🤖 feat: add admin policy file enforcement#1933
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 774cd1446a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
ibetitsmike
force-pushed
the
mike/policy-file
branch
from
2a04492 to
7f21b43
Compare
|
@codex review Addressed the outstanding review threads:
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c3efccb87d
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
ibetitsmike
force-pushed
the
mike/policy-file
branch
from
c3efccb to
23d261f
Compare
ibetitsmike
force-pushed
the
mike/policy-file
branch
from
cd638d6 to
fdbc741
Compare
Summary - Adds an opt-in, admin-controlled policy file (via `MUX_POLICY_FILE`) that is loaded at startup and refreshed every 15 minutes. - Enforces policy server-side for: - allowed providers + forced base URLs + allowed models (strict JSON allowlists) - MCP user-defined servers (stdio vs remote) - runtime allowlist (including `ssh` vs `ssh+coder` distinction) - minimum client version gating (blocks usage when below `minimum_client_version`) - Adds renderer PolicyContext + UI gating (hide/disable disallowed options; block actions rather than auto-switch). - Adds documentation page for policy file configuration. Background - Mux deployments often need centrally managed constraints so users cannot enable unsupported providers/models/MCP servers/runtimes. Implementation - `PolicyService` parses a strict JSON policy file (`JSON.parse`), validates it with zod, and publishes an effective (normalized) policy via ORPC. - Backend services (ProviderService / AIService / WorkspaceService / MCP server manager + MCP endpoints) enforce restrictions. - Frontend subscribes to policy changes and filters available UI choices; actions are blocked when current selections become disallowed. Validation - `make static-check` - Added unit tests for policy parsing/version gating and UI helpers. Risks - Policy files are a high-leverage admin control surface; strict schema validation + last-known-good refresh behavior reduce accidental unlocks. --- _Generated with `mux` • Model: `openai:gpt-5.2` • Thinking: `high` • Cost: `$20.21`_ <!-- mux-attribution: model=openai:gpt-5.2 thinking=high costs=20.21 -->
1 participant
Summary
MUX_POLICY_FILE) that is loaded at startup and refreshed every 15 minutes.sshvsssh+coderdistinction)minimum_client_version)Background
Implementation
PolicyServiceparses a strict JSON policy file (JSON.parse), validates it with zod, and publishes an effective (normalized) policy via ORPC.Validation
make static-checkRisks
Generated with
mux• Model:openai:gpt-5.2• Thinking:high• Cost:$20.21