valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add /tmp by default (#1919)

Browse Source 
Replaces the `include_default_writable_roots` option on
`sandbox_workspace_write` (that defaulted to `true`, which was slightly
weird/annoying) with `exclude_tmpdir_env_var`, which defaults to
`false`.

Though perhaps more importantly `/tmp` is now enabled by default as part
of `sandbox_mode = "workspace-write"`, though `exclude_slash_tmp =
false` can be used to disable this.
This commit is contained in:
Michael Bolin
2025-08-07 00:17:00 -07:00
committed by GitHub
parent fff2bb39f9
commit cd5f9074af
8 changed files with 131 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
codex-rs/core/tests/sandbox.rs
View File

@@ -76,7 +76,8 @@ async fn if_parent_of_repo_is_writable_then_dot_git_folder_is_writable() {
let policy = SandboxPolicy::WorkspaceWrite {
writable_roots: vec![test_scenario.repo_parent.clone()],
network_access: false,
include_default_writable_roots: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
test_scenario
@@ -101,7 +102,8 @@ async fn if_git_repo_is_writable_root_then_dot_git_folder_is_read_only() {
let policy = SandboxPolicy::WorkspaceWrite {
writable_roots: vec![test_scenario.repo_root.clone()],
network_access: false,
include_default_writable_roots: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
test_scenario