diff --git a/docs/plugins/codex-harness.md b/docs/plugins/codex-harness.md index 583d69c47eb..b863cfcc633 100644 --- a/docs/plugins/codex-harness.md +++ b/docs/plugins/codex-harness.md @@ -263,7 +263,8 @@ By default, the plugin starts Codex locally with: codex app-server --listen stdio:// ``` -You can keep that default and only tune Codex native policy: +By default, OpenClaw asks Codex to request native approvals. You can tune that +policy further: ```json5 { @@ -317,7 +318,7 @@ Supported `appServer` fields: | `authToken` | unset | Bearer token for WebSocket transport. | | `headers` | `{}` | Extra WebSocket headers. | | `requestTimeoutMs` | `60000` | Timeout for app-server control-plane calls. | -| `approvalPolicy` | `"never"` | Native Codex approval policy sent to thread start/resume/turn. | +| `approvalPolicy` | `"on-request"` | Native Codex approval policy sent to thread start/resume/turn. | | `sandbox` | `"workspace-write"` | Native Codex sandbox mode sent to thread start/resume. | | `approvalsReviewer` | `"user"` | Use `"guardian_subagent"` to let Codex guardian review native approvals. | | `serviceTier` | unset | Optional Codex service tier, for example `"priority"`. | diff --git a/extensions/codex/openclaw.plugin.json b/extensions/codex/openclaw.plugin.json index 42da86b5e95..120885b67e4 100644 --- a/extensions/codex/openclaw.plugin.json +++ b/extensions/codex/openclaw.plugin.json @@ -65,7 +65,7 @@ "approvalPolicy": { "type": "string", "enum": ["never", "on-request", "on-failure", "untrusted"], - "default": "never" + "default": "on-request" }, "sandbox": { "type": "string", diff --git a/extensions/codex/src/app-server/config.test.ts b/extensions/codex/src/app-server/config.test.ts index 92900d5ea5e..0c1a8a8dae3 100644 --- a/extensions/codex/src/app-server/config.test.ts +++ b/extensions/codex/src/app-server/config.test.ts @@ -60,6 +60,21 @@ describe("Codex app-server config", () => { ).toThrow("appServer.url is required"); }); + it("defaults native Codex approvals to on-request", () => { + const runtime = resolveCodexAppServerRuntimeOptions({ + pluginConfig: {}, + env: {}, + }); + + expect(runtime).toEqual( + expect.objectContaining({ + approvalPolicy: "on-request", + sandbox: "workspace-write", + approvalsReviewer: "user", + }), + ); + }); + it("keeps runtime config keys aligned with manifest schema and UI hints", async () => { const manifest = JSON.parse( await fs.readFile(new URL("../../openclaw.plugin.json", import.meta.url), "utf8"), diff --git a/extensions/codex/src/app-server/config.ts b/extensions/codex/src/app-server/config.ts index 89bdd9f1862..d7f91448e34 100644 --- a/extensions/codex/src/app-server/config.ts +++ b/extensions/codex/src/app-server/config.ts @@ -136,7 +136,7 @@ export function resolveCodexAppServerRuntimeOptions( approvalPolicy: resolveApprovalPolicy(config.approvalPolicy) ?? resolveApprovalPolicy(env.OPENCLAW_CODEX_APP_SERVER_APPROVAL_POLICY) ?? - "never", + "on-request", sandbox: resolveSandbox(config.sandbox) ?? resolveSandbox(env.OPENCLAW_CODEX_APP_SERVER_SANDBOX) ?? diff --git a/extensions/codex/src/app-server/run-attempt.test.ts b/extensions/codex/src/app-server/run-attempt.test.ts index 5e37f5e4790..786bf7efded 100644 --- a/extensions/codex/src/app-server/run-attempt.test.ts +++ b/extensions/codex/src/app-server/run-attempt.test.ts @@ -435,7 +435,7 @@ describe("runCodexAppServerAttempt", () => { threadId: "thread-existing", model: "gpt-5.4-codex", modelProvider: "openai", - approvalPolicy: "never", + approvalPolicy: "on-request", approvalsReviewer: "user", sandbox: "workspace-write", persistExtendedHistory: true,