clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-25 07:05:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
240de4563961347d3a488810cb2169cd3ae359aa
codex/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
Dylan Hurd 86535c9901 feat(auto-review) Handle request_permissions calls (#18393) 
## Summary
When auto-review is enabled, it should handle request_permissions tool.
We'll need to clean up the UX but I'm planning to do that in a separate
pass

## Testing
- [x] Ran locally
<img width="893" height="396" alt="Screenshot 2026-04-17 at 1 16 13 PM"
src="https://github.com/user-attachments/assets/4c045c5f-1138-4c6c-ac6e-2cb6be4514d8"
/>

---------

Co-authored-by: Codex <noreply@openai.com>
2026-04-20 21:48:57 -07:00

613 lines
15 KiB
JSON
Generated
Raw Blame History

{
"$schema": "http://json-schema.org/draft-07/schema#",
"definitions": {
"AbsolutePathBuf": {
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
"type": "string"
},
"AdditionalFileSystemPermissions": {
"properties": {
"entries": {
"items": {
"$ref": "#/definitions/FileSystemSandboxEntry"
},
"type": [
"array",
"null"
]
},
"globScanMaxDepth": {
"format": "uint",
"minimum": 1.0,
"type": [
"integer",
"null"
]
},
"read": {
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": [
"array",
"null"
]
},
"write": {
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": [
"array",
"null"
]
}
},
"type": "object"
},
"AdditionalNetworkPermissions": {
"properties": {
"enabled": {
"type": [
"boolean",
"null"
]
}
},
"type": "object"
},
"FileSystemAccessMode": {
"enum": [
"read",
"write",
"none"
],
"type": "string"
},
"FileSystemPath": {
"oneOf": [
{
"properties": {
"path": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": {
"enum": [
"path"
],
"title": "PathFileSystemPathType",
"type": "string"
}
},
"required": [
"path",
"type"
],
"title": "PathFileSystemPath",
"type": "object"
},
{
"properties": {
"pattern": {
"type": "string"
},
"type": {
"enum": [
"glob_pattern"
],
"title": "GlobPatternFileSystemPathType",
"type": "string"
}
},
"required": [
"pattern",
"type"
],
"title": "GlobPatternFileSystemPath",
"type": "object"
},
{
"properties": {
"type": {
"enum": [
"special"
],
"title": "SpecialFileSystemPathType",
"type": "string"
},
"value": {
"$ref": "#/definitions/FileSystemSpecialPath"
}
},
"required": [
"type",
"value"
],
"title": "SpecialFileSystemPath",
"type": "object"
}
]
},
"FileSystemSandboxEntry": {
"properties": {
"access": {
"$ref": "#/definitions/FileSystemAccessMode"
},
"path": {
"$ref": "#/definitions/FileSystemPath"
}
},
"required": [
"access",
"path"
],
"type": "object"
},
"FileSystemSpecialPath": {
"oneOf": [
{
"properties": {
"kind": {
"enum": [
"root"
],
"type": "string"
}
},
"required": [
"kind"
],
"title": "RootFileSystemSpecialPath",
"type": "object"
},
{
"properties": {
"kind": {
"enum": [
"minimal"
],
"type": "string"
}
},
"required": [
"kind"
],
"title": "MinimalFileSystemSpecialPath",
"type": "object"
},
{
"properties": {
"kind": {
"enum": [
"current_working_directory"
],
"type": "string"
}
},
"required": [
"kind"
],
"title": "CurrentWorkingDirectoryFileSystemSpecialPath",
"type": "object"
},
{
"properties": {
"kind": {
"enum": [
"project_roots"
],
"type": "string"
},
"subpath": {
"type": [
"string",
"null"
]
}
},
"required": [
"kind"
],
"title": "KindFileSystemSpecialPath",
"type": "object"
},
{
"properties": {
"kind": {
"enum": [
"tmpdir"
],
"type": "string"
}
},
"required": [
"kind"
],
"title": "TmpdirFileSystemSpecialPath",
"type": "object"
},
{
"properties": {
"kind": {
"enum": [
"slash_tmp"
],
"type": "string"
}
},
"required": [
"kind"
],
"title": "SlashTmpFileSystemSpecialPath",
"type": "object"
},
{
"properties": {
"kind": {
"enum": [
"unknown"
],
"type": "string"
},
"path": {
"type": "string"
},
"subpath": {
"type": [
"string",
"null"
]
}
},
"required": [
"kind",
"path"
],
"type": "object"
}
]
},
"GuardianApprovalReview": {
"description": "[UNSTABLE] Temporary approval auto-review payload used by `item/autoApprovalReview/*` notifications. This shape is expected to change soon.",
"properties": {
"rationale": {
"type": [
"string",
"null"
]
},
"riskLevel": {
"anyOf": [
{
"$ref": "#/definitions/GuardianRiskLevel"
},
{
"type": "null"
}
]
},
"status": {
"$ref": "#/definitions/GuardianApprovalReviewStatus"
},
"userAuthorization": {
"anyOf": [
{
"$ref": "#/definitions/GuardianUserAuthorization"
},
{
"type": "null"
}
]
}
},
"required": [
"status"
],
"type": "object"
},
"GuardianApprovalReviewAction": {
"oneOf": [
{
"properties": {
"command": {
"type": "string"
},
"cwd": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"source": {
"$ref": "#/definitions/GuardianCommandSource"
},
"type": {
"enum": [
"command"
],
"title": "CommandGuardianApprovalReviewActionType",
"type": "string"
}
},
"required": [
"command",
"cwd",
"source",
"type"
],
"title": "CommandGuardianApprovalReviewAction",
"type": "object"
},
{
"properties": {
"argv": {
"items": {
"type": "string"
},
"type": "array"
},
"cwd": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"program": {
"type": "string"
},
"source": {
"$ref": "#/definitions/GuardianCommandSource"
},
"type": {
"enum": [
"execve"
],
"title": "ExecveGuardianApprovalReviewActionType",
"type": "string"
}
},
"required": [
"argv",
"cwd",
"program",
"source",
"type"
],
"title": "ExecveGuardianApprovalReviewAction",
"type": "object"
},
{
"properties": {
"cwd": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"files": {
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"applyPatch"
],
"title": "ApplyPatchGuardianApprovalReviewActionType",
"type": "string"
}
},
"required": [
"cwd",
"files",
"type"
],
"title": "ApplyPatchGuardianApprovalReviewAction",
"type": "object"
},
{
"properties": {
"host": {
"type": "string"
},
"port": {
"format": "uint16",
"minimum": 0.0,
"type": "integer"
},
"protocol": {
"$ref": "#/definitions/NetworkApprovalProtocol"
},
"target": {
"type": "string"
},
"type": {
"enum": [
"networkAccess"
],
"title": "NetworkAccessGuardianApprovalReviewActionType",
"type": "string"
}
},
"required": [
"host",
"port",
"protocol",
"target",
"type"
],
"title": "NetworkAccessGuardianApprovalReviewAction",
"type": "object"
},
{
"properties": {
"connectorId": {
"type": [
"string",
"null"
]
},
"connectorName": {
"type": [
"string",
"null"
]
},
"server": {
"type": "string"
},
"toolName": {
"type": "string"
},
"toolTitle": {
"type": [
"string",
"null"
]
},
"type": {
"enum": [
"mcpToolCall"
],
"title": "McpToolCallGuardianApprovalReviewActionType",
"type": "string"
}
},
"required": [
"server",
"toolName",
"type"
],
"title": "McpToolCallGuardianApprovalReviewAction",
"type": "object"
},
{
"properties": {
"permissions": {
"$ref": "#/definitions/RequestPermissionProfile"
},
"reason": {
"type": [
"string",
"null"
]
},
"type": {
"enum": [
"requestPermissions"
],
"title": "RequestPermissionsGuardianApprovalReviewActionType",
"type": "string"
}
},
"required": [
"permissions",
"type"
],
"title": "RequestPermissionsGuardianApprovalReviewAction",
"type": "object"
}
]
},
"GuardianApprovalReviewStatus": {
"description": "[UNSTABLE] Lifecycle state for an approval auto-review.",
"enum": [
"inProgress",
"approved",
"denied",
"timedOut",
"aborted"
],
"type": "string"
},
"GuardianCommandSource": {
"enum": [
"shell",
"unifiedExec"
],
"type": "string"
},
"GuardianRiskLevel": {
"description": "[UNSTABLE] Risk level assigned by approval auto-review.",
"enum": [
"low",
"medium",
"high",
"critical"
],
"type": "string"
},
"GuardianUserAuthorization": {
"description": "[UNSTABLE] Authorization level assigned by approval auto-review.",
"enum": [
"unknown",
"low",
"medium",
"high"
],
"type": "string"
},
"NetworkApprovalProtocol": {
"enum": [
"http",
"https",
"socks5Tcp",
"socks5Udp"
],
"type": "string"
},
"RequestPermissionProfile": {
"additionalProperties": false,
"properties": {
"fileSystem": {
"anyOf": [
{
"$ref": "#/definitions/AdditionalFileSystemPermissions"
},
{
"type": "null"
}
]
},
"network": {
"anyOf": [
{
"$ref": "#/definitions/AdditionalNetworkPermissions"
},
{
"type": "null"
}
]
}
},
"type": "object"
}
},
"description": "[UNSTABLE] Temporary notification payload for approval auto-review. This shape is expected to change soon.",
"properties": {
"action": {
"$ref": "#/definitions/GuardianApprovalReviewAction"
},
"review": {
"$ref": "#/definitions/GuardianApprovalReview"
},
"reviewId": {
"description": "Stable identifier for this review.",
"type": "string"
},
"targetItemId": {
"description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
"type": [
"string",
"null"
]
},
"threadId": {
"type": "string"
},
"turnId": {
"type": "string"
}
},
"required": [
"action",
"review",
"reviewId",
"threadId",
"turnId"
],
"title": "ItemGuardianApprovalReviewStartedNotification",
"type": "object"
}
Reference in New Issue View Git Blame Copy Permalink