From 3ba526d282e55cbbb4ffa1a44fa723e1a7a75659 Mon Sep 17 00:00:00 2001 From: harshitsinghbhandari <24b4506@iitb.ac.in> Date: Sun, 19 Apr 2026 01:21:17 +0530 Subject: [PATCH] fix: relax codex restore approval mode --- packages/plugins/agent-codex/CHANGELOG.md | 6 +++++ .../plugins/agent-codex/src/index.test.ts | 8 +++---- packages/plugins/agent-codex/src/index.ts | 22 ++++++++++++++++++- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/packages/plugins/agent-codex/CHANGELOG.md b/packages/plugins/agent-codex/CHANGELOG.md index c3d90a4ba..dc37bf392 100644 --- a/packages/plugins/agent-codex/CHANGELOG.md +++ b/packages/plugins/agent-codex/CHANGELOG.md @@ -1,5 +1,11 @@ # @composio/ao-plugin-agent-codex +## [Unreleased] + +### Fixed + +- Make Codex worker restore commands use `--ask-for-approval on-request` instead of resuming in `never` approval mode, while keeping permissionless orchestrator restores explicitly bypassed. + ## 0.2.0 ### Patch Changes diff --git a/packages/plugins/agent-codex/src/index.test.ts b/packages/plugins/agent-codex/src/index.test.ts index 0b9d2664c..abd25886c 100644 --- a/packages/plugins/agent-codex/src/index.test.ts +++ b/packages/plugins/agent-codex/src/index.test.ts @@ -1470,7 +1470,7 @@ describe("getRestoreCommand", () => { expect(cmd).toContain("--dangerously-bypass-approvals-and-sandbox"); }); - it("demotes worker restore permissionless mode to ask-for-approval never", async () => { + it("demotes worker restore permissionless mode to ask-for-approval on-request", async () => { const content = jsonl( { type: "session_meta", cwd: "/workspace/test", model: "gpt-4o" }, { threadId: "thread-1" }, @@ -1489,11 +1489,11 @@ describe("getRestoreCommand", () => { }), ); - expect(cmd).toContain("--ask-for-approval never"); + expect(cmd).toContain("--ask-for-approval on-request"); expect(cmd).not.toContain("--dangerously-bypass-approvals-and-sandbox"); }); - it("includes --ask-for-approval never from project config", async () => { + it("downgrades auto-edit restore policy to ask-for-approval on-request", async () => { const content = jsonl( { type: "session_meta", cwd: "/workspace/test", model: "gpt-4o" }, { threadId: "thread-1" }, @@ -1512,7 +1512,7 @@ describe("getRestoreCommand", () => { }), ); - expect(cmd).toContain("--ask-for-approval never"); + expect(cmd).toContain("--ask-for-approval on-request"); expect(cmd).not.toContain("--dangerously-bypass-approvals-and-sandbox"); }); diff --git a/packages/plugins/agent-codex/src/index.ts b/packages/plugins/agent-codex/src/index.ts index 4ac3714f9..05aaa7869 100644 --- a/packages/plugins/agent-codex/src/index.ts +++ b/packages/plugins/agent-codex/src/index.ts @@ -404,6 +404,26 @@ function appendApprovalFlags( } } +/** Append restore-time approval flags, avoiding worker resumes in `never` mode. */ +function appendRestoreApprovalFlags( + parts: string[], + permissions: string | undefined, + isOrchestrator: boolean, +): void { + const mode = normalizeAgentPermissionMode(permissions); + if (mode === "permissionless") { + if (isOrchestrator) { + parts.push("--dangerously-bypass-approvals-and-sandbox"); + } else { + parts.push("--ask-for-approval", "on-request"); + } + } else if (mode === "auto-edit") { + parts.push("--ask-for-approval", "on-request"); + } else if (mode === "suggest") { + parts.push("--ask-for-approval", "untrusted"); + } +} + /** Append model and reasoning flags to a command parts array */ function appendModelFlags(parts: string[], model: string | undefined): void { if (!model) return; @@ -734,7 +754,7 @@ function createCodexAgent(): Agent { appendNoUpdateCheckFlag(parts); const isOrchestrator = session.metadata?.["role"] === "orchestrator"; - appendApprovalFlags(parts, project.agentConfig?.permissions, isOrchestrator); + appendRestoreApprovalFlags(parts, project.agentConfig?.permissions, isOrchestrator); const effectiveModel = (project.agentConfig?.model ?? data.model) as string | undefined; appendModelFlags(parts, effectiveModel ?? undefined);