Commit Graph

5 Commits

  • Treat zsh -lc like bash -lc (#5411)
    Without proper `zsh -lc` parsing, we lose some things like proper
    command parsing, turn diff tracking, safe command checks, and other
    things we expect from raw or `bash -lc` commands.
  • chore: rework tools execution workflow (#5278)
    Re-work the tool execution flow. Read `orchestrator.rs` to understand
    the structure
  • implement command safety for PowerShell commands (#4269)
    Implement command safety for PowerShell commands on Windows
    
    This change adds a new Windows-specific command-safety module under
    `codex-rs/core/src/command_safety/windows_safe_commands.rs` to strictly
    sanitise PowerShell invocations. Key points:
    
    - Introduce `is_safe_command_windows()` to only allow explicitly
    read-only PowerShell calls.
    - Parse and split PowerShell invocations (including inline `-Command`
    scripts and pipelines).
    - Block unsafe switches (`-File`, `-EncodedCommand`, `-ExecutionPolicy`,
    unknown flags, call operators, redirections, separators).
    - Whitelist only read-only cmdlets (`Get-ChildItem`, `Get-Content`,
    `Select-Object`, etc.), safe Git subcommands (`status`, `log`, `show`,
    `diff`, `cat-file`), and ripgrep without unsafe options.
    - Add comprehensive unit tests covering allowed and rejected command
    patterns (nested calls, side effects, chaining, redirections).
    
    This ensures Codex on Windows can safely execute discover-only
    PowerShell workflows without risking destructive operations.
  • core: add potentially dangerous command check (#4211)
    Certain shell commands are potentially dangerous, and we want to check
    for them.
    Unless the user has explicitly approved a command, we will *always* ask
    them for approval
    when one of these commands is encountered, regardless of whether they
    are in a sandbox, or what their approval policy is.
    
    The first (of probably many) such examples is `git reset --hard`. We
    will be conservative and check for any `git reset`
  • adds a windows-specific method to check if a command is safe (#4119)
    refactors command_safety files into its own package, so we can add
    platform-specific ones
    Also creates a windows-specific of `is_known_safe_command` that just
    returns false always, since that is what happens today.