e8afaed502
## Summary Simplify network approvals by removing per-attempt proxy correlation and moving to session-level approval dedupe keyed by (host, protocol, port). Instead of encoding attempt IDs into proxy credentials/URLs, we now treat approvals as a destination policy decision. - Concurrent calls to the same destination share one approval prompt. - Different destinations (or same host on different ports) get separate prompts. - Allow once approves the current queued request group only. - Allow for session caches that (host, protocol, port) and auto-allows future matching requests. - Never policy continues to deny without prompting. Example: - 3 calls: - a.com (line 443) - b.com (line 443) - a.com (line 443) => 2 prompts total (a, b), second a waits on the first decision. - a.com:80 is treated separately from a.com line 443 ## Testing - `just fmt` (in `codex-rs`) - `cargo test -p codex-core tools::network_approval::tests` - `cargo test -p codex-core` (unit tests pass; existing integration-suite failures remain in this environment)
48 lines
1.5 KiB
Rust
48 lines
1.5 KiB
Rust
#![deny(clippy::print_stdout, clippy::print_stderr)]
|
|
|
|
mod admin;
|
|
mod config;
|
|
mod http_proxy;
|
|
mod network_policy;
|
|
mod policy;
|
|
mod proxy;
|
|
mod reasons;
|
|
mod responses;
|
|
mod runtime;
|
|
mod socks5;
|
|
mod state;
|
|
mod upstream;
|
|
|
|
pub use config::NetworkMode;
|
|
pub use config::NetworkProxyConfig;
|
|
pub use config::host_and_port_from_network_addr;
|
|
pub use network_policy::NetworkDecision;
|
|
pub use network_policy::NetworkDecisionSource;
|
|
pub use network_policy::NetworkPolicyDecider;
|
|
pub use network_policy::NetworkPolicyDecision;
|
|
pub use network_policy::NetworkPolicyRequest;
|
|
pub use network_policy::NetworkPolicyRequestArgs;
|
|
pub use network_policy::NetworkProtocol;
|
|
pub use proxy::ALL_PROXY_ENV_KEYS;
|
|
pub use proxy::ALLOW_LOCAL_BINDING_ENV_KEY;
|
|
pub use proxy::Args;
|
|
pub use proxy::DEFAULT_NO_PROXY_VALUE;
|
|
pub use proxy::NO_PROXY_ENV_KEYS;
|
|
pub use proxy::NetworkProxy;
|
|
pub use proxy::NetworkProxyBuilder;
|
|
pub use proxy::NetworkProxyHandle;
|
|
pub use proxy::PROXY_URL_ENV_KEYS;
|
|
pub use proxy::has_proxy_url_env_vars;
|
|
pub use proxy::proxy_url_env_value;
|
|
pub use runtime::BlockedRequest;
|
|
pub use runtime::BlockedRequestArgs;
|
|
pub use runtime::BlockedRequestObserver;
|
|
pub use runtime::ConfigReloader;
|
|
pub use runtime::ConfigState;
|
|
pub use runtime::NetworkProxyState;
|
|
pub use state::NetworkProxyConstraintError;
|
|
pub use state::NetworkProxyConstraints;
|
|
pub use state::PartialNetworkConfig;
|
|
pub use state::PartialNetworkProxyConfig;
|
|
pub use state::build_config_state;
|
|
pub use state::validate_policy_against_constraints;
|