Add plumbing to approve stored Auto-Review denials#18955
Conversation
3c2a46c to
994baf7
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3c2a46c480
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let (_, thread) = match self.load_thread(&thread_id).await { | ||
| Ok(v) => v, | ||
| Err(error) => { | ||
| self.outgoing.send_error(request_id, error).await; | ||
| return; | ||
| } | ||
| }; | ||
|
|
||
| match self | ||
| .submit_core_op( | ||
| &request_id, | ||
| thread.as_ref(), | ||
| Op::ApproveGuardianDeniedAction { event }, |
There was a problem hiding this comment.
Validate denial event matches the target thread
The RPC accepts any deserialized GuardianAssessmentEvent and submits it to the loaded thread_id without checking that the event belongs to that thread/turn. This allows replaying or forging denied events across threads, injecting authorization context into unrelated conversations.
Useful? React with 👍 / 👎.
Summary
This adds the structural plumbing needed for an app-server client to approve a previously denied Guardian review and carry that approval context into the next model turn.
This PR does not add the actual
/auto-review-denialstoolWhat Changed
thread/approveGuardianDeniedAction.ThreadApproveGuardianDeniedAction*.Op::ApproveGuardianDeniedAction.Op::ApproveGuardianDeniedAction { event }is routed to the app-server request.What This Does Not Do
/auto-review-denials.Verification
cargo test -p codex-tui thread_approve_guardian_denied_action