refactor: inline sandbox type lookup in process_exec_tool_call (#7122)

`process_exec_tool_call()` was taking `SandboxType` as a param, but in practice, the only place it was constructed was in `codex_message_processor.rs` where it was derived from the other `sandbox_policy` param, so this PR inlines the logic that decides the `SandboxType` into `process_exec_tool_call()`. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/7122). * #7112 * __->__ #7122
2026-05-04 21:32:21 +03:00 · 2025-11-21 14:53:05 -08:00
parent 7561a6aaf0
commit 67975ed33a
5 changed files with 8 additions and 18 deletions
--- a/codex-rs/core/src/exec.rs
+++ b/codex-rs/core/src/exec.rs
@@ -19,6 +19,7 @@ use tokio_util::sync::CancellationToken;
 use crate::error::CodexErr;
 use crate::error::Result;
 use crate::error::SandboxErr;
+use crate::get_platform_sandbox;
 use crate::protocol::Event;
 use crate::protocol::EventMsg;
 use crate::protocol::ExecCommandOutputDeltaEvent;
@@ -127,12 +128,17 @@ pub struct StdoutStream {

 pub async fn process_exec_tool_call(
    params: ExecParams,
-    sandbox_type: SandboxType,
    sandbox_policy: &SandboxPolicy,
    sandbox_cwd: &Path,
    codex_linux_sandbox_exe: &Option<PathBuf>,
    stdout_stream: Option<StdoutStream>,
 ) -> Result<ExecToolCallOutput> {
+    let sandbox_type = match &sandbox_policy {
+        SandboxPolicy::DangerFullAccess => SandboxType::None,
+        _ => get_platform_sandbox().unwrap_or(SandboxType::None),
+    };
+    tracing::debug!("Sandbox type: {sandbox_type:?}");
+
    let ExecParams {
        command,
        cwd,
@@ -893,7 +899,6 @@ mod tests {
        });
        let result = process_exec_tool_call(
            params,
-            SandboxType::None,
            &SandboxPolicy::DangerFullAccess,
            cwd.as_path(),
            &None,