mirror of
https://github.com/openai/codex.git
synced 2026-06-01 19:02:59 +00:00
bc24017d64
## Summary
- add `approvals_reviewer = "user" | "guardian_subagent"` as the runtime
control for who reviews approval requests
- route Smart Approvals guardian review through core for command
execution, file changes, managed-network approvals, MCP approvals, and
delegated/subagent approval flows
- expose guardian review in app-server with temporary unstable
`item/autoApprovalReview/{started,completed}` notifications carrying
`targetItemId`, `review`, and `action`
- update the TUI so Smart Approvals can be enabled from `/experimental`,
aligned with the matching `/approvals` mode, and surfaced clearly while
reviews are pending or resolved
## Runtime model
This PR does not introduce a new `approval_policy`.
Instead:
- `approval_policy` still controls when approval is needed
- `approvals_reviewer` controls who reviewable approval requests are
routed to:
- `user`
- `guardian_subagent`
`guardian_subagent` is a carefully prompted reviewer subagent that
gathers relevant context and applies a risk-based decision framework
before approving or denying the request.
The `smart_approvals` feature flag is a rollout/UI gate. Core runtime
behavior keys off `approvals_reviewer`.
When Smart Approvals is enabled from the TUI, it also switches the
current `/approvals` settings to the matching Smart Approvals mode so
users immediately see guardian review in the active thread:
- `approval_policy = on-request`
- `approvals_reviewer = guardian_subagent`
- `sandbox_mode = workspace-write`
Users can still change `/approvals` afterward.
Config-load behavior stays intentionally narrow:
- plain `smart_approvals = true` in `config.toml` remains just the
rollout/UI gate and does not auto-set `approvals_reviewer`
- the deprecated `guardian_approval = true` alias migration does
backfill `approvals_reviewer = "guardian_subagent"` in the same scope
when that reviewer is not already configured there, so old configs
preserve their original guardian-enabled behavior
ARC remains a separate safety check. For MCP tool approvals, ARC
escalations now flow into the configured reviewer instead of always
bypassing guardian and forcing manual review.
## Config stability
The runtime reviewer override is stable, but the config-backed
app-server protocol shape is still settling.
- `thread/start`, `thread/resume`, and `turn/start` keep stable
`approvalsReviewer` overrides
- the config-backed `approvals_reviewer` exposure returned via
`config/read` (including profile-level config) is now marked
`[UNSTABLE]` / experimental in the app-server protocol until we are more
confident in that config surface
## App-server surface
This PR intentionally keeps the guardian app-server shape narrow and
temporary.
It adds generic unstable lifecycle notifications:
- `item/autoApprovalReview/started`
- `item/autoApprovalReview/completed`
with payloads of the form:
- `{ threadId, turnId, targetItemId, review, action? }`
`review` is currently:
- `{ status, riskScore?, riskLevel?, rationale? }`
- where `status` is one of `inProgress`, `approved`, `denied`, or
`aborted`
`action` carries the guardian action summary payload from core when
available. This lets clients render temporary standalone pending-review
UI, including parallel reviews, even when the underlying tool item has
not been emitted yet.
These notifications are explicitly documented as `[UNSTABLE]` and
expected to change soon.
This PR does **not** persist guardian review state onto `thread/read`
tool items. The intended follow-up is to attach guardian review state to
the reviewed tool item lifecycle instead, which would improve
consistency with manual approvals and allow thread history / reconnect
flows to replay guardian review state directly.
## TUI behavior
- `/experimental` exposes the rollout gate as `Smart Approvals`
- enabling it in the TUI enables the feature and switches the current
session to the matching Smart Approvals `/approvals` mode
- disabling it in the TUI clears the persisted `approvals_reviewer`
override when appropriate and returns the session to default manual
review when the effective reviewer changes
- `/approvals` still exposes the reviewer choice directly
- the TUI renders:
- pending guardian review state in the live status footer, including
parallel review aggregation
- resolved approval/denial state in history
## Scope notes
This PR includes the supporting core/runtime work needed to make Smart
Approvals usable end-to-end:
- shell / unified-exec / apply_patch / managed-network / MCP guardian
review
- delegated/subagent approval routing into guardian review
- guardian review risk metadata and action summaries for app-server/TUI
- config/profile/TUI handling for `smart_approvals`, `guardian_approval`
alias migration, and `approvals_reviewer`
- a small internal cleanup of delegated approval forwarding to dedupe
fallback paths and simplify guardian-vs-parent approval waiting (no
intended behavior change)
Out of scope for this PR:
- redesigning the existing manual approval protocol shapes
- persisting guardian review state onto app-server `ThreadItem`s
- delegated MCP elicitation auto-review (the current delegated MCP
guardian shim only covers the legacy `RequestUserInput` path)
---------
