clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-24 13:04:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

permissions: move workspace roots onto thread state

Browse Source
This commit is contained in:
Michael Bolin
2026-05-12 23:22:45 -07:00
parent fbfbfe5fc5
commit 44e22e8ea2
168 changed files with 3263 additions and 3357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
codex-rs/exec/src/event_processor_with_human_output.rs
View File

@@ -1,5 +1,4 @@
use std::io::IsTerminal;
use std::path::Path;
use std::path::PathBuf;
use codex_app_server_protocol::CommandExecutionStatus;
@@ -11,11 +10,9 @@ use codex_app_server_protocol::ThreadTokenUsage;
use codex_app_server_protocol::TurnStatus;
use codex_core::config::Config;
use codex_model_provider_info::WireApi;
use codex_protocol::models::PermissionProfile;
use codex_protocol::num_format::format_with_separators;
use codex_protocol::permissions::NetworkSandboxPolicy;
use codex_protocol::protocol::SessionConfiguredEvent;
use codex_utils_absolute_path::canonicalize_preserving_symlinks;
use codex_utils_sandbox_summary::summarize_config_permission_profile;
use owo_colors::OwoColorize;
use owo_colors::Style;
@@ -434,13 +431,7 @@ fn config_summary_entries(
"approval",
config.permissions.approval_policy.value().to_string(),
),
(
"sandbox",
summarize_permission_profile(
config.permissions.permission_profile.get(),
config.cwd.as_path(),
),
),
("sandbox", summarize_config_permission_profile(config)),
];
if config.model_provider.wire_api == WireApi::Responses {
entries.push((
@@ -465,83 +456,6 @@ fn config_summary_entries(
entries
}
fn summarize_permission_profile(permission_profile: &PermissionProfile, cwd: &Path) -> String {
match permission_profile {
PermissionProfile::Disabled => "danger-full-access".to_string(),
PermissionProfile::External { network } => {
let mut summary = "external-sandbox".to_string();
append_network_summary(&mut summary, *network);
summary
}
PermissionProfile::Managed { .. } => {
let file_system_policy = permission_profile.file_system_sandbox_policy();
let network_policy = permission_profile.network_sandbox_policy();
if file_system_policy.has_full_disk_write_access() {
let mut summary = "workspace-write [/]".to_string();
append_network_summary(&mut summary, network_policy);
return summary;
}
let writable_roots = file_system_policy.get_writable_roots_with_cwd(cwd);
if writable_roots.is_empty() {
let mut summary = "read-only".to_string();
append_network_summary(&mut summary, network_policy);
return summary;
}
let mut summary = "workspace-write".to_string();
let writable_entries = writable_roots
.iter()
.map(|root| writable_root_label(root.root.as_path(), cwd))
.collect::<Vec<_>>();
summary.push_str(&format!(" [{}]", writable_entries.join(", ")));
append_network_summary(&mut summary, network_policy);
summary
}
}
}
fn append_network_summary(summary: &mut String, network_policy: NetworkSandboxPolicy) {
if network_policy.is_enabled() {
summary.push_str(" (network access enabled)");
}
}
fn writable_root_label(root: &Path, cwd: &Path) -> String {
if paths_match_after_canonicalization(root, cwd) {
return "workdir".to_string();
}
if paths_match_after_canonicalization(root, Path::new("/tmp")) {
return "/tmp".to_string();
}
if std::env::var_os("TMPDIR")
.filter(|tmpdir| !tmpdir.is_empty())
.is_some_and(|tmpdir| paths_match_after_canonicalization(root, Path::new(&tmpdir)))
{
return "$TMPDIR".to_string();
}
display_path_label(root)
}
fn paths_match_after_canonicalization(left: &Path, right: &Path) -> bool {
match (
canonicalize_preserving_symlinks(left),
canonicalize_preserving_symlinks(right),
) {
(Ok(left), Ok(right)) if left == right => true,
