core-agent-ide/codex-rs/execpolicy2/Cargo.toml

[package]
name = "codex-execpolicy2"
version = { workspace = true }
edition = "2024"
description = "Codex exec policy v2: prefix-based Starlark rules for command decisions."

[lib]
name = "codex_execpolicy2"
path = "src/lib.rs"

[[bin]]
name = "codex-execpolicy2"
path = "src/main.rs"

[lints]
workspace = true

[dependencies]
anyhow = { workspace = true }
clap = { workspace = true, features = ["derive"] }
multimap = { workspace = true }
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
shlex = { workspace = true }
starlark = { workspace = true }
thiserror = { workspace = true }

[dev-dependencies]
pretty_assertions = { workspace = true }
feat: execpolicy v2 (#6467) ## Summary - Introduces the `codex-execpolicy2` crate. - This PR covers only the prefix-rule subset of the planned execpolicy v2 language; a richer language will follow. ## Policy - Policy language centers on `prefix_rule(pattern=[...], decision?, match?, not_match?)`, where `pattern` is an ordered list of tokens; any element may be a list to denote alternatives. `decision` defaults to `allow`; valid values are `allow`, `prompt`, and `forbidden`. `match` / `not_match` hold example commands that are tokenized and validated at load time (think of these as unit tests). ## Policy shapes - Prefix rules use Starlark syntax: ```starlark prefix_rule( pattern = ["cmd", ["alt1", "alt2"]], # ordered tokens; list entries denote alternatives decision = "prompt", # allow \| prompt \| forbidden; defaults to allow match = [["cmd", "alt1"]], # examples that must match this rule (enforced at compile time) not_match = [["cmd", "oops"]], # examples that must not match this rule (enforced at compile time) ) ``` ## Response shapes - Match: ```json { "match": { "decision": "allow\|prompt\|forbidden", "matchedRules": [ { "prefixRuleMatch": { "matchedPrefix": ["<token>", "..."], "decision": "allow\|prompt\|forbidden" } } ] } } ``` - No match: ```json "noMatch" ``` - `matchedRules` lists every rule whose prefix matched the command; `matchedPrefix` is the exact prefix that matched. - The effective `decision` is the strictest severity across all matches (`forbidden` > `prompt` > `allow`). --------- Co-authored-by: Michael Bolin <mbolin@openai.com> 2025-11-17 10:15:45 -08:00			`[package]`
			`name = "codex-execpolicy2"`
			`version = { workspace = true }`
			`edition = "2024"`
			`description = "Codex exec policy v2: prefix-based Starlark rules for command decisions."`

			`[lib]`
			`name = "codex_execpolicy2"`
			`path = "src/lib.rs"`

			`[[bin]]`
			`name = "codex-execpolicy2"`
			`path = "src/main.rs"`

			`[lints]`
			`workspace = true`

			`[dependencies]`
			`anyhow = { workspace = true }`
			`clap = { workspace = true, features = ["derive"] }`
			`multimap = { workspace = true }`
			`serde = { workspace = true, features = ["derive"] }`
			`serde_json = { workspace = true }`
			`shlex = { workspace = true }`
			`starlark = { workspace = true }`
			`thiserror = { workspace = true }`

			`[dev-dependencies]`
			`pretty_assertions = { workspace = true }`