codex: fix guardian CI drift on PR #13871

2026-04-24 06:35:50 +00:00 · 2026-03-07 09:40:40 -08:00
parent a9c2c45683
commit f661b3a617
3 changed files with 6 additions and 1 deletions
--- a/codex-rs/core/src/codex_tests_guardian.rs
+++ b/codex-rs/core/src/codex_tests_guardian.rs
@@ -43,6 +43,10 @@ async fn guardian_allows_shell_additional_permissions_requests_past_policy_valid
        .sandbox_policy
        .set(SandboxPolicy::DangerFullAccess)
        .expect("test setup should allow updating sandbox policy");
+    turn_context_raw.file_system_sandbox_policy =
+        FileSystemSandboxPolicy::from(turn_context_raw.sandbox_policy.get());
+    turn_context_raw.network_sandbox_policy =
+        NetworkSandboxPolicy::from(turn_context_raw.sandbox_policy.get());
    let session = Arc::new(session);
    let turn_context = Arc::new(turn_context_raw);

--- a/codex-rs/core/src/snapshots/codex_coreguardiantests__guardian_review_request_layout.snap
+++ b/codex-rs/core/src/snapshots/codex_coreguardiantests__guardian_review_request_layout.snap
@@ -25,6 +25,6 @@ Scenario: Guardian review request layout
    [11] Sandbox denied outbound git push to github.com.\n\n
    [12] Assess the exact planned action below. Use read-only tool checks when local state matters.\n
    [13] Planned action JSON:\n
-    [14] {\n  "command": [\n    "git",\n    "push",\n    "origin",\n    "guardian-approval-mvp"\n  ],\n  "cwd": "/repo/codex-rs/core",\n  "justification": "Need to push the reviewed docs fix to the repo remote.",\n  "sandbox_permissions": "use_default",\n  "tool": "shell"\n}\n
+    [14] {\n  "tool": "shell",\n  "command": [\n    "git",\n    "push",\n    "origin",\n    "guardian-approval-mvp"\n  ],\n  "cwd": "/repo/codex-rs/core",\n  "sandbox_permissions": "use_default",\n  "justification": "Need to push the reviewed docs fix to the repo remote."\n}\n
    [15] >>> APPROVAL REQUEST END\n
    [16] You may use read-only tool checks to gather any additional context you need to make a high-confidence determination.\n\nYour final message must be strict JSON with this exact schema:\n{\n  "risk_level": "low" | "medium" | "high",\n  "risk_score": 0-100,\n  "rationale": string,\n  "evidence": [{"message": string, "why": string}]\n}\n
--- a/codex-rs/tui/src/chatwidget/snapshots/codex_tuichatwidgettests__experimental_popup_includes_guardian_approval.snap
+++ b/codex-rs/tui/src/chatwidget/snapshots/codex_tuichatwidgettests__experimental_popup_includes_guardian_approval.snap
@@ -8,6 +8,7 @@ expression: popup
 › [ ] JavaScript REPL              Enable a persistent Node-backed JavaScript REPL for interactive website debugging
                                   and other inline JavaScript execution capabilities. Requires Node >= v22.22.0
                                   installed.
+  [ ] Bubblewrap sandbox           Try the new linux sandbox based on bubblewrap.
  [ ] Multi-agents                 Ask Codex to spawn multiple agents to parallelize the work and win in efficiency.
  [ ] Apps                         Use a connected ChatGPT App using "$". Install Apps via /apps command. Restart
                                   Codex after enabling.