Add external approval handler support

Add config-driven external approval handling in core, surface handler failures in the TUI, and share thread labels across core and TUI. Check in the macOS approval dialog helper under scripts/, document the config path, and fix handler stdin delivery by dropping the child stdin handle after writes so EOF reaches the helper promptly. Co-authored-by: Codex <noreply@openai.com>
2026-04-25 23:24:55 +00:00 · 2026-03-03 18:03:42 -08:00
parent e6773f856c
commit dbaf411b93
17 changed files with 2355 additions and 82 deletions
--- a/codex-rs/core/config.schema.json
+++ b/codex-rs/core/config.schema.json
@@ -161,6 +161,41 @@
      "description": "Tool settings for a single app.",
      "type": "object"
    },
+    "ApprovalHandlerOnError": {
+      "enum": [
+        "fallback",
+        "deny"
+      ],
+      "type": "string"
+    },
+    "ApprovalHandlerToml": {
+      "additionalProperties": false,
+      "properties": {
+        "command": {
+          "description": "Command argv used to resolve approval requests over stdin/stdout.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "on_error": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ApprovalHandlerOnError"
+            }
+          ],
+          "default": null,
+          "description": "Behavior when the handler exits non-zero, times out, or returns invalid JSON."
+        },
+        "timeout_ms": {
+          "description": "Timeout for the handler process, in milliseconds.",
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": "integer"
+        }
+      },
+      "type": "object"
+    },
    "AppsConfigToml": {
      "additionalProperties": {
        "$ref": "#/definitions/AppConfig"
@@ -1599,6 +1634,15 @@
      ],
      "description": "When `false`, disables analytics across Codex product surfaces in this machine. Defaults to `true`."
    },
+    "approval_handler": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/ApprovalHandlerToml"
+        }
+      ],
+      "default": null,
+      "description": "Optional external command to synchronously resolve approvals over stdin/stdout."
+    },
    "approval_policy": {
      "allOf": [
        {