initial implementation of sandboxing using AppContainer.

2026-04-30 03:12:20 +03:00 · 2025-10-07 11:44:51 -07:00
parent 8ec36fc336
commit 7ec9444fb6
7 changed files with 739 additions and 14 deletions
--- a/codex-rs/core/tests/windows_appcontainer.rs
+++ b/codex-rs/core/tests/windows_appcontainer.rs
@@ -0,0 +1,76 @@
+#![cfg(windows)]
+
+use codex_core::protocol::SandboxPolicy;
+use codex_core::spawn::StdioPolicy;
+use codex_core::windows_appcontainer::spawn_command_under_windows_appcontainer;
+use std::collections::HashMap;
+use tokio::io::AsyncReadExt;
+
+fn windows_workspace_policy() -> SandboxPolicy {
+    SandboxPolicy::WorkspaceWrite {
+        writable_roots: vec![],
+        network_access: false,
+        exclude_tmpdir_env_var: true,
+        exclude_slash_tmp: true,
+    }
+}
+
+#[tokio::test]
+async fn windows_appcontainer_writes_to_workspace() {
+    let temp = tempfile::tempdir().expect("tempdir");
+    let cwd = temp.path().to_path_buf();
+    let policy_cwd = cwd.clone();
+    let mut child = spawn_command_under_windows_appcontainer(
+        vec![
+            "cmd.exe".to_string(),
+            "/C".to_string(),
+            "echo hello>out.txt".to_string(),
+        ],
+        cwd.clone(),
+        &windows_workspace_policy(),
+        &policy_cwd,
+        StdioPolicy::RedirectForShellTool,
+        HashMap::new(),
+    )
+    .await
+    .expect("spawn cmd");
+
+    let status = child.wait().await.expect("wait");
+    assert!(status.success(), "cmd.exe failed: {status:?}");
+
+    let contents = tokio::fs::read_to_string(temp.path().join("out.txt"))
+        .await
+        .expect("read redirected output");
+    assert!(contents.to_lowercase().contains("hello"));
+}
+
+#[tokio::test]
+async fn windows_appcontainer_sets_env_flags() {
+    let temp = tempfile::tempdir().expect("tempdir");
+    let cwd = temp.path().to_path_buf();
+    let policy_cwd = cwd.clone();
+    let mut child = spawn_command_under_windows_appcontainer(
+        vec![
+            "cmd.exe".to_string(),
+            "/C".to_string(),
+            "set CODEX_SANDBOX".to_string(),
+        ],
+        cwd,
+        &windows_workspace_policy(),
+        &policy_cwd,
+        StdioPolicy::RedirectForShellTool,
+        HashMap::new(),
+    )
+    .await
+    .expect("spawn cmd");
+
+    let mut stdout = Vec::new();
+    if let Some(mut out) = child.stdout.take() {
+        out.read_to_end(&mut stdout).await.expect("stdout");
+    }
+    let status = child.wait().await.expect("wait");
+    assert!(status.success(), "cmd.exe env probe failed: {status:?}");
+    let stdout_text = String::from_utf8_lossy(&stdout).to_lowercase();
+    assert!(stdout_text.contains("codex_sandbox=windows_appcontainer"));
+    assert!(stdout_text.contains("codex_sandbox_network_disabled=1"));
+}