windows-sandbox: add runner IPC foundation for future unified_exec#14139
Merged
iceweasel-oai merged 8 commits intomainfrom Mar 16, 2026
Merged
windows-sandbox: add runner IPC foundation for future unified_exec#14139iceweasel-oai merged 8 commits intomainfrom
iceweasel-oai merged 8 commits intomainfrom
Conversation
iceweasel-oai
force-pushed
the
windows-runner-ipc-foundation
branch
from
c4c614d to
77e965f
Compare
Collaborator
Author
|
@codex review |
Contributor
|
Codex Review: Didn't find any major issues. Delightful! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
This was referenced Mar 10, 2026
Collaborator
dylan-hurd-oai
left a comment
dylan-hurd-oai
left a comment
There was a problem hiding this comment.
Couple comments, mostly for my understanding. Overall this approach feels reasonable!
iceweasel-oai
force-pushed
the
windows-runner-ipc-foundation
branch
2 times, most recently
from
dce3c4d to
c8a92cc
Compare
dylan-hurd-oai
approved these changes
Mar 16, 2026
Collaborator
dylan-hurd-oai
left a comment
dylan-hurd-oai
left a comment
There was a problem hiding this comment.
one comment on tui_app_server change but otherwise LGTM
iceweasel-oai
force-pushed
the
windows-runner-ipc-foundation
branch
from
c8a92cc to
5fa542e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces the Windows sandbox runner IPC foundation that later unified_exec work will build on.
The key point is that this is intentionally infrastructure-only. The new IPC transport, runner plumbing, and ConPTY helpers are added here, but the active elevated Windows sandbox path still uses the existing request-file bootstrap. In other words, this change prepares the transport and module layout we need for unified_exec without switching production behavior over yet.
Part of this PR is also a source-layout cleanup: some Windows sandbox files are moved into more explicit
elevated/,conpty/, and shared locations so it is clearer which code is for the elevated sandbox flow, which code is legacy/direct-spawn behavior, and which helpers are shared between them. That reorganization is intentional in this first PR so later behavioral changes do not also have to carry a large amount of file-move churn.Why This Is Needed For unified_exec
Windows elevated sandboxed unified_exec needs a long-lived, bidirectional control channel between the CLI and a helper process running under the sandbox user. That channel has to support:
The existing elevated one-shot path is built around a request-file bootstrap and does not provide those primitives cleanly. Before we can turn on Windows sandbox unified_exec, we need the underlying runner protocol and transport layer that can carry those lifecycle events and streams.
Why Windows Needs More Machinery Than Linux Or macOS
Linux and macOS can generally build unified_exec on top of the existing sandbox/process model: the parent can spawn the child directly, retain normal ownership of stdio or PTY handles, and manage the lifetime of the sandboxed process without introducing a second control process.
Windows elevated sandboxing is different. To run inside the sandbox boundary, we cross into a different user/security context and then need to manage a long-lived process from outside that boundary. That means we need an explicit helper process plus an IPC transport to carry spawn, stdin, output, and exit events back and forth. The extra code here is mostly that missing Windows sandbox infrastructure, not a conceptual difference in unified_exec itself.
What This PR Adds
What This PR Does Not Yet Do
So while this code compiles and the new path has basic validation, it is not yet the exercised production path. That is intentional for this first PR: the goal here is to land the transport and runner foundation cleanly before later PRs start routing real command execution through it.
Follow-Ups
Planned follow-up PRs will:
Validation
cargo build -p codex-windows-sandbox