feat(exec_allow): whitelist trusted commands with approval + TLS guardrails#180
feat(exec_allow): whitelist trusted commands with approval + TLS guardrails#180cbusillo wants to merge 3 commits into
Conversation
81b4d7f to
c4d80c7
Compare
|
Testing this out now! I have an issue where commands like uv run and docker won't run right in the sandbox on macOS. I also want most git commands to always require confirmation. Basically I want commands like uv run test* to always run without confirmation and outside the sandbox. I also want gh cli to work but require confirmation. gh wouldn't run without passing it ssl stuff. I couldn't figure out a way to do this without new code, if I am mistaken, please let me know! I love the system you have created, it's what I was working on trying to build myself. Of course I just canceled my Claude account, but right now I can't find a reason to use it. Maybe with their next model release. I am still trying to learn how to use the new agents system, I had a nice system with Claude Code, but the CLI tool kept crashing and Codex CLI doesn't support it so I ditched it. Looking forward to learning your system |
|
Thanks for the PR! So when you run gh in sandbox mode does it fail to run for you? What's the sandbox config you're using? |
|
This is what I am using right now. It is never able to auth correctly. It fails with a sandbox error. If you like I can install the stock Code and give you the actual error. |
1a8528a to
0b01f85
Compare
16b8936 to
5c99695
Compare
5c99695 to
b0b5224
Compare
804b5ad to
b7927a2
Compare
|
We now keep codex-rs in lockstep with upstream openai/codex (see c8111bb), so Rust changes need to target the code-rs workspace instead. Closing this to keep the mirror clean—happy to revisit the exec allowlist in a fresh PR on code-rs. |
Summary
exec_allowconfig section plus runtime matcher so simple commands (e.g.uv run test*,docker compose) can bypass the sandbox while we continue validating that every argv path stays under writable rootsconfirm = trueon those rules so risky escapes still pause for user approval before leaving the sandboxSSL_CERT_FILEwheninject_ssl_cert_file = true, sourcing fromCODEX_DEFAULT_SSL_CERT_FILEor common CA bundle paths soghand other TLS clients keep working after the bypassTesting