feat(core): add structured network approval plumbing and policy decision model (#11672)

### Description #### Summary Introduces the core plumbing required for structured network approvals #### What changed - Added structured network policy decision modeling in core. - Added approval payload/context types needed for network approval semantics. - Wired shell/unified-exec runtime plumbing to consume structured decisions. - Updated related core error/event surfaces for structured handling. - Updated protocol plumbing used by core approval flow. - Included small CLI debug sandbox compatibility updates needed by this layer. #### Why establishes the minimal backend foundation for network approvals without yet changing high-level orchestration or TUI behavior. #### Notes - Behavior remains constrained by existing requirements/config gating. - Follow-up PRs in the stack handle orchestration, UX, and app-server integration. --------- Co-authored-by: Codex <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
2026-04-25 23:24:55 +00:00 · 2026-02-13 20:18:12 -08:00
parent 854e91e422
commit b527ee2890
47 changed files with 1874 additions and 176 deletions
--- a/codex-rs/linux-sandbox/tests/suite/landlock.rs
+++ b/codex-rs/linux-sandbox/tests/suite/landlock.rs
@@ -76,6 +76,7 @@ async fn run_cmd_result_with_writable_roots(
        expiration: timeout_ms.into(),
        env: create_env_from_core_vars(),
        network: None,
+        network_attempt_id: None,
        sandbox_permissions: SandboxPermissions::UseDefault,
        windows_sandbox_level: WindowsSandboxLevel::Disabled,
        justification: None,
@@ -123,7 +124,7 @@ async fn should_skip_bwrap_tests() -> bool {
    .await
    {
        Ok(output) => is_bwrap_unavailable_output(&output),
-        Err(CodexErr::Sandbox(SandboxErr::Denied { output })) => {
+        Err(CodexErr::Sandbox(SandboxErr::Denied { output, .. })) => {
            is_bwrap_unavailable_output(&output)
        }
        // Probe timeouts are not actionable for the bwrap-specific assertions below;
@@ -142,7 +143,7 @@ fn expect_denied(
            assert_ne!(output.exit_code, 0, "{context}: expected nonzero exit code");
            output
        }
-        Err(CodexErr::Sandbox(SandboxErr::Denied { output })) => *output,
+        Err(CodexErr::Sandbox(SandboxErr::Denied { output, .. })) => *output,
        Err(err) => panic!("{context}: {err:?}"),
    }
 }
@@ -236,6 +237,7 @@ async fn assert_network_blocked(cmd: &[&str]) {
        expiration: NETWORK_TIMEOUT_MS.into(),
        env: create_env_from_core_vars(),
        network: None,
+        network_attempt_id: None,
        sandbox_permissions: SandboxPermissions::UseDefault,
        windows_sandbox_level: WindowsSandboxLevel::Disabled,
        justification: None,
@@ -257,7 +259,7 @@ async fn assert_network_blocked(cmd: &[&str]) {

    let output = match result {
        Ok(output) => output,
-        Err(CodexErr::Sandbox(SandboxErr::Denied { output })) => *output,
+        Err(CodexErr::Sandbox(SandboxErr::Denied { output, .. })) => *output,
        _ => {
            panic!("expected sandbox denied error, got: {result:?}");
        }