[codex] Reject network proxy with unelevated Windows sandbox#28591
Closed
iceweasel-oai wants to merge 9 commits into
Closed
[codex] Reject network proxy with unelevated Windows sandbox#28591iceweasel-oai wants to merge 9 commits into
iceweasel-oai wants to merge 9 commits into
Conversation
viyatb-oai
reviewed
Jun 17, 2026
viyatb-oai
approved these changes
Jun 17, 2026
viyatb-oai
left a comment
Collaborator
There was a problem hiding this comment.
Looks good. The follow-up fixes keep config writes from failing on unrelated materialization errors while still rejecting the Windows unelevated sandbox + network proxy combination where it can actually break startup/runtime.
pakrym-oai
approved these changes
Jun 17, 2026
aec07ed to
ad30f9d
Compare
…-proxy-config-error
Co-authored-by: Codex noreply@openai.com
ad30f9d to
41d491c
Compare
Contributor
|
All contributors have signed the CLA ✍️ ✅ |
|
I have read the CLA Document and I hereby sign the CLA |
Collaborator
Author
|
Superseded by #31437. The replacement moves the invariant to managed requirements: enabling managed networking now requires administrators to allow only the elevated Windows sandbox. This catches an invalid policy immediately instead of surfacing a hard error when a user later selects the unelevated fallback. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
On Windows, managed network proxy enforcement requires the elevated sandbox backend. Previously,
proxy_enforcedsilently selected that backend even when the user chosewindows.sandbox = "unelevated", which could trigger a UAC prompt that enterprise users without administrator access cannot accept.Codex should reject that incompatible configuration without silently elevating or preventing a non-strict app-server from starting.
What changed
windows.sandbox = "elevated"; proxy enforcement no longer overrides the configured backend.Testing
just test -p codex-core windows_sandbox_level_selects_elevated_backendjust test -p codex-app-server strict_config