4eda4dd772
This changes how instantiating `Config` works and also adds `approval_policy` and `sandbox_policy` as fields. The idea is: * All fields of `Config` have appropriate default values. * `Config` is initially loaded from `~/.codex/config.toml`, so values in `config.toml` will override those defaults. * Clients must instantiate `Config` via `Config::load_with_overrides(ConfigOverrides)` where `ConfigOverrides` has optional overrides that are expected to be settable based on CLI flags. The `Config` should be defined early in the program and then passed down. Now functions like `init_codex()` take fewer individual parameters because they can just take a `Config`. Also, `Config::load()` used to fail silently if `~/.codex/config.toml` had a parse error and fell back to the default config. This seemed really bad because it wasn't clear why the values in my `config.toml` weren't getting picked up. I changed things so that `load_with_overrides()` returns `Result<Config>` and verified that the various CLIs print a reasonable error if `config.toml` is malformed. Finally, I also updated the TUI to show which **sandbox** value is being used, as we do for other key values like **model** and **approval**. This was also a reminder that the various values of `--sandbox` are honored on Linux but not macOS today, so I added some TODOs about fixing that.
46 lines
1.7 KiB
Rust
46 lines
1.7 KiB
Rust
use clap::Parser;
|
||
use codex_core::ApprovalModeCliArg;
|
||
use codex_core::SandboxModeCliArg;
|
||
use std::path::PathBuf;
|
||
|
||
#[derive(Parser, Debug)]
|
||
#[command(version)]
|
||
pub struct Cli {
|
||
/// Optional user prompt to start the session.
|
||
pub prompt: Option<String>,
|
||
|
||
/// Optional image(s) to attach to the initial prompt.
|
||
#[arg(long = "image", short = 'i', value_name = "FILE", value_delimiter = ',', num_args = 1..)]
|
||
pub images: Vec<PathBuf>,
|
||
|
||
/// Model the agent should use.
|
||
#[arg(long, short = 'm')]
|
||
pub model: Option<String>,
|
||
|
||
/// Configure when the model requires human approval before executing a command.
|
||
#[arg(long = "ask-for-approval", short = 'a')]
|
||
pub approval_policy: Option<ApprovalModeCliArg>,
|
||
|
||
/// Configure the process restrictions when a command is executed.
|
||
///
|
||
/// Uses OS-specific sandboxing tools; Seatbelt on OSX, landlock+seccomp on Linux.
|
||
#[arg(long = "sandbox", short = 's')]
|
||
pub sandbox_policy: Option<SandboxModeCliArg>,
|
||
|
||
/// Allow running Codex outside a Git repository.
|
||
#[arg(long = "skip-git-repo-check", default_value_t = false)]
|
||
pub skip_git_repo_check: bool,
|
||
|
||
/// Disable server‑side response storage (sends the full conversation context with every request)
|
||
#[arg(long = "disable-response-storage", default_value_t = false)]
|
||
pub disable_response_storage: bool,
|
||
|
||
/// Convenience alias for low-friction sandboxed automatic execution (-a on-failure, -s network-and-file-write-restricted)
|
||
#[arg(long = "full-auto", default_value_t = true)]
|
||
pub full_auto: bool,
|
||
|
||
/// Convenience alias for supervised sandboxed execution (-a unless-allow-listed, -s network-and-file-write-restricted)
|
||
#[arg(long = "suggest", default_value_t = false)]
|
||
pub suggest: bool,
|
||
}
|