fix: tui default trusted settings should respect workspace write config #3341
Conversation
dylan-hurd-oai
changed the title
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
from
8f02dd7 to
0b7dca9
Compare
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
from
0b7dca9 to
c14acc3
Compare
To be clear, the presence of What it really means is: "If |
|
Agree - updated the PR description to be clearer! |
bolinfest
left a comment
bolinfest
left a comment
There was a problem hiding this comment.
Putting back on your queue for an answer to the codex exec scenario.
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
3 times, most recently
from
70e9c46 to
eada566
Compare
|
@bolinfest I refactored this to take a couple changes into account:
|
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
from
5a7cf01 to
82c95a0
Compare
bolinfest
left a comment
bolinfest
left a comment
There was a problem hiding this comment.
This is definitely a big improvement, but I'm concerned about abstraction leakage!
codex-rs/tui/src/lib.rs
Outdated
| async fn run_ratatui_app( | ||
| cli: Cli, | ||
| config: Config, | ||
| mut config: Config, |
There was a problem hiding this comment.
Since it doesn't appear that we actually need to mutate the Config, I would drop the mut here because it's misleading (see below).
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
3 times, most recently
from
cced6ee to
4fa9266
Compare
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
2 times, most recently
from
6f2e7b9 to
d056330
Compare
|
|
||
| /// True if the user passed in an override or set a value in config.toml | ||
| /// for either of approval_policy or sandbox_mode. | ||
| pub did_user_set_custom_approval_policy_or_sandbox_mode: bool, |
There was a problem hiding this comment.
@bolinfest curious if you have a suggestion for a better approach here!
bolinfest
left a comment
bolinfest
left a comment
There was a problem hiding this comment.
OK, I have a bunch of thoughts, but none of these are blocking...
| pub fn is_cwd_trusted(&self, resolved_cwd: &Path) -> bool { | ||
| /// Resolves the cwd to an existing project, or returns None if ConfigToml | ||
| /// does not contain a project corresponding to cwd or a git repo for cwd | ||
| pub fn get_active_project(&self, resolved_cwd: &Path) -> Option<ProjectConfig> { |
There was a problem hiding this comment.
I see that today, this is defined as:
pub projects: Option<HashMap<String, ProjectConfig>>,This may be out of the scope of this PR, but I feel like we should consider changing this to:
#[serde(default)]
pub projects: HashMap<PathBuf, ProjectConfig>,because I don't love the to_string_lossy().to_string() stuff we're doing here.
I'm also not completely convinced that resolve_root_git_project_for_trust() is the right thing to do first. That is, I see the motivation behind the check to see if resolved_cwd is part of a Git worktree and to check its presence in self.projects.
But for an arbitrary path, I would say the more general solution would be to recursively check the parent of PathBuf for presence in projects until you have verified the filesystem root does not have an entry in projects. Only once that has failed would I do the worktree check because I think an explicit listing should take priority.
[nit] All of which starts to get a bit more complicated, so I would consider moving all of this method to in a pure function that takes &HashMap<PathBuf, ProjectConfig> and &Path as parameters.
Also, the first thing we are doing in this function right now is:
let projects = self.projects.clone().unwrap_or_default();But if self.projects is None, then we can just return None right away and there is no need to prematurely .clone() the HashMap. We can defer a clone() of ProjectConfig until we find a matching entry in the HashMap.
|
|
||
| let sandbox_policy = cfg.derive_sandbox_policy(sandbox_mode); | ||
| let resolved_cwd = { | ||
| use std::env; |
There was a problem hiding this comment.
I would just inline this use.
| tracing::info!("cwd not set, using current dir"); | ||
| env::current_dir()? | ||
| } | ||
| Some(p) if p.is_absolute() => p, |
There was a problem hiding this comment.
I think we may want to introduce the use of https://crates.io/crates/path-absolutize.
Note that, perhaps surprisingly, this is true:
assert!(Path::new("/foo/../bar").is_absolute());absolute is not the same as normalized (or canonicalized)
https://crates.io/crates/path-absolutize also normalizes (but does not canonicalize, which I think is OK because sometimes people use symlinks and don't want them canonicalized, though that can be confusing at times...)
codex-rs/core/src/config.rs
Outdated
| .is_some() | ||
| || config_profile.approval_policy.is_some() | ||
| || cfg.approval_policy.is_some() | ||
| // TODO: policy.sandbox_mode is not implemented |
| exclude_tmpdir_env_var = true | ||
| exclude_slash_tmp = true | ||
| [projects."/tmp/test"] |
There was a problem hiding this comment.
Hmm, would this test break on Windows if I had us change from String to PathBuf as described? I guess we can try it in a follow-up and see...
codex-rs/tui/src/lib.rs
Outdated
| } else if config.active_project.is_trusted() { | ||
| // if the current cwd project is already trusted, Config derives the policy. |
There was a problem hiding this comment.
consider...
| } else if config.active_project.is_trusted() { | |
| // if the current cwd project is already trusted, Config derives the policy. | |
| } else { | |
| !config.active_project.is_trusted() |
dylan-hurd-oai
force-pushed
the
dh--tui-trust-sandbox-policy
branch
from
d056330 to
354fdd6
Compare
Summary
When using the trusted state during tui startup, we created a new WorkspaceWrite policy without checking the config.toml for a
sandbox_workspace_writefield. This would result in us setting the sandbox_mode as workspace-write, but ignoring the field if the user had setsandbox_workspace_writewithout also settingsandbox_modein the config.toml. This PR adds support for respectingsandbox_workspace_writesetting in config.toml in the trusted directory flow, and adds tests to cover this case.Testing