clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-03 02:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Surface skill permission profiles in zsh-fork exec approvals (#12753)

Browse Source 
## Summary

- Preserve each skill’s raw permissions block as a permission_profile on
SkillMetadata during skill loading.
- Keep compiling that same metadata into the existing runtime
Permissions object, so current enforcement
    behavior stays intact.
- When zsh-fork intercepts execution of a script that belongs to a
skill, include the skill’s
    permission_profile in the exec approval request.
- This lets approval UIs show the extra filesystem access the skill
declared when prompting for approval.
This commit is contained in:
Celia Chen
2026-02-25 01:23:10 -08:00
committed by GitHub
parent c4ec6be4ab
commit 6a3233da64
10 changed files with 137 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
codex-rs/tui/src/chatwidget/tests.rs
View File

@@ -930,6 +930,7 @@ async fn submission_prefers_selected_duplicate_skill_path() {
interface: None,
dependencies: None,
policy: None,
permission_profile: None,
permissions: None,
path_to_skills_md: repo_skill_path,
scope: SkillScope::Repo,
@@ -941,6 +942,7 @@ async fn submission_prefers_selected_duplicate_skill_path() {
interface: None,
dependencies: None,
policy: None,
permission_profile: None,
permissions: None,
path_to_skills_md: user_skill_path.clone(),
scope: SkillScope::User,