feat: add --ignore-user-config and --ignore-rules (#18646)

Add those 2 flags to be able to fully isolate a run of `codex exec` from any rules or tools. This will be used by Chronicle
2026-05-05 22:01:37 +03:00 · 2026-04-20 11:27:47 +01:00
parent 7d8bd69283
commit be4fe9f9b2
9 changed files with 274 additions and 13 deletions
--- a/codex-rs/config/src/state.rs
+++ b/codex-rs/config/src/state.rs
@@ -18,6 +18,8 @@ use toml::Value as TomlValue;
 #[derive(Debug, Default, Clone)]
 pub struct LoaderOverrides {
    pub managed_config_path: Option<PathBuf>,
+    pub ignore_user_config: bool,
+    pub ignore_user_and_project_exec_policy_rules: bool,
    //TODO(gt): Add a macos_ prefix to this field and remove the target_os check.
    #[cfg(target_os = "macos")]
    pub managed_preferences_base64: Option<String>,
@@ -42,6 +44,8 @@ impl LoaderOverrides {
    pub fn with_managed_config_path_for_tests(managed_config_path: PathBuf) -> Self {
        Self {
            managed_config_path: Some(managed_config_path),
+            ignore_user_config: false,
+            ignore_user_and_project_exec_policy_rules: false,
            #[cfg(target_os = "macos")]
            managed_preferences_base64: Some(String::new()),
            macos_managed_config_requirements_base64: Some(String::new()),
@@ -157,6 +161,9 @@ pub struct ConfigLayerStack {
    /// sources. This preserves the original allow-lists so they can be
    /// surfaced via APIs.
    requirements_toml: ConfigRequirementsToml,
+
+    /// Whether execpolicy should skip `.rules` files from user and project config-layer folders.
+    ignore_user_and_project_exec_policy_rules: bool,
 }

 impl ConfigLayerStack {
@@ -171,9 +178,22 @@ impl ConfigLayerStack {
            user_layer_index,
            requirements,
            requirements_toml,
+            ignore_user_and_project_exec_policy_rules: false,
        })
    }

+    pub fn with_user_and_project_exec_policy_rules_ignored(
+        mut self,
+        ignore_user_and_project_exec_policy_rules: bool,
+    ) -> Self {
+        self.ignore_user_and_project_exec_policy_rules = ignore_user_and_project_exec_policy_rules;
+        self
+    }
+
+    pub fn ignore_user_and_project_exec_policy_rules(&self) -> bool {
+        self.ignore_user_and_project_exec_policy_rules
+    }
+
    /// Returns the raw user config layer, if any.
    ///
    /// This does not merge other config layers or apply any requirements.
@@ -211,6 +231,8 @@ impl ConfigLayerStack {
                    user_layer_index: self.user_layer_index,
                    requirements: self.requirements.clone(),
                    requirements_toml: self.requirements_toml.clone(),
+                    ignore_user_and_project_exec_policy_rules: self
+                        .ignore_user_and_project_exec_policy_rules,
                }
            }
            None => {
@@ -232,6 +254,8 @@ impl ConfigLayerStack {
                    user_layer_index: Some(user_layer_index),
                    requirements: self.requirements.clone(),
                    requirements_toml: self.requirements_toml.clone(),
+                    ignore_user_and_project_exec_policy_rules: self
+                        .ignore_user_and_project_exec_policy_rules,
                }
            }
        }