























@@ -512,7 +512,7 @@ describe("Codex app-server approval bridge", () => {
512512expect(mockCallGatewayTool).not.toHaveBeenCalled();
513513expect(params.onAgentEvent).not.toHaveBeenCalled();
514514});
515-it("labels permission approvals explicitly with sanitized permission detail", async () => {
515+it("labels permission approvals explicitly with permission detail", async () => {
516516const params = createParams();
517517mockCallGatewayTool
518518.mockResolvedValueOnce({ id: "plugin:approval-3", status: "accepted" })
@@ -554,7 +554,7 @@ describe("Codex app-server approval bridge", () => {
554554const [, , requestPayload] = mockCallGatewayTool.mock.calls[0] ?? [];
555555const description = (requestPayload as { description: string }).description;
556556expect(description).toContain("Network allowHosts: example.com, *.internal");
557-expect(description).toContain("File system roots: /; writePaths: ~");
557+expect(description).toContain("File system roots: /; writePaths: /home/simone");
558558expect(description).toContain(
559559"High-risk targets: wildcard hosts, private-network wildcards, filesystem root, home directory",
560560);
@@ -565,7 +565,7 @@ describe("Codex app-server approval bridge", () => {
565565);
566566});
567567568-it("keeps permission detail bounded with truncated and redacted target samples", async () => {
568+it("keeps permission detail bounded with truncated target samples", async () => {
569569const params = createParams();
570570mockCallGatewayTool
571571.mockResolvedValueOnce({ id: "plugin:approval-4", status: "accepted" })
@@ -608,12 +608,42 @@ describe("Codex app-server approval bridge", () => {
608608expect(description.length).toBeLessThanOrEqual(700);
609609expect(description).toContain("example.com");
610610expect(description).not.toContain("secret-token");
611-expect(description).not.toContain("simone");
612611expect(description).toContain("*.internal");
613612expect(description).toContain("/workspace/project");
614-expect(description).toContain("readPaths: ~/.ssh/id_rsa, /etc/hosts (+1 more)");
615-expect(description).toContain("writePaths: /tmp/output, /var/log/app (+1 more)");
616613expect(description).toContain("High-risk targets:");
614+expect(description).toContain("readPaths: /Users/simone/.ssh/id_rsa");
615+});
616+617+it("preserves Windows home paths in permission descriptions", async () => {
618+const params = createParams();
619+mockCallGatewayTool
620+.mockResolvedValueOnce({ id: "plugin:approval-windows-home", status: "accepted" })
621+.mockResolvedValueOnce({ id: "plugin:approval-windows-home", decision: "allow-once" });
622+623+await handleCodexAppServerApprovalRequest({
624+method: "item/permissions/requestApproval",
625+requestParams: {
626+threadId: "thread-1",
627+turnId: "turn-1",
628+itemId: "perm-windows-home",
629+permissions: {
630+fileSystem: {
631+roots: ["C:/Users/alice"],
632+readPaths: ["C:\\Users\\alice\\.ssh\\id_rsa", "c:/users/bob/project"],
633+},
634+},
635+},
636+paramsForRun: params,
637+threadId: "thread-1",
638+turnId: "turn-1",
639+});
640+641+const [, , requestPayload] = mockCallGatewayTool.mock.calls[0] ?? [];
642+const description = (requestPayload as { description: string }).description;
643+expect(description).toContain(
644+"File system roots: C:/Users/alice; readPaths: C:\\Users\\alice\\.ssh\\id_rsa, c:/users/bob/project",
645+);
646+expect(description).toContain("High-risk targets: home directory");
617647});
618648619649it("strips terminal and invisible controls from permission descriptions", async () => {
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。