Allow guardian bare allow output#18797
Conversation
Co-authored-by: Codex <noreply@openai.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a04b390dbf
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| risk_level: Option<GuardianRiskLevel>, | ||
| user_authorization: Option<GuardianUserAuthorization>, | ||
| outcome: super::GuardianAssessmentOutcome, |
There was a problem hiding this comment.
The parser now accepts payloads where only outcome is present because risk_level and user_authorization are optional. That means malformed/partially formatted allow responses (e.g., missing or misspelled risk fields) are treated as valid approvals instead of parse failures, weakening the previous fail-closed behavior for malformed guardian output.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
not sure if this is a super big concern. if a field is misspelled or mangled, it changes the reported risk level, not the outcome.
This reverts commit a04b390. Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Codex <noreply@openai.com>
3 participants
Summary
Allow guardian to skip other fields and output only
{"outcome":"allow"}when the command is low risk.This change lets guardian reviews use a non-strict text format while keeping the JSON schema itself as plain user-visible schema data, so transport strictness is carried out-of-band instead of through a schema marker key.
What changed
output_schema_strictflag to model prompts and pass it intocodex-apitext formatting.{"outcome":"allow"}.Verification
cargo test -p codex-core guardian::tests::guardiancargo test -p codex-core guardian::tests::cargo test -p codex-core client_common::tests::cargo test -p codex-protocol user_input_serialization_includes_final_output_json_schemacargo test -p codex-apigit diff --checkNote:
cargo test -p codex-corewas also attempted, but this desktop environment injects ambient config/proxy state that causes unrelated config/session tests expecting pristine defaults to fail.