Update guardian output schema (#17061)

## Summary - Update guardian output schema to separate risk, authorization, outcome, and rationale. - Feed guardian rationale into rejection messages. - Split the guardian policy into template and tenant-config sections. ## Validation - `cargo test -p codex-core mcp_tool_call` - `env -u CODEX_SANDBOX_NETWORK_DISABLED INSTA_UPDATE=always cargo test -p codex-core guardian::` --------- Co-authored-by: Owen Lin <owen@openai.com>
2026-04-29 00:55:38 +00:00 · 2026-04-08 15:47:29 -07:00
parent 49677ec71f
commit dcbc91fd39
45 changed files with 673 additions and 312 deletions
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
@@ -1146,16 +1146,18 @@
            }
          ]
        },
-        "riskScore": {
-          "format": "uint8",
-          "minimum": 0.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
        "status": {
          "$ref": "#/definitions/GuardianApprovalReviewStatus"
+        },
+        "userAuthorization": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/GuardianUserAuthorization"
+            },
+            {
+              "type": "null"
+            }
+          ]
        }
      },
      "required": [
@@ -1353,6 +1355,17 @@
    "GuardianRiskLevel": {
      "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
      "enum": [
+        "low",
+        "medium",
+        "high",
+        "critical"
+      ],
+      "type": "string"
+    },
+    "GuardianUserAuthorization": {
+      "description": "[UNSTABLE] Authorization level assigned by guardian approval review.",
+      "enum": [
+        "unknown",
        "low",
        "medium",
        "high"
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
@@ -8095,16 +8095,18 @@
              }
            ]
          },
-          "riskScore": {
-            "format": "uint8",
-            "minimum": 0.0,
-            "type": [
-              "integer",
-              "null"
-            ]
-          },
          "status": {
            "$ref": "#/definitions/v2/GuardianApprovalReviewStatus"
+          },
+          "userAuthorization": {
+            "anyOf": [
+              {
+                "$ref": "#/definitions/v2/GuardianUserAuthorization"
+              },
+              {
+                "type": "null"
+              }
+            ]
          }
        },
        "required": [
@@ -8302,6 +8304,17 @@
      "GuardianRiskLevel": {
        "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
        "enum": [
+          "low",
+          "medium",
+          "high",
+          "critical"
+        ],
+        "type": "string"
+      },
+      "GuardianUserAuthorization": {
+        "description": "[UNSTABLE] Authorization level assigned by guardian approval review.",
+        "enum": [
+          "unknown",
          "low",
          "medium",
          "high"
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
@@ -4854,16 +4854,18 @@
            }
          ]
        },
-        "riskScore": {
-          "format": "uint8",
-          "minimum": 0.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
        "status": {
          "$ref": "#/definitions/GuardianApprovalReviewStatus"
+        },
+        "userAuthorization": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/GuardianUserAuthorization"
+            },
+            {
+              "type": "null"
+            }
+          ]
        }
      },
      "required": [
@@ -5061,6 +5063,17 @@
    "GuardianRiskLevel": {
      "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
      "enum": [
+        "low",
+        "medium",
+        "high",
+        "critical"
+      ],
+      "type": "string"
+    },
+    "GuardianUserAuthorization": {
+      "description": "[UNSTABLE] Authorization level assigned by guardian approval review.",
+      "enum": [
+        "unknown",
        "low",
        "medium",
        "high"
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
@@ -20,16 +20,18 @@
            }
          ]
        },
-        "riskScore": {
-          "format": "uint8",
-          "minimum": 0.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
        "status": {
          "$ref": "#/definitions/GuardianApprovalReviewStatus"
+        },
+        "userAuthorization": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/GuardianUserAuthorization"
+            },
+            {
+              "type": "null"
+            }
+          ]
        }
      },
      "required": [
@@ -227,6 +229,17 @@
    "GuardianRiskLevel": {
      "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
      "enum": [
+        "low",
+        "medium",
+        "high",
+        "critical"
+      ],
+      "type": "string"
+    },
+    "GuardianUserAuthorization": {
+      "description": "[UNSTABLE] Authorization level assigned by guardian approval review.",
+      "enum": [
+        "unknown",
        "low",
        "medium",
        "high"
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
@@ -20,16 +20,18 @@
            }
          ]
        },
-        "riskScore": {
-          "format": "uint8",
-          "minimum": 0.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
        "status": {
          "$ref": "#/definitions/GuardianApprovalReviewStatus"
+        },
+        "userAuthorization": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/GuardianUserAuthorization"
+            },
+            {
+              "type": "null"
+            }
+          ]
        }
      },
      "required": [
@@ -227,6 +229,17 @@
    "GuardianRiskLevel": {
      "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
      "enum": [
+        "low",
+        "medium",
+        "high",
+        "critical"
+      ],
+      "type": "string"
+    },
+    "GuardianUserAuthorization": {
+      "description": "[UNSTABLE] Authorization level assigned by guardian approval review.",
+      "enum": [
+        "unknown",
        "low",
        "medium",
        "high"
--- a/codex-rs/app-server-protocol/schema/typescript/v2/GuardianApprovalReview.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/GuardianApprovalReview.ts
@@ -3,10 +3,11 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { GuardianApprovalReviewStatus } from "./GuardianApprovalReviewStatus";
 import type { GuardianRiskLevel } from "./GuardianRiskLevel";
+import type { GuardianUserAuthorization } from "./GuardianUserAuthorization";

 /**
 * [UNSTABLE] Temporary guardian approval review payload used by
 * `item/autoApprovalReview/*` notifications. This shape is expected to change
 * soon.
 */
-export type GuardianApprovalReview = { status: GuardianApprovalReviewStatus, riskScore: number | null, riskLevel: GuardianRiskLevel | null, rationale: string | null, };
+export type GuardianApprovalReview = { status: GuardianApprovalReviewStatus, riskLevel: GuardianRiskLevel | null, userAuthorization: GuardianUserAuthorization | null, rationale: string | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/GuardianRiskLevel.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/GuardianRiskLevel.ts
@@ -5,4 +5,4 @@
 /**
 * [UNSTABLE] Risk level assigned by guardian approval review.
 */
-export type GuardianRiskLevel = "low" | "medium" | "high";
+export type GuardianRiskLevel = "low" | "medium" | "high" | "critical";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/GuardianUserAuthorization.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/GuardianUserAuthorization.ts
@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * [UNSTABLE] Authorization level assigned by guardian approval review.
+ */
+export type GuardianUserAuthorization = "unknown" | "low" | "medium" | "high";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
@@ -127,6 +127,7 @@ export type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
 export type { GuardianApprovalReviewStatus } from "./GuardianApprovalReviewStatus";
 export type { GuardianCommandSource } from "./GuardianCommandSource";
 export type { GuardianRiskLevel } from "./GuardianRiskLevel";
+export type { GuardianUserAuthorization } from "./GuardianUserAuthorization";
 export type { HookCompletedNotification } from "./HookCompletedNotification";
 export type { HookEventName } from "./HookEventName";
 export type { HookExecutionMode } from "./HookExecutionMode";