mirror of
https://github.com/openai/codex.git
synced 2026-05-23 20:44:50 +00:00
1a25d8b6e5
**Stack position:** [3 of 7] ## Summary This PR finishes the input-op consolidation by moving the remaining `Op::UserTurn` callers onto `Op::UserInput` and deleting `Op::UserTurn`. This touches a lot of files, but it is a low-risk mechanical migration. ## Stack 1. [1 of 7] [Add thread settings to UserInput](https://github.com/openai/codex/pull/23080) 2. [2 of 7] [Remove UserInputWithTurnContext](https://github.com/openai/codex/pull/23081) 3. [3 of 7] [Remove UserTurn](https://github.com/openai/codex/pull/23075) (this PR) 4. [4 of 7] [Placeholder for OverrideTurnContext cleanup](https://github.com/openai/codex/pull/23087) 5. [5 of 7] [Replace OverrideTurnContext with ThreadSettings](https://github.com/openai/codex/pull/22508) 6. [6 of 7] [Add app-server thread settings API](https://github.com/openai/codex/pull/22509) 7. [7 of 7] [Sync TUI thread settings](https://github.com/openai/codex/pull/22510)
411 lines
13 KiB
Rust
411 lines
13 KiB
Rust
#![allow(clippy::unwrap_used, clippy::expect_used)]
|
|
|
|
use anyhow::Result;
|
|
use codex_features::Feature;
|
|
use codex_protocol::config_types::CollaborationMode;
|
|
use codex_protocol::config_types::ModeKind;
|
|
use codex_protocol::config_types::Settings;
|
|
use codex_protocol::models::PermissionProfile;
|
|
use codex_protocol::protocol::AskForApproval;
|
|
use codex_protocol::protocol::EventMsg;
|
|
use codex_protocol::protocol::Op;
|
|
use codex_protocol::user_input::UserInput;
|
|
use core_test_support::responses::ev_assistant_message;
|
|
use core_test_support::responses::ev_completed;
|
|
use core_test_support::responses::ev_function_call;
|
|
use core_test_support::responses::ev_response_created;
|
|
use core_test_support::responses::mount_sse_once;
|
|
use core_test_support::responses::sse;
|
|
use core_test_support::responses::start_mock_server;
|
|
use core_test_support::test_codex::test_codex;
|
|
use core_test_support::test_codex::turn_permission_fields;
|
|
use core_test_support::wait_for_event;
|
|
use serde_json::Value;
|
|
use serde_json::json;
|
|
use std::fs;
|
|
|
|
fn collaboration_mode_for_model(model: String) -> CollaborationMode {
|
|
CollaborationMode {
|
|
mode: ModeKind::Default,
|
|
settings: Settings {
|
|
model,
|
|
reasoning_effort: None,
|
|
developer_instructions: Some("exercise approvals in collaboration mode".to_string()),
|
|
},
|
|
}
|
|
}
|
|
|
|
async fn submit_user_turn(
|
|
test: &core_test_support::test_codex::TestCodex,
|
|
prompt: &str,
|
|
approval_policy: AskForApproval,
|
|
permission_profile: PermissionProfile,
|
|
collaboration_mode: Option<CollaborationMode>,
|
|
) -> Result<()> {
|
|
let session_model = test.session_configured.model.clone();
|
|
let (sandbox_policy, permission_profile) =
|
|
turn_permission_fields(permission_profile, test.config.cwd.as_path());
|
|
test.codex
|
|
.submit(Op::UserInput {
|
|
items: vec![UserInput::Text {
|
|
text: prompt.into(),
|
|
text_elements: Vec::new(),
|
|
}],
|
|
environments: None,
|
|
final_output_json_schema: None,
|
|
responsesapi_client_metadata: None,
|
|
thread_settings: codex_protocol::protocol::ThreadSettingsOverrides {
|
|
cwd: Some(test.cwd_path().to_path_buf()),
|
|
approval_policy: Some(approval_policy),
|
|
sandbox_policy: Some(sandbox_policy),
