From 4668feb43a7ab2becf357765c538c70a2043b4e1 Mon Sep 17 00:00:00 2001 From: Dylan Hurd Date: Thu, 12 Feb 2026 13:23:30 -0800 Subject: [PATCH] chore(core) Deprecate approval_policy: on-failure (#11631) ## Summary In an effort to start simplifying our sandbox setup, we're announcing this approval_policy as deprecated. In general, it performs worse than `on-request`, and we're focusing on making fewer sandbox configurations perform much better. ## Testing - [x] Tested locally - [x] Existing tests pass --- .../app-server-protocol/schema/json/ClientRequest.json | 2 +- codex-rs/app-server-protocol/schema/json/EventMsg.json | 2 +- .../schema/json/ServerNotification.json | 2 +- .../schema/json/codex_app_server_protocol.schemas.json | 2 +- .../schema/json/v1/ForkConversationParams.json | 2 +- .../schema/json/v1/ForkConversationResponse.json | 2 +- .../schema/json/v1/GetUserSavedConfigResponse.json | 2 +- .../schema/json/v1/NewConversationParams.json | 2 +- .../schema/json/v1/ResumeConversationParams.json | 2 +- .../schema/json/v1/ResumeConversationResponse.json | 2 +- .../schema/json/v1/SendUserTurnParams.json | 2 +- .../schema/json/v1/SessionConfiguredNotification.json | 2 +- codex-rs/core/config.schema.json | 2 +- codex-rs/core/src/codex.rs | 8 ++++++++ codex-rs/debug-client/README.md | 2 +- codex-rs/docs/codex_mcp_interface.md | 2 +- codex-rs/protocol/src/protocol.rs | 10 ++++++---- codex-rs/utils/cli/src/approval_mode_cli_arg.rs | 3 ++- 18 files changed, 31 insertions(+), 20 deletions(-) diff --git a/codex-rs/app-server-protocol/schema/json/ClientRequest.json b/codex-rs/app-server-protocol/schema/json/ClientRequest.json index a63f11bcc..c7a3504fb 100644 --- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json +++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json @@ -88,7 +88,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/EventMsg.json b/codex-rs/app-server-protocol/schema/json/EventMsg.json index c0a502899..6af66294c 100644 --- a/codex-rs/app-server-protocol/schema/json/EventMsg.json +++ b/codex-rs/app-server-protocol/schema/json/EventMsg.json @@ -104,7 +104,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/ServerNotification.json b/codex-rs/app-server-protocol/schema/json/ServerNotification.json index 1b312ea1e..05667704d 100644 --- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json +++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json @@ -241,7 +241,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json index e124325f0..5820997fb 100644 --- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json +++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json @@ -208,7 +208,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json index bc8424951..cd52a492e 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json +++ b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json @@ -12,7 +12,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json index 7d0d26c05..12db241e1 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json +++ b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json @@ -104,7 +104,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json b/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json index b5e472b6c..beec3a22c 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json +++ b/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json @@ -16,7 +16,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json b/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json index 167aee56e..327ecd23b 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json +++ b/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json @@ -12,7 +12,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json index 5c7f94378..9f14c2208 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json +++ b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json @@ -12,7 +12,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json index 4b1e90815..dd7606b5e 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json +++ b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json @@ -104,7 +104,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/SendUserTurnParams.json b/codex-rs/app-server-protocol/schema/json/v1/SendUserTurnParams.json index b2fc24866..aa112e731 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/SendUserTurnParams.json +++ b/codex-rs/app-server-protocol/schema/json/v1/SendUserTurnParams.json @@ -16,7 +16,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/app-server-protocol/schema/json/v1/SessionConfiguredNotification.json b/codex-rs/app-server-protocol/schema/json/v1/SessionConfiguredNotification.json index c9fb2c8e3..89ab825d3 100644 --- a/codex-rs/app-server-protocol/schema/json/v1/SessionConfiguredNotification.json +++ b/codex-rs/app-server-protocol/schema/json/v1/SessionConfiguredNotification.json @@ -104,7 +104,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/core/config.schema.json b/codex-rs/core/config.schema.json index 5fb67c22b..4c571a6c2 100644 --- a/codex-rs/core/config.schema.json +++ b/codex-rs/core/config.schema.json @@ -100,7 +100,7 @@ "type": "string" }, { - "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.", + "description": "DEPRECATED: *All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox. Prefer `OnRequest` for interactive runs or `Never` for non-interactive runs.", "enum": [ "on-failure" ], diff --git a/codex-rs/core/src/codex.rs b/codex-rs/core/src/codex.rs index 647b2f760..7f15d3226 100644 --- a/codex-rs/core/src/codex.rs +++ b/codex-rs/core/src/codex.rs @@ -1099,6 +1099,14 @@ impl Session { }); } maybe_push_unstable_features_warning(&config, &mut post_session_configured_events); + if config.approval_policy.value() == AskForApproval::OnFailure { + post_session_configured_events.push(Event { + id: "".to_owned(), + msg: EventMsg::Warning(WarningEvent { + message: "`on-failure` approval policy is deprecated and will be removed in a future release. Use `on-request` for interactive approvals or `never` for non-interactive runs.".to_string(), + }), + }); + } let auth = auth.as_ref(); let auth_mode = auth.map(CodexAuth::auth_mode).map(TelemetryAuthMode::from); diff --git a/codex-rs/debug-client/README.md b/codex-rs/debug-client/README.md index 091fc1e6a..bd310d905 100644 --- a/codex-rs/debug-client/README.md +++ b/codex-rs/debug-client/README.md @@ -26,7 +26,7 @@ cargo run -p codex-debug-client -- --thread-id thr_123 - `--codex-bin `: path to the `codex` binary (default: `codex`). - `-c, --config key=value`: pass through `--config` overrides to `codex`. - `--thread-id `: resume a thread instead of starting a new one. -- `--approval-policy `: `untrusted`, `on-failure`, `on-request`, `never`. +- `--approval-policy `: `untrusted`, `on-failure` (deprecated), `on-request`, `never`. - `--auto-approve`: auto-approve command/file-change approvals (default: decline). - `--final-only`: only show completed assistant messages and tool items. - `--model `: optional model override for thread start/resume. diff --git a/codex-rs/docs/codex_mcp_interface.md b/codex-rs/docs/codex_mcp_interface.md index da415d9de..293ecb7ec 100644 --- a/codex-rs/docs/codex_mcp_interface.md +++ b/codex-rs/docs/codex_mcp_interface.md @@ -59,7 +59,7 @@ Request `newConversation` params (subset): - `model`: string model id (e.g. "o3", "gpt-5.1", "gpt-5.1-codex") - `profile`: optional named profile - `cwd`: optional working directory -- `approvalPolicy`: `untrusted` | `on-request` | `on-failure` | `never` +- `approvalPolicy`: `untrusted` | `on-request` | `on-failure` (deprecated) | `never` - `sandbox`: `read-only` | `workspace-write` | `external-sandbox` (honors `networkAccess` restricted/enabled) | `danger-full-access` - `config`: map of additional config overrides - `baseInstructions`: optional instruction override diff --git a/codex-rs/protocol/src/protocol.rs b/codex-rs/protocol/src/protocol.rs index 6097c60e8..745068b16 100644 --- a/codex-rs/protocol/src/protocol.rs +++ b/codex-rs/protocol/src/protocol.rs @@ -356,10 +356,12 @@ pub enum AskForApproval { #[strum(serialize = "untrusted")] UnlessTrusted, - /// *All* commands are auto‑approved, but they are expected to run inside a - /// sandbox where network access is disabled and writes are confined to a - /// specific set of paths. If the command fails, it will be escalated to - /// the user to approve execution without a sandbox. + /// DEPRECATED: *All* commands are auto‑approved, but they are expected to + /// run inside a sandbox where network access is disabled and writes are + /// confined to a specific set of paths. If the command fails, it will be + /// escalated to the user to approve execution without a sandbox. + /// Prefer `OnRequest` for interactive runs or `Never` for non-interactive + /// runs. OnFailure, /// The model decides when to ask the user for approval. diff --git a/codex-rs/utils/cli/src/approval_mode_cli_arg.rs b/codex-rs/utils/cli/src/approval_mode_cli_arg.rs index 2ba1e3dc5..08b7be6cc 100644 --- a/codex-rs/utils/cli/src/approval_mode_cli_arg.rs +++ b/codex-rs/utils/cli/src/approval_mode_cli_arg.rs @@ -12,9 +12,10 @@ pub enum ApprovalModeCliArg { /// is not in the "trusted" set. Untrusted, - /// Run all commands without asking for user approval. + /// DEPRECATED: Run all commands without asking for user approval. /// Only asks for approval if a command fails to execute, in which case it /// will escalate to the user to ask for un-sandboxed execution. + /// Prefer `on-request` for interactive runs or `never` for non-interactive runs. OnFailure, /// The model decides when to ask the user for approval.