diff --git a/codex-rs/core/src/tools/runtimes/unified_exec.rs b/codex-rs/core/src/tools/runtimes/unified_exec.rs index 3b40559069..409ec691bf 100644 --- a/codex-rs/core/src/tools/runtimes/unified_exec.rs +++ b/codex-rs/core/src/tools/runtimes/unified_exec.rs @@ -39,7 +39,6 @@ use codex_protocol::error::SandboxErr; use codex_protocol::models::PermissionProfile; use codex_protocol::protocol::ReviewDecision; use codex_sandboxing::SandboxLaunchConfig; -use codex_sandboxing::SandboxLaunchMode; use codex_sandboxing::SandboxablePreference; use codex_shell_command::powershell::prefix_powershell_script_with_utf8; use codex_tools::UnifiedExecShellMode; @@ -93,7 +92,7 @@ fn build_remote_exec_sandbox_config( } Some(SandboxLaunchConfig { - mode: SandboxLaunchMode::Auto, + sandbox: attempt.sandbox, policy: attempt.policy.clone(), file_system_policy: attempt.file_system_policy.clone(), network_policy: attempt.network_policy, @@ -249,33 +248,37 @@ impl<'a> ToolRuntime for UnifiedExecRunt .to_string(), )); } - if req.network.is_none() { - let exec_params = codex_exec_server::ExecParams { - process_id: req.process_id.to_string().into(), - argv: command, - cwd: req.cwd.clone(), - env, - tty: req.tty, - arg0: None, - sandbox: build_remote_exec_sandbox_config( - attempt, - req.additional_permissions.clone(), - ), - }; - return self - .manager - .open_session_with_remote_exec(exec_params, ctx.turn.environment.as_ref()) - .await - .map_err(|err| match err { - UnifiedExecError::SandboxDenied { output, .. } => { - ToolError::Codex(CodexErr::Sandbox(SandboxErr::Denied { - output: Box::new(output), - network_policy_decision: None, - })) - } - other => ToolError::Rejected(other.to_string()), - }); + if req.network.is_some() { + return Err(ToolError::Rejected( + "unified_exec managed-network is not supported when exec_server_url is configured" + .to_string(), + )); } + let exec_params = codex_exec_server::ExecParams { + process_id: req.process_id.to_string().into(), + argv: command, + cwd: req.cwd.clone(), + env, + tty: req.tty, + arg0: None, + sandbox: build_remote_exec_sandbox_config( + attempt, + req.additional_permissions.clone(), + ), + }; + return self + .manager + .open_session_with_remote_exec(exec_params, ctx.turn.environment.as_ref()) + .await + .map_err(|err| match err { + UnifiedExecError::SandboxDenied { output, .. } => { + ToolError::Codex(CodexErr::Sandbox(SandboxErr::Denied { + output: Box::new(output), + network_policy_decision: None, + })) + } + other => ToolError::Rejected(other.to_string()), + }); } if let UnifiedExecShellMode::ZshFork(zsh_fork_config) = &self.shell_mode { let command = diff --git a/codex-rs/exec-server/Cargo.toml b/codex-rs/exec-server/Cargo.toml index f7bc313e22..e2f8373256 100644 --- a/codex-rs/exec-server/Cargo.toml +++ b/codex-rs/exec-server/Cargo.toml @@ -20,7 +20,8 @@ arc-swap = { workspace = true } async-trait = { workspace = true } base64 = { workspace = true } clap = { workspace = true, features = ["derive"] } -codex-arg0 = { workspace = true } +codex-network-proxy = { workspace = true } +codex-protocol = { workspace = true } codex-sandboxing = { workspace = true } codex-app-server-protocol = { workspace = true } codex-utils-absolute-path = { workspace = true } diff --git a/codex-rs/exec-server/src/bin/codex-exec-server.rs b/codex-rs/exec-server/src/bin/codex-exec-server.rs index 8bad21e3d4..2002acef03 100644 --- a/codex-rs/exec-server/src/bin/codex-exec-server.rs +++ b/codex-rs/exec-server/src/bin/codex-exec-server.rs @@ -1,6 +1,4 @@ use clap::Parser; -use codex_arg0::Arg0DispatchPaths; -use codex_arg0::arg0_dispatch_or_else; #[derive(Debug, Parser)] struct ExecServerArgs { @@ -13,11 +11,11 @@ struct ExecServerArgs { listen: String, } -fn main() -> anyhow::Result<()> { - arg0_dispatch_or_else(|arg0_paths: Arg0DispatchPaths| async move { - let args = ExecServerArgs::parse(); - codex_exec_server::configure_arg0_paths(arg0_paths); - codex_exec_server::run_main_with_listen_url(&args.listen).await?; - Ok(()) - }) +#[tokio::main] +async fn main() -> anyhow::Result<()> { + let args = ExecServerArgs::parse(); + codex_exec_server::run_main_with_listen_url(&args.listen) + .await + .map_err(|err| anyhow::Error::msg(err.to_string()))?; + Ok(()) } diff --git a/codex-rs/exec-server/src/lib.rs b/codex-rs/exec-server/src/lib.rs index aebce1cfe1..77834c6143 100644 --- a/codex-rs/exec-server/src/lib.rs +++ b/codex-rs/exec-server/src/lib.rs @@ -13,8 +13,6 @@ mod remote_process; mod rpc; mod server; -use codex_arg0::Arg0DispatchPaths; - pub use client::ExecServerClient; pub use client::ExecServerError; pub use client_api::ExecServerClientConnectOptions; @@ -67,7 +65,3 @@ pub use server::DEFAULT_LISTEN_URL; pub use server::ExecServerListenUrlParseError; pub use server::run_main; pub use server::run_main_with_listen_url; - -pub fn configure_arg0_paths(arg0_paths: Arg0DispatchPaths) { - local_process::configure_codex_linux_sandbox_exe(arg0_paths.codex_linux_sandbox_exe); -} diff --git a/codex-rs/exec-server/src/remote_process.rs b/codex-rs/exec-server/src/remote_process.rs index bfcf072237..d50f91a8e0 100644 --- a/codex-rs/exec-server/src/remote_process.rs +++ b/codex-rs/exec-server/src/remote_process.rs @@ -38,7 +38,7 @@ impl ExecBackend for RemoteProcess { let sandbox_type = params .sandbox .as_ref() - .map_or(SandboxType::None, |sandbox| sandbox.sandbox_type()); + .map_or(SandboxType::None, |sandbox| sandbox.sandbox); let session = self.client.register_session(&process_id).await?; match self.client.exec(params).await { Ok(_) => {} diff --git a/codex-rs/exec-server/tests/exec_process.rs b/codex-rs/exec-server/tests/exec_process.rs index f6edc6446a..a28e44f32b 100644 --- a/codex-rs/exec-server/tests/exec_process.rs +++ b/codex-rs/exec-server/tests/exec_process.rs @@ -17,7 +17,6 @@ use codex_protocol::permissions::FileSystemSandboxPolicy; use codex_protocol::permissions::NetworkSandboxPolicy; use codex_protocol::protocol::SandboxPolicy; use codex_sandboxing::SandboxLaunchConfig; -use codex_sandboxing::SandboxLaunchMode; use codex_sandboxing::SandboxType; use pretty_assertions::assert_eq; use tempfile::TempDir; @@ -234,7 +233,7 @@ fn platform_sandbox_type() -> SandboxType { fn write_outside_workspace_sandbox(workspace_root: &std::path::Path) -> SandboxLaunchConfig { let policy = SandboxPolicy::new_workspace_write_policy(); SandboxLaunchConfig { - mode: SandboxLaunchMode::Require, + sandbox: platform_sandbox_type(), policy: policy.clone(), file_system_policy: FileSystemSandboxPolicy::from_legacy_sandbox_policy( &policy, diff --git a/codex-rs/sandboxing/src/lib.rs b/codex-rs/sandboxing/src/lib.rs index ee8e7c2e4f..499fa0aa17 100644 --- a/codex-rs/sandboxing/src/lib.rs +++ b/codex-rs/sandboxing/src/lib.rs @@ -13,7 +13,6 @@ pub use bwrap::system_bwrap_warning; pub use manager::SandboxCommand; pub use manager::SandboxExecRequest; pub use manager::SandboxLaunchConfig; -pub use manager::SandboxLaunchMode; pub use manager::SandboxManager; pub use manager::SandboxTransformError; pub use manager::SandboxTransformRequest; diff --git a/codex-rs/sandboxing/src/manager.rs b/codex-rs/sandboxing/src/manager.rs index a0cb4df6a6..b698ebc94c 100644 --- a/codex-rs/sandboxing/src/manager.rs +++ b/codex-rs/sandboxing/src/manager.rs @@ -49,19 +49,10 @@ pub enum SandboxablePreference { Forbid, } -#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)] -#[serde(rename_all = "kebab-case")] -pub enum SandboxLaunchMode { - /// Choose the platform sandbox only when the policy requires it. - Auto, - /// Always launch with the platform sandbox when one is available. - Require, -} - #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct SandboxLaunchConfig { - pub mode: SandboxLaunchMode, + pub sandbox: SandboxType, pub policy: SandboxPolicy, pub file_system_policy: FileSystemSandboxPolicy, pub network_policy: NetworkSandboxPolicy, @@ -74,21 +65,6 @@ pub struct SandboxLaunchConfig { } impl SandboxLaunchConfig { - pub fn sandbox_type(&self) -> SandboxType { - let preference = match self.mode { - SandboxLaunchMode::Auto => SandboxablePreference::Auto, - SandboxLaunchMode::Require => SandboxablePreference::Require, - }; - - SandboxManager::new().select_initial( - &self.file_system_policy, - self.network_policy, - preference, - self.windows_sandbox_level, - self.enforce_managed_network, - ) - } - pub fn transform( &self, command: SandboxCommand, @@ -100,7 +76,7 @@ impl SandboxLaunchConfig { policy: &self.policy, file_system_policy: &self.file_system_policy, network_policy: self.network_policy, - sandbox: self.sandbox_type(), + sandbox: self.sandbox, enforce_managed_network: self.enforce_managed_network, network, sandbox_policy_cwd: self.sandbox_policy_cwd.as_path(),