Skip to content

chore: make cask upgrades greedy and expand AWS allowlist #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
theomantz wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: make cask upgrades greedy and expand AWS allowlist #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions codex/LESSONS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ Use this format:
- Fix: manage `config.toml` and `rules/default.rules` together, and treat the rules file as the durable source of truth for allow/deny behavior
- Prevention: when migrating or backing up Codex settings, always include the `rules/` directory rather than assuming approvals are embedded in `config.toml`

### 2026-03-24 - Prefix rules cannot safely express semantic allowlists
- Context: dotfiles task to expand Codex approvals for AWS CLI usage
- Symptom: request was to allow all non-destructive `aws` commands, but the rule engine only matched literal command-token prefixes
- Root cause: `prefix_rule(...)` does not understand higher-level semantics like “read-only” or broad verb classes across every AWS service
- Fix: add an explicit read-only allowlist for common AWS CLI commands instead of allowing `aws` broadly
- Prevention: when approval policy depends on command semantics rather than exact prefixes, prefer curated safe command families over broad program-level allow rules

### 2026-03-15 - Quote extras specifiers in zsh pip installs
- Context: prediction_markets_poc backend validation from a disposable venv
- Symptom: `python -m pip install -e /path/to/backend[dev]` failed with `zsh: no matches found`
Expand Down
135 changes: 135 additions & 0 deletions codex/rules/default.rules
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,141 @@ prefix_rule(pattern=["docker", "compose", "ps"], decision="allow", justification
prefix_rule(pattern=["docker", "compose", "logs"], decision="allow", justification="Compose log inspection is safe.")
prefix_rule(pattern=["docker", "compose", "config"], decision="allow", justification="Compose config rendering is safe.")

