feat: load defaults into Config and introduce ConfigOverrides (#677)

This changes how instantiating `Config` works and also adds
`approval_policy` and `sandbox_policy` as fields. The idea is:

* All fields of `Config` have appropriate default values.
* `Config` is initially loaded from `~/.codex/config.toml`, so values in
`config.toml` will override those defaults.
* Clients must instantiate `Config` via
`Config::load_with_overrides(ConfigOverrides)` where `ConfigOverrides`
has optional overrides that are expected to be settable based on CLI
flags.

The `Config` should be defined early in the program and then passed
down. Now functions like `init_codex()` take fewer individual parameters
because they can just take a `Config`.

Also, `Config::load()` used to fail silently if `~/.codex/config.toml`
had a parse error and fell back to the default config. This seemed
really bad because it wasn't clear why the values in my `config.toml`
weren't getting picked up. I changed things so that
`load_with_overrides()` returns `Result<Config>` and verified that the
various CLIs print a reasonable error if `config.toml` is malformed.

Finally, I also updated the TUI to show which **sandbox** value is being
used, as we do for other key values like **model** and **approval**.
This was also a reminder that the various values of `--sandbox` are
honored on Linux but not macOS today, so I added some TODOs about fixing
that.

codex-rs/exec/src/cli.rs

@@ -1,4 +1,5 @@
 use clap::Parser;
+use codex_core::SandboxModeCliArg;
 use std::path::PathBuf;
 
 #[derive(Parser, Debug)]
@@ -12,6 +13,12 @@ pub struct Cli {
     #[arg(long, short = 'm')]
     pub model: Option<String>,
 
+    /// Configure the process restrictions when a command is executed.
+    ///
+    /// Uses OS-specific sandboxing tools; Seatbelt on OSX, landlock+seccomp on Linux.
+    #[arg(long = "sandbox", short = 's')]
+    pub sandbox_policy: Option<SandboxModeCliArg>,
+
     /// Allow running Codex outside a Git repository.
     #[arg(long = "skip-git-repo-check", default_value_t = false)]
     pub skip_git_repo_check: bool,

codex-rs/exec/src/lib.rs

@@ -3,13 +3,14 @@ use std::sync::Arc;
 
 pub use cli::Cli;
 use codex_core::codex_wrapper;
+use codex_core::config::Config;
+use codex_core::config::ConfigOverrides;
 use codex_core::protocol::AskForApproval;
 use codex_core::protocol::Event;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::FileChange;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
-use codex_core::protocol::SandboxPolicy;
 use codex_core::util::is_inside_git_repo;
 use tracing::debug;
 use tracing::error;
@@ -33,6 +34,7 @@ pub async fn run_main(cli: Cli) -> anyhow::Result<()> {
     let Cli {
         images,
         model,
+        sandbox_policy,
         skip_git_repo_check,
         disable_response_storage,
         prompt,
@@ -47,17 +49,17 @@ pub async fn run_main(cli: Cli) -> anyhow::Result<()> {
         std::process::exit(1);
     }
 
-    // TODO(mbolin): We are reworking the CLI args right now, so this will
-    // likely come from a new --execution-policy arg.
-    let approval_policy = AskForApproval::Never;
-    let sandbox_policy = SandboxPolicy::NetworkAndFileWriteRestricted;
-    let (codex_wrapper, event, ctrl_c) = codex_wrapper::init_codex(
-        approval_policy,
-        sandbox_policy,
-        disable_response_storage,
-        model,
-    )
-    .await?;
+    // Load configuration and determine approval policy
+    let overrides = ConfigOverrides {
+        model: model.clone(),
+        // This CLI is intended to be headless and has no affordances for asking
+        // the user for approval.
+        approval_policy: Some(AskForApproval::Never),
+        sandbox_policy: sandbox_policy.map(Into::into),
+    };
+    let config = Config::load_with_overrides(overrides)?;
+    let (codex_wrapper, event, ctrl_c) =
+        codex_wrapper::init_codex(config, disable_response_storage).await?;
     let codex = Arc::new(codex_wrapper);
     info!("Codex initialized with event: {event:?}");