feat(core) RequestRule (#9489)

## Summary Instead of trying to derive the prefix_rule for a command mechanically, let's let the model decide for us. ## Testing - [x] tested locally
2026-02-01 22:47:52 +00:00 · 2026-01-28 01:43:17 -07:00
parent 9f79365691
commit 996e09ca24
20 changed files with 696 additions and 302 deletions
--- a/codex-rs/app-server/Cargo.toml
+++ b/codex-rs/app-server/Cargo.toml
@@ -56,6 +56,7 @@ axum = { workspace = true, default-features = false, features = [
    "tokio",
 ] }
 base64 = { workspace = true }
+codex-execpolicy = { workspace = true }
 core_test_support = { workspace = true }
 mcp-types = { workspace = true }
 os_info = { workspace = true }
--- a/codex-rs/app-server/tests/suite/send_message.rs
+++ b/codex-rs/app-server/tests/suite/send_message.rs
@@ -11,6 +11,7 @@ use codex_app_server_protocol::NewConversationResponse;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::SendUserMessageParams;
 use codex_app_server_protocol::SendUserMessageResponse;
+use codex_execpolicy::Policy;
 use codex_protocol::ThreadId;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::DeveloperInstructions;
@@ -358,6 +359,8 @@ fn assert_permissions_message(item: &ResponseItem) {
            let expected = DeveloperInstructions::from_policy(
                &SandboxPolicy::DangerFullAccess,
                AskForApproval::Never,
+                &Policy::empty(),
+                false,
                &PathBuf::from("/tmp"),
            )
            .into_text();