chore(core) rm AskForApproval::OnFailure (#28418)

## Summary
Deletes the OnFailure variant of the `AskForApproval` enum. This option
has been deprecated since #11631.

## Testing
- [x] Tests pass
This commit is contained in:
Dylan Hurd
2026-06-23 12:13:54 -07:00
committed by GitHub
Unverified
parent e476fc16ce
commit 2cf2a6a844
56 changed files with 75 additions and 479 deletions
@@ -640,7 +640,7 @@ async fn selected_user_config_file_layers_over_base_user_config() {
tmp.path().join(CONFIG_TOML_FILE),
r#"
model = "gpt-main"
approval_policy = "on-failure"
approval_policy = "on-request"
"#,
)
.expect("write default user config");
@@ -697,7 +697,7 @@ approval_policy = "on-failure"
.effective_config()
.get("approval_policy")
.and_then(TomlValue::as_str),
Some("on-failure")
Some("on-request")
);
}
@@ -1033,12 +1033,6 @@ personality = true
config_requirements
.approval_policy
.can_set(&AskForApproval::Never)?;
assert!(
config_requirements
.approval_policy
.can_set(&AskForApproval::OnFailure)
.is_err()
);
assert_eq!(
config_requirements.web_search_mode.value(),
WebSearchMode::Cached
+2 -2
View File
@@ -8272,7 +8272,7 @@ model_provider = "openai-custom"
[profiles.zdr]
model = "o3"
model_provider = "openai"
approval_policy = "on-failure"
approval_policy = "on-request"
[profiles.zdr.analytics]
enabled = false
@@ -8280,7 +8280,7 @@ enabled = false
[profiles.gpt5]
model = "gpt-5.4"
model_provider = "openai"
approval_policy = "on-failure"
approval_policy = "on-request"
model_reasoning_effort = "high"
model_reasoning_summary = "detailed"
model_verbosity = "high"
+2 -4
View File
@@ -177,7 +177,6 @@ pub(crate) fn prompt_is_rejected_by_policy(
) -> Option<&'static str> {
match approval_policy {
AskForApproval::Never => Some(PROMPT_CONFLICT_REASON),
AskForApproval::OnFailure => None,
AskForApproval::OnRequest => None,
AskForApproval::UnlessTrusted => None,
AskForApproval::Granular(granular_config) => {
@@ -689,15 +688,14 @@ pub(crate) fn render_decision_for_unmatched_command(
Decision::Forbidden
}
}
AskForApproval::OnFailure
| AskForApproval::OnRequest
AskForApproval::OnRequest
| AskForApproval::UnlessTrusted
| AskForApproval::Granular(_) => Decision::Prompt,
};
}
match approval_policy {
AskForApproval::Never | AskForApproval::OnFailure => {
AskForApproval::Never => {
// We allow the command to run, relying on the sandbox for
// protection.
Decision::Allow
+3 -4
View File
@@ -738,10 +738,9 @@ fn hook_run_metric_tags(run: &HookRunSummary) -> [(&'static str, &'static str);
fn hook_permission_mode(turn_context: &TurnContext) -> String {
match turn_context.approval_policy.value() {
AskForApproval::Never => "bypassPermissions",
AskForApproval::UnlessTrusted
| AskForApproval::OnFailure
| AskForApproval::OnRequest
| AskForApproval::Granular(_) => "default",
AskForApproval::UnlessTrusted | AskForApproval::OnRequest | AskForApproval::Granular(_) => {
"default"
}
}
.to_string()
}
+2 -4
View File
@@ -653,10 +653,8 @@ async fn maybe_request_codex_apps_auth_elicitation(
AskForApproval::Granular(granular_config) if !granular_config.allows_mcp_elicitations() => {
return result;
}
AskForApproval::OnFailure
| AskForApproval::OnRequest
| AskForApproval::UnlessTrusted
| AskForApproval::Granular(_) => {}
AskForApproval::OnRequest | AskForApproval::UnlessTrusted | AskForApproval::Granular(_) => {
}
}
let connector_id = metadata.and_then(|metadata| metadata.connector_id.as_deref());
-1
View File
@@ -2915,7 +2915,6 @@ async fn approve_mode_skips_guardian_in_every_permission_mode() {
for approval_policy in [
AskForApproval::UnlessTrusted,
AskForApproval::OnFailure,
AskForApproval::OnRequest,
AskForApproval::Granular(GranularApprovalConfig {
sandbox_approval: true,
+2 -7
View File
@@ -44,10 +44,7 @@ pub fn assess_patch_safety(
}
match policy {
AskForApproval::OnFailure
| AskForApproval::Never
| AskForApproval::OnRequest
| AskForApproval::Granular(_) => {
AskForApproval::Never | AskForApproval::OnRequest | AskForApproval::Granular(_) => {
// Continue to see if this can be auto-approved.
