@openai/codex 0.61.1-alpha.1 → 0.62.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -1
- package/package.json +1 -1
- package/vendor/aarch64-apple-darwin/codex/codex +0 -0
- package/vendor/aarch64-pc-windows-msvc/codex/codex.exe +0 -0
- package/vendor/aarch64-unknown-linux-musl/codex/codex +0 -0
- package/vendor/x86_64-apple-darwin/codex/codex +0 -0
- package/vendor/x86_64-pc-windows-msvc/codex/codex.exe +0 -0
- package/vendor/x86_64-unknown-linux-musl/codex/codex +0 -0
package/README.md
CHANGED
|
@@ -69,7 +69,38 @@ Codex can access MCP servers. To configure them, refer to the [config docs](./do
|
|
|
69
69
|
|
|
70
70
|
Codex CLI supports a rich set of configuration options, with preferences stored in `~/.codex/config.toml`. For full configuration options, see [Configuration](./docs/config.md).
|
|
71
71
|
|
|
72
|
-
|
|
72
|
+
### Execpolicy Quickstart
|
|
73
|
+
|
|
74
|
+
Codex can enforce your own rules-based execution policy before it runs shell commands.
|
|
75
|
+
|
|
76
|
+
1. Create a policy directory: `mkdir -p ~/.codex/policy`.
|
|
77
|
+
2. Create one or more `.codexpolicy` files in that folder. Codex automatically loads every `.codexpolicy` file in there on startup.
|
|
78
|
+
3. Write `prefix_rule` entries to describe the commands you want to allow, prompt, or block:
|
|
79
|
+
|
|
80
|
+
```starlark
|
|
81
|
+
prefix_rule(
|
|
82
|
+
pattern = ["git", ["push", "fetch"]],
|
|
83
|
+
decision = "prompt", # allow | prompt | forbidden
|
|
84
|
+
match = [["git", "push", "origin", "main"]], # examples that must match
|
|
85
|
+
not_match = [["git", "status"]], # examples that must not match
|
|
86
|
+
)
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
- `pattern` is a list of shell tokens, evaluated from left to right; wrap tokens in a nested list to express alternatives (e.g., match both `push` and `fetch`).
|
|
90
|
+
- `decision` sets the severity; Codex picks the strictest decision when multiple rules match (forbidden > prompt > allow).
|
|
91
|
+
- `match` and `not_match` act as (optional) unit tests. Codex validates them when it loads your policy, so you get feedback if an example has unexpected behavior.
|
|
92
|
+
|
|
93
|
+
In this example rule, if Codex wants to run commands with the prefix `git push` or `git fetch`, it will first ask for user approval.
|
|
94
|
+
|
|
95
|
+
Use the `codex execpolicy check` subcommand to preview decisions before you save a rule (see the [`codex-execpolicy` README](./codex-rs/execpolicy/README.md) for syntax details):
|
|
96
|
+
|
|
97
|
+
```shell
|
|
98
|
+
codex execpolicy check --policy ~/.codex/policy/default.codexpolicy git push origin main
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
Pass multiple `--policy` flags to test how several files combine, and use `--pretty` for formatted JSON output. See the [`codex-rs/execpolicy` README](./codex-rs/execpolicy/README.md) for a more detailed walkthrough of the available syntax.
|
|
102
|
+
|
|
103
|
+
## Note: `execpolicy` commands are still in preview. The API may have breaking changes in the future.
|
|
73
104
|
|
|
74
105
|
### Docs & FAQ
|
|
75
106
|
|
package/package.json
CHANGED
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|