mirror of
https://github.com/openai/codex.git
synced 2026-04-25 15:15:15 +00:00
ded559680d
## Description Add requirements.toml support for `allowed_approvals_reviewers = ["user", "guardian_subagent"]`, so admins can now restrict the use of guardian mode. Note: If a user sets a reviewer that isn’t allowed by requirements.toml, config loading falls back to the first allowed reviewer and emits a startup warning. The table below describes the possible admin controls. | Admin intent | `requirements.toml` | User `config.toml` | End result | |---|---|---|---| | Leave Guardian optional | omit `allowed_approvals_reviewers` or set `["user", "guardian_subagent"]` | user chooses `approvals_reviewer = "user"` or `"guardian_subagent"` | Guardian off for `user`, on for `guardian_subagent` + `approval_policy = "on-request"` | | Force Guardian off | `allowed_approvals_reviewers = ["user"]` | any user value | Effective reviewer is `user`; Guardian off | | Force Guardian on | `allowed_approvals_reviewers = ["guardian_subagent"]` and usually `allowed_approval_policies = ["on-request"]` | any user reviewer value; user should also have `approval_policy = "on-request"` unless policy is forced | Effective reviewer is `guardian_subagent`; Guardian on when effective approval policy is `on-request` | | Allow both, but default to manual if user does nothing | `allowed_approvals_reviewers = ["user", "guardian_subagent"]` | omit `approvals_reviewer` | Effective reviewer is `user`; Guardian off | | Allow both, and user explicitly opts into Guardian | `allowed_approvals_reviewers = ["user", "guardian_subagent"]` | `approvals_reviewer = "guardian_subagent"` and `approval_policy = "on-request"` | Guardian on | | Invalid admin config | `allowed_approvals_reviewers = []` | anything | Config load error |
273 lines
6.4 KiB
JSON
273 lines
6.4 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"ApprovalsReviewer": {
|
|
"description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
|
|
"enum": [
|
|
"user",
|
|
"guardian_subagent"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"AskForApproval": {
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"untrusted",
|
|
"on-failure",
|
|
"on-request",
|
|
"never"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"granular": {
|
|
"properties": {
|
|
"mcp_elicitations": {
|
|
"type": "boolean"
|
|
},
|
|
"request_permissions": {
|
|
"default": false,
|
|
"type": "boolean"
|
|
},
|
|
"rules": {
|
|
"type": "boolean"
|
|
},
|
|
"sandbox_approval": {
|
|
"type": "boolean"
|
|
},
|
|
"skill_approval": {
|
|
"default": false,
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"required": [
|
|
"mcp_elicitations",
|
|
"rules",
|
|
"sandbox_approval"
|
|
],
|
|
"type": "object"
|
|
}
|
|
},
|
|
"required": [
|
|
"granular"
|
|
],
|
|
"title": "GranularAskForApproval",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"ConfigRequirements": {
|
|
"properties": {
|
|
"allowedApprovalPolicies": {
|
|
"items": {
|
|
"$ref": "#/definitions/AskForApproval"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedSandboxModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/SandboxMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedWebSearchModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/WebSearchMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"enforceResidency": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ResidencyRequirement"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"featureRequirements": {
|
|
"additionalProperties": {
|
|
"type": "boolean"
|
|
},
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NetworkDomainPermission": {
|
|
"enum": [
|
|
"allow",
|
|
"deny"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"NetworkRequirements": {
|
|
"properties": {
|
|
"allowLocalBinding": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUnixSockets": {
|
|
"description": "Legacy compatibility view derived from `unix_sockets`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUpstreamProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedDomains": {
|
|
"description": "Legacy compatibility view derived from `domains`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowAllUnixSockets": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowNonLoopbackProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"deniedDomains": {
|
|
"description": "Legacy compatibility view derived from `domains`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"domains": {
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/NetworkDomainPermission"
|
|
},
|
|
"description": "Canonical network permission map for `experimental_network`.",
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
},
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"httpPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"managedAllowedDomainsOnly": {
|
|
"description": "When true, only managed allowlist entries are respected while managed network enforcement is active.",
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"socksPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"unixSockets": {
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/NetworkUnixSocketPermission"
|
|
},
|
|
"description": "Canonical unix socket permission map for `experimental_network`.",
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NetworkUnixSocketPermission": {
|
|
"enum": [
|
|
"allow",
|
|
"none"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"ResidencyRequirement": {
|
|
"enum": [
|
|
"us"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"SandboxMode": {
|
|
"enum": [
|
|
"read-only",
|
|
"workspace-write",
|
|
"danger-full-access"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"WebSearchMode": {
|
|
"enum": [
|
|
"disabled",
|
|
"cached",
|
|
"live"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"requirements": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ConfigRequirements"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
],
|
|
"description": "Null if no requirements are configured (e.g. no requirements.toml/MDM entries)."
|
|
}
|
|
},
|
|
"title": "ConfigRequirementsReadResponse",
|
|
"type": "object"
|
|
} |