mirror of
https://github.com/openai/codex.git
synced 2026-05-23 12:34:25 +00:00
bacb92b1d7
## Summary - add an exec-server `envPolicy` field; when present, the server starts from its own process env and applies the shell environment policy there - keep `env` as the exact environment for local/embedded starts, but make it an overlay for remote unified-exec starts - move the shell-environment-policy builder into `codex-config` so Core and exec-server share the inherit/filter/set/include behavior - overlay only runtime/sandbox/network deltas from Core onto the exec-server-derived env ## Why Remote unified exec was materializing the shell env inside Core and forwarding the whole map to exec-server, so remote processes could inherit the orchestrator machine's `HOME`, `PATH`, etc. This keeps the base env on the executor while preserving Core-owned runtime additions like `CODEX_THREAD_ID`, unified-exec defaults, network proxy env, and sandbox marker env. ## Validation - `just fmt` - `git diff --check` - `cargo test -p codex-exec-server --lib` - `cargo test -p codex-core --lib unified_exec::process_manager::tests` - `cargo test -p codex-core --lib exec_env::tests` - `cargo test -p codex-core --lib exec_env_tests` (compile-only; filter matched 0 tests) - `cargo test -p codex-config --lib shell_environment` (compile-only; filter matched 0 tests) - `just bazel-lock-update` ## Known local validation issue - `just bazel-lock-check` is not runnable in this checkout: it invokes `./scripts/check-module-bazel-lock.sh`, which is missing. --------- Co-authored-by: Codex <noreply@openai.com> Co-authored-by: pakrym-oai <pakrym@openai.com>
56 lines
1.8 KiB
Rust
56 lines
1.8 KiB
Rust
#[cfg(test)]
|
|
use codex_config::types::EnvironmentVariablePattern;
|
|
use codex_config::types::ShellEnvironmentPolicy;
|
|
use codex_protocol::ThreadId;
|
|
use std::collections::HashMap;
|
|
|
|
pub use codex_config::shell_environment::CODEX_THREAD_ID_ENV_VAR;
|
|
|
|
/// Construct an environment map based on the rules in the specified policy. The
|
|
/// resulting map can be passed directly to `Command::envs()` after calling
|
|
/// `env_clear()` to ensure no unintended variables are leaked to the spawned
|
|
/// process.
|
|
///
|
|
/// The derivation follows the algorithm documented in the struct-level comment
|
|
/// for [`ShellEnvironmentPolicy`].
|
|
///
|
|
/// `CODEX_THREAD_ID` is injected when a thread id is provided, even when
|
|
/// `include_only` is set.
|
|
pub fn create_env(
|
|
policy: &ShellEnvironmentPolicy,
|
|
thread_id: Option<ThreadId>,
|
|
) -> HashMap<String, String> {
|
|
let thread_id = thread_id.map(|thread_id| thread_id.to_string());
|
|
codex_config::shell_environment::create_env(policy, thread_id.as_deref())
|
|
}
|
|
|
|
#[cfg(all(test, target_os = "windows"))]
|
|
fn create_env_from_vars<I>(
|
|
vars: I,
|
|
policy: &ShellEnvironmentPolicy,
|
|
thread_id: Option<ThreadId>,
|
|
) -> HashMap<String, String>
|
|
where
|
|
I: IntoIterator<Item = (String, String)>,
|
|
{
|
|
let thread_id = thread_id.map(|thread_id| thread_id.to_string());
|
|
codex_config::shell_environment::create_env_from_vars(vars, policy, thread_id.as_deref())
|
|
}
|
|
|
|
#[cfg(test)]
|
|
fn populate_env<I>(
|
|
vars: I,
|
|
policy: &ShellEnvironmentPolicy,
|
|
thread_id: Option<ThreadId>,
|
|
) -> HashMap<String, String>
|
|
where
|
|
I: IntoIterator<Item = (String, String)>,
|
|
{
|
|
let thread_id = thread_id.map(|thread_id| thread_id.to_string());
|
|
codex_config::shell_environment::populate_env(vars, policy, thread_id.as_deref())
|
|
}
|
|
|
|
#[cfg(test)]
|
|
#[path = "exec_env_tests.rs"]
|
|
mod tests;
|