feat(permissions): export Codex CLI bash rules as .rules files#1499
Merged
dyoshikawa merged 2 commits intomainfrom Apr 17, 2026
Merged
feat(permissions): export Codex CLI bash rules as .rules files#1499dyoshikawa merged 2 commits intomainfrom
dyoshikawa merged 2 commits intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Codex CLI support for exporting permission.bash rules into Codex’s .codex/rules/*.rules format, complementing the existing .codex/config.toml permissions profile export.
Changes:
- Generate
.codex/rules/rulesync.rulesfrom.rulesync/permissions.jsonpermission.bashentries viaprefix_rule(...)blocks. - Update
PermissionsProcessorto emit both Codex CLI outputs (config.toml+rulesync.rules) for thecodexclitarget. - Add/extend unit tests and update file format documentation to describe the new mapping.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/features/permissions/permissions-processor.ts | Returns an additional Codex CLI .rules ToolFile during permissions generation. |
| src/features/permissions/permissions-processor.test.ts | Adds test asserting both Codex outputs are generated. |
| src/features/permissions/codexcli-permissions.ts | Introduces CodexcliRulesFile + .rules content builder for bash permissions. |
| src/features/permissions/codexcli-permissions.test.ts | Adds unit test for .rules content generation. |
| skills/rulesync/file-formats.md | Documents Codex CLI bash → .codex/rules/rulesync.rules mapping. |
| docs/reference/file-formats.md | Same documentation update for the main docs site. |
Comment on lines
+196
to
+204
| if (this.toolTarget !== "codexcli") { | ||
| return [toolPermissions]; | ||
| } | ||
|
|
||
| return [toolPermissions]; | ||
| const bashRulesFile = createCodexcliBashRulesFile({ | ||
| baseDir: this.baseDir, | ||
| config: rulesyncPermissions.getJson(), | ||
| }); | ||
| return [toolPermissions, bashRulesFile]; |
| }); | ||
|
|
||
| const content = rulesFile.getFileContent(); | ||
| expect(rulesFile.getRelativeDirPath()).toBe(".codex/rules"); |
|
|
||
| const ruleFile = toolFiles.find((file) => file.getRelativeFilePath() === "rulesync.rules"); | ||
| expect(ruleFile).toBeDefined(); | ||
| expect(ruleFile?.getRelativeDirPath()).toBe(".codex/rules"); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
permission.bashentries to Codex CLIprefix_rule(...)rules because Codex accepts command approval rules via.codex/rules/*.rulesand Rulesync previously only wrote.codex/config.tomlprofiles.Description
.codex/rules/rulesync.rulesfile from.rulesync/permissions.jsonpermission.bashentries withprefix_rule(...)blocks and map actions:allow→allow,ask→prompt,deny→forbidden.CodexcliRulesFileandcreateCodexcliBashRulesFile()insrc/features/permissions/codexcli-permissions.tsto build serialized.rulescontent fromPermissionsConfig.PermissionsProcessor(src/features/permissions/permissions-processor.ts) to return both the existing.codex/config.toml(CodexcliPermissions) and the new.codex/rules/rulesync.rulesfor thecodexclitarget..rulesgeneration and processor output and updated documentation (docs/reference/file-formats.mdandskills/rulesync/file-formats.md) to describe the newbash→.codex/rulesmapping and behavior.Testing
pnpm vitest run src/features/permissions/codexcli-permissions.test.ts src/features/permissions/permissions-processor.test.ts, and both test files passed.pnpm cicheck, and the full test suite and content checks completed successfully (all tests passed and content checks passed).Closes #1492
Codex Task