mirror of
https://github.com/openai/codex.git
synced 2026-04-25 15:15:15 +00:00
974355cfdd
Similar to what @sayan-oai did in openai/codex#8956 for `config.schema.json`, this PR updates the repo so that it includes the output of `codex app-server generate-json-schema` and `codex app-server generate-ts` and adds a test to verify it is in sync with the current code. Motivation: - This makes any schema changes introduced by a PR transparent during code review. - In particular, this should help us catch PRs that would introduce a non-backwards-compatible change to the app schema (eventually, this should also be enforced by tooling). - Once https://github.com/openai/codex/pull/10231 is in to formalize the notion of "experimental" fields, we can work on ensuring the non-experimental bits are backwards-compatible. `codex-rs/app-server-protocol/tests/schema_fixtures.rs` was added as the test and `just write-app-server-schema` can be use to generate the vendored schema files. Incidentally, when I run: ``` rg _ codex-rs/app-server-protocol/schema/typescript/v2 ``` I see a number of `snake_case` names that should be `camelCase`.
158 lines
4.7 KiB
JSON
158 lines
4.7 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"NetworkAccess": {
|
|
"description": "Represents whether outbound network access is available to the agent.",
|
|
"enum": [
|
|
"restricted",
|
|
"enabled"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"SandboxPolicy": {
|
|
"description": "Determines execution restrictions for model shell commands.",
|
|
"oneOf": [
|
|
{
|
|
"description": "No restrictions whatsoever. Use with caution.",
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"danger-full-access"
|
|
],
|
|
"title": "DangerFullAccessSandboxPolicyType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "DangerFullAccessSandboxPolicy",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Read-only access to the entire file-system.",
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"read-only"
|
|
],
|
|
"title": "ReadOnlySandboxPolicyType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "ReadOnlySandboxPolicy",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Indicates the process is already in an external sandbox. Allows full disk access while honoring the provided network setting.",
|
|
"properties": {
|
|
"network_access": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/NetworkAccess"
|
|
}
|
|
],
|
|
"default": "restricted",
|
|
"description": "Whether the external sandbox permits outbound network traffic."
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"external-sandbox"
|
|
],
|
|
"title": "ExternalSandboxSandboxPolicyType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "ExternalSandboxSandboxPolicy",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Same as `ReadOnly` but additionally grants write access to the current working directory (\"workspace\").",
|
|
"properties": {
|
|
"exclude_slash_tmp": {
|
|
"default": false,
|
|
"description": "When set to `true`, will NOT include the `/tmp` among the default writable roots on UNIX. Defaults to `false`.",
|
|
"type": "boolean"
|
|
},
|
|
"exclude_tmpdir_env_var": {
|
|
"default": false,
|
|
"description": "When set to `true`, will NOT include the per-user `TMPDIR` environment variable among the default writable roots. Defaults to `false`.",
|
|
"type": "boolean"
|
|
},
|
|
"network_access": {
|
|
"default": false,
|
|
"description": "When set to `true`, outbound network access is allowed. `false` by default.",
|
|
"type": "boolean"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"workspace-write"
|
|
],
|
|
"title": "WorkspaceWriteSandboxPolicyType",
|
|
"type": "string"
|
|
},
|
|
"writable_roots": {
|
|
"description": "Additional folders (beyond cwd and possibly TMPDIR) that should be writable from within the sandbox.",
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": "array"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "WorkspaceWriteSandboxPolicy",
|
|
"type": "object"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"properties": {
|
|
"command": {
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"cwd": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"sandboxPolicy": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/SandboxPolicy"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"timeoutMs": {
|
|
"format": "uint64",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"command"
|
|
],
|
|
"title": "ExecOneOffCommandParams",
|
|
"type": "object"
|
|
} |