From a8026d3846486e790827b26e9abf13e7f96e48bf Mon Sep 17 00:00:00 2001
From: Dylan <dylan.hurd@openai.com>
Date: Mon, 15 Sep 2025 19:01:10 -0700
Subject: [PATCH] fix: read-only escalations (#3673)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Summary
Splitting out this smaller fix from #2694 - fixes the sandbox
permissions so Chat / read-only mode tool definition matches
expectations

## Testing
- [x] Tested locally

<img width="1271" height="629" alt="Screenshot 2025-09-15 at 2 51 19 PM"
src="https://github.com/user-attachments/assets/fcb247e4-30b6-4199-80d7-a2876d79ad7d"
/>
---
 codex-rs/core/src/openai_tools.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/codex-rs/core/src/openai_tools.rs b/codex-rs/core/src/openai_tools.rs
index a511d6dd..f4d72481 100644
--- a/codex-rs/core/src/openai_tools.rs
+++ b/codex-rs/core/src/openai_tools.rs
@@ -273,7 +273,7 @@ fn create_shell_tool_for_sandbox(sandbox_policy: &SandboxPolicy) -> OpenAiTool {
         },
     );
 
-    if matches!(sandbox_policy, SandboxPolicy::WorkspaceWrite { .. }) {
+    if !matches!(sandbox_policy, SandboxPolicy::DangerFullAccess) {
         properties.insert(
         "with_escalated_permissions".to_string(),
         JsonSchema::Boolean {