mirror of
https://github.com/openai/codex.git
synced 2026-04-27 08:05:51 +00:00
7da6b2e850
Add initialize-time server request capabilities so app-server only sends conversational permission confirmation requests to clients that advertise support. Unsupported clients still fail closed without changing permissions, while capable clients receive the existing request/response flow for narrow grants and preset picker requests.
94 lines
2.4 KiB
JSON
94 lines
2.4 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"AdditionalFileSystemPermissions": {
|
|
"properties": {
|
|
"read": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"write": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"AdditionalNetworkPermissions": {
|
|
"properties": {
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"GrantedPermissionProfile": {
|
|
"properties": {
|
|
"fileSystem": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalFileSystemPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"network": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalNetworkPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"PermissionGrantScope": {
|
|
"enum": [
|
|
"turn",
|
|
"session"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"description": "Response from an app client after the narrow permission grant UI resolves.\n\nReturning an empty permission profile is a denial. Returning a non-empty profile grants only those permissions, and core applies them for the specified scope.",
|
|
"properties": {
|
|
"permissions": {
|
|
"$ref": "#/definitions/GrantedPermissionProfile"
|
|
},
|
|
"scope": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/PermissionGrantScope"
|
|
}
|
|
],
|
|
"default": "turn"
|
|
}
|
|
},
|
|
"required": [
|
|
"permissions"
|
|
],
|
|
"title": "PermissionsRequestApprovalResponse",
|
|
"type": "object"
|
|
} |