History

Dylan Hurd e6e4c5fa3a chore(core) Restrict model-suggested rules (#11671 ) ## Summary If the model suggests a bad rule, don't show it to the user. This does not impact the parsing of existing rules, just the ones we show. ## Testing - [x] Added unit tests - [x] Ran locally		2026-02-12 23:57:53 -08:00
..
src	chore(core) Restrict model-suggested rules (#11671 )	2026-02-12 23:57:53 -08:00
templates	Remove absolute path in rollout_summary (#11622 )	2026-02-12 23:32:41 +00:00
tests	chore(approvals) More approvals scenarios (#11660 )	2026-02-12 19:54:54 -08:00
BUILD.bazel	Add feature-gated freeform js_repl core runtime (#10674 )	2026-02-11 12:05:02 -08:00
build.rs	fix: System skills marker includes nested folders recursively (#10350 )	2026-02-01 18:17:32 -08:00
Cargo.toml	chore: drop and clean from phase 1 (#11605 )	2026-02-12 17:23:00 +00:00
config.schema.json	Add new apps_mcp_gateway (#11630 )	2026-02-12 16:54:11 -08:00
gpt-5.1-codex-max_prompt.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
gpt-5.2-codex_prompt.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
gpt_5_1_prompt.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
gpt_5_2_prompt.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
gpt_5_codex_prompt.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
hierarchical_agents_message.md	Add hierarchical agent prompt (#8996 )	2026-01-09 13:47:37 -08:00
models.json	Update models.json (#11376 )	2026-02-10 17:25:35 -08:00
prompt.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
prompt_with_apply_patch_instructions.md	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
README.md	[feat] add seatbelt permission files (#11639 )	2026-02-12 23:30:22 +00:00
review_prompt.md	docs: Fix markdown list item spacing in codex-rs/core/review_prompt.md (#4144 )	2025-10-30 17:39:21 -07:00

README.md

codex-core

This crate implements the business logic for Codex. It is designed to be used by the various Codex UIs written in Rust.

Dependencies

Note that codex-core makes some assumptions about certain helper utilities being available in the environment. Currently, this support matrix is:

macOS

Expects /usr/bin/sandbox-exec to be present.

When using the workspace-write sandbox policy, the Seatbelt profile allows writes under the configured writable roots while keeping .git (directory or pointer file), the resolved gitdir: target, and .codex read-only.

Network access and filesystem read/write roots are controlled by SandboxPolicy. Seatbelt consumes the resolved policy and enforces it.

Seatbelt also supports macOS permission-profile extensions layered on top of SandboxPolicy:

no extension profile provided: keeps legacy default preferences read access (user-preference-read).
extension profile provided with no macos_preferences grant: does not add preferences access clauses.
macos_preferences = "readonly": enables cfprefs read clauses and user-preference-read.
macos_preferences = "readwrite": includes readonly clauses plus user-preference-write and cfprefs shm write clauses.
macos_automation = true: enables broad Apple Events send permissions.
macos_automation = ["com.apple.Notes", ...]: enables Apple Events send only to listed bundle IDs.
macos_accessibility = true: enables com.apple.axserver mach lookup.
macos_calendar = true: enables com.apple.CalendarAgent mach lookup.

Linux

Expects the binary containing codex-core to run the equivalent of codex sandbox linux (legacy alias: codex debug landlock) when arg0 is codex-linux-sandbox. See the codex-arg0 crate for details.

All Platforms

Expects the binary containing codex-core to simulate the virtual apply_patch CLI when arg1 is --codex-run-as-apply-patch. See the codex-arg0 crate for details.