feat: introduce codex_execpolicy crate for defining "safe" commands (#634)

As described in detail in `codex-rs/execpolicy/README.md` introduced in this PR, `execpolicy` is a tool that lets you define a set of _patterns_ used to match [`execv(3)`](https://linux.die.net/man/3/execv) invocations. When a pattern is matched, `execpolicy` returns the parsed version in a structured form that is amenable to static analysis. The primary use case is to define patterns match commands that should be auto-approved by a tool such as Codex. This supports a richer pattern matching mechanism that the sort of prefix-matching we have done to date, e.g.: 5e40d9d221/codex-cli/src/approvals.ts (L333-L354) Note we are still playing with the API and the `system_path` option in particular still needs some work.
2025-04-24 17:14:47 -07:00
parent 5e40d9d221
commit 58f0e5ab74
29 changed files with 3830 additions and 47 deletions
--- a/codex-rs/execpolicy/src/error.rs
+++ b/codex-rs/execpolicy/src/error.rs
@@ -0,0 +1,96 @@
+use std::path::PathBuf;
+
+use serde::Serialize;
+
+use crate::arg_matcher::ArgMatcher;
+use crate::arg_resolver::PositionalArg;
+use serde_with::serde_as;
+use serde_with::DisplayFromStr;
+
+pub type Result<T> = std::result::Result<T, Error>;
+
+#[serde_as]
+#[derive(Debug, Eq, PartialEq, Serialize)]
+#[serde(tag = "type")]
+pub enum Error {
+    NoSpecForProgram {
+        program: String,
+    },
+    OptionMissingValue {
+        program: String,
+        option: String,
+    },
+    OptionFollowedByOptionInsteadOfValue {
+        program: String,
+        option: String,
+        value: String,
+    },
+    UnknownOption {
+        program: String,
+        option: String,
+    },
+    UnexpectedArguments {
+        program: String,
+        args: Vec<PositionalArg>,
+    },
+    DoubleDashNotSupportedYet {
+        program: String,
+    },
+    MultipleVarargPatterns {
+        program: String,
+        first: ArgMatcher,
+        second: ArgMatcher,
+    },
+    RangeStartExceedsEnd {
+        start: usize,
+        end: usize,
+    },
+    RangeEndOutOfBounds {
+        end: usize,
+        len: usize,
+    },
+    PrefixOverlapsSuffix {},
+    NotEnoughArgs {
+        program: String,
+        args: Vec<PositionalArg>,
+        arg_patterns: Vec<ArgMatcher>,
+    },
+    InternalInvariantViolation {
+        message: String,
+    },
+    VarargMatcherDidNotMatchAnything {
+        program: String,
+        matcher: ArgMatcher,
+    },
+    EmptyFileName {},
+    LiteralValueDidNotMatch {
+        expected: String,
+        actual: String,
+    },
+    InvalidPositiveInteger {
+        value: String,
+    },
+    MissingRequiredOptions {
+        program: String,
+        options: Vec<String>,
+    },
+    SedCommandNotProvablySafe {
+        command: String,
+    },
+    ReadablePathNotInReadableFolders {
+        file: PathBuf,
+        folders: Vec<PathBuf>,
+    },
+    WriteablePathNotInWriteableFolders {
+        file: PathBuf,
+        folders: Vec<PathBuf>,
+    },
+    CannotCheckRelativePath {
+        file: PathBuf,
+    },
+    CannotCanonicalizePath {
+        file: String,
+        #[serde_as(as = "DisplayFromStr")]
+        error: std::io::ErrorKind,
+    },
+}