feat: add Codex permission profiles#83
Merged
galligan merged 1 commit intoJul 11, 2026
Merged
Conversation
Contributor
Author
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bc5d746459
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
galligan
added a commit
that referenced
this pull request
Jul 11, 2026
## Context The final cumulative review of the App Server 0.144 adoption stack found five cross-milestone correctness gaps that milestone-local reviews had missed, plus stale hosted review threads and closeout evidence drift. This PR repairs those gaps and keeps the adoption goal active until hosted reconciliation and clean-main proof are complete. ## What changed - Reconciles topology lifecycle from active and archived App Server pages separately, including cached transitions in both directions. - Deduplicates capacity windows by provider-limit/window identity and conservatively maps id-less pushes to a named or sole existing limit. - Makes explicit `sync --full` bypass unchanged/incremental shortcuts and rescan from byte zero. - Resolves `permissions` cwd in the CLI caller while retaining the generic authored CLI derivation path. - Moves `new` permission-profile conflicts onto `NewInput`, preserving the shared validation taxonomy across control socket, CLI, and MCP. - Records the formal amendment that replaces one brittle/costly combined scenario with the checked-in milestone scenario and isolated integration matrix. - Corrects the release audit: this goal performed no release or publish action, while independent PR #81 merged the 0.8.2 version bump during the execution window. ## Verification - `just check`: 613 passed / 17 opt-in tests deselected, Ruff, formatting, strict mypy, wheel/sdist, and package-content validation. - Focused repair/public-surface suite: 215 passed. - Migration/concurrency suite: 21 passed. - Post-repair isolated App Server proof: account/capacity, permission profiles, and persisted fork/topology all passed. - Full-stack code re-review: 5/5 clean, no open P0/P1/P2. - Full-stack surface re-review: every code/evidence finding fixed; only hosted thread reconciliation remains after this PR is submitted. ## Hosted review reconciliation This PR fixes the six still-current review threads on merged PRs #78, #79, #82, and #83. Each thread will receive a reply linking this repair, then be resolved before this PR leaves draft. ## Scope No release or package publish is included. No secrets, remote configuration, or unrelated tracker state are changed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Context
Closes DIS-46. Dispatch could compose sandbox and approval values, but it could not discover or select Codex permission profiles. That made presets capable of inventing unsupported combinations and left agents without cwd-aware available-choice guidance.
What changed
permissionProfile/listclient support and generated protocol-manifest guardspermissionsoperation projected to top-level CLI and grouped daemon-read MCPpermission_profileacross global/repo defaults, named presets, launch packets,new, fork, initial/follow-up/queued sends, and daemon resumeDISPATCH_HOMEfor every test so global config support cannot read live operator stateVerification
just check: Ruff, format, strict mypy, 575 tests passed / 16 live tests deselected, package build and contents passed:read-onlyto an isolated ephemeral thread without starting a model turndispatch permissions --jsonreturned:read-only,:workspace, and:danger-full-access, then stopped cleanlydispatch permissions --help,dispatch schema permissions, CLI/MCP parity, manifest structural assertions, migration tests, andgit diff --checkpassedRisks and compatibility
permissionsfield is experimental and guarded in the generated manifesterrorif a later provider/config no longer allows that profile