|
|
permission_profile,
|
|
collaboration_mode: collaboration_mode.or({
|
|
Some(codex_protocol::config_types::CollaborationMode {
|
|
mode: codex_protocol::config_types::ModeKind::Default,
|
|
settings: codex_protocol::config_types::Settings {
|
|
model: session_model,
|
|
reasoning_effort: None,
|
|
developer_instructions: None,
|
|
},
|
|
})
|
|
}),
|
|
..Default::default()
|
|
},
|
|
})
|
|
.await?;
|
|
Ok(())
|
|
}
|
|
|
|
fn assert_no_matched_rules_invariant(output_item: &Value) {
|
|
let Some(output) = output_item.get("output").and_then(Value::as_str) else {
|
|
panic!("function_call_output should include string output payload: {output_item:?}");
|
|
};
|
|
assert!(
|
|
!output.contains("invariant failed: matched_rules must be non-empty"),
|
|
"unexpected invariant panic surfaced in output: {output}"
|
|
);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn execpolicy_blocks_shell_invocation() -> Result<()> {
|
|
let mut builder = test_codex().with_config(|config| {
|
|
let policy_path = config.codex_home.join("rules").join("policy.rules");
|
|
fs::create_dir_all(
|
|
policy_path
|
|
.parent()
|
|
.expect("policy directory must have a parent"),
|
|
)
|
|
.expect("create policy directory");
|
|
fs::write(
|
|
&policy_path,
|
|
r#"prefix_rule(pattern=["echo"], decision="forbidden")"#,
|
|
)
|
|
.expect("write policy file");
|
|
});
|
|
let server = start_mock_server().await;
|
|
let test = builder.build(&server).await?;
|
|
|
|
let call_id = "shell-forbidden";
|
|
let args = json!({
|
|
"command": "echo blocked",
|
|
"timeout_ms": 1_000,
|
|
});
|
|
|
|
mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_response_created("resp-1"),
|
|
ev_function_call(call_id, "shell_command", &serde_json::to_string(&args)?),
|
|
ev_completed("resp-1"),
|
|
]),
|
|
)
|
|
.await;
|
|
mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_assistant_message("msg-1", "done"),
|
|
ev_completed("resp-2"),
|
|
]),
|
|
)
|
|
.await;
|
|
|
|
let session_model = test.session_configured.model.clone();
|
|
let (sandbox_policy, permission_profile) =
|
|
turn_permission_fields(PermissionProfile::Disabled, test.config.cwd.as_path());
|
|
test.codex
|
|
.submit(Op::UserInput {
|
|
items: vec![UserInput::Text {
|
|
text: "run shell command".into(),
|
|
text_elements: Vec::new(),
|
|
}],
|
|
environments: None,
|
|
final_output_json_schema: None,
|
|
responsesapi_client_metadata: None,
|
|
thread_settings: codex_protocol::protocol::ThreadSettingsOverrides {
|
|
cwd: Some(test.cwd_path().to_path_buf()),
|
|
approval_policy: Some(AskForApproval::Never),
|
|
sandbox_policy: Some(sandbox_policy),
|
|
permission_profile,
|
|
collaboration_mode: Some(codex_protocol::config_types::CollaborationMode {
|
|
mode: codex_protocol::config_types::ModeKind::Default,
|
|
settings: codex_protocol::config_types::Settings {
|
|
model: session_model,
|
|
reasoning_effort: None,
|
|
developer_instructions: None,
|
|
},
|
|
}),
|
|
..Default::default()
|
|
},
|
|
})
|
|
.await?;
|
|
|
|
let EventMsg::ExecCommandEnd(end) = wait_for_event(&test.codex, |event| {
|
|
matches!(event, EventMsg::ExecCommandEnd(_))
|
|
})
|
|
.await
|
|
else {
|
|
unreachable!()
|
|
};
|
|
wait_for_event(&test.codex, |event| {
|
|
matches!(event, EventMsg::TurnComplete(_))
|
|
})
|
|
.await;
|
|
|
|
assert!(
|
|