Co-authored-by: Codex <noreply@openai.com>
164 lines
5.5 KiB
Rust
164 lines
5.5 KiB
Rust
#![cfg(not(target_os = "windows"))]
|
|
|
|
use anyhow::Ok;
|
|
use codex_app_server_protocol::ConfigLayerSource;
|
|
use codex_core::config_loader::ConfigLayerEntry;
|
|
use codex_core::config_loader::ConfigLayerStack;
|
|
use codex_core::config_loader::ConfigRequirements;
|
|
use codex_core::config_loader::ConfigRequirementsToml;
|
|
use codex_core::features::Feature;
|
|
use codex_protocol::protocol::DeprecationNoticeEvent;
|
|
use codex_protocol::protocol::EventMsg;
|
|
use core_test_support::responses::start_mock_server;
|
|
use core_test_support::skip_if_no_network;
|
|
use core_test_support::test_absolute_path;
|
|
use core_test_support::test_codex::TestCodex;
|
|
use core_test_support::test_codex::test_codex;
|
|
use core_test_support::wait_for_event_match;
|
|
use pretty_assertions::assert_eq;
|
|
use std::collections::BTreeMap;
|
|
use toml::Value as TomlValue;
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn emits_deprecation_notice_for_legacy_feature_flag() -> anyhow::Result<()> {
|
|
skip_if_no_network!(Ok(()));
|
|
|
|
let server = start_mock_server().await;
|
|
|
|
let mut builder = test_codex().with_config(|config| {
|
|
let mut features = config.features.get().clone();
|
|
features.enable(Feature::UnifiedExec);
|
|
features
|
|
.record_legacy_usage_force("use_experimental_unified_exec_tool", Feature::UnifiedExec);
|
|
config
|
|
.features
|
|
.set(features)
|
|
.expect("test config should allow managed feature metadata updates");
|
|
config.use_experimental_unified_exec_tool = true;
|
|
});
|
|
|
|
let TestCodex { codex, .. } = builder.build(&server).await?;
|
|
|
|
let notice = wait_for_event_match(&codex, |event| match event {
|
|
EventMsg::DeprecationNotice(ev) => Some(ev.clone()),
|
|
_ => None,
|
|
})
|
|
.await;
|
|
|
|
let DeprecationNoticeEvent { summary, details } = notice;
|
|
assert_eq!(
|
|
summary,
|
|
"`[features].use_experimental_unified_exec_tool` is deprecated. Use `[features].unified_exec` instead.".to_string(),
|
|
);
|
|
assert_eq!(
|
|
details.as_deref(),
|
|
Some(
|
|
"Enable it with `--enable unified_exec` or `[features].unified_exec` in config.toml. See https://developers.openai.com/codex/config-basic#feature-flags for details."
|
|
),
|
|
);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn emits_deprecation_notice_for_experimental_instructions_file() -> anyhow::Result<()> {
|
|
skip_if_no_network!(Ok(()));
|
|
|
|
let server = start_mock_server().await;
|
|
|
|
let mut builder = test_codex().with_config(|config| {
|
|
let mut table = toml::map::Map::new();
|
|
table.insert(
|
|
"experimental_instructions_file".to_string(),
|
|
TomlValue::String("legacy.md".to_string()),
|
|
);
|
|
let config_layer = ConfigLayerEntry::new(
|
|
ConfigLayerSource::User {
|
|
file: test_absolute_path("/tmp/config.toml"),
|
|
},
|
|
TomlValue::Table(table),
|
|
);
|
|
let config_layer_stack = ConfigLayerStack::new(
|
|
vec![config_layer],
|
|
ConfigRequirements::default(),
|
|
ConfigRequirementsToml::default(),
|
|
)
|
|
.expect("build config layer stack");
|
|
config.config_layer_stack = config_layer_stack;
|
|
});
|
|
|
|
let TestCodex { codex, .. } = builder.build(&server).await?;
|
|
|
|
let notice = wait_for_event_match(&codex, |event| match event {
|
|
EventMsg::DeprecationNotice(ev)
|
|
if ev.summary.contains("experimental_instructions_file") =>
|
|
{
|
|
Some(ev.clone())
|
|
}
|
|
_ => None,
|
|
})
|
|
.await;
|
|
|
|
let DeprecationNoticeEvent { summary, details } = notice;
|
|
assert_eq!(
|
|
summary,
|
|
"`experimental_instructions_file` is deprecated and ignored. Use `model_instructions_file` instead."
|
|
.to_string(),
|
|
);
|
|
assert_eq!(
|
|
details.as_deref(),
|
|
Some(
|
|
"Move the setting to `model_instructions_file` in config.toml (or under a profile) to load instructions from a file."
|
|
),
|
|
);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn emits_deprecation_notice_for_web_search_feature_flag_values() -> anyhow::Result<()> {
|
|
skip_if_no_network!(Ok(()));
|
|
|
|
for enabled in [true, false] {
|
|
let server = start_mock_server().await;
|
|
|
|
let mut builder = test_codex().with_config(move |config| {
|
|
let mut entries = BTreeMap::new();
|
|
entries.insert("web_search_request".to_string(), enabled);
|
|
let mut features = config.features.get().clone();
|
|
features.apply_map(&entries);
|
|
config
|
|
.features
|
|
.set(features)
|
|
.expect("test config should allow managed feature map updates");
|
|
});
|
|
|
|
let TestCodex { codex, .. } = builder.build(&server).await?;
|
|
|
|
let notice = wait_for_event_match(&codex, |event| match event {
|
|
EventMsg::DeprecationNotice(ev)
|
|
if ev.summary.contains("[features].web_search_request") =>
|
|
{
|
|
Some(ev.clone())
|
|
}
|
|
_ => None,
|
|
})
|
|
.await;
|
|
|
|
let DeprecationNoticeEvent { summary, details } = notice;
|
|
assert_eq!(
|
|
summary,
|
|
"`[features].web_search_request` is deprecated because web search is enabled by default."
|
|
.to_string(),
|
|
);
|
|
assert_eq!(
|
|
details.as_deref(),
|
|
Some(
|
|
"Set `web_search` to `\"live\"`, `\"cached\"`, or `\"disabled\"` at the top level (or under a profile) in config.toml if you want to override it."
|
|
),
|
|
);
|
|
}
|
|
|
|
Ok(())
|
|
}
|