Refactor execpolicy fallback evaluation (#7544)

## Refactor of the `execpolicy` crate To illustrate why we need this refactor, consider an agent attempting to run `apple | rm -rf ./`. Suppose `apple` is allowed by `execpolicy`. Before this PR, `execpolicy` would consider `apple` and `pear` and only render one rule match: `Allow`. We would skip any heuristics checks on `rm -rf ./` and immediately approve `apple | rm -rf ./` to run. To fix this, we now thread a `fallback` evaluation function into `execpolicy` that runs when no `execpolicy` rules match a given command. In our example, we would run `fallback` on `rm -rf ./` and prevent `apple | rm -rf ./` from being run without approval.
2026-03-05 21:45:28 +03:00 · 2025-12-04 02:39:48 -05:00
parent e925a380dc
commit 3d35cb4619
27 changed files with 538 additions and 257 deletions
--- a/docs/execpolicy.md
+++ b/docs/execpolicy.md
@@ -33,6 +33,30 @@ codex execpolicy check --policy ~/.codex/policy/default.codexpolicy git push ori

 Pass multiple `--policy` flags to test how several files combine, and use `--pretty` for formatted JSON output. See the [`codex-rs/execpolicy` README](../codex-rs/execpolicy/README.md) for a more detailed walkthrough of the available syntax.

+Example output when a rule matches:
+
+```json
+{
+  "matchedRules": [
+    {
+      "prefixRuleMatch": {
+        "matchedPrefix": ["git", "push"],
+        "decision": "prompt"
+      }
+    }
+  ],
+  "decision": "prompt"
+}
+```
+
+When no rules match, `matchedRules` is an empty array and `decision` is omitted.
+
+```json
+{
+  "matchedRules": []
+}
+```
+
 ## Status

 `execpolicy` commands are still in preview. The API may have breaking changes in the future.