_ => display_path_label(left) == display_path_label(right),
}
}
fn display_path_label(path: &Path) -> String {
path.strip_prefix("/private/tmp")
.ok()
.map(|suffix| Path::new("/tmp").join(suffix))
.unwrap_or_else(|| path.to_path_buf())
.to_string_lossy()
.to_string()
}
fn reasoning_text(
summary: &[String],
content: &[String],

81
codex-rs/exec/src/event_processor_with_human_output_tests.rs
View File

@@ -2,24 +2,14 @@ use codex_app_server_protocol::ServerNotification;
use codex_app_server_protocol::ThreadItem;
use codex_app_server_protocol::Turn;
use codex_app_server_protocol::TurnStatus;
use codex_protocol::models::PermissionProfile;
use codex_protocol::permissions::FileSystemAccessMode;
use codex_protocol::permissions::FileSystemPath;
use codex_protocol::permissions::FileSystemSandboxEntry;
use codex_protocol::permissions::FileSystemSandboxPolicy;
use codex_protocol::permissions::NetworkSandboxPolicy;
use codex_utils_absolute_path::test_support::PathBufExt;
use codex_utils_absolute_path::test_support::test_path_buf;
use owo_colors::Style;
use pretty_assertions::assert_eq;
use super::EventProcessorWithHumanOutput;
use super::final_message_from_turn_items;
use super::paths_match_after_canonicalization;
use super::reasoning_text;
use super::should_print_final_message_to_stdout;
use super::should_print_final_message_to_tty;
use super::summarize_permission_profile;
use crate::event_processor::EventProcessor;
#[test]
@@ -99,77 +89,6 @@ fn reasoning_text_uses_raw_content_when_enabled() {
assert_eq!(text.as_deref(), Some("raw"));
}
#[test]
fn summarizes_disabled_permission_profile_as_danger_full_access() {
assert_eq!(
summarize_permission_profile(
&PermissionProfile::Disabled,
test_path_buf("/tmp").as_path()
),
"danger-full-access"
);
}
#[test]
fn summarizes_external_permission_profile() {
assert_eq!(
summarize_permission_profile(
&PermissionProfile::External {
network: NetworkSandboxPolicy::Enabled,
},
test_path_buf("/tmp").as_path(),
),
"external-sandbox (network access enabled)"
);
}
#[test]
fn summarizes_managed_workspace_write_permission_profile() {
let cwd = test_path_buf("/tmp/project").abs();
let cache_root = test_path_buf("/tmp/cache").abs();
let profile = PermissionProfile::from_runtime_permissions(
&FileSystemSandboxPolicy::restricted(vec![
FileSystemSandboxEntry {
path: FileSystemPath::Path { path: cwd.clone() },
access: FileSystemAccessMode::Write,
},
FileSystemSandboxEntry {
path: FileSystemPath::Path {
path: cache_root.clone(),
},
access: FileSystemAccessMode::Write,
},
]),
NetworkSandboxPolicy::Restricted,
);
assert_eq!(
summarize_permission_profile(&profile, cwd.as_path()),
format!("workspace-write [workdir, {}]", cache_root.display())
);
}
#[test]
fn summarizes_managed_read_only_permission_profile() {
let profile = PermissionProfile::from_runtime_permissions(
&FileSystemSandboxPolicy::restricted(Vec::new()),
NetworkSandboxPolicy::Restricted,
);
assert_eq!(
summarize_permission_profile(&profile, test_path_buf("/tmp/project").as_path()),
"read-only"
);
}
#[test]
fn distinct_missing_paths_do_not_match_after_canonicalization() {
assert!(!paths_match_after_canonicalization(
test_path_buf("/tmp/codex-missing-left").as_path(),
test_path_buf("/tmp/codex-missing-right").as_path(),
));
}
#[test]
fn final_message_from_turn_items_uses_latest_agent_message() {
let message = final_message_from_turn_items(&[

142
codex-rs/exec/src/lib.rs
View File

@@ -24,8 +24,6 @@ use codex_app_server_protocol::ConfigWarningNotification;
use codex_app_server_protocol::JSONRPCErrorError;
use codex_app_server_protocol::McpServerElicitationAction;
use codex_app_server_protocol::McpServerElicitationRequestResponse;
