fix(windows-sandbox): materialize setup helper off WindowsApps

codex-rs/windows-sandbox-rs/src/helper_materialization.rs

@@ -1,6 +1,6 @@
-use anyhow::anyhow;
 use anyhow::Context;
 use anyhow::Result;
+use anyhow::anyhow;
 use std::collections::HashMap;
 use std::fs;
 use std::io::Write;
@@ -16,18 +16,21 @@ use crate::sandbox_bin_dir;
 #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)]
 pub(crate) enum HelperExecutable {
     CommandRunner,
+    Setup,
 }
 
 impl HelperExecutable {
     fn file_name(self) -> &'static str {
         match self {
             Self::CommandRunner => "codex-command-runner.exe",
+            Self::Setup => "codex-windows-sandbox-setup.exe",
         }
     }
 
     fn label(self) -> &'static str {
         match self {
             Self::CommandRunner => "command-runner",
+            Self::Setup => "setup-helper",
         }
     }
 }
@@ -49,7 +52,7 @@ pub(crate) fn legacy_lookup(kind: HelperExecutable) -> PathBuf {
         && let Some(dir) = exe.parent()
     {
         let candidate = dir.join(kind.file_name());
-        if candidate.exists() {
+        if candidate.exists() && !is_windows_apps_path(dir) {
             return candidate;
         }
     }
@@ -88,10 +91,7 @@ pub(crate) fn resolve_helper_for_launch(
     }
 }
 
-pub fn resolve_current_exe_for_launch(
-    codex_home: &Path,
-    fallback_executable: &str,
-) -> PathBuf {
+pub fn resolve_current_exe_for_launch(codex_home: &Path, fallback_executable: &str) -> PathBuf {
     let source = match std::env::current_exe() {
         Ok(path) => path,
         Err(_) => return PathBuf::from(fallback_executable),
@@ -182,6 +182,13 @@ fn sibling_source_path(kind: HelperExecutable) -> Result<PathBuf> {
     let dir = exe
         .parent()
         .ok_or_else(|| anyhow!("current executable has no parent directory"))?;
+    if is_windows_apps_path(dir) {
+        return Err(anyhow!(
+            "refusing to source {} from WindowsApps directory {}",
+            kind.label(),
+            dir.display()
+        ));
+    }
     let candidate = dir.join(kind.file_name());
     if candidate.exists() {
         Ok(candidate)
@@ -198,9 +205,12 @@ fn copy_from_source_if_needed(source: &Path, destination: &Path) -> Result<CopyO
         return Ok(CopyOutcome::Reused);
     }
 
-    let destination_dir = destination
-        .parent()
-        .ok_or_else(|| anyhow!("helper destination has no parent: {}", destination.display()))?;
+    let destination_dir = destination.parent().ok_or_else(|| {
+        anyhow!(
+            "helper destination has no parent: {}",
+            destination.display()
+        )
+    })?;
     fs::create_dir_all(destination_dir).with_context(|| {
         format!(
             "create helper destination directory {}",
@@ -271,8 +281,9 @@ fn destination_is_fresh(source: &Path, destination: &Path) -> Result<bool> {
         Ok(meta) => meta,
         Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(false),
         Err(err) => {
-            return Err(err)
-                .with_context(|| format!("read helper destination metadata {}", destination.display()));
+            return Err(err).with_context(|| {
+                format!("read helper destination metadata {}", destination.display())
+            });
         }
     };
 
@@ -287,19 +298,43 @@ fn destination_is_fresh(source: &Path, destination: &Path) -> Result<bool> {
         .modified()
         .with_context(|| format!("read helper destination mtime {}", destination.display()))?;
 
