Make cloud_requirements fail close#13063
Conversation
![chatgpt-codex-connector[bot]](https://cdn.statically.io/img/avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
codex/codex-rs/app-server/src/lib.rs
Lines 417 to 421 in cb831b9
Treat cloud requirement load failures as fatal
ConfigBuilder::build() now returns an error when cloud requirements cannot be fetched, but this branch catches all build errors and silently falls back to Config::load_default_with_cli_overrides(), which uses CloudRequirementsLoader::default() (Ok(None)). In app-server, a transient cloud-requirements outage for Business/Enterprise can therefore start with no enforced constraints, contradicting fail-closed behavior.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Will support the fail-close for App afterwards |
| //! Today, fetching is best-effort: on error or timeout, Codex continues without cloud requirements. | ||
| //! We expect to tighten this so that Enterprise ChatGPT customers must successfully fetch these | ||
| //! requirements before Codex will run. | ||
| //! Fetching fails closed for eligible ChatGPT Business and Enterprise accounts. When cloud |
There was a problem hiding this comment.
Today do we check if it is a ChatGPT Business and Enterprise accounts? If not we should, if so we could change the error message to something more speicfic/meaningful, like:
"Failed to load your workspace-managed config".
There was a problem hiding this comment.
Yes, we only fetch for ChatGPT Business and Enterprise accounts
2 participants
Make it fail-close only for CLI for now
Will extend this for app-server later