fix(network-proxy): add unix socket allow-all and update seatbelt rules

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json

@@ -12615,6 +12615,12 @@
               "null"
             ]
           },
+          "dangerouslyAllowAllUnixSockets": {
+            "type": [
+              "boolean",
+              "null"
+            ]
+          },
           "dangerouslyAllowNonLoopbackAdmin": {
             "type": [
               "boolean",

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

@@ -84,6 +84,12 @@
             "null"
           ]
         },
+        "dangerouslyAllowAllUnixSockets": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
         "dangerouslyAllowNonLoopbackAdmin": {
           "type": [
             "boolean",

codex-rs/app-server-protocol/schema/typescript/v2/NetworkRequirements.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type NetworkRequirements = { enabled: boolean | null, httpPort: number | null, socksPort: number | null, allowUpstreamProxy: boolean | null, dangerouslyAllowNonLoopbackProxy: boolean | null, dangerouslyAllowNonLoopbackAdmin: boolean | null, allowedDomains: Array<string> | null, deniedDomains: Array<string> | null, allowUnixSockets: Array<string> | null, allowLocalBinding: boolean | null, };
+export type NetworkRequirements = { enabled: boolean | null, httpPort: number | null, socksPort: number | null, allowUpstreamProxy: boolean | null, dangerouslyAllowNonLoopbackProxy: boolean | null, dangerouslyAllowNonLoopbackAdmin: boolean | null, dangerouslyAllowAllUnixSockets: boolean | null, allowedDomains: Array<string> | null, deniedDomains: Array<string> | null, allowUnixSockets: Array<string> | null, allowLocalBinding: boolean | null, };

codex-rs/app-server-protocol/src/protocol/v2.rs

@@ -549,6 +549,7 @@ pub struct NetworkRequirements {
     pub allow_upstream_proxy: Option<bool>,
     pub dangerously_allow_non_loopback_proxy: Option<bool>,
     pub dangerously_allow_non_loopback_admin: Option<bool>,
+    pub dangerously_allow_all_unix_sockets: Option<bool>,
     pub allowed_domains: Option<Vec<String>>,
     pub denied_domains: Option<Vec<String>>,
     pub allow_unix_sockets: Option<Vec<String>>,

codex-rs/app-server/src/config_api.rs

@@ -161,6 +161,7 @@ fn map_network_requirements_to_api(
         allow_upstream_proxy: network.allow_upstream_proxy,
         dangerously_allow_non_loopback_proxy: network.dangerously_allow_non_loopback_proxy,
         dangerously_allow_non_loopback_admin: network.dangerously_allow_non_loopback_admin,
+        dangerously_allow_all_unix_sockets: network.dangerously_allow_all_unix_sockets,
         allowed_domains: network.allowed_domains,
         denied_domains: network.denied_domains,
         allow_unix_sockets: network.allow_unix_sockets,
@@ -221,6 +222,7 @@ mod tests {
                 allow_upstream_proxy: Some(false),
                 dangerously_allow_non_loopback_proxy: Some(false),
                 dangerously_allow_non_loopback_admin: Some(false),
+                dangerously_allow_all_unix_sockets: Some(true),
                 allowed_domains: Some(vec!["api.openai.com".to_string()]),
                 denied_domains: Some(vec!["example.com".to_string()]),
                 allow_unix_sockets: Some(vec!["/tmp/proxy.sock".to_string()]),
@@ -258,6 +260,7 @@ mod tests {
                 allow_upstream_proxy: Some(false),
                 dangerously_allow_non_loopback_proxy: Some(false),
                 dangerously_allow_non_loopback_admin: Some(false),
+                dangerously_allow_all_unix_sockets: Some(true),
                 allowed_domains: Some(vec!["api.openai.com".to_string()]),
                 denied_domains: Some(vec!["example.com".to_string()]),
                 allow_unix_sockets: Some(vec!["/tmp/proxy.sock".to_string()]),

codex-rs/config/src/config_requirements.rs

@@ -135,6 +135,7 @@ pub struct NetworkRequirementsToml {
     pub allow_upstream_proxy: Option<bool>,
     pub dangerously_allow_non_loopback_proxy: Option<bool>,
     pub dangerously_allow_non_loopback_admin: Option<bool>,
+    pub dangerously_allow_all_unix_sockets: Option<bool>,
     pub allowed_domains: Option<Vec<String>>,
     pub denied_domains: Option<Vec<String>>,
     pub allow_unix_sockets: Option<Vec<String>>,
@@ -150,6 +151,7 @@ pub struct NetworkConstraints {
     pub allow_upstream_proxy: Option<bool>,
     pub dangerously_allow_non_loopback_proxy: Option<bool>,
     pub dangerously_allow_non_loopback_admin: Option<bool>,
+    pub dangerously_allow_all_unix_sockets: Option<bool>,
     pub allowed_domains: Option<Vec<String>>,
     pub denied_domains: Option<Vec<String>>,
     pub allow_unix_sockets: Option<Vec<String>>,
@@ -165,6 +167,7 @@ impl From<NetworkRequirementsToml> for NetworkConstraints {
             allow_upstream_proxy,
             dangerously_allow_non_loopback_proxy,
             dangerously_allow_non_loopback_admin,
+            dangerously_allow_all_unix_sockets,
             allowed_domains,
             denied_domains,
             allow_unix_sockets,
@@ -177,6 +180,7 @@ impl From<NetworkRequirementsToml> for NetworkConstraints {
             allow_upstream_proxy,
             dangerously_allow_non_loopback_proxy,
             dangerously_allow_non_loopback_admin,
+            dangerously_allow_all_unix_sockets,
             allowed_domains,
             denied_domains,
             allow_unix_sockets,
@@ -1039,6 +1043,7 @@ mod tests {
             [experimental_network]
             enabled = true
             allow_upstream_proxy = false
+            dangerously_allow_all_unix_sockets = true
             allowed_domains = ["api.example.com", "*.openai.com"]
             denied_domains = ["blocked.example.com"]
             allow_unix_sockets = ["/tmp/example.sock"]
@@ -1057,6 +1062,10 @@ mod tests {
         assert_eq!(sourced_network.source, source);
         assert_eq!(sourced_network.value.enabled, Some(true));
         assert_eq!(sourced_network.value.allow_upstream_proxy, Some(false));
+        assert_eq!(
+            sourced_network.value.dangerously_allow_all_unix_sockets,
+            Some(true)
+        );
         assert_eq!(
             sourced_network.value.allowed_domains.as_ref(),
             Some(&vec![

codex-rs/core/src/config/network_proxy_spec.rs

@@ -149,6 +149,13 @@ impl NetworkProxySpec {
             constraints.dangerously_allow_non_loopback_admin =
                 Some(dangerously_allow_non_loopback_admin);
         }
+        if let Some(dangerously_allow_all_unix_sockets) =
+            requirements.dangerously_allow_all_unix_sockets
+        {
+            config.network.dangerously_allow_all_unix_sockets = dangerously_allow_all_unix_sockets;
+            constraints.dangerously_allow_all_unix_sockets =
+                Some(dangerously_allow_all_unix_sockets);
+        }
         if let Some(allowed_domains) = requirements.allowed_domains.clone() {
             config.network.allowed_domains = allowed_domains.clone();
             constraints.allowed_domains = Some(allowed_domains);

codex-rs/core/src/network_proxy_loader.rs

@@ -127,6 +127,12 @@ fn network_constraints_from_trusted_layers(
             constraints.dangerously_allow_non_loopback_admin =
                 Some(dangerously_allow_non_loopback_admin);
         }
+        if let Some(dangerously_allow_all_unix_sockets) =
+            partial.network.dangerously_allow_all_unix_sockets
+        {
+            constraints.dangerously_allow_all_unix_sockets =
+                Some(dangerously_allow_all_unix_sockets);
+        }
 
         if let Some(allowed_domains) = partial.network.allowed_domains {
             constraints.allowed_domains = Some(allowed_domains);