feat(permissions): add glob deny-read policy support (#15979)

## Summary - adds first-class filesystem policy entries for deny-read glob patterns - parses config such as :project_roots { "**/*.env" = "none" } into pattern entries - enforces deny-read patterns in direct read/list helpers - fails closed for sandbox execution until platform backends enforce glob patterns in #18096 - preserves split filesystem policy in turn context only when it cannot be reconstructed from legacy sandbox policy ## Stack 1. This PR - glob deny-read policy/config/direct-tool support 2. #18096 - macOS and Linux sandbox enforcement 3. #17740 - managed deny-read requirements ## Verification - just fmt - cargo check -p codex-core -p codex-sandboxing --tests --------- Co-authored-by: Codex <noreply@openai.com>
2026-05-02 10:26:45 +00:00 · 2026-04-16 10:31:51 -07:00
parent ff9744fd66
commit 6862b9c745
23 changed files with 1081 additions and 79 deletions
--- a/codex-rs/core/tests/suite/resume_warning.rs
+++ b/codex-rs/core/tests/suite/resume_warning.rs
@@ -34,6 +34,7 @@ fn resume_history(
        approval_policy: config.permissions.approval_policy.value(),
        sandbox_policy: config.permissions.sandbox_policy.get().clone(),
        network: None,
+        file_system_sandbox_policy: None,
        model: previous_model.to_string(),
        personality: None,
        collaboration_mode: None,