You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,12 +69,12 @@ Codex can access MCP servers. To configure them, refer to the [config docs](./do
69
69
70
70
Codex CLI supports a rich set of configuration options, with preferences stored in `~/.codex/config.toml`. For full configuration options, see [Configuration](./docs/config.md).
71
71
72
-
### Execpolicy quickstart
72
+
### Execpolicy Quickstart
73
73
74
74
Codex can enforce your own rules-based execution policy before it runs shell commands.
75
75
76
76
1. Create a policy directory: `mkdir -p ~/.codex/policy`.
77
-
2. Create one or more `.codexpolicy` files into that folder. Codex automatically loads every `.codexpolicy` file in there on startup.
77
+
2. Create one or more `.codexpolicy` files in that folder. Codex automatically loads every `.codexpolicy` file in there on startup.
78
78
3. Write `prefix_rule` entries to describe the commands you want to allow, prompt, or block:
79
79
80
80
```starlark
@@ -87,14 +87,12 @@ prefix_rule(
87
87
```
88
88
89
89
-`pattern` is a list of shell tokens, evaluated from left to right; wrap tokens in a nested list to express alternatives (e.g., match both `push` and `fetch`).
90
-
-`decision` sets the severity; Codex picks the strictest decision when multiple rules match.
90
+
-`decision` sets the severity; Codex picks the strictest decision when multiple rules match (forbidden > prompt > allow).
91
91
-`match` and `not_match` act as (optional) unit tests. Codex validates them when it loads your policy, so you get feedback if an example has unexpected behavior.
92
92
93
93
In this example rule, if Codex wants to run commands with the prefix `git push` or `git fetch`, it will first ask for user approval.
94
94
95
-
Note: If Codex wants to run a command that matches with multiple rules, it will use the strictest decision among the matched rules (forbidden > prompt > allow).
96
-
97
-
Use the [`execpolicy2` CLI](./codex-rs/execpolicy2/README.md) to preview decisions before you save a rule:
95
+
Use [`execpolicy2` CLI](./codex-rs/execpolicy2/README.md) to preview decisions for policy files:
98
96
99
97
```shell
100
98
cargo run -p codex-execpolicy2 -- check --policy ~/.codex/policy/default.codexpolicy git push origin main
0 commit comments