valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: sanbox extraction (#4286)

Browse Source 
# Extract and Centralize Sandboxing
- Goal: Improve safety and clarity by centralizing sandbox planning and
execution.
  - Approach:
- Add planner (ExecPlan) and backend registry (Direct/Seatbelt/Linux)
with run_with_plan.
- Refactor codex.rs to plan-then-execute; handle failures/escalation via
the plan.
- Delegate apply_patch to the codex binary and run it with an empty env
for determinism.
This commit is contained in:
jif-oai
2025-10-01 12:05:12 +01:00
committed by GitHub
parent 349ef7edc6
commit b8195a17e5
14 changed files with 1416 additions and 414 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
codex-rs/core/tests/suite/seatbelt.rs
View File

@@ -169,6 +169,12 @@ async fn python_getpwuid_works_under_seatbelt() {
return;
}
// For local dev.
if which::which("python3").is_err() {
eprintln!("python3 not found in PATH, skipping test.");
return;
}
// ReadOnly is sufficient here since we are only exercising user lookup.
let policy = SandboxPolicy::ReadOnly;
let command_cwd = std::env::current_dir().expect("getcwd");