Michael Bolin 040976b218 tests: isolate approval fixtures from host rules (#18288) ...

## Why

Several approval-focused tests were unintentionally sensitive to
host-level rule files. On machines with broader allowed command
prefixes, commonly allowed commands such as `/bin/date` could bypass the
approval path these tests were meant to exercise, making the fixtures
depend on the developer or CI host configuration.

## What changed

- Pins the approval matrix fixture to the explicit user reviewer so it
does not inherit a host reviewer.
- Changes OTel approval fixtures to request `/usr/bin/touch
codex-otel-approval-test`, avoiding a command that may be pre-approved
by local rules.
- Clears the config layer stack for the permissions-message assertion
that needs to compare only the permissions text under test.

## Verification

- `env -u CODEX_SANDBOX_NETWORK_DISABLED cargo test -p codex-core --test
all approval_matrix_covers_all_modes -- --nocapture`
- `env -u CODEX_SANDBOX_NETWORK_DISABLED cargo test -p codex-core --test
all permissions_messages -- --nocapture`

2026-04-23 14:12:09 -07:00

..

common

tui: carry permission profiles on user turns (#18285)

2026-04-23 11:54:17 -07:00

fixtures

Update tests to stop using sse_completed fixture (#10638)

2026-02-04 08:38:06 -08:00

suite

tests: isolate approval fixtures from host rules (#18288)

2026-04-23 14:12:09 -07:00

all.rs

remove temporary ownership re-exports (#16626)

2026-04-03 00:33:34 -07:00

cli_responses_fixture.sse

…

responses_headers.rs

[rollout_trace] Record core session rollout traces (#18877)

2026-04-22 17:00:48 +00:00