5296e06b61
The Mac and Linux implementations of the sandbox recently added write protections for `.codex` and `.agents` subdirectories in all writable roots. When adding documentation for this, I noticed that this change was never made for the Windows sandbox. Summary - make compute_allow_paths treat .codex/.agents as protected alongside .git, and cover their behavior in new tests - wire protect_workspace_agents_dir through the sandbox lib and setup path to apply deny ACEs when `.agents` exists - factor shared ACL logic for workspace subdirectories |
||
|---|---|---|
| .. | ||
| src | ||
| BUILD.bazel | ||
| build.rs | ||
| Cargo.toml | ||
| codex-windows-sandbox-setup.manifest | ||
| sandbox_smoketests.py | ||