feat: make cwd a required field of Config so we stop assuming std::env::current_dir() in a session (#800)

In order to expose Codex via an MCP server, I realized that we should be taking `cwd` as a parameter rather than assuming `std::env::current_dir()` as the `cwd`. Specifically, the user may want to start a session in a directory other than the one where the MCP server has been started. This PR makes `cwd: PathBuf` a required field of `Session` and threads it all the way through, though I think there is still an issue with not honoring `workdir` for `apply_patch`, which is something we also had to fix in the TypeScript version: https://github.com/openai/codex/pull/556. This also adds `-C`/`--cd` to change the cwd via the command line. To test, I ran: ``` cargo run --bin codex -- exec -C /tmp 'show the output of ls' ``` and verified it showed the contents of my `/tmp` folder instead of `$PWD`.
2025-05-04 10:57:12 -07:00
parent 4b61fb8bab
commit 421e159888
18 changed files with 210 additions and 102 deletions
--- a/codex-rs/core/src/linux.rs
+++ b/codex-rs/core/src/linux.rs
@@ -1,5 +1,6 @@
 use std::collections::BTreeMap;
 use std::io;
+use std::path::Path;
 use std::path::PathBuf;
 use std::sync::Arc;

@@ -48,7 +49,7 @@ pub async fn exec_linux(
            .expect("Failed to create runtime");

        rt.block_on(async {
-            apply_sandbox_policy_to_current_thread(sandbox_policy)?;
+            apply_sandbox_policy_to_current_thread(sandbox_policy, &params.cwd)?;
            exec(params, ctrl_c_copy).await
        })
    })
@@ -66,13 +67,16 @@ pub async fn exec_linux(

 /// Apply sandbox policies inside this thread so only the child inherits
 /// them, not the entire CLI process.
-pub fn apply_sandbox_policy_to_current_thread(sandbox_policy: SandboxPolicy) -> Result<()> {
+pub fn apply_sandbox_policy_to_current_thread(
+    sandbox_policy: SandboxPolicy,
+    cwd: &Path,
+) -> Result<()> {
    if !sandbox_policy.has_full_network_access() {
        install_network_seccomp_filter_on_current_thread()?;
    }

    if !sandbox_policy.has_full_disk_write_access() {
-        let writable_roots = sandbox_policy.get_writable_roots();
+        let writable_roots = sandbox_policy.get_writable_roots_with_cwd(cwd);
        install_filesystem_landlock_rules_on_current_thread(writable_roots)?;
    }

@@ -189,7 +193,7 @@ mod tests_linux {
    async fn run_cmd(cmd: &[&str], writable_roots: &[PathBuf], timeout_ms: u64) {
        let params = ExecParams {
            command: cmd.iter().map(|elm| elm.to_string()).collect(),
-            workdir: None,
+            cwd: std::env::current_dir().expect("cwd should exist"),
            timeout_ms: Some(timeout_ms),
        };

@@ -262,7 +266,7 @@ mod tests_linux {
    async fn assert_network_blocked(cmd: &[&str]) {
        let params = ExecParams {
            command: cmd.iter().map(|s| s.to_string()).collect(),
-            workdir: None,
+            cwd: std::env::current_dir().expect("cwd should exist"),
            // Give the tool a generous 2‑second timeout so even slow DNS timeouts
            // do not stall the suite.
            timeout_ms: Some(2_000),