Conversation
bolinfest
changed the title
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 250f3176e1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| ":workspace_roots" => Some(FileSystemSpecialPath::project_roots(/*subpath*/ None)), | ||
| ":tmpdir" => Some(FileSystemSpecialPath::Tmpdir), | ||
| _ if path.starts_with(':') => { | ||
| Some(FileSystemSpecialPath::unknown(path, /*subpath*/ None)) |
There was a problem hiding this comment.
When upgrading with an existing config that uses the previously documented [permissions.<profile>.filesystem.":project_roots"] key, this parser now falls through to FileSystemSpecialPath::Unknown, and the comment above notes unknown paths are warned and ignored. That means those profiles silently stop granting/denying the intended workspace-root permissions after upgrade; please keep :project_roots as a legacy alias while canonicalizing display/config output to :workspace_roots.
Useful? React with 👍 / 👎.
2 participants
Why
This is a small precursor to the larger permissions-migration work. Both the comparison stack in #22401 / #22402 and the alternate stack in #22610 / #22611 / #22612 are easier to review if the terminology is already settled underneath them.
Because
:project_rootsand:danger-no-sandboxhave not shipped as stable user-facing surface area, carrying them forward as aliases would just add more migration logic to the later stacks. This PR removes that ambiguity now so the follow-on work can rely on one spelling for each built-in concept.What Changed
:project_rootsto:workspace_roots:project_rootsparsing support incore/src/config/permissions.rs, so new config only recognizes:workspace_roots:danger-no-sandboxto:danger-full-access:danger-no-sandboxsupport entirely, including the old active-profile canonicalization path, and added explicit rejection coverage for the legacy idcodex-rs/protocol/src/models.rscore,app-server, andtuicall sites that special-case built-in profiles to use the shared constants and canonical ids:workspace_roots/:danger-full-accessVerification
I focused verification on the three places this rename can regress: config parsing, active-profile identity surfaced back out of
core, and user/server call sites that special-case built-in profiles.Targeted checks:
config::tests::default_permissions_can_select_builtin_profile_without_permissions_tableconfig::tests::default_permissions_read_only_applies_additional_writable_roots_as_modificationsconfig::tests::default_permissions_can_select_builtin_full_access_profileconfig::tests::legacy_danger_no_sandbox_is_rejectedworkspace_rootfilteredcodex-coretestsrequest_processors::thread_processor::thread_processor_tests::thread_processor_behavior_tests::requested_permissions_trust_project_uses_permission_profile_intentsuite::v2::turn_start::turn_start_rejects_invalid_permission_selection_before_starting_turnstatus::tests::status_snapshot_shows_auto_review_permissionsstatus::tests::status_permissions_full_disk_managed_with_network_is_danger_full_accessapp_server_session::tests::embedded_turn_permissions_use_active_profile_selection