From 548afa57493ece472afefd0ff5404a920d8a8229 Mon Sep 17 00:00:00 2001 From: Michael Bolin Date: Tue, 10 Feb 2026 11:10:02 -0800 Subject: [PATCH] core: remove stale apply_patch SandboxPolicy TODO in seatbelt (#11345) The `TODO` in `core/src/seatbelt.rs` claimed that `apply_patch` still needed to honor `SandboxPolicy`. That was true when the comment was added, but it is no longer true. Analysis: - The TODO was introduced in #1762, when seatbelt code was split out of `exec.rs`. - `apply_patch` sandboxing was later implemented in #1705. - Today, `apply_patch` calls are routed through the tool orchestrator and delegated to `ApplyPatchRuntime`, which executes via `execute_env()` using the active sandbox attempt policy. - On macOS, the sandbox transform path for that execution still builds seatbelt args with `create_seatbelt_command_args(command, policy, sandbox_policy_cwd)`, so the same `SandboxPolicy` gates `apply_patch` writes and network behavior. Because this behavior is already enforced, the TODO is stale and removing it avoids implying missing sandbox coverage where none exists. No functional behavior change; comment-only cleanup. --- codex-rs/core/src/seatbelt.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/codex-rs/core/src/seatbelt.rs b/codex-rs/core/src/seatbelt.rs index c08f70b1e..e2061b52d 100644 --- a/codex-rs/core/src/seatbelt.rs +++ b/codex-rs/core/src/seatbelt.rs @@ -243,7 +243,6 @@ pub(crate) fn create_seatbelt_command_args( "" }; - // TODO(mbolin): apply_patch calls must also honor the SandboxPolicy. let proxy = proxy_policy_inputs(network); let network_policy = dynamic_network_policy(sandbox_policy, enforce_managed_network, &proxy);