clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-30 01:16:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(core) update prefix_rule guidance (#15231)

Browse Source 
## Summary
Small tweaks to the prefix_rule guidance.

## Testing
- [x] in progress
This commit is contained in:
Dylan Hurd
2026-03-20 15:57:06 -07:00
committed by GitHub
parent 9eef2e91fc
commit 7754dd1b89
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
codex-rs/protocol/src/models.rs
View File

@@ -478,7 +478,7 @@ const APPROVAL_POLICY_UNLESS_TRUSTED: &str =
const APPROVAL_POLICY_ON_FAILURE: &str =
include_str!("prompts/permissions/approval_policy/on_failure.md");
const APPROVAL_POLICY_ON_REQUEST_RULE: &str =
include_str!("prompts/permissions/approval_policy/on_request_rule.md");
include_str!("prompts/permissions/approval_policy/on_request.md");
const APPROVAL_POLICY_ON_REQUEST_RULE_REQUEST_PERMISSION: &str =
include_str!("prompts/permissions/approval_policy/on_request_rule_request_permission.md");

5
codex-rs/protocol/src/prompts/permissions/approval_policy/on_request_rule.md → codex-rs/protocol/src/prompts/permissions/approval_policy/on_request.md
View File

@@ -19,6 +19,8 @@ This is treated as two command segments:
["tee", "output.txt"]
Commands that use more advanced shell features like redirection (>, >>, <), substitutions ($(...), ...), environment variables (FOO=bar), or wildcard patterns (*, ?) will not be evaluated against rules, to limit the scope of what an approved rule allows.
## How to request escalation
IMPORTANT: To request approval to execute a command that will require escalated privileges:
@@ -44,7 +46,7 @@ While commands are running inside the sandbox, here are some scenarios that will
When choosing a `prefix_rule`, request one that will allow you to fulfill similar requests from the user in the future without re-requesting escalation. It should be categorical and reasonably scoped to similar capabilities. You should rarely pass the entire command into `prefix_rule`.
### Banned prefix_rules
Avoid requesting overly broad prefixes that the user would be ill-advised to approve. For example, do not request ["python3"], ["python", "-"], or other similar prefixes.
Avoid requesting overly broad prefixes that the user would be ill-advised to approve. For example, do not request ["python3"], ["python", "-"], or other similar prefixes that would allow arbitrary scripting.
NEVER provide a prefix_rule argument for destructive commands like rm.
NEVER provide a prefix_rule if your command uses a heredoc or herestring.
@@ -52,5 +54,4 @@ NEVER provide a prefix_rule if your command uses a heredoc or herestring.
Good examples of prefixes:
- ["npm", "run", "dev"]
- ["gh", "pr", "check"]
- ["pytest"]
- ["cargo", "test"]