fix(codex): await computer use elicitation bridge

[kevinslin]

Summary

• Problem: configured Computer Use MCP approval elicitations can arrive without a JSON-object requestedSchema, and the app-server request handler returned the asynchronous elicitation bridge promise without awaiting it, letting request-response bookkeeping/finally run before the bridge settled.
• Solution: keep the exact configured MCP server-name boundary and form-mode guard, normalize missing or non-object Computer Use schemas to an empty object schema, and use return await handleCodexAppServerElicitationRequest(...) so request-response bookkeeping/finally waits for the approval bridge result.
• What changed: schema-less Computer Use form elicitations normalize to { type: "object", properties: {} }, custom configured Computer Use server names remain supported, pending approval elicitations keep the turn request active until the bridge resolves, non-form elicitations remain unhandled, the app-server bridge tests cover those cases, and Slack docs list /approve.
• What did NOT change (scope boundary): No native Slack UI behavior, gateway approval transport, broad server-name fragment matching, or non-Computer Use plugin approval policy is changed.

Motivation

• This preserves the cherry-picked bridge elicitation fix on top of current main while keeping the existing configured-server authorization boundary intact and preserving the manual approval request lifetime.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related #
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior or issue addressed: configured Computer Use app-server MCP form elicitations are routed into plugin approvals even when the elicitation request does not include an object schema, and the app-server request activity remains active until the approval bridge resolves.
• Real environment tested: Local OpenClaw Codex worktree unit/seam tests.
• Exact steps or command run after this patch: node scripts/run-vitest.mjs extensions/codex/src/app-server/run-attempt.test.ts extensions/codex/src/app-server/elicitation-bridge.test.ts; git diff --check.
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Test Files 2 passed (2); Tests 230 passed (230) and git diff --check exited cleanly.
• Observed result after fix: The focused app-server bridge suites pass with configured Computer Use elicitations bridged through plugin approval handling, including schema-less elicitations, custom configured server names, and pending approval request lifetime tracking.
• What was not tested: Live Slack plus Computer Use roundtrip was not rerun in this cherry-pick PR.
• Before evidence (optional but encouraged): N/A.

Root Cause (if applicable)

• Root cause: The bridge rejected non-object requestedSchema values before plugin approval handling could accept a valid configured Computer Use form elicitation. Separately, returning the bridge promise from inside a try/finally without await let request-response bookkeeping run before manual approval finished.
• Missing detection / guardrail: Coverage did not lock schema-less Computer Use elicitation requests while preserving exact configured server-name matching, the form-mode guard, and pending request lifetime.
• Contributing context (if known): This change is a current-main cherry-pick of the bridge elicitation fix plus the await fix needed for the async approval bridge callsite.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: extensions/codex/src/app-server/elicitation-bridge.test.ts; extensions/codex/src/app-server/run-attempt.test.ts.
• Scenario the test should lock in: configured Computer Use form elicitations bridge with missing schemas normalized to an empty object schema, custom configured server names still work, non-form/non-Computer Use elicitations remain unhandled, and the request :response progress marker does not fire until the elicitation bridge promise resolves.
• Why this is the smallest reliable guardrail: The bug is in the app-server bridge decision and request-handler lifetime path, so focused app-server tests exercise the contract without requiring a live channel.
• Existing test that already covers this (if any): Existing bridge tests covered approval roundtrip mapping, but not this schema shape with the configured-server boundary or the async request lifetime.
• If no new test is added, why not: N/A.

User-visible / Behavior Changes

Slack channel docs now list /approve among app commands. Computer Use app-server approval elicitations are more reliably bridged into plugin approval handling when their request schema is omitted or not an object, and pending approval requests are not treated as responded before the approval bridge resolves.

Diagram (if applicable)

Before:
[configured Computer Use form elicitation] -> [non-object schema rejection] -> [falls through]
[pending approval bridge promise] -> [request finally runs early] -> [turn can idle/complete too soon]

After:
[configured Computer Use form elicitation] -> [empty schema normalization] -> [plugin approval bridge]
[pending approval bridge promise] -> [await bridge] -> [request finally runs after approval response]

Security Impact (required)

• New permissions/capabilities? (Yes/No): No
• Secrets/tokens handling changed? (Yes/No): No
• New/changed network calls? (Yes/No): No
• Command/tool execution surface changed? (Yes/No): No
• Data access scope changed? (Yes/No): No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: macOS
• Runtime/container: Node via scripts/run-vitest.mjs
• Model/provider: N/A
• Integration/channel (if any): Codex app-server / Computer Use MCP elicitation bridge
• Relevant config (redacted): N/A

Steps

1. Run node scripts/run-vitest.mjs extensions/codex/src/app-server/run-attempt.test.ts extensions/codex/src/app-server/elicitation-bridge.test.ts.
2. Run git diff --check.