end.aggregated_output
|
|
.contains("policy forbids commands starting with `echo`"),
|
|
"unexpected output: {}",
|
|
end.aggregated_output
|
|
);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn shell_command_empty_script_with_collaboration_mode_does_not_panic() -> Result<()> {
|
|
let server = start_mock_server().await;
|
|
let mut builder = test_codex().with_model("gpt-5.2").with_config(|config| {
|
|
config
|
|
.features
|
|
.enable(Feature::CollaborationModes)
|
|
.expect("test config should allow feature update");
|
|
});
|
|
let test = builder.build(&server).await?;
|
|
let call_id = "shell-empty-script-collab";
|
|
let args = json!({
|
|
"command": "",
|
|
"timeout_ms": 1_000,
|
|
});
|
|
|
|
mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_response_created("resp-empty-shell-1"),
|
|
ev_function_call(call_id, "shell_command", &serde_json::to_string(&args)?),
|
|
ev_completed("resp-empty-shell-1"),
|
|
]),
|
|
)
|
|
.await;
|
|
let results_mock = mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_assistant_message("msg-empty-shell-1", "done"),
|
|
ev_completed("resp-empty-shell-2"),
|
|
]),
|
|
)
|
|
.await;
|
|
|
|
let collaboration_mode = collaboration_mode_for_model(test.session_configured.model.clone());
|
|
submit_user_turn(
|
|
&test,
|
|
"run an empty shell command",
|
|
AskForApproval::OnRequest,
|
|
PermissionProfile::Disabled,
|
|
Some(collaboration_mode),
|
|
)
|
|
.await?;
|
|
|
|
wait_for_event(&test.codex, |event| {
|
|
matches!(event, EventMsg::TurnComplete(_))
|
|
})
|
|
.await;
|
|
|
|
let output_item = results_mock.single_request().function_call_output(call_id);
|
|
assert_no_matched_rules_invariant(&output_item);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn unified_exec_empty_script_with_collaboration_mode_does_not_panic() -> Result<()> {
|
|
let server = start_mock_server().await;
|
|
let mut builder = test_codex().with_model("gpt-5.2").with_config(|config| {
|
|
config
|
|
.features
|
|
.enable(Feature::UnifiedExec)
|
|
.expect("test config should allow feature update");
|
|
config
|
|
.features
|
|
.enable(Feature::CollaborationModes)
|
|
.expect("test config should allow feature update");
|
|
});
|
|
let test = builder.build(&server).await?;
|
|
let call_id = "unified-exec-empty-script-collab";
|
|
let args = json!({
|
|
"cmd": "",
|
|
"yield_time_ms": 1_000,
|
|
});
|
|
|
|
mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_response_created("resp-empty-unified-1"),
|
|
ev_function_call(call_id, "exec_command", &serde_json::to_string(&args)?),
|
|
ev_completed("resp-empty-unified-1"),
|
|
]),
|
|
)
|
|
.await;
|
|
let results_mock = mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_assistant_message("msg-empty-unified-1", "done"),
|
|
ev_completed("resp-empty-unified-2"),
|
|
]),
|
|
)
|
|
.await;
|
|
|
|
let collaboration_mode = collaboration_mode_for_model(test.session_configured.model.clone());
|
|
submit_user_turn(
|
|
&test,
|
|
"run empty unified exec command",
|
|
AskForApproval::OnRequest,
|
|
PermissionProfile::Disabled,
|
|
Some(collaboration_mode),
|
|
)
|
|
.await?;
|
|
|
|
wait_for_event(&test.codex, |event| {
|
|
matches!(event, EventMsg::TurnComplete(_))
|
|
})
|
|
.await;
|
|
|
|
let output_item = results_mock.single_request().function_call_output(call_id);
|
|
