abbd74e2be
`SandboxPolicy::ReadOnly` previously implied broad read access and could
not express a narrower read surface.
This change introduces an explicit read-access model so we can support
user-configurable read restrictions in follow-up work, while preserving
current behavior today.
It also ensures unsupported backends fail closed for restricted-read
policies instead of silently granting broader access than intended.
## What
- Added `ReadOnlyAccess` in protocol with:
- `Restricted { include_platform_defaults, readable_roots }`
- `FullAccess`
- Updated `SandboxPolicy` to carry read-access configuration:
- `ReadOnly { access: ReadOnlyAccess }`
- `WorkspaceWrite { ..., read_only_access: ReadOnlyAccess }`
- Preserved existing behavior by defaulting current construction paths
to `ReadOnlyAccess::FullAccess`.
- Threaded the new fields through sandbox policy consumers and call
sites across `core`, `tui`, `linux-sandbox`, `windows-sandbox`, and
related tests.
- Updated Seatbelt policy generation to honor restricted read roots by
emitting scoped read rules when full read access is not granted.
- Added fail-closed behavior on Linux and Windows backends when
restricted read access is requested but not yet implemented there
(`UnsupportedOperation`).
- Regenerated app-server protocol schema and TypeScript artifacts,
including `ReadOnlyAccess`.
## Compatibility / rollout
- Runtime behavior remains unchanged by default (`FullAccess`).
- API/schema changes are in place so future config wiring can enable
restricted read access without another policy-shape migration.
46 lines
1.9 KiB
Rust
46 lines
1.9 KiB
Rust
use codex_core::protocol::AskForApproval;
|
|
use codex_core::protocol::SandboxPolicy;
|
|
|
|
/// A simple preset pairing an approval policy with a sandbox policy.
|
|
#[derive(Debug, Clone)]
|
|
pub struct ApprovalPreset {
|
|
/// Stable identifier for the preset.
|
|
pub id: &'static str,
|
|
/// Display label shown in UIs.
|
|
pub label: &'static str,
|
|
/// Short human description shown next to the label in UIs.
|
|
pub description: &'static str,
|
|
/// Approval policy to apply.
|
|
pub approval: AskForApproval,
|
|
/// Sandbox policy to apply.
|
|
pub sandbox: SandboxPolicy,
|
|
}
|
|
|
|
/// Built-in list of approval presets that pair approval and sandbox policy.
|
|
///
|
|
/// Keep this UI-agnostic so it can be reused by both TUI and MCP server.
|
|
pub fn builtin_approval_presets() -> Vec<ApprovalPreset> {
|
|
vec![
|
|
ApprovalPreset {
|
|
id: "read-only",
|
|
label: "Read Only",
|
|
description: "Codex can read files in the current workspace. Approval is required to edit files or access the internet.",
|
|
approval: AskForApproval::OnRequest,
|
|
sandbox: SandboxPolicy::new_read_only_policy(),
|
|
},
|
|
ApprovalPreset {
|
|
id: "auto",
|
|
label: "Default",
|
|
description: "Codex can read and edit files in the current workspace, and run commands. Approval is required to access the internet or edit other files. (Identical to Agent mode)",
|
|
approval: AskForApproval::OnRequest,
|
|
sandbox: SandboxPolicy::new_workspace_write_policy(),
|
|
},
|
|
ApprovalPreset {
|
|
id: "full-access",
|
|
label: "Full Access",
|
|
description: "Codex can edit files outside this workspace and access the internet without asking for approval. Exercise caution when using.",
|
|
approval: AskForApproval::Never,
|
|
sandbox: SandboxPolicy::DangerFullAccess,
|
|
},
|
|
]
|
|
}
|