codex-rs/common/src/approval_mode_cli_arg.rs

//! Standard type to use with the `--approval-mode` CLI option.
//! Available when the `cli` feature is enabled for the crate.

use clap::ArgAction;
use clap::Parser;
use clap::ValueEnum;

use codex_core::config::parse_sandbox_permission_with_base_path;
use codex_core::protocol::AskForApproval;
use codex_core::protocol::SandboxPermission;

#[derive(Clone, Copy, Debug, ValueEnum)]
#[value(rename_all = "kebab-case")]
pub enum ApprovalModeCliArg {
    /// Run all commands without asking for user approval.
    /// Only asks for approval if a command fails to execute, in which case it
    /// will escalate to the user to ask for un-sandboxed execution.
    OnFailure,

    /// Only run "known safe" commands (e.g. ls, cat, sed) without
    /// asking for user approval. Will escalate to the user if the model
    /// proposes a command that is not allow-listed.
    UnlessAllowListed,

    /// Never ask for user approval
    /// Execution failures are immediately returned to the model.
    Never,
}

impl From<ApprovalModeCliArg> for AskForApproval {
    fn from(value: ApprovalModeCliArg) -> Self {
        match value {
            ApprovalModeCliArg::OnFailure => AskForApproval::OnFailure,
            ApprovalModeCliArg::UnlessAllowListed => AskForApproval::UnlessAllowListed,
            ApprovalModeCliArg::Never => AskForApproval::Never,
        }
    }
}

#[derive(Parser, Debug)]
pub struct SandboxPermissionOption {
    /// Specify this flag multiple times to specify the full set of permissions
    /// to grant to Codex.
    ///
    /// ```shell
    /// codex -s disk-full-read-access \
    ///       -s disk-write-cwd \
    ///       -s disk-write-platform-user-temp-folder \
    ///       -s disk-write-platform-global-temp-folder
    /// ```
    ///
    /// Note disk-write-folder takes a value:
    ///
    /// ```shell
    ///     -s disk-write-folder=$HOME/.pyenv/shims
    /// ```
    ///
    /// These permissions are quite broad and should be used with caution:
    ///
    /// ```shell
    ///     -s disk-full-write-access
    ///     -s network-full-access
    /// ```
    #[arg(long = "sandbox-permission", short = 's', action = ArgAction::Append, value_parser = parse_sandbox_permission)]
    pub permissions: Option<Vec<SandboxPermission>>,
}

/// Custom value-parser so we can keep the CLI surface small *and*
/// still handle the parameterised `disk-write-folder` case.
fn parse_sandbox_permission(raw: &str) -> std::io::Result<SandboxPermission> {
    let base_path = std::env::current_dir()?;
    parse_sandbox_permission_with_base_path(raw, base_path)
}
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629) As stated in `codex-rs/README.md`: Today, Codex CLI is written in TypeScript and requires Node.js 22+ to run it. For a number of users, this runtime requirement inhibits adoption: they would be better served by a standalone executable. As maintainers, we want Codex to run efficiently in a wide range of environments with minimal overhead. We also want to take advantage of operating system-specific APIs to provide better sandboxing, where possible. To that end, we are moving forward with a Rust implementation of Codex CLI contained in this folder, which has the following benefits: - The CLI compiles to small, standalone, platform-specific binaries. - Can make direct, native calls to [seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and [landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in order to support sandboxing on Linux. - No runtime garbage collection, resulting in lower memory consumption and better, more predictable performance. Currently, the Rust implementation is materially behind the TypeScript implementation in functionality, so continue to use the TypeScript implmentation for the time being. We will publish native executables via GitHub Releases as soon as we feel the Rust version is usable. 2025-04-24 13:31:40 -07:00			//! Standard type to use with the `--approval-mode` CLI option.
			//! Available when the `cli` feature is enabled for the crate.