use codex_app_server_protocol::PermissionProfileModificationParams;
use codex_app_server_protocol::PermissionProfileSelectionParams;
use codex_app_server_protocol::RequestId;
use codex_app_server_protocol::ReviewStartParams;
use codex_app_server_protocol::ReviewStartResponse;
@@ -81,8 +79,8 @@ use codex_protocol::SessionId;
use codex_protocol::ThreadId;
use codex_protocol::config_types::SandboxMode;
use codex_protocol::models::ActivePermissionProfile;
use codex_protocol::models::ActivePermissionProfileModification;
use codex_protocol::models::PermissionProfile;
use codex_protocol::permissions::NetworkSandboxPolicy;
use codex_protocol::protocol::AskForApproval;
use codex_protocol::protocol::ReviewRequest;
use codex_protocol::protocol::ReviewTarget;
@@ -211,6 +209,7 @@ struct ExecRunArgs {
prompt: Option<String>,
skip_git_repo_check: bool,
stderr_with_ansi: bool,
workspace_roots_explicit: bool,
}
fn exec_root_span() -> tracing::Span {
@@ -267,6 +266,7 @@ pub async fn run_main(cli: Cli, arg0_paths: Arg0DispatchPaths) -> anyhow::Result
cwd,
add_dir,
} = shared;
let workspace_roots_explicit = !add_dir.is_empty();
let (_stdout_with_ansi, stderr_with_ansi) = match color {
cli::Color::Always => (true, true),
@@ -422,6 +422,7 @@ pub async fn run_main(cli: Cli, arg0_paths: Arg0DispatchPaths) -> anyhow::Result
show_raw_agent_reasoning: oss.then_some(true),
tools_web_search_request: None,
ephemeral: ephemeral.then_some(true),
workspace_roots: None,
additional_writable_roots: add_dir,
};
@@ -550,6 +551,7 @@ pub async fn run_main(cli: Cli, arg0_paths: Arg0DispatchPaths) -> anyhow::Result
prompt,
skip_git_repo_check,
stderr_with_ansi,
workspace_roots_explicit,
})
.instrument(exec_span)
.await
@@ -572,6 +574,7 @@ async fn run_exec_session(args: ExecRunArgs) -> anyhow::Result<()> {
prompt,
skip_git_repo_check,
stderr_with_ansi,
workspace_roots_explicit,
} = args;
let mut event_processor: Box<dyn EventProcessor> = match json_mode {
@@ -692,7 +695,11 @@ async fn run_exec_session(args: ExecRunArgs) -> anyhow::Result<()> {
&client,
ClientRequest::ThreadResume {
request_id: request_ids.next(),
params: thread_resume_params_from_config(&config, thread_id),
params: thread_resume_params_from_config(
&config,
thread_id,
workspace_roots_explicit,
),
},
"thread/resume",
)
@@ -747,7 +754,7 @@ async fn run_exec_session(args: ExecRunArgs) -> anyhow::Result<()> {
event_processor.print_config_summary(&config, &prompt_summary, &session_configured);
if !json_mode
&& let Some(message) =
codex_core::config::system_bwrap_warning(config.permissions.permission_profile.get())
codex_core::config::system_bwrap_warning(config.permissions.permission_profile_ref())
{
event_processor.process_warning(message);
}
@@ -777,6 +784,7 @@ async fn run_exec_session(args: ExecRunArgs) -> anyhow::Result<()> {
responsesapi_client_metadata: None,
environments: None,
cwd: Some(default_cwd),
workspace_roots: None,
approval_policy: Some(default_approval_policy.into()),
approvals_reviewer: None,
sandbox_policy: None,
@@ -940,7 +948,7 @@ fn thread_start_params_from_config(config: &Config) -> ThreadStartParams {
let permissions = permissions_selection_from_config(config);
let sandbox = permissions.is_none().then(|| {
sandbox_mode_from_permission_profile(
&config.permissions.permission_profile(),
config.permissions.permission_profile_ref(),
config.cwd.as_path(),
)
});
@@ -948,6 +956,7 @@ fn thread_start_params_from_config(config: &Config) -> ThreadStartParams {
model: config.model.clone(),
model_provider: Some(config.model_provider_id.clone()),
cwd: Some(config.cwd.to_string_lossy().to_string()),
workspace_roots: Some(config.workspace_roots.clone()),
