tui: add named permission profile picker#21559
Merged
Merged
Conversation
fcoury-oai
reviewed
May 7, 2026
fcoury-oai
left a comment
fcoury-oai
left a comment
Contributor
There was a problem hiding this comment.
I found a potential issue with the help of Codex:
When I switch to a different named profile mid-session, the TUI updates correctly and /status shows the new profile.
But then the already-running session does not fully adopt that profile’s runtime state.
It seems like switching from a profile with no managed network proxy to one with profile-specific network policy leaves the live thread on the old proxy/network behavior.
So the UI says “profile B is active,” but the current session can still behave like profile A until a fresh session/thread is started.
Repro
This is the exact repro steps I used to replicate this issue.
Setup in ~/.codex/config.toml:
default_permissions = "locked-down"
[permissions.locked-down.filesystem]
":minimal" = "read"
[permissions.web-enabled.filesystem]
":minimal" = "read"
[permissions.web-enabled.filesystem.":project_roots"]
"." = "write"
[permissions.web-enabled.network]
enabled = true
allow_local_binding = true
[permissions.web-enabled.network.domains]
"example.com" = "allow"Important shape of the two profiles:
locked-downhas no network stanza at allweb-enabledenables network and adds a profile-specific allowlist forexample.com
Steps
- Start a fresh Codex TUI session with
locked-downactive. - Send one trivial prompt so there is a live session/thread.
- Run
/debug-config.
Observed after step 3:
- no
Session runtimenetwork_proxyblock is shown
- Run
/permissionsand switch toweb-enabled. - Run
/status.
Observed after step 5:
/statusshowsPermissions: Profile web-enabled (...)
- Run
/debug-configagain, in the same session.
Observed after step 6:
- still no
Session runtimenetwork_proxyblock
- In that same session, ask Codex:
Use the shell tool to run 'curl -I https://openai.com'
Observed after step 7:
- the request goes out and reaches OpenAI
- I got a real HTTP response path, ending in a Cloudflare challenge (
HTTP/2 403,cf-mitigated: challenge), which means the outbound request was not blocked by the profile-specific allowlist
Expected
After switching to web-enabled, the live session should pick up the profile’s managed network policy. Since web-enabled only allows example.com, a shell-tool request to https://openai.com should be blocked.
Actual
The UI updates to web-enabled, but the live session does not appear to gain the managed proxy/runtime state for that profile:
/statusreflects the new profile/debug-configstill shows no sessionnetwork_proxy- shell-tool network behavior still allows
openai.com
Why this looks like the bug
This matches the code path concern that mid-session /permissions updates the TUI/app config copy, but the live-session override does not carry enough data to fully apply the selected named profile’s runtime network state. It reproduces specifically when switching from a profile with no managed proxy to one that requires a managed proxy.
Collaborator
Author
|
Addressed the runtime proxy gap in b140e5f. What changed:
Local checks:
|
This was referenced May 8, 2026
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
3 times, most recently
from
b8a0eec to
653089d
Compare
viyatb-oai
changed the base branch from
main
to
codex/viyatb/profile-permissions-runtime
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
653089d to
71ea260
Compare
This was referenced May 16, 2026
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
2 times, most recently
from
e1008e8 to
35c7271
Compare
viyatb-oai
added a commit
that referenced
this pull request
May 19, 2026
## Why The `/permissions` picker needs a config-level way to distinguish legacy anonymous presets from named permission-profile mode. That signal cannot be inferred reliably in the TUI, especially for the edge case where `default_permissions = ":workspace"` is present without a `[permissions]` table. ## What changed - Expose whether the merged config is explicitly in permission-profile mode. - Expose the configured custom permission profile IDs alongside the built-in profile semantics. - Add regression coverage for profile mode detection and custom profile metadata, including the `default_permissions = ":workspace"` case. - Update the thread-manager sample config literal to match the expanded config shape. ## Stack 1. **This PR**: config metadata needed by downstream permission-profile consumers. 2. [#22931](#22931): refresh active permission profiles through runtime/session/network state. 3. [#21559](#21559): switch `/permissions` to the profile-aware TUI picker. ## Verification - `cargo check -p codex-thread-manager-sample` - `cargo test -p codex-core default_permissions_can_select_builtin_profile_without_permissions_table` - `cargo test -p codex-core permissions_profiles_allow_direct_write_roots_outside_workspace_root`
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-runtime
branch
from
6206636 to
98b8aab
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
35c7271 to
9d4d30b
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-runtime
branch
from
98b8aab to
6d4a8df
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
9d4d30b to
e1d6bf1
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
81b6cf4 to
