Support multiple managed environments#18401
Merged
starr-openai merged 20 commits intomainfrom Apr 21, 2026
Merged
Conversation
pakrym-oai
reviewed
Apr 18, 2026
pakrym-oai
reviewed
Apr 18, 2026
starr-openai
force-pushed
the
env-manager-map-20260417
branch
6 times, most recently
from
ec3596e to
8f1d61b
Compare
starr-openai
force-pushed
the
env-manager-map-20260417
branch
from
8f1d61b to
70d3a74
Compare
pakrym-oai
reviewed
Apr 20, 2026
| Some(local_runtime_paths), | ||
| )), | ||
| environment_manager: std::sync::Arc::new(EnvironmentManager::new(EnvironmentManagerArgs { | ||
| exec_server_url: std::env::var(CODEX_EXEC_SERVER_URL_ENV_VAR).ok(), |
Collaborator
There was a problem hiding this comment.
nit: Should we hide the env-var reading?
pakrym-oai
reviewed
Apr 20, 2026
pakrym-oai
reviewed
Apr 20, 2026
pakrym-oai
reviewed
Apr 20, 2026
pakrym-oai
reviewed
Apr 20, 2026
| } | ||
|
|
||
| #[tokio::test(flavor = "multi_thread", worker_threads = 2)] | ||
| async fn exec_server_none_omits_environment_backed_tools() -> Result<()> { |
Collaborator
There was a problem hiding this comment.
though we had this one
pakrym-oai
reviewed
Apr 20, 2026
pakrym-oai
reviewed
Apr 20, 2026
starr-openai
force-pushed
the
env-manager-map-20260417
branch
from
3b5e90b to
154be3f
Compare
starr-openai
force-pushed
the
env-manager-map-20260417
branch
from
8620bea to
f748352
Compare
pakrym-oai
reviewed
Apr 21, 2026
| fn local_with_runtime_paths(local_runtime_paths: Option<ExecServerRuntimePaths>) -> Self { | ||
| let filesystem: Arc<dyn ExecutorFileSystem> = match local_runtime_paths.clone() { | ||
| Some(runtime_paths) => Arc::new(LocalFileSystem::with_runtime_paths(runtime_paths)), | ||
| None => Arc::new(LocalFileSystem::unsandboxed()), |
Collaborator
There was a problem hiding this comment.
Is this a security incident waiting to happen?
Contributor
Author
There was a problem hiding this comment.
good point - let me try to make ExecServerRuntimePaths required so we don't silently drop
Contributor
Author
There was a problem hiding this comment.
that said in codex-rs/exec-server/src/local_file_system.rs we do throw if we try to make a sandboxed fs operation but have no configured runtime operations
pakrym-oai
reviewed
Apr 21, 2026
| exec_server_url: None, | ||
| remote_exec_server_client: None, | ||
| exec_backend: Arc::new(LocalProcess::default()), | ||
| filesystem: Arc::new(LocalFileSystem::unsandboxed()), |
Collaborator
There was a problem hiding this comment.
I'm a bit worried how freely we are creationg unsandboxed fs impls.
Not blocking. Longer term we need to reduce how many ways to create environment there are.
Contributor
Author
There was a problem hiding this comment.
made this default_for_tests only, remved Default constructor to avoid change it's created accidentally
pakrym-oai
approved these changes
Apr 21, 2026
starr-openai
force-pushed
the
env-manager-map-20260417
branch
from
67d3e68 to
981cdd6
Compare
Refactor EnvironmentManager to own a keyed environment registry with explicit default and local lookups. Keep remote exec-server connections lazy at environment use sites and preserve disabled agent environment access separately from internal local environment access. Co-authored-by: Codex <noreply@openai.com>
Use EnvironmentManager::new for args-struct construction and keep from_env methods as the env-var factory entrypoints. Co-authored-by: Codex <noreply@openai.com>
Return concrete default and local environments from EnvironmentManager now that the manager always installs local and default entries. Keep arbitrary ID lookup optional. Co-authored-by: Codex <noreply@openai.com>
Keep the lazy remote exec-server client wrapper alongside ExecServerClient and import it from the client module for environment-backed exec and filesystem use. Co-authored-by: Codex <noreply@openai.com>
Use EnvironmentManager::new with EnvironmentManagerArgs for runtime-path-aware construction and keep from_env only for the no-args env-var factory. Co-authored-by: Codex <noreply@openai.com>
Add high-level EnvironmentManager docs for local/remote initialization, default environment selection, disabled agent access, and lazy remote connection behavior. Co-authored-by: Codex <noreply@openai.com>
Drop the unused local_environment helper and keep local lookups on the generic get_environment API. Co-authored-by: Codex <noreply@openai.com>
Clarify that SessionServices carries an Arc handle to the process-level EnvironmentManager rather than owning a session-specific manager. Co-authored-by: Codex <noreply@openai.com>
Restore CODEX_EXEC_SERVER_URL=none semantics by making EnvironmentManager::default_environment return None when environment access is disabled. Remove the separate disabled-for-agent flag and derive tool availability from the optional default environment. Add an end-to-end tool exposure test for CODEX_EXEC_SERVER_URL=none. Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
Create one lazy exec-server client per remote environment and pass clones into the remote process and filesystem backends. This keeps ExecServerClient as the connected-client type while avoiding duplicate websocket clients for one environment. Co-authored-by: Codex <noreply@openai.com>
Make EnvironmentManagerArgs::default() own CODEX_EXEC_SERVER_URL parsing so production entrypoints can keep using EnvironmentManager::new with struct update syntax for runtime paths. Add explicit test defaults so test managers do not depend on the process environment. Co-authored-by: Codex <noreply@openai.com>
Drop the networked integration test for CODEX_EXEC_SERVER_URL=none omitting environment-backed tools. Lower-level coverage already verifies disabled environments omit those tools. Co-authored-by: Codex <noreply@openai.com>
Make EnvironmentManagerArgs carry ExecServerRuntimePaths for production construction and route test-only unsandboxed setup through explicit _for_tests helpers. Use the manager local environment for MCP and app-server filesystem fallbacks instead of constructing a fresh default environment. Co-authored-by: Codex <noreply@openai.com>
Remove the app-server-client re-export now that environment-manager construction owns CODEX_EXEC_SERVER_URL reading directly in exec-server. Co-authored-by: Codex <noreply@openai.com>
Add a connector loading helper that accepts the existing EnvironmentManager and switch app-server paths to use it. Keep the config-only helper as a temporary fallback for callers such as TUI that do not yet pass the manager through. Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
starr-openai
force-pushed
the
env-manager-map-20260417
branch
from
981cdd6 to
3ec48a2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Validation