codex: keep BTW prompts out of shell execution

charley-oai · codex · charley-oai · commit ffac786be97a · 2026-03-15T22:39:05.000-07:00
Co-authored-by: Codex &lt;noreply@openai.com&gt;
diff --git a/codex-rs/tui/src/chatwidget.rs b/codex-rs/tui/src/chatwidget.rs
@@ -4877,8 +4877,11 @@ impl ChatWidget {
     }
 
     fn submit_user_message(&mut self, user_message: UserMessage) {
-        let _ =
-            self.submit_user_message_for_current_thread_with_collaboration_mode(user_message, None);
+        let _ = self.submit_user_message_for_current_thread_with_collaboration_mode(
+            user_message,
+            None,
+            true,
+        );
     }
 
     pub(crate) fn submit_user_message_with_developer_instructions(
@@ -4894,13 +4897,15 @@ impl ChatWidget {
         self.submit_user_message_for_current_thread_with_collaboration_mode(
             user_message,
             collaboration_mode,
+            false,
         )
     }
 
     fn submit_user_message_for_current_thread_with_collaboration_mode(
         &mut self,
         user_message: UserMessage,
         collaboration_mode_override: Option<CollaborationMode>,
+        allow_shell_command_execution: bool,
     ) -> Option<Op> {
         if !self.is_session_configured() {
             tracing::warn!("cannot submit user message before session is configured; queueing");
@@ -4941,7 +4946,7 @@ impl ChatWidget {
         let mut items: Vec<UserInput> = Vec::new();
 
         // Special-case: "!cmd" executes a local shell command instead of sending to the model.
-        if let Some(stripped) = text.strip_prefix('!') {
+        if allow_shell_command_execution && let Some(stripped) = text.strip_prefix('!') {
             let cmd = stripped.trim();
             if cmd.is_empty() {
                 self.app_event_tx.send(AppEvent::InsertHistoryCell(Box::new(
diff --git a/codex-rs/tui/src/chatwidget/tests.rs b/codex-rs/tui/src/chatwidget/tests.rs
@@ -2517,6 +2517,28 @@ async fn submit_user_message_with_developer_instructions_overrides_turn_mode() {
     }
 }
 
+#[tokio::test]
+async fn submit_user_message_with_developer_instructions_does_not_run_shell_commands() {
+    let (mut chat, _rx, mut op_rx) = make_chatwidget_manual(Some("gpt-5")).await;
+    chat.thread_id = Some(ThreadId::new());
+
+    chat.submit_user_message_with_developer_instructions(
+        "!echo hello".into(),
+        "<btw_context>Answer a side question.</btw_context>".to_string(),
+    );
+
+    match next_submit_op(&mut op_rx) {
+        Op::UserTurn { items, .. } => assert_eq!(
+            items,
+            vec![UserInput::Text {
+                text: "!echo hello".to_string(),
+                text_elements: Vec::new(),
+            }]
+        ),
+        other => panic!("expected Op::UserTurn for BTW shell-like input, got {other:?}"),
+    }
+}
+
 #[tokio::test]
 async fn reasoning_selection_in_plan_mode_opens_scope_prompt_event() {
     let (mut chat, mut rx, _op_rx) = make_chatwidget_manual(Some("gpt-5.1-codex-max")).await;
