Skip to content

Store sandbox sessions in repo-local .rwx/sandboxes/ directory#397

Merged
robinaugh merged 1 commit intomainfrom
jason/local-sandbox-storage
Mar 5, 2026
Merged

Store sandbox sessions in repo-local .rwx/sandboxes/ directory#397
robinaugh merged 1 commit intomainfrom
jason/local-sandbox-storage

Conversation

@robinaugh
Copy link
Contributor

@robinaugh robinaugh commented Mar 5, 2026
edited
Loading

This allows us to default to storing sandboxes locally rather than in ~/config/rwx, so that agents with strict permissions to only work in their current working directory can still access that file.

As an example, if you're using Codex and have this set in your config.toml, it cannot easily access the sandboxes file today:

sandbox_mode = "workspace-write"
approval_policy = "on-request"

This PR moves to always using a local .rwx/sandboxes/ directory, lazy-creating .rwx at the git root (or CWD) if one doesn't already exist.

Summary

  • Sandbox storage always uses .rwx/sandboxes/sandboxes.json — global ~/.config/rwx/sandboxes.json support has been removed
  • If no .rwx directory exists, one is created at the git repository root (or CWD if not in a git repo)
  • The sandboxes/ directory is gitignored (via * pattern) and excluded from run uploads
  • Locking simplified to a single local lock file
  • Added GetTopLevel() to the git client for finding the repo root
  • No changes to session key format or caller signatures in service_sandbox.go

Test plan

  • Unit tests pass (go test ./internal/... ./cmd/...)
  • Lint passes (golangci-lint run ./...)
  • Manual: rwx sandbox start/exec/list/stop — verify sessions stored in .rwx/sandboxes/sandboxes.json
  • Manual: Run from a repo without .rwx/ — verify .rwx is lazy-created at git root
  • Manual: Verify .rwx/sandboxes/ is not uploaded with runs

@robinaugh robinaugh self-assigned this Mar 5, 2026
@robinaugh robinaugh force-pushed the jason/local-sandbox-storage branch from d4b28a2 to de465c8 Compare March 5, 2026 18:08
@robinaugh robinaugh marked this pull request as ready for review March 5, 2026 18:17
@robinaugh robinaugh mentioned this pull request Mar 5, 2026
Merged
6 tasks
dan-manges
dan-manges previously approved these changes Mar 5, 2026
View reviewed changes
@robinaugh
Store sandbox sessions in repo-local .rwx/sandboxes/ directory
736c82e 
Sandbox storage now prefers .rwx/sandboxes/sandboxes.json over the
global ~/.config/rwx/sandboxes.json when a .rwx directory exists.
Falls back to global storage for repos without .rwx/. The sandboxes
directory is gitignored and excluded from run uploads.
@robinaugh robinaugh force-pushed the jason/local-sandbox-storage branch from de465c8 to 736c82e Compare March 5, 2026 18:53
@robinaugh robinaugh requested a review from dan-manges March 5, 2026 18:54
@robinaugh robinaugh merged commit 7823201 into main Mar 5, 2026
1 check passed
@robinaugh robinaugh deleted the jason/local-sandbox-storage branch March 5, 2026 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dan-manges dan-manges dan-manges approved these changes

Assignees

@robinaugh robinaugh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robinaugh @dan-manges