Expected

• Focused app-server bridge tests pass and the diff has no whitespace errors.

Actual

• Test Files 2 passed (2); Tests 230 passed (230).
• git diff --check exited cleanly.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios: Focused app-server bridge tests for configured Computer Use elicitation routing, run-attempt delegation, and pending elicitation request lifetime.
• Edge cases checked: Missing or non-object Computer Use schema normalizes to an empty object schema; custom configured desktop-control server names work; non-form elicitations remain unhandled; non-Computer Use server names remain unhandled by the Computer Use bridge; request response progress is emitted only after the bridge promise resolves.
• What you did not verify: Live Slack plus Computer Use roundtrip for this branch.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? (Yes/No): Yes
• Config/env changes? (Yes/No): No
• Migration needed? (Yes/No): No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: accepting a missing or non-object schema for configured Computer Use elicitations relaxes schema validation for this bridge path.
  • Mitigation: the exact configured MCP server-name check and mode: "form" guard remain in place, the normalized response schema has no fields, and focused tests cover custom configured servers plus non-form rejection.
• Risk: awaiting the bridge can keep the app-server request open while manual approval is pending.
  • Mitigation: this is the intended request lifetime; the existing run abort signal and turn idle controls still bound the attempt, and focused coverage verifies response bookkeeping waits for bridge completion.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR normalizes schema-less configured Computer Use form elicitations, awaits the async elicitation bridge before request finalization, adds focused app-server tests, and adds Slack /approve manifest docs.

Reproducibility: yes. for the source-level seam: current main requires a JSON-object requestedSchema before bridging configured Computer Use elicitations and returns the bridge promise without awaiting the request finalizer. A live Slack/Computer Use reproduction is still missing.

PR rating
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦐 gold shrimp
Summary: The patch is small and source-plausible with focused tests, but missing real behavior proof and unresolved approval-boundary signoff keep it out of merge-ready territory.

Rank-up moves:

• Add redacted real-flow proof showing a Slack Computer Use approval prompt, /approve resolution, and continued desktop action on this head.
• Get maintainer signoff on whether non-object schemas should normalize to empty or only omitted schemas should be accepted.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs real behavior proof before merge: The PR body includes focused Vitest and diff-check output only, so it still needs redacted real Slack/Computer Use proof; after updating the PR body, ClawSweeper should re-review automatically, or a maintainer can comment @clawsweeper re-review.

Mantis proof suggestion
A real Slack smoke would show the approval prompt, manual /approve, and Computer Use continuation path that unit tests cannot prove. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

slack desktop smoke: verify that a Codex Computer Use MCP approval reaches Slack, /approve allow-once resolves it, and the desktop action continues with private details redacted.

Risk before merge

• The schema fallback intentionally treats every missing or non-object requestedSchema as an empty schema for the configured Computer Use server, so maintainers need to confirm that scoped approval-boundary relaxation is acceptable.
• The PR body reports focused unit/seam tests only; it does not prove a real Slack approval prompt, /approve resolution, and Computer Use continuation on the final head.
• Awaiting the bridge keeps a Codex app-server request active while manual approval is pending; the source-level test covers bookkeeping, but a real transport proof is still needed for the user-visible approval path.

Maintainer options:

1. Require live approval proof and signoff (recommended)
   Before merge, require redacted proof of a real Slack Computer Use approval roundtrip and explicit maintainer acceptance of the schema fallback boundary.
2. Narrow the schema fallback
   If maintainers only want omitted schemas accepted, change the bridge to normalize absent requestedSchema while still declining malformed present schemas.
3. Accept the scoped exception
   Maintainers can intentionally accept all non-object schemas as empty for the exact configured Computer Use server if the server-name and form-mode guards are considered sufficient.

Next step before merge
Human review is needed because the maintainer label, missing real-flow proof, and Computer Use approval-boundary policy cannot be resolved by a narrow automated repair.

Security
Needs attention: The diff changes a Computer Use approval boundary by accepting non-object schemas for the configured server path, so maintainer signoff is needed before merge.

Review details

Best possible solution:

Land the narrow bridge fix only after redacted Slack/Computer Use proof demonstrates prompt delivery, /approve resolution, and desktop-action continuation, with maintainers explicitly choosing the omitted/non-object schema fallback policy.

