feat: execpolicy v2 #6467
feat: execpolicy v2 #6467
Conversation
|
@codex review |
|
Codex Review: Didn't find any major issues. More of your lovely PRs please. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review |
|
Codex Review: Didn't find any major issues. Nice work! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
bolinfest
left a comment
bolinfest
left a comment
There was a problem hiding this comment.
I'm still reviewing, but I have to jump and wanted to share what I saw thus far.
bolinfest
left a comment
bolinfest
left a comment
There was a problem hiding this comment.
This is a good start, but some things could be tightened up!
|
@codex review |
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "match": { | ||
| "decision": "allow|prompt|forbidden", | ||
| "matched_rules": [ | ||
| { | ||
| "prefixRuleMatch": { | ||
| "matched_prefix": ["<token>", "..."], | ||
| "decision": "allow|prompt|forbidden" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| - No match: | ||
| ```json | ||
| "noMatch" | ||
| ``` | ||
|
|
||
| - `matched_rules` lists every rule whose prefix matched the command; `matched_prefix` is the exact prefix that matched. | ||
| - The effective `decision` is the strictest severity across all matches (`forbidden` > `prompt` > `allow`). |
There was a problem hiding this comment.
The response shape documented in README.md shows snake_case fields (matched_rules, matched_prefix) even though the actual serializer derives #[serde(rename_all = "camelCase")] for both Evaluation and RuleMatch (see policy.rs:43-50 and rule.rs:59-66). The CLI/library therefore emits matchedRules and matchedPrefix. Anyone implementing a client using the README will look for the wrong keys and fail to parse the CLI output. Please update the README example and accompanying text to use the camelCase names that the code actually produces.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
@codex could you please compile the code and double check this feedback is correct? if it is correct, please fix the README.md
There was a problem hiding this comment.
Summary
- Added a
serderename onEvaluation::Matchso the CLI now emitsmatchedRulesin camelCase, consistent with the rest of the V2 protocol. codex-rs/execpolicy2/src/policy.rsL43-L51 - Ensured
RuleMatchserializes itsmatchedPrefixpayload using camelCase so rule details in the response match the documented shape. codex-rs/execpolicy2/src/rule.rsL59-L103 - Updated the execpolicy README response example and explanation to describe the camelCase keys the CLI now produces. codex-rs/execpolicy2/README.mdL21-L54
Testing
- ✅
cargo test -p codex-execpolicy2 - ✅
cargo run -p codex-execpolicy2 -- check --policy execpolicy2/examples/example.codexpolicy ls -l
Summary
codex-execpolicy2crate.Policy
prefix_rule(pattern=[...], decision?, match?, not_match?), wherepatternis an ordered list of tokens; any element may be a list to denote alternatives.decisiondefaults toallow; valid values areallow,prompt, andforbidden.match/not_matchhold example commands that are tokenized and validated at load time (think of these as unit tests).Policy shapes
Response shapes
{ "match": { "decision": "allow|prompt|forbidden", "matchedRules": [ { "prefixRuleMatch": { "matchedPrefix": ["<token>", "..."], "decision": "allow|prompt|forbidden" } } ] } }"noMatch"matchedRuleslists every rule whose prefix matched the command;matchedPrefixis the exact prefix that matched.decisionis the strictest severity across all matches (forbidden>prompt>allow).