add codex debug seatbelt --log-denials (#4098)

This adds a debugging tool for analyzing why certain commands fail to execute under the sandbox. Example output: ``` $ codex debug seatbelt --log-denials bash -lc "(echo foo > ~/foo.txt)" bash: /Users/nornagon/foo.txt: Operation not permitted === Sandbox denials === (bash) file-write-data /dev/tty (bash) file-write-data /dev/ttys001 (bash) sysctl-read kern.ngroups (bash) file-write-create /Users/nornagon/foo.txt ``` It operates by: 1. spawning `log stream` to watch system logs, and 2. tracking all descendant PIDs using kqueue + proc_listchildpids. this is a "best-effort" technique, as `log stream` may drop logs(?), and kqueue + proc_listchildpids isn't atomic and can end up missing very short-lived processes. But it works well enough in my testing to be useful :)
2025-11-10 14:48:14 -08:00
parent 52e97b9b6b
commit 0271c20d8f
7 changed files with 535 additions and 2 deletions
--- a/codex-rs/README.md
+++ b/codex-rs/README.md
@@ -58,7 +58,7 @@ To test to see what happens when a command is run under the sandbox provided by

 ```
 # macOS
-codex sandbox macos [--full-auto] [COMMAND]...
+codex sandbox macos [--full-auto] [--log-denials] [COMMAND]...

 # Linux
 codex sandbox linux [--full-auto] [COMMAND]...
@@ -67,7 +67,7 @@ codex sandbox linux [--full-auto] [COMMAND]...
 codex sandbox windows [--full-auto] [COMMAND]...

 # Legacy aliases
-codex debug seatbelt [--full-auto] [COMMAND]...
+codex debug seatbelt [--full-auto] [--log-denials] [COMMAND]...
 codex debug landlock [--full-auto] [COMMAND]...
 ```