approval_policy: Some(config.permissions.approval_policy.value().into()),
approvals_reviewer: approvals_reviewer_override_from_config(config),
sandbox: sandbox.flatten(),
@@ -958,51 +967,36 @@ fn thread_start_params_from_config(config: &Config) -> ThreadStartParams {
}
}
fn thread_resume_params_from_config(config: &Config, thread_id: String) -> ThreadResumeParams {
fn thread_resume_params_from_config(
config: &Config,
thread_id: String,
workspace_roots_explicit: bool,
) -> ThreadResumeParams {
let permissions = permissions_selection_from_config(config);
let sandbox = permissions.is_none().then(|| {
sandbox_mode_from_permission_profile(
&config.permissions.permission_profile(),
config.cwd.as_path(),
)
});
ThreadResumeParams {
thread_id,
model: config.model.clone(),
model_provider: Some(config.model_provider_id.clone()),
cwd: Some(config.cwd.to_string_lossy().to_string()),
workspace_roots: workspace_roots_explicit.then(|| config.workspace_roots.clone()),
approval_policy: Some(config.permissions.approval_policy.value().into()),
approvals_reviewer: approvals_reviewer_override_from_config(config),
sandbox: sandbox.flatten(),
sandbox: None,
permissions,
config: config_request_overrides_from_config(config),
..ThreadResumeParams::default()
}
}
fn permissions_selection_from_config(config: &Config) -> Option<PermissionProfileSelectionParams> {
fn permissions_selection_from_config(config: &Config) -> Option<String> {
config
.permissions
.active_permission_profile()
.map(permissions_selection_from_active_profile)
}
fn permissions_selection_from_active_profile(
active: ActivePermissionProfile,
) -> PermissionProfileSelectionParams {
let modifications = active
.modifications
.into_iter()
.map(|modification| match modification {
ActivePermissionProfileModification::AdditionalWritableRoot { path } => {
PermissionProfileModificationParams::AdditionalWritableRoot { path }
}
})
.collect::<Vec<_>>();
PermissionProfileSelectionParams::Profile {
id: active.id,
modifications: (!modifications.is_empty()).then_some(modifications),
}
fn permissions_selection_from_active_profile(active: ActivePermissionProfile) -> String {
active.id
}
fn sandbox_mode_from_permission_profile(
@@ -1062,7 +1056,7 @@ where
fn session_configured_from_thread_start_response(
response: &ThreadStartResponse,
config: &Config,
_config: &Config,
) -> Result<SessionConfiguredEvent, String> {
session_configured_from_thread_response(
&response.thread.session_id,
@@ -1074,20 +1068,21 @@ fn session_configured_from_thread_start_response(
response.service_tier.clone(),
response.approval_policy.to_core(),
response.approvals_reviewer.to_core(),
response
.permission_profile
.clone()
.map(Into::into)
.unwrap_or_else(|| config.permissions.permission_profile()),
permission_profile_from_thread_response(&response.sandbox, &response.cwd),
response.active_permission_profile.clone().map(Into::into),
response.cwd.clone(),
workspace_roots_from_thread_response(
&response.sandbox,
&response.cwd,
&response.workspace_roots,
),
response.reasoning_effort,
)
}
fn session_configured_from_thread_resume_response(
response: &ThreadResumeResponse,
config: &Config,
_config: &Config,
) -> Result<SessionConfiguredEvent, String> {
session_configured_from_thread_response(
&response.thread.session_id,
@@ -1099,17 +1094,76 @@ fn session_configured_from_thread_resume_response(
response.service_tier.clone(),
response.approval_policy.to_core(),
response.approvals_reviewer.to_core(),
response
.permission_profile
.clone()
.map(Into::into)
.unwrap_or_else(|| config.permissions.permission_profile()),
permission_profile_from_thread_response(&response.sandbox, &response.cwd),
response.active_permission_profile.clone().map(Into::into),
