mirror of
https://github.com/openai/codex.git
synced 2026-05-24 04:54:52 +00:00
6ed0440611
## Why
`codex sandbox` is useful for exercising sandbox behavior directly, but
before this stack the CLI
only picked up permission profiles indirectly from the active config.
The existing debug-sandbox path
already compiled `[permissions]` profiles through normal config loading,
as covered by the existing
profile tests in
[`debug_sandbox.rs`](de2ccf9473/codex-rs/cli/src/debug_sandbox.rs (L715-L760)).
This adds the smallest stable entry point first: an explicit profile
selector that reuses the same
config machinery as normal Codex config, so standalone testing becomes
possible without changing
current no-selector behavior.
## What changed
- Add additive `--permissions-profile NAME` support to `codex sandbox
macos|linux|windows`.
- Resolve built-in and user-defined profile names by feeding
`default_permissions` through the
existing config compilation path instead of inventing a sandbox-only
parser.
- Make an explicit selector win over an ambient active profile's legacy
`sandbox_mode`.
- Keep the existing no-selector behavior unchanged.
## Stack
1. #20117 `sandbox-ui-profile` --> this PR
2. #20118 `sandbox-ui-config`
Both PRs are additive. Replay JSON is intentionally deferred to a
follow-up design pass.
## Tests ran
- `cargo test -p codex-cli debug_sandbox`
- `cargo test -p codex-cli sandbox_macos_parses_permissions_profile`
- `cargo test -p codex-core
cli_override_takes_precedence_over_profile_sandbox_mode`
- macOS branch-binary smoke on the rebased top of stack: built-in
`:workspace` and user-defined
profiles both executed successfully through `--permissions-profile`.
- Linux devbox branch-binary smoke on the rebased top of stack: built-in
`:workspace` and
user-defined profiles both executed successfully through
`--permissions-profile`.
76 lines
2.7 KiB
Rust
76 lines
2.7 KiB
Rust
pub(crate) mod debug_sandbox;
|
|
mod exit_status;
|
|
pub(crate) mod login;
|
|
|
|
use clap::Parser;
|
|
use codex_utils_absolute_path::AbsolutePathBuf;
|
|
use codex_utils_cli::CliConfigOverrides;
|
|
|
|
pub use debug_sandbox::run_command_under_landlock;
|
|
pub use debug_sandbox::run_command_under_seatbelt;
|
|
pub use debug_sandbox::run_command_under_windows;
|
|
pub use login::read_agent_identity_from_stdin;
|
|
pub use login::read_api_key_from_stdin;
|
|
pub use login::run_login_status;
|
|
pub use login::run_login_with_agent_identity;
|
|
pub use login::run_login_with_api_key;
|
|
pub use login::run_login_with_chatgpt;
|
|
pub use login::run_login_with_device_code;
|
|
pub use login::run_login_with_device_code_fallback_to_browser;
|
|
pub use login::run_logout;
|
|
|
|
#[derive(Debug, Parser)]
|
|
pub struct SeatbeltCommand {
|
|
/// Named permissions profile to apply from the active configuration stack.
|
|
#[arg(long = "permissions-profile", value_name = "NAME")]
|
|
pub permissions_profile: Option<String>,
|
|
|
|
/// Allow the sandboxed command to bind/connect AF_UNIX sockets rooted at this path. Relative paths are resolved against the current directory. Repeat to allow multiple paths.
|
|
#[arg(long = "allow-unix-socket", value_parser = parse_allow_unix_socket_path)]
|
|
pub allow_unix_sockets: Vec<AbsolutePathBuf>,
|
|
|
|
/// While the command runs, capture macOS sandbox denials via `log stream` and print them after exit
|
|
#[arg(long = "log-denials", default_value_t = false)]
|
|
pub log_denials: bool,
|
|
|
|
#[clap(skip)]
|
|
pub config_overrides: CliConfigOverrides,
|
|
|
|
/// Full command args to run under seatbelt.
|
|
#[arg(trailing_var_arg = true)]
|
|
pub command: Vec<String>,
|
|
}
|
|
|
|
fn parse_allow_unix_socket_path(raw: &str) -> Result<AbsolutePathBuf, String> {
|
|
AbsolutePathBuf::relative_to_current_dir(raw)
|
|
.map_err(|err| format!("invalid path {raw}: {err}"))
|
|
}
|
|
|
|
#[derive(Debug, Parser)]
|
|
pub struct LandlockCommand {
|
|
/// Named permissions profile to apply from the active configuration stack.
|
|
#[arg(long = "permissions-profile", value_name = "NAME")]
|
|
pub permissions_profile: Option<String>,
|
|
|
|
#[clap(skip)]
|
|
pub config_overrides: CliConfigOverrides,
|
|
|
|
/// Full command args to run under the Linux sandbox.
|
|
#[arg(trailing_var_arg = true)]
|
|
pub command: Vec<String>,
|
|
}
|
|
|
|
#[derive(Debug, Parser)]
|
|
pub struct WindowsCommand {
|
|
/// Named permissions profile to apply from the active configuration stack.
|
|
#[arg(long = "permissions-profile", value_name = "NAME")]
|
|
pub permissions_profile: Option<String>,
|
|
|
|
#[clap(skip)]
|
|
pub config_overrides: CliConfigOverrides,
|
|
|
|
/// Full command args to run under Windows restricted token sandbox.
|
|
#[arg(trailing_var_arg = true)]
|
|
pub command: Vec<String>,
|
|
}
|