clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-02 10:26:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

core tests: submit turns with permission profiles (#20010)

Browse Source 
## Summary

- Add `PermissionProfile`-based turn submission helpers to
`core_test_support`, while keeping the legacy `SandboxPolicy` helper for
tests that intentionally exercise legacy fallback behavior.
- Switch the default `TestCodex::submit_turn()` path to send a real
`PermissionProfile` plus the required legacy compatibility projection in
`Op::UserTurn`.
- Migrate straightforward app/search/shell/truncation tests from
`SandboxPolicy::{DangerFullAccess, ReadOnly}` to
`PermissionProfile::{Disabled, read_only}`.
- Add a TUI compatibility projection helper for legacy app-server fields
so non-legacy writable roots are preserved instead of being downgraded
to read-only.
- Fix remote start/resume/fork sandbox-mode projection to classify any
managed profile with writable roots as workspace-write, not only
profiles that can write `cwd`.
- Reduce `SandboxPolicy` references in `codex-rs/core/tests` from 47
files to 41 files without changing production behavior.

## Testing

- `cargo check -p codex-core --tests`
- `cargo test -p codex-tui
compatibility_profile_preserves_unbridgeable_write_roots`
- `cargo test -p codex-tui
sandbox_mode_preserves_non_cwd_write_roots_for_remote_sessions`
- `just fmt`
- `just fix -p core_test_support`
- `just fix -p codex-core`
This commit is contained in:
Michael Bolin
2026-04-28 16:01:40 -07:00
committed by GitHub
parent 2dbde94aa9
commit 891722849d
11 changed files with 354 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
codex-rs/core/tests/common/test_codex.rs
View File

@@ -28,6 +28,7 @@ use codex_model_provider_info::built_in_model_providers;
use codex_models_manager::bundled_models_response;
use codex_models_manager::collaboration_mode_presets::CollaborationModesConfig;
use codex_protocol::config_types::ServiceTier;
use codex_protocol::models::PermissionProfile;
use codex_protocol::openai_models::ModelsResponse;
use codex_protocol::protocol::AskForApproval;
use codex_protocol::protocol::EventMsg;
@@ -591,10 +592,19 @@ impl TestCodex {
}
pub async fn submit_turn(&self, prompt: &str) -> Result<()> {
self.submit_turn_with_policies(
self.submit_turn_with_permission_profile(prompt, PermissionProfile::Disabled)
.await
}
pub async fn submit_turn_with_permission_profile(
&self,
prompt: &str,
permission_profile: PermissionProfile,
) -> Result<()> {
self.submit_turn_with_approval_and_permission_profile(
prompt,
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
permission_profile,
)
.await
}
@@ -613,10 +623,10 @@ impl TestCodex {
prompt: &str,
service_tier: Option<ServiceTier>,
) -> Result<()> {
self.submit_turn_with_context(
self.submit_turn_with_permission_profile_context(
prompt,
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
Some(service_tier),
/*environments*/ None,
)
@@ -629,10 +639,30 @@ impl TestCodex {
approval_policy: AskForApproval,
sandbox_policy: SandboxPolicy,
) -> Result<()> {
let permission_profile = PermissionProfile::from_legacy_sandbox_policy_for_cwd(
&sandbox_policy,
self.config.cwd.as_path(),
);
self.submit_turn_with_context(
prompt,
approval_policy,
sandbox_policy,
permission_profile,
/*service_tier*/ None,
/*environments*/ None,
)
.await
}
pub async fn submit_turn_with_approval_and_permission_profile(
&self,
prompt: &str,
approval_policy: AskForApproval,
permission_profile: PermissionProfile,
) -> Result<()> {
self.submit_turn_with_permission_profile_context(
prompt,
approval_policy,
permission_profile,
/*service_tier*/ None,
/*environments*/ None,
)
@@ -644,24 +674,45 @@ impl TestCodex {
prompt: &str,
environments: Option<Vec<TurnEnvironmentSelection>>,
) -> Result<()> {
self.submit_turn_with_context(
self.submit_turn_with_permission_profile_context(
prompt,
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
/*service_tier*/ None,
environments,
)
.await
}
async fn submit_turn_with_permission_profile_context(
&self,
prompt: &str,
approval_policy: AskForApproval,
permission_profile: PermissionProfile,
service_tier: Option<Option<ServiceTier>>,
environments: Option<Vec<TurnEnvironmentSelection>>,
) -> Result<()> {
self.submit_turn_with_context(
prompt,
approval_policy,
permission_profile,
service_tier,
environments,
)
.await
}
async fn submit_turn_with_context(
&self,
prompt: &str,
approval_policy: AskForApproval,
sandbox_policy: SandboxPolicy,
permission_profile: PermissionProfile,
service_tier: Option<Option<ServiceTier>>,
environments: Option<Vec<TurnEnvironmentSelection>>,
) -> Result<()> {
let sandbox_policy = permission_profile
.to_legacy_sandbox_policy(self.config.cwd.as_path())
.unwrap_or_else(|_| SandboxPolicy::new_read_only_policy());
let session_model = self.session_configured.model.clone();
self.codex
.submit(Op::UserTurn {
@@ -675,7 +726,7 @@ impl TestCodex {
approval_policy,
approvals_reviewer: None,
sandbox_policy,
permission_profile: None,
permission_profile: Some(permission_profile),
model: session_model,
effort: None,
summary: None,
@@ -835,6 +886,16 @@ impl TestCodexHarness {
.await
}
pub async fn submit_with_permission_profile(
&self,
prompt: &str,
permission_profile: PermissionProfile,
) -> Result<()> {
self.test
.submit_turn_with_permission_profile(prompt, permission_profile)
.await
}
pub async fn request_bodies(&self) -> Vec<Value> {
let path_matcher = path_regex(".*/responses$");
self.server