prefix_rule(pattern=["aws", "--version"], decision="allow", justification="AWS CLI version inspection is safe.")
prefix_rule(pattern=["aws", "help"], decision="allow", justification="AWS CLI help output is safe.")
prefix_rule(pattern=["aws", "configure", "list"], decision="allow", justification="AWS CLI config inspection is safe.")
prefix_rule(pattern=["aws", "configure", "get"], decision="allow", justification="AWS CLI config inspection is safe.")
prefix_rule(pattern=["aws", "configure", "list-profiles"], decision="allow", justification="AWS CLI profile inspection is safe.")
prefix_rule(pattern=["aws", "sts", "get-caller-identity"], decision="allow", justification="AWS identity inspection is safe.")
prefix_rule(pattern=["aws", "sts", "decode-authorization-message"], decision="allow", justification="AWS identity troubleshooting is safe.")
prefix_rule(pattern=["aws", "sso", "login"], decision="allow", justification="Refreshing AWS SSO credentials is a safe local auth action.")
prefix_rule(pattern=["aws", "sso", "list-accounts"], decision="allow", justification="AWS account discovery is safe.")
prefix_rule(pattern=["aws", "sso", "list-account-roles"], decision="allow", justification="AWS role discovery is safe.")
prefix_rule(pattern=["aws", "s3", "ls"], decision="allow", justification="S3 listing is safe.")
prefix_rule(pattern=["aws", "s3api", "list-buckets"], decision="allow", justification="S3 bucket listing is safe.")
prefix_rule(pattern=["aws", "s3api", "get-bucket-location"], decision="allow", justification="S3 bucket metadata inspection is safe.")
prefix_rule(pattern=["aws", "s3api", "get-bucket-versioning"], decision="allow", justification="S3 bucket metadata inspection is safe.")
prefix_rule(pattern=["aws", "s3api", "get-bucket-encryption"], decision="allow", justification="S3 bucket metadata inspection is safe.")
prefix_rule(pattern=["aws", "s3api", "get-public-access-block"], decision="allow", justification="S3 bucket metadata inspection is safe.")
prefix_rule(pattern=["aws", "s3api", "head-bucket"], decision="allow", justification="S3 bucket metadata inspection is safe.")
prefix_rule(pattern=["aws", "s3api", "head-object"], decision="allow", justification="S3 object metadata inspection is safe.")
prefix_rule(pattern=["aws", "s3api", "list-objects"], decision="allow", justification="S3 object listing is safe.")
prefix_rule(pattern=["aws", "s3api", "list-objects-v2"], decision="allow", justification="S3 object listing is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-instances"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-images"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-volumes"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-snapshots"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-subnets"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-vpcs"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-security-groups"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-route-tables"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-network-interfaces"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-addresses"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-internet-gateways"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ec2", "describe-nat-gateways"], decision="allow", justification="EC2 inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "list-clusters"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "describe-clusters"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "list-services"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "describe-services"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "list-tasks"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "describe-tasks"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "ecs", "describe-task-definition"], decision="allow", justification="ECS inspection is safe.")
prefix_rule(pattern=["aws", "eks", "list-clusters"], decision="allow", justification="EKS inspection is safe.")
prefix_rule(pattern=["aws", "eks", "describe-cluster"], decision="allow", justification="EKS inspection is safe.")
prefix_rule(pattern=["aws", "eks", "list-nodegroups"], decision="allow", justification="EKS inspection is safe.")
prefix_rule(pattern=["aws", "eks", "describe-nodegroup"], decision="allow", justification="EKS inspection is safe.")
prefix_rule(pattern=["aws", "lambda", "list-functions"], decision="allow", justification="Lambda inspection is safe.")
prefix_rule(pattern=["aws", "lambda", "get-function"], decision="allow", justification="Lambda inspection is safe.")
prefix_rule(pattern=["aws", "lambda", "get-function-configuration"], decision="allow", justification="Lambda inspection is safe.")
prefix_rule(pattern=["aws", "lambda", "list-event-source-mappings"], decision="allow", justification="Lambda inspection is safe.")
prefix_rule(pattern=["aws", "rds", "describe-db-instances"], decision="allow", justification="RDS inspection is safe.")
prefix_rule(pattern=["aws", "rds", "describe-db-clusters"], decision="allow", justification="RDS inspection is safe.")
prefix_rule(pattern=["aws", "rds", "describe-db-snapshots"], decision="allow", justification="RDS inspection is safe.")
prefix_rule(pattern=["aws", "rds", "describe-db-cluster-snapshots"], decision="allow", justification="RDS inspection is safe.")
