agcodex_common/
approval_presets.rs

1use agcodex_core::protocol::AskForApproval;
2use agcodex_core::protocol::SandboxPolicy;
3
4/// A simple preset pairing an approval policy with a sandbox policy.
5#[derive(Debug, Clone)]
6pub struct ApprovalPreset {
7    /// Stable identifier for the preset.
8    pub id: &'static str,
9    /// Display label shown in UIs.
10    pub label: &'static str,
11    /// Short human description shown next to the label in UIs.
12    pub description: &'static str,
13    /// Approval policy to apply.
14    pub approval: AskForApproval,
15    /// Sandbox policy to apply.
16    pub sandbox: SandboxPolicy,
17}
18
19/// Built-in list of approval presets that pair approval and sandbox policy.
20///
21/// Keep this UI-agnostic so it can be reused by both TUI and MCP server.
22pub fn builtin_approval_presets() -> Vec<ApprovalPreset> {
23    vec![
24        ApprovalPreset {
25            id: "read-only",
26            label: "Read Only",
27            description: "Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network",
28            approval: AskForApproval::OnRequest,
29            sandbox: SandboxPolicy::ReadOnly,
30        },
31        ApprovalPreset {
32            id: "auto",
33            label: "Auto",
34            description: "Codex can read files, make edits, and run commands in the workspace. Codex requires approval to work outside the workspace or access network",
35            approval: AskForApproval::OnRequest,
36            sandbox: SandboxPolicy::new_workspace_write_policy(),
37        },
38        ApprovalPreset {
39            id: "full-access",
40            label: "Full Access",
41            description: "Codex can read files, make edits, and run commands with network access, without approval. Exercise caution",
42            approval: AskForApproval::Never,
43            sandbox: SandboxPolicy::DangerFullAccess,
44        },
45    ]
46}