feat: bring back -s option to specify sandbox permissions (#739) 2025-04-29 18:42:52 -07:00			`use clap::ArgAction;`
			`use clap::Parser;`
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629) As stated in `codex-rs/README.md`: Today, Codex CLI is written in TypeScript and requires Node.js 22+ to run it. For a number of users, this runtime requirement inhibits adoption: they would be better served by a standalone executable. As maintainers, we want Codex to run efficiently in a wide range of environments with minimal overhead. We also want to take advantage of operating system-specific APIs to provide better sandboxing, where possible. To that end, we are moving forward with a Rust implementation of Codex CLI contained in this folder, which has the following benefits: - The CLI compiles to small, standalone, platform-specific binaries. - Can make direct, native calls to [seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and [landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in order to support sandboxing on Linux. - No runtime garbage collection, resulting in lower memory consumption and better, more predictable performance. Currently, the Rust implementation is materially behind the TypeScript implementation in functionality, so continue to use the TypeScript implmentation for the time being. We will publish native executables via GitHub Releases as soon as we feel the Rust version is usable. 2025-04-24 13:31:40 -07:00			`use clap::ValueEnum;`

chore: introduce codex-common crate (#843) I started this PR because I wanted to share the `format_duration()` utility function in `codex-rs/exec/src/event_processor.rs` with the TUI. The question was: where to put it? `core` should have as few dependencies as possible, so moving it there would introduce a dependency on `chrono`, which seemed undesirable. `core` already had this `cli` feature to deal with a similar situation around sharing common utility functions, so I decided to: * make `core` feature-free * introduce `common` * `common` can have as many "special interest" features as it needs, each of which can declare their own deps * the first two features of common are `cli` and `elapsed` In practice, this meant updating a number of `Cargo.toml` files, replacing this line: ```toml codex-core = { path = "../core", features = ["cli"] } ``` with these: ```toml codex-core = { path = "../core" } codex-common = { path = "../common", features = ["cli"] } ``` Moving `format_duration()` into its own file gave it some "breathing room" to add a unit test, so I had Codex generate some tests and new support for durations over 1 minute. 2025-05-06 17:38:56 -07:00			`use codex_core::config::parse_sandbox_permission_with_base_path;`
			`use codex_core::protocol::AskForApproval;`
			`use codex_core::protocol::SandboxPermission;`
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629) As stated in `codex-rs/README.md`: Today, Codex CLI is written in TypeScript and requires Node.js 22+ to run it. For a number of users, this runtime requirement inhibits adoption: they would be better served by a standalone executable. As maintainers, we want Codex to run efficiently in a wide range of environments with minimal overhead. We also want to take advantage of operating system-specific APIs to provide better sandboxing, where possible. To that end, we are moving forward with a Rust implementation of Codex CLI contained in this folder, which has the following benefits: - The CLI compiles to small, standalone, platform-specific binaries. - Can make direct, native calls to [seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and [landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in order to support sandboxing on Linux. - No runtime garbage collection, resulting in lower memory consumption and better, more predictable performance. Currently, the Rust implementation is materially behind the TypeScript implementation in functionality, so continue to use the TypeScript implmentation for the time being. We will publish native executables via GitHub Releases as soon as we feel the Rust version is usable. 2025-04-24 13:31:40 -07:00
feat: load defaults into Config and introduce ConfigOverrides (#677) This changes how instantiating `Config` works and also adds `approval_policy` and `sandbox_policy` as fields. The idea is: * All fields of `Config` have appropriate default values. * `Config` is initially loaded from `~/.codex/config.toml`, so values in `config.toml` will override those defaults. * Clients must instantiate `Config` via `Config::load_with_overrides(ConfigOverrides)` where `ConfigOverrides` has optional overrides that are expected to be settable based on CLI flags. The `Config` should be defined early in the program and then passed down. Now functions like `init_codex()` take fewer individual parameters because they can just take a `Config`. Also, `Config::load()` used to fail silently if `~/.codex/config.toml` had a parse error and fell back to the default config. This seemed really bad because it wasn't clear why the values in my `config.toml` weren't getting picked up. I changed things so that `load_with_overrides()` returns `Result<Config>` and verified that the various CLIs print a reasonable error if `config.toml` is malformed. Finally, I also updated the TUI to show which sandbox value is being used, as we do for other key values like model and approval. This was also a reminder that the various values of `--sandbox` are honored on Linux but not macOS today, so I added some TODOs about fixing that. 2025-04-27 21:47:50 -07:00			`#[derive(Clone, Copy, Debug, ValueEnum)]`
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629) As stated in `codex-rs/README.md`: Today, Codex CLI is written in TypeScript and requires Node.js 22+ to run it. For a number of users, this runtime requirement inhibits adoption: they would be better served by a standalone executable. As maintainers, we want Codex to run efficiently in a wide range of environments with minimal overhead. We also want to take advantage of operating system-specific APIs to provide better sandboxing, where possible. To that end, we are moving forward with a Rust implementation of Codex CLI contained in this folder, which has the following benefits: - The CLI compiles to small, standalone, platform-specific binaries. - Can make direct, native calls to [seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and [landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in order to support sandboxing on Linux. - No runtime garbage collection, resulting in lower memory consumption and better, more predictable performance. Currently, the Rust implementation is materially behind the TypeScript implementation in functionality, so continue to use the TypeScript implmentation for the time being. We will publish native executables via GitHub Releases as soon as we feel the Rust version is usable. 2025-04-24 13:31:40 -07:00			`#[value(rename_all = "kebab-case")]`
			`pub enum ApprovalModeCliArg {`
			`/// Run all commands without asking for user approval.`
			`/// Only asks for approval if a command fails to execute, in which case it`
			`/// will escalate to the user to ask for un-sandboxed execution.`
			`OnFailure,`

