clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-30 07:50:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

rollout: persist turn permission profiles (#18281)

Browse Source 
## Why

Resume and reconstruction need to preserve the permissions that were
active for each user turn. If rollouts only keep legacy sandbox fields,
replay cannot faithfully represent profile-shaped overrides introduced
earlier in the stack.

## What changed

This records `permission_profile` on user-turn rollout events,
reconstructs it through history/state extraction, and updates rollout
reconstruction and related fixtures to keep the field explicit.

## Verification

- `cargo test -p codex-core --test all permissions_messages --
--nocapture`
- `cargo test -p codex-core --test all request_permissions --
--nocapture`











































---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed
with [ReviewStack](https://reviewstack.dev/openai/codex/pull/18281).
* #18288
* #18287
* #18286
* #18285
* #18284
* #18283
* #18282
* __->__ #18281
This commit is contained in:
Michael Bolin
2026-04-22 17:00:29 -07:00
committed by GitHub
parent bc083e4713
commit 6ca038bbd1
11 changed files with 48 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
codex-rs/core/src/session/rollout_reconstruction_tests.rs
View File

@@ -68,6 +68,7 @@ async fn record_initial_history_resumed_bare_turn_context_does_not_hydrate_previ
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -108,6 +109,7 @@ async fn record_initial_history_resumed_hydrates_previous_turn_settings_from_lif
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -917,6 +919,7 @@ async fn record_initial_history_resumed_turn_context_after_compaction_reestablis
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -994,6 +997,7 @@ async fn record_initial_history_resumed_turn_context_after_compaction_reestablis
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -1024,6 +1028,7 @@ async fn record_initial_history_resumed_aborted_turn_without_id_clears_active_tu
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -1138,6 +1143,7 @@ async fn record_initial_history_resumed_unmatched_abort_preserves_active_turn_fo
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: current_model.to_string(),
@@ -1251,6 +1257,7 @@ async fn record_initial_history_resumed_trailing_incomplete_turn_compaction_clea
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -1402,6 +1409,7 @@ async fn record_initial_history_resumed_replaced_incomplete_compacted_turn_clear
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),

9
codex-rs/core/src/session/tests.rs
View File

@@ -1606,6 +1606,7 @@ async fn record_initial_history_forked_hydrates_previous_turn_settings() {
timezone: turn_context.timezone.clone(),
approval_policy: turn_context.approval_policy.value(),
sandbox_policy: turn_context.sandbox_policy.get().clone(),
permission_profile: None,
network: None,
file_system_sandbox_policy: None,
model: previous_model.to_string(),
@@ -5207,6 +5208,10 @@ async fn turn_context_item_omits_legacy_equivalent_file_system_sandbox_policy()
let item = turn_context.to_turn_context_item();
assert_eq!(item.file_system_sandbox_policy, None);
assert_eq!(
item.permission_profile,
Some(turn_context.permission_profile())
);
}
#[tokio::test]
@@ -5221,6 +5226,10 @@ async fn turn_context_item_stores_split_file_system_sandbox_policy_when_differen
item.file_system_sandbox_policy,
Some(file_system_sandbox_policy)
);
assert_eq!(
item.permission_profile,
Some(turn_context.permission_profile())
);
}
#[tokio::test]

1
codex-rs/core/src/session/turn_context.rs
View File

@@ -272,6 +272,7 @@ impl TurnContext {
timezone: self.timezone.clone(),
approval_policy: self.approval_policy.value(),
sandbox_policy: self.sandbox_policy.get().clone(),
permission_profile: Some(self.permission_profile()),
network: self.turn_context_network_item(),
file_system_sandbox_policy: self.non_legacy_file_system_sandbox_policy(),
model: self.model_info.slug.clone(),