Skip to content

Migrate inherit sandbox state to per-tool-call metadata#42

Merged
t-kalinowski merged 5 commits intomainfrom
stack/inherit-sandbox-meta
Apr 22, 2026
Merged

Migrate inherit sandbox state to per-tool-call metadata#42
t-kalinowski merged 5 commits intomainfrom
stack/inherit-sandbox-meta

Conversation

@t-kalinowski
Copy link
Copy Markdown
Member

@t-kalinowski t-kalinowski commented Apr 20, 2026
edited
Loading

Summary

  • migrate --sandbox inherit from the obsolete async update flow to per-tool-call _meta["codex/sandbox-state-meta"]
  • keep inherit mode fail-closed when a call needs inherited sandbox state but does not provide usable metadata
  • preserve local-only follow-ups while staging current metadata before session-end respawns
  • document the request-scoped metadata contract and refresh regression coverage around metadata-driven sandbox selection

Why

Current Codex supplies inherited sandbox state on each tool call instead of through the old async update channel. The old contract no longer matched the client, which risked running a tool call without the sandbox state that actually applied to that call.

Public-facing changes

  • --sandbox inherit now expects per-tool-call codex/sandbox-state-meta metadata on calls that spawn, respawn, or reset an inherited worker
  • missing or malformed metadata still fails closed when current sandbox state is required
  • local poll-only paths can still return existing output/status without treating optional malformed metadata as fatal
  • explicit non-inherit sandbox modes remain authoritative and ignore Codex metadata
  • docs now describe the request-scoped metadata contract instead of the obsolete async update protocol

Internal-only changes

  • remove the old async sandbox update listener and startup settle path
  • thread request-scoped sandbox metadata through server and worker follow-up plumbing
  • ensure session-end resets and interrupt/restart tail paths do not respawn under stale inherited state
  • rebuild inherit-mode regression coverage around the current Codex contract, including platform-specific test gating for Unix-only cases

Diff composition

Measured against origin/main, this PR is 5,300 insertions and 1,165 deletions across 46 files. Most of that is regression coverage rather than runtime code:

  • runtime code in src/: +1,048/-343 (21.5% of churn)
  • tests in tests/: +3,464/-726 (64.8% of churn)
  • inline tests inside src/: +648/-77 (11.2% of churn)
  • docs and README: +140/-19 (2.5% of churn)

The largest contributors are tests/sandbox_state_updates.rs, tests/codex_approvals_tui.rs, and inline tests in src/worker_process.rs.

Verification

Base automatically changed from stack/cli-integration-harness to main April 20, 2026 19:48
@t-kalinowski t-kalinowski force-pushed the stack/inherit-sandbox-meta branch 5 times, most recently from 25f35f9 to 2acdf61 Compare April 20, 2026 22:37
@t-kalinowski t-kalinowski marked this pull request as ready for review April 21, 2026 13:58
@t-kalinowski t-kalinowski force-pushed the stack/inherit-sandbox-meta branch from 32f077c to 33eaaac Compare April 22, 2026 15:37
@t-kalinowski t-kalinowski merged commit de3cd2f into main Apr 22, 2026
5 checks passed
@t-kalinowski t-kalinowski deleted the stack/inherit-sandbox-meta branch April 22, 2026 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@t-kalinowski