mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
dev
16 Commits
-
Disable empty Cargo test targets (#21584)
## Summary `cargo test` has entails both running standard Rust tests and doctests. It turns out that the doctest discovery is fairly slow, and it's a cost you pay even for crates that don't include any doctests. This PR disables doctests with `doctest = false` for crates that lack any doctests. For the collection of crates below, this speeds up test execution by >4x. E.g., before this PR: ``` Benchmark 1: cargo test -p codex-utils-absolute-path -p codex-utils-cache -p codex-utils-cli -p codex-utils-home-dir -p codex-utils-output-truncation -p codex-utils-path -p codex-utils-string -p codex-utils-template -p codex-utils-elapsed -p codex-utils-json-to-toml Time (mean ± σ): 1.849 s ± 4.455 s [User: 0.752 s, System: 1.367 s] Range (min … max): 0.418 s … 14.529 s 10 runs ``` And after: ``` Benchmark 1: cargo test -p codex-utils-absolute-path -p codex-utils-cache -p codex-utils-cli -p codex-utils-home-dir -p codex-utils-output-truncation -p codex-utils-path -p codex-utils-string -p codex-utils-template -p codex-utils-elapsed -p codex-utils-json-to-toml Time (mean ± σ): 428.6 ms ± 6.9 ms [User: 187.7 ms, System: 219.7 ms] Range (min … max): 418.0 ms … 436.8 ms 10 runs ``` For a single crate, with >2x speedup, before: ``` Benchmark 1: cargo test -p codex-utils-string Time (mean ± σ): 491.1 ms ± 9.0 ms [User: 229.8 ms, System: 234.9 ms] Range (min … max): 480.9 ms … 512.0 ms 10 runs ``` And after: ``` Benchmark 1: cargo test -p codex-utils-string Time (mean ± σ): 213.9 ms ± 4.3 ms [User: 112.8 ms, System: 84.0 ms] Range (min … max): 206.8 ms … 221.0 ms 13 runs ``` Co-authored-by: Codex <noreply@openai.com>
Charlie Marsh ·
2026-05-07 15:44:17 -07:00 -
execpolicy: add host_executable() path mappings (#12964)
## Why `execpolicy` currently keys `prefix_rule()` matching off the literal first token. That works for rules like `["/usr/bin/git"]`, but it means shared basename rules such as `["git"]` do not help when a caller passes an absolute executable path like `/usr/bin/git`. This PR lays the groundwork for basename-aware matching without changing existing callers yet. It adds typed host-executable metadata and an opt-in resolution path in `codex-execpolicy`, so a follow-up PR can adopt the new behavior in `unix_escalation.rs` and other call sites without having to redesign the policy layer first. ## What Changed - added `host_executable(name = ..., paths = [...])` to the execpolicy parser and validated it with `AbsolutePathBuf` - stored host executable mappings separately from prefix rules inside `Policy` - added `MatchOptions` and opt-in `*_with_options()` APIs that preserve existing behavior by default - implemented exact-first matching with optional basename fallback, gated by `host_executable()` allowlists when present - normalized executable names for cross-platform matching so Windows paths like `git.exe` can satisfy `host_executable(name = "git", ...)` - updated `match` / `not_match` example validation to exercise the host-executable resolution path instead of only raw prefix-rule matching - preserved source locations for deferred example-validation errors so policy load failures still point at the right file and line - surfaced `resolvedProgram` on `RuleMatch` so callers can tell when a basename rule matched an absolute executable path - preserved host executable metadata when requirements policies overlay file-based policies in `core/src/exec_policy.rs` - documented the new rule shape and CLI behavior in `execpolicy/README.md` ## Verification - `cargo test -p codex-execpolicy` - added coverage in `execpolicy/tests/basic.rs` for parsing, precedence, empty allowlists, basename fallback, exact-match precedence, and host-executable-backed `match` / `not_match` examples - added a regression test in `core/src/exec_policy.rs` to verify requirements overlays preserve `host_executable()` metadata - verified `cargo test -p codex-core --lib`, including source-rendering coverage for deferred validation errors
Michael Bolin ·
2026-02-27 12:59:24 -08:00 -
execpolicy helpers (#7032)
this PR - adds a helper function to amend `.codexpolicy` files with new prefix rules - adds a utility to `Policy` allowing prefix rules to be added to existing `Policy` structs both additions will be helpful as we thread codexpolicy into the TUI workflow
zhao-oai ·
2025-12-02 15:05:27 -05:00 -
chore: add cargo-deny configuration (#7119)
