Codex Execpolicy
Overview
Define and maintain Codex execpolicy rules so the agent can allow, prompt, or forbid command prefixes, and validate the policy before use.
Workflow
- •
Clarify scope and location.
- •Ask: “Should this be a global rule or project-specific?”
- •If global: default to
~/.codex/rules/default.rulesunless the user provides another path or uses a different Codex home. - •If project-specific: ask for the exact file path; a common pattern is
.codex/rules/default.rulesat repo root. - •If the file already exists, inspect it before editing.
- •
Clarify intent.
- •Ask for the decision:
allow,prompt, orforbidden. - •Ask for the command prefix and any alternatives.
- •Ask for at least one “should match” and “should not match” example if the rule is non-trivial.
- •Ask for the decision:
- •
Implement the rule.
- •Use
prefix_rule(...)with a precisepatternlist. - •Use union lists for alternatives when only one argument varies.
- •Add
match/not_matchas inline tests when the rule is tricky.
- •Use
- •
Validate before finishing.
- •Run
codex execpolicy check --pretty --rules <path> -- <command>using realistic examples. - •If validation fails, adjust
patternor tests and re-check.
- •Run
- •
Summarize outcomes.
- •State what command prefixes are allowed/prompted/blocked and where the rule lives.
Examples
Block all git commands:
starlark
prefix_rule( pattern = ["git"], decision = "forbidden", )
Prompt for either gh pr view or gh pr list:
starlark
prefix_rule( pattern = ["gh", "pr", ["view", "list"]], decision = "prompt", )
Resources
- •See
references/execpolicy.mdfor syntax notes, decision precedence, and validation commands.