mirror of
https://github.com/openai/codex.git
synced 2026-04-25 07:05:38 +00:00
262 lines
5.9 KiB
JSON
262 lines
5.9 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"additionalProperties": false,
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"FileSystemPermissions": {
|
|
"properties": {
|
|
"read": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"write": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": "array"
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"GuardianRiskLevel": {
|
|
"enum": [
|
|
"low",
|
|
"medium",
|
|
"high",
|
|
"critical"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"GuardianUserAuthorization": {
|
|
"enum": [
|
|
"unknown",
|
|
"low",
|
|
"medium",
|
|
"high"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"NetworkPermissions": {
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NullableString": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"PermissionProfile": {
|
|
"properties": {
|
|
"file_system": {
|
|
"$ref": "#/definitions/FileSystemPermissions"
|
|
},
|
|
"network": {
|
|
"$ref": "#/definitions/NetworkPermissions"
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"PermissionRequestApprovalContext": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"additional_permissions": {
|
|
"$ref": "#/definitions/PermissionProfile"
|
|
},
|
|
"justification": {
|
|
"type": "string"
|
|
},
|
|
"sandbox_permissions": {
|
|
"$ref": "#/definitions/SandboxPermissions"
|
|
}
|
|
},
|
|
"required": [
|
|
"sandbox_permissions"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"PermissionRequestGuardianReview": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"decision": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/PermissionRequestGuardianReviewDecision"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"rationale": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"risk_level": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/GuardianRiskLevel"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"status": {
|
|
"$ref": "#/definitions/PermissionRequestGuardianReviewStatus"
|
|
},
|
|
"user_authorization": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/GuardianUserAuthorization"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"decision",
|
|
"rationale",
|
|
"risk_level",
|
|
"status",
|
|
"user_authorization"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"PermissionRequestGuardianReviewDecision": {
|
|
"enum": [
|
|
"allow",
|
|
"deny"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"PermissionRequestGuardianReviewStatus": {
|
|
"enum": [
|
|
"approved",
|
|
"denied",
|
|
"aborted",
|
|
"failed",
|
|
"timed_out"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"PermissionRequestToolInput": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"command": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"command"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"SandboxPermissions": {
|
|
"description": "Controls the per-command sandbox override requested by a shell-like tool call.",
|
|
"oneOf": [
|
|
{
|
|
"description": "Run with the turn's configured sandbox policy unchanged.",
|
|
"enum": [
|
|
"use_default"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Request to run outside the sandbox.",
|
|
"enum": [
|
|
"require_escalated"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Request to stay in the sandbox while widening permissions for this command only.",
|
|
"enum": [
|
|
"with_additional_permissions"
|
|
],
|
|
"type": "string"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"properties": {
|
|
"approval_context": {
|
|
"$ref": "#/definitions/PermissionRequestApprovalContext"
|
|
},
|
|
"cwd": {
|
|
"type": "string"
|
|
},
|
|
"guardian_review": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/PermissionRequestGuardianReview"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"hook_event_name": {
|
|
"const": "PermissionRequest",
|
|
"type": "string"
|
|
},
|
|
"model": {
|
|
"type": "string"
|
|
},
|
|
"permission_mode": {
|
|
"enum": [
|
|
"default",
|
|
"acceptEdits",
|
|
"plan",
|
|
"dontAsk",
|
|
"bypassPermissions"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"session_id": {
|
|
"type": "string"
|
|
},
|
|
"tool_input": {
|
|
"$ref": "#/definitions/PermissionRequestToolInput"
|
|
},
|
|
"tool_name": {
|
|
"const": "Bash",
|
|
"type": "string"
|
|
},
|
|
"transcript_path": {
|
|
"$ref": "#/definitions/NullableString"
|
|
},
|
|
"turn_id": {
|
|
"description": "Codex extension: expose the active turn id to internal turn-scoped hooks.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"approval_context",
|
|
"cwd",
|
|
"guardian_review",
|
|
"hook_event_name",
|
|
"model",
|
|
"permission_mode",
|
|
"session_id",
|
|
"tool_input",
|
|
"tool_name",
|
|
"transcript_path",
|
|
"turn_id"
|
|
],
|
|
"title": "permission-request.command.input",
|
|
"type": "object"
|
|
} |