feat(core): add structured network approval plumbing and policy decision model (#11672)

### Description #### Summary Introduces the core plumbing required for structured network approvals #### What changed - Added structured network policy decision modeling in core. - Added approval payload/context types needed for network approval semantics. - Wired shell/unified-exec runtime plumbing to consume structured decisions. - Updated related core error/event surfaces for structured handling. - Updated protocol plumbing used by core approval flow. - Included small CLI debug sandbox compatibility updates needed by this layer. #### Why establishes the minimal backend foundation for network approvals without yet changing high-level orchestration or TUI behavior. #### Notes - Behavior remains constrained by existing requirements/config gating. - Follow-up PRs in the stack handle orchestration, UX, and app-server integration. --------- Co-authored-by: Codex <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
2026-04-25 23:24:55 +00:00 · 2026-02-13 20:18:12 -08:00
parent 854e91e422
commit b527ee2890
47 changed files with 1874 additions and 176 deletions
--- a/codex-rs/network-proxy/src/proxy.rs
+++ b/codex-rs/network-proxy/src/proxy.rs
@@ -3,7 +3,7 @@ use crate::config;
 use crate::http_proxy;
 use crate::metadata::proxy_username_for_attempt_id;
 use crate::network_policy::NetworkPolicyDecider;
-use crate::runtime::BlockedRequest;
+use crate::runtime::BlockedRequestObserver;
 use crate::runtime::unix_socket_permissions_supported;
 use crate::socks5;
 use crate::state::NetworkProxyState;
@@ -72,6 +72,7 @@ pub struct NetworkProxyBuilder {
    admin_addr: Option<SocketAddr>,
    managed_by_codex: bool,
    policy_decider: Option<Arc<dyn NetworkPolicyDecider>>,
+    blocked_request_observer: Option<Arc<dyn BlockedRequestObserver>>,
 }

 impl Default for NetworkProxyBuilder {
@@ -83,6 +84,7 @@ impl Default for NetworkProxyBuilder {
            admin_addr: None,
            managed_by_codex: true,
            policy_decider: None,
+            blocked_request_observer: None,
        }
    }
 }
@@ -126,12 +128,31 @@ impl NetworkProxyBuilder {
        self
    }

+    pub fn blocked_request_observer<O>(mut self, observer: O) -> Self
+    where
+        O: BlockedRequestObserver,
+    {
+        self.blocked_request_observer = Some(Arc::new(observer));
+        self
+    }
+
+    pub fn blocked_request_observer_arc(
+        mut self,
+        observer: Arc<dyn BlockedRequestObserver>,
+    ) -> Self {
+        self.blocked_request_observer = Some(observer);
+        self
+    }
+
    pub async fn build(self) -> Result<NetworkProxy> {
        let state = self.state.ok_or_else(|| {
            anyhow::anyhow!(
                "NetworkProxyBuilder requires a state; supply one via builder.state(...)"
            )
        })?;
+        state
+            .set_blocked_request_observer(self.blocked_request_observer.clone())
+            .await;
        let current_cfg = state.current_cfg().await?;
        let (requested_http_addr, requested_socks_addr, requested_admin_addr, reserved_listeners) =
            if self.managed_by_codex {
@@ -399,13 +420,6 @@ impl NetworkProxy {
        self.admin_addr
    }

-    pub async fn latest_blocked_request_for_attempt(
-        &self,
-        attempt_id: &str,
-    ) -> Result<Option<BlockedRequest>> {
-        self.state.latest_blocked_for_attempt(attempt_id).await
-    }
-
    pub fn apply_to_env(&self, env: &mut HashMap<String, String>) {
        self.apply_to_env_for_attempt(env, None);
    }