- add GitHub workflow running cargo-deny on push/PR - document cargo-deny allowlist with workspace-dep notes and advisory ignores - align workspace crates to inherit version/edition/license for consistent checks
Josh McKinney ·
2025-11-24 12:22:18 -08:00 -
zhao-oai ·
2025-11-19 19:14:10 -08:00 -
chore: unify cargo versions (#4044)
Unify cargo versions at root
jif-oai ·
2025-09-22 16:47:01 +00:00 -
chore: simplify dep so serde=1 in Cargo.toml (#3664)
With this change, dependabot should just have to update `Cargo.lock` for `serde`, e.g.: - https://github.com/openai/codex/pull/3617 - https://github.com/openai/codex/pull/3618
Michael Bolin ·
2025-09-15 19:22:29 +00:00 -
chore(deps): bump serde_json from 1.0.143 to 1.0.145 in /codex-rs (#3617)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.143 to 1.0.145. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.145</h2> <ul> <li>Raise serde version requirement to >=1.0.220</li> </ul> <h2>v1.0.144</h2> <ul> <li>Switch serde dependency to serde_core (<a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/efa66e3a1d61459ab2d325f92ebe3acbd6ca18b1"><code>efa66e3</code></a> Release 1.0.145</li> <li><a href="https://github.com/serde-rs/json/commit/23679e2b9d7e4dcaef797ca7c51a4ffb6fce9f36"><code>23679e2</code></a> Add serde version constraint</li> <li><a href="https://github.com/serde-rs/json/commit/fc27bafbf740abc5e5733ec1dd2b5ae25695f895"><code>fc27baf</code></a> Release 1.0.144</li> <li><a href="https://github.com/serde-rs/json/commit/caef3c6ea69e126d18ee8b43dcc2c89d81207815"><code>caef3c6</code></a> Ignore uninlined_format_args pedantic clippy lint</li> <li><a href="https://github.com/serde-rs/json/commit/81ba3aaaff5c3736dd8b762dd1a0cf992bf60593"><code>81ba3aa</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a> from dtolnay/serdecore</li> <li><a href="https://github.com/serde-rs/json/commit/d21e8ce7a7cc0bab2d53293de42b6343ef1d9144"><code>d21e8ce</code></a> Switch serde dependency to serde_core</li> <li><a href="https://github.com/serde-rs/json/commit/6beb6cd596a00f8838dc0cfc8876ed8fd065896f"><code>6beb6cd</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1286">#1286</a> from dtolnay/up</li> <li><a href="https://github.com/serde-rs/json/commit/1dbc803749213eca37080cc7f29f5aee3ac18941"><code>1dbc803</code></a> Raise required compiler to Rust 1.61</li> <li><a href="https://github.com/serde-rs/json/commit/0bf5d87003aebbbb2b46c96e668283215971d98d"><code>0bf5d87</code></a> Enforce trybuild >= 1.0.108</li> <li><a href="https://github.com/serde-rs/json/commit/d12e943590208da738c092db92c34b39796a2538"><code>d12e943</code></a> Update actions/checkout@v4 -> v5</li> <li>See full diff in <a href="https://github.com/serde-rs/json/compare/v1.0.143...v1.0.145">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-15 11:58:57 -07:00 -
chore(deps): bump serde_json from 1.0.142 to 1.0.143 in /codex-rs (#2498)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.142 to 1.0.143. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.143</h2> <ul> <li>Implement Clone and Debug for serde_json::Map iterators (<a href="https://redirect.github.com/serde-rs/json/issues/1264">#1264</a>, thanks <a href="https://github.com/xlambein"><code>@xlambein</code></a>)</li> <li>Implement Default for CompactFormatter (<a href="https://redirect.github.com/serde-rs/json/issues/1268">#1268</a>, thanks <a href="https://github.com/SOF3"><code>@SOF3</code></a>)</li> <li>Implement FromStr for serde_json::Map (<a href="https://redirect.github.com/serde-rs/json/issues/1271">#1271</a>, thanks <a href="https://github.com/mickvangelderen"><code>@mickvangelderen</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/10102c49bfd95e5b8d42a6c0b9530b1732a6fea8"><code>10102c4</code></a> Release 1.0.143</li> <li><a href="https://github.com/serde-rs/json/commit/2a5b85312c2eb0eec19f922993e1a6931535b5e3"><code>2a5b853</code></a> Replace super::super with absolute path within crate</li> <li><a href="https://github.com/serde-rs/json/commit/447170bd38099bc9636de4ff73c00e9d816a75f4"><code>447170b</code></a> Merge pull request 1271 from mickvangelderen/mick/impl-from-str-for-map</li> <li><a href="https://github.com/serde-rs/json/commit/ec190d6dfd4ecc5b31db76a7f1c26c54e99eee9f"><code>ec190d6</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1264">#1264</a> from xlambein/master</li> <li><a href="https://github.com/serde-rs/json/commit/8be664752fe8b8fc92b239155979fad39719c2fd"><code>8be6647</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1268">#1268</a> from