clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-03 19:06:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

protocol: report session permission profiles (#18282)

Browse Source 
## Why

Clients that observe `SessionConfigured` need the same canonical
permission view that app-server thread responses provide. Reporting the
profile in protocol events lets clients keep their local state
synchronized without reinterpreting legacy sandbox fields.

## What changed

This adds `permission_profile` to `SessionConfigured` and propagates it
through core, exec JSON output, MCP server messages, and TUI
history/widget handling.

## Verification

- `cargo test -p codex-tui permissions -- --nocapture`
- `cargo test -p codex-core --test all permissions_messages --
--nocapture`















































---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed
with [ReviewStack](https://reviewstack.dev/openai/codex/pull/18282).
* #18288
* #18287
* #18286
* #18285
* #18284
* #18283
* __->__ #18282
This commit is contained in:
Michael Bolin
2026-04-22 21:29:32 -07:00
committed by GitHub
parent 2b2de3f38b
commit 082fc4f632
16 changed files with 85 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
codex-rs/protocol/src/protocol.rs
View File

@@ -3672,9 +3672,17 @@ pub struct SessionConfiguredEvent {
#[serde(default)]
pub approvals_reviewer: ApprovalsReviewer,
/// How to sandbox commands executed in the system
/// Legacy sandbox projection for commands executed in the system.
///
/// Consumers should prefer `permission_profile` when it is present. This
/// field remains available as a compatibility fallback for older emitters
/// and sessions that only expose legacy sandbox state.
pub sandbox_policy: SandboxPolicy,
/// Canonical effective permissions for commands executed in the session.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub permission_profile: Option<PermissionProfile>,
/// Working directory that should be treated as the *root* of the
/// session.
pub cwd: AbsolutePathBuf,
@@ -5249,6 +5257,7 @@ mod tests {
approval_policy: AskForApproval::Never,
approvals_reviewer: ApprovalsReviewer::User,
sandbox_policy: SandboxPolicy::new_read_only_policy(),
permission_profile: None,
cwd: test_path_buf("/home/user/project").abs(),
reasoning_effort: Some(ReasoningEffortConfig::default()),
history_log_id: 0,