fix: align sandbox and approval settings with codex for the "auto" preset (#1076)

Codex auto preset uses: sandbox=workspace-write and ask-for-approval=on-request. Move AskForApproval docstrings to the enum level to fix the config form-builder selector.
2025-10-22 14:04:44 +01:00
parent 3a3d066071
commit 851678c30e
2 changed files with 31 additions and 44 deletions
--- a/crates/executors/src/executors/codex.rs
+++ b/crates/executors/src/executors/codex.rs
@@ -51,21 +51,21 @@ pub enum SandboxMode {
 }

 /// Determines when the user is consulted to approve Codex actions.
+///
+/// - `UnlessTrusted`: Read-only commands are auto-approved. Everything else will
+///   ask the user to approve.
+/// - `OnFailure`: All commands run in a restricted sandbox initially. If a
+///   command fails, the user is asked to approve execution without the sandbox.
+/// - `OnRequest`: The model decides when to ask the user for approval.
+/// - `Never`: Commands never ask for approval. Commands that fail in the
+///   restricted sandbox are not retried.
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, TS, JsonSchema, AsRefStr)]
 #[serde(rename_all = "kebab-case")]
 #[strum(serialize_all = "kebab-case")]
 pub enum AskForApproval {
-    /// Read-only commands are auto-approved. Everything else will ask the user to approve.
    UnlessTrusted,
-
-    /// All commands run in a restricted sandbox initially.
-    /// If the command fails, the user is asked to approve execution without the sandbox.
    OnFailure,
-
-    /// The model decides when to ask the user for approval.
    OnRequest,
-
-    /// Never ask the user to approve commands. Commands that fail in the restricted sandbox will not be retried.
    Never,
 }

@@ -179,18 +179,23 @@ impl Codex {

    fn build_new_conversation_params(&self, cwd: &Path) -> NewConversationParams {
        let sandbox = match self.sandbox.as_ref() {
-            None | Some(SandboxMode::Auto) => None,
+            None | Some(SandboxMode::Auto) => Some(CodexSandboxMode::WorkspaceWrite), // match the Auto preset in codex
            Some(SandboxMode::ReadOnly) => Some(CodexSandboxMode::ReadOnly),
            Some(SandboxMode::WorkspaceWrite) => Some(CodexSandboxMode::WorkspaceWrite),
            Some(SandboxMode::DangerFullAccess) => Some(CodexSandboxMode::DangerFullAccess),
        };

-        let approval_policy = self.ask_for_approval.as_ref().map(|policy| match policy {
-            AskForApproval::UnlessTrusted => CodexAskForApproval::UnlessTrusted,
-            AskForApproval::OnFailure => CodexAskForApproval::OnFailure,
-            AskForApproval::OnRequest => CodexAskForApproval::OnRequest,
-            AskForApproval::Never => CodexAskForApproval::Never,
-        });
+        let approval_policy = match self.ask_for_approval.as_ref() {
+            None if matches!(self.sandbox.as_ref(), None | Some(SandboxMode::Auto)) => {
+                // match the Auto preset in codex
+                Some(CodexAskForApproval::OnRequest)
+            }
+            None => None,
+            Some(AskForApproval::UnlessTrusted) => Some(CodexAskForApproval::UnlessTrusted),
+            Some(AskForApproval::OnFailure) => Some(CodexAskForApproval::OnFailure),
+            Some(AskForApproval::OnRequest) => Some(CodexAskForApproval::OnRequest),
+            Some(AskForApproval::Never) => Some(CodexAskForApproval::Never),
+        };

        NewConversationParams {
            model: self.model.clone(),
--- a/shared/schemas/codex.json
+++ b/shared/schemas/codex.json
@@ -26,35 +26,17 @@
      ]
    },
    "ask_for_approval": {
-      "anyOf": [
-        {
-          "description": "Determines when the user is consulted to approve Codex actions.",
-          "oneOf": [
-            {
-              "description": "Read-only commands are auto-approved. Everything else will ask the user to approve.",
-              "type": "string",
-              "const": "unless-trusted"
-            },
-            {
-              "description": "All commands run in a restricted sandbox initially.\nIf the command fails, the user is asked to approve execution without the sandbox.",
-              "type": "string",
-              "const": "on-failure"
-            },
-            {
-              "description": "The model decides when to ask the user for approval.",
-              "type": "string",
-              "const": "on-request"
-            },
-            {
-              "description": "Never ask the user to approve commands. Commands that fail in the restricted sandbox will not be retried.",
-              "type": "string",
-              "const": "never"
-            }
-          ]
-        },
-        {
-          "type": "null"
-        }
+      "description": "Determines when the user is consulted to approve Codex actions.\n\n- `UnlessTrusted`: Read-only commands are auto-approved. Everything else will\n  ask the user to approve.\n- `OnFailure`: All commands run in a restricted sandbox initially. If a\n  command fails, the user is asked to approve execution without the sandbox.\n- `OnRequest`: The model decides when to ask the user for approval.\n- `Never`: Commands never ask for approval. Commands that fail in the\n  restricted sandbox are not retried.",
+      "type": [
+        "string",
+        "null"
+      ],
+      "enum": [
+        "unless-trusted",
+        "on-failure",
+        "on-request",
+        "never",
+        null
      ]
    },
    "oss": {