fix(tui) remove config check for trusted setting (#11874)

## Summary Simplify the trusted directory flow. This logic was originally designed several months ago, to determine if codex should start in read-only or workspace-write mode. However, that's no longer the purpose of directory trust - and therefore we should get rid of this logic. ## Testing - [x] Unit tests pass
2026-04-30 03:12:20 +03:00 · 2026-03-05 22:29:34 -08:00
parent 14de492985
commit 4c9b1c38f6
2 changed files with 2 additions and 52 deletions
--- a/codex-rs/core/src/config/mod.rs
+++ b/codex-rs/core/src/config/mod.rs
@@ -219,10 +219,6 @@ pub struct Config {
    /// using backend-specific headers or URLs to enforce this.
    pub enforce_residency: Constrained<Option<ResidencyRequirement>>,

-    /// True if the user passed in an override or set a value in config.toml
-    /// for either of approval_policy or sandbox_mode.
-    pub did_user_set_custom_approval_policy_or_sandbox_mode: bool,
-
    /// When `true`, `AgentReasoning` events emitted by the backend will be
    /// suppressed from the frontend output. This can reduce visual noise when
    /// users are only interested in the final agent responses.
@@ -1789,9 +1785,6 @@ impl Config {
        let active_project = cfg
            .get_active_project(&resolved_cwd)
            .unwrap_or(ProjectConfig { trust_level: None });
-        let sandbox_mode_was_explicit = sandbox_mode.is_some()
-            || config_profile.sandbox_mode.is_some()
-            || cfg.sandbox_mode.is_some();

        let windows_sandbox_level = match windows_sandbox_mode {
            Some(WindowsSandboxModeToml::Elevated) => WindowsSandboxLevel::Elevated,
@@ -1821,9 +1814,6 @@ impl Config {
                }
            }
        }
-        let approval_policy_was_explicit = approval_policy_override.is_some()
-            || config_profile.approval_policy.is_some()
-            || cfg.approval_policy.is_some();
        let mut approval_policy = approval_policy_override
            .or(config_profile.approval_policy)
            .or(cfg.approval_policy)
@@ -1836,9 +1826,7 @@ impl Config {
                    AskForApproval::default()
                }
            });
-        if !approval_policy_was_explicit
-            && let Err(err) = constrained_approval_policy.can_set(&approval_policy)
-        {
+        if let Err(err) = constrained_approval_policy.can_set(&approval_policy) {
            tracing::warn!(
                error = %err,
                "default approval policy is disallowed by requirements; falling back to required default"
@@ -1847,10 +1835,6 @@ impl Config {
        }
        let web_search_mode = resolve_web_search_mode(&cfg, &config_profile, &features)
            .unwrap_or(WebSearchMode::Cached);
-        // TODO(dylan): We should be able to leverage ConfigLayerStack so that
-        // we can reliably check this at every config level.
-        let did_user_set_custom_approval_policy_or_sandbox_mode =
-            approval_policy_was_explicit || sandbox_mode_was_explicit;

        let mut model_providers = built_in_model_providers();
        // Merge user-defined providers into the built-in list.
@@ -2155,7 +2139,6 @@ impl Config {
                macos_seatbelt_profile_extensions: None,
            },
            enforce_residency: enforce_residency.value,
-            did_user_set_custom_approval_policy_or_sandbox_mode,
            notify: cfg.notify,
            user_instructions,
            base_instructions,
@@ -3487,7 +3470,6 @@ profile = "project"
            config.permissions.sandbox_policy.get(),
            &SandboxPolicy::DangerFullAccess
        ));
-        assert!(config.did_user_set_custom_approval_policy_or_sandbox_mode);

        Ok(())
    }
@@ -5193,7 +5175,6 @@ model_verbosity = "high"
                    macos_seatbelt_profile_extensions: None,
                },
                enforce_residency: Constrained::allow_any(None),
-                did_user_set_custom_approval_policy_or_sandbox_mode: true,
                user_instructions: None,
                notify: None,
                cwd: fixture.cwd(),
@@ -5323,7 +5304,6 @@ model_verbosity = "high"
                macos_seatbelt_profile_extensions: None,
            },
            enforce_residency: Constrained::allow_any(None),
-            did_user_set_custom_approval_policy_or_sandbox_mode: true,
            user_instructions: None,
            notify: None,
            cwd: fixture.cwd(),
@@ -5451,7 +5431,6 @@ model_verbosity = "high"
                macos_seatbelt_profile_extensions: None,
            },
            enforce_residency: Constrained::allow_any(None),
-            did_user_set_custom_approval_policy_or_sandbox_mode: true,
            user_instructions: None,
            notify: None,
            cwd: fixture.cwd(),
@@ -5565,7 +5544,6 @@ model_verbosity = "high"
                macos_seatbelt_profile_extensions: None,
            },
            enforce_residency: Constrained::allow_any(None),
-            did_user_set_custom_approval_policy_or_sandbox_mode: true,
            user_instructions: None,
            notify: None,
            cwd: fixture.cwd(),
@@ -5647,24 +5625,6 @@ model_verbosity = "high"
        Ok(())
    }

-    #[test]
-    fn test_did_user_set_custom_approval_policy_or_sandbox_mode_defaults_no() -> anyhow::Result<()>
-    {
-        let fixture = create_test_fixture()?;
-
-        let config = Config::load_from_base_config_with_overrides(
-            fixture.cfg.clone(),
-            ConfigOverrides {
-                ..Default::default()
-            },
-            fixture.codex_home(),
-        )?;
-
-        assert!(config.did_user_set_custom_approval_policy_or_sandbox_mode);
-
-        Ok(())
-    }
-
    #[test]
    fn test_requirements_web_search_mode_allowlist_does_not_warn_when_unset() -> anyhow::Result<()>
    {