fix: use AbsolutePathBuf for permission profile file roots (#12970)

## Why `PermissionProfile` should describe filesystem roots as absolute paths at the type level. Using `PathBuf` in `FileSystemPermissions` made the shared type too permissive and blurred together three different deserialization cases: - skill metadata in `agents/openai.yaml`, where relative paths should resolve against the skill directory - app-server API payloads, where callers should have to send absolute paths - local tool-call payloads for commands like `shell_command` and `exec_command`, where `additional_permissions.file_system` may legitimately be relative to the command `workdir` This change tightens the shared model without regressing the existing local command flow. ## What Changed - changed `protocol::models::FileSystemPermissions` and the app-server `AdditionalFileSystemPermissions` mirror to use `AbsolutePathBuf` - wrapped skill metadata deserialization in `AbsolutePathBufGuard`, so relative permission roots in `agents/openai.yaml` resolve against the containing skill directory - kept app-server/API deserialization strict, so relative `additionalPermissions.fileSystem.*` paths are rejected at the boundary - restored cwd/workdir-relative deserialization for local tool-call payloads by parsing `shell`, `shell_command`, and `exec_command` arguments under an `AbsolutePathBufGuard` rooted at the resolved command working directory - simplified runtime additional-permission normalization so it only canonicalizes and deduplicates absolute roots instead of trying to recover relative ones later - updated the app-server schema fixtures, `app-server/README.md`, and the affected transport/TUI tests to match the final behavior
2026-05-01 03:42:05 +03:00 · 2026-02-27 09:42:52 -08:00
parent 8cf5b00aef
commit d09a7535ed
22 changed files with 384 additions and 191 deletions
--- a/codex-rs/tui/src/bottom_pane/approval_overlay.rs
+++ b/codex-rs/tui/src/bottom_pane/approval_overlay.rs
@@ -614,10 +614,15 @@ mod tests {
    use codex_protocol::protocol::ExecPolicyAmendment;
    use codex_protocol::protocol::NetworkApprovalProtocol;
    use codex_protocol::protocol::NetworkPolicyAmendment;
+    use codex_utils_absolute_path::AbsolutePathBuf;
    use insta::assert_snapshot;
    use pretty_assertions::assert_eq;
    use tokio::sync::mpsc::unbounded_channel;

+    fn absolute_path(path: &str) -> AbsolutePathBuf {
+        AbsolutePathBuf::from_absolute_path(path).expect("absolute path")
+    }
+
    fn render_overlay_lines(view: &ApprovalOverlay, width: u16) -> String {
        let height = view.desired_height(width);
        let mut buf = Buffer::empty(Rect::new(0, 0, width, height));
@@ -634,6 +639,17 @@ mod tests {
            .join("\n")
    }

+    fn normalize_snapshot_paths(rendered: String) -> String {
+        [
+            (absolute_path("/tmp/readme.txt"), "/tmp/readme.txt"),
+            (absolute_path("/tmp/out.txt"), "/tmp/out.txt"),
+        ]
+        .into_iter()
+        .fold(rendered, |rendered, (path, normalized)| {
+            rendered.replace(&path.display().to_string(), normalized)
+        })
+    }
+
    fn make_exec_request() -> ApprovalRequest {
        ApprovalRequest::Exec {
            id: "test".to_string(),
@@ -851,8 +867,8 @@ mod tests {
    fn additional_permissions_exec_options_hide_execpolicy_amendment() {
        let additional_permissions = PermissionProfile {
            file_system: Some(FileSystemPermissions {
-                read: Some(vec![PathBuf::from("/tmp/readme.txt")]),
-                write: Some(vec![PathBuf::from("/tmp/out.txt")]),
+                read: Some(vec![absolute_path("/tmp/readme.txt")]),
+                write: Some(vec![absolute_path("/tmp/out.txt")]),
            }),
            ..Default::default()
        };
@@ -884,8 +900,8 @@ mod tests {
            network_approval_context: None,
            additional_permissions: Some(PermissionProfile {
                file_system: Some(FileSystemPermissions {
-                    read: Some(vec![PathBuf::from("/tmp/readme.txt")]),
-                    write: Some(vec![PathBuf::from("/tmp/out.txt")]),
+                    read: Some(vec![absolute_path("/tmp/readme.txt")]),
+                    write: Some(vec![absolute_path("/tmp/out.txt")]),
                }),
                ..Default::default()
            }),
@@ -923,8 +939,8 @@ mod tests {
            network_approval_context: None,
            additional_permissions: Some(PermissionProfile {
                file_system: Some(FileSystemPermissions {
-                    read: Some(vec![PathBuf::from("/tmp/readme.txt")]),
-                    write: Some(vec![PathBuf::from("/tmp/out.txt")]),
+                    read: Some(vec![absolute_path("/tmp/readme.txt")]),
+                    write: Some(vec![absolute_path("/tmp/out.txt")]),
                }),
                ..Default::default()
            }),
@@ -933,7 +949,7 @@ mod tests {
        let view = ApprovalOverlay::new(exec_request, tx, Features::with_defaults());
        assert_snapshot!(
            "approval_overlay_additional_permissions_prompt",
-            render_overlay_lines(&view, 120)
+            normalize_snapshot_paths(render_overlay_lines(&view, 120))
        );
    }