remove default policy

codex-rs/execpolicy2/README.md

@@ -45,11 +45,7 @@ prefix_rule(
 - The effective `decision` is the strictest severity across all matches (`forbidden` > `prompt` > `allow`).
 
 ## CLI
-- Check a command against a policy (default bundled policy shown):
-```bash
-cargo run -p codex-execpolicy2 -- check git status
-```
-- Use a specific policy file instead of the default:
+- Provide a policy file (for example `src/default.codexpolicy`) to check a command:
 ```bash
 cargo run -p codex-execpolicy2 -- --policy path/to/policy.codexpolicy check git status
 ```

codex-rs/execpolicy2/src/lib.rs

@@ -12,10 +12,3 @@ pub use policy::Evaluation;
 pub use policy::Policy;
 pub use rule::Rule;
 pub use rule::RuleMatch;
-
-/// Load the default bundled policy.
-pub fn load_default_policy() -> Result<Policy> {
-    let policy_src = include_str!("default.codexpolicy");
-    let parser = PolicyParser::new("default.codexpolicy", policy_src);
-    parser.parse()
-}

codex-rs/execpolicy2/src/main.rs

@@ -5,7 +5,6 @@ use anyhow::Context;
 use anyhow::Result;
 use clap::Parser;
 use codex_execpolicy2::PolicyParser;
-use codex_execpolicy2::load_default_policy;
 
 /// CLI for evaluating exec policies
 #[derive(Parser)]
@@ -14,7 +13,7 @@ enum Cli {
     /// Evaluate a command against a policy.
     Check {
         #[arg(short, long, value_name = "PATH")]
-        policy: Option<String>,
+        policy: String,
 
         /// Command tokens to check.
         #[arg(
@@ -34,8 +33,8 @@ fn main() -> Result<()> {
     }
 }
 
-fn cmd_check(policy_path: Option<String>, args: Vec<String>) -> Result<()> {
-    let policy = load_policy(policy_path)?;
+fn cmd_check(policy_path: String, args: Vec<String>) -> Result<()> {
+    let policy = load_policy(&policy_path)?;
 
     let eval = policy.check(&args);
     let json = serde_json::to_string_pretty(&eval)?;
@@ -43,13 +42,13 @@ fn cmd_check(policy_path: Option<String>, args: Vec<String>) -> Result<()> {
     Ok(())
 }
 
-fn load_policy(policy_path: Option<String>) -> Result<codex_execpolicy2::Policy> {
-    if let Some(path) = policy_path {
-        let content = fs::read_to_string(&path)
-            .with_context(|| format!("failed to read policy at {}", Path::new(&path).display()))?;
-        let parser = PolicyParser::new(&path, &content);
-        return Ok(parser.parse()?);
-    }
-
-    Ok(load_default_policy()?)
+fn load_policy(policy_path: &str) -> Result<codex_execpolicy2::Policy> {
+    let content = fs::read_to_string(policy_path).with_context(|| {
+        format!(
+            "failed to read policy at {}",
+            Path::new(policy_path).display()
+        )
+    })?;
+    let parser = PolicyParser::new(policy_path, &content);
+    Ok(parser.parse()?)
 }