response.cwd.clone(),
workspace_roots_from_thread_response(
&response.sandbox,
&response.cwd,
&response.workspace_roots,
),
response.reasoning_effort,
)
}
fn permission_profile_from_thread_response(
sandbox: &codex_app_server_protocol::SandboxPolicy,
cwd: &AbsolutePathBuf,
) -> PermissionProfile {
match sandbox {
codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
network_access,
exclude_tmpdir_env_var,
exclude_slash_tmp,
legacy_writable_roots: _,
} => PermissionProfile::workspace_write_with(
&[],
if *network_access {
NetworkSandboxPolicy::Enabled
} else {
NetworkSandboxPolicy::Restricted
},
*exclude_tmpdir_env_var,
*exclude_slash_tmp,
),
codex_app_server_protocol::SandboxPolicy::DangerFullAccess
| codex_app_server_protocol::SandboxPolicy::ReadOnly { .. }
| codex_app_server_protocol::SandboxPolicy::ExternalSandbox { .. } => {
PermissionProfile::from_legacy_sandbox_policy_for_cwd(&sandbox.to_core(), cwd.as_path())
}
}
}
fn workspace_roots_from_thread_response(
sandbox: &codex_app_server_protocol::SandboxPolicy,
cwd: &AbsolutePathBuf,
workspace_roots: &[AbsolutePathBuf],
) -> Vec<AbsolutePathBuf> {
if !workspace_roots.is_empty() || sandbox.legacy_writable_roots().is_empty() {
return workspace_roots.to_vec();
}
match sandbox {
codex_app_server_protocol::SandboxPolicy::WorkspaceWrite { .. } => {
let mut roots = Vec::with_capacity(1 + sandbox.legacy_writable_roots().len());
push_unique_workspace_root(&mut roots, cwd.clone());
for root in sandbox.legacy_writable_roots() {
push_unique_workspace_root(&mut roots, root.clone());
}
roots
}
codex_app_server_protocol::SandboxPolicy::DangerFullAccess
| codex_app_server_protocol::SandboxPolicy::ReadOnly { .. }
| codex_app_server_protocol::SandboxPolicy::ExternalSandbox { .. } => Vec::new(),
}
}
fn push_unique_workspace_root(roots: &mut Vec<AbsolutePathBuf>, root: AbsolutePathBuf) {
if !roots.iter().any(|existing| existing == &root) {
roots.push(root);
}
}
fn review_target_to_api(target: ReviewTarget) -> ApiReviewTarget {
match target {
ReviewTarget::UncommittedChanges => ApiReviewTarget::UncommittedChanges,
@@ -1136,6 +1190,7 @@ fn session_configured_from_thread_response(
permission_profile: PermissionProfile,
active_permission_profile: Option<codex_protocol::models::ActivePermissionProfile>,
cwd: AbsolutePathBuf,
workspace_roots: Vec<AbsolutePathBuf>,
reasoning_effort: Option<codex_protocol::openai_models::ReasoningEffort>,
) -> Result<SessionConfiguredEvent, String> {
let session_id = SessionId::from_string(session_id)
@@ -1157,6 +1212,7 @@ fn session_configured_from_thread_response(
permission_profile,
active_permission_profile,
cwd,
workspace_roots,
reasoning_effort,
initial_messages: None,
network_proxy: None,

185
codex-rs/exec/src/lib_tests.rs
View File

@@ -412,6 +412,7 @@ async fn thread_start_params_include_review_policy_when_review_policy_is_manual_
.codex_home(codex_home.path().to_path_buf())
.harness_overrides(ConfigOverrides {
approvals_reviewer: Some(ApprovalsReviewer::User),
default_permissions: Some(":workspace".to_string()),
..Default::default()
})
.fallback_cwd(Some(cwd.path().to_path_buf()))
@@ -456,7 +457,7 @@ async fn thread_start_params_include_review_policy_when_auto_review_is_enabled()
}
#[tokio::test]
async fn thread_lifecycle_params_include_legacy_sandbox_when_no_active_profile() {
async fn thread_lifecycle_params_handle_legacy_sandbox_when_no_active_profile() {
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let config = ConfigBuilder::default()
@@ -471,7 +472,11 @@ async fn thread_lifecycle_params_include_legacy_sandbox_when_no_active_profile()
.expect("build config with legacy sandbox override");
let start_params = thread_start_params_from_config(&config);
