clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-28 08:34:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(execpolicy): add network_rule parsing and persistence

Browse Source
This commit is contained in:
viyatb-oai
2026-01-29 10:03:21 -08:00
parent 3e798c5a7d
commit 6fcb37e01b
6 changed files with 192 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
codex-rs/execpolicy/tests/basic.rs
View File

@@ -6,6 +6,9 @@ use anyhow::Result;
use codex_execpolicy::Decision;
use codex_execpolicy::Error;
use codex_execpolicy::Evaluation;
use codex_execpolicy::NetworkRule;
use codex_execpolicy::NetworkRuleDecision;
use codex_execpolicy::NetworkRuleProtocol;
use codex_execpolicy::Policy;
use codex_execpolicy::PolicyParser;
use codex_execpolicy::RuleMatch;
@@ -72,6 +75,33 @@ prefix_rule(
Ok(())
}
#[test]
fn parses_network_rule() -> Result<()> {
let policy_src = r#"
network_rule(
host = "api.example.com",
protocol = "https",
decision = "allow",
justification = "Allow API calls",
)
"#;
let mut parser = PolicyParser::new();
parser.parse("test.rules", policy_src)?;
let policy = parser.build();
assert_eq!(
policy.network_rules(),
&[NetworkRule {
host: "api.example.com".to_string(),
protocol: NetworkRuleProtocol::Https,
decision: NetworkRuleDecision::Allow,
justification: Some("Allow API calls".to_string()),
}]
);
Ok(())
}
#[test]
fn justification_is_attached_to_forbidden_matches() -> Result<()> {
let policy_src = r#"