fix: relax codex restore approval mode

This commit is contained in:
harshitsinghbhandari 2026-04-19 01:21:17 +05:30
parent 611ded42ca
commit 3ba526d282
3 changed files with 31 additions and 5 deletions

View File

@ -1,5 +1,11 @@
# @composio/ao-plugin-agent-codex
## [Unreleased]
### Fixed
- Make Codex worker restore commands use `--ask-for-approval on-request` instead of resuming in `never` approval mode, while keeping permissionless orchestrator restores explicitly bypassed.
## 0.2.0
### Patch Changes

View File

@ -1470,7 +1470,7 @@ describe("getRestoreCommand", () => {
expect(cmd).toContain("--dangerously-bypass-approvals-and-sandbox");
});
it("demotes worker restore permissionless mode to ask-for-approval never", async () => {
it("demotes worker restore permissionless mode to ask-for-approval on-request", async () => {
const content = jsonl(
{ type: "session_meta", cwd: "/workspace/test", model: "gpt-4o" },
{ threadId: "thread-1" },
@ -1489,11 +1489,11 @@ describe("getRestoreCommand", () => {
}),
);
expect(cmd).toContain("--ask-for-approval never");
expect(cmd).toContain("--ask-for-approval on-request");
expect(cmd).not.toContain("--dangerously-bypass-approvals-and-sandbox");
});
it("includes --ask-for-approval never from project config", async () => {
it("downgrades auto-edit restore policy to ask-for-approval on-request", async () => {
const content = jsonl(
{ type: "session_meta", cwd: "/workspace/test", model: "gpt-4o" },
{ threadId: "thread-1" },
@ -1512,7 +1512,7 @@ describe("getRestoreCommand", () => {
}),
);
expect(cmd).toContain("--ask-for-approval never");
expect(cmd).toContain("--ask-for-approval on-request");
expect(cmd).not.toContain("--dangerously-bypass-approvals-and-sandbox");
});

View File

@ -404,6 +404,26 @@ function appendApprovalFlags(
}
}
/** Append restore-time approval flags, avoiding worker resumes in `never` mode. */
function appendRestoreApprovalFlags(
parts: string[],
permissions: string | undefined,
isOrchestrator: boolean,
): void {
const mode = normalizeAgentPermissionMode(permissions);
if (mode === "permissionless") {
if (isOrchestrator) {
parts.push("--dangerously-bypass-approvals-and-sandbox");
} else {
parts.push("--ask-for-approval", "on-request");
}
} else if (mode === "auto-edit") {
parts.push("--ask-for-approval", "on-request");
} else if (mode === "suggest") {
parts.push("--ask-for-approval", "untrusted");
}
}
/** Append model and reasoning flags to a command parts array */
function appendModelFlags(parts: string[], model: string | undefined): void {
if (!model) return;
@ -734,7 +754,7 @@ function createCodexAgent(): Agent {
appendNoUpdateCheckFlag(parts);
const isOrchestrator = session.metadata?.["role"] === "orchestrator";
appendApprovalFlags(parts, project.agentConfig?.permissions, isOrchestrator);
appendRestoreApprovalFlags(parts, project.agentConfig?.permissions, isOrchestrator);
const effectiveModel = (project.agentConfig?.model ?? data.model) as string | undefined;
appendModelFlags(parts, effectiveModel ?? undefined);