Do we have a high-confidence way to reproduce the issue?

Yes for the source-level seam: current main requires a JSON-object requestedSchema before bridging configured Computer Use elicitations and returns the bridge promise without awaiting the request finalizer. A live Slack/Computer Use reproduction is still missing.

Is this the best way to solve the issue?

Unclear until maintainers accept the approval-boundary policy. The return await part is the narrowest fix, while schema fallback should either be explicitly accepted for non-object schemas or narrowed to omitted schemas only.

Label justifications:

• P2: This is a normal-priority Codex approval-flow bug fix with limited surface but real user impact for Computer Use approvals.
• merge-risk: 🚨 security-boundary: The diff changes which Computer Use MCP elicitation shapes are allowed through the plugin approval bridge for local desktop control.
• rating: 🧂 unranked krab: Current PR rating is 🧂 unranked krab because proof is 🧂 unranked krab, patch quality is 🦐 gold shrimp, and The patch is small and source-plausible with focused tests, but missing real behavior proof and unresolved approval-boundary signoff keep it out of merge-ready territory.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body includes focused Vitest and diff-check output only, so it still needs redacted real Slack/Computer Use proof; after updating the PR body, ClawSweeper should re-review automatically, or a maintainer can comment @clawsweeper re-review.

Security concerns:

• [medium] Confirm the Computer Use schema fallback boundary — extensions/codex/src/app-server/elicitation-bridge.ts:367
  Removing the object-schema precondition means a configured Computer Use form elicitation with any non-object requestedSchema can reach plugin approval as an empty schema; the exact server-name and form-mode guards reduce blast radius, but this is still a local desktop-control approval boundary choice.
  Confidence: 0.82

What I checked:

• Current main schema guard: Current main only bridges Computer Use elicitations when the server name matches the configured server, mode is form, and requestedSchema is a JSON object; the PR intentionally removes the object-schema precondition for this configured Computer Use path. (extensions/codex/src/app-server/elicitation-bridge.ts:363, f015c3ff5236)
• Current main request lifetime: The current request handler returns handleCodexAppServerElicitationRequest(...) from inside a try/finally, while the finalizer decrements active turn requests and emits the response progress marker in finally; the PR's return await targets that source-level lifetime gap. (extensions/codex/src/app-server/run-attempt.ts:2142, f015c3ff5236)
• PR cumulative diff: The PR head adds an empty object schema fallback in elicitation-bridge.ts, changes the app-server handler to return await, updates focused tests, and adds /approve to the Slack manifest docs. (extensions/codex/src/app-server/elicitation-bridge.ts:44, 0e768ffcb293)
• PR regression coverage: The PR adds seam coverage for schema-less Computer Use elicitations and a run-attempt test proving the request :response marker waits until the elicitation bridge resolves. (extensions/codex/src/app-server/run-attempt.test.ts:3276, 0e768ffcb293)
• Slack approval docs context: Current Slack docs already describe same-chat /approve support for channels and DMs; the PR's docs change adds that command to the default manifest command list. Public docs: docs/channels/slack.md. (docs/channels/slack.md:1342, f015c3ff5236)
• Maintainer review context: The hydrated PR context shows an existing ClawSweeper review requiring real behavior proof and maintainer approval-boundary signoff, and the PR currently has the protected maintainer label plus merge-risk: 🚨 security-boundary.

Likely related people:

• zhang-guiping: Blame and git log -S tie the current Computer Use elicitation bridge and Slack approval docs to the merged feature history in commit 7d5afcb. (role: introduced behavior; confidence: high; commits: 7d5afcbb3f83; files: extensions/codex/src/app-server/elicitation-bridge.ts, extensions/codex/src/app-server/run-attempt.ts, docs/channels/slack.md)
• joshavant: Recent merged Codex run-attempt and sandbox execution work touched the same app-server runtime surface shortly before this PR. (role: recent adjacent contributor; confidence: medium; commits: 7cda26aa6c72, ba06376c7955; files: extensions/codex/src/app-server/run-attempt.ts)
• steipete: Recent local history shows adjacent Codex run-attempt maintenance and prior approval-bridge lint work, making this a reasonable routing candidate for review context. (role: recent adjacent contributor; confidence: medium; commits: 1d5b5db4d221, bce0e5228acc; files: extensions/codex/src/app-server/run-attempt.ts, extensions/codex/src/app-server/elicitation-bridge.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against f015c3ff5236.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 02eb2086a4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.