Skip to content

fix(agent): honor Codex full access permissions#3471

Merged
trunk-io[bot] merged 6 commits into
mainfrom
posthog-code/fix-codex-full-access
Jul 15, 2026
Merged

fix(agent): honor Codex full access permissions#3471
trunk-io[bot] merged 6 commits into
mainfrom
posthog-code/fix-codex-full-access

Conversation

@richardsolomou

@richardsolomou richardsolomou commented Jul 15, 2026

Copy link
Copy Markdown
Member

Problem

Codex still prompts for commands after Full access is selected, especially when the current turn started in Auto. The selection can also revert when revisiting a task.

Closes #3459

Changes

Full access canonicalizes Codex policy aliases and bypasses only real approval requests, never structured questions. Persisted settings survive reconstruction but reset across adapter changes, with conflict-aware rollback for concurrent updates.

How did you test this?

Added coverage for policy updates, question prompts, persistence, adapter changes, and task revisits. Ran 307 focused tests, all 2,277 core tests, affected package typechecks, Biome, and the commit-hook typecheck.

Automatic notifications

  • Publish to changelog?
  • Alert Sales and Marketing teams?

Created with PostHog Code

Generated-By: PostHog Code
Task-Id: 1f1fe07c-6384-4d1e-8ab9-bad3700caa2e
@trunk-io

trunk-io Bot commented Jul 15, 2026

Copy link
Copy Markdown

😎 Merged directly without going through the merge queue, as the queue was empty and the PR was up to date with the target branch - details.

@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

React Doctor found no issues in the changed files. 🎉

Reviewed by React Doctor for commit 1ef5eaa.

@greptile-apps

greptile-apps Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Security Review

The live permission path can auto-approve callbacks from an uncanonicalized bypassPermissions value without confirming that Codex's native full-access policy was applied.

Reviews (1): Last reviewed commit: "fix(agent): honor Codex full access perm..." | Re-trigger Greptile

Comment thread packages/workspace-server/src/services/agent/agent.ts Outdated
Comment thread packages/core/src/sessions/sessionService.ts
Generated-By: PostHog Code
Task-Id: 1f1fe07c-6384-4d1e-8ab9-bad3700caa2e
@richardsolomou richardsolomou requested a review from a team July 15, 2026 12:54
Generated-By: PostHog Code
Task-Id: 1f1fe07c-6384-4d1e-8ab9-bad3700caa2e
Comment thread packages/agent/src/adapters/codex-app-server/session-config.ts Outdated
Generated-By: PostHog Code

Task-Id: 1f1fe07c-6384-4d1e-8ab9-bad3700caa2e
@richardsolomou richardsolomou enabled auto-merge (squash) July 15, 2026 13:23
@trunk-io trunk-io Bot merged commit 53ae2df into main Jul 15, 2026
30 checks passed
@trunk-io trunk-io Bot deleted the posthog-code/fix-codex-full-access branch July 15, 2026 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bypass permissions mode not respected in Codex sessions

2 participants