From 30b8834c60aeff66cbb829abb9eae1d527e607cf Mon Sep 17 00:00:00 2001 From: Jeremy Rose Date: Mon, 10 Nov 2025 15:44:55 -0800 Subject: [PATCH 1/5] core: add a feature to disable the shell tool --- codex-rs/core/src/features.rs | 8 ++++++++ codex-rs/core/src/tools/spec.rs | 9 ++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/codex-rs/core/src/features.rs b/codex-rs/core/src/features.rs index e34128f362a1..f3e52bed341f 100644 --- a/codex-rs/core/src/features.rs +++ b/codex-rs/core/src/features.rs @@ -43,6 +43,8 @@ pub enum Feature { GhostCommit, /// Enable Windows sandbox (restricted token) on Windows. WindowsSandbox, + /// Enable the default shell tool. + ShellTool, } impl Feature { @@ -292,4 +294,10 @@ pub const FEATURES: &[FeatureSpec] = &[ stage: Stage::Experimental, default_enabled: false, }, + FeatureSpec { + id: Feature::ShellTool, + key: "shell_tool", + stage: Stage::Stable, + default_enabled: true, + }, ]; diff --git a/codex-rs/core/src/tools/spec.rs b/codex-rs/core/src/tools/spec.rs index cb1aeafdb2e3..0c853a27ba91 100644 --- a/codex-rs/core/src/tools/spec.rs +++ b/codex-rs/core/src/tools/spec.rs @@ -20,6 +20,7 @@ pub enum ConfigShellToolType { Default, Local, UnifiedExec, + Disabled, } #[derive(Debug, Clone)] @@ -46,7 +47,9 @@ impl ToolsConfig { let include_web_search_request = features.enabled(Feature::WebSearchRequest); let include_view_image_tool = features.enabled(Feature::ViewImageTool); - let shell_type = if features.enabled(Feature::UnifiedExec) { + let shell_type = if !features.enabled(Feature::ShellTool) { + ConfigShellToolType::Disabled + } else if features.enabled(Feature::UnifiedExec) { ConfigShellToolType::UnifiedExec } else { model_family.shell_type.clone() @@ -902,6 +905,9 @@ pub(crate) fn build_specs( builder.register_handler("exec_command", unified_exec_handler.clone()); builder.register_handler("write_stdin", unified_exec_handler); } + ConfigShellToolType::Disabled => { + // Do nothing. + } } // Always register shell aliases so older prompts remain compatible. @@ -1043,6 +1049,7 @@ mod tests { ConfigShellToolType::Default => Some("shell"), ConfigShellToolType::Local => Some("local_shell"), ConfigShellToolType::UnifiedExec => None, + ConfigShellToolType::Disabled => None, } } From 90cb52574e318b7d099881c4a129d939f4beaf96 Mon Sep 17 00:00:00 2001 From: Jeremy Rose Date: Mon, 10 Nov 2025 15:56:17 -0800 Subject: [PATCH 2/5] do not register old shell aliases when --disable shell_tool --- codex-rs/core/src/tools/spec.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/codex-rs/core/src/tools/spec.rs b/codex-rs/core/src/tools/spec.rs index 0c853a27ba91..281e02608d47 100644 --- a/codex-rs/core/src/tools/spec.rs +++ b/codex-rs/core/src/tools/spec.rs @@ -910,10 +910,12 @@ pub(crate) fn build_specs( } } - // Always register shell aliases so older prompts remain compatible. - builder.register_handler("shell", shell_handler.clone()); - builder.register_handler("container.exec", shell_handler.clone()); - builder.register_handler("local_shell", shell_handler); + if config.shell_type != ConfigShellToolType::Disabled { + // Always register shell aliases so older prompts remain compatible. + builder.register_handler("shell", shell_handler.clone()); + builder.register_handler("container.exec", shell_handler.clone()); + builder.register_handler("local_shell", shell_handler); + } builder.push_spec_with_parallel_support(create_list_mcp_resources_tool(), true); builder.push_spec_with_parallel_support(create_list_mcp_resource_templates_tool(), true); From f1355bdef9fc29e15470ab6bd70279ad27fc0d5c Mon Sep 17 00:00:00 2001 From: Jeremy Rose <172423086+nornagon-openai@users.noreply.github.com> Date: Thu, 13 Nov 2025 16:18:52 -0800 Subject: [PATCH 3/5] Update codex-rs/core/src/tools/spec.rs Co-authored-by: Michael Bolin --- codex-rs/core/src/tools/spec.