{ "$schema": "http://json-schema.org/draft-07/schema#", "definitions": { "AbsolutePathBuf": { "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.", "type": "string" }, "ApprovalsReviewer": { "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.", "enum": [ "user", "guardian_subagent" ], "type": "string" }, "AskForApproval": { "oneOf": [ { "enum": [ "untrusted", "on-failure", "on-request", "never" ], "type": "string" }, { "additionalProperties": false, "properties": { "granular": { "properties": { "mcp_elicitations": { "type": "boolean" }, "request_permissions": { "default": false, "type": "boolean" }, "rules": { "type": "boolean" }, "sandbox_approval": { "type": "boolean" }, "skill_approval": { "default": false, "type": "boolean" } }, "required": [ "mcp_elicitations", "rules", "sandbox_approval" ], "type": "object" } }, "required": [ "granular" ], "title": "GranularAskForApproval", "type": "object" } ] }, "NetworkAccess": { "enum": [ "restricted", "enabled" ], "type": "string" }, "PermissionPresetId": { "description": "A built-in permission-mode preset that app clients can confirm.", "enum": [ "auto", "full-access", "read-only", "guardian-approvals" ], "type": "string" }, "ReadOnlyAccess": { "oneOf": [ { "properties": { "includePlatformDefaults": { "default": true, "type": "boolean" }, "readableRoots": { "default": [], "items": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": "array" }, "type": { "enum": [ "restricted" ], "title": "RestrictedReadOnlyAccessType", "type": "string" } }, "required": [ "type" ], "title": "RestrictedReadOnlyAccess", "type": "object" }, { "properties": { "type": { "enum": [ "fullAccess" ], "title": "FullAccessReadOnlyAccessType", "type": "string" } }, "required": [ "type" ], "title": "FullAccessReadOnlyAccess", "type": "object" } ] }, "SandboxPolicy": { "oneOf": [ { "properties": { "type": { "enum": [ "dangerFullAccess" ], "title": "DangerFullAccessSandboxPolicyType", "type": "string" } }, "required": [ "type" ], "title": "DangerFullAccessSandboxPolicy", "type": "object" }, { "properties": { "access": { "allOf": [ { "$ref": "#/definitions/ReadOnlyAccess" } ], "default": { "type": "fullAccess" } }, "networkAccess": { "default": false, "type": "boolean" }, "type": { "enum": [ "readOnly" ], "title": "ReadOnlySandboxPolicyType", "type": "string" } }, "required": [ "type" ], "title": "ReadOnlySandboxPolicy", "type": "object" }, { "properties": { "networkAccess": { "allOf": [ { "$ref": "#/definitions/NetworkAccess" } ], "default": "restricted" }, "type": { "enum": [ "externalSandbox" ], "title": "ExternalSandboxSandboxPolicyType", "type": "string" } }, "required": [ "type" ], "title": "ExternalSandboxSandboxPolicy", "type": "object" }, { "properties": { "excludeSlashTmp": { "default": false, "type": "boolean" }, "excludeTmpdirEnvVar": { "default": false, "type": "boolean" }, "networkAccess": { "default": false, "type": "boolean" }, "readOnlyAccess": { "allOf": [ { "$ref": "#/definitions/ReadOnlyAccess" } ], "default": { "type": "fullAccess" } }, "type": { "enum": [ "workspaceWrite" ], "title": "WorkspaceWriteSandboxPolicyType", "type": "string" }, "writableRoots": { "default": [], "items": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": "array" } }, "required": [ "type" ], "title": "WorkspaceWriteSandboxPolicy", "type": "object" } ] } }, "description": "Request sent to app clients when a model asks to switch permission modes.\n\nCore resolves the requested preset before emitting this payload, so clients should render the provided settings and label rather than recomputing policy choices from the preset id.", "properties": { "approvalPolicy": { "$ref": "#/definitions/AskForApproval" }, "approvalsReviewer": { "$ref": "#/definitions/ApprovalsReviewer" }, "description": { "type": "string" }, "itemId": { "type": "string" }, "label": { "type": "string" }, "preset": { "$ref": "#/definitions/PermissionPresetId" }, "reason": { "type": [ "string", "null" ] }, "sandboxPolicy": { "$ref": "#/definitions/SandboxPolicy" }, "threadId": { "type": "string" }, "turnId": { "type": "string" } }, "required": [ "approvalPolicy", "approvalsReviewer", "description", "itemId", "label", "preset", "sandboxPolicy", "threadId", "turnId" ], "title": "PermissionPresetRequestApprovalParams", "type": "object" }