iceweasel-oai f32c496144 [codex] Handle git pagination flags by position (#21381) ...

## Why

This is a follow-up to the Windows Git safe-command bypass fix for
BUGB-15601. Git's global `--paginate` / `-p` flags can route output
through a configured pager, so they should not be auto-approved as safe
before the subcommand. At the same time, `-p` after read-only
subcommands like `log`, `diff`, and `show` is the common patch-output
flag, so treating every `-p` as unsafe would make ordinary read-only
inspection commands prompt unnecessarily.

## What Changed

- Split Git option safety matching into explicit global-option and
subcommand-option lists.
- Treat global `git --paginate ...` and `git -p ...` as unsafe.
- Keep post-subcommand patch usage such as `git log -p`, `git diff -p`,
and `git show -p HEAD` safe.
- Keep the pagination coverage with the shared Git safe-command
implementation rather than the Windows wrapper tests.
- Remove the stale `git_global_option_requires_prompt` helper now that
safe-command Git option matching owns the prompt-required lists.

## Testing

- `cargo test -p codex-shell-command`

2026-05-06 11:53:26 -07:00

..

command_safety

[codex] Handle git pagination flags by position (#21381)

2026-05-06 11:53:26 -07:00

bash.rs

fix(exec_policy) heredoc parsing file_redirect (#20113)

2026-05-01 01:05:02 +00:00

lib.rs

[codex] reduce module visibility (#16978)

2026-04-07 08:03:35 -07:00

parse_command.rs

Collapse parsed command summaries when any stage is unknown (#13043)

2026-03-03 19:45:34 +00:00

powershell.rs

execpolicy: unwrap PowerShell -Command wrappers on Windows (#20336)

2026-05-01 00:56:20 +00:00

shell_detect.rs

…