feat: introduce codex_execpolicy crate for defining "safe" commands (#634)

As described in detail in `codex-rs/execpolicy/README.md` introduced in this PR, `execpolicy` is a tool that lets you define a set of _patterns_ used to match [`execv(3)`](https://linux.die.net/man/3/execv) invocations. When a pattern is matched, `execpolicy` returns the parsed version in a structured form that is amenable to static analysis. The primary use case is to define patterns match commands that should be auto-approved by a tool such as Codex. This supports a richer pattern matching mechanism that the sort of prefix-matching we have done to date, e.g.: 5e40d9d221/codex-cli/src/approvals.ts (L333-L354) Note we are still playing with the API and the `system_path` option in particular still needs some work.
2025-04-24 17:14:47 -07:00
parent 5e40d9d221
commit 58f0e5ab74
29 changed files with 3830 additions and 47 deletions
--- a/codex-rs/execpolicy/tests/pwd.rs
+++ b/codex-rs/execpolicy/tests/pwd.rs
@@ -0,0 +1,85 @@
+extern crate codex_execpolicy;
+
+use std::vec;
+
+use codex_execpolicy::get_default_policy;
+use codex_execpolicy::Error;
+use codex_execpolicy::ExecCall;
+use codex_execpolicy::MatchedExec;
+use codex_execpolicy::MatchedFlag;
+use codex_execpolicy::Policy;
+use codex_execpolicy::PositionalArg;
+use codex_execpolicy::ValidExec;
+
+fn setup() -> Policy {
+    get_default_policy().expect("failed to load default policy")
+}
+
+#[test]
+fn test_pwd_no_args() {
+    let policy = setup();
+    let pwd = ExecCall::new("pwd", &[]);
+    assert_eq!(
+        Ok(MatchedExec::Match {
+            exec: ValidExec {
+                program: "pwd".into(),
+                ..Default::default()
+            }
+        }),
+        policy.check(&pwd)
+    );
+}
+
+#[test]
+fn test_pwd_capital_l() {
+    let policy = setup();
+    let pwd = ExecCall::new("pwd", &["-L"]);
+    assert_eq!(
+        Ok(MatchedExec::Match {
+            exec: ValidExec {
+                program: "pwd".into(),
+                flags: vec![MatchedFlag::new("-L")],
+                ..Default::default()
+            }
+        }),
+        policy.check(&pwd)
+    );
+}
+
+#[test]
+fn test_pwd_capital_p() {
+    let policy = setup();
+    let pwd = ExecCall::new("pwd", &["-P"]);
+    assert_eq!(
+        Ok(MatchedExec::Match {
+            exec: ValidExec {
+                program: "pwd".into(),
+                flags: vec![MatchedFlag::new("-P")],
+                ..Default::default()
+            }
+        }),
+        policy.check(&pwd)
+    );
+}
+
+#[test]
+fn test_pwd_extra_args() {
+    let policy = setup();
+    let pwd = ExecCall::new("pwd", &["foo", "bar"]);
+    assert_eq!(
+        Err(Error::UnexpectedArguments {
+            program: "pwd".to_string(),
+            args: vec![
+                PositionalArg {
+                    index: 0,
+                    value: "foo".to_string()
+                },
+                PositionalArg {
+                    index: 1,
+                    value: "bar".to_string()
+                },
+            ],
+        }),
+        policy.check(&pwd)
+    );
+}