From d507eb9ce041fb8ff59d0127d8903a6ff3d10d6e Mon Sep 17 00:00:00 2001 From: Michael Bolin Date: Thu, 30 Apr 2026 08:49:40 -0700 Subject: [PATCH] protocol: remove legacy sandbox turn-context overrides --- .../app-server/src/codex_message_processor.rs | 6 +-- codex-rs/core/src/session/handlers.rs | 45 +------------------ codex-rs/core/src/session/session.rs | 18 -------- codex-rs/core/src/session/tests.rs | 6 +-- .../tests/suite/collaboration_instructions.rs | 26 +++++------ codex-rs/core/tests/suite/compact.rs | 2 +- codex-rs/core/tests/suite/compact_remote.rs | 4 +- .../core/tests/suite/compact_resume_fork.rs | 2 +- codex-rs/core/tests/suite/model_overrides.rs | 4 +- codex-rs/core/tests/suite/model_switching.rs | 6 +-- .../core/tests/suite/model_visible_layout.rs | 2 +- codex-rs/core/tests/suite/override_updates.rs | 6 +-- .../core/tests/suite/permissions_messages.rs | 8 ++-- codex-rs/core/tests/suite/personality.rs | 8 ++-- codex-rs/core/tests/suite/prompt_caching.rs | 4 +- codex-rs/core/tests/suite/remote_models.rs | 4 +- codex-rs/core/tests/suite/resume.rs | 2 +- codex-rs/core/tests/suite/review.rs | 2 +- codex-rs/memories/write/src/startup_tests.rs | 2 +- codex-rs/protocol/src/protocol.rs | 18 ++++---- codex-rs/tui/src/app/tests.rs | 12 ++--- codex-rs/tui/src/app_command.rs | 8 ++-- .../tui/src/chatwidget/tests/permissions.rs | 2 +- 23 files changed, 70 insertions(+), 127 deletions(-) diff --git a/codex-rs/app-server/src/codex_message_processor.rs b/codex-rs/app-server/src/codex_message_processor.rs index e6bb180065..bbe9abea74 100644 --- a/codex-rs/app-server/src/codex_message_processor.rs +++ b/codex-rs/app-server/src/codex_message_processor.rs @@ -6689,7 +6689,7 @@ impl CodexMessageProcessor { cwd: cwd.clone(), approval_policy, approvals_reviewer, - permission_profile: permission_profile_for_validation, + permission_profile: permission_profile_for_validation.clone(), active_permission_profile: active_permission_profile.clone(), clear_active_permission_profile: sandbox_policy.is_some(), windows_sandbox_level: None, @@ -6716,9 +6716,9 @@ impl CodexMessageProcessor { cwd, approval_policy, approvals_reviewer, - sandbox_policy, - permission_profile, + permission_profile: permission_profile_for_validation, active_permission_profile, + clear_active_permission_profile: sandbox_policy.is_some(), windows_sandbox_level: None, model, effort, diff --git a/codex-rs/core/src/session/handlers.rs b/codex-rs/core/src/session/handlers.rs index 0d5c0d025e..776ecd1fe1 100644 --- a/codex-rs/core/src/session/handlers.rs +++ b/codex-rs/core/src/session/handlers.rs @@ -34,7 +34,6 @@ use crate::tasks::execute_user_shell_command; use codex_mcp::collect_mcp_snapshot_from_manager; use codex_mcp::compute_auth_statuses; use codex_protocol::models::ContentItem; -use codex_protocol::models::PermissionProfile; use codex_protocol::models::ResponseInputItem; use codex_protocol::protocol::CodexErrorInfo; use codex_protocol::protocol::ErrorEvent; @@ -51,7 +50,6 @@ use codex_protocol::protocol::RealtimeVoicesList; use codex_protocol::protocol::ReviewDecision; use codex_protocol::protocol::ReviewRequest; use codex_protocol::protocol::RolloutItem; -use codex_protocol::protocol::SandboxPolicy; use codex_protocol::protocol::SkillErrorInfo; use codex_protocol::protocol::SkillsListEntry; use codex_protocol::protocol::ThreadMemoryMode; @@ -73,7 +71,6 @@ use codex_protocol::user_input::UserInput; use codex_rmcp_client::ElicitationAction; use codex_rmcp_client::ElicitationResponse; use serde_json::Value; -use std::path::Path; use std::path::PathBuf; use std::sync::Arc; use tracing::debug; @@ -181,9 +178,9 @@ pub(super) async fn user_input_or_turn_inner( cwd, approval_policy, approvals_reviewer, - sandbox_policy, permission_profile, active_permission_profile, + clear_active_permission_profile, windows_sandbox_level, model, effort, @@ -207,15 +204,6 @@ pub(super) async fn user_input_or_turn_inner( .with_updates(model, effort, /*developer_instructions*/ None), ) }; - let clear_active_permission_profile = - permission_profile.is_none() && sandbox_policy.is_some(); - let permission_profile = permission_profile_with_legacy_fallback( - sess, - sandbox_policy.as_ref(), - permission_profile, - cwd.as_deref(), - ) - .await; ( items, SessionSettingsUpdate { @@ -305,26 +293,6 @@ pub(super) async fn user_input_or_turn_inner( } } -async fn permission_profile_with_legacy_fallback( - sess: &Session, - sandbox_policy: Option<&SandboxPolicy>, - permission_profile: Option, - cwd: Option<&Path>, -) -> Option { - match (permission_profile, sandbox_policy) { - (Some(permission_profile), _) => Some(permission_profile), - (None, Some(sandbox_policy)) => { - let state = sess.state.lock().await; - Some( - state - .session_configuration - .permission_profile_from_legacy_sandbox_update(sandbox_policy, cwd), - ) - } - (None, None) => None, - } -} - async fn mirror_user_text_to_realtime(sess: &Arc, items: &[UserInput]) { let text = UserMessageItem::new(items).message(); if text.is_empty() { @@ -1050,8 +1018,8 @@ pub(super) async fn submission_loop( cwd, approval_policy, approvals_reviewer, - sandbox_policy, permission_profile, + clear_active_permission_profile, windows_sandbox_level, model, effort, @@ -1070,15 +1038,6 @@ pub(super) async fn submission_loop( /*developer_instructions*/ None, ) }; - let clear_active_permission_profile = - permission_profile.is_none() && sandbox_policy.is_some(); - let permission_profile = permission_profile_with_legacy_fallback( - &sess, - sandbox_policy.as_ref(), - permission_profile, - cwd.as_deref(), - ) - .await; override_turn_context( &sess, sub.id.clone(), diff --git a/codex-rs/core/src/session/session.rs b/codex-rs/core/src/session/session.rs index aa44490169..959fa46180 100644 --- a/codex-rs/core/src/session/session.rs +++ b/codex-rs/core/src/session/session.rs @@ -127,24 +127,6 @@ impl SessionConfiguration { self.permission_profile.get().network_sandbox_policy() } - pub(super) fn permission_profile_from_legacy_sandbox_update( - &self, - sandbox_policy: &SandboxPolicy, - cwd: Option<&Path>, - ) -> PermissionProfile { - let file_system_sandbox_policy = - FileSystemSandboxPolicy::from_legacy_sandbox_policy_preserving_deny_entries( - sandbox_policy, - self.resolved_update_cwd(cwd).as_path(), - &self.file_system_sandbox_policy(), - ); - PermissionProfile::from_runtime_permissions_with_enforcement( - SandboxEnforcement::from_legacy_sandbox_policy(sandbox_policy), - &file_system_sandbox_policy, - NetworkSandboxPolicy::from(sandbox_policy), - ) - } - pub(super) fn thread_config_snapshot(&self) -> ThreadConfigSnapshot { ThreadConfigSnapshot { model: self.collaboration_mode.model().to_string(), diff --git a/codex-rs/core/src/session/tests.rs b/codex-rs/core/src/session/tests.rs index 959e79ea02..3448524c65 100644 --- a/codex-rs/core/src/session/tests.rs +++ b/codex-rs/core/src/session/tests.rs @@ -1685,7 +1685,7 @@ async fn fork_startup_context_then_first_turn_diff_snapshot() -> anyhow::Result< cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -4182,7 +4182,7 @@ fn op_kind_distinguishes_turn_ops() { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -4214,7 +4214,7 @@ fn op_kind_distinguishes_turn_ops() { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, active_permission_profile: None, windows_sandbox_level: None, diff --git a/codex-rs/core/tests/suite/collaboration_instructions.rs b/codex-rs/core/tests/suite/collaboration_instructions.rs index 1dd5103849..2a4550ebef 100644 --- a/codex-rs/core/tests/suite/collaboration_instructions.rs +++ b/codex-rs/core/tests/suite/collaboration_instructions.rs @@ -128,7 +128,7 @@ async fn user_input_includes_collaboration_instructions_after_override() -> Resu cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -234,7 +234,7 @@ async fn override_then_next_turn_uses_updated_collaboration_instructions() -> Re cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -293,7 +293,7 @@ async fn user_turn_overrides_collaboration_instructions_after_override() -> Resu cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -366,7 +366,7 @@ async fn collaboration_mode_update_emits_new_instruction_message() -> Result<()> cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -396,7 +396,7 @@ async fn collaboration_mode_update_emits_new_instruction_message() -> Result<()> cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -455,7 +455,7 @@ async fn collaboration_mode_update_noop_does_not_append() -> Result<()> { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -485,7 +485,7 @@ async fn collaboration_mode_update_noop_does_not_append() -> Result<()> { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -543,7 +543,7 @@ async fn collaboration_mode_update_emits_new_instruction_message_when_mode_chang cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -576,7 +576,7 @@ async fn collaboration_mode_update_emits_new_instruction_message_when_mode_chang cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -638,7 +638,7 @@ async fn collaboration_mode_update_noop_does_not_append_when_mode_is_unchanged() cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -671,7 +671,7 @@ async fn collaboration_mode_update_noop_does_not_append_when_mode_is_unchanged() cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -739,7 +739,7 @@ async fn resume_replays_collaboration_instructions() -> Result<()> { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -807,7 +807,7 @@ async fn empty_collaboration_instructions_are_ignored() -> Result<()> { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/core/tests/suite/compact.rs b/codex-rs/core/tests/suite/compact.rs index 6256f1da82..6eb73f0e0d 100644 --- a/codex-rs/core/tests/suite/compact.rs +++ b/codex-rs/core/tests/suite/compact.rs @@ -3037,7 +3037,7 @@ async fn snapshot_request_shape_pre_turn_compaction_including_incoming_user_mess cwd: Some(PathBuf::from(PRETURN_CONTEXT_DIFF_CWD)), approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/core/tests/suite/compact_remote.rs b/codex-rs/core/tests/suite/compact_remote.rs index 57579ec0a3..a391ee92cc 100644 --- a/codex-rs/core/tests/suite/compact_remote.rs +++ b/codex-rs/core/tests/suite/compact_remote.rs @@ -2243,7 +2243,7 @@ async fn snapshot_request_shape_remote_pre_turn_compaction_including_incoming_us cwd: Some(PathBuf::from(PRETURN_CONTEXT_DIFF_CWD)), approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -2359,7 +2359,7 @@ async fn snapshot_request_shape_remote_pre_turn_compaction_strips_incoming_model cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some(next_model.to_string()), diff --git a/codex-rs/core/tests/suite/compact_resume_fork.rs b/codex-rs/core/tests/suite/compact_resume_fork.rs index 24f77fefdc..f080fb6f6b 100644 --- a/codex-rs/core/tests/suite/compact_resume_fork.rs +++ b/codex-rs/core/tests/suite/compact_resume_fork.rs @@ -549,7 +549,7 @@ async fn snapshot_rollback_followup_turn_trims_context_updates() -> Result<()> { cwd: Some(override_cwd.to_path_buf()), approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/core/tests/suite/model_overrides.rs b/codex-rs/core/tests/suite/model_overrides.rs index 9f8835f19f..a4e044dfaf 100644 --- a/codex-rs/core/tests/suite/model_overrides.rs +++ b/codex-rs/core/tests/suite/model_overrides.rs @@ -29,7 +29,7 @@ async fn override_turn_context_does_not_persist_when_config_exists() { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some("o3".to_string()), @@ -68,7 +68,7 @@ async fn override_turn_context_does_not_create_config_file() { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some("o3".to_string()), diff --git