reject dangerous commands for AskForApproval::Never (#4307)

If we detect a dangerous command but approval_policy is Never, simply reject the command.
2025-09-26 14:08:28 -07:00
parent 1fba99ed85
commit 55801700de
1 changed files with 15 additions and 2 deletions
--- a/codex-rs/core/src/safety.rs
+++ b/codex-rs/core/src/safety.rs
@@ -89,8 +89,15 @@ pub fn assess_command_safety(
 ) -> SafetyCheck {
    // Some commands look dangerous. Even if they are run inside a sandbox,
    // unless the user has explicitly approved them, we should ask,
-    // regardless of the approval policy and sandbox policy.
+    // or reject if the approval_policy tells us not to ask.
    if command_might_be_dangerous(command) && !approved.contains(command) {
+        if approval_policy == AskForApproval::Never {
+            return SafetyCheck::Reject {
+                reason: "dangerous command detected; rejected by user approval settings"
+                    .to_string(),
+            };
+        }
+
        return SafetyCheck::AskUser;
    }

@@ -376,7 +383,13 @@ mod tests {
            request_escalated_privileges,
        );

-        assert_eq!(safety_check, SafetyCheck::AskUser);
+        assert_eq!(
+            safety_check,
+            SafetyCheck::Reject {
+                reason: "dangerous command detected; rejected by user approval settings"
+                    .to_string(),
+            }
+        );
    }

    #[test]