mirror of
https://github.com/openai/codex.git
synced 2026-04-27 16:15:09 +00:00
7da6b2e850
Add initialize-time server request capabilities so app-server only sends conversational permission confirmation requests to clients that advertise support. Unsupported clients still fail closed without changing permissions, while capable clients receive the existing request/response flow for narrow grants and preset picker requests.
113 lines
2.7 KiB
JSON
113 lines
2.7 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"AdditionalFileSystemPermissions": {
|
|
"properties": {
|
|
"read": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"write": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"AdditionalNetworkPermissions": {
|
|
"properties": {
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"PermissionGrantScope": {
|
|
"enum": [
|
|
"turn",
|
|
"session"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"RequestPermissionProfile": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"fileSystem": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalFileSystemPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"network": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalNetworkPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
}
|
|
},
|
|
"description": "Request sent to app clients when a model asks for a narrow permission grant.\n\nThe client owns the confirmation UI and may return fewer permissions than requested. Treat `suggested_scope` as the model's requested lifetime, not as an already-approved scope.",
|
|
"properties": {
|
|
"itemId": {
|
|
"type": "string"
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/definitions/RequestPermissionProfile"
|
|
},
|
|
"reason": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"suggestedScope": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/PermissionGrantScope"
|
|
}
|
|
],
|
|
"default": "turn"
|
|
},
|
|
"threadId": {
|
|
"type": "string"
|
|
},
|
|
"turnId": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"itemId",
|
|
"permissions",
|
|
"threadId",
|
|
"turnId"
|
|
],
|
|
"title": "PermissionsRequestApprovalParams",
|
|
"type": "object"
|
|
} |