Add exec approval app-server support

Co-authored-by: Codex <noreply@openai.com>
2026-04-29 00:55:38 +00:00 · 2026-03-21 15:33:44 -07:00
parent c3df4c6a0a
commit 37e7b08b51
38 changed files with 735 additions and 48 deletions
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
@@ -1622,6 +1622,13 @@
          ],
          "type": "string"
        },
+        {
+          "description": "User approved the command and wants to persist the filesystem access in the active named permissions profile.",
+          "enum": [
+            "acceptAndPersist"
+          ],
+          "type": "string"
+        },
        {
          "additionalProperties": false,
          "description": "User approved the command, and wants to apply the proposed execpolicy amendment so future matching commands can run without prompting.",
@@ -1733,6 +1740,17 @@
          ],
          "description": "Optional context for a managed-network approval prompt."
        },
+        "permissionsProfilePersistence": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PermissionProfilePersistence"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Optional named permissions profile that can persist the requested filesystem access."
+        },
        "proposedExecpolicyAmendment": {
          "description": "Optional proposed execpolicy amendment to allow similar commands without prompting.",
          "items": {
@@ -3235,6 +3253,17 @@
      ],
      "type": "string"
    },
+    "PermissionProfilePersistence": {
+      "properties": {
+        "profileName": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "profileName"
+      ],
+      "type": "object"
+    },
    "PermissionsRequestApprovalParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -3244,6 +3273,16 @@
        "permissions": {
          "$ref": "#/definitions/RequestPermissionProfile"
        },
+        "permissionsProfilePersistence": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PermissionProfilePersistence"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
        "reason": {
          "type": [
            "string",
@@ -3272,6 +3311,9 @@
        "permissions": {
          "$ref": "#/definitions/GrantedPermissionProfile"
        },
+        "persistToProfile": {
+          "type": "boolean"
+        },
        "scope": {
          "allOf": [
            {
@@ -3368,6 +3410,13 @@
          ],
          "type": "string"
        },
+        {
+          "description": "User has approved this request and wants the filesystem permissions to be persisted into the active named permissions profile.",
+          "enum": [
+            "approved_persist_to_profile"
+          ],
+          "type": "string"
+        },
        {
          "additionalProperties": false,
          "description": "User chose to persist a network policy rule (allow/deny) for future requests to the same host.",