From 774892c6d7ddbe55bf8862748f9507b03b75c92f Mon Sep 17 00:00:00 2001 From: jif-oai Date: Wed, 15 Oct 2025 19:03:54 +0100 Subject: [PATCH] feat: add auto-approval for codex exec (#5043) --- codex-rs/core/src/config.rs | 34 ++++++++-- codex-rs/core/src/features.rs | 8 +++ codex-rs/exec/src/lib.rs | 33 +++++++++- codex-rs/exec/tests/suite/approve_all.rs | 81 ++++++++++++++++++++++++ codex-rs/exec/tests/suite/mod.rs | 1 + 5 files changed, 151 insertions(+), 6 deletions(-) create mode 100644 codex-rs/exec/tests/suite/approve_all.rs diff --git a/codex-rs/core/src/config.rs b/codex-rs/core/src/config.rs index f0652c0c..f422e4ab 100644 --- a/codex-rs/core/src/config.rs +++ b/codex-rs/core/src/config.rs @@ -1125,6 +1125,15 @@ impl Config { .or(cfg.review_model) .unwrap_or_else(default_review_model); + let mut approval_policy = approval_policy + .or(config_profile.approval_policy) + .or(cfg.approval_policy) + .unwrap_or_else(AskForApproval::default); + + if features.enabled(Feature::ApproveAll) { + approval_policy = AskForApproval::OnRequest; + } + let config = Self { model, review_model, @@ -1135,10 +1144,7 @@ impl Config { model_provider_id, model_provider, cwd: resolved_cwd, - approval_policy: approval_policy - .or(config_profile.approval_policy) - .or(cfg.approval_policy) - .unwrap_or_else(AskForApproval::default), + approval_policy, sandbox_policy, shell_environment_policy, notify: cfg.notify, @@ -1432,6 +1438,26 @@ exclude_slash_tmp = true ); } + #[test] + fn approve_all_feature_forces_on_request_policy() -> std::io::Result<()> { + let cfg = r#" +[features] +approve_all = true +"#; + let parsed = toml::from_str::(cfg) + .expect("TOML deserialization should succeed for approve_all feature"); + let temp_dir = TempDir::new()?; + let config = Config::load_from_base_config_with_overrides( + parsed, + ConfigOverrides::default(), + temp_dir.path().to_path_buf(), + )?; + + assert!(config.features.enabled(Feature::ApproveAll)); + assert_eq!(config.approval_policy, AskForApproval::OnRequest); + Ok(()) + } + #[test] fn config_defaults_to_auto_oauth_store_mode() -> std::io::Result<()> { let codex_home = TempDir::new()?; diff --git a/codex-rs/core/src/features.rs b/codex-rs/core/src/features.rs index b8314b0c..e1a89282 100644 --- a/codex-rs/core/src/features.rs +++ b/codex-rs/core/src/features.rs @@ -41,6 +41,8 @@ pub enum Feature { ViewImageTool, /// Allow the model to request web searches. WebSearchRequest, + /// Automatically approve all approval requests from the harness. + ApproveAll, } impl Feature { @@ -247,4 +249,10 @@ pub const FEATURES: &[FeatureSpec] = &[ stage: Stage::Stable, default_enabled: false, }, + FeatureSpec { + id: Feature::ApproveAll, + key: "approve_all", + stage: Stage::Experimental, + default_enabled: false, + }, ]; diff --git a/codex-rs/exec/src/lib.rs b/codex-rs/exec/src/lib.rs index 967da52b..144e7cab 100644 --- a/codex-rs/exec/src/lib.rs +++ b/codex-rs/exec/src/lib.rs @@ -17,6 +17,7 @@ use codex_core::ConversationManager; use codex_core::NewConversation; use codex_core::config::Config; use codex_core::config::ConfigOverrides; +use codex_core::features::Feature; use codex_core::git_info::get_git_repo_root; use codex_core::protocol::AskForApproval; use codex_core::protocol::Event; @@ -168,8 +169,7 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option) -> any model, review_model: None, config_profile, - // This CLI is intended to be headless and has no affordances for asking - // the user for approval. + // Default to never ask for approvals in headless mode. Feature flags can override. approval_policy: Some(AskForApproval::Never), sandbox_mode, cwd: cwd.map(|p| p.canonicalize().unwrap_or(p)), @@ -192,6 +192,7 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option) -> any }; let config = Config::load_with_cli_overrides(cli_kv_overrides, overrides).await?; + let approve_all_enabled = config.features.enabled(Feature::ApproveAll); let otel = codex_core::otel_init::build_provider(&config, env!