add a slash command to grant sandbox read access to inaccessible directories#11512
Conversation
iceweasel-oai
changed the title
iceweasel-oai
force-pushed
the
dev/iceweasel/add-read-root-slash-command
branch
from
8f1d649 to
e51eb54
Compare
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e51eb549af
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| self.chat_widget | ||
| .add_to_history(history_cell::new_info_event( | ||
| format!("Sandbox read access granted for {}", path.display()), | ||
| None, |
There was a problem hiding this comment.
This branch always emits a success event on Ok, but grant_read_root_non_elevated can return Ok even when no read grant is applied because run_setup_refresh_inner is a no-op for DangerFullAccess/ExternalSandbox policies (windows-sandbox-rs/src/setup_orchestrator.rs, run_setup_refresh_inner). In that scenario /sandbox-read-root tells the user the directory was granted even though nothing changed, which can mislead them into thinking future sandboxed runs will have access.
Useful? React with 👍 / 👎.
2 participants
There is an edge case where a directory is not readable by the sandbox. In practice, we've seen very little of it, but it can happen so this slash command unlocks users when it does.
Future idea is to make this a tool that the agent knows about so it can be more integrated.