mirror of
https://github.com/openai/codex.git
synced 2026-05-18 18:22:39 +00:00
4fd7dfe223
## Why The local memories MCP backend only rejected symlinks after resolving the final path. That left room for scoped requests like `skills/secret.md` to walk through a symlinked ancestor directory and escape the configured memories root. This change also makes missing scoped paths fail explicitly instead of looking like an empty `list` / `search` result or a `NotFile` read error. ## What Changed - walk each scoped path component in `LocalMemoriesBackend::resolve_scoped_path` and reject symlinked ancestors before accessing the target - reject scoped paths that traverse through a non-directory intermediate component - add a `NotFound` backend error for missing `read`, `list`, and `search` paths and map it through the MCP server error conversion - add coverage for missing paths and symlinked ancestor directories in `codex-rs/memories/mcp/src/local_tests.rs` ## Testing - added unit coverage in `codex-rs/memories/mcp/src/local_tests.rs` for missing paths and symlinked ancestor directories across `read`, `list`, and `search`