refactor sandboxing (1/?)

[nornagon-openai]

The sandboxing code has been getting a bit twisty. This is the first step of ??? to iron it out.

1. move all seatbelt code to a mac-only module under mac/. Goal: don't compile any Seatbelt-related code for platforms that don't have Seatbelt. Likewise for Landlock.
2. Remove codex_core::exec::SandboxType. This was just a bool with a different value for "true" on each platform. Now it's just a bool.

[nornagon-openai]

@codex fix this build error on non-mac:

error: unused variable: `log_denials`
   --> cli/src/debug_sandbox.rs:109:5
    |
109 |     log_denials: bool,
    |     ^^^^^^^^^^^ help: if this is intentional, prefix it with an underscore: `_log_denials`
    |
    = note: `-D unused-variables` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(unused_variables)]`

[chatgpt-codex-connector[bot]]

Summary

• Prevent unused-variable warnings for log_denials on non-macOS builds by marking the flag as used while keeping the sandbox helper signature consistent across platforms. cli/src/debug_sandbox.rsL104-L113

Testing

• ✅ just fmt
• ✅ just fix -p codex-cli
• ✅ cargo test -p codex-cli

View task →

[github-actions[bot]]

Closing this pull request because it has had no updates for more than 14 days. If you plan to continue working on it, feel free to reopen or open a new PR.