Skip to content

fix(approvals): skip needs_approval_checker when status resolved in _collect_runs_by_approval#3259

Draft
adityasingh2400 wants to merge 2 commits into
openai:mainfrom
adityasingh2400:fix/tp2-audit
Draft

fix(approvals): skip needs_approval_checker when status resolved in _collect_runs_by_approval#3259
adityasingh2400 wants to merge 2 commits into
openai:mainfrom
adityasingh2400:fix/tp2-audit

Conversation

@adityasingh2400
Copy link
Copy Markdown
Contributor

@adityasingh2400 adityasingh2400 commented May 8, 2026

Summary

Mirrors #3229 for non-function tools (shell, apply_patch, custom). _collect_runs_by_approval invokes the user-supplied needs_approval_checker even when approval_status is already True or False. The checker may have side effects (telemetry, network) and a non-UserError exception is silently swallowed; a UserError would short-circuit an already-approved call.

The parallel function _select_function_tool_runs_for_resume was fixed in #3229 with the same reasoning.

Fix

Move the approval_status is True early-return above the checker invocation so explicit approve/reject decisions short-circuit cleanly. Rejected (is False) was already short-circuited.

Test plan

  • New test test_collect_runs_by_approval_skips_checker_when_status_resolved confirms the checker is not invoked for approved/rejected shell calls.
  • Test fails on main, passes with the fix.
  • Existing tests/test_hitl_error_scenarios.py (51 tests) and related HITL/approval suites pass.

@github-actions github-actions Bot added bug Something isn't working feature:core labels May 8, 2026
@seratch
Copy link
Copy Markdown
Member

seratch commented May 8, 2026

@codex review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 8, 2026

Codex Review: Didn't find any major issues. Keep them coming!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@seratch seratch marked this pull request as draft May 8, 2026 17:48
@adityasingh2400
fix(approvals): skip needs_approval_checker when status resolved in _…
89f6c14 
…collect_runs_by_approval

Mirrors openai#3229 for non-function tools. When approval_status is already True
or False, _collect_runs_by_approval still invokes the user-supplied
needs_approval_checker before deciding. The checker may have side effects
(telemetry, network) and a non-UserError exception is swallowed; a UserError
would short-circuit even an already-approved call.

Move the approval_status is True check above the checker invocation so
explicit approve/reject decisions short-circuit cleanly.
@adityasingh2400
fix(run): satisfy typecheck on tool_planning short-circuit
da0d210
@seratch seratch removed the bug Something isn't working label May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature:core

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adityasingh2400 @seratch