let resume_params = thread_resume_params_from_config(&config, "thread-id".to_string());
let resume_params = thread_resume_params_from_config(
&config,
"thread-id".to_string(),
/*workspace_roots_explicit*/ false,
);
assert_eq!(config.permissions.active_permission_profile(), None);
assert_eq!(
@@ -479,11 +484,43 @@ async fn thread_lifecycle_params_include_legacy_sandbox_when_no_active_profile()
Some(codex_app_server_protocol::SandboxMode::DangerFullAccess)
);
assert_eq!(start_params.permissions, None);
assert_eq!(
resume_params.sandbox,
Some(codex_app_server_protocol::SandboxMode::DangerFullAccess)
);
assert_eq!(resume_params.sandbox, None);
assert_eq!(resume_params.permissions, None);
assert_eq!(resume_params.workspace_roots, None);
}
#[tokio::test]
async fn thread_resume_params_include_workspace_roots_only_when_explicit() {
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let extra_root = test_path_buf("/tmp/exec-resume-extra-root");
let config = ConfigBuilder::default()
.codex_home(codex_home.path().to_path_buf())
.harness_overrides(ConfigOverrides {
additional_writable_roots: vec![extra_root.clone()],
..Default::default()
})
.fallback_cwd(Some(cwd.path().to_path_buf()))
.build()
.await
.expect("build config with additional writable root");
let implicit_resume_params = thread_resume_params_from_config(
&config,
"thread-id".to_string(),
/*workspace_roots_explicit*/ false,
);
let explicit_resume_params = thread_resume_params_from_config(
&config,
"thread-id".to_string(),
/*workspace_roots_explicit*/ true,
);
assert_eq!(implicit_resume_params.workspace_roots, None);
assert_eq!(
explicit_resume_params.workspace_roots,
Some(config.workspace_roots)
);
}
#[tokio::test]
@@ -513,7 +550,7 @@ async fn session_configured_from_thread_response_uses_review_policy_from_respons
}
#[tokio::test]
async fn session_configured_from_thread_response_uses_permission_profile_from_response() {
async fn session_configured_from_thread_response_uses_sandbox_projection() {
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let config = ConfigBuilder::default()
@@ -523,7 +560,7 @@ async fn session_configured_from_thread_response_uses_permission_profile_from_re
.await
.expect("build config");
let mut response = sample_thread_start_response();
response.permission_profile = Some(PermissionProfile::Disabled.into());
response.sandbox = codex_app_server_protocol::SandboxPolicy::DangerFullAccess;
let event = session_configured_from_thread_start_response(&response, &config)
.expect("build bootstrap session configured event");
@@ -531,6 +568,116 @@ async fn session_configured_from_thread_response_uses_permission_profile_from_re
assert_eq!(event.permission_profile, PermissionProfile::Disabled);
}
#[tokio::test]
async fn session_configured_from_thread_response_uses_workspace_roots_for_workspace_sandbox() {
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let config = ConfigBuilder::default()
.codex_home(codex_home.path().to_path_buf())
.fallback_cwd(Some(cwd.path().to_path_buf()))
.build()
.await
.expect("build config");
let mut response = sample_thread_start_response();
let extra_root = test_path_buf("/tmp/extra-root").abs();
response.workspace_roots = vec![extra_root.clone()];
response.sandbox = codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
legacy_writable_roots: Vec::new(),
};
let event = session_configured_from_thread_start_response(&response, &config)
.expect("build bootstrap session configured event");
assert_eq!(
event.permission_profile,
PermissionProfile::workspace_write_with(
&[],
NetworkSandboxPolicy::Restricted,
/*exclude_tmpdir_env_var*/ false,
/*exclude_slash_tmp*/ false,
)
);
