clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-05 03:47:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,076 Commits 2,845 Branches 932 Tags
0cdfe2544a4fa8a4eef223c1fe2c7a962544854e
Commit Graph

5277 Commits

Author SHA1 Message Date
Michael Bolin
0cdfe2544a sandboxing: exercise seatbelt with runtime policies 2026-04-30 06:34:23 -07:00
Michael Bolin
6058961865 app-server: compare resume sandbox from permission profile 2026-04-30 06:26:47 -07:00
Michael Bolin
4a90f76298 mcp: send sandbox metadata as permission profile only 2026-04-30 06:20:52 -07:00
Michael Bolin
513a439b8f thread-store: stop exposing legacy sandbox policy 2026-04-30 06:16:53 -07:00
Michael Bolin
035b1b8030 tui: centralize legacy sandbox projection 2026-04-30 06:07:05 -07:00
Michael Bolin
5d82aeefcc test support: derive turn sandbox from permission profiles 2026-04-30 05:32:17 -07:00
Michael Bolin
0d0d3d8d12 windows setup: derive sandbox from permission profile 2026-04-30 05:26:50 -07:00
Michael Bolin
22ef2d9dc3 exec tests: derive thread sandbox from profile 2026-04-30 05:21:34 -07:00
Michael Bolin
df12b83033 windows read grants: accept permission profiles 2026-04-30 05:21:34 -07:00
Michael Bolin
53f8983bf5 session tests: configure permissions with profiles 2026-04-30 05:21:34 -07:00
Michael Bolin
e411b9357a analytics tests: derive sandbox fixtures from profiles 2026-04-30 05:01:45 -07:00
Michael Bolin
3a0e5391bb approval tests: configure scenarios with permission profiles 2026-04-30 04:54:18 -07:00
Michael Bolin
5616730500 tui: hydrate thread permissions from profiles 2026-04-30 04:54:09 -07:00
Michael Bolin
79e7a6f053 rollout tests: seed turn contexts from permission profiles 2026-04-30 04:46:08 -07:00
Michael Bolin
fa0b3f30f4 state: extract rollout permissions from profiles 2026-04-30 04:46:08 -07:00
Michael Bolin
c6d275f2a5 state: derive metadata sandbox from permission profiles 2026-04-30 04:46:08 -07:00
Michael Bolin
fa4fad57f0 otel: report conversation permissions from profiles 2026-04-30 04:05:23 -07:00
Michael Bolin
37aa2f8157 protocol: drop cwd-less legacy profile constructor 2026-04-30 04:00:16 -07:00
Michael Bolin
c210b12f39 app-server-test-client: select permission profiles by name 2026-04-30 03:53:14 -07:00
Michael Bolin
3c5890a1ce session tests: configure runtime permissions directly 2026-04-30 03:47:14 -07:00
Michael Bolin
7364013fe0 tests: mutate spawn-agent permission profile directly 2026-04-30 03:43:57 -07:00
Michael Bolin
c886193921 app-server tests: select turn permission profiles by name 2026-04-30 03:39:50 -07:00
Michael Bolin
b6d55cd9f2 file-system: drop unused legacy sandbox constructor 2026-04-30 03:33:23 -07:00
Michael Bolin
2876493bae tests: use disabled profile in exec capture check 2026-04-30 03:28:48 -07:00
Michael Bolin
e894ac76f7 tests: use profile constructors in config checks 2026-04-30 03:26:51 -07:00
Michael Bolin
4cf7855a99 tests: use permission profiles in multi-agent config checks 2026-04-30 03:23:18 -07:00
Michael Bolin
52d200da00 tests: remove sandbox policy fixture from rollout trace 2026-04-30 03:20:17 -07:00
Michael Bolin
c48043f4e4 tests: use permission profiles in session network checks 2026-04-30 03:18:22 -07:00
Michael Bolin
8a2144d700 tests: use permission profiles in config loader checks 2026-04-30 03:18:22 -07:00
Michael Bolin
0fc2a7b068 tests: submit websocket turns with permission profiles 2026-04-30 03:08:22 -07:00
Michael Bolin
4f646e0aca tests: use permission profiles in exec policy checks 2026-04-30 03:04:35 -07:00
Michael Bolin
e28bb5c396 tests: use permission profiles in request permission suite 2026-04-30 03:01:06 -07:00
Michael Bolin
521cf5bdd4 tests: use permission profiles in unified exec suite 2026-04-30 03:01:06 -07:00
Michael Bolin
57094ee86d core: use permission profiles in small read-only contexts 2026-04-30 03:01:06 -07:00
Michael Bolin
550adee585 exec tests: launch sandbox cases from permission profiles 2026-04-30 02:36:30 -07:00
Michael Bolin
200c83f7d7 tests: use permission profiles in suite turn submits 2026-04-30 02:36:30 -07:00
Michael Bolin
cfeaa5aab1 guardian: configure review session permissions directly 2026-04-30 02:36:30 -07:00
Michael Bolin
75c9c98aed tests: use permission profiles in small core fixtures 2026-04-30 02:36:30 -07:00
Michael Bolin
d2e3e3613b exec-server: use permission profiles in file system handler tests 2026-04-30 02:36:30 -07:00
Michael Bolin
57f895a7c0 memories: configure consolidation permissions directly 2026-04-30 02:36:30 -07:00
Michael Bolin
0cc3264ed4 analytics: distinguish custom managed permission profiles 2026-04-30 02:36:30 -07:00
Michael Bolin
05d341f0d4 tests: use permission profiles in guardian config checks 2026-04-30 02:36:30 -07:00
Michael Bolin
d53c86e0da tests: use permission profiles in unix escalation checks 2026-04-30 02:36:30 -07:00
Michael Bolin
44ec706a44 tests: use permission profiles in patch safety checks 2026-04-30 02:36:30 -07:00
Michael Bolin
a3880e937b tests: use permission profiles in tool sandbox tests 2026-04-30 02:36:30 -07:00
Michael Bolin
ee05c896f7 tests: use permission profile fixtures in config checks 2026-04-30 02:36:30 -07:00
Michael Bolin
ada7881352 core: build permission instructions from profiles only 2026-04-30 02:36:30 -07:00
Michael Bolin
c4c371f257 utils: summarize permission profiles directly 2026-04-30 02:36:30 -07:00
Michael Bolin
97aaf4cea4 tests: copy plugin stdio server before launch 2026-04-30 02:36:21 -07:00
jif-oai
c37f7434ba Gate multi-agent v2 tools independently of collab (#20246) 
## Why

`multi_agents_v2` is meant to be independently gated from the older
`collab` feature. The tool registry still treated the
collaboration-style agent tools as `collab`-only, so enabling
`multi_agents_v2` without `collab` omitted the v2 agent tools. Review
and guardian sub-sessions also need to keep agent spawning disabled even
when the outer session has `multi_agents_v2` enabled.

## What changed

- Include the collab-backed agent tools when either `multi_agents_v2` or
`collab` is enabled.
- Explicitly disable `multi_agents_v2` for review and guardian review
sub-sessions, matching the existing `spawn_csv` and `collab`
restrictions.
- Add a registry test that enables `multi_agents_v2`, disables `collab`,
and verifies the v2 agent tools are present while legacy `send_input`
and `resume_agent` remain hidden.

## Testing

- Added
`test_build_specs_multi_agent_v2_does_not_require_collab_feature`.
 2026-04-30 10:23:31 +02:00