remove sandbox globals. (#9797)

Threads sandbox updates through OverrideTurnContext for active turn Passes computed sandbox type into safety/exec
2026-05-04 05:11:37 +03:00 · 2026-01-27 11:04:23 -08:00
parent 894923ed5d
commit c40ad65bd8
35 changed files with 339 additions and 132 deletions
--- a/codex-rs/tui/src/bottom_pane/slash_commands.rs
+++ b/codex-rs/tui/src/bottom_pane/slash_commands.rs
@@ -8,20 +8,12 @@ use codex_common::fuzzy_match::fuzzy_match;
 use crate::slash_command::SlashCommand;
 use crate::slash_command::built_in_slash_commands;

-/// Whether the Windows degraded-sandbox elevation flow is currently allowed.
-pub(crate) fn windows_degraded_sandbox_active() -> bool {
-    cfg!(target_os = "windows")
-        && codex_core::windows_sandbox::ELEVATED_SANDBOX_NUX_ENABLED
-        && codex_core::get_platform_sandbox().is_some()
-        && !codex_core::is_windows_elevated_sandbox_enabled()
-}
-
 /// Return the built-ins that should be visible/usable for the current input.
 pub(crate) fn builtins_for_input(
    collaboration_modes_enabled: bool,
    personality_command_enabled: bool,
+    allow_elevate_sandbox: bool,
 ) -> Vec<(&'static str, SlashCommand)> {
-    let allow_elevate_sandbox = windows_degraded_sandbox_active();
    built_in_slash_commands()
        .into_iter()
        .filter(|(_, cmd)| allow_elevate_sandbox || *cmd != SlashCommand::ElevateSandbox)
@@ -35,11 +27,16 @@ pub(crate) fn find_builtin_command(
    name: &str,
    collaboration_modes_enabled: bool,
    personality_command_enabled: bool,
+    allow_elevate_sandbox: bool,
 ) -> Option<SlashCommand> {
-    builtins_for_input(collaboration_modes_enabled, personality_command_enabled)
-        .into_iter()
-        .find(|(command_name, _)| *command_name == name)
-        .map(|(_, cmd)| cmd)
+    builtins_for_input(
+        collaboration_modes_enabled,
+        personality_command_enabled,
+        allow_elevate_sandbox,
+    )
+    .into_iter()
+    .find(|(command_name, _)| *command_name == name)
+    .map(|(_, cmd)| cmd)
 }

 /// Whether any visible built-in fuzzily matches the provided prefix.
@@ -47,8 +44,13 @@ pub(crate) fn has_builtin_prefix(
    name: &str,
    collaboration_modes_enabled: bool,
    personality_command_enabled: bool,
+    allow_elevate_sandbox: bool,
 ) -> bool {
-    builtins_for_input(collaboration_modes_enabled, personality_command_enabled)
-        .into_iter()
-        .any(|(command_name, _)| fuzzy_match(command_name, name).is_some())
+    builtins_for_input(
+        collaboration_modes_enabled,
+        personality_command_enabled,
+        allow_elevate_sandbox,
+    )
+    .into_iter()
+    .any(|(command_name, _)| fuzzy_match(command_name, name).is_some())
 }