core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/app-server/src
History
Michael Bolin a118494323
feat: add support for allowed_web_search_modes in requirements.toml (#10964) 
This PR makes it possible to disable live web search via an enterprise
config even if the user is running in `--yolo` mode (though cached web
search will still be available). To do this, create
`/etc/codex/requirements.toml` as follows:

```toml
# "live" is not allowed; "disabled" is allowed even though not listed explicitly.
allowed_web_search_modes = ["cached"]
```

Or set `requirements_toml_base64` MDM as explained on
https://developers.openai.com/codex/security/#locations.

### Why
- Enforce admin/MDM/`requirements.toml` constraints on web-search
behavior, independent of user config and per-turn sandbox defaults.
- Ensure per-turn config resolution and review-mode overrides never
crash when constraints are present.

### What
- Add `allowed_web_search_modes` to requirements parsing and surface it
in app-server v2 `ConfigRequirements` (`allowedWebSearchModes`), with
fixtures updated.
- Define a requirements allowlist type (`WebSearchModeRequirement`) and
normalize semantics:
  - `disabled` is always implicitly allowed (even if not listed).
  - An empty list is treated as `["disabled"]`.
- Make `Config.web_search_mode` a `Constrained<WebSearchMode>` and apply
requirements via `ConstrainedWithSource<WebSearchMode>`.
- Update per-turn resolution (`resolve_web_search_mode_for_turn`) to:
- Prefer `Live → Cached → Disabled` when
`SandboxPolicy::DangerFullAccess` is active (subject to requirements),
unless the user preference is explicitly `Disabled`.
- Otherwise, honor the user’s preferred mode, falling back to an allowed
mode when necessary.
- Update TUI `/debug-config` and app-server mapping to display
normalized `allowed_web_search_modes` (including implicit `disabled`).
- Fix web-search integration tests to assert cached behavior under
`SandboxPolicy::ReadOnly` (since `DangerFullAccess` legitimately prefers
`live` when allowed).
2026-02-07 05:55:15 +00:00
..
bespoke_event_handling.rs Add app-server transport layer with websocket support (#10693) 2026-02-05 20:56:34 +00:00
codex_message_processor.rs feat(app-server): turn/steer API (#10821) 2026-02-06 00:35:04 +00:00
config_api.rs feat: add support for allowed_web_search_modes in requirements.toml (#10964) 2026-02-07 05:55:15 +00:00
dynamic_tools.rs feat(app-server, core): allow text + image content items for dynamic tool outputs (#10567) 2026-02-04 16:12:47 -08:00
error_code.rs fix: separate codex mcp into codex mcp-server and codex app-server (#4471) 2025-09-30 07:06:18 +00:00
filters.rs [app-server] feat: add filtering on thread list (#9897) 2026-01-26 21:54:19 +00:00
fuzzy_file_search.rs file-search: multi-root walk (#10240) 2026-01-30 22:20:23 +00:00
lib.rs Removed "exec_policy" feature flag (#10851) 2026-02-06 08:59:47 -08:00
main.rs Add app-server transport layer with websocket support (#10693) 2026-02-05 20:56:34 +00:00
message_processor.rs Sync app-server requirements API with refreshed cloud loader (#10815) 2026-02-05 14:43:31 -08:00
models.rs Feat: add upgrade to app server modelList (#10556) 2026-02-03 14:53:36 -08:00
outgoing_message.rs Add app-server transport layer with websocket support (#10693) 2026-02-05 20:56:34 +00:00
transport.rs app-server: print help message to console when starting websockets server (#10943) 2026-02-07 00:18:42 +00:00