clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-25 07:05:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

core/protocol: add structured macOS additional permissions and merge them into sandbox execution (#13499)

Browse Source 
## Summary
- Introduce strongly-typed macOS additional permissions across
protocol/core/app-server boundaries.
- Merge additional permissions into effective sandbox execution,
including macOS seatbelt profile extensions.
- Expand docs, schema/tool definitions, UI rendering, and tests for
`network`, `file_system`, and `macos` additional permissions.
This commit is contained in:
Celia Chen
2026-03-05 16:21:45 -08:00
committed by GitHub
parent 4e77ea0ec7
commit aaefee04cd
24 changed files with 1013 additions and 379 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
View File

@@ -27,38 +27,24 @@
"AdditionalMacOsPermissions": {
"properties": {
"accessibility": {
"type": [
"boolean",
"null"
]
"type": "boolean"
},
"automations": {
"anyOf": [
{
"$ref": "#/definitions/MacOsAutomationValue"
},
{
"type": "null"
}
]
"$ref": "#/definitions/MacOsAutomationPermission"
},
"calendar": {
"type": [
"boolean",
"null"
]
"type": "boolean"
},
"preferences": {
"anyOf": [
{
"$ref": "#/definitions/MacOsPreferencesValue"
},
{
"type": "null"
}
]
"$ref": "#/definitions/MacOsPreferencesPermission"
}
},
"required": [
"accessibility",
"automations",
"calendar",
"preferences"
],
"type": "object"
},
"AdditionalNetworkPermissions": {
@@ -5229,66 +5215,64 @@
"title": "JSONRPCResponse",
"type": "object"
},
"MacOsAutomationValue": {
"anyOf": [
"MacOsAutomationPermission": {
"oneOf": [
{
"type": "boolean"
"enum": [
"none",
"all"
],
"type": "string"
},
{
"items": {
"type": "string"
"additionalProperties": false,
"properties": {
"bundle_ids": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "array"
"required": [
"bundle_ids"
],
"title": "BundleIdsMacOsAutomationPermission",
"type": "object"
}
]
},
"MacOsPermissions": {
"MacOsPreferencesPermission": {
"enum": [
"none",
"read_only",
"read_write"
],
"type": "string"
},
"MacOsSeatbeltProfileExtensions": {
"properties": {
"accessibility": {
"type": [
"boolean",
"null"
]
"macos_accessibility": {
"type": "boolean"
},
"automations": {
"anyOf": [
{
"$ref": "#/definitions/MacOsAutomationValue"
},
{
"type": "null"
}
]
"macos_automation": {
"$ref": "#/definitions/MacOsAutomationPermission"
},
"calendar": {
"type": [
"boolean",
"null"
]
"macos_calendar": {
"type": "boolean"
},
"preferences": {
"anyOf": [
{
"$ref": "#/definitions/MacOsPreferencesValue"
},
{
"type": "null"
}
]
"macos_preferences": {
"$ref": "#/definitions/MacOsPreferencesPermission"
}
},
"required": [
"macos_accessibility",
"macos_automation",
"macos_calendar",
"macos_preferences"
],
"type": "object"
},
"MacOsPreferencesValue": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string"
}
]
},
"McpInvocation": {
"properties": {
"arguments": {
@@ -5670,7 +5654,7 @@
"macos": {
"anyOf": [
{
"$ref": "#/definitions/MacOsPermissions"
"$ref": "#/definitions/MacOsSeatbeltProfileExtensions"
},
{
"type": "null"