feat: add config allow_login_shell (#12312)

2026-04-30 17:36:40 +00:00 · 2026-02-20 20:02:24 +00:00
parent 67e802e26b
commit 5034d4bd89
9 changed files with 244 additions and 56 deletions
--- a/codex-rs/core/src/config/mod.rs
+++ b/codex-rs/core/src/config/mod.rs
@@ -139,6 +139,15 @@ pub struct Permissions {
    pub sandbox_policy: Constrained<SandboxPolicy>,
    /// Effective network configuration applied to all spawned processes.
    pub network: Option<NetworkProxySpec>,
+    /// Whether the model may request a login shell for shell-based tools.
+    /// Default to `true`
+    ///
+    /// If `true`, the model may request a login shell (`login = true`), and
+    /// omitting `login` defaults to using a login shell.
+    /// If `false`, the model can never use a login shell: `login = true`
+    /// requests are rejected, and omitting `login` defaults to a non-login
+    /// shell.
+    pub allow_login_shell: bool,
    /// Policy used to build process environments for shell/unified exec.
    pub shell_environment_policy: ShellEnvironmentPolicy,
    /// Effective Windows sandbox mode derived from `[windows].sandbox` or
@@ -952,6 +961,16 @@ pub struct ConfigToml {
    #[serde(default)]
    pub shell_environment_policy: ShellEnvironmentPolicyToml,

+    /// Whether the model may request a login shell for shell-based tools.
+    /// Default to `true`
+    ///
+    /// If `true`, the model may request a login shell (`login = true`), and
+    /// omitting `login` defaults to using a login shell.
+    /// If `false`, the model can never use a login shell: `login = true`
+    /// requests are rejected, and omitting `login` defaults to a non-login
+    /// shell.
+    pub allow_login_shell: Option<bool>,
+
    /// Sandbox mode to use.
    pub sandbox_mode: Option<SandboxMode>,

@@ -1710,6 +1729,7 @@ impl Config {
            .clone();

        let shell_environment_policy = cfg.shell_environment_policy.into();
+        let allow_login_shell = cfg.allow_login_shell.unwrap_or(true);

        let history = cfg.history.unwrap_or_default();

@@ -1950,6 +1970,7 @@ impl Config {
                approval_policy: constrained_approval_policy.value,
                sandbox_policy: constrained_sandbox_policy.value,
                network,
+                allow_login_shell,
                shell_environment_policy,
                windows_sandbox_mode,
                macos_seatbelt_profile_extensions: None,
@@ -4519,6 +4540,7 @@ model_verbosity = "high"
                    approval_policy: Constrained::allow_any(AskForApproval::Never),
                    sandbox_policy: Constrained::allow_any(SandboxPolicy::new_read_only_policy()),
                    network: None,
+                    allow_login_shell: true,
                    shell_environment_policy: ShellEnvironmentPolicy::default(),
                    windows_sandbox_mode: None,
                    macos_seatbelt_profile_extensions: None,
@@ -4637,6 +4659,7 @@ model_verbosity = "high"
                approval_policy: Constrained::allow_any(AskForApproval::UnlessTrusted),
                sandbox_policy: Constrained::allow_any(SandboxPolicy::new_read_only_policy()),
                network: None,
+                allow_login_shell: true,
                shell_environment_policy: ShellEnvironmentPolicy::default(),
                windows_sandbox_mode: None,
                macos_seatbelt_profile_extensions: None,
@@ -4753,6 +4776,7 @@ model_verbosity = "high"
                approval_policy: Constrained::allow_any(AskForApproval::OnFailure),
                sandbox_policy: Constrained::allow_any(SandboxPolicy::new_read_only_policy()),
                network: None,
+                allow_login_shell: true,
                shell_environment_policy: ShellEnvironmentPolicy::default(),
                windows_sandbox_mode: None,
                macos_seatbelt_profile_extensions: None,
@@ -4855,6 +4879,7 @@ model_verbosity = "high"
                approval_policy: Constrained::allow_any(AskForApproval::OnFailure),
                sandbox_policy: Constrained::allow_any(SandboxPolicy::new_read_only_policy()),
                network: None,
+                allow_login_shell: true,
                shell_environment_policy: ShellEnvironmentPolicy::default(),
                windows_sandbox_mode: None,
                macos_seatbelt_profile_extensions: None,
@@ -5429,6 +5454,27 @@ mcp_oauth_callback_port = 5678
        Ok(())
    }

+    #[test]
+    fn config_loads_allow_login_shell_from_toml() -> std::io::Result<()> {
+        let codex_home = TempDir::new()?;
+        let cfg: ConfigToml = toml::from_str(
+            r#"
+model = "gpt-5.1"
+allow_login_shell = false
+"#,
+        )
+        .expect("TOML deserialization should succeed for allow_login_shell");
+
+        let config = Config::load_from_base_config_with_overrides(
+            cfg,
+            ConfigOverrides::default(),
+            codex_home.path().to_path_buf(),
+        )?;
+
+        assert!(!config.permissions.allow_login_shell);
+        Ok(())
+    }
+
    #[test]
    fn config_loads_mcp_oauth_callback_url_from_toml() -> std::io::Result<()> {
        let codex_home = TempDir::new()?;