core: add a full-buffer exec capture policy (#15254)

2026-05-05 22:01:37 +03:00 · 2026-03-19 19:38:12 -07:00
parent 0a344e4fab
commit a3e59e9e85
16 changed files with 336 additions and 35 deletions
--- a/codex-rs/core/src/codex_tests.rs
+++ b/codex-rs/core/src/codex_tests.rs
@@ -7,6 +7,7 @@ use crate::config_loader::ConfigLayerStackOrdering;
 use crate::config_loader::NetworkConstraints;
 use crate::config_loader::RequirementSource;
 use crate::config_loader::Sourced;
+use crate::exec::ExecCapturePolicy;
 use crate::exec::ExecToolCallOutput;
 use crate::function_tool::FunctionCallError;
 use crate::mcp_connection_manager::ToolInfo;
@@ -4788,6 +4789,7 @@ async fn rejects_escalated_permissions_when_policy_not_on_request() {
        },
        cwd: turn_context.cwd.clone(),
        expiration: timeout_ms.into(),
+        capture_policy: ExecCapturePolicy::ShellTool,
        env: HashMap::new(),
        network: None,
        sandbox_permissions,
@@ -4805,6 +4807,7 @@ async fn rejects_escalated_permissions_when_policy_not_on_request() {
        command: params.command.clone(),
        cwd: params.cwd.clone(),
        expiration: timeout_ms.into(),
+        capture_policy: ExecCapturePolicy::ShellTool,
        env: HashMap::new(),
        network: None,
        windows_sandbox_level: turn_context.windows_sandbox_level,