6
codex-rs/core/tests/suite/openai_file_mcp.rs
View File

@@ -8,8 +8,8 @@ use anyhow::Result;
use codex_core::config::Config;
use codex_features::Feature;
use codex_login::CodexAuth;
use codex_protocol::models::PermissionProfile;
use codex_protocol::protocol::AskForApproval;
use codex_protocol::protocol::SandboxPolicy;
use core_test_support::apps_test_server::AppsTestServer;
use core_test_support::apps_test_server::DOCUMENT_EXTRACT_TEXT_RESOURCE_URI;
use core_test_support::responses::ev_assistant_message;
@@ -169,10 +169,10 @@ async fn codex_apps_file_params_upload_local_paths_before_mcp_tool_call() -> Res
let test = builder.build(&server).await?;
tokio::fs::write(test.cwd.path().join("report.txt"), b"hello world").await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"Extract the report text with the app tool.",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;

34
codex-rs/core/tests/suite/search_tool.rs
View File

@@ -12,11 +12,11 @@ use codex_protocol::dynamic_tools::DynamicToolCallOutputContentItem;
use codex_protocol::dynamic_tools::DynamicToolResponse;
use codex_protocol::dynamic_tools::DynamicToolSpec;
use codex_protocol::models::FunctionCallOutputPayload;
use codex_protocol::models::PermissionProfile;
use codex_protocol::protocol::AskForApproval;
use codex_protocol::protocol::EventMsg;
use codex_protocol::protocol::McpInvocation;
use codex_protocol::protocol::Op;
use codex_protocol::protocol::SandboxPolicy;
use codex_protocol::user_input::UserInput;
use core_test_support::apps_test_server::AppsTestServer;
use core_test_support::apps_test_server::CALENDAR_CREATE_EVENT_MCP_APP_RESOURCE_URI;
@@ -157,10 +157,10 @@ async fn search_tool_enabled_by_default_adds_tool_search() -> Result<()> {
let mut builder = configured_builder(apps_server.chatgpt_base_url.clone());
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"list tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -221,10 +221,10 @@ async fn always_defer_feature_hides_small_app_tool_sets() -> Result<()> {
});
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"list tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -265,10 +265,10 @@ async fn tool_search_disabled_exposes_apps_tools_directly() -> Result<()> {
});
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"list tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -311,10 +311,10 @@ async fn search_tool_is_hidden_for_api_key_auth() -> Result<()> {
.with_config(move |config| configure_apps(config, apps_server.chatgpt_base_url.as_str()));
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"list tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -347,10 +347,10 @@ async fn search_tool_adds_discovery_instructions_to_tool_description() -> Result
let mut builder = configured_builder(apps_server.chatgpt_base_url.clone());
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"list tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -389,10 +389,10 @@ async fn search_tool_hides_apps_tools_without_search() -> Result<()> {
let mut builder = configured_builder(apps_server.chatgpt_base_url.clone());
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"hello tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -425,10 +425,10 @@ async fn explicit_app_mentions_expose_apps_tools_without_search() -> Result<()>
let mut builder = configured_builder(apps_server.chatgpt_base_url.clone());
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"Use [$calendar](app://calendar) and then call tools.",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -978,10 +978,10 @@ async fn tool_search_indexes_only_enabled_non_app_mcp_tools() -> Result<()> {
});
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"Find the rmcp echo and image tools.",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;