assert_eq!(event.workspace_roots, vec![extra_root]);
}
#[tokio::test]
async fn session_configured_from_thread_resume_response_uses_workspace_roots_for_workspace_sandbox()
{
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let config = ConfigBuilder::default()
.codex_home(codex_home.path().to_path_buf())
.fallback_cwd(Some(cwd.path().to_path_buf()))
.build()
.await
.expect("build config");
let mut response = sample_thread_resume_response();
let extra_root = test_path_buf("/tmp/extra-root").abs();
response.workspace_roots = vec![extra_root.clone()];
response.sandbox = codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
legacy_writable_roots: Vec::new(),
};
let event = session_configured_from_thread_resume_response(&response, &config)
.expect("build resumed session configured event");
assert_eq!(
event.permission_profile,
PermissionProfile::workspace_write_with(
&[],
NetworkSandboxPolicy::Restricted,
/*exclude_tmpdir_env_var*/ false,
/*exclude_slash_tmp*/ false,
)
);
assert_eq!(event.workspace_roots, vec![extra_root]);
}
#[tokio::test]
async fn session_configured_from_thread_response_uses_workspace_roots_from_response() {
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let config = ConfigBuilder::default()
.codex_home(codex_home.path().to_path_buf())
.fallback_cwd(Some(cwd.path().to_path_buf()))
.build()
.await
.expect("build config");
let mut response = sample_thread_start_response();
let extra_root = test_path_buf("/tmp/extra-root").abs();
response.workspace_roots = vec![response.cwd.clone(), extra_root.clone()];
let event = session_configured_from_thread_start_response(&response, &config)
.expect("build bootstrap session configured event");
assert_eq!(event.workspace_roots, vec![response.cwd, extra_root]);
}
#[tokio::test]
async fn session_configured_from_thread_response_preserves_empty_workspace_roots() {
let codex_home = tempdir().expect("create temp codex home");
let cwd = tempdir().expect("create temp cwd");
let config = ConfigBuilder::default()
.codex_home(codex_home.path().to_path_buf())
.fallback_cwd(Some(cwd.path().to_path_buf()))
.build()
.await
.expect("build config");
let mut response = sample_thread_resume_response();
response.workspace_roots = Vec::new();
let event = session_configured_from_thread_resume_response(&response, &config)
.expect("build resumed session configured event");
assert_eq!(event.workspace_roots, Vec::<AbsolutePathBuf>::new());
}
fn sample_thread_start_response() -> ThreadStartResponse {
ThreadStartResponse {
thread: codex_app_server_protocol::Thread {
@@ -558,17 +705,35 @@ fn sample_thread_start_response() -> ThreadStartResponse {
model_provider: "openai".to_string(),
service_tier: None,
cwd: test_path_buf("/tmp").abs(),
workspace_roots: Vec::new(),
instruction_sources: Vec::new(),
approval_policy: codex_app_server_protocol::AskForApproval::OnRequest,
approvals_reviewer: codex_app_server_protocol::ApprovalsReviewer::AutoReview,
sandbox: codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
legacy_writable_roots: Vec::new(),
},
permission_profile: None,
active_permission_profile: None,
reasoning_effort: None,
}
}
fn sample_thread_resume_response() -> ThreadResumeResponse {
let start = sample_thread_start_response();
ThreadResumeResponse {
thread: start.thread,
model: start.model,
model_provider: start.model_provider,
service_tier: start.service_tier,
cwd: start.cwd,
workspace_roots: start.workspace_roots,
instruction_sources: start.instruction_sources,
approval_policy: start.approval_policy,
approvals_reviewer: start.approvals_reviewer,
sandbox: start.sandbox,
active_permission_profile: start.active_permission_profile,
reasoning_effort: start.reasoning_effort,
}
}