feat: load defaults into Config and introduce ConfigOverrides (#677)

This changes how instantiating `Config` works and also adds `approval_policy` and `sandbox_policy` as fields. The idea is: * All fields of `Config` have appropriate default values. * `Config` is initially loaded from `~/.codex/config.toml`, so values in `config.toml` will override those defaults. * Clients must instantiate `Config` via `Config::load_with_overrides(ConfigOverrides)` where `ConfigOverrides` has optional overrides that are expected to be settable based on CLI flags. The `Config` should be defined early in the program and then passed down. Now functions like `init_codex()` take fewer individual parameters because they can just take a `Config`. Also, `Config::load()` used to fail silently if `~/.codex/config.toml` had a parse error and fell back to the default config. This seemed really bad because it wasn't clear why the values in my `config.toml` weren't getting picked up. I changed things so that `load_with_overrides()` returns `Result<Config>` and verified that the various CLIs print a reasonable error if `config.toml` is malformed. Finally, I also updated the TUI to show which **sandbox** value is being used, as we do for other key values like **model** and **approval**. This was also a reminder that the various values of `--sandbox` are honored on Linux but not macOS today, so I added some TODOs about fixing that.
2025-04-27 21:47:50 -07:00
parent e9d16d3c2b
commit 4eda4dd772
23 changed files with 234 additions and 139 deletions
--- a/codex-rs/core/src/exec.rs
+++ b/codex-rs/core/src/exec.rs
@@ -98,7 +98,7 @@ pub async fn process_exec_tool_call(
                workdir,
                timeout_ms,
            } = params;
-            let seatbelt_command = create_seatbelt_command(command, writable_roots);
+            let seatbelt_command = create_seatbelt_command(command, sandbox_policy, writable_roots);
            exec(
                ExecParams {
                    command: seatbelt_command,
@@ -154,7 +154,11 @@ pub async fn process_exec_tool_call(
    }
 }

-pub fn create_seatbelt_command(command: Vec<String>, writable_roots: &[PathBuf]) -> Vec<String> {
+pub fn create_seatbelt_command(
+    command: Vec<String>,
+    sandbox_policy: SandboxPolicy,
+    writable_roots: &[PathBuf],
+) -> Vec<String> {
    let (policies, cli_args): (Vec<String>, Vec<String>) = writable_roots
        .iter()
        .enumerate()
@@ -166,6 +170,14 @@ pub fn create_seatbelt_command(command: Vec<String>, writable_roots: &[PathBuf])
        })
        .unzip();

+    // TODO(ragona): The seatbelt policy should reflect the SandboxPolicy that
+    // is passed, but everything is currently hardcoded to use
+    // MACOS_SEATBELT_READONLY_POLICY.
+    // TODO(mbolin): apply_patch calls must also honor the SandboxPolicy.
+    if !matches!(sandbox_policy, SandboxPolicy::NetworkRestricted) {
+        tracing::error!("specified sandbox policy {sandbox_policy:?} will not be honroed");
+    }
+
    let full_policy = if policies.is_empty() {
        MACOS_SEATBELT_READONLY_POLICY.to_string()
    } else {