Skip to content

Windows Sandbox - Alpha version #4905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 81 commits into from
Oct 30, 2025
Merged

Windows Sandbox - Alpha version #4905

merged 81 commits into from
Oct 30, 2025
+2,994 −30

Conversation

@iceweasel-oai
Copy link
Contributor

@iceweasel-oai iceweasel-oai commented Oct 7, 2025
edited
Loading

  • Added the new codex-windows-sandbox crate that builds both a library entry point (run_windows_sandbox_capture) and a CLI executable to launch
    commands inside a Windows restricted-token sandbox, including ACL management, capability SID provisioning, network lockdown, and output capture
    (windows-sandbox-rs/src/lib.rs:167, windows-sandbox-rs/src/main.rs:54).
  • Introduced the experimental WindowsSandbox feature flag and wiring so Windows builds can opt into the sandbox:
    SandboxType::WindowsRestrictedToken, the in-process execution path, and platform sandbox selection now honor the flag (core/src/features.rs:47,
    core/src/config.rs:1224, core/src/safety.rs:19, core/src/sandboxing/mod.rs:69, core/src/exec.rs:79, core/src/exec.rs:172).
  • Updated workspace metadata to include the new crate and its Windows-specific dependencies so the core crate can link against it (codex-rs/
    Cargo.toml:91, core/Cargo.toml:86).
  • Added a PowerShell bootstrap script that installs the Windows toolchain, required CLI utilities, and builds the workspace to ease development
    on the platform (scripts/setup-windows.ps1:1).
  • Landed a Python smoke-test suite that exercises read-only/workspace-write policies, ACL behavior, and network denial for the Windows sandbox
    binary (windows-sandbox-rs/sandbox_smoketests.py:1).
chatgpt-codex-connector[bot]

This comment was marked as outdated.

Sign in to view

@iceweasel-oai iceweasel-oai force-pushed the codex/create-windows-sandbox-executable-for-cli branch 2 times, most recently from f459bdf to 7b8fcc2 Compare October 28, 2025 17:30
@iceweasel-oai iceweasel-oai changed the title Add Windows AppContainer sandbox helper Oct 28, 2025
@iceweasel-oai
Copy link
Contributor Author

@codex review
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
@iceweasel-oai
re-hook Windows sandbox
22cb54e
@iceweasel-oai
choose WindowsRestrictedToken for Auto sandbox
76c86c2
@iceweasel-oai
remove debug code in sandbox.
a5fd614
@iceweasel-oai
gate windows sandbox behind experimental flag.
27e37d3
@iceweasel-oai
fix bad import
ac8aadd
@iceweasel-oai
fix patch permissions and quoting. Remove python impl.
7189f01
@iceweasel-oai
get smoketests up and running again
4583911
@iceweasel-oai
cleanup unused code.
d4bc18e
@iceweasel-oai
rename feature to experimental
f13a938
@iceweasel-oai
remove backup file
1fbba53
@iceweasel-oai
clean up config gates.
7be4b04
@iceweasel-oai
clean up more config gates.
43008db
@iceweasel-oai
fix windows build issues.
28d380e
@iceweasel-oai
windows build fixes
a4f3010
@iceweasel-oai
clippy fixes
8e8a4f4
@iceweasel-oai
fix clippy warning
0d05462
@iceweasel-oai
fix cargo shear
0a49a81
@iceweasel-oai
docs update and skip world-writable check
1c82863
@iceweasel-oai
fix error code cast and close parent stdin
81b7e77
@iceweasel-oai
fix desktop string quoting
dc6218f
@iceweasel-oai
do not downgrade to read-only if Windows sandbox is enabled
7c6fad1
@iceweasel-oai
hookup sandbox to 'codex sandbox windows'
d6d3b7b
@iceweasel-oai
remove CLI version of sandbox, in favor of 'codex sandbox windows' an…
431b521 
…d update smoketests
@iceweasel-oai
fix cargo fmt
9aff097
@iceweasel-oai
update experimental feature name.
2ffad0b
@iceweasel-oai iceweasel-oai force-pushed the codex/create-windows-sandbox-executable-for-cli branch from f0f7671 to 2ffad0b Compare October 30, 2025 20:41
etraut-openai
etraut-openai approved these changes Oct 30, 2025
View reviewed changes
Copy link
Collaborator

@etraut-openai etraut-openai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As requested, I focused on the code outside of the windows-sandbox crate. The PR touches parts of the code base that I'm not super familiar with, but it looks good to me. It's a nice, clean implementation, and the parts that I reviewed look pretty straightforward.
@iceweasel-oai iceweasel-oai merged commit 87cce88 into main Oct 30, 2025
25 checks passed
@iceweasel-oai iceweasel-oai deleted the codex/create-windows-sandbox-executable-for-cli branch October 30, 2025 22:51
@github-actions github-actions bot locked and limited conversation to collaborators Oct 30, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

codex

3 participants

@iceweasel-oai @etraut-openai