From 938541999ec6fd5a8b59b46a7fe93ac91c7d1534 Mon Sep 17 00:00:00 2001
From: Vincent Koc <vincentkoc@ieee.org>
Date: Wed, 1 Apr 2026 18:35:21 +0900
Subject: [PATCH] Delete
 docs/internal/codex/2026-03-29-exec-target-override-fix.md

---
 .../2026-03-29-exec-target-override-fix.md    | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 docs/internal/codex/2026-03-29-exec-target-override-fix.md

diff --git a/docs/internal/codex/2026-03-29-exec-target-override-fix.md b/docs/internal/codex/2026-03-29-exec-target-override-fix.md
deleted file mode 100644
index 84abab8b0b5..00000000000
--- a/docs/internal/codex/2026-03-29-exec-target-override-fix.md
+++ /dev/null
@@ -1,19 +0,0 @@
----
-title: "Exec target override bypass fix"
-summary: "Hardened exec target resolution so auto defaults no longer allow model-requested host overrides."
-author: "Codex <codex@openai.com>"
-github_username: "codex"
-created: "2026-03-29"
----
-
-Investigated a high-severity regression in exec target resolution.
-
-What changed:
-
-- Confirmed current behavior allowed `configuredTarget=auto` with `requestedTarget=gateway/node`, which selects host execution even when sandbox is available.
-- Restored fail-closed allowlist behavior by requiring requested target to exactly match configured target.
-- Updated the runtime unit test to verify host overrides are rejected when configured target is `auto`.
-
-Why:
-
-- `auto` should choose runtime host automatically, not grant untrusted host-selection overrides.