[6/8] Add high-level Python SDK approval mode#21910
[6/8] Add high-level Python SDK approval mode#21910aibrahim-oai wants to merge 9 commits intocodex/python-sdk-package-renamefrom
Conversation
Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
Expose approval_mode with deny_all and auto_review options on the high-level Python SDK, and map those choices to generated app-server approval params internally. Update examples, docs, notebooks, and public API tests to use the new mode instead of raw generated approval fields. Co-authored-by: Codex <noreply@openai.com>
aibrahim-oai
changed the title
Cover the exact public ApprovalMode values and ensure unsupported modes fail before sync or async high-level APIs can issue client requests. Co-authored-by: Codex <noreply@openai.com>
Default high-level thread and turn starts to auto-review, keep deny_all as the explicit opt-out, and remove the generated AskForApproval alias customization. Co-authored-by: Codex <noreply@openai.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bfd11aa1fc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| *, | ||
| approval_policy: AskForApproval | None = None, | ||
| approvals_reviewer: ApprovalsReviewer | None = None, | ||
| approval_mode: ApprovalMode = ApprovalMode.auto_review, |
There was a problem hiding this comment.
A caller can opt out via codex.thread_start(approval_mode=ApprovalMode.deny_all), but the returned Thread does not retain that choice. The common thread.run(...) path defaults back to auto_review and sends a turn-level override, so the first turn re-enables auto approvals instead of denying escalations. The async wrapper has the same default.
Useful? React with 👍 / 👎.
Use an explicit match over ApprovalMode values while keeping a separate runtime validation error for non-enum inputs. Co-authored-by: Codex <noreply@openai.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 934eda61c3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| *, | ||
| approval_policy: AskForApproval | None = None, | ||
| approvals_reviewer: ApprovalsReviewer | None = None, | ||
| approval_mode: ApprovalMode = ApprovalMode.auto_review, |
There was a problem hiding this comment.
A resume with no approval argument should leave the thread's stored approval settings alone, but this default is immediately converted into approvalPolicy: on-request/approvalsReviewer: auto_review. Resuming a thread that was created with deny_all (or never outside this wrapper) silently re-enables escalated approvals. Use a sentinel/None default and only serialize an override when the caller opts in.
Useful? React with 👍 / 👎.
| *, | ||
| approval_policy: AskForApproval | None = None, | ||
| approvals_reviewer: ApprovalsReviewer | None = None, | ||
| approval_mode: ApprovalMode = ApprovalMode.auto_review, |
There was a problem hiding this comment.
A resume with no approval argument should leave the thread's stored approval settings alone, but this default is immediately converted into approvalPolicy: on-request/approvalsReviewer: auto_review. Resuming a thread that was created with deny_all silently re-enables escalated approvals. Use a sentinel/None default and only serialize an override when the caller opts in.
Useful? React with 👍 / 👎.
| *, | ||
| approval_policy: AskForApproval | None = None, | ||
| approvals_reviewer: ApprovalsReviewer | None = None, | ||
| approval_mode: ApprovalMode = ApprovalMode.auto_review, |
There was a problem hiding this comment.
Fork params describe approval fields as optional overrides for the forked thread. Because the wrapper default always serializes auto-review, forking a deny_all thread without an explicit argument changes the fork to on-request/auto_review instead of inheriting the source thread's approval behavior. This can unexpectedly re-enable escalations in the fork.
Useful? React with 👍 / 👎.
| *, | ||
| approval_policy: AskForApproval | None = None, | ||
| approvals_reviewer: ApprovalsReviewer | None = None, | ||
| approval_mode: ApprovalMode = ApprovalMode.auto_review, |
There was a problem hiding this comment.
Fresh evidence distinct from the earlier start-thread case: TurnStartParams.approval_policy is documented as applying to this turn and subsequent turns, but every later turn() call with the default serializes auto-review and overwrites a previous approval_mode=deny_all. A caller who denies escalations for one turn loses that protection on the next omitted-arg turn.
Useful? React with 👍 / 👎.
Replace fake sync and async client approval tests with direct serialization checks using generated TurnStartParams, while keeping existing run-path coverage for the default behavior. Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
|
@codex review this |
Co-authored-by: Codex <noreply@openai.com>
aibrahim-oai
changed the title
aibrahim-oai
changed the title
1 participant
Why
The high-level SDK should expose the approval behavior it actually supports instead of leaking generated app-server routing fields. New work should have two clear choices: default auto review, or explicitly deny escalated permission requests. Existing threads and subsequent turns should preserve their current approval behavior unless the caller passes an override.
What
ApprovalModeenum withauto_reviewanddeny_all.ApprovalMode.auto_review.approval_policy/approvals_reviewerkwargs from high-level SDK wrappers.Stack
[1/8]Pin Python SDK runtime dependency[2/8]Generate Python SDK types from pinned runtime[3/8]Run Python SDK tests in CI[4/8]Define Python SDK public API surface[5/8]Rename Python SDK package toopenai-codex[6/8]Add high-level Python SDK approval mode[7/8]Add Python SDK app-server integration harness[8/8]Add Python SDK Ruff formattingVerification