mirror of
https://github.com/openai/codex.git
synced 2026-04-25 07:05:38 +00:00
46142c3cb0
### Why Auto-review is the user-facing name for the approvals reviewer, but the config/API value still exposed the old `guardian_subagent` name. That made new configs and generated schemas point users at Guardian terminology even though the intended product surface is Auto-review. This PR updates the external `approvals_reviewer` value while preserving compatibility for existing configs and clients. ### What changed - Makes `auto_review` the canonical serialized value for `approvals_reviewer`. - Keeps `guardian_subagent` accepted as a legacy alias. - Keeps `user` accepted and serialized as `user`. - Updates generated config and app-server schemas so `approvals_reviewer` includes: - `user` - `auto_review` - `guardian_subagent` - Updates app-server README docs for the reviewer value. - Updates analytics and config requirements tests for the canonical auto_review value. ### Compatibility Existing configs and API payloads using: ```toml approvals_reviewer = "guardian_subagent" ``` continue to load and map to the Auto-review reviewer behavior. New serialization emits: ```toml approvals_reviewer = "auto_review" ``` This PR intentionally does not rename the [features].guardian_approval key or broad internal Guardian symbols. Those are split out for a follow-up PR to keep this migration small and avoid touching large TUI/internal surfaces. **Verification** cargo test -p codex-protocol approvals_reviewer_serializes_auto_review_and_accepts_legacy_guardian_subagent cargo test -p codex-app-server-protocol approvals_reviewer_serializes_auto_review_and_accepts_legacy_guardian_subagent
274 lines
6.5 KiB
JSON
Generated
274 lines
6.5 KiB
JSON
Generated
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"ApprovalsReviewer": {
|
|
"description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
|
|
"enum": [
|
|
"user",
|
|
"auto_review",
|
|
"guardian_subagent"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"AskForApproval": {
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"untrusted",
|
|
"on-failure",
|
|
"on-request",
|
|
"never"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"granular": {
|
|
"properties": {
|
|
"mcp_elicitations": {
|
|
"type": "boolean"
|
|
},
|
|
"request_permissions": {
|
|
"default": false,
|
|
"type": "boolean"
|
|
},
|
|
"rules": {
|
|
"type": "boolean"
|
|
},
|
|
"sandbox_approval": {
|
|
"type": "boolean"
|
|
},
|
|
"skill_approval": {
|
|
"default": false,
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"required": [
|
|
"mcp_elicitations",
|
|
"rules",
|
|
"sandbox_approval"
|
|
],
|
|
"type": "object"
|
|
}
|
|
},
|
|
"required": [
|
|
"granular"
|
|
],
|
|
"title": "GranularAskForApproval",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"ConfigRequirements": {
|
|
"properties": {
|
|
"allowedApprovalPolicies": {
|
|
"items": {
|
|
"$ref": "#/definitions/AskForApproval"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedSandboxModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/SandboxMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedWebSearchModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/WebSearchMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"enforceResidency": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ResidencyRequirement"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"featureRequirements": {
|
|
"additionalProperties": {
|
|
"type": "boolean"
|
|
},
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NetworkDomainPermission": {
|
|
"enum": [
|
|
"allow",
|
|
"deny"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"NetworkRequirements": {
|
|
"properties": {
|
|
"allowLocalBinding": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUnixSockets": {
|
|
"description": "Legacy compatibility view derived from `unix_sockets`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUpstreamProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedDomains": {
|
|
"description": "Legacy compatibility view derived from `domains`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowAllUnixSockets": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowNonLoopbackProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"deniedDomains": {
|
|
"description": "Legacy compatibility view derived from `domains`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"domains": {
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/NetworkDomainPermission"
|
|
},
|
|
"description": "Canonical network permission map for `experimental_network`.",
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
},
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"httpPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"managedAllowedDomainsOnly": {
|
|
"description": "When true, only managed allowlist entries are respected while managed network enforcement is active.",
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"socksPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"unixSockets": {
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/NetworkUnixSocketPermission"
|
|
},
|
|
"description": "Canonical unix socket permission map for `experimental_network`.",
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NetworkUnixSocketPermission": {
|
|
"enum": [
|
|
"allow",
|
|
"none"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"ResidencyRequirement": {
|
|
"enum": [
|
|
"us"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"SandboxMode": {
|
|
"enum": [
|
|
"read-only",
|
|
"workspace-write",
|
|
"danger-full-access"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"WebSearchMode": {
|
|
"enum": [
|
|
"disabled",
|
|
"cached",
|
|
"live"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"requirements": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ConfigRequirements"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
],
|
|
"description": "Null if no requirements are configured (e.g. no requirements.toml/MDM entries)."
|
|
}
|
|
},
|
|
"title": "ConfigRequirementsReadResponse",
|
|
"type": "object"
|
|
} |