exec-server: add optional sandbox start config

Add a typed optional sandbox field to process/start so callers can omit sandboxing for the existing direct-spawn path while reserving a host-default mode for future remote materialization. Reject hostDefault for now instead of silently running unsandboxed, and cover both omitted and explicit sandbox payloads in tests. Co-authored-by: Codex <noreply@openai.com>
2026-05-01 03:42:05 +03:00 · 2026-03-18 00:18:28 +00:00
parent 28019be4c7
commit 8561abba9a
10 changed files with 1739 additions and 1536 deletions
--- a/codex-rs/exec-server/tests/stdio_smoke.rs
+++ b/codex-rs/exec-server/tests/stdio_smoke.rs
@@ -109,6 +109,7 @@ async fn exec_server_client_streams_output_and_accepts_writes() -> anyhow::Resul
            env,
            tty: true,
            arg0: None,
+            sandbox: None,
        })
        .await?;
    let process_id = response.process_id;
@@ -174,6 +175,7 @@ async fn exec_server_client_connects_over_websocket() -> anyhow::Result<()> {
            env,
            tty: true,
            arg0: None,
+            sandbox: None,
        })
        .await?;
    let process_id = response.process_id;
@@ -248,6 +250,7 @@ async fn websocket_disconnect_terminates_processes_for_that_connection() -> anyh
                env,
                tty: false,
                arg0: None,
+                sandbox: None,
            })
            .await?;
    }