mirror of https://github.com/openai/codex.git synced 2026-05-15 00:32:51 +00:00

Files

viyatb-oai 6862b9c745 feat(permissions): add glob deny-read policy support (#15979 )

## Summary
- adds first-class filesystem policy entries for deny-read glob patterns
- parses config such as :project_roots { "**/*.env" = "none" } into
pattern entries
- enforces deny-read patterns in direct read/list helpers
- fails closed for sandbox execution until platform backends enforce
glob patterns in #18096
- preserves split filesystem policy in turn context only when it cannot
be reconstructed from legacy sandbox policy

## Stack
1. This PR - glob deny-read policy/config/direct-tool support
2. #18096 - macOS and Linux sandbox enforcement
3. #17740 - managed deny-read requirements

## Verification
- just fmt
- cargo check -p codex-core -p codex-sandboxing --tests

---------

Co-authored-by: Codex <noreply@openai.com>

2026-04-16 10:31:51 -07:00

src

feat(permissions): add glob deny-read policy support (#15979 )

2026-04-16 10:31:51 -07:00

BUILD.bazel

fix(core) Preserve base_instructions in SessionMeta (#9427 )

2026-01-19 21:59:36 -08:00

Cargo.toml

feat(permissions): add glob deny-read policy support (#15979 )

2026-04-16 10:31:51 -07:00

README.md

fix: separate codex mcp into codex mcp-server and codex app-server (#4471 )

2025-09-30 07:06:18 +00:00

README.md

codex-protocol

This crate defines the "types" for the protocol used by Codex CLI, which includes both "internal types" for communication between codex-core and codex-tui, as well as "external types" used with codex app-server.

This crate should have minimal dependencies.

Ideally, we should avoid "material business logic" in this crate, as we can always introduce Ext-style traits to add functionality to types in other crates.