Fix code-mode deferred prompt tool leakage

2026-06-01 19:02:59 +00:00 · 2026-05-20 03:12:05 -07:00
2 changed files with 49 additions and 2 deletions
--- a/codex-rs/core/src/tools/spec_plan.rs
+++ b/codex-rs/core/src/tools/spec_plan.rs
@@ -251,9 +251,16 @@ fn build_code_mode_executors(
            executor.spec()
        })
        .collect::<Vec<_>>();
-    let namespace_descriptions = code_mode_namespace_descriptions(&code_mode_nested_tool_specs);
+    let code_mode_prompt_tool_specs = executors
+        .iter()
+        .filter_map(|executor| match executor.exposure() {
+            ToolExposure::Direct => executor.spec(),
+            ToolExposure::DirectModelOnly | ToolExposure::Deferred => None,
+        })
+        .collect::<Vec<_>>();
+    let namespace_descriptions = code_mode_namespace_descriptions(&code_mode_prompt_tool_specs);
    let mut enabled_tools =
-        collect_code_mode_exec_prompt_tool_definitions(code_mode_nested_tool_specs.iter());
+        collect_code_mode_exec_prompt_tool_definitions(code_mode_prompt_tool_specs.iter());
    enabled_tools
        .sort_by(|left, right| compare_code_mode_tools(left, right, &namespace_descriptions));

--- a/codex-rs/core/src/tools/spec_plan_tests.rs
+++ b/codex-rs/core/src/tools/spec_plan_tests.rs
@@ -2389,6 +2389,46 @@ fn code_mode_only_exec_description_includes_extension_tool_details() {
    assert!(description.contains("Echoes arguments through an extension tool."));
 }

+#[test]
+fn code_mode_only_exec_description_omits_deferred_tool_details() {
+    let model_info = search_capable_model_info();
+    let mut features = Features::with_defaults();
+    features.enable(Feature::CodeMode);
+    features.enable(Feature::CodeModeOnly);
+    features.enable(Feature::ToolSearch);
+    let available_models = Vec::new();
+    let tools_config = ToolsConfig::new(&ToolsConfigParams {
+        model_info: &model_info,
+        available_models: &available_models,
+        features: &features,
+        image_generation_tool_auth_allowed: true,
+        web_search_mode: Some(WebSearchMode::Cached),
+        session_source: SessionSource::Cli,
+        permission_profile: &PermissionProfile::Disabled,
+        windows_sandbox_level: WindowsSandboxLevel::Disabled,
+    });
+
+    let (tools, _) = build_specs(
+        &tools_config,
+        /*mcp_tools*/ None,
+        Some(vec![deferred_mcp_tool(
+            "_create_event",
+            "mcp__codex_apps__calendar",
+            CODEX_APPS_MCP_SERVER_NAME,
+            Some("Calendar"),
+            Some("Plan events and manage your calendar."),
+        )]),
+        &[],
+    );
+    let ToolSpec::Freeform(FreeformTool { description, .. }) = find_tool(&tools, "exec") else {
+        panic!("expected freeform tool");
+    };
+
+    assert!(description.contains("filter `ALL_TOOLS` by `name` and `description`"));
+    assert!(!description.contains("_create_event"));
+    assert!(!description.contains("mcp__codex_apps__calendar"));
+}
+
 #[test]
 fn code_mode_exec_description_omits_nested_tool_details_when_not_code_mode_only() {
    let model_info = model_info();