core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/core
History
Michael Bolin b148d98e0e
execpolicy: add host_executable() path mappings (#12964) 
## Why

`execpolicy` currently keys `prefix_rule()` matching off the literal
first token. That works for rules like `["/usr/bin/git"]`, but it means
shared basename rules such as `["git"]` do not help when a caller passes
an absolute executable path like `/usr/bin/git`.

This PR lays the groundwork for basename-aware matching without changing
existing callers yet. It adds typed host-executable metadata and an
opt-in resolution path in `codex-execpolicy`, so a follow-up PR can
adopt the new behavior in `unix_escalation.rs` and other call sites
without having to redesign the policy layer first.

## What Changed

- added `host_executable(name = ..., paths = [...])` to the execpolicy
parser and validated it with `AbsolutePathBuf`
- stored host executable mappings separately from prefix rules inside
`Policy`
- added `MatchOptions` and opt-in `*_with_options()` APIs that preserve
existing behavior by default
- implemented exact-first matching with optional basename fallback,
gated by `host_executable()` allowlists when present
- normalized executable names for cross-platform matching so Windows
paths like `git.exe` can satisfy `host_executable(name = "git", ...)`
- updated `match` / `not_match` example validation to exercise the
host-executable resolution path instead of only raw prefix-rule matching
- preserved source locations for deferred example-validation errors so
policy load failures still point at the right file and line
- surfaced `resolvedProgram` on `RuleMatch` so callers can tell when a
basename rule matched an absolute executable path
- preserved host executable metadata when requirements policies overlay
file-based policies in `core/src/exec_policy.rs`
- documented the new rule shape and CLI behavior in
`execpolicy/README.md`

## Verification

- `cargo test -p codex-execpolicy`
- added coverage in `execpolicy/tests/basic.rs` for parsing, precedence,
empty allowlists, basename fallback, exact-match precedence, and
host-executable-backed `match` / `not_match` examples
- added a regression test in `core/src/exec_policy.rs` to verify
requirements overlays preserve `host_executable()` metadata
- verified `cargo test -p codex-core --lib`, including source-rendering
coverage for deferred validation errors
2026-02-27 12:59:24 -08:00
..
src execpolicy: add host_executable() path mappings (#12964) 2026-02-27 12:59:24 -08:00
templates feat: memories forgetting (#12900) 2026-02-26 13:19:57 +00:00
tests fix: use AbsolutePathBuf for permission profile file roots (#12970) 2026-02-27 17:42:52 +00:00
BUILD.bazel Revert "fix(bazel): replace askama templates with include_str! in memories" (#12795) 2026-02-25 18:06:17 +00:00
Cargo.toml feat: add local date/timezone to turn environment context (#12947) 2026-02-26 23:17:35 +00:00
config.schema.json feat: gen memories config (#12999) 2026-02-27 12:38:47 +01:00
gpt-5.1-codex-max_prompt.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
gpt-5.2-codex_prompt.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
gpt_5_1_prompt.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
gpt_5_2_prompt.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
gpt_5_codex_prompt.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
hierarchical_agents_message.md Add hierarchical agent prompt (#8996) 2026-01-09 13:47:37 -08:00
models.json make 5.3-codex visible in cli for api users (#12808) 2026-02-25 13:01:40 -08:00
prompt.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
prompt_with_apply_patch_instructions.md Assemble sandbox/approval/network prompts dynamically (#8961) 2026-01-12 23:12:59 +00:00
README.md [feat] add seatbelt permission files (#11639) 2026-02-12 23:30:22 +00:00
review_prompt.md docs: Fix markdown list item spacing in codex-rs/core/review_prompt.md (#4144) 2025-10-30 17:39:21 -07:00

README.md

codex-core

This crate implements the business logic for Codex. It is designed to be used by the various Codex UIs written in Rust.

Dependencies

Note that codex-core makes some assumptions about certain helper utilities being available in the environment. Currently, this support matrix is:

macOS

Expects /usr/bin/sandbox-exec to be present.

When using the workspace-write sandbox policy, the Seatbelt profile allows writes under the configured writable roots while keeping .git (directory or pointer file), the resolved gitdir: target, and .codex read-only.

Network access and filesystem read/write roots are controlled by SandboxPolicy. Seatbelt consumes the resolved policy and enforces it.

Seatbelt also supports macOS permission-profile extensions layered on top of SandboxPolicy:

  • no extension profile provided: keeps legacy default preferences read access (user-preference-read).
  • extension profile provided with no macos_preferences grant: does not add preferences access clauses.
  • macos_preferences = "readonly": enables cfprefs read clauses and user-preference-read.
  • macos_preferences = "readwrite": includes readonly clauses plus user-preference-write and cfprefs shm write clauses.
  • macos_automation = true: enables broad Apple Events send permissions.
  • macos_automation = ["com.apple.Notes", ...]: enables Apple Events send only to listed bundle IDs.
  • macos_accessibility = true: enables com.apple.axserver mach lookup.
  • macos_calendar = true: enables com.apple.CalendarAgent mach lookup.

Linux

Expects the binary containing codex-core to run the equivalent of codex sandbox linux (legacy alias: codex debug landlock) when arg0 is codex-linux-sandbox. See the codex-arg0 crate for details.

All Platforms

Expects the binary containing codex-core to simulate the virtual apply_patch CLI when arg1 is --codex-run-as-apply-patch. See the codex-arg0 crate for details.