openai
Improve error handling for Windows sandbox initialization
- Identify the Root Cause I analyzed the codex-rs/windows-sandbox-rs crate, specifically how it handles file permissions (ACLs) for the sandboxed environment.
The Bug: In src/lib.rs, the system was identifying which file paths strictly needed read or write access. It then attempted to grant these permissions using add_allow_ace. However, it was silently ignoring any errors during this process. The Consequence: If the system failed to grant the necessary permissions (e.g., due to file locking or OS restrictions), it would proceed anyway. This meant the sandboxed process would start without the rights it needed, leading to "access denied" errors, retries, hangs, and the "sluggish" behavior users reported. 2. Implement the Fix I modified codex-rs/windows-sandbox-rs/src/lib.rs to correctly handle these errors.
Stop Silent Failures: I replaced the if let Ok(...) checks with proper match statements. Error Propagation: If granting permissions (add_allow_ace) or blocking access (add_deny_write_ace) fails, the function now immediately returns an error. Improved Logging: I added log_failure calls to record exactly which file path caused the permission error.
All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for the contribution. Please look at the code review feedback from codex. You'll also need to sign the CLA and fix the CI failures.
@anant2526, there are still some lint failures. Looks like a simple formatting issue.
@anant2526, there are still formatting issues. Run just fmt locally to auto-format the code. There's also an "unused import" lint failure. Run cargo clippy locally to check for any additional lint failures.