("CARGO_PKG_VERSION")); @@ -360,6 +361,34 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option) -> any if matches!(event.msg, EventMsg::Error(_)) { error_seen = true; } + // Auto-approve requests when the approve_all feature is enabled. + if approve_all_enabled { + match &event.msg { + EventMsg::ExecApprovalRequest(_) => { + if let Err(e) = conversation + .submit(Op::ExecApproval { + id: event.id.clone(), + decision: codex_core::protocol::ReviewDecision::Approved, + }) + .await + { + error!("failed to auto-approve exec: {e}"); + } + } + EventMsg::ApplyPatchApprovalRequest(_) => { + if let Err(e) = conversation + .submit(Op::PatchApproval { + id: event.id.clone(), + decision: codex_core::protocol::ReviewDecision::Approved, + }) + .await + { + error!("failed to auto-approve patch: {e}"); + } + } + _ => {} + } + } let shutdown: CodexStatus = event_processor.process_event(event); match shutdown { CodexStatus::Running => continue, diff --git a/codex-rs/exec/tests/suite/approve_all.rs b/codex-rs/exec/tests/suite/approve_all.rs new file mode 100644 index 00000000..ab5b407d --- /dev/null +++ b/codex-rs/exec/tests/suite/approve_all.rs @@ -0,0 +1,81 @@ +#![cfg(not(target_os = "windows"))] +#![allow(clippy::expect_used, clippy::unwrap_used)] + +use anyhow::Result; +use core_test_support::responses; +use core_test_support::responses::ev_assistant_message; +use core_test_support::responses::ev_completed; +use core_test_support::responses::ev_function_call; +use core_test_support::responses::ev_response_created; +use core_test_support::responses::mount_sse_sequence; +use core_test_support::responses::sse; +use core_test_support::skip_if_no_network; +use core_test_support::test_codex_exec::test_codex_exec; +use serde_json::Value; +use serde_json::json; + +async fn run_exec_with_args(args: &[&str]) -> Result { + let test = test_codex_exec(); + + let call_id = "exec-approve"; + let exec_args = json!({ + "command": [ + if cfg!(windows) { "cmd.exe" } else { "/bin/sh" }, + if cfg!(windows) { "/C" } else { "-lc" }, + "echo approve-all-ok", + ], + "timeout_ms": 1500, + "with_escalated_permissions": true + }); + + let response_streams = vec![ + sse(vec![ + ev_response_created("resp-1"), + ev_function_call(call_id, "shell", &serde_json::to_string(&exec_args)?), + ev_completed("resp-1"), + ]), + sse(vec![ + ev_assistant_message("msg-1", "done"), + ev_completed("resp-2"), + ]), + ]; + + let server = responses::start_mock_server().await; + let mock = mount_sse_sequence(&server, response_streams).await; + + test.cmd_with_server(&server).args(args).assert().success(); + + let requests = mock.requests(); + assert!(requests.len() >= 2, "expected at least two responses POSTs"); + let item = requests[1].function_call_output(call_id); + let output_str = item + .get("output") + .and_then(Value::as_str) + .expect("function_call_output.output should be a string"); + + Ok(output_str.to_string()) +} + +/// Setting `features.approve_all=true` should switch to auto-approvals. +#[tokio::test(flavor = "multi_thread", worker_threads = 2)] +async fn approve_all_auto_accepts_exec() -> Result<()> { + skip_if_no_network!(Ok(())); + + let output = run_exec_with_args(&[ + "--skip-git-repo-check", + "-c", + "features.approve_all=true", + "train", + ]) + .await?; + assert!( + output.contains("Exit code: 0"), + "expected Exit code: 0 in output: {output}" + ); + assert!( + output.contains("approve-all-ok"), + "expected command output in response: {output}" + ); + + Ok(()) +} diff --git a/codex-rs/exec/tests/suite/mod.rs b/codex-rs/exec/tests/suite/mod.rs index 052c43bf..3e1e39d6 100644 --- a/codex-rs/exec/tests/suite/mod.rs +++ b/codex-rs/exec/tests/suite/mod.rs @@ -1,5 +1,6 @@ // Aggregates all former standalone integration tests as modules. mod apply_patch; +mod approve_all; mod auth_env; mod originator; mod output_schema;