codex/codex-rs/exec-server/BUILD.bazel at b4aefff87f11692db53bf5518c5d03c90906cf8e - codex - Gitea: Git with a cup of tea

clone/codex

mirror of https://github.com/openai/codex.git synced 2026-04-26 15:45:02 +00:00

Files

starr-openai d626dc3895 Run exec-server fs operations through sandbox helper (#17294 )

## Summary
- run exec-server filesystem RPCs requiring sandboxing through a
`codex-fs` arg0 helper over stdin/stdout
- keep direct local filesystem execution for `DangerFullAccess` and
external sandbox policies
- remove the standalone exec-server binary path in favor of top-level
arg0 dispatch/runtime paths
- add sandbox escape regression coverage for local and remote filesystem
paths

## Validation
- `just fmt`
- `git diff --check`
- remote devbox: `cd codex-rs && bazel test --bes_backend=
--bes_results_url= //codex-rs/exec-server:all` (6/6 passed)

---------

Co-authored-by: Codex <noreply@openai.com>

2026-04-12 18:36:03 -07:00

12 lines

275 B

Python

Raw Blame History

 load("//:defs.bzl", "codex_rust_crate")
 codex_rust_crate(
     name = "exec-server",
     crate_name = "codex_exec_server",
     extra_binaries = [
         "//codex-rs/cli:codex",
         "//codex-rs/linux-sandbox:codex-linux-sandbox",
     ],
     test_tags = ["no-sandbox"],
 )