Skip to content

feat: if .codex is a sub-folder of a writable root, then make it read-only to the sandbox #8088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bolinfest merged 1 commit into from
Dec 16, 2025
Merged

feat: if .codex is a sub-folder of a writable root, then make it read-only to the sandbox #8088

bolinfest merged 1 commit into from
Dec 16, 2025

Conversation

@bolinfest
Copy link
Collaborator

@bolinfest bolinfest commented Dec 16, 2025
edited
Loading

In preparation for in-repo configuration support, this updates WritableRoot::get_writable_roots_with_cwd() to include the .codex subfolder in WritableRoot.read_only_subpaths, if it exists, as we already do for .git.

As noted, currently, like .git, .codex will only be read-only under macOS Seatbelt, but we plan to bring support to other OSes, as well.

Updated the integration test in seatbelt.rs so that it actually attempts to run the generated Seatbelt commands, verifying that:

  • trying to write to .codex/config.toml in a writable root fails
  • trying to write to .git/hooks/pre-commit in a writable root fails
  • trying to write to the writable root containing the .codex and .git subfolders succeeds

@bolinfest bolinfest marked this pull request as ready for review December 16, 2025 04:55
@pakrym-oai
Copy link
Collaborator

pakrym-oai commented Dec 16, 2025

Should we add an integration test?

joshka-oai
joshka-oai approved these changes Dec 16, 2025
View reviewed changes
Copy link
Collaborator

@joshka-oai joshka-oai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests look like they test the config, but not the desired effect (unless I'm misreading them). Do we have any tests that try to write to a read-only files?

@bolinfest
Copy link
Collaborator Author

bolinfest commented Dec 16, 2025

@pakrym-oai hmm, admittedly #1765 where I introduced the test in seatbelt.rs used /bin/echo hello as the command as opposed to something like git init, so I'll fix that as part of this PR now...

@bolinfest bolinfest merged commit bef36f4 into main Dec 16, 2025
52 checks passed
@bolinfest bolinfest deleted the pr8088 branch December 16, 2025 06:54
@github-actions github-actions bot locked and limited conversation to collaborators Dec 16, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@joshka-oai joshka-oai joshka-oai approved these changes

@gverma-openai gverma-openai Awaiting requested review from gverma-openai

@gt-oai gt-oai Awaiting requested review from gt-oai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bolinfest @pakrym-oai @joshka-oai