SOF3/compact-default</li> <li><a href="https://github.com/serde-rs/json/commit/ba5b3cccea799018d236c1af24a34ae53b6c84cc"><code>ba5b3cc</code></a> Revert "Pin nightly toolchain used for miri job"</li> <li><a href="https://github.com/serde-rs/json/commit/fd35a02901648230ac04657a12b85f5c90fb9106"><code>fd35a02</code></a> Implement FromStr for Map<String, Value></li> <li><a href="https://github.com/serde-rs/json/commit/bea0fe6b3e1d06dcd46a38be42f775f22f6c2b8e"><code>bea0fe6</code></a> Implement Default for CompactFormatter</li> <li><a href="https://github.com/serde-rs/json/commit/0c0e9f6bfad856db30f389496d64ac2577d8c13b"><code>0c0e9f6</code></a> Add Clone and Debug impls to map iterators</li> <li>See full diff in <a href="https://github.com/serde-rs/json/compare/v1.0.142...v1.0.143">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-08-22 15:45:14 -07:00 -
chore(deps): bump serde_json from 1.0.141 to 1.0.142 in /codex-rs (#1817)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.141 to 1.0.142. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.142</h2> <ul> <li>impl Default for &Value (<a href="https://redirect.github.com/serde-rs/json/issues/1265">#1265</a>, thanks <a href="https://github.com/aatifsyed"><code>@aatifsyed</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/1731167cd5dd6358944aabf8ab8504a2f5162018"><code>1731167</code></a> Release 1.0.142</li> <li><a href="https://github.com/serde-rs/json/commit/e51c81450a3018a5524f6b1afba7192ddbafcc69"><code>e51c814</code></a> Touch up PR 1265</li> <li><a href="https://github.com/serde-rs/json/commit/84abbdb613ce8faa2e93eddcc96f5514eb31a1d1"><code>84abbdb</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1265">#1265</a> from aatifsyed/master</li> <li><a href="https://github.com/serde-rs/json/commit/9206cc0150fa17d44296db96149f00a142691ead"><code>9206cc0</code></a> feat: impl Default for &Value</li> <li>See full diff in <a href="https://github.com/serde-rs/json/compare/v1.0.141...v1.0.142">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-08-04 14:26:14 -07:00 -
chore(rs): update dependencies (#1494)
### Chores - Update cargo dependencies - Remove unused cargo dependencies - Fix clippy warnings - Update Dockerfile (package.json requires node 22) - Let Dependabot update bun, cargo, devcontainers, docker, github-actions, npm (nix still not supported) ### TODO - Upgrade dependencies with breaking changes ```shell $ cargo update --verbose Unchanged crossterm v0.28.1 (available: v0.29.0) Unchanged schemars v0.8.22 (available: v1.0.4) ```
Rene Leonhardt ·
2025-07-10 11:08:16 -07:00 -
chore: replace regex with regex-lite, where appropriate (#1200)
As explained on https://crates.io/crates/regex-lite, `regex-lite` is a lighter alternative to `regex` and seems to be sufficient for our purposes.
Michael Bolin ·
2025-06-02 17:11:45 -07:00 -
Workspace lints and disallow unwrap (#855)
Sets submodules to use workspace lints. Added denying unwrap as a workspace level lint, which found a couple of cases where we could have propagated errors. Also manually labeled ones that were fine by my eye.
jcoens-openai ·
2025-05-08 09:46:18 -07:00 -
Update submodules version to come from the workspace (#850)
Tie the version of submodules to the workspace version.
jcoens-openai ·
2025-05-07 10:08:06 -07:00 -
Update cargo to 2024 edition (#842)
Some effects of this change: - New formatting changes across many files. No functionality changes should occur from that. - Calls to `set_env` are considered unsafe, since this only happens in tests we wrap them in `unsafe` blocks
jcoens-openai ·
2025-05-07 08:37:48 -07:00 -
feat: introduce codex_execpolicy crate for defining "safe" commands (#634)
As described in detail in `codex-rs/execpolicy/README.md` introduced in this PR, `execpolicy` is a tool that lets you define a set of _patterns_ used to match [`execv(3)`](https://linux.die.net/man/3/execv) invocations. When a pattern is matched, `execpolicy` returns the parsed version in a structured form that is amenable to static analysis. The primary use case is to define patterns match commands that should be auto-approved by a tool such as Codex. This supports a richer pattern matching mechanism that the sort of prefix-matching we have done to date, e.g.: https://github.com/openai/codex/blob/5e40d9d2211737f46136610497bcd9a8271009e0/codex-cli/src/approvals.ts#L333-L354 Note we are still playing with the API and the `system_path` option in particular still needs some work.
Michael Bolin ·
2025-04-24 17:14:47 -07:00