a/codex-rs/core/tests/suite/model_switching.rs b/codex-rs/core/tests/suite/model_switching.rs index 0c6575be82..9ffca2b9eb 100644 --- a/codex-rs/core/tests/suite/model_switching.rs +++ b/codex-rs/core/tests/suite/model_switching.rs @@ -158,7 +158,7 @@ async fn model_change_appends_model_instructions_developer_message() -> Result<( cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some(next_model.to_string()), @@ -238,7 +238,7 @@ async fn model_and_personality_change_only_appends_model_instructions() -> Resul cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some(next_model.to_string()), @@ -931,7 +931,7 @@ async fn model_switch_to_smaller_model_updates_token_context_window() -> Result< cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some(smaller_model_slug.to_string()), diff --git a/codex-rs/core/tests/suite/model_visible_layout.rs b/codex-rs/core/tests/suite/model_visible_layout.rs index cdae3ecf60..ae85d5f5c3 100644 --- a/codex-rs/core/tests/suite/model_visible_layout.rs +++ b/codex-rs/core/tests/suite/model_visible_layout.rs @@ -473,7 +473,7 @@ async fn snapshot_model_visible_layout_resume_override_matches_rollout_model() - cwd: Some(resume_override_cwd), approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some("gpt-5.2".to_string()), diff --git a/codex-rs/core/tests/suite/override_updates.rs b/codex-rs/core/tests/suite/override_updates.rs index 63d2b6ed43..646a8ad5df 100644 --- a/codex-rs/core/tests/suite/override_updates.rs +++ b/codex-rs/core/tests/suite/override_updates.rs @@ -117,7 +117,7 @@ async fn override_turn_context_without_user_turn_does_not_record_permissions_upd cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -160,7 +160,7 @@ async fn override_turn_context_without_user_turn_does_not_record_environment_upd cwd: Some(new_cwd.path().to_path_buf()), approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -200,7 +200,7 @@ async fn override_turn_context_without_user_turn_does_not_record_collaboration_u cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/core/tests/suite/permissions_messages.rs b/codex-rs/core/tests/suite/permissions_messages.rs index 8c2bcd27ad..648b592508 100644 --- a/codex-rs/core/tests/suite/permissions_messages.rs +++ b/codex-rs/core/tests/suite/permissions_messages.rs @@ -106,7 +106,7 @@ async fn permissions_message_added_on_override_change() -> Result<()> { cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -239,7 +239,7 @@ async fn permissions_message_omitted_when_disabled() -> Result<()> { cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -328,7 +328,7 @@ async fn resume_replays_permissions_messages() -> Result<()> { cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -434,7 +434,7 @@ async fn resume_and_fork_append_permissions_messages() -> Result<()> { cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/core/tests/suite/personality.rs b/codex-rs/core/tests/suite/personality.rs index 87e8925770..42223be142 100644 --- a/codex-rs/core/tests/suite/personality.rs +++ b/codex-rs/core/tests/suite/personality.rs @@ -331,7 +331,7 @@ async fn user_turn_personality_some_adds_update_message() -> anyhow::Result<()> cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -415,7 +415,7 @@ async fn user_turn_personality_same_value_does_not_add_update_message() -> anyho cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -512,7 +512,7 @@ async fn user_turn_personality_skips_if_feature_disabled() -> anyhow::Result<()> cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -759,7 +759,7 @@ async fn user_turn_personality_remote_model_template_includes_update_message() - cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/core/tests/suite/prompt_caching.rs b/codex-rs/core/tests/suite/prompt_caching.rs index f2255fa269..70be1d0176 100644 --- a/codex-rs/core/tests/suite/prompt_caching.rs +++ b/codex-rs/core/tests/suite/prompt_caching.rs @@ -445,7 +445,7 @@ async fn overrides_turn_context_but_keeps_cached_prefix_and_key_constant() -> an cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: Some(permission_profile), windows_sandbox_level: None, model: None, @@ -531,7 +531,7 @@ async fn override_before_first_turn_emits_environment_context() -> anyhow::Resul cwd: None, approval_policy: Some(AskForApproval::Never), approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some("gpt-5.4".to_string()), diff --git a/codex-rs/core/tests/suite/remote_models.rs b/codex-rs/core/tests/suite/remote_models.rs index 2fb5221756..e4d3ea909d 100644 --- a/codex-rs/core/tests/suite/remote_models.rs +++ b/codex-rs/core/tests/suite/remote_models.rs @@ -602,7 +602,7 @@ async fn remote_models_remote_model_uses_unified_exec() -> Result<()> { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some(REMOTE_MODEL_SLUG.to_string()), @@ -851,7 +851,7 @@ async fn remote_models_apply_remote_base_instructions() -> Result<()> { cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some(model.to_string()), diff --git a/codex-rs/core/tests/suite/resume.rs b/codex-rs/core/tests/suite/resume.rs index ab0fcba9b6..f43ea50097 100644 --- a/codex-rs/core/tests/suite/resume.rs +++ b/codex-rs/core/tests/suite/resume.rs @@ -427,7 +427,7 @@ async fn resume_model_switch_is_not_duplicated_after_pre_turn_override() -> Resu cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: Some("gpt-5.4".to_string()), diff --git a/codex-rs/core/tests/suite/review.rs b/codex-rs/core/tests/suite/review.rs index e3b462a1c6..a93ec0842f 100644 --- a/codex-rs/core/tests/suite/review.rs +++ b/codex-rs/core/tests/suite/review.rs @@ -836,7 +836,7 @@ async fn review_uses_overridden_cwd_for_base_branch_merge_base() { cwd: Some(repo_path.to_path_buf()), approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/memories/write/src/startup_tests.rs b/codex-rs/memories/write/src/startup_tests.rs index d89b68825e..443cb19882 100644 --- a/codex-rs/memories/write/src/startup_tests.rs +++ b/codex-rs/memories/write/src/startup_tests.rs @@ -247,8 +247,8 @@ async fn memories_startup_phase1_uses_live_thread_service_tier() -> anyhow::Resu cwd: None, approval_policy: None, approvals_reviewer: None, - sandbox_policy: None, permission_profile: None, + clear_active_permission_profile: false, windows_sandbox_level: None, model: None, effort: None, diff --git a/codex-rs/protocol/src/protocol.rs b/codex-rs/protocol/src/protocol.rs index c2f516af8f..901ab6134e 100644 --- a/codex-rs/protocol/src/protocol.rs +++ b/codex-rs/protocol/src/protocol.rs @@ -472,10 +472,6 @@ pub enum Op { #[serde(skip_serializing_if = "Option::is_none")] approvals_reviewer: Option, - /// Updated sandbox policy for tool calls. - #[serde(skip_serializing_if = "Option::is_none")] - sandbox_policy: Option, - /// Updated permissions profile for tool calls. #[serde(skip_serializing_if = "Option::is_none")] permission_profile: Option, @@ -486,6 +482,11 @@ pub enum Op { #[serde(skip_serializing_if = "Option::is_none")] active_permission_profile: Option, + /// Clear the active profile name/provenance even when setting a + /// concrete `permission_profile`. + #[serde(default, skip_serializing_if = "std::ops::Not::not")] + clear_active_permission_profile: bool, + /// Updated Windows sandbox mode for tool execution. #[serde(skip_serializing_if = "Option::is_none")] windows_sandbox_level: Option, @@ -609,14 +610,15 @@ pub enum Op { #[serde(skip_serializing_if = "Option::is_none")] approvals_reviewer: Option, - /// Updated sandbox policy for tool calls. - #[serde(skip_serializing_if = "Option::is_none")] - sandbox_policy: Option, - /// Updated permissions profile for tool calls. #[serde(skip_serializing_if = "Option::is_none")] permission_profile: Option, + /// Clear the active profile name/provenance even when setting a + /// concrete `permission_profile`. + #[serde(default, skip_serializing_if = "std::ops::Not::not")] + clear_active_permission_profile: bool, + /// Updated Windows sandbox mode for tool execution. #[serde(skip_serializing_if = "Option::is_none")] windows_sandbox_level: Option, diff --git a/codex-rs/tui/src/app/tests.rs b/codex-rs/tui/src/app/tests.rs index 3de31cb3ae..457adc3f6b 100644 --- a/codex-rs/tui/src/app/tests.rs +++ b/codex-rs/tui/src/app/tests.rs @@ -1659,7 +1659,7 @@ async fn update_feature_flags_enabling_guardian_selects_auto_review() -> Result< cwd: None, approval_policy: Some(auto_review.approval_policy), approvals_reviewer: Some(auto_review.approvals_reviewer), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: Some(auto_review.permission_profile.clone()), windows_sandbox_level: None, model: None, @@ -1750,7 +1750,7 @@ async fn update_feature_flags_disabling_guardian_clears_review_policy_and_restor cwd: None, approval_policy: None, approvals_reviewer: Some(ApprovalsReviewer::User), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -1829,7 +1829,7 @@ async fn update_feature_flags_enabling_guardian_overrides_explicit_manual_review cwd: None, approval_policy: Some(auto_review.approval_policy), approvals_reviewer: Some(auto_review.approvals_reviewer), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: Some(auto_review.permission_profile.clone()), windows_sandbox_level: None, model: None, @@ -1887,7 +1887,7 @@ async fn update_feature_flags_disabling_guardian_clears_manual_review_policy_wit cwd: None, approval_policy: None, approvals_reviewer: Some(ApprovalsReviewer::User), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, @@ -1947,7 +1947,7 @@ async fn update_feature_flags_enabling_guardian_in_profile_sets_profile_auto_rev cwd: None, approval_policy: Some(auto_review.approval_policy), approvals_reviewer: Some(auto_review.approvals_reviewer), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: Some(auto_review.permission_profile.clone()), windows_sandbox_level: None, model: None, @@ -2035,7 +2035,7 @@ guardian_approval = true cwd: None, approval_policy: None, approvals_reviewer: Some(ApprovalsReviewer::User), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: None, windows_sandbox_level: None, model: None, diff --git a/codex-rs/tui/src/app_command.rs b/codex-rs/tui/src/app_command.rs index 53ea762a78..f8c6707d25 100644 --- a/codex-rs/tui/src/app_command.rs +++ b/codex-rs/tui/src/app_command.rs @@ -399,8 +399,8 @@ impl AppCommand { cwd, approval_policy, approvals_reviewer, - sandbox_policy: None, permission_profile, + clear_active_permission_profile: false, windows_sandbox_level, model, effort, @@ -634,8 +634,8 @@ impl From for AppCommand { cwd, approval_policy, approvals_reviewer, - sandbox_policy, permission_profile, + clear_active_permission_profile, windows_sandbox_level, model, effort, @@ -644,7 +644,7 @@ impl From for AppCommand { collaboration_mode, personality, } => { - if sandbox_policy.is_none() { + if !clear_active_permission_profile { Self::OverrideTurnContext { cwd, approval_policy, @@ -663,8 +663,8 @@ impl From for AppCommand { cwd, approval_policy, approvals_reviewer, - sandbox_policy, permission_profile, + clear_active_permission_profile, windows_sandbox_level, model, effort, diff --git a/codex-rs/tui/src/chatwidget/tests/permissions.rs b/codex-rs/tui/src/chatwidget/tests/permissions.rs index f2d8e2d0c6..429a502444 100644 --- a/codex-rs/tui/src/chatwidget/tests/permissions.rs +++ b/codex-rs/tui/src/chatwidget/tests/permissions.rs @@ -710,7 +710,7 @@ async fn permissions_selection_sends_approvals_reviewer_in_override_turn_context cwd: None, approval_policy: Some(AskForApproval::OnRequest), approvals_reviewer: Some(ApprovalsReviewer::AutoReview), - sandbox_policy: None, + clear_active_permission_profile: false, permission_profile: Some(PermissionProfile::workspace_write()), windows_sandbox_level: None, model: None,