			`/// Only run "known safe" commands (e.g. ls, cat, sed) without`
			`/// asking for user approval. Will escalate to the user if the model`
			`/// proposes a command that is not allow-listed.`
			`UnlessAllowListed,`

			`/// Never ask for user approval`
			`/// Execution failures are immediately returned to the model.`
			`Never,`
			`}`

			`impl From<ApprovalModeCliArg> for AskForApproval {`
			`fn from(value: ApprovalModeCliArg) -> Self {`
			`match value {`
			`ApprovalModeCliArg::OnFailure => AskForApproval::OnFailure,`
			`ApprovalModeCliArg::UnlessAllowListed => AskForApproval::UnlessAllowListed,`
			`ApprovalModeCliArg::Never => AskForApproval::Never,`
			`}`
			`}`
			`}`
feat: bring back -s option to specify sandbox permissions (#739) 2025-04-29 18:42:52 -07:00
			`#[derive(Parser, Debug)]`
			`pub struct SandboxPermissionOption {`
			`/// Specify this flag multiple times to specify the full set of permissions`
			`/// to grant to Codex.`
			`///`
			/// ```shell
			`/// codex -s disk-full-read-access \`
			`/// -s disk-write-cwd \`
			`/// -s disk-write-platform-user-temp-folder \`
			`/// -s disk-write-platform-global-temp-folder`
			/// ```
			`///`
			`/// Note disk-write-folder takes a value:`
			`///`
			/// ```shell
			`/// -s disk-write-folder=$HOME/.pyenv/shims`
			/// ```
			`///`
			`/// These permissions are quite broad and should be used with caution:`
			`///`
			/// ```shell
			`/// -s disk-full-write-access`
			`/// -s network-full-access`
			/// ```
			`#[arg(long = "sandbox-permission", short = 's', action = ArgAction::Append, value_parser = parse_sandbox_permission)]`
			`pub permissions: Option<Vec<SandboxPermission>>,`
			`}`

			`/// Custom value-parser so we can keep the CLI surface small and`
			/// still handle the parameterised `disk-write-folder` case.
			`fn parse_sandbox_permission(raw: &str) -> std::io::Result<SandboxPermission> {`
			`let base_path = std::env::current_dir()?;`
			`parse_sandbox_permission_with_base_path(raw, base_path)`
			`}`