feat: surface codex app-server approval progress

2026-05-31 03:36:07 +08:00
parent b9d3cca2e7
commit 4800352e22
12 changed files with 691 additions and 5 deletions
--- a/tests/fixtures/codex-app-server-runtime.mjs
+++ b/tests/fixtures/codex-app-server-runtime.mjs
@@ -176,6 +176,99 @@ rl.on("line", (line) => {
        },
      });
    }
+    if (process.env.BOSS_CODEX_APP_SERVER_FIXTURE_EMIT_GUARDIAN_EVENTS === "1") {
+      send({
+        id: "cmd-approval-1",
+        method: "item/commandExecution/requestApproval",
+        params: {
+          threadId: message.params?.threadId,
+          turnId: "turn-fixture",
+          itemId: "command-item-1",
+          startedAtMs: Date.now(),
+          reason: "需要确认命令执行",
+          command: "npm run build -- --token sk-secret-should-not-leak",
+          cwd: "/Users/kris/code/boss",
+        },
+      });
+      send({
+        method: "item/autoApprovalReview/started",
+        params: {
+          threadId: message.params?.threadId,
+          turnId: "turn-fixture",
+          reviewId: "review-1",
+          startedAtMs: Date.now(),
+          targetItemId: "command-item-1",
+          action: {
+            type: "command",
+            command: "npm run build -- --token sk-secret-should-not-leak",
+            cwd: "/Users/kris/code/boss",
+          },
+          review: {
+            status: "running",
+            riskLevel: "medium",
+            userAuthorization: null,
+            rationale: "contains a fake secret that must not be surfaced",
+          },
+        },
+      });
+      send({
+        method: "guardianWarning",
+        params: {
+          threadId: message.params?.threadId,
+          message: "检测到需要用户确认的命令执行。",
+        },
+      });
+      send({
+        method: "item/fileChange/patchUpdated",
+        params: {
+          threadId: message.params?.threadId,
+          turnId: "turn-fixture",
+          itemId: "file-change-item-1",
+          changes: [
+            {
+              path: "src/app/page.tsx",
+              kind: "update",
+              diff: "+ const secret = 'sk-secret-should-not-leak'",
+            },
+            {
+              path: "docs/architecture/codex_server_progress_card_cn.md",
+              kind: "add",
+              diff: "+ internal prompt should not leak",
+            },
+          ],
+        },
+      });
+      send({
+        method: "item/autoApprovalReview/completed",
+        params: {
+          threadId: message.params?.threadId,
+          turnId: "turn-fixture",
+          reviewId: "review-1",
+          startedAtMs: Date.now(),
+          completedAtMs: Date.now(),
+          targetItemId: "command-item-1",
+          decisionSource: "auto_review",
+          action: {
+            type: "command",
+            command: "npm run build -- --token sk-secret-should-not-leak",
+            cwd: "/Users/kris/code/boss",
+          },
+          review: {
+            status: "approved",
+            riskLevel: "medium",
+            userAuthorization: null,
+            rationale: "contains a fake secret that must not be surfaced",
+          },
+        },
+      });
+      send({
+        method: "serverRequest/resolved",
+        params: {
+          requestId: "cmd-approval-1",
+          threadId: message.params?.threadId,
+        },
+      });
+    }
    send({
      method: "item/agentMessage/delta",
      params: {