prefix_rule(pattern=["aws", "cloudformation", "list-stacks"], decision="allow", justification="CloudFormation inspection is safe.")
prefix_rule(pattern=["aws", "cloudformation", "describe-stacks"], decision="allow", justification="CloudFormation inspection is safe.")
prefix_rule(pattern=["aws", "cloudformation", "list-stack-resources"], decision="allow", justification="CloudFormation inspection is safe.")
prefix_rule(pattern=["aws", "cloudformation", "get-template"], decision="allow", justification="CloudFormation inspection is safe.")
prefix_rule(pattern=["aws", "cloudformation", "validate-template"], decision="allow", justification="CloudFormation validation is safe.")
prefix_rule(pattern=["aws", "logs", "describe-log-groups"], decision="allow", justification="CloudWatch Logs inspection is safe.")
prefix_rule(pattern=["aws", "logs", "describe-log-streams"], decision="allow", justification="CloudWatch Logs inspection is safe.")
prefix_rule(pattern=["aws", "logs", "get-log-events"], decision="allow", justification="CloudWatch Logs inspection is safe.")
prefix_rule(pattern=["aws", "logs", "filter-log-events"], decision="allow", justification="CloudWatch Logs inspection is safe.")
prefix_rule(pattern=["aws", "logs", "tail"], decision="allow", justification="CloudWatch Logs inspection is safe.")
prefix_rule(pattern=["aws", "cloudwatch", "describe-alarms"], decision="allow", justification="CloudWatch inspection is safe.")
prefix_rule(pattern=["aws", "cloudwatch", "list-metrics"], decision="allow", justification="CloudWatch inspection is safe.")
prefix_rule(pattern=["aws", "cloudwatch", "get-metric-data"], decision="allow", justification="CloudWatch inspection is safe.")
prefix_rule(pattern=["aws", "cloudwatch", "get-metric-statistics"], decision="allow", justification="CloudWatch inspection is safe.")
prefix_rule(pattern=["aws", "dynamodb", "list-tables"], decision="allow", justification="DynamoDB inspection is safe.")
prefix_rule(pattern=["aws", "dynamodb", "describe-table"], decision="allow", justification="DynamoDB inspection is safe.")
prefix_rule(pattern=["aws", "dynamodb", "get-item"], decision="allow", justification="DynamoDB read queries are safe.")
prefix_rule(pattern=["aws", "dynamodb", "batch-get-item"], decision="allow", justification="DynamoDB read queries are safe.")
prefix_rule(pattern=["aws", "dynamodb", "query"], decision="allow", justification="DynamoDB read queries are safe.")
prefix_rule(pattern=["aws", "dynamodb", "scan"], decision="allow", justification="DynamoDB read queries are safe.")
prefix_rule(pattern=["aws", "sqs", "list-queues"], decision="allow", justification="SQS inspection is safe.")
prefix_rule(pattern=["aws", "sqs", "get-queue-attributes"], decision="allow", justification="SQS inspection is safe.")
prefix_rule(pattern=["aws", "sns", "list-topics"], decision="allow", justification="SNS inspection is safe.")
prefix_rule(pattern=["aws", "sns", "get-topic-attributes"], decision="allow", justification="SNS inspection is safe.")
prefix_rule(pattern=["aws", "sns", "list-subscriptions"], decision="allow", justification="SNS inspection is safe.")
prefix_rule(pattern=["aws", "sns", "list-subscriptions-by-topic"], decision="allow", justification="SNS inspection is safe.")
prefix_rule(pattern=["aws", "iam", "get-user"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "get-role"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "get-policy"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "get-policy-version"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "list-users"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "list-roles"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "list-policies"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "list-attached-role-policies"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "list-instance-profiles"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "iam", "list-account-aliases"], decision="allow", justification="IAM inspection is safe.")
prefix_rule(pattern=["aws", "kms", "list-keys"], decision="allow", justification="KMS inspection is safe.")
prefix_rule(pattern=["aws", "kms", "describe-key"], decision="allow", justification="KMS inspection is safe.")
prefix_rule(pattern=["aws", "kms", "list-aliases"], decision="allow", justification="KMS inspection is safe.")
prefix_rule(pattern=["aws", "kms", "get-key-policy"], decision="allow", justification="KMS inspection is safe.")
prefix_rule(pattern=["aws", "route53", "list-hosted-zones"], decision="allow", justification="Route53 inspection is safe.")
prefix_rule(pattern=["aws", "route53", "list-resource-record-sets"], decision="allow", justification="Route53 inspection is safe.")
prefix_rule(pattern=["aws", "route53", "get-health-check"], decision="allow", justification="Route53 inspection is safe.")
prefix_rule(pattern=["aws", "elbv2", "describe-load-balancers"], decision="allow", justification="ELB inspection is safe.")
prefix_rule(pattern=["aws", "elbv2", "describe-target-groups"], decision="allow", justification="ELB inspection is safe.")
prefix_rule(pattern=["aws", "elbv2", "describe-target-health"], decision="allow", justification="ELB inspection is safe.")
prefix_rule(pattern=["aws", "autoscaling", "describe-auto-scaling-groups"], decision="allow", justification="Auto Scaling inspection is safe.")
prefix_rule(pattern=["aws", "acm", "list-certificates"], decision="allow", justification="ACM inspection is safe.")
