feat: introduce codex_execpolicy crate for defining "safe" commands (#634)

Browse Source

As described in detail in `codex-rs/execpolicy/README.md` introduced in
this PR, `execpolicy` is a tool that lets you define a set of _patterns_
used to match [`execv(3)`](https://linux.die.net/man/3/execv)
invocations. When a pattern is matched, `execpolicy` returns the parsed
version in a structured form that is amenable to static analysis.

The primary use case is to define patterns match commands that should be
auto-approved by a tool such as Codex. This supports a richer pattern
matching mechanism that the sort of prefix-matching we have done to
date, e.g.:


5e40d9d221/codex-cli/src/approvals.ts (L333-L354)

Note we are still playing with the API and the `system_path` option in
particular still needs some work.

...

This commit is contained in:

Michael Bolin

2025-04-24 17:14:47 -07:00

committed by GitHub

parent 5e40d9d221

commit 58f0e5ab74

29 changed files with 3830 additions and 47 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1063

codex-rs/Cargo.lock generated

File diff suppressed because it is too large Load Diff