Add approval allow-prefix flow in core and tui

Add explicit prefix-approval decision and wire it through execpolicy/UI snapshots update doc mutating in memory policy instead of reloading using RW locks clippy refactor: adding allow_prefix into ApprovedAllowPrefix fmt do not send allow_prefix if execpolicy is disabled moving args around cleanup exec_policy getters undo diff fixing rw lock bug causing tui to hang updating phrasing integration test . fix compile fix flaky test fix compile error running test with single thread fixup allow_prefix_if_applicable fix formatting fix approvals test only cloning when needed docs add docstring fix rebase bug fixing rebase issues Revert "fixing rebase issues" This reverts commit 79ce7e1f2fc0378c2c0b362408e2e544566540fd. fix rebase errors
2026-04-24 22:54:54 +00:00 · 2025-11-20 16:46:52 -05:00
parent e925a380dc
commit 195bf29185
2 changed files with 4 additions and 3 deletions
--- a/codex-rs/core/src/codex.rs
+++ b/codex-rs/core/src/codex.rs
@@ -74,6 +74,7 @@ use crate::error::Result as CodexResult;
 #[cfg(test)]
 use crate::exec::StreamOutput;
 use crate::exec_policy::ExecPolicyUpdateError;
+use crate::exec_policy::ExecPolicyUpdateError;
 use crate::mcp::auth::compute_auth_statuses;
 use crate::mcp_connection_manager::McpConnectionManager;
 use crate::openai_model_info::get_model_info;
@@ -295,6 +296,7 @@ pub(crate) struct TurnContext {
    pub(crate) codex_linux_sandbox_exe: Option<PathBuf>,
    pub(crate) tool_call_gate: Arc<ReadinessFlag>,
    pub(crate) exec_policy: Arc<RwLock<ExecPolicy>>,
+    pub(crate) exec_policy: Arc<RwLock<ExecPolicy>>,
    pub(crate) truncation_policy: TruncationPolicy,
 }

@@ -2829,7 +2831,7 @@ mod tests {
            sandbox_policy: config.sandbox_policy.clone(),
            cwd: config.cwd.clone(),
            original_config_do_not_use: Arc::clone(&config),
-            exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
+            exec_policy: Arc::new(ExecPolicy::empty()),
            session_source: SessionSource::Exec,
        };

@@ -2910,7 +2912,7 @@ mod tests {
            sandbox_policy: config.sandbox_policy.clone(),
            cwd: config.cwd.clone(),
            original_config_do_not_use: Arc::clone(&config),
-            exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
+            exec_policy: Arc::new(ExecPolicy::empty()),
            session_source: SessionSource::Exec,
        };

--- a/codex-rs/core/src/tools/handlers/shell.rs
+++ b/codex-rs/core/src/tools/handlers/shell.rs
@@ -241,7 +241,6 @@ impl ShellHandler {
            SandboxPermissions::from(exec_params.with_escalated_permissions.unwrap_or(false)),
        )
        .await;
-
        let req = ShellRequest {
            command: exec_params.command.clone(),
            cwd: exec_params.cwd.clone(),