-    Ok(destination_modified >= source_modified)
+    if destination_modified < source_modified {
+        return Ok(false);
+    }
+
+    files_match(source, destination)
+}
+
+fn files_match(source: &Path, destination: &Path) -> Result<bool> {
+    let source_bytes = fs::read(source)
+        .with_context(|| format!("read helper source bytes {}", source.display()))?;
+    let destination_bytes = fs::read(destination)
+        .with_context(|| format!("read helper destination bytes {}", destination.display()))?;
+    Ok(source_bytes == destination_bytes)
+}
+
+pub(crate) fn is_windows_apps_path(path: &Path) -> bool {
+    path.components().any(|component| {
+        component
+            .as_os_str()
+            .to_string_lossy()
+            .eq_ignore_ascii_case("WindowsApps")
+    })
 }
 
 #[cfg(test)]
 mod tests {
+    use super::CopyOutcome;
+    use super::copy_from_source_if_needed;
     use super::destination_is_fresh;
     use super::helper_bin_dir;
-    use super::copy_from_source_if_needed;
-    use super::CopyOutcome;
+    use super::is_windows_apps_path;
     use pretty_assertions::assert_eq;
     use std::fs;
+    use std::fs::FileTimes;
     use std::path::Path;
     use std::path::PathBuf;
+    use std::time::SystemTime;
     use tempfile::TempDir;
 
     #[test]
@@ -313,7 +348,10 @@ mod tests {
         let outcome = copy_from_source_if_needed(&source, &destination).expect("copy helper");
 
         assert_eq!(CopyOutcome::ReCopied, outcome);
-        assert_eq!(b"runner-v1".as_slice(), fs::read(&destination).expect("read destination"));
+        assert_eq!(
+            b"runner-v1".as_slice(),
+            fs::read(&destination).expect("read destination")
+        );
     }
 
     #[test]
@@ -340,11 +378,42 @@ mod tests {
         fs::write(&source, b"runner-v1").expect("write source");
         copy_from_source_if_needed(&source, &destination).expect("initial copy");
 
-        let outcome =
-            copy_from_source_if_needed(&source, &destination).expect("revalidate helper");
+        let outcome = copy_from_source_if_needed(&source, &destination).expect("revalidate helper");
 
         assert_eq!(CopyOutcome::Reused, outcome);
-        assert_eq!(b"runner-v1".as_slice(), fs::read(&destination).expect("read destination"));
+        assert_eq!(
+            b"runner-v1".as_slice(),
+            fs::read(&destination).expect("read destination")
+        );
+    }
+
+    #[test]
+    fn destination_is_not_fresh_when_same_size_and_same_mtime_content_drifts() {
+        let tmp = TempDir::new().expect("tempdir");
+        let source = tmp.path().join("source.exe");
+        let destination = tmp.path().join("destination.exe");
+
+        fs::write(&source, b"runner-v1").expect("write source");
+        fs::write(&destination, b"runner-v2").expect("write destination");
+
+        let shared_mtime = SystemTime::now();
+        fs::File::options()
+            .write(true)
+            .open(&source)
+            .expect("open source")
+            .set_times(FileTimes::new().set_modified(shared_mtime))
+            .expect("set source mtime");
+        fs::File::options()
+            .write(true)
+            .open(&destination)
+            .expect("open destination")
+            .set_times(FileTimes::new().set_modified(shared_mtime))
+            .expect("set destination mtime");
+
+        assert!(
+            !destination_is_fresh(&source, &destination)
+                .expect("content drift should mark destination stale")
+        );
     }
 
     #[test]
@@ -376,4 +445,17 @@ mod tests {
             fs::read(&runner_destination).expect("read runner")
         );
     }
+
+    #[test]
+    fn windows_apps_paths_are_detected_case_insensitively() {
+        assert!(is_windows_apps_path(Path::new(
+            r"C:\Program Files\WindowsApps\OpenAI.Codex\codex.exe"
+        )));
+        assert!(is_windows_apps_path(Path::new(
+            r"c:\program files\windowsapps\OpenAI.Codex"
+        )));
+        assert!(!is_windows_apps_path(Path::new(
+            r"C:\Users\example\.codex\.sandbox-bin"
+        )));
+    }
 }