4d7ce3447d
## Why This supersedes #19391. During stack repair, GitHub marked #19391 as merged into a temporary stack branch rather than into `main`, so the runtime-config change needed a fresh PR. `PermissionProfile` is now the canonical permissions shape after #19231 because it can distinguish `Managed`, `Disabled`, and `External` enforcement while also carrying filesystem rules that legacy `SandboxPolicy` cannot represent cleanly. Core config and session state still needed to accept profile-backed permissions without forcing every profile through the strict legacy bridge, which rejected valid runtime profiles such as direct write roots. The unrelated CI/test hardening that previously rode along with this PR has been split into #19683 so this PR stays focused on the permissions model migration. ## What Changed - Adds `Permissions.permission_profile` and `SessionConfiguration.permission_profile` as constrained runtime state, while keeping `sandbox_policy` as a legacy compatibility projection. - Introduces profile setters that keep `PermissionProfile`, split filesystem/network policies, and legacy `SandboxPolicy` projections synchronized. - Uses a compatibility projection for requirement checks and legacy consumers instead of rejecting profiles that cannot round-trip through `SandboxPolicy` exactly. - Updates config loading, config overrides, session updates, turn context plumbing, prompt permission text, sandbox tags, and exec request construction to carry profile-backed runtime permissions. - Preserves configured deny-read entries and `glob_scan_max_depth` when command/session profiles are narrowed. - Adds `PermissionProfile::read_only()` and `PermissionProfile::workspace_write()` presets that match legacy defaults. ## Verification - `cargo test -p codex-core direct_write_roots` - `cargo test -p codex-core runtime_roots_to_legacy_projection` - `cargo test -p codex-app-server requested_permissions_trust_project_uses_permission_profile_intent` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/19606). * #19395 * #19394 * #19393 * #19392 * __->__ #19606
codex-tools
codex-tools is intended to become the home for tool-related code that is
shared across multiple crates and does not need to stay coupled to
codex-core.
Today this crate is intentionally small. It currently owns the shared tool
schema and Responses API tool primitives that no longer need to live in
core/src/tools/spec.rs or core/src/client_common.rs:
JsonSchemaAdditionalPropertiesToolDefinitionToolSpecConfiguredToolSpecResponsesApiToolFreeformToolFreeformToolFormatLoadableToolSpecResponsesApiWebSearchFiltersResponsesApiWebSearchUserLocationResponsesApiNamespaceResponsesApiNamespaceTool- code-mode
ToolSpecadapters andexec/waitspec builders - MCP resource,
list_dir, andtest_sync_toolspec builders - local host tool spec builders for shell/exec/request-permissions/view-image
- collaboration and agent-job
ToolSpecbuilders for spawn/send/wait/close,request_user_input, and CSV fanout/reporting - discoverable-tool models, client filtering, and
ToolSpecbuilders fortool_searchandtool_suggest parse_tool_input_schema()parse_dynamic_tool()parse_mcp_tool()create_tools_json_for_responses_api()mcp_call_tool_result_output_schema()tool_definition_to_responses_api_tool()dynamic_tool_to_loadable_tool_spec()dynamic_tool_to_responses_api_tool()mcp_tool_to_responses_api_tool()mcp_tool_to_deferred_responses_api_tool()augment_tool_spec_for_code_mode()tool_spec_to_code_mode_tool_definition()
That extraction is the first step in a longer migration. The goal is not to
move all of core/src/tools into this crate in one shot. Instead, the plan is
to peel off reusable pieces in reviewable increments while keeping
compatibility-sensitive orchestration in codex-core until the surrounding
boundaries are ready.
Vision
Over time, this crate should hold tool-facing primitives that are shared by multiple consumers, for example:
- schema and spec data models
- tool input/output parsing helpers
- tool metadata and compatibility shims that do not depend on
codex-core - other narrowly scoped utility code that multiple crates need
The corresponding non-goals are just as important:
- do not move
codex-coreorchestration here prematurely - do not pull
Session/TurnContext/ approval flow / runtime execution logic into this crate unless those dependencies have first been split into stable shared interfaces - do not turn this crate into a grab-bag for unrelated helper code
Migration approach
The expected migration shape is:
- Move low-coupling tool primitives here.
- Switch non-core consumers to depend on
codex-toolsdirectly. - Leave compatibility-sensitive adapters in
codex-corewhile downstream call sites are updated. - Only extract higher-level tool infrastructure after the crate boundaries are clear and independently testable.
That means it is normal for codex-core to temporarily re-export types or
helpers from codex-tools during the transition.
Crate conventions
This crate should start with stricter structure than core/src/tools so it
stays easy to grow:
src/lib.rsshould remain exports-only.- Business logic should live in named module files such as
foo.rs. - Unit tests for
foo.rsshould live in a siblingfoo_tests.rs. - The implementation file should wire tests with:
#[cfg(test)]
#[path = "foo_tests.rs"]
mod tests;
If this crate starts accumulating code that needs runtime state from
codex-core, that is a sign to revisit the extraction boundary before adding
more here.