dump #6245
dump #6245
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| sandbox: SandboxType::None, | ||
| with_escalated_permissions: None, | ||
| justification: None, | ||
| arg0: None, |
There was a problem hiding this comment.
The new UserShellCommandTask now constructs its own ExecEnv with sandbox: SandboxType::None and then passes SandboxPolicy::DangerFullAccess into execute_exec_env. That means every !… command runs unsandboxed with full filesystem/network access regardless of the user’s configured sandbox_mode or approval policy. Before this change the same commands were routed through ToolOrchestrator::run (see tools/handlers/shell.rs), which derives the sandbox from turn_context.sandbox_policy and enforces the configured approval flow, so read-only/workspace-write sandboxes and prompts worked as expected. With the new hard‑coded values a session configured as read‑only can now be mutated simply by running !rm, which breaks the documented safety guarantees. Please plumb the session’s sandbox policy/approval handling into this path instead of forcing DangerFullAccess.
Useful? React with 👍 / 👎.
|
No. Do not dump. |
No description provided.