mirror of
https://github.com/openai/codex.git
synced 2026-05-01 03:42:05 +03:00
5662eb8b75
`requirements.toml` should be able to specify rules which always run. My intention here was that these rules could only ever be restrictive, which means the decision can be "prompt" or "forbidden" but never "allow". A requirement of "you must always allow this command" didn't make sense to me, but happy to be gaveled otherwise. Rules already applies the most restrictive decision, so we can safely merge these with rules found in other config folders.
codex-core config loader
This module is the canonical place to load and describe Codex configuration layers (user config, CLI/session overrides, managed config, and MDM-managed preferences) and to produce:
- An effective merged TOML config.
- Per-key origins metadata (which layer “wins” for a given key).
- Per-layer versions (stable fingerprints) used for optimistic concurrency / conflict detection.
Public surface
Exported from codex_core::config_loader:
load_config_layers_state(codex_home, cwd_opt, cli_overrides, overrides, cloud_requirements) -> ConfigLayerStackConfigLayerStackeffective_config() -> toml::Valueorigins() -> HashMap<String, ConfigLayerMetadata>layers_high_to_low() -> Vec<ConfigLayer>with_user_config(user_config) -> ConfigLayerStack
ConfigLayerEntry(one layer’s{name, config, version, disabled_reason};namecarries source metadata)LoaderOverrides(test/override hooks for managed config sources)merge_toml_values(base, overlay)(public helper used elsewhere)
Layering model
Precedence is top overrides bottom:
- MDM managed preferences (macOS only)
- System managed config (e.g.
managed_config.toml) - Session flags (CLI overrides, applied as dotted-path TOML writes)
- User config (
config.toml)
Layers with a disabled_reason are still surfaced for UI, but are ignored when
computing the effective config and origins metadata. This is what
ConfigLayerStack::effective_config() implements.
Typical usage
Most callers want the effective config plus metadata:
use codex_core::config_loader::{load_config_layers_state, LoaderOverrides};
use codex_utils_absolute_path::AbsolutePathBuf;
use toml::Value as TomlValue;
let cli_overrides: Vec<(String, TomlValue)> = Vec::new();
let cwd = AbsolutePathBuf::current_dir()?;
let layers = load_config_layers_state(
&codex_home,
Some(cwd),
&cli_overrides,
LoaderOverrides::default(),
None,
).await?;
let effective = layers.effective_config();
let origins = layers.origins();
let layers_for_ui = layers.layers_high_to_low();
Internal layout
Implementation is split by concern:
state.rs: public types (ConfigLayerEntry,ConfigLayerStack) + merge/origins convenience methods.layer_io.rs: readingconfig.toml, managed config, and managed preferences inputs.overrides.rs: CLI dotted-path overrides → TOML “session flags” layer.merge.rs: recursive TOML merge.fingerprint.rs: stable per-layer hashing and per-key origins traversal.macos.rs: managed preferences integration (macOS only).