dde615f482
Implement command safety for PowerShell commands on Windows This change adds a new Windows-specific command-safety module under `codex-rs/core/src/command_safety/windows_safe_commands.rs` to strictly sanitise PowerShell invocations. Key points: - Introduce `is_safe_command_windows()` to only allow explicitly read-only PowerShell calls. - Parse and split PowerShell invocations (including inline `-Command` scripts and pipelines). - Block unsafe switches (`-File`, `-EncodedCommand`, `-ExecutionPolicy`, unknown flags, call operators, redirections, separators). - Whitelist only read-only cmdlets (`Get-ChildItem`, `Get-Content`, `Select-Object`, etc.), safe Git subcommands (`status`, `log`, `show`, `diff`, `cat-file`), and ripgrep without unsafe options. - Add comprehensive unit tests covering allowed and rejected command patterns (nested calls, side effects, chaining, redirections). This ensures Codex on Windows can safely execute discover-only PowerShell workflows without risking destructive operations.
codex-core
This crate implements the business logic for Codex. It is designed to be used by the various Codex UIs written in Rust.
Dependencies
Note that codex-core makes some assumptions about certain helper utilities being available in the environment. Currently, this
macOS
Expects /usr/bin/sandbox-exec to be present.
Linux
Expects the binary containing codex-core to run the equivalent of codex debug landlock when arg0 is codex-linux-sandbox. See the codex-arg0 crate for details.
All Platforms
Expects the binary containing codex-core to simulate the virtual apply_patch CLI when arg1 is --codex-run-as-apply-patch. See the codex-arg0 crate for details.