mirror of
https://github.com/openai/codex.git
synced 2026-04-26 07:35:29 +00:00
f8562bd47b
## Why Permission approval responses must not be able to grant more access than the tool requested. Moving this flow to `PermissionProfile` means the comparison must be profile-shaped instead of `SandboxPolicy`-shaped, and cwd-relative special paths such as `:cwd` and `:project_roots` must stay anchored to the turn that produced the request. ## What changed This implements semantic `PermissionProfile` intersection in `codex-sandboxing` for file-system and network permissions. The intersection accepts narrower path grants, rejects broader grants, preserves deny-read carve-outs and glob scan depth, and materializes cwd-dependent special-path grants to absolute paths before they can be recorded for reuse. The request-permissions response paths now use that intersection consistently. App-server captures the request turn cwd before waiting for the client response, includes that cwd in the v2 approval params, and core stores the requested profile plus cwd for direct TUI/client responses and Guardian decisions before recording turn- or session-scoped grants. The TUI app-server bridge now preserves the app-server request cwd when converting permission approval params into core events. ## Verification - `cargo test -p codex-sandboxing intersect_permission_profiles -- --nocapture` - `cargo test -p codex-app-server request_permissions_response -- --nocapture` - `cargo test -p codex-core request_permissions_response_materializes_session_cwd_grants_before_recording -- --nocapture` - `cargo check -p codex-tui --tests` - `cargo check --tests` - `cargo test -p codex-tui app_server_request_permissions_preserves_file_system_permissions`
329 lines
7.2 KiB
JSON
Generated
329 lines
7.2 KiB
JSON
Generated
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"AdditionalFileSystemPermissions": {
|
|
"properties": {
|
|
"entries": {
|
|
"items": {
|
|
"$ref": "#/definitions/FileSystemSandboxEntry"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"globScanMaxDepth": {
|
|
"format": "uint",
|
|
"minimum": 1.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"read": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"write": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"AdditionalNetworkPermissions": {
|
|
"properties": {
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"FileSystemAccessMode": {
|
|
"enum": [
|
|
"read",
|
|
"write",
|
|
"none"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"FileSystemPath": {
|
|
"oneOf": [
|
|
{
|
|
"properties": {
|
|
"path": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"path"
|
|
],
|
|
"title": "PathFileSystemPathType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"path",
|
|
"type"
|
|
],
|
|
"title": "PathFileSystemPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"pattern": {
|
|
"type": "string"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"glob_pattern"
|
|
],
|
|
"title": "GlobPatternFileSystemPathType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"pattern",
|
|
"type"
|
|
],
|
|
"title": "GlobPatternFileSystemPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"special"
|
|
],
|
|
"title": "SpecialFileSystemPathType",
|
|
"type": "string"
|
|
},
|
|
"value": {
|
|
"$ref": "#/definitions/FileSystemSpecialPath"
|
|
}
|
|
},
|
|
"required": [
|
|
"type",
|
|
"value"
|
|
],
|
|
"title": "SpecialFileSystemPath",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"FileSystemSandboxEntry": {
|
|
"properties": {
|
|
"access": {
|
|
"$ref": "#/definitions/FileSystemAccessMode"
|
|
},
|
|
"path": {
|
|
"$ref": "#/definitions/FileSystemPath"
|
|
}
|
|
},
|
|
"required": [
|
|
"access",
|
|
"path"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"FileSystemSpecialPath": {
|
|
"oneOf": [
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"root"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"kind"
|
|
],
|
|
"title": "RootFileSystemSpecialPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"minimal"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"kind"
|
|
],
|
|
"title": "MinimalFileSystemSpecialPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"current_working_directory"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"kind"
|
|
],
|
|
"title": "CurrentWorkingDirectoryFileSystemSpecialPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"project_roots"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"subpath": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"kind"
|
|
],
|
|
"title": "KindFileSystemSpecialPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"tmpdir"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"kind"
|
|
],
|
|
"title": "TmpdirFileSystemSpecialPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"slash_tmp"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"kind"
|
|
],
|
|
"title": "SlashTmpFileSystemSpecialPath",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"kind": {
|
|
"enum": [
|
|
"unknown"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"path": {
|
|
"type": "string"
|
|
},
|
|
"subpath": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"kind",
|
|
"path"
|
|
],
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"RequestPermissionProfile": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"fileSystem": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalFileSystemPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"network": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalNetworkPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
}
|
|
},
|
|
"properties": {
|
|
"cwd": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"itemId": {
|
|
"type": "string"
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/definitions/RequestPermissionProfile"
|
|
},
|
|
"reason": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"threadId": {
|
|
"type": "string"
|
|
},
|
|
"turnId": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"cwd",
|
|
"itemId",
|
|
"permissions",
|
|
"threadId",
|
|
"turnId"
|
|
],
|
|
"title": "PermissionsRequestApprovalParams",
|
|
"type": "object"
|
|
} |