Files

iceweasel-oai eb2b739d6a core: add potentially dangerous command check (#4211 )

Certain shell commands are potentially dangerous, and we want to check
for them.
Unless the user has explicitly approved a command, we will *always* ask
them for approval
when one of these commands is encountered, regardless of whether they
are in a sandbox, or what their approval policy is.

The first (of probably many) such examples is `git reset --hard`. We
will be conservative and check for any `git reset`

2025-09-25 19:46:20 -07:00

src

core: add potentially dangerous command check (#4211 )

2025-09-25 19:46:20 -07:00

templates/compact

feat: context compaction (#3446 )

2025-09-12 13:07:10 -07:00

tests

Actually mount sse once (#4264 )

2025-09-26 01:17:51 +00:00

Cargo.toml

chore: unify cargo versions (#4044 )

2025-09-22 16:47:01 +00:00

gpt_5_codex_prompt.md

chore: update "Codex CLI harness, sandboxing, and approvals" section (#3822 )

2025-09-17 16:48:20 -07:00

prompt.md

Add file reference guidelines to gpt-5 prompt (#3651 )

2025-09-15 08:35:30 -07:00

README.md

fix: support special --codex-run-as-apply-patch arg (#1702 )

2025-07-28 09:26:44 -07:00

review_prompt.md

Review Mode (Core) (#3401 )

2025-09-12 23:25:10 +00:00

README.md

codex-core

This crate implements the business logic for Codex. It is designed to be used by the various Codex UIs written in Rust.

Dependencies

Note that codex-core makes some assumptions about certain helper utilities being available in the environment. Currently, this

macOS

Expects /usr/bin/sandbox-exec to be present.

Linux

Expects the binary containing codex-core to run the equivalent of codex debug landlock when arg0 is codex-linux-sandbox. See the codex-arg0 crate for details.

All Platforms

Expects the binary containing codex-core to simulate the virtual apply_patch CLI when arg1 is --codex-run-as-apply-patch. See the codex-arg0 crate for details.