Codex Handbook
utils/approval-presets/src/lib.rs 77 lines
use codex_protocol::models::ActivePermissionProfile;use codex_protocol::models::BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS;use codex_protocol::models::BUILT_IN_PERMISSION_PROFILE_READ_ONLY;use codex_protocol::models::BUILT_IN_PERMISSION_PROFILE_WORKSPACE;use codex_protocol::models::PermissionProfile;use codex_protocol::protocol::AskForApproval;/// A simple preset pairing an approval policy with a permission profile.#[derive(Debug, Clone)]pub struct ApprovalPreset {    /// Stable identifier for the preset.    pub id: &'static str,    /// Display label shown in UIs.    pub label: &'static str,    /// Short human description shown next to the label in UIs.    pub description: &'static str,    /// Approval policy to apply.    pub approval: AskForApproval,    /// Built-in permission profile selected by this preset.    pub active_permission_profile: ActivePermissionProfile,    /// Permission profile to apply.    pub permission_profile: PermissionProfile,}/// Built-in list of approval presets that pair approval and permissions.////// Keep this UI-agnostic so it can be reused by both TUI and MCP server.pub fn builtin_approval_presets() -> Vec<ApprovalPreset> {    vec![        ApprovalPreset {            id: "read-only",            label: "Read Only",            description: "Codex can read files in the current workspace. Approval is required to edit files or access the internet.",            approval: AskForApproval::OnRequest,            active_permission_profile: ActivePermissionProfile::new(                BUILT_IN_PERMISSION_PROFILE_READ_ONLY,            ),            permission_profile: PermissionProfile::read_only(),        },        ApprovalPreset {            id: "auto",            label: "Default",            description: "Codex can read and edit files in the current workspace, and run commands. Approval is required to access the internet or edit other files. (Identical to Agent mode)",            approval: AskForApproval::OnRequest,            active_permission_profile: ActivePermissionProfile::new(                BUILT_IN_PERMISSION_PROFILE_WORKSPACE,            ),            permission_profile: PermissionProfile::workspace_write(),        },        ApprovalPreset {            id: "full-access",            label: "Full Access",            description: "Codex can edit files outside this workspace and access the internet without asking for approval. Exercise caution when using.",            approval: AskForApproval::Never,            active_permission_profile: ActivePermissionProfile::new(                BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS,            ),            permission_profile: PermissionProfile::Disabled,        },    ]}/// Return the concrete profile for one of the built-in active profile ids.pub fn builtin_permission_profile_for_active_permission_profile(    active_permission_profile: &ActivePermissionProfile,) -> Option<PermissionProfile> {    if active_permission_profile.extends.is_some() {        return None;    }    match active_permission_profile.id.as_str() {        BUILT_IN_PERMISSION_PROFILE_READ_ONLY => Some(PermissionProfile::read_only()),        BUILT_IN_PERMISSION_PROFILE_WORKSPACE => Some(PermissionProfile::workspace_write()),        BUILT_IN_PERMISSION_PROFILE_DANGER_FULL_ACCESS => Some(PermissionProfile::Disabled),        _ => None,    }}