daonanchao/vibe-kanban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: align sandbox and approval settings with codex for the "auto" preset (#1076)

Browse Source 
Codex auto preset uses: sandbox=workspace-write and ask-for-approval=on-request.

Move AskForApproval docstrings to the enum level to fix the config form-builder selector.
This commit is contained in:
Solomon
2025-10-22 14:04:44 +01:00
committed by GitHub
parent 3a3d066071
commit 851678c30e
2 changed files with 31 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
crates/executors/src/executors/codex.rs
View File

@@ -51,21 +51,21 @@ pub enum SandboxMode {
} }
/// Determines when the user is consulted to approve Codex actions. /// Determines when the user is consulted to approve Codex actions.
///
/// - `UnlessTrusted`: Read-only commands are auto-approved. Everything else will
/// ask the user to approve.
/// - `OnFailure`: All commands run in a restricted sandbox initially. If a
/// command fails, the user is asked to approve execution without the sandbox.
/// - `OnRequest`: The model decides when to ask the user for approval.
/// - `Never`: Commands never ask for approval. Commands that fail in the
/// restricted sandbox are not retried.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, TS, JsonSchema, AsRefStr)] #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, TS, JsonSchema, AsRefStr)]
#[serde(rename_all = "kebab-case")] #[serde(rename_all = "kebab-case")]
#[strum(serialize_all = "kebab-case")] #[strum(serialize_all = "kebab-case")]
pub enum AskForApproval { pub enum AskForApproval {
/// Read-only commands are auto-approved. Everything else will ask the user to approve.
UnlessTrusted, UnlessTrusted,
/// All commands run in a restricted sandbox initially.
/// If the command fails, the user is asked to approve execution without the sandbox.
OnFailure, OnFailure,
/// The model decides when to ask the user for approval.
OnRequest, OnRequest,
/// Never ask the user to approve commands. Commands that fail in the restricted sandbox will not be retried.
Never, Never,
} }
@@ -179,18 +179,23 @@ impl Codex {
fn build_new_conversation_params(&self, cwd: &Path) -> NewConversationParams { fn build_new_conversation_params(&self, cwd: &Path) -> NewConversationParams {
let sandbox = match self.sandbox.as_ref() { let sandbox = match self.sandbox.as_ref() {
None | Some(SandboxMode::Auto) => None, None | Some(SandboxMode::Auto) => Some(CodexSandboxMode::WorkspaceWrite), // match the Auto preset in codex
Some(SandboxMode::ReadOnly) => Some(CodexSandboxMode::ReadOnly), Some(SandboxMode::ReadOnly) => Some(CodexSandboxMode::ReadOnly),
Some(SandboxMode::WorkspaceWrite) => Some(CodexSandboxMode::WorkspaceWrite), Some(SandboxMode::WorkspaceWrite) => Some(CodexSandboxMode::WorkspaceWrite),
Some(SandboxMode::DangerFullAccess) => Some(CodexSandboxMode::DangerFullAccess), Some(SandboxMode::DangerFullAccess) => Some(CodexSandboxMode::DangerFullAccess),
}; };
let approval_policy = self.ask_for_approval.as_ref().map(|policy| match policy { let approval_policy = match self.ask_for_approval.as_ref() {
AskForApproval::UnlessTrusted => CodexAskForApproval::UnlessTrusted, None if matches!(self.sandbox.as_ref(), None | Some(SandboxMode::Auto)) => {
AskForApproval::OnFailure => CodexAskForApproval::OnFailure, // match the Auto preset in codex
AskForApproval::OnRequest => CodexAskForApproval::OnRequest, Some(CodexAskForApproval::OnRequest)
AskForApproval::Never => CodexAskForApproval::Never, }
}); None => None,
Some(AskForApproval::UnlessTrusted) => Some(CodexAskForApproval::UnlessTrusted),
Some(AskForApproval::OnFailure) => Some(CodexAskForApproval::OnFailure),
Some(AskForApproval::OnRequest) => Some(CodexAskForApproval::OnRequest),
Some(AskForApproval::Never) => Some(CodexAskForApproval::Never),
};
NewConversationParams { NewConversationParams {
model: self.model.clone(), model: self.model.clone(),

40
shared/schemas/codex.json
View File

@@ -26,35 +26,17 @@
] ]
}, },
"ask_for_approval": { "ask_for_approval": {
"anyOf": [ "description": "Determines when the user is consulted to approve Codex actions.\n\n- `UnlessTrusted`: Read-only commands are auto-approved. Everything else will\n ask the user to approve.\n- `OnFailure`: All commands run in a restricted sandbox initially. If a\n command fails, the user is asked to approve execution without the sandbox.\n- `OnRequest`: The model decides when to ask the user for approval.\n- `Never`: Commands never ask for approval. Commands that fail in the\n restricted sandbox are not retried.",
{ "type": [
"description": "Determines when the user is consulted to approve Codex actions.", "string",
"oneOf": [ "null"
{ ],
"description": "Read-only commands are auto-approved. Everything else will ask the user to approve.", "enum": [
"type": "string", "unless-trusted",
"const": "unless-trusted" "on-failure",
}, "on-request",
{ "never",
"description": "All commands run in a restricted sandbox initially.\nIf the command fails, the user is asked to approve execution without the sandbox.", null
"type": "string",
"const": "on-failure"
},
{
"description": "The model decides when to ask the user for approval.",
"type": "string",
"const": "on-request"
},
{
"description": "Never ask the user to approve commands. Commands that fail in the restricted sandbox will not be retried.",
"type": "string",
"const": "never"
}
]
},
{
"type": "null"
}
] ]
}, },
"oss": { "oss": {