Fix "archive conversation" on Windows (#6124)

Addresses issue https://github.com/openai/codex/issues/3582 where an "archive conversation" command in the extension fails on Windows. The problem is that the `archive_conversation` api server call is not canonicalizing the path to the rollout path when performing its check to verify that the rollout path is in the sessions directory. This causes it to fail 100% of the time on Windows. Testing: I was able to repro the error on Windows 100% prior to this change. After the change, I'm no longer able to repro.
2025-11-02 23:41:05 -06:00
parent f5945d7c03
commit dccce34d84
1 changed files with 15 additions and 1 deletions
--- a/codex-rs/app-server/src/codex_message_processor.rs
+++ b/codex-rs/app-server/src/codex_message_processor.rs
@@ -1172,9 +1172,23 @@ impl CodexMessageProcessor {
        // Verify that the rollout path is in the sessions directory or else
        // a malicious client could specify an arbitrary path.
        let rollout_folder = self.config.codex_home.join(codex_core::SESSIONS_SUBDIR);
+        let canonical_sessions_dir = match tokio::fs::canonicalize(&rollout_folder).await {
+            Ok(path) => path,
+            Err(err) => {
+                let error = JSONRPCErrorError {
+                    code: INTERNAL_ERROR_CODE,
+                    message: format!(
+                        "failed to archive conversation: unable to resolve sessions directory: {err}"
+                    ),
+                    data: None,
+                };
+                self.outgoing.send_error(request_id, error).await;
+                return;
+            }
+        };
        let canonical_rollout_path = tokio::fs::canonicalize(&rollout_path).await;
        let canonical_rollout_path = if let Ok(path) = canonical_rollout_path
-            && path.starts_with(&rollout_folder)
+            && path.starts_with(&canonical_sessions_dir)
        {
            path
        } else {