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/codex-rs/core/src/tools/spec.rs b/codex-rs/core/src/tools/spec.rs index 281e02608d47..5f28fdb3b9a2 100644 --- a/codex-rs/core/src/tools/spec.rs +++ b/codex-rs/core/src/tools/spec.rs @@ -20,6 +20,10 @@ pub enum ConfigShellToolType { Default, Local, UnifiedExec, + /// Do not include a shell tool by default. Useful when using Codex + /// with tools provided exclusively provided by MCP servers. Often used + /// with `--config base_instructions=CUSTOM_INSTRUCTIONS` + /// to customize agent behavior. Disabled, } From 65c81822e325a0d43a2d34dac1f5cd03d4137afc Mon Sep 17 00:00:00 2001 From: Jeremy Rose Date: Mon, 17 Nov 2025 14:28:16 -0800 Subject: [PATCH 4/5] fix --- codex-rs/core/src/tools/spec.rs | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/codex-rs/core/src/tools/spec.rs b/codex-rs/core/src/tools/spec.rs index cde4fe22bd86..db535b91872d 100644 --- a/codex-rs/core/src/tools/spec.rs +++ b/codex-rs/core/src/tools/spec.rs @@ -992,15 +992,10 @@ pub(crate) fn build_specs( // Always register shell aliases so older prompts remain compatible. builder.register_handler("shell", shell_handler.clone()); builder.register_handler("container.exec", shell_handler.clone()); - builder.register_handler("local_shell", shell_handler); + builder.register_handler("local_shell", shell_handler.clone()); + builder.register_handler("shell_command", shell_command_handler.clone()); } - // Always register shell aliases so older prompts remain compatible. - builder.register_handler("shell", shell_handler.clone()); - builder.register_handler("container.exec", shell_handler.clone()); - builder.register_handler("local_shell", shell_handler); - builder.register_handler("shell_command", shell_command_handler); - builder.push_spec_with_parallel_support(create_list_mcp_resources_tool(), true); builder.push_spec_with_parallel_support(create_list_mcp_resource_templates_tool(), true); builder.push_spec_with_parallel_support(create_read_mcp_resource_tool(), true); From fdbba39636cb191c27d458e561a07421a0edd473 Mon Sep 17 00:00:00 2001 From: Jeremy Rose Date: Mon, 17 Nov 2025 14:43:40 -0800 Subject: [PATCH 5/5] =?UTF-8?q?=F0=9F=93=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codex-rs/core/src/tools/spec.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codex-rs/core/src/tools/spec.rs b/codex-rs/core/src/tools/spec.rs index db535b91872d..20294289a0a0 100644 --- a/codex-rs/core/src/tools/spec.rs +++ b/codex-rs/core/src/tools/spec.rs @@ -992,8 +992,8 @@ pub(crate) fn build_specs( // Always register shell aliases so older prompts remain compatible. builder.register_handler("shell", shell_handler.clone()); builder.register_handler("container.exec", shell_handler.clone()); - builder.register_handler("local_shell", shell_handler.clone()); - builder.register_handler("shell_command", shell_command_handler.clone()); + builder.register_handler("local_shell", shell_handler); + builder.register_handler("shell_command", shell_command_handler); } builder.push_spec_with_parallel_support(create_list_mcp_resources_tool(), true);