diff --git a/codex-rs/core/src/codex.rs b/codex-rs/core/src/codex.rs index 6cf1e8c8c..63d1b6799 100644 --- a/codex-rs/core/src/codex.rs +++ b/codex-rs/core/src/codex.rs @@ -53,6 +53,7 @@ use codex_analytics::AppInvocation; use codex_analytics::InvocationType; use codex_analytics::SubAgentThreadStartedInput; use codex_analytics::build_track_events_context; +use codex_app_server_protocol::AuthMode; use codex_app_server_protocol::McpServerElicitationRequest; use codex_app_server_protocol::McpServerElicitationRequestParams; use codex_config::types::OAuthCredentialsStoreMode; @@ -386,6 +387,13 @@ use codex_utils_absolute_path::AbsolutePathBuf; use codex_utils_readiness::Readiness; use codex_utils_readiness::ReadinessFlag; +fn image_generation_tool_auth_allowed(auth_manager: Option<&AuthManager>) -> bool { + matches!( + auth_manager.and_then(AuthManager::auth_mode), + Some(AuthMode::Chatgpt) + ) +} + /// The high-level interface to the Codex system. /// It operates as a queue pair where you send submissions and receive events. pub struct Codex { @@ -955,6 +963,9 @@ impl TurnContext { .list_models(RefreshStrategy::OnlineIfUncached) .await, features: &features, + image_generation_tool_auth_allowed: image_generation_tool_auth_allowed( + self.auth_manager.as_deref(), + ), web_search_mode: self.tools_config.web_search_mode, session_source: self.session_source.clone(), sandbox_policy: self.sandbox_policy.get(), @@ -1470,6 +1481,8 @@ impl Session { model_info.slug.as_str(), ); let session_source = session_configuration.session_source.clone(); + let image_generation_tool_auth_allowed = + image_generation_tool_auth_allowed(auth_manager.as_deref()); let auth_manager_for_context = auth_manager; let provider_for_context = provider; let session_telemetry_for_context = session_telemetry; @@ -1477,6 +1490,7 @@ impl Session { model_info: &model_info, available_models: &models_manager.try_list_models().unwrap_or_default(), features: &per_turn_config.features, + image_generation_tool_auth_allowed, web_search_mode: Some(per_turn_config.web_search_mode.value()), session_source: session_source.clone(), sandbox_policy: session_configuration.sandbox_policy.get(), @@ -5668,6 +5682,9 @@ async fn spawn_review_thread( .list_models(RefreshStrategy::OnlineIfUncached) .await, features: &review_features, + image_generation_tool_auth_allowed: image_generation_tool_auth_allowed(Some( + sess.services.auth_manager.as_ref(), + )), web_search_mode: Some(review_web_search_mode), session_source: parent_turn_context.session_source.clone(), sandbox_policy: parent_turn_context.sandbox_policy.get(), diff --git a/codex-rs/core/src/tools/spec_tests.rs b/codex-rs/core/src/tools/spec_tests.rs index 099c6dfef..a635a0f9e 100644 --- a/codex-rs/core/src/tools/spec_tests.rs +++ b/codex-rs/core/src/tools/spec_tests.rs @@ -231,6 +231,7 @@ fn model_provided_unified_exec_is_blocked_for_windows_sandboxed_policies() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::new_workspace_write_policy(), @@ -256,6 +257,7 @@ fn get_memory_requires_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -287,6 +289,7 @@ fn assert_model_tools( model_info: &model_info, available_models: &available_models, features, + image_generation_tool_auth_allowed: true, web_search_mode, session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -549,6 +552,7 @@ fn test_build_specs_default_shell_present() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -583,6 +587,7 @@ fn shell_zsh_fork_prefers_shell_command_over_unified_exec() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -693,6 +698,7 @@ fn tool_suggest_requires_apps_and_plugins_features() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -728,6 +734,7 @@ fn search_tool_description_handles_no_enabled_apps() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -761,6 +768,7 @@ fn search_tool_description_falls_back_to_connector_name_without_description() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -811,6 +819,7 @@ fn search_tool_registers_namespaced_app_tool_aliases() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -879,6 +888,7 @@ fn test_mcp_tool_property_missing_type_defaults_to_string() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -938,6 +948,7 @@ fn test_mcp_tool_preserves_integer_schema() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -996,6 +1007,7 @@ fn test_mcp_tool_array_without_items_gets_default_string_items() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1056,6 +1068,7 @@ fn test_mcp_tool_anyof_defaults_to_string() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1121,6 +1134,7 @@ fn test_get_openai_tools_mcp_tools_with_additional_properties_schema() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, diff --git a/codex-rs/tools/src/tool_config.rs b/codex-rs/tools/src/tool_config.rs index 0c7156094..912542d9f 100644 --- a/codex-rs/tools/src/tool_config.rs +++ b/codex-rs/tools/src/tool_config.rs @@ -118,6 +118,7 @@ pub struct ToolsConfigParams<'a> { pub model_info: &'a ModelInfo, pub available_models: &'a [ModelPreset], pub features: &'a Features, + pub image_generation_tool_auth_allowed: bool, pub web_search_mode: Option, pub session_source: SessionSource, pub sandbox_policy: &'a SandboxPolicy, @@ -130,6 +131,7 @@ impl ToolsConfig { model_info, available_models, features, + image_generation_tool_auth_allowed, web_search_mode, session_source, sandbox_policy, @@ -152,8 +154,11 @@ impl ToolsConfig { && features.enabled(Feature::Apps) && features.enabled(Feature::Plugins); let include_original_image_detail = can_request_original_image_detail(features, model_info); - let include_image_gen_tool = - features.enabled(Feature::ImageGeneration) && supports_image_generation(model_info); + // API-key auth bypasses Codex backend entitlement/tool normalization, so + // callers must confirm ChatGPT auth before exposing the built-in tool. + let include_image_gen_tool = *image_generation_tool_auth_allowed + && features.enabled(Feature::ImageGeneration) + && supports_image_generation(model_info); let exec_permission_approvals_enabled = features.enabled(Feature::ExecPermissionApprovals); let request_permissions_tool_enabled = features.enabled(Feature::RequestPermissionsTool); let shell_command_backend = diff --git a/codex-rs/tools/src/tool_config_tests.rs b/codex-rs/tools/src/tool_config_tests.rs index 5f121ff02..25c78a053 100644 --- a/codex-rs/tools/src/tool_config_tests.rs +++ b/codex-rs/tools/src/tool_config_tests.rs @@ -85,6 +85,7 @@ fn shell_zsh_fork_prefers_shell_command_over_unified_exec() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -142,6 +143,7 @@ fn subagents_keep_request_user_input_mode_config_and_agent_jobs_workers_opt_in_b model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::SubAgent(SubAgentSource::Other( "agent_job:test".to_string(), @@ -161,15 +163,17 @@ fn image_generation_requires_feature_and_supported_model() { let mut unsupported_model_info = supported_model_info.clone(); unsupported_model_info.input_modalities = vec![InputModality::Text]; - let default_features = Features::with_defaults(); - let mut image_generation_features = default_features.clone(); + let mut image_generation_disabled_features = Features::with_defaults(); + image_generation_disabled_features.disable(Feature::ImageGeneration); + let mut image_generation_features = Features::with_defaults(); image_generation_features.enable(Feature::ImageGeneration); let available_models = Vec::new(); let default_tools_config = ToolsConfig::new(&ToolsConfigParams { model_info: &supported_model_info, available_models: &available_models, - features: &default_features, + features: &image_generation_disabled_features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -179,6 +183,17 @@ fn image_generation_requires_feature_and_supported_model() { model_info: &supported_model_info, available_models: &available_models, features: &image_generation_features, + image_generation_tool_auth_allowed: true, + web_search_mode: Some(WebSearchMode::Cached), + session_source: SessionSource::Cli, + sandbox_policy: &SandboxPolicy::DangerFullAccess, + windows_sandbox_level: WindowsSandboxLevel::Disabled, + }); + let auth_disallowed_tools_config = ToolsConfig::new(&ToolsConfigParams { + model_info: &supported_model_info, + available_models: &available_models, + features: &image_generation_features, + image_generation_tool_auth_allowed: false, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -188,13 +203,14 @@ fn image_generation_requires_feature_and_supported_model() { model_info: &unsupported_model_info, available_models: &available_models, features: &image_generation_features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, windows_sandbox_level: WindowsSandboxLevel::Disabled, }); - assert!(!default_tools_config.image_gen_tool); assert!(supported_tools_config.image_gen_tool); + assert!(!auth_disallowed_tools_config.image_gen_tool); assert!(!unsupported_tools_config.image_gen_tool); } diff --git a/codex-rs/tools/src/tool_registry_plan_tests.rs b/codex-rs/tools/src/tool_registry_plan_tests.rs index 6df1b9560..6532e1627 100644 --- a/codex-rs/tools/src/tool_registry_plan_tests.rs +++ b/codex-rs/tools/src/tool_registry_plan_tests.rs @@ -51,6 +51,7 @@ fn test_full_toolset_specs_for_gpt5_codex_unified_exec_web_search() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -152,6 +153,7 @@ fn test_build_specs_collab_tools_enabled() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -191,6 +193,7 @@ fn test_build_specs_multi_agent_v2_uses_task_names_and_hides_resume() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -333,6 +336,7 @@ fn test_build_specs_enable_fanout_enables_agent_jobs_and_collab_tools() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -367,6 +371,7 @@ fn view_image_tool_omits_detail_without_original_detail_feature() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -397,6 +402,7 @@ fn view_image_tool_includes_detail_with_original_detail_feature() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -434,6 +440,7 @@ fn disabled_environment_omits_environment_backed_tools() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -471,6 +478,7 @@ fn test_build_specs_agent_job_worker_tools_enabled() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::SubAgent(SubAgentSource::Other( "agent_job:test".to_string(), @@ -509,6 +517,7 @@ fn request_user_input_description_reflects_default_mode_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -531,6 +540,7 @@ fn