66
codex-rs/core/tests/suite/shell_serialization.rs
View File

@@ -2,7 +2,7 @@
#![allow(clippy::expect_used)]
use anyhow::Result;
use codex_protocol::protocol::SandboxPolicy;
use codex_protocol::models::PermissionProfile;
use core_test_support::assert_regex_match;
use core_test_support::responses::ev_assistant_message;
use core_test_support::responses::ev_completed;
@@ -136,9 +136,9 @@ async fn shell_output_stays_json_without_freeform_apply_patch(
let responses = shell_responses(call_id, vec!["/bin/echo", "shell json"], output_type)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the json shell command",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -192,9 +192,9 @@ async fn shell_output_is_structured_with_freeform_apply_patch(
let responses = shell_responses(call_id, vec!["/bin/echo", "freeform shell"], output_type)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the structured shell command",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -249,9 +249,9 @@ async fn shell_output_preserves_fixture_json_without_serialization(
)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"read the fixture JSON with sed",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -317,9 +317,9 @@ async fn shell_output_structures_fixture_with_serialization(
)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"read the fixture JSON with structured output",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -372,9 +372,9 @@ async fn shell_output_for_freeform_tool_records_duration(
let responses = shell_responses(call_id, vec!["/bin/sh", "-c", "sleep 0.2"], output_type)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the structured shell command",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -429,9 +429,9 @@ async fn shell_output_reserializes_truncated_content(output_type: ShellModelOutp
let responses = shell_responses(call_id, vec!["/bin/sh", "-c", "seq 1 400"], output_type)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the truncation shell command",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -495,9 +495,9 @@ async fn apply_patch_custom_tool_output_is_structured(
harness
.test()
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"apply the patch via custom tool",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -537,9 +537,9 @@ async fn apply_patch_custom_tool_call_creates_file(
harness
.test()
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"apply the patch via custom tool to create a file",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -593,9 +593,9 @@ async fn apply_patch_custom_tool_call_updates_existing_file(
harness
.test()
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"apply the patch via custom tool to update a file",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -645,9 +645,9 @@ async fn apply_patch_custom_tool_call_reports_failure_output(
harness
.test()
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"attempt a failing apply_patch via custom tool",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -688,9 +688,9 @@ async fn apply_patch_function_call_output_is_structured(
.await;
harness
.test()
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"apply the patch via function-call apply_patch",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -727,9 +727,9 @@ async fn shell_output_is_structured_for_nonzero_exit(output_type: ShellModelOutp
let responses = shell_responses(call_id, vec!["/bin/sh", "-c", "exit 42"], output_type)?;
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the failing shell command",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -778,9 +778,9 @@ async fn shell_command_output_is_freeform() -> Result<()> {
];
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the shell_command script in the user's shell",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -830,9 +830,9 @@ async fn shell_command_output_is_not_truncated_under_10k_bytes() -> Result<()> {
];
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the shell_command script in the user's shell",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -881,9 +881,9 @@ async fn shell_command_output_is_not_truncated_over_10k_bytes() -> Result<()> {
];
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the shell_command script in the user's shell",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -929,9 +929,9 @@ async fn local_shell_call_output_is_structured() -> Result<()> {
];
let mock = mount_sse_sequence(&server, responses).await;
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"run the local shell command",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;

6
codex-rs/core/tests/suite/tool_suggest.rs
View File

@@ -8,8 +8,8 @@ use codex_core::config::Config;
use codex_features::Feature;
use codex_login::CodexAuth;
use codex_models_manager::bundled_models_response;
use codex_protocol::models::PermissionProfile;
use codex_protocol::protocol::AskForApproval;
use codex_protocol::protocol::SandboxPolicy;
use core_test_support::apps_test_server::AppsTestServer;
use core_test_support::responses::ev_assistant_message;
use core_test_support::responses::ev_completed;
@@ -111,10 +111,10 @@ async fn tool_suggest_is_available_without_search_tool_after_discovery_attempts(
});
let test = builder.build(&server).await?;
test.submit_turn_with_policies(
test.submit_turn_with_approval_and_permission_profile(
"list tools",
AskForApproval::Never,
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;

44
codex-rs/core/tests/suite/truncation.rs
View File

@@ -5,10 +5,10 @@ use anyhow::Context;
use anyhow::Result;
use codex_config::types::McpServerConfig;
use codex_config::types::McpServerTransportConfig;
use codex_protocol::models::PermissionProfile;
use codex_protocol::protocol::AskForApproval;
use codex_protocol::protocol::EventMsg;
use codex_protocol::protocol::Op;
use codex_protocol::protocol::SandboxPolicy;
use codex_protocol::user_input::UserInput;
use core_test_support::assert_regex_match;
use core_test_support::responses;
@@ -82,7 +82,10 @@ async fn tool_call_output_configured_limit_chars_type() -> Result<()> {
.await;
fixture
.submit_turn_with_policy("trigger big shell output", SandboxPolicy::DangerFullAccess)
.submit_turn_with_permission_profile(
"trigger big shell output",
PermissionProfile::Disabled,
)
.await?;
// Inspect what we sent back to the model; it should contain a truncated
@@ -156,7 +159,10 @@ async fn tool_call_output_exceeds_limit_truncated_chars_limit() -> Result<()> {
.await;
fixture
.submit_turn_with_policy("trigger big shell output", SandboxPolicy::DangerFullAccess)
.submit_turn_with_permission_profile(
"trigger big shell output",
PermissionProfile::Disabled,
)
.await?;
// Inspect what we sent back to the model; it should contain a truncated
@@ -229,7 +235,10 @@ async fn tool_call_output_exceeds_limit_truncated_for_model() -> Result<()> {
.await;
fixture
.submit_turn_with_policy("trigger big shell output", SandboxPolicy::DangerFullAccess)
.submit_turn_with_permission_profile(
"trigger big shell output",
PermissionProfile::Disabled,
)
.await?;
// Inspect what we sent back to the model; it should contain a truncated
@@ -303,7 +312,10 @@ async fn tool_call_output_truncated_only_once() -> Result<()> {
.await;
fixture
.submit_turn_with_policy("trigger big shell output", SandboxPolicy::DangerFullAccess)
.submit_turn_with_permission_profile(
"trigger big shell output",
PermissionProfile::Disabled,
)
.await?;
let output = mock2
@@ -399,9 +411,9 @@ async fn mcp_tool_call_output_exceeds_limit_truncated_for_model() -> Result<()>
let fixture = builder.build(&server).await?;
fixture
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"call the rmcp echo tool with a very large message",
SandboxPolicy::new_read_only_policy(),
PermissionProfile::read_only(),
)
.await?;
@@ -496,6 +508,8 @@ async fn mcp_image_output_preserves_image_and_no_text_summary() -> Result<()> {
});
let fixture = builder.build(&server).await?;
let session_model = fixture.session_configured.model.clone();
let permission_profile = PermissionProfile::read_only();
let sandbox_policy = permission_profile.to_legacy_sandbox_policy(fixture.cwd.path())?;
fixture
.codex
@@ -509,8 +523,8 @@ async fn mcp_image_output_preserves_image_and_no_text_summary() -> Result<()> {
cwd: fixture.cwd.path().to_path_buf(),
approval_policy: AskForApproval::Never,
approvals_reviewer: None,
sandbox_policy: SandboxPolicy::new_read_only_policy(),
permission_profile: None,
sandbox_policy,
permission_profile: Some(permission_profile),
model: session_model,
effort: None,
summary: None,
@@ -577,7 +591,7 @@ async fn token_policy_marker_reports_tokens() -> Result<()> {
.await;
fixture
.submit_turn_with_policy("run the shell tool", SandboxPolicy::DangerFullAccess)
.submit_turn_with_permission_profile("run the shell tool", PermissionProfile::Disabled)
.await?;
let output = done_mock
@@ -628,7 +642,7 @@ async fn byte_policy_marker_reports_bytes() -> Result<()> {
.await;
fixture
.submit_turn_with_policy("run the shell tool", SandboxPolicy::DangerFullAccess)
.submit_turn_with_permission_profile("run the shell tool", PermissionProfile::Disabled)
.await?;
let output = done_mock
@@ -680,9 +694,9 @@ async fn shell_command_output_not_truncated_with_custom_limit() -> Result<()> {
.await;
fixture
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"run big output without truncation",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await?;
@@ -777,9 +791,9 @@ async fn mcp_tool_call_output_not_truncated_with_custom_limit() -> Result<()> {
let fixture = builder.build(&server).await?;
fixture
.submit_turn_with_policy(
.submit_turn_with_permission_profile(
"call the rmcp echo tool with a very large message",
SandboxPolicy::new_read_only_policy(),
PermissionProfile::read_only(),
)
.await?;

24
codex-rs/core/tests/suite/web_search.rs
View File

@@ -2,7 +2,7 @@
use codex_features::Feature;
use codex_protocol::config_types::WebSearchMode;
use codex_protocol::protocol::SandboxPolicy;
use codex_protocol::models::PermissionProfile;
use core_test_support::responses;
use core_test_support::responses::start_mock_server;
use core_test_support::skip_if_no_network;
@@ -44,9 +44,9 @@ async fn web_search_mode_cached_sets_external_web_access_false() {
.await
.expect("create test Codex conversation");
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"hello cached web search",
SandboxPolicy::new_read_only_policy(),
PermissionProfile::read_only(),
)
.await
.expect("submit turn");
@@ -86,9 +86,9 @@ async fn web_search_mode_takes_precedence_over_legacy_flags() {
.await
.expect("create test Codex conversation");
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"hello cached+live flags",
SandboxPolicy::new_read_only_policy(),
PermissionProfile::read_only(),
)
.await
.expect("submit turn");
@@ -132,9 +132,9 @@ async fn web_search_mode_defaults_to_cached_when_features_disabled() {
.await
.expect("create test Codex conversation");
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"hello default cached web search",
SandboxPolicy::new_read_only_policy(),
PermissionProfile::read_only(),
)
.await
.expect("submit turn");
@@ -149,7 +149,7 @@ async fn web_search_mode_defaults_to_cached_when_features_disabled() {
}
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
async fn web_search_mode_updates_between_turns_with_sandbox_policy() {
async fn web_search_mode_updates_between_turns_with_permission_profile() {
skip_if_no_network!();
let server = start_mock_server().await;
@@ -187,10 +187,10 @@ async fn web_search_mode_updates_between_turns_with_sandbox_policy() {
.await
.expect("create test Codex conversation");
test.submit_turn_with_policy("hello cached", SandboxPolicy::new_read_only_policy())
test.submit_turn_with_permission_profile("hello cached", PermissionProfile::read_only())
.await
.expect("submit first turn");
test.submit_turn_with_policy("hello live", SandboxPolicy::DangerFullAccess)
test.submit_turn_with_permission_profile("hello live", PermissionProfile::Disabled)
.await
.expect("submit second turn");
@@ -248,9 +248,9 @@ location = { country = "US", city = "New York", timezone = "America/New_York" }
.await
.expect("create test Codex conversation");
test.submit_turn_with_policy(
test.submit_turn_with_permission_profile(
"hello configured web search",
SandboxPolicy::DangerFullAccess,
PermissionProfile::Disabled,
)
.await
.expect("submit turn");