

























@@ -554,9 +554,9 @@ describe("Codex app-server approval bridge", () => {
554554const [, , requestPayload] = mockCallGatewayTool.mock.calls[0] ?? [];
555555const description = (requestPayload as { description: string }).description;
556556expect(description).toContain("Network allowHosts: example.com, *.internal");
557-expect(description).toContain("File system roots: /; writePaths: /home/simone");
557+expect(description).toContain("File system roots: /; writePaths: ~");
558558expect(description).toContain(
559-"High-risk targets: wildcard hosts, private-network wildcards, filesystem root, home directory",
559+"High-risk targets: wildcard hosts, private-network wildcards, filesystem root",
560560);
561561expect(requestPayload).toEqual(
562562expect.objectContaining({
@@ -565,7 +565,7 @@ describe("Codex app-server approval bridge", () => {
565565);
566566});
567567568-it("keeps permission detail bounded with truncated target samples", async () => {
568+it("keeps permission detail bounded with truncated and compacted target samples", async () => {
569569const params = createParams();
570570mockCallGatewayTool
571571.mockResolvedValueOnce({ id: "plugin:approval-4", status: "accepted" })
@@ -608,13 +608,14 @@ describe("Codex app-server approval bridge", () => {
608608expect(description.length).toBeLessThanOrEqual(700);
609609expect(description).toContain("example.com");
610610expect(description).not.toContain("secret-token");
611+expect(description).not.toContain("simone");
611612expect(description).toContain("*.internal");
612613expect(description).toContain("/workspace/project");
613614expect(description).toContain("High-risk targets:");
614-expect(description).toContain("readPaths: /Users/simone/.ssh/id_rsa");
615+expect(description).toContain("readPaths: ~/.ssh/id_rsa, /etc/hosts");
615616});
616617617-it("preserves Windows home paths in permission descriptions", async () => {
618+it("compacts Windows home paths in permission descriptions", async () => {
618619const params = createParams();
619620mockCallGatewayTool
620621.mockResolvedValueOnce({ id: "plugin:approval-windows-home", status: "accepted" })
@@ -640,10 +641,8 @@ describe("Codex app-server approval bridge", () => {
640641641642const [, , requestPayload] = mockCallGatewayTool.mock.calls[0] ?? [];
642643const description = (requestPayload as { description: string }).description;
643-expect(description).toContain(
644-"File system roots: C:/Users/alice; readPaths: C:\\Users\\alice\\.ssh\\id_rsa, c:/users/bob/project",
645-);
646-expect(description).toContain("High-risk targets: home directory");
644+expect(description).toContain("File system roots: ~; readPaths: ~\\.ssh\\id_rsa, ~/project");
645+expect(description).not.toContain("High-risk targets");
647646});
648647649648it("strips terminal and invisible controls from permission descriptions", async () => {
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。