core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/execpolicy/src
History
zhao-oai 3d35cb4619
Refactor execpolicy fallback evaluation (#7544) 
## Refactor of the `execpolicy` crate

To illustrate why we need this refactor, consider an agent attempting to
run `apple | rm -rf ./`. Suppose `apple` is allowed by `execpolicy`.
Before this PR, `execpolicy` would consider `apple` and `pear` and only
render one rule match: `Allow`. We would skip any heuristics checks on
`rm -rf ./` and immediately approve `apple | rm -rf ./` to run.

To fix this, we now thread a `fallback` evaluation function into
`execpolicy` that runs when no `execpolicy` rules match a given command.
In our example, we would run `fallback` on `rm -rf ./` and prevent
`apple | rm -rf ./` from being run without approval.
2025-12-03 23:39:48 -08:00
..
amend.rs execpolicy helpers (#7032) 2025-12-02 15:05:27 -05:00
decision.rs migrating execpolicy -> execpolicy-legacy and execpolicy2 -> execpolicy (#6956) 2025-11-19 19:14:10 -08:00
error.rs migrating execpolicy -> execpolicy-legacy and execpolicy2 -> execpolicy (#6956) 2025-11-19 19:14:10 -08:00
execpolicycheck.rs Refactor execpolicy fallback evaluation (#7544) 2025-12-03 23:39:48 -08:00
lib.rs execpolicy helpers (#7032) 2025-12-02 15:05:27 -05:00
main.rs Refactor execpolicy fallback evaluation (#7544) 2025-12-03 23:39:48 -08:00
parser.rs migrating execpolicy -> execpolicy-legacy and execpolicy2 -> execpolicy (#6956) 2025-11-19 19:14:10 -08:00
policy.rs Refactor execpolicy fallback evaluation (#7544) 2025-12-03 23:39:48 -08:00
rule.rs Refactor execpolicy fallback evaluation (#7544) 2025-12-03 23:39:48 -08:00