core: add a full-buffer exec capture policy (#15254)

2026-05-02 02:17:22 +00:00 · 2026-03-19 19:38:12 -07:00
parent 0a344e4fab
commit a3e59e9e85
16 changed files with 336 additions and 35 deletions
--- a/codex-rs/core/src/codex_tests_guardian.rs
+++ b/codex-rs/core/src/codex_tests_guardian.rs
@@ -3,6 +3,7 @@ use crate::compact::InitialContextInjection;
 use crate::config_loader::ConfigLayerEntry;
 use crate::config_loader::ConfigRequirements;
 use crate::config_loader::ConfigRequirementsToml;
+use crate::exec::ExecCapturePolicy;
 use crate::exec::ExecParams;
 use crate::exec_policy::ExecPolicyManager;
 use crate::features::Feature;
@@ -124,6 +125,7 @@ async fn guardian_allows_shell_additional_permissions_requests_past_policy_valid
        },
        cwd: turn_context.cwd.clone(),
        expiration: expiration_ms.into(),
+        capture_policy: ExecCapturePolicy::ShellTool,
        env: HashMap::new(),
        network: None,
        sandbox_permissions: SandboxPermissions::WithAdditionalPermissions,