codex-execpolicy
Overview
- Policy engine and CLI built around
prefix_rule(pattern=[...], decision?, match?, not_match?).
- This release covers the prefix-rule subset of the execpolicy language; a richer language will follow.
- Tokens are matched in order; any
pattern element may be a list to denote alternatives. decision defaults to allow; valid values: allow, prompt, forbidden.
match / not_match supply example invocations that are validated at load time (think of them as unit tests); examples can be token arrays or strings (strings are tokenized with shlex).- The CLI always prints the JSON serialization of the evaluation result.
- The legacy rule matcher lives in
codex-execpolicy-legacy.
Policy shapes
- Prefix rules use Starlark syntax:
prefix_rule(
pattern = ["cmd", ["alt1", "alt2"]], # ordered tokens; list entries denote alternatives
decision = "prompt", # allow | prompt | forbidden; defaults to allow
match = [["cmd", "alt1"], "cmd alt2"], # examples that must match this rule
not_match = [["cmd", "oops"], "cmd alt3"], # examples that must not match this rule
)
CLI
- Provide one or more policy files (for example
src/default.codexpolicy) to check a command:
cargo run -p codex-execpolicy -- check --policy path/to/policy.codexpolicy git status
- Pass multiple
--policy flags to merge rules, evaluated in the order provided:
cargo run -p codex-execpolicy -- check --policy base.codexpolicy --policy overrides.codexpolicy git status
- Output is JSON by default; pass
--pretty for pretty-printed JSON
- Example outcomes:
- Match:
{"match": { ... "decision": "allow" ... }}
- No match:
"noMatch"
Response shapes
{
"match": {
"decision": "allow|prompt|forbidden",
"matchedRules": [
{
"prefixRuleMatch": {
"matchedPrefix": ["<token>", "..."],
"decision": "allow|prompt|forbidden"
}
}
]
}
}
"noMatch"
matchedRules lists every rule whose prefix matched the command; matchedPrefix is the exact prefix that matched.- The effective
decision is the strictest severity across all matches (forbidden > prompt > allow).