843a29c
Compare
viyatb-oai
changed the base branch from
codex/viyatb/profile-permissions-runtime
to
codex/viyatb/tui-permission-profile-selection
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
3 times, most recently
from
7514892 to
85d1f42
Compare
viyatb-oai
force-pushed
the
codex/viyatb/tui-permission-profile-selection
branch
from
ce7ae38 to
ef21b6b
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
85d1f42 to
7cb4f6b
Compare
viyatb-oai
force-pushed
the
codex/viyatb/tui-permission-profile-selection
branch
from
ef21b6b to
8e8150c
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
7cb4f6b to
39cb064
Compare
viyatb-oai
force-pushed
the
codex/viyatb/tui-permission-profile-selection
branch
from
8e8150c to
c83b8db
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
39cb064 to
f6005e7
Compare
viyatb-oai
force-pushed
the
codex/viyatb/tui-permission-profile-selection
branch
from
c83b8db to
3ee4233
Compare
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
f6005e7 to
dd22806
Compare
viyatb-oai
added a commit
that referenced
this pull request
May 20, 2026
## Why Once a named permission profile is selected, runtime state has to keep that profile identity intact instead of collapsing back to anonymous effective permissions. The session refresh path also needs to rebuild profile-derived network proxy state so active profile switches take effect consistently. ## What changed - Preserve the active permission profile through session updates. - Rebuild profile-derived runtime/network configuration when the active profile changes. - Keep the runtime path aligned with the current session configuration APIs. - Tighten the affected tests, including the Windows delete-pending memory-file case that was intermittently tripping CI. ## Stack 1. **This PR**: runtime/session/network propagation for active permission profiles. 2. [#23708](#23708): TUI selection plumbing and guardrail flow. 3. [#21559](#21559): profile-aware `/permissions` menu and custom profile display. <img width="1296" height="906" alt="image" src="https://github.com/user-attachments/assets/077fa3a7-80cb-4925-80b1-d2395018d90a" />
viyatb-oai
added a commit
that referenced
this pull request
May 21, 2026
## Why The named-profile `/permissions` picker needs a small TUI action path that can select permission profiles without folding the menu UI and profile metadata into the same review. ## What changed - Carry permission-profile selections through the TUI app event flow. - Persist selected profiles while preserving the existing approval settings and guardrail prompts. - Keep the legacy `/permissions` picker behavior in this layer; the profile-mode menu stays in the follow-up PR. ## Stack 1. [#22931](#22931): runtime/session/network propagation for active permission profiles. 2. **This PR**: TUI selection plumbing and guardrail flow. 3. [#21559](#21559): profile-aware `/permissions` menu and custom profile display. <img width="1632" height="1186" alt="image" src="https://github.com/user-attachments/assets/69ddcd5e-b57c-468d-8c1d-246916323c15" /> ## Validation - `git diff --cached --check` before commit. - Full test run skipped at the user request while pushing the split stack.
Base automatically changed from
codex/viyatb/tui-permission-profile-selection
to
main
May 21, 2026 15:26
fcoury-oai
approved these changes
May 21, 2026
fcoury-oai
left a comment
fcoury-oai
left a comment
Contributor
There was a problem hiding this comment.
Smoke tested the happy path locally in profile mode with a temp CODEX_HOME/config.toml using default_permissions plus custom profiles.
Verified /permissions showed the profile-aware picker with friendly built-in labels and custom profile descriptions, selecting a custom profile emitted the expected “Permissions updated to …” message and became current on reopen, and switching back to Default preserved the friendly built-in label/current state.
Code looks good as well, approved. 👍
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
dd22806 to
5df6769
Compare
Co-authored-by: Codex noreply@openai.com
Co-authored-by: Codex noreply@openai.com
Co-authored-by: Codex noreply@openai.com
Co-authored-by: Codex noreply@openai.com
viyatb-oai
force-pushed
the
codex/viyatb/profile-permissions-picker
branch
from
5df6769 to
e7e0e56
Compare
bolinfest
approved these changes
May 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Users who opt into named permission profiles through
default_permissionsor[permissions.*]should stay in named-profile semantics when they open/permissions. The legacy picker rewrites those users into anonymous preset state, which loses the active profile identity and hides custom configured profiles.What changed
/permissionsto a profile-aware picker when profile mode is active.:profile syntax.Stack
/permissionsmenu and custom profile display.UX impact
In profile mode,
/permissionsshows the same human-facing built-ins users already know:Selecting
locked-downkeepsactive_permission_profile = Some("locked-down"); selecting a built-in keeps the friendly label while switching to its named built-in profile.Screenshots
Live
$test-tuismoke screenshots uploaded through GitHub attachments:Profile mode with built-ins and custom profiles
Legacy mode remains anonymous preset picker
Validation
git diff --cached --checkbefore commit.