fix(persona-kit): warn and skip approvalPolicy on codex 0.1.77+

packages/persona-kit/schemas/persona.schema.json

@@ -261,7 +261,8 @@
         },
         "approvalPolicy": {
           "$ref": "#/definitions/CodexApprovalPolicy",
-          "description": "Codex CLI approval policy (`--ask-for-approval`)."
+          "deprecated": true,
+          "description": "`--ask-for-approval` was removed in codex 0.1.77+. Use `dangerouslyBypassApprovalsAndSandbox` or `sandboxMode` instead. Setting this field emits a warning and has no effect."
         },
         "workspaceWriteNetworkAccess": {
           "type": "boolean",

packages/persona-kit/src/interactive-spec.test.ts

@@ -114,17 +114,20 @@ test('codex translates sandbox harness settings to launch flags', () => {
       webSearch: true
     }
   });
+  // approvalPolicy emits a warning but no flag (--ask-for-approval was removed in codex 0.1.77+)
   assert.deepEqual(result.args, [
     '-m',
     'gpt-5.3-codex',
     '--sandbox',
     'workspace-write',
-    '--ask-for-approval',
-    'on-request',
     '-c',
     'sandbox_workspace_write.network_access=true',
     '--search'
   ]);
+  assert.ok(
+    result.warnings.some((w) => w.includes('approvalPolicy') && w.includes('not supported')),
+    'expected a deprecation warning for approvalPolicy'
+  );
 });
 
 test('codex emits the single bypass flag when dangerouslyBypassApprovalsAndSandbox is set', () => {
@@ -148,6 +151,28 @@ test('codex emits the single bypass flag when dangerouslyBypassApprovalsAndSandb
   ]);
 });
 
+test('codex warns for approvalPolicy even when dangerouslyBypassApprovalsAndSandbox is also set', () => {
+  const result = buildInteractiveSpec({
+    harness: 'codex',
+    personaId: 'test-persona',
+    model: 'openai-codex/gpt-5.3-codex',
+    systemPrompt: 'x',
+    harnessSettings: {
+      reasoning: 'high',
+      timeoutSeconds: 1200,
+      dangerouslyBypassApprovalsAndSandbox: true,
+      approvalPolicy: 'on-request',
+    }
+  });
+  // bypass flag is still emitted
+  assert.ok(result.args.includes('--dangerously-bypass-approvals-and-sandbox'));
+  // approvalPolicy warning fires even though dangerouslyBypassApprovalsAndSandbox masked it
+  assert.ok(
+    result.warnings.some((w) => w.includes('approvalPolicy') && w.includes('not supported')),
+    'expected deprecation warning for approvalPolicy even when bypass flag is set'
+  );
+});
+
 test('codex translates http mcpServers into --config mcp_servers.* args', () => {
   const result = buildInteractiveSpec({
     harness: 'codex',

packages/persona-kit/src/interactive-spec.ts

@@ -253,6 +253,17 @@ export function buildInteractiveSpec(input: BuildInteractiveSpecInput): Interact
       if (mcpServers && Object.keys(mcpServers).length > 0) {
         appendCodexMcpServerArgs(args, mcpServers, warnings);
       }
+      if (harnessSettings?.approvalPolicy) {
+        // `--ask-for-approval` was removed in codex 0.1.77+ (replaced by
+        // `--sandbox` + `--dangerously-bypass-approvals-and-sandbox`).
+        // Warn unconditionally — regardless of whether dangerouslyBypassApprovalsAndSandbox
+        // is also set — so callers are alerted even when the bypass flag masks it.
+        warnings.push(
+          `codex harnessSettings.approvalPolicy ("${harnessSettings.approvalPolicy}") is not supported in codex 0.1.77+; ` +
+            `the --ask-for-approval flag was removed. Use dangerouslyBypassApprovalsAndSandbox: true for non-interactive execution, ` +
+            `or sandboxMode for filesystem access control.`
+        );
+      }
       if (harnessSettings?.dangerouslyBypassApprovalsAndSandbox) {
         // Single combined flag — collapses "no sandbox + never ask" and
         // suppresses codex's interactive "are you sure?" startup
@@ -262,9 +273,6 @@ export function buildInteractiveSpec(input: BuildInteractiveSpecInput): Interact
         if (harnessSettings?.sandboxMode) {
           args.push('--sandbox', harnessSettings.sandboxMode);
         }
-        if (harnessSettings?.approvalPolicy) {
-          args.push('--ask-for-approval', harnessSettings.approvalPolicy);
-        }
         if (harnessSettings?.workspaceWriteNetworkAccess !== undefined) {
           args.push(
             '-c',

packages/persona-kit/src/types.ts

@@ -36,7 +36,10 @@ export interface HarnessSettings {
    * missing capability; `danger-full-access` is the fully unsandboxed fallback.
    */
   sandboxMode?: CodexSandboxMode;
-  /** Codex CLI approval policy (`--ask-for-approval`). */
+  /**
+   * @deprecated
+   * @description `--ask-for-approval` was removed in codex 0.1.77+. Use `dangerouslyBypassApprovalsAndSandbox` or `sandboxMode` instead. Setting this field emits a warning and has no effect.
+   */
   approvalPolicy?: CodexApprovalPolicy;
   /**
    * Allow outbound network access inside Codex's workspace-write sandbox