Move workspace roots onto thread/session state and stop using active permission profile modifications as an overlay for writable roots. Existing app-server threads now preserve their persisted PermissionProfile value across resume, fork, and turn updates; permissions requests on existing threads only update the active named profile after validating it exists. Workspace roots can be updated independently, and SandboxPolicy::WorkspaceWrite no longer stores its own writable_roots.

2026-05-27 06:25:48 +00:00 · 2026-05-11 15:23:15 -07:00
parent 3e10e09e24
commit 6579ec2f9d
141 changed files with 2384 additions and 2210 deletions
--- a/sdk/python/tests/test_app_server_streaming.py
+++ b/sdk/python/tests/test_app_server_streaming.py
@@ -21,7 +21,7 @@ def test_sync_stream_routes_text_deltas_and_completion(tmp_path) -> None:
    """A sync turn stream should expose deltas, completed items, and completion."""
    with AppServerHarness(tmp_path) as harness:
        harness.responses.enqueue_sse(
-            streaming_response("stream-1", "msg-stream-1", ["hel", "lo"])
+            streaming_response("stream-1", "msg-stream-1", ["he", "llo"])
        )

        with Codex(config=harness.app_server_config()) as codex:
@@ -42,7 +42,7 @@ def test_sync_stream_routes_text_deltas_and_completion(tmp_path) -> None:
            if isinstance(event.payload, TurnCompletedNotification)
        ],
    } == {
-        "deltas": ["hel", "lo"],
+        "deltas": ["he", "llo"],
        "agent_messages": ["hello"],
        "completed_statuses": [TurnStatus.completed],
    }