Skip to content

Add unified exec escalation handling and tests #6492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pakrym-oai merged 4 commits into from
Nov 11, 2025
Merged

Add unified exec escalation handling and tests #6492

pakrym-oai merged 4 commits into from
Nov 11, 2025
+208 −23

Conversation

@pakrym-oai
Copy link
Collaborator

@pakrym-oai pakrym-oai commented Nov 11, 2025
edited
Loading

Similar implementation to the shell tool

@pakrym-oai
Update dependencies in Cargo.lock: bump quick-xml to 0.38.0, bitflags…
0569580 
… to 2.10.0, and thiserror to 2.0.17

core/tests/suite/approvals.rs: workaround Linux sandbox arg0 test on ARM by using ReadOnly policy and cfg-gating test scenario
@pakrym-oai
approvals: adjust unified exec scenario for Linux aarch64 sandbox and…
5a36153 
… use python3 test command
dylan-hurd-oai
dylan-hurd-oai reviewed Nov 11, 2025
View reviewed changes
Copy link
Collaborator

@dylan-hurd-oai dylan-hurd-oai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going to defer to @jif-oai for better context on the new tool framework

jif-oai
jif-oai approved these changes Nov 11, 2025
View reviewed changes
codex-rs/core/src/tools/spec.rs
"with_escalated_permissions".to_string(),
JsonSchema::Boolean {
description: Some(
"Whether to request escalated permissions. Set to true if command needs to be run without sandbox restrictions"
Copy link
Collaborator

@jif-oai jif-oai Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we eval the model with this parameter?

@pakrym-oai
codex-rs: clarify error message wording and update justification type
44a5c7a 
- Update error message to say "you cannot ask for escalated permissions" instead of "you should not ask"
- Change justification in ExecCommandRequest from Option<&str> to Option<String>
- Propagate String justification throughout unified_exec and session_manager
@pakrym-oai pakrym-oai merged commit 807e2c2 into main Nov 11, 2025
23 of 25 checks passed
@pakrym-oai pakrym-oai deleted the codex/implement-exec_command-with-escalated-permissions branch November 11, 2025 16:19
@github-actions github-actions bot locked and limited conversation to collaborators Nov 11, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dylan-hurd-oai dylan-hurd-oai dylan-hurd-oai left review comments

@jif-oai jif-oai jif-oai approved these changes

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pakrym-oai @dylan-hurd-oai @jif-oai @etraut-openai