Extract codex-config from codex-core

## Why `codex-core` has accumulated config loading, requirements parsing, constraint logic, and config-layer state handling in one large crate. This refactor pulls that cohesive subsystem into a dedicated crate so we can reduce the compile/test surface area of `codex-core` and make future config work more isolated. This is part of the broader goal of right-sizing crates to reduce monolithic rebuild cost and improve incremental development speed. ## What Changed ### New crate - Added a new workspace crate: `codex-rs/config` (`codex-config`) - Added workspace wiring in `codex-rs/Cargo.toml` - Added dependency from `codex-core` to `codex-config` ### Moved config internals from `core` to `config` Moved these modules into `codex-config`: - `core/src/config/constraint.rs` -> `config/src/constraint.rs` - `core/src/config_loader/cloud_requirements.rs` -> `config/src/config_loader/cloud_requirements.rs` - `core/src/config_loader/config_requirements.rs` -> `config/src/config_loader/config_requirements.rs` - `core/src/config_loader/fingerprint.rs` -> `config/src/config_loader/fingerprint.rs` - `core/src/config_loader/merge.rs` -> `config/src/config_loader/merge.rs` - `core/src/config_loader/overrides.rs` -> `config/src/config_loader/overrides.rs` - `core/src/config_loader/requirements_exec_policy.rs` -> `config/src/config_loader/requirements_exec_policy.rs` - `core/src/config_loader/state.rs` -> `config/src/config_loader/state.rs` ### Removed shim modules in `core` After the move, the temporary one-line `pub use` shim files under `core/src/config_loader/` were deleted so history is a clean move/delete rather than introducing extra permanent forwarding modules. `core/src/config_loader/mod.rs` now imports/re-exports directly from `codex_config`, including direct use of `build_cli_overrides_layer` and test-only access to `version_for_toml`. ### Follow-on fixes for direct imports - Updated `core/src/config_loader/macos.rs` to use `super::{ConfigRequirementsToml, ConfigRequirementsWithSources, RequirementSource}`. - Updated `core/src/config_loader/tests.rs` imports to reference `crate::config_loader` re-exports and `codex_config` exec-policy TOML types. ## Behavior and API Notes - Config behavior is intended to be unchanged. - `codex-core` continues to expose the same config-loader-facing API surface to its internal callers via `core/src/config_loader/mod.rs` re-exports. - The main functional change is crate ownership and dependency direction, not config semantics. ## Validation Ran: - `cargo test -p codex-config` - `cargo test -p codex-core --no-run` - `cargo test -p codex-core config_loader::tests::load_requirements_toml_produces_expected_constraints` - `cargo test -p codex-core config_loader::tests::requirements_exec_policy_tests::parses_single_prefix_rule_from_raw_toml` - `just fmt` - `just fix -p codex-config -p codex-core` - `just fix -p codex-core` All listed commands completed successfully in this workspace environment.
2026-04-27 16:15:09 +00:00 · 2026-02-10 23:44:39 -08:00
parent 476c1a7160
commit d6dac54a5d
20 changed files with 456 additions and 333 deletions
--- a/codex-rs/tui/src/debug_config.rs
+++ b/codex-rs/tui/src/debug_config.rs
@@ -474,44 +474,46 @@ mod tests {
        } else {
            absolute_path("/etc/codex/requirements.toml")
        };
-        let mut requirements = ConfigRequirements::default();
-        requirements.approval_policy = ConstrainedWithSource::new(
-            Constrained::allow_any(AskForApproval::OnRequest),
-            Some(RequirementSource::CloudRequirements),
-        );
-        requirements.sandbox_policy = ConstrainedWithSource::new(
-            Constrained::allow_any(SandboxPolicy::ReadOnly),
-            Some(RequirementSource::SystemRequirementsToml {
-                file: requirements_file.clone(),
-            }),
-        );
-        requirements.mcp_servers = Some(Sourced::new(
-            BTreeMap::from([(
-                "docs".to_string(),
-                McpServerRequirement {
-                    identity: McpServerIdentity::Command {
-                        command: "codex-mcp".to_string(),
+        let requirements = ConfigRequirements {
+            approval_policy: ConstrainedWithSource::new(
+                Constrained::allow_any(AskForApproval::OnRequest),
+                Some(RequirementSource::CloudRequirements),
+            ),
+            sandbox_policy: ConstrainedWithSource::new(
+                Constrained::allow_any(SandboxPolicy::ReadOnly),
+                Some(RequirementSource::SystemRequirementsToml {
+                    file: requirements_file.clone(),
+                }),
+            ),
+            mcp_servers: Some(Sourced::new(
+                BTreeMap::from([(
+                    "docs".to_string(),
+                    McpServerRequirement {
+                        identity: McpServerIdentity::Command {
+                            command: "codex-mcp".to_string(),
+                        },
                    },
+                )]),
+                RequirementSource::LegacyManagedConfigTomlFromMdm,
+            )),
+            enforce_residency: ConstrainedWithSource::new(
+                Constrained::allow_any(Some(ResidencyRequirement::Us)),
+                Some(RequirementSource::CloudRequirements),
+            ),
+            web_search_mode: ConstrainedWithSource::new(
+                Constrained::allow_any(WebSearchMode::Cached),
+                Some(RequirementSource::CloudRequirements),
+            ),
+            network: Some(Sourced::new(
+                NetworkConstraints {
+                    enabled: Some(true),
+                    allowed_domains: Some(vec!["example.com".to_string()]),
+                    ..Default::default()
                },
-            )]),
-            RequirementSource::LegacyManagedConfigTomlFromMdm,
-        ));
-        requirements.enforce_residency = ConstrainedWithSource::new(
-            Constrained::allow_any(Some(ResidencyRequirement::Us)),
-            Some(RequirementSource::CloudRequirements),
-        );
-        requirements.web_search_mode = ConstrainedWithSource::new(
-            Constrained::allow_any(WebSearchMode::Cached),
-            Some(RequirementSource::CloudRequirements),
-        );
-        requirements.network = Some(Sourced::new(
-            NetworkConstraints {
-                enabled: Some(true),
-                allowed_domains: Some(vec!["example.com".to_string()]),
-                ..Default::default()
-            },
-            RequirementSource::CloudRequirements,
-        ));
+                RequirementSource::CloudRequirements,
+            )),
+            ..ConfigRequirements::default()
+        };

        let requirements_toml = ConfigRequirementsToml {
            allowed_approval_policies: Some(vec![AskForApproval::OnRequest]),
@@ -631,11 +633,13 @@ approval_policy = "never"

    #[test]
    fn debug_config_output_normalizes_empty_web_search_mode_list() {
-        let mut requirements = ConfigRequirements::default();
-        requirements.web_search_mode = ConstrainedWithSource::new(
-            Constrained::allow_any(WebSearchMode::Disabled),
-            Some(RequirementSource::CloudRequirements),
-        );
+        let requirements = ConfigRequirements {
+            web_search_mode: ConstrainedWithSource::new(
+                Constrained::allow_any(WebSearchMode::Disabled),
+                Some(RequirementSource::CloudRequirements),
+            ),
+            ..ConfigRequirements::default()
+        };

        let requirements_toml = ConfigRequirementsToml {
            allowed_approval_policies: None,