tui onboarding: warn when trusting git subdirectories

[joycebeatriz]

Summary

When a user runs Codex from a subdirectory within a Git repository and chooses to trust the directory, it's unclear that the trust decision applies to the repository root, not just the current directory.

Proposal

Add a yellow warning message in the TUI onboarding screen that clarifies when the user is in a Git subdirectory, showing which directory will actually be trusted.

Implementation

The fix has been implemented and tested at: joycebeatriz#1

• Added conditional warning message when cwd != trust_target
• Updated snapshot tests
• Included Contributor Covenant v3.0 adoption

[itsmejay80]

Valid enhancement the codebase already has a // TODO: add git warning. comment at exactly the right spot (onboarding_screen.rs:142), and TrustDirectoryWidget already carries both cwd and trust_target fields, so the scaffolding is all there.

Proposed Implementation

1. codex-rs/tui/src/onboarding/trust_directory.rs — add warning block in render_ref

After line 51 (the "You are in ..." line), insert a conditional yellow warning when cwd != trust_target:

// after the "You are in..." line
column.push("");

if self.cwd != self.trust_target {
    column.push(
        Paragraph::new(format!(
            "⚠  You are in a Git subdirectory. Trusting will apply to the repository root: {}",
            self.trust_target.display()
        ))
        .yellow()
        .wrap(Wrap { trim: true })
        .inset(Insets::tlbr(0, 2, 0, 0)),
    );
    column.push("");
}

2. codex-rs/tui/src/onboarding/onboarding_screen.rs:142 remove the TODO

The TODO comment can be dropped once the widget handles the warning itself (it already receives trust_target).

3. Add snapshot test

#[test]
fn renders_snapshot_for_git_subdirectory() {
    let codex_home = TempDir::new().expect("temp home");
    let widget = TrustDirectoryWidget {
        codex_home: codex_home.path().to_path_buf(),
        cwd: PathBuf::from("/workspace/project/src"),        // subdirectory
        trust_target: PathBuf::from("/workspace/project"),   // git root
        show_windows_create_sandbox_hint: false,
        should_quit: false,
        selection: None,
        highlighted: TrustDirectorySelection::Trust,
        error: None,
    };

    let mut terminal =
        Terminal::new(VT100Backend::new(/*width*/ 70, /*height*/ 16)).expect("terminal");
    terminal
        .draw(|f| (&widget).render_ref(f.area(), f.buffer_mut()))
        .expect("draw");

    insta::assert_snapshot!(terminal.backend());
}

Why this approach

• Zero struct changes needed trust_target is already plumbed all the way through to the widget
• Warning lives in the rendering layer, keeping the logic concern-separated
• Yellow styling is consistent with how ratatui warnings are typically shown; distinct from the red error field
• The condition cwd != trust_target is the exact same check the existing TODO implies

@etraut-openai happy to open a PR for this if it looks good to you.

[joycebeatriz]

Hi @itsmejay80 and @etraut-openai!! I implemented this earlier today, and the fix is ready at https://github.com/joycebeatriz/codex/tree/joyce/onboarding-git-root-warning; since I don’t have collaborator access to open a PR directly, I wanted to flag it here in case you’d like to review or pull it in, and I’m happy to make any adjustments needed.

[etraut-openai]

@joycebeatriz, we don't generally accept external code contributions. It's more work for us to accept, review and validate such changes than it is for us to have codex write them for us. The important part is the root cause analysis, which you've already provided above (thanks!).

We generally prioritize feature requests based on community upvotes.

[joycebeatriz]

Ahhh! Now I get it! @etraut-openai thanks for the clarification!!

[etraut-openai]

This will be addressed in the next release.