clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-25 23:24:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure shell command skills trigger approval (#12697)

Browse Source 
Summary
- detect skill-invoking shell commands based on the original command
string, request approvals when needed, and cache positive decisions per
session
- keep implicit skill invocation emitted after approval and keep skill
approval decline messaging centralized to the shell handler
- expand and adjust skill approval tests to cover shell-based skill
scripts while matching the new detection expectations

Testing
- Not run (not requested)
This commit is contained in:
pakrym-oai
2026-02-24 12:13:20 -08:00
committed by GitHub
parent 061d1d3b5e
commit daf0f03ac8
10 changed files with 540 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
codex-rs/linux-sandbox/tests/suite/landlock.rs
View File

@@ -73,6 +73,7 @@ async fn run_cmd_result_with_writable_roots(
let sandbox_cwd = cwd.clone();
let params = ExecParams {
command: cmd.iter().copied().map(str::to_owned).collect(),
original_command: cmd.iter().copied().map(str::to_owned).collect(),
cwd,
expiration: timeout_ms.into(),
env: create_env_from_core_vars(),
@@ -315,6 +316,7 @@ async fn assert_network_blocked(cmd: &[&str]) {
let sandbox_cwd = cwd.clone();
let params = ExecParams {
command: cmd.iter().copied().map(str::to_owned).collect(),
original_command: cmd.iter().copied().map(str::to_owned).collect(),
cwd,
// Give the tool a generous 2-second timeout so even slow DNS timeouts
// do not stall the suite.