Skip to content

fix(core): require approval for destructive MCP tool calls#12353

Merged
fouad-openai merged 2 commits intomainfrom
dev/colby-oai/codex-update-mcp-annotation-approval-policy
Feb 20, 2026
Merged

fix(core): require approval for destructive MCP tool calls#12353
fouad-openai merged 2 commits intomainfrom
dev/colby-oai/codex-update-mcp-annotation-approval-policy

Conversation

@colby-oai
Copy link
Contributor

Summary

  • ensure destructive tool annotations short-circuit to require approval
  • simplify approval logic to only require read/write + open-world when destructive is false
  • update the unit test to cover the new destructive behavior

Testing

  • Not run (not requested)

@fouad-openai fouad-openai changed the title Return true for destructive MCP annotations immediately fix(core): require approval for destructive MCP tool calls Feb 20, 2026
@fouad-openai fouad-openai merged commit d3cf8bd into main Feb 20, 2026
53 of 55 checks passed
@fouad-openai fouad-openai deleted the dev/colby-oai/codex-update-mcp-annotation-approval-policy branch February 20, 2026 20:12
@github-actions github-actions bot locked and limited conversation to collaborators Feb 20, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants