feat: introduce Permissions (#11633)

## Why We currently carry multiple permission-related concepts directly on `Config` for shell/unified-exec behavior (`approval_policy`, `sandbox_policy`, `network`, `shell_environment_policy`, `windows_sandbox_mode`). Consolidating these into one in-memory struct makes permission handling easier to reason about and sets up the next step: supporting named permission profiles (`[permissions.PROFILE_NAME]`) without changing behavior now. This change is mostly mechanical: it updates existing callsites to go through `config.permissions`, but it does not yet refactor those callsites to take a single `Permissions` value in places where multiple permission fields are still threaded separately. This PR intentionally **does not** change the on-disk `config.toml` format yet and keeps compatibility with legacy config keys. ## What Changed - Introduced `Permissions` in `core/src/config/mod.rs`. - Added `Config::permissions` and moved effective runtime permission fields under it: - `approval_policy` - `sandbox_policy` - `network` - `shell_environment_policy` - `windows_sandbox_mode` - Updated config loading/building so these effective values are still derived from the same existing config inputs and constraints. - Updated Windows sandbox helpers/resolution to read/write via `permissions`. - Threaded the new field through all permission consumers across core runtime, app-server, CLI/exec, TUI, and sandbox summary code. - Updated affected tests to reference `config.permissions.*`. - Renamed the struct/field from `EffectivePermissions`/`effective_permissions` to `Permissions`/`permissions` and aligned variable naming accordingly. ## Verification - `just fix -p codex-core -p codex-tui -p codex-cli -p codex-app-server -p codex-exec -p codex-utils-sandbox-summary` - `cargo build -p codex-core -p codex-tui -p codex-cli -p codex-app-server -p codex-exec -p codex-utils-sandbox-summary`
2026-05-04 13:21:54 +03:00 · 2026-02-12 14:42:54 -08:00
parent d7cb70ed26
commit a4cc1a4a85
30 changed files with 280 additions and 193 deletions
--- a/codex-rs/tui/src/status/card.rs
+++ b/codex-rs/tui/src/status/card.rs
@@ -168,10 +168,13 @@ impl StatusHistoryCell {
            ("workdir", config.cwd.display().to_string()),
            ("model", model_name.to_string()),
            ("provider", config.model_provider_id.clone()),
-            ("approval", config.approval_policy.value().to_string()),
+            (
+                "approval",
+                config.permissions.approval_policy.value().to_string(),
+            ),
            (
                "sandbox",
-                summarize_sandbox_policy(config.sandbox_policy.get()),
+                summarize_sandbox_policy(config.permissions.sandbox_policy.get()),
            ),
        ];
        if config.model_provider.wire_api == WireApi::Responses {
@@ -191,7 +194,7 @@ impl StatusHistoryCell {
            .find(|(k, _)| *k == "approval")
            .map(|(_, v)| v.clone())
            .unwrap_or_else(|| "<unknown>".to_string());
-        let sandbox = match config.sandbox_policy.get() {
+        let sandbox = match config.permissions.sandbox_policy.get() {
            SandboxPolicy::DangerFullAccess => "danger-full-access".to_string(),
            SandboxPolicy::ReadOnly { .. } => "read-only".to_string(),
            SandboxPolicy::WorkspaceWrite {
@@ -207,12 +210,13 @@ impl StatusHistoryCell {
                }
            }
        };
-        let permissions = if config.approval_policy.value() == AskForApproval::OnRequest
-            && *config.sandbox_policy.get() == SandboxPolicy::new_workspace_write_policy()
+        let permissions = if config.permissions.approval_policy.value() == AskForApproval::OnRequest
+            && *config.permissions.sandbox_policy.get()
+                == SandboxPolicy::new_workspace_write_policy()
        {
            "Default".to_string()
-        } else if config.approval_policy.value() == AskForApproval::Never
-            && *config.sandbox_policy.get() == SandboxPolicy::DangerFullAccess
+        } else if config.permissions.approval_policy.value() == AskForApproval::Never
+            && *config.permissions.sandbox_policy.get() == SandboxPolicy::DangerFullAccess
        {
            "Full Access".to_string()
        } else {
--- a/codex-rs/tui/src/status/tests.rs
+++ b/codex-rs/tui/src/status/tests.rs
@@ -98,6 +98,7 @@ async fn status_snapshot_includes_reasoning_details() {
    config.model_provider_id = "openai".to_string();
    config.model_reasoning_summary = ReasoningSummary::Detailed;
    config
+        .permissions
        .sandbox_policy
        .set(SandboxPolicy::WorkspaceWrite {
            writable_roots: Vec::new(),
@@ -177,10 +178,12 @@ async fn status_permissions_non_default_workspace_write_is_custom() {
    config.model = Some("gpt-5.1-codex-max".to_string());
    config.model_provider_id = "openai".to_string();
    config
+        .permissions
        .approval_policy
        .set(AskForApproval::OnRequest)
        .expect("set approval policy");
    config
+        .permissions
        .sandbox_policy
        .set(SandboxPolicy::WorkspaceWrite {
            writable_roots: Vec::new(),