{ "$schema": "http://json-schema.org/draft-07/schema#", "additionalProperties": false, "definitions": { "AbsolutePathBuf": { "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.", "type": "string" }, "FileSystemPermissions": { "properties": { "read": { "items": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": "array" }, "write": { "items": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": "array" } }, "type": "object" }, "NetworkApprovalContext": { "properties": { "host": { "type": "string" }, "protocol": { "$ref": "#/definitions/NetworkApprovalProtocol" } }, "required": [ "host", "protocol" ], "type": "object" }, "NetworkApprovalProtocol": { "enum": [ "http", "https", "socks5_tcp", "socks5_udp" ], "type": "string" }, "NetworkPermissions": { "properties": { "enabled": { "type": "boolean" } }, "type": "object" }, "NullableString": { "type": [ "string", "null" ] }, "PermissionProfile": { "properties": { "file_system": { "$ref": "#/definitions/FileSystemPermissions" }, "network": { "$ref": "#/definitions/NetworkPermissions" } }, "type": "object" }, "PermissionRequestApprovalContext": { "additionalProperties": false, "properties": { "additional_permissions": { "$ref": "#/definitions/PermissionProfile" }, "approval_attempt": { "enum": [ "initial", "retry" ], "type": "string" }, "justification": { "type": "string" }, "network_approval_context": { "$ref": "#/definitions/NetworkApprovalContext" }, "retry_reason": { "type": "string" }, "sandbox_permissions": { "$ref": "#/definitions/SandboxPermissions" } }, "required": [ "approval_attempt", "sandbox_permissions" ], "type": "object" }, "PermissionRequestToolInput": { "additionalProperties": false, "properties": { "command": { "type": "string" } }, "required": [ "command" ], "type": "object" }, "SandboxPermissions": { "description": "Controls the per-command sandbox override requested by a shell-like tool call.", "oneOf": [ { "description": "Run with the turn's configured sandbox policy unchanged.", "enum": [ "use_default" ], "type": "string" }, { "description": "Request to run outside the sandbox.", "enum": [ "require_escalated" ], "type": "string" }, { "description": "Request to stay in the sandbox while widening permissions for this command only.", "enum": [ "with_additional_permissions" ], "type": "string" } ] } }, "properties": { "approval_context": { "$ref": "#/definitions/PermissionRequestApprovalContext" }, "cwd": { "type": "string" }, "hook_event_name": { "const": "PermissionRequest", "type": "string" }, "model": { "type": "string" }, "permission_mode": { "enum": [ "default", "acceptEdits", "plan", "dontAsk", "bypassPermissions" ], "type": "string" }, "session_id": { "type": "string" }, "tool_input": { "$ref": "#/definitions/PermissionRequestToolInput" }, "tool_name": { "const": "Bash", "type": "string" }, "transcript_path": { "$ref": "#/definitions/NullableString" }, "turn_id": { "description": "Codex extension: expose the active turn id to internal turn-scoped hooks.", "type": "string" } }, "required": [ "approval_context", "cwd", "hook_event_name", "model", "permission_mode", "session_id", "tool_input", "tool_name", "transcript_path", "turn_id" ], "title": "permission-request.command.input", "type": "object" }