chore: refactor network permissions to use explicit domain and unix socket rule maps#15120
chore: refactor network permissions to use explicit domain and unix socket rule maps#15120
Conversation
celia-oai
force-pushed
the
dev/cc/refactor
branch
12 times, most recently
from
6b9473c to
69d6d08
Compare
celia-oai
changed the title
celia-oai
force-pushed
the
dev/cc/refactor
branch
4 times, most recently
from
df83550 to
21117a7
Compare
|
@codex review |
![chatgpt-codex-connector[bot]](https://cdn.statically.io/img/avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 21117a718a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
celia-oai
force-pushed
the
dev/cc/refactor
branch
2 times, most recently
from
4353e7b to
626b34b
Compare
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 626b34b281
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
celia-oai
force-pushed
the
dev/cc/refactor
branch
2 times, most recently
from
79185b4 to
4c42cf4
Compare
|
@codex review |
celia-oai
force-pushed
the
dev/cc/refactor
branch
3 times, most recently
from
96ecaca to
d20e87c
Compare
celia-oai
force-pushed
the
dev/cc/refactor
branch
from
d20e87c to
85d5381
Compare
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 85d53815b1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review |
1 similar comment
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 71c88f94f2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
celia-oai
force-pushed
the
dev/cc/refactor
branch
from
13cb1b6 to
c9abc12
Compare
| fn legacy_domain_permissions_from_lists( | ||
| allowed_domains: Option<Vec<String>>, | ||
| denied_domains: Option<Vec<String>>, | ||
| ) -> Option<NetworkDomainPermissionsToml> { | ||
| let mut entries = BTreeMap::new(); | ||
|
|
||
| for pattern in allowed_domains.unwrap_or_default() { | ||
| entries.insert(pattern, NetworkDomainPermissionToml::Allow); | ||
| } | ||
|
|
||
| for pattern in denied_domains.unwrap_or_default() { | ||
| entries.insert(pattern, NetworkDomainPermissionToml::Deny); | ||
| } | ||
|
|
||
| (!entries.is_empty()).then_some(NetworkDomainPermissionsToml { entries }) | ||
| } | ||
|
|
||
| fn legacy_unix_socket_permissions_from_list( | ||
| allow_unix_sockets: Option<Vec<String>>, | ||
| ) -> Option<NetworkUnixSocketPermissionsToml> { | ||
| let entries = allow_unix_sockets | ||
| .unwrap_or_default() | ||
| .into_iter() | ||
| .map(|path| (path, NetworkUnixSocketPermissionToml::Allow)) | ||
| .collect::<BTreeMap<_, _>>(); | ||
|
|
||
| (!entries.is_empty()).then_some(NetworkUnixSocketPermissionsToml { entries }) |
There was a problem hiding this comment.
[P2] Preserve explicit empty legacy network lists
These helpers collapse explicit legacy allowed_domains = [] / allow_unix_sockets = [] to None, which is not equivalent to the old structs. In danger-full-access, allowed_domains = [] used to clear and pin the allowlist to empty, but now it is treated as absent and leaves user allowlist entries intact. Likewise, allow_unix_sockets = [] used to keep dangerously_allow_all_unix_sockets constrained off via constraints.allow_unix_sockets = Some([]), but that constraint now disappears.
There was a problem hiding this comment.
there is unfortunately some lossiness expected after migrating to the new schema. I added a docstring here to explain this: https://github.com/openai/codex/pull/15120/changes#diff-6dea1db0d0ce5a6f3b19ccbc66cb916ad15d3bbc8ce347cff9a934445f9ce56eR311-R313
There was a problem hiding this comment.
I feel the better thing to do here is to get rid of dangerously_allow_all_unix_sockets down the road, and restrict danger-full-access behavior?
There was a problem hiding this comment.
let me take a stab at seeing if we can preserve the behavior
There was a problem hiding this comment.
you can land this though and we can do a fast follow
celia-oai
force-pushed
the
dev/cc/refactor
branch
from
5a337b6 to
d0f1d86
Compare
2 participants
Summary
This PR replaces the legacy network allow/deny list model with explicit rule maps for domains and unix sockets across managed requirements, permissions profiles, the network proxy config, and the app server protocol.
Concretely, it:
allow/deny) and unix socket permission (allow/none) entries instead of separateallowed_domains,denied_domains, andallow_unix_socketslistsWhy
The previous representation split related network policy across multiple parallel lists, which made merging and overriding rules harder to reason about. Moving to explicit keyed permission maps gives us a single source of truth per host/socket entry, makes allow/deny precedence clearer, and gives protocol consumers access to the full rule state instead of derived projections only.
Backward Compatibility
Backward compatible
experimental_network.allowed_domains,experimental_network.denied_domains, andexperimental_network.allow_unix_socketsfields. They are normalized into the new canonicaldomainsandunix_socketsmaps internally.allowedDomains,deniedDomains, andallowUnixSocketspayloads, so older clients can continue reading managed network requirements.allowedDomains,deniedDomains, andallowUnixSocketsas legacy compatibility views derived from the canonical maps.managed_allowed_domains_onlykeeps the same behavior after normalization. Legacy managed allowlists still participate in the same enforcement path as canonicaldomainsentries.Not backward compatible
[permissions.<profile>.network]no longer accept the legacy list-based keys. Those configs must use the canonical[domains]and[unix_sockets]tables instead ofallowed_domains,denied_domains, orallow_unix_sockets.experimental_networkconfig cannot mix canonical and legacy forms in the same block. For example,domainscannot be combined withallowed_domainsordenied_domains, andunix_socketscannot be combined withallow_unix_sockets."none"entries for unix sockets, but those entries do not round-trip through the legacy compatibility fields because the legacy fields only represent allow/deny lists.Testing
/target/debug/codex sandbox macos --log-denials /bin/zsh -c 'curl https://www.example.com'gives 200 with configand fails when set to deny:
curl: (56) CONNECT tunnel failed, response 403.Also tested backward compatibility path by verifying that adding the following to
/etc/codex/requirements.tomlworks: