Skip to content

app-server: include filesystem entries in permission requests#19086

Merged
bolinfest merged 1 commit into
mainfrom
pr19086
Apr 23, 2026
Merged

app-server: include filesystem entries in permission requests#19086
bolinfest merged 1 commit into
mainfrom
pr19086

Conversation

@bolinfest

@bolinfest bolinfest commented Apr 23, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Why

item/permissions/requestApproval sends a requested permission profile to app-server clients. The core profile already stores filesystem permissions as entries, but the v2 compatibility conversion used the legacy read/write projection whenever possible and left entries unset.

That made the request ambiguous for clients that consume the canonical v2 shape: permissions.fileSystem.entries was missing even though filesystem access was being requested. A client that rendered or echoed grants from entries could treat the request as having no filesystem permission entries, then return an empty or incomplete grant. The app-server intersects responses with the original request, so omitted filesystem permissions are denied.

What Changed

  • Populate AdditionalFileSystemPermissions.entries when converting legacy read/write roots for request permission payloads, while preserving read and write for compatibility.
  • Mark read and write as transitional schema fields in the generated app-server schema.
  • Add regression coverage for the v2 conversion, the app-server item/permissions/requestApproval round trip, and TUI app-server approval conversion expectations.
  • Refresh generated JSON and TypeScript schema fixtures.

Verification

  • just fmt
  • cargo test -p codex-app-server-protocol
  • cargo test -p codex-app-server request_permissions_round_trip
  • cargo test -p codex-tui converts_request_permissions_into_granted_permissions
  • cargo test -p codex-tui resolves_permissions_and_user_input_through_app_server_request_id

@bolinfest bolinfest changed the title ensure AdditionalFileSystemPermissions is created with entries field set app-server: include filesystem entries in permission requests Apr 23, 2026
@bolinfest bolinfest force-pushed the pr19086 branch 2 times, most recently from 877d0fb to 4ed92c2 Compare April 23, 2026 06:38
@bolinfest bolinfest changed the base branch from main to pr19089 April 23, 2026 06:38
@bolinfest bolinfest mentioned this pull request Apr 23, 2026
Closed
@bolinfest bolinfest changed the base branch from pr19089 to main April 23, 2026 06:50
@bolinfest bolinfest enabled auto-merge (squash) April 23, 2026 06:51
@bolinfest bolinfest disabled auto-merge April 23, 2026 07:21
@bolinfest bolinfest merged commit 8bc667b into main Apr 23, 2026
60 of 63 checks passed
@bolinfest bolinfest deleted the pr19086 branch April 23, 2026 07:22
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 23, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dylan-hurd-oai dylan-hurd-oai dylan-hurd-oai approved these changes

@gpeal gpeal Awaiting requested review from gpeal

@viyatb-oai viyatb-oai Awaiting requested review from viyatb-oai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bolinfest @dylan-hurd-oai