assert_no_matched_rules_invariant(&output_item);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn shell_command_whitespace_script_with_collaboration_mode_does_not_panic() -> Result<()> {
|
|
let server = start_mock_server().await;
|
|
let mut builder = test_codex().with_model("gpt-5.2").with_config(|config| {
|
|
config
|
|
.features
|
|
.enable(Feature::CollaborationModes)
|
|
.expect("test config should allow feature update");
|
|
});
|
|
let test = builder.build(&server).await?;
|
|
let call_id = "shell-whitespace-script-collab";
|
|
let args = json!({
|
|
"command": " \n\t ",
|
|
"timeout_ms": 1_000,
|
|
});
|
|
|
|
mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_response_created("resp-whitespace-shell-1"),
|
|
ev_function_call(call_id, "shell_command", &serde_json::to_string(&args)?),
|
|
ev_completed("resp-whitespace-shell-1"),
|
|
]),
|
|
)
|
|
.await;
|
|
let results_mock = mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_assistant_message("msg-whitespace-shell-1", "done"),
|
|
ev_completed("resp-whitespace-shell-2"),
|
|
]),
|
|
)
|
|
.await;
|
|
|
|
let collaboration_mode = collaboration_mode_for_model(test.session_configured.model.clone());
|
|
submit_user_turn(
|
|
&test,
|
|
"run whitespace shell command",
|
|
AskForApproval::OnRequest,
|
|
PermissionProfile::Disabled,
|
|
Some(collaboration_mode),
|
|
)
|
|
.await?;
|
|
|
|
wait_for_event(&test.codex, |event| {
|
|
matches!(event, EventMsg::TurnComplete(_))
|
|
})
|
|
.await;
|
|
|
|
let output_item = results_mock.single_request().function_call_output(call_id);
|
|
assert_no_matched_rules_invariant(&output_item);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
|
|
async fn unified_exec_whitespace_script_with_collaboration_mode_does_not_panic() -> Result<()> {
|
|
let server = start_mock_server().await;
|
|
let mut builder = test_codex().with_model("gpt-5.2").with_config(|config| {
|
|
config
|
|
.features
|
|
.enable(Feature::UnifiedExec)
|
|
.expect("test config should allow feature update");
|
|
config
|
|
.features
|
|
.enable(Feature::CollaborationModes)
|
|
.expect("test config should allow feature update");
|
|
});
|
|
let test = builder.build(&server).await?;
|
|
let call_id = "unified-exec-whitespace-script-collab";
|
|
let args = json!({
|
|
"cmd": " \n \t",
|
|
"yield_time_ms": 1_000,
|
|
});
|
|
|
|
mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_response_created("resp-whitespace-unified-1"),
|
|
ev_function_call(call_id, "exec_command", &serde_json::to_string(&args)?),
|
|
ev_completed("resp-whitespace-unified-1"),
|
|
]),
|
|
)
|
|
.await;
|
|
let results_mock = mount_sse_once(
|
|
&server,
|
|
sse(vec![
|
|
ev_assistant_message("msg-whitespace-unified-1", "done"),
|
|
ev_completed("resp-whitespace-unified-2"),
|
|
]),
|
|
)
|
|
.await;
|
|
|
|
let collaboration_mode = collaboration_mode_for_model(test.session_configured.model.clone());
|
|
submit_user_turn(
|
|
&test,
|
|
"run whitespace unified exec command",
|
|
AskForApproval::OnRequest,
|
|
PermissionProfile::Disabled,
|
|
Some(collaboration_mode),
|
|
)
|
|
.await?;
|
|
|
|
wait_for_event(&test.codex, |event| {
|
|
matches!(event, EventMsg::TurnComplete(_))
|
|
})
|
|
.await;
|
|
|
|
let output_item = results_mock.single_request().function_call_output(call_id);
|
|
assert_no_matched_rules_invariant(&output_item);
|
|
|
|
Ok(())
|
|
}
|