetupMode,
-    pub policy: SandboxPolicy,
+    pub permission_profile: PermissionProfile,
    pub policy_cwd: PathBuf,
    pub command_cwd: PathBuf,
    pub env_map: HashMap<String, String>,
@@ -311,13 +313,20 @@ async fn run_windows_sandbox_setup_and_persist(
    request: WindowsSandboxSetupRequest,
 ) -> anyhow::Result<()> {
    let mode = request.mode;
-    let policy = request.policy;
+    let permission_profile = request.permission_profile;
    let policy_cwd = request.policy_cwd;
    let command_cwd = request.command_cwd;
    let env_map = request.env_map;
    let codex_home = request.codex_home;
    let active_profile = request.active_profile;
    let setup_codex_home = codex_home.clone();
+    let file_system_sandbox_policy = permission_profile.file_system_sandbox_policy();
+    let policy = compatibility_sandbox_policy_for_permission_profile(
+        &permission_profile,
+        &file_system_sandbox_policy,
+        permission_profile.network_sandbox_policy(),
+        policy_cwd.as_path(),
+    );

    let setup_result = tokio::task::spawn_blocking(move || -> anyhow::Result<()> {
        match mode {
--- a/codex-rs/exec/src/lib_tests.rs
+++ b/codex-rs/exec/src/lib_tests.rs
@@ -460,6 +460,13 @@ async fn session_configured_from_thread_response_uses_permission_profile_from_re
 }

 fn sample_thread_start_response() -> ThreadStartResponse {
+    let cwd = test_path_buf("/tmp").abs();
+    let permission_profile = PermissionProfile::workspace_write();
+    let sandbox = permission_profile
+        .to_legacy_sandbox_policy(cwd.as_path())
+        .expect("workspace profile should have a legacy projection")
+        .into();
+
    ThreadStartResponse {
        thread: codex_app_server_protocol::Thread {
            id: "67e55044-10b1-426f-9247-bb680e5fe0c8".to_string(),
@@ -471,7 +478,7 @@ fn sample_thread_start_response() -> ThreadStartResponse {
            updated_at: 0,
            status: codex_app_server_protocol::ThreadStatus::Idle,
            path: Some(PathBuf::from("/tmp/rollout.jsonl")),
-            cwd: test_path_buf("/tmp").abs(),
+            cwd: cwd.clone(),
            cli_version: "0.0.0".to_string(),
            source: codex_app_server_protocol::SessionSource::Cli,
            agent_nickname: None,
@@ -483,16 +490,11 @@ fn sample_thread_start_response() -> ThreadStartResponse {
        model: "gpt-5.4".to_string(),
        model_provider: "openai".to_string(),
        service_tier: None,
-        cwd: test_path_buf("/tmp").abs(),
+        cwd,
        instruction_sources: Vec::new(),
        approval_policy: codex_app_server_protocol::AskForApproval::OnRequest,
        approvals_reviewer: codex_app_server_protocol::ApprovalsReviewer::AutoReview,
-        sandbox: codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
-            writable_roots: vec![],
-            network_access: false,
-            exclude_tmpdir_env_var: false,
-            exclude_slash_tmp: false,
-        },
+        sandbox,
        permission_profile: None,
        active_permission_profile: None,
        reasoning_effort: None,
Author	SHA1	Message	Date
Michael Bolin	0d0d3d8d12	windows setup: derive sandbox from permission profile	2026-04-30 05:26:50 -07:00
Michael Bolin	22ef2d9dc3	exec tests: derive thread sandbox from profile	2026-04-30 05:21:34 -07:00