config: add initial support for the new permission profile config language in config.toml#13434
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 57adb8739f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
bolinfest
added a commit
that referenced
this pull request
Mar 4, 2026
This was referenced Mar 4, 2026
bolinfest
force-pushed
the
pr13434
branch
2 times, most recently
from
15b518e to
7abd701
Compare
This was referenced Mar 4, 2026
bolinfest
force-pushed
the
pr13434
branch
11 times, most recently
from
c19cf38 to
fac9b40
Compare
bolinfest
changed the title
bolinfest
changed the title
viyatb-oai
reviewed
Mar 6, 2026
| fn config_toml_deserializes_permissions_network() { | ||
| let toml = r#" | ||
| [permissions.network] | ||
| [network] |
Collaborator
There was a problem hiding this comment.
why is this expecting a top level [network] entry? shouldn't it be permissions.<profile>.network? we don't need backwards compatibility here..
Collaborator
Author
There was a problem hiding this comment.
Yes, it seems like Codex was trying to be "helpful" on the backwards compatibility front. I'll remove...
bolinfest
changed the title
bolinfest
changed the title
viyatb-oai
approved these changes
Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
SandboxPolicycurrently mixes together three separate concerns:config.tomlThat makes the existing config awkward to extend and blocks the new TOML proposal where
[permissions]becomes a table of named permission profiles selected bydefault_permissions. (The idea is that ifdefault_permissionsis not specified, we assume the user is opting into the "traditional" way to configure the sandbox.)This PR adds the config-side plumbing for those profiles while still projecting back to the legacy
SandboxPolicyshape that the current macOS and Linux sandbox backends consume.It also tightens the filesystem profile model so scoped entries only exist for
:project_roots, and so nested keys must stay within a project root instead of using.or..traversal.This drops support for the short-lived
[permissions.network]inconfig.tomlbecause now that would be interpreted as a profile namednetworkwithin[permissions].What Changed
PermissionsToml,PermissionProfileToml,FilesystemPermissionsToml, andFilesystemPermissionTomlso config can parse named profiles under[permissions.<profile>.filesystem]default_permissionsselection, validation for missing or unknown profiles, and compilation from a named profile into splitFileSystemSandboxPolicyandNetworkSandboxPolicyvaluessandbox_modepath and the profile-based path without breaking legacy userscodex-protocol::permissionsfor the split filesystem and network sandbox types, and stored those alongside the legacy projectedsandbox_policyin runtimePermissionsFileSystemSpecialPathso onlyProjectRootscan carry a nestedsubpath, matching the intended config syntax instead of allowing invalid states for other special paths:project_roots, with validation that nested entries are non-empty descendant paths and cannot use.or..to escape the project rootFileSystemSandboxPolicyback intoSandboxPolicy, with an explicit error for profiles that request writes outside the workspace root[network]core/config.schema.jsonVerification
default_permissionsselection, top-level[network]loading, network enablement, rejection of writes outside the workspace root, rejection of nested entries for non-:project_rootsspecial paths, and rejection of parent-directory traversal in:project_rootsmapsDocs
[permissions.<profile>]entries,default_permissions, scoped:project_rootssyntax, the descendant-path restriction for nested:project_rootsentries, and top-level[network]proxy configurationStack created with Sapling. Best reviewed with ReviewStack.