mirror of
https://github.com/openai/codex.git
synced 2026-04-24 22:54:54 +00:00
The `cap_sid` file contains the IDs of the two custom SIDs that the Windows sandbox creates/manages to implement read-only and workspace-write sandbox policies. It previously lived in `<cwd>/.codex` which means that the sandbox could write to it, which could degrade the efficacy of the sandbox. This change moves it to `~/.codex/` (or wherever `CODEX_HOME` points to) so that it is outside the workspace.