mirror of
https://github.com/openai/codex.git
synced 2026-02-01 22:47:52 +00:00
cafb07fe6e
Adds an optional `justification` parameter to the `prefix_rule()`
execpolicy DSL so policy authors can attach human-readable rationale to
a rule. That justification is propagated through parsing/matching and
can be surfaced to the model (or approval UI) when a command is blocked
or requires approval.
When a command is rejected (or gated behind approval) due to policy, a
generic message makes it hard for the model/user to understand what went
wrong and what to do instead. Allowing policy authors to supply a short
justification improves debuggability and helps guide the model toward
compliant alternatives.
Example:
```python
prefix_rule(
pattern = ["git", "push"],
decision = "forbidden",
justification = "pushing is blocked in this repo",
)
```
If Codex tried to run `git push origin main`, now the failure would
include:
```
`git push origin main` rejected: pushing is blocked in this repo
```
whereas previously, all it was told was:
```
execpolicy forbids this command
```
79 lines
1.3 KiB
Plaintext
79 lines
1.3 KiB
Plaintext
|
|
# Example policy to illustrate syntax; not comprehensive and not recommended for actual use.
|
|
|
|
prefix_rule(
|
|
pattern = ["git", "reset", "--hard"],
|
|
decision = "forbidden",
|
|
justification = "destructive operation",
|
|
match = [
|
|
["git", "reset", "--hard"],
|
|
],
|
|
not_match = [
|
|
["git", "reset", "--keep"],
|
|
"git reset --merge",
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["ls"],
|
|
match = [
|
|
["ls"],
|
|
["ls", "-l"],
|
|
["ls", "-a", "."],
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["cat"],
|
|
match = [
|
|
["cat", "file.txt"],
|
|
["cat", "-n", "README.md"],
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["cp"],
|
|
decision = "prompt",
|
|
match = [
|
|
["cp", "foo", "bar"],
|
|
"cp -r src dest",
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["head"],
|
|
match = [
|
|
["head", "README.md"],
|
|
["head", "-n", "5", "CHANGELOG.md"],
|
|
],
|
|
not_match = [
|
|
["hea", "-n", "1,5p", "CHANGELOG.md"],
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["printenv"],
|
|
match = [
|
|
["printenv"],
|
|
["printenv", "PATH"],
|
|
],
|
|
not_match = [
|
|
["print", "-0"],
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["pwd"],
|
|
match = [
|
|
["pwd"],
|
|
],
|
|
)
|
|
|
|
prefix_rule(
|
|
pattern = ["which"],
|
|
match = [
|
|
["which", "python3"],
|
|
["which", "-a", "python3"],
|
|
],
|
|
)
|