Skip to content

[codex] Reject network proxy with unelevated Windows sandbox#28591

Closed
iceweasel-oai wants to merge 9 commits into
mainfrom
codex/windows-network-proxy-config-error
Closed

[codex] Reject network proxy with unelevated Windows sandbox#28591
iceweasel-oai wants to merge 9 commits into
mainfrom
codex/windows-network-proxy-config-error

Conversation

@iceweasel-oai

@iceweasel-oai iceweasel-oai commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator
Screenshot 2026-06-16 133809 Screenshot 2026-06-16 161930

Why

On Windows, managed network proxy enforcement requires the elevated sandbox backend. Previously, proxy_enforced silently selected that backend even when the user chose windows.sandbox = "unelevated", which could trigger a UAC prompt that enterprise users without administrator access cannot accept.

Codex should reject that incompatible configuration without silently elevating or preventing a non-strict app-server from starting.

What changed

  • Rejects network proxy configuration with the unelevated Windows sandbox during config writes, sandbox setup, and effective permission-profile resolution.
  • Keeps non-strict app-server startup recoverable: an existing incompatible config is reported through the normal config warning and defaults fallback.
  • Selects the elevated backend only when windows.sandbox = "elevated"; proxy enforcement no longer overrides the configured backend.

Testing

  • just test -p codex-core windows_sandbox_level_selects_elevated_backend
  • just test -p codex-app-server strict_config
  • Added Windows-only coverage for the non-strict startup fallback and config-write rejection.

@iceweasel-oai iceweasel-oai requested a review from a team as a code owner June 16, 2026 21:02
Comment thread codex-rs/app-server/src/config_manager_service.rs Outdated
@iceweasel-oai iceweasel-oai requested a review from viyatb-oai June 17, 2026 20:26

@viyatb-oai viyatb-oai left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. The follow-up fixes keep config writes from failing on unrelated materialization errors while still rejecting the Windows unelevated sandbox + network proxy combination where it can actually break startup/runtime.

@viyatb-oai viyatb-oai force-pushed the codex/windows-network-proxy-config-error branch 2 times, most recently from aec07ed to ad30f9d Compare June 24, 2026 18:22
@viyatb-oai viyatb-oai force-pushed the codex/windows-network-proxy-config-error branch from ad30f9d to 41d491c Compare June 24, 2026 18:47
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@alexey-openai

Copy link
Copy Markdown

I have read the CLA Document and I hereby sign the CLA

Copy link
Copy Markdown
Collaborator Author

Superseded by #31437. The replacement moves the invariant to managed requirements: enabling managed networking now requires administrators to allow only the elevated Windows sandbox. This catches an invalid policy immediately instead of surfacing a hard error when a user later selects the unelevated fallback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants