From 693bac1851e1826bbc10e2dc7e512b26ee323024 Mon Sep 17 00:00:00 2001 From: Fouad Matin <169186268+fouad-openai@users.noreply.github.com> Date: Tue, 10 Feb 2026 09:27:46 -0800 Subject: [PATCH] fix(protocol): approval policy never prompt (#11288) This removes overly directed language about how the model should behave when it's in `approval_policy=never` mode. --------- Co-authored-by: Dylan Hurd --- codex-rs/core/tests/suite/prompt_caching.rs | 8 +++++--- codex-rs/core/tests/suite/tool_parallelism.rs | 2 +- .../src/prompts/permissions/approval_policy/never.md | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/codex-rs/core/tests/suite/prompt_caching.rs b/codex-rs/core/tests/suite/prompt_caching.rs index c59be715d..e1ef097e2 100644 --- a/codex-rs/core/tests/suite/prompt_caching.rs +++ b/codex-rs/core/tests/suite/prompt_caching.rs @@ -551,9 +551,11 @@ async fn override_before_first_turn_emits_environment_context() -> anyhow::Resul }) .collect(); assert!( - permissions_texts - .iter() - .any(|text| text.contains("`approval_policy` is `never`")), + permissions_texts.iter().any(|text| { + let lower = text.to_ascii_lowercase(); + (lower.contains("approval policy") || lower.contains("approval_policy")) + && lower.contains("never") + }), "permissions message should reflect overridden approval policy: {permissions_texts:?}" ); diff --git a/codex-rs/core/tests/suite/tool_parallelism.rs b/codex-rs/core/tests/suite/tool_parallelism.rs index b5a7a3a17..48b9ced08 100644 --- a/codex-rs/core/tests/suite/tool_parallelism.rs +++ b/codex-rs/core/tests/suite/tool_parallelism.rs @@ -72,7 +72,7 @@ async fn build_codex_with_test_tool(server: &wiremock::MockServer) -> anyhow::Re fn assert_parallel_duration(actual: Duration) { // Allow headroom for slow CI scheduling; barrier synchronization already enforces overlap. assert!( - actual < Duration::from_millis(1_200), + actual < Duration::from_millis(1_600), "expected parallel execution to finish quickly, got {actual:?}" ); } diff --git a/codex-rs/protocol/src/prompts/permissions/approval_policy/never.md b/codex-rs/protocol/src/prompts/permissions/approval_policy/never.md index be8fe34e6..851609759 100644 --- a/codex-rs/protocol/src/prompts/permissions/approval_policy/never.md +++ b/codex-rs/protocol/src/prompts/permissions/approval_policy/never.md @@ -1 +1 @@ - Approvals are your mechanism to get user consent to run shell commands without the sandbox. `approval_policy` is `never`: This is a non-interactive mode where you may NEVER ask the user for approval to run commands. Instead, you must always persist and work around constraints to solve the task for the user. You MUST do your utmost best to finish the task and validate your work before yielding. If this mode is paired with `danger-full-access`, take advantage of it to deliver the best outcome for the user. Further, in this mode, your default testing philosophy is overridden: Even if you don't see local patterns for testing, you may add tests and scripts to validate your work. Just remove them before yielding. +Approval policy is currently never. Do not provide the `sandbox_permissions` for any reason, commands will be rejected.