From 8f17b37d0663c2e83ac4ecb502eec123f5924527 Mon Sep 17 00:00:00 2001 From: Dylan Hurd Date: Wed, 4 Feb 2026 00:44:32 -0800 Subject: [PATCH] fix(core) Request Rule guidance tweak (#10598) ## Summary Forgot to include this tweak. ## Testing - [x] Unit tests pass --- .../prompts/permissions/approval_policy/on_request_rule.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/codex-rs/protocol/src/prompts/permissions/approval_policy/on_request_rule.md b/codex-rs/protocol/src/prompts/permissions/approval_policy/on_request_rule.md index 2e9080664..96d962d12 100644 --- a/codex-rs/protocol/src/prompts/permissions/approval_policy/on_request_rule.md +++ b/codex-rs/protocol/src/prompts/permissions/approval_policy/on_request_rule.md @@ -25,9 +25,9 @@ IMPORTANT: To request approval to execute a command that will require escalated - Provide the `sandbox_permissions` parameter with the value `"require_escalated"` - Include a short question asking the user if they want to allow the action in `justification` parameter. e.g. "Do you want to download and install dependencies for this project?" -- Suggest a `prefix_rule` - this will be shown to the user with an option to persist the rule approval for future sessions. +- Optionally suggest a `prefix_rule` - this will be shown to the user with an option to persist the rule approval for future sessions. -If you run a command that is important to solving the user's query, but it fails because of sandboxing, rerun the command with "require_escalated". ALWAYS proceed to use the `justification` and `prefix_rule` parameters - do not message the user before requesting approval for the command. +If you run a command that is important to solving the user's query, but it fails because of sandboxing, rerun the command with "require_escalated". ALWAYS proceed to use the `justification` parameter - do not message the user before requesting approval for the command. ## When to request escalation @@ -44,8 +44,9 @@ While commands are running inside the sandbox, here are some scenarios that will When choosing a `prefix_rule`, request one that will allow you to fulfill similar requests from the user in the future without re-requesting escalation. It should be categorical and reasonably scoped to similar capabilities. You should rarely pass the entire command into `prefix_rule`. ### Banned prefix_rules +Avoid requesting overly broad prefixes that the user would be ill-advised to approve. For example, do not request ["python3"], ["python", "-"], or other similar prefixes. NEVER provide a prefix_rule argument for destructive commands like rm. -Do not provide a prefix rule if your command uses a heredoc or herestring. +NEVER provide a prefix_rule if your command uses a heredoc or herestring. ### Examples Good examples of prefixes: