mirror of
https://github.com/openai/codex.git
synced 2026-04-29 00:55:38 +00:00
chore: add a separate reject-policy flag for skill approvals (#14271)
## Summary - add `skill_approval` to `RejectConfig` and the app-server v2 `AskForApproval::Reject` payload so skill-script prompts can be configured independently from sandbox and rule-based prompts - update Unix shell escalation to reject prompts based on the actual decision source, keeping prefix rules tied to `rules`, unmatched command fallbacks tied to `sandbox_approval`, and skill scripts tied to `skill_approval` - regenerate the affected protocol/config schemas and expand unit/integration coverage for the new flag and skill approval behavior
This commit is contained in:
Celia Chen
committed by
Michael Bolin
Michael Bolin
parent
83b22bb612
commit
c1a424691f
@@ -206,6 +206,8 @@ pub enum AskForApproval {
|
||||
sandbox_approval: bool,
|
||||
rules: bool,
|
||||
#[serde(default)]
|
||||
skill_approval: bool,
|
||||
#[serde(default)]
|
||||
request_permissions: bool,
|
||||
mcp_elicitations: bool,
|
||||
},
|
||||
@@ -221,11 +223,13 @@ impl AskForApproval {
|
||||
AskForApproval::Reject {
|
||||
sandbox_approval,
|
||||
rules,
|
||||
skill_approval,
|
||||
request_permissions,
|
||||
mcp_elicitations,
|
||||
} => CoreAskForApproval::Reject(CoreRejectConfig {
|
||||
sandbox_approval,
|
||||
rules,
|
||||
skill_approval,
|
||||
request_permissions,
|
||||
mcp_elicitations,
|
||||
}),
|
||||
@@ -243,6 +247,7 @@ impl From<CoreAskForApproval> for AskForApproval {
|
||||
CoreAskForApproval::Reject(reject_config) => AskForApproval::Reject {
|
||||
sandbox_approval: reject_config.sandbox_approval,
|
||||
rules: reject_config.rules,
|
||||
skill_approval: reject_config.skill_approval,
|
||||
request_permissions: reject_config.request_permissions,
|
||||
mcp_elicitations: reject_config.mcp_elicitations,
|
||||
},
|
||||
@@ -6159,6 +6164,7 @@ mod tests {
|
||||
let v2_policy = AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: true,
|
||||
mcp_elicitations: false,
|
||||
};
|
||||
@@ -6169,6 +6175,7 @@ mod tests {
|
||||
CoreAskForApproval::Reject(CoreRejectConfig {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: true,
|
||||
mcp_elicitations: false,
|
||||
})
|
||||
@@ -6179,7 +6186,7 @@ mod tests {
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn ask_for_approval_reject_defaults_missing_request_permissions_to_false() {
|
||||
fn ask_for_approval_reject_defaults_missing_optional_flags_to_false() {
|
||||
let decoded = serde_json::from_value::<AskForApproval>(serde_json::json!({
|
||||
"reject": {
|
||||
"sandbox_approval": true,
|
||||
@@ -6194,6 +6201,7 @@ mod tests {
|
||||
AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
}
|
||||
@@ -6206,6 +6214,7 @@ mod tests {
|
||||
&AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
},
|
||||
@@ -6228,6 +6237,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: true,
|
||||
mcp_elicitations: false,
|
||||
}),
|
||||
@@ -6255,6 +6265,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: false,
|
||||
rules: true,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
}),
|
||||
@@ -6305,6 +6316,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
}),
|
||||
@@ -6340,6 +6352,7 @@ mod tests {
|
||||
allowed_approval_policies: Some(vec![AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: true,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: false,
|
||||
}]),
|
||||
@@ -6362,6 +6375,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: true,
|
||||
mcp_elicitations: false,
|
||||
}),
|
||||
@@ -6383,6 +6397,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: false,
|
||||
rules: true,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
}),
|
||||
@@ -6404,6 +6419,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: true,
|
||||
rules: false,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
}),
|
||||
@@ -6426,6 +6442,7 @@ mod tests {
|
||||
approval_policy: Some(AskForApproval::Reject {
|
||||
sandbox_approval: false,
|
||||
rules: true,
|
||||
skill_approval: false,
|
||||
request_permissions: false,
|
||||
mcp_elicitations: true,
|
||||
}),
|
||||
|
||||
Reference in New Issue
Block a user