clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-24 22:54:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

inlining and cleanup tests

Browse Source
This commit is contained in:
kevin zhao
2025-12-01 19:42:05 -05:00
parent 97baebef2a
commit d50cb24c50
1 changed files with 31 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
codex-rs/core/src/exec_policy.rs
View File

@@ -25,7 +25,8 @@ use crate::sandboxing::SandboxPermissions;
use crate::tools::sandboxing::ApprovalRequirement;
const FORBIDDEN_REASON: &str = "execpolicy forbids this command";
const PROMPT_CONFLICT_REASON: &str = "execpolicy requires approval for this command, but AskForApproval is set to Never";
const PROMPT_CONFLICT_REASON: &str =
"execpolicy requires approval for this command, but AskForApproval is set to Never";
const PROMPT_REASON: &str = "execpolicy requires approval for this command";
const POLICY_DIR_NAME: &str = "policy";
const POLICY_EXTENSION: &str = "codexpolicy";
@@ -204,7 +205,7 @@ pub(crate) async fn create_approval_requirement_for_command(
},
}
}
/// Only return PROMPT_REASON when an execpolicy rule drove the prompt decision
fn derive_prompt_reason(evaluation: &Evaluation) -> Option<String> {
evaluation.matched_rules.iter().find_map(|rule_match| {
@@ -296,9 +297,9 @@ mod tests {
}],
},
policy
.read()
.await
.check_multiple(commands.iter(), &|_| Decision::Allow)
.read()
.await
.check_multiple(commands.iter(), &|_| Decision::Allow)
);
assert!(!temp_dir.path().join(POLICY_DIR_NAME).exists());
}
@@ -339,9 +340,9 @@ mod tests {
}],
},
policy
.read()
.await
.check_multiple(command.iter(), &|_| Decision::Allow)
.read()
.await
.check_multiple(command.iter(), &|_| Decision::Allow)
);
}
@@ -367,9 +368,9 @@ mod tests {
}],
},
policy
.read()
.await
.check_multiple(command.iter(), &|_| Decision::Allow)
.read()
.await
.check_multiple(command.iter(), &|_| Decision::Allow)
);
}
@@ -503,18 +504,16 @@ prefix_rule(pattern=["rm"], decision="forbidden")
"apple | orange".to_string(),
];
let requirement = create_approval_requirement_for_command(
&policy,
&Features::with_defaults(),
&command,
AskForApproval::UnlessTrusted,
&SandboxPolicy::DangerFullAccess,
SandboxPermissions::UseDefault,
)
.await;
assert_eq!(
requirement,
create_approval_requirement_for_command(
&policy,
&Features::with_defaults(),
&command,
AskForApproval::UnlessTrusted,
&SandboxPolicy::DangerFullAccess,
SandboxPermissions::UseDefault,
)
.await,
ApprovalRequirement::NeedsApproval {
reason: None,
allow_prefix: Some(vec!["orange".to_string()])
@@ -522,7 +521,7 @@ prefix_rule(pattern=["rm"], decision="forbidden")
);
}
#[tokio::test]
#[tokio::test]
async fn append_allow_prefix_rule_updates_policy_and_file() {
let codex_home = tempdir().expect("create temp dir");
let current_policy = Arc::new(RwLock::new(Policy::empty()));
@@ -690,18 +689,16 @@ prefix_rule(pattern=["rm"], decision="forbidden")
"python && echo ok".to_string(),
];
let requirement = create_approval_requirement_for_command(
&policy,
&Features::with_defaults(),
&command,
AskForApproval::UnlessTrusted,
&SandboxPolicy::ReadOnly,
SandboxPermissions::UseDefault,
)
.await;
assert_eq!(
requirement,
create_approval_requirement_for_command(
&policy,
&Features::with_defaults(),
&command,
AskForApproval::UnlessTrusted,
&SandboxPolicy::ReadOnly,
SandboxPermissions::UseDefault,
)
.await,
ApprovalRequirement::Skip {
bypass_sandbox: true
}