request_user_input_description_reflects_default_mode_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -558,6 +568,7 @@ fn request_permissions_requires_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -577,6 +588,7 @@ fn request_permissions_requires_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -605,6 +617,7 @@ fn request_permissions_tool_is_independent_from_additional_permissions() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -630,6 +643,7 @@ fn js_repl_requires_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -663,6 +677,7 @@ fn js_repl_enabled_adds_tools() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -683,15 +698,17 @@ fn image_generation_tools_require_feature_and_supported_model() { let supported_model_info = model_info(); let mut unsupported_model_info = supported_model_info.clone(); unsupported_model_info.input_modalities = vec![InputModality::Text]; - let default_features = Features::with_defaults(); - let mut image_generation_features = default_features.clone(); + let mut image_generation_disabled_features = Features::with_defaults(); + image_generation_disabled_features.disable(Feature::ImageGeneration); + let mut image_generation_features = Features::with_defaults(); image_generation_features.enable(Feature::ImageGeneration); let available_models = Vec::new(); let default_tools_config = ToolsConfig::new(&ToolsConfigParams { model_info: &supported_model_info, available_models: &available_models, - features: &default_features, + features: &image_generation_disabled_features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -707,13 +724,14 @@ fn image_generation_tools_require_feature_and_supported_model() { !default_tools .iter() .any(|tool| tool.spec.name() == "image_generation"), - "image_generation should be disabled by default" + "image_generation should be disabled when the feature is disabled" ); let supported_tools_config = ToolsConfig::new(&ToolsConfigParams { model_info: &supported_model_info, available_models: &available_models, features: &image_generation_features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -739,6 +757,7 @@ fn image_generation_tools_require_feature_and_supported_model() { model_info: &unsupported_model_info, available_models: &available_models, features: &image_generation_features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -768,6 +787,7 @@ fn web_search_mode_cached_sets_external_web_access_false() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -803,6 +823,7 @@ fn web_search_mode_live_sets_external_web_access_true() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -851,6 +872,7 @@ fn web_search_config_is_forwarded_to_tool_spec() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -892,6 +914,7 @@ fn web_search_tool_type_text_and_image_sets_search_content_types() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -926,6 +949,7 @@ fn mcp_resource_tools_are_hidden_without_mcp_servers() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -956,6 +980,7 @@ fn mcp_resource_tools_are_included_when_mcp_servers_are_present() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -989,6 +1014,7 @@ fn test_parallel_support_flags() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1015,6 +1041,7 @@ fn test_test_model_info_includes_sync_tool() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1040,6 +1067,7 @@ fn test_build_specs_mcp_tools_converted() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Live), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1131,6 +1159,7 @@ fn test_build_specs_mcp_tools_sorted_by_name() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1178,6 +1207,7 @@ fn search_tool_description_lists_each_codex_apps_connector_once() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1266,6 +1296,7 @@ fn search_tool_requires_model_capability_and_feature_flag() { }, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1283,6 +1314,7 @@ fn search_tool_requires_model_capability_and_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1302,6 +1334,7 @@ fn search_tool_requires_model_capability_and_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1324,6 +1357,7 @@ fn tool_suggest_is_not_registered_without_feature_flag() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1364,6 +1398,7 @@ fn tool_suggest_can_be_registered_without_search_tool() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1410,6 +1445,7 @@ fn tool_suggest_description_lists_discoverable_tools() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1512,6 +1548,7 @@ fn code_mode_augments_mcp_tool_descriptions_with_namespaced_sample() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1652,6 +1689,7 @@ fn code_mode_augments_builtin_tool_descriptions_with_typed_sample() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1687,6 +1725,7 @@ fn code_mode_only_exec_description_includes_full_nested_tool_details() { model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess, @@ -1723,6 +1762,7 @@ fn code_mode_exec_description_omits_nested_tool_details_when_not_code_mode_only( model_info: &model_info, available_models: &available_models, features: &features, + image_generation_tool_auth_allowed: true, web_search_mode: Some(WebSearchMode::Cached), session_source: SessionSource::Cli, sandbox_policy: &SandboxPolicy::DangerFullAccess,