prefix_rule(pattern=["aws", "acm", "describe-certificate"], decision="allow", justification="ACM inspection is safe.")
prefix_rule(pattern=["aws", "apigateway", "get-rest-apis"], decision="allow", justification="API Gateway inspection is safe.")
prefix_rule(pattern=["aws", "apigateway", "get-stages"], decision="allow", justification="API Gateway inspection is safe.")
prefix_rule(pattern=["aws", "apigatewayv2", "get-apis"], decision="allow", justification="API Gateway inspection is safe.")
prefix_rule(pattern=["aws", "apigatewayv2", "get-stages"], decision="allow", justification="API Gateway inspection is safe.")
prefix_rule(pattern=["aws", "organizations", "list-accounts"], decision="allow", justification="Organizations inspection is safe.")
prefix_rule(pattern=["aws", "organizations", "describe-account"], decision="allow", justification="Organizations inspection is safe.")
prefix_rule(pattern=["aws", "organizations", "list-roots"], decision="allow", justification="Organizations inspection is safe.")
prefix_rule(pattern=["aws", "organizations", "list-organizational-units-for-parent"], decision="allow", justification="Organizations inspection is safe.")
prefix_rule(pattern=["aws", "organizations", "list-accounts-for-parent"], decision="allow", justification="Organizations inspection is safe.")
prefix_rule(pattern=["aws", "ecr", "describe-repositories"], decision="allow", justification="ECR inspection is safe.")
prefix_rule(pattern=["aws", "ecr", "list-images"], decision="allow", justification="ECR inspection is safe.")
prefix_rule(pattern=["aws", "ecr", "describe-images"], decision="allow", justification="ECR inspection is safe.")
prefix_rule(pattern=["aws", "elasticache", "describe-cache-clusters"], decision="allow", justification="ElastiCache inspection is safe.")
prefix_rule(pattern=["aws", "elasticache", "describe-replication-groups"], decision="allow", justification="ElastiCache inspection is safe.")
prefix_rule(pattern=["aws", "redshift", "describe-clusters"], decision="allow", justification="Redshift inspection is safe.")
prefix_rule(pattern=["aws", "ce", "get-cost-and-usage"], decision="allow", justification="Cost Explorer inspection is safe.")
prefix_rule(pattern=["aws", "ce", "get-dimension-values"], decision="allow", justification="Cost Explorer inspection is safe.")
prefix_rule(pattern=["aws", "cloudfront", "list-distributions"], decision="allow", justification="CloudFront inspection is safe.")
prefix_rule(pattern=["aws", "cloudfront", "get-distribution"], decision="allow", justification="CloudFront inspection is safe.")
prefix_rule(pattern=["aws", "cloudfront", "get-distribution-config"], decision="allow", justification="CloudFront inspection is safe.")
prefix_rule(pattern=["aws", "backup", "list-backup-vaults"], decision="allow", justification="AWS Backup inspection is safe.")
prefix_rule(pattern=["aws", "backup", "list-backup-plans"], decision="allow", justification="AWS Backup inspection is safe.")
prefix_rule(pattern=["aws", "backup", "list-recovery-points-by-backup-vault"], decision="allow", justification="AWS Backup inspection is safe.")
prefix_rule(pattern=["aws", "ssm", "describe-parameters"], decision="allow", justification="SSM inspection is safe.")
prefix_rule(pattern=["aws", "ssm", "get-parameter"], decision="allow", justification="SSM inspection is safe.")
prefix_rule(pattern=["aws", "ssm", "get-parameters"], decision="allow", justification="SSM inspection is safe.")
prefix_rule(pattern=["aws", "ssm", "get-parameters-by-path"], decision="allow", justification="SSM inspection is safe.")
prefix_rule(pattern=["aws", "ssm", "describe-instance-information"], decision="allow", justification="SSM inspection is safe.")
prefix_rule(pattern=["aws", "ssm", "list-documents"], decision="allow", justification="SSM inspection is safe.")
prefix_rule(pattern=["aws", "secretsmanager", "list-secrets"], decision="allow", justification="Secrets Manager metadata inspection is safe.")
prefix_rule(pattern=["aws", "secretsmanager", "describe-secret"], decision="allow", justification="Secrets Manager metadata inspection is safe.")
prefix_rule(pattern=["aws", "cloudtrail", "lookup-events"], decision="allow", justification="CloudTrail inspection is safe.")
prefix_rule(pattern=["aws", "cloudtrail", "describe-trails"], decision="allow", justification="CloudTrail inspection is safe.")
prefix_rule(pattern=["aws", "cloudtrail", "get-trail-status"], decision="allow", justification="CloudTrail inspection is safe.")

prefix_rule(pattern=["nix", "flake", "check"], decision="allow", justification="Flake validation is a safe default quality check.")
prefix_rule(pattern=["nix", "flake", "show"], decision="allow", justification="Flake inspection is safe.")
prefix_rule(pattern=["nix", "eval"], decision="allow", justification="Nix evaluation is safe.")
Expand Down
14 changes: 9 additions & 5 deletions nix/configuration.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
{ pkgs, lib, ... }:

let
mkGreedyCask = name: {
inherit name;
greedy = true;
};
in

{
environment.shells = with pkgs; [ zsh ];

Expand Down Expand Up @@ -28,7 +35,7 @@
brews = [
"gemini-cli"
];
casks = [
casks = map mkGreedyCask [
"signal"
"opera"
"iterm2"
Expand All @@ -41,10 +48,7 @@
"obsidian"
"goland"
"intellij-idea"
{
name = "docker-desktop";
greedy = true;
}
"docker-desktop"
"postman"
"figma"
"sf-symbols"
Expand Down