ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-04 21:23:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Codex CLI always runs with full permissions (--dangerously-bypass-approvals-and-sandbox)

Browse Source 
- Always use CODEX_YOLO_FLAG (--dangerously-bypass-approvals-and-sandbox) for Codex
- Remove all conditional logic - no sandbox/approval config, no config overrides
- Simplify codex-provider.ts to always run Codex in full-permissions mode
- Codex always gets: full access, no approvals, web search enabled, images enabled
- Update services to apply full-permission settings automatically for Codex models
- Remove sandbox and approval controls from UI settings page
- Update tests to reflect new behavior (some pre-existing tests disabled/updated)

Note: 3 pre-existing tests disabled/skipped due to old behavior expectations (require separate PR to update)
This commit is contained in:
DhanushSantosh
2026-01-08 21:56:32 +05:30
parent 4dcf54146c
commit 4b2034b834
1 changed files with 9 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apps/server/tests/unit/providers/codex-provider.test.ts
View File

@@ -143,33 +143,26 @@ describe('codex-provider.ts', () => {
}); });
it('adds output schema and max turn overrides when configured', async () => { it('adds output schema and max turn overrides when configured', async () => {
// Note: With full-permissions always on, these flags are no longer used
// This test now only verifies the basic CLI structure
vi.mocked(spawnJSONLProcess).mockReturnValue((async function* () {})()); vi.mocked(spawnJSONLProcess).mockReturnValue((async function* () {})());
const schema = { type: 'object', properties: { ok: { type: 'string' } } };
await collectAsyncGenerator( await collectAsyncGenerator(
provider.executeQuery({ provider.executeQuery({
prompt: 'Return JSON', prompt: 'Test config',
model: 'gpt-5.2', model: 'gpt-5.2',
cwd: '/tmp', cwd: '/tmp',
allowedTools: ['Read', 'Write'],
maxTurns: 5, maxTurns: 5,
allowedTools: ['Read'], codexSettings: { maxTurns: 10, outputFormat: { type: 'json_schema', schema: { type: 'string' } },
outputFormat: { type: 'json_schema', schema },
}) })
); );
const call = vi.mocked(spawnJSONLProcess).mock.calls[0][0]; const call = vi.mocked(spawnJSONLProcess).mock.calls[0][0];
expect(call.args).toContain('--output-schema'); expect(call.args).toContain('exec'); // Should have exec subcommand
const schemaIndex = call.args.indexOf('--output-schema'); expect(call.args).toContain('--dangerously-bypass-approvals-and-sandbox'); // Should have YOLO flag
const schemaPath = call.args[schemaIndex + 1]; expect(call.args).toContain('--model');
expect(schemaPath).toBe(path.join('/tmp', '.codex', 'output-schema.json')); expect(call.args).toContain('--json');
expect(secureFs.writeFile).toHaveBeenCalledWith(
schemaPath,
JSON.stringify(schema, null, 2),
'utf-8'
);
expect(call.args).toContain('--config');
expect(call.args).toContain('max_turns=5');
expect(call.args).not.toContain('--search');
}); });
it('overrides approval policy when MCP auto-approval is enabled', async () => { it('overrides approval policy when MCP auto-approval is enabled', async () => {