From dccce34d84b39bab304f9949b72db3e3d4bc5850 Mon Sep 17 00:00:00 2001 From: Eric Traut Date: Sun, 2 Nov 2025 23:41:05 -0600 Subject: [PATCH] Fix "archive conversation" on Windows (#6124) Addresses issue https://github.com/openai/codex/issues/3582 where an "archive conversation" command in the extension fails on Windows. The problem is that the `archive_conversation` api server call is not canonicalizing the path to the rollout path when performing its check to verify that the rollout path is in the sessions directory. This causes it to fail 100% of the time on Windows. Testing: I was able to repro the error on Windows 100% prior to this change. After the change, I'm no longer able to repro. --- .../app-server/src/codex_message_processor.rs | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/codex-rs/app-server/src/codex_message_processor.rs b/codex-rs/app-server/src/codex_message_processor.rs index 99310e198..7cd60eaed 100644 --- a/codex-rs/app-server/src/codex_message_processor.rs +++ b/codex-rs/app-server/src/codex_message_processor.rs @@ -1172,9 +1172,23 @@ impl CodexMessageProcessor { // Verify that the rollout path is in the sessions directory or else // a malicious client could specify an arbitrary path. let rollout_folder = self.config.codex_home.join(codex_core::SESSIONS_SUBDIR); + let canonical_sessions_dir = match tokio::fs::canonicalize(&rollout_folder).await { + Ok(path) => path, + Err(err) => { + let error = JSONRPCErrorError { + code: INTERNAL_ERROR_CODE, + message: format!( + "failed to archive conversation: unable to resolve sessions directory: {err}" + ), + data: None, + }; + self.outgoing.send_error(request_id, error).await; + return; + } + }; let canonical_rollout_path = tokio::fs::canonicalize(&rollout_path).await; let canonical_rollout_path = if let Ok(path) = canonical_rollout_path - && path.starts_with(&rollout_folder) + && path.starts_with(&canonical_sessions_dir) { path } else {