}
// TODO(ragona): I'm not sure this is actually correct? I believe in this case
@@ -66,9 +63,7 @@ pub fn assess_patch_safety(
// Even though the patch appears to be constrained to writable paths, it is
// possible that paths in the patch are hard links to files outside the
// writable roots, so we should still run `apply_patch` in a sandbox in that case.
if is_write_patch_constrained_to_writable_paths(action, file_system_sandbox_policy, cwd)
|| matches!(policy, AskForApproval::OnFailure)
{
if is_write_patch_constrained_to_writable_paths(action, file_system_sandbox_policy, cwd) {
if matches!(
permission_profile,
PermissionProfile::Disabled | PermissionProfile::External { .. }
+1 -2
View File
@@ -2246,8 +2246,7 @@ impl Session {
strict_auto_review: false,
});
}
AskForApproval::OnFailure
| AskForApproval::OnRequest
AskForApproval::OnRequest
| AskForApproval::UnlessTrusted
| AskForApproval::Granular(_) => {}
}
-9
View File
@@ -748,15 +748,6 @@ impl Session {
) {
post_session_configured_events.push(event);
}
if config.permissions.approval_policy.value() == AskForApproval::OnFailure {
post_session_configured_events.push(Event {
id: "".to_owned(),
msg: EventMsg::Warning(WarningEvent {
message: "`on-failure` approval policy is deprecated and will be removed in a future release. Use `on-request` for interactive approvals or `never` for non-interactive runs.".to_string(),
}),
});
}
let auth = auth.as_ref();
let auth_mode = auth.map(CodexAuth::auth_mode).map(TelemetryAuthMode::from);
let account_id = auth.and_then(CodexAuth::get_account_id);
+3 -3
View File
@@ -1288,7 +1288,7 @@ async fn reload_user_config_layer_updates_base_and_selected_profile_layers() {
let profile_config_path = codex_home.join("work.config.toml");
std::fs::write(
&base_config_path,
"model = \"base\"\napproval_policy = \"on-failure\"\n",
"model = \"base\"\napproval_policy = \"on-request\"\n",
)
.expect("write base user config");
std::fs::write(&profile_config_path, "model = \"profile-old\"\n")
@@ -10147,7 +10147,7 @@ async fn rejects_escalated_permissions_when_policy_not_on_request() {
// Ensure policy is NOT OnRequest so the early rejection path triggers
turn_context_raw
.approval_policy
.set(AskForApproval::OnFailure)
.set(AskForApproval::Never)
.expect("test setup should allow updating approval policy");
let session = Arc::new(session);
let mut turn_context = Arc::new(turn_context_raw);
@@ -10310,7 +10310,7 @@ async fn unified_exec_rejects_escalated_permissions_when_policy_not_on_request()
let (session, mut turn_context_raw) = make_session_and_context().await;
turn_context_raw
.approval_policy
.set(AskForApproval::OnFailure)
.set(AskForApproval::Never)
.expect("test setup should allow updating approval policy");
let session = Arc::new(session);
let turn_context = Arc::new(turn_context_raw);
@@ -407,7 +407,7 @@ async fn strict_auto_review_turn_grant_forces_guardian_for_shell_command_policy_
turn_context_raw
.approval_policy
.set(AskForApproval::OnFailure)
.set(AskForApproval::Never)
.expect("test setup should allow updating approval policy");
turn_context_raw.permission_profile = codex_protocol::models::PermissionProfile::Disabled;
let mut config = (*turn_context_raw.config).clone();
@@ -250,7 +250,6 @@ fn allow_once_and_allow_for_session_both_allow_network() {
fn only_never_policy_disables_network_approval_flow() {
assert!(!allows_network_approval_flow(AskForApproval::Never));
assert!(allows_network_approval_flow(AskForApproval::OnRequest));
assert!(allows_network_approval_flow(AskForApproval::OnFailure));
assert!(allows_network_approval_flow(AskForApproval::UnlessTrusted));
}
@@ -205,7 +205,6 @@ impl Approvable<ApplyPatchRequest> for ApplyPatchRuntime {
match policy {
AskForApproval::Never => false,
AskForApproval::Granular(granular_config) => granular_config.allows_sandbox_approval(),
AskForApproval::OnFailure => true,
AskForApproval::OnRequest => true,
AskForApproval::UnlessTrusted => true,
}
+2 -3
View File
@@ -196,7 +196,7 @@ impl ExecApprovalRequirement {
}
}
/// - Never, OnFailure: do not ask
/// - Never: do not ask
/// - OnRequest: ask unless filesystem access is unrestricted
/// - Granular: ask unless filesystem access is unrestricted, but auto-reject
/// when granular sandbox approval is disabled.
@@ -206,7 +206,7 @@ pub(crate) fn default_exec_approval_requirement(
file_system_sandbox_policy: &FileSystemSandboxPolicy,
) -> ExecApprovalRequirement {
let needs_approval = match policy {
AskForApproval::Never | AskForApproval::OnFailure => false,
AskForApproval::Never => false,
AskForApproval::OnRequest | AskForApproval::Granular(_) => {
matches!(
file_system_sandbox_policy.kind,
@@ -356,7 +356,6 @@ pub(crate) trait Approvable<Req> {
/// Decide we can request an approval for no-sandbox execution.
fn wants_no_sandbox_approval(&self, policy: AskForApproval) -> bool {
match policy {
AskForApproval::OnFailure => true,
AskForApproval::UnlessTrusted => true,
AskForApproval::Never => false,
AskForApproval::OnRequest => false,