mirror of
https://github.com/openai/codex.git
synced 2026-04-25 15:15:15 +00:00
425fff7ad6
## Why
We need a way to auto-reject specific approval prompt categories without
switching all approvals off.
The goal is to let users independently control:
- sandbox escalation approvals,
- execpolicy `prompt` rule approvals,
- MCP elicitation prompts.
## What changed
- Added a new primary approval mode in `protocol/src/protocol.rs`:
```rust
pub enum AskForApproval {
// ...
Reject(RejectConfig),
// ...
}
pub struct RejectConfig {
pub sandbox_approval: bool,
pub rules: bool,
pub mcp_elicitations: bool,
}
```
- Wired `RejectConfig` semantics through approval paths in `core`:
- `core/src/exec_policy.rs`
- rejects rule-driven prompts when `rules = true`
- rejects sandbox/escalation prompts when `sandbox_approval = true`
- preserves rule priority when both rule and sandbox prompt conditions
are present
- `core/src/tools/sandboxing.rs`
- applies `sandbox_approval` to default exec approval decisions and
sandbox-failure retry gating
- `core/src/safety.rs`
- keeps `Reject { all false }` behavior aligned with `OnRequest` for
patch safety
- rejects out-of-root patch approvals when `sandbox_approval = true`
- `core/src/mcp_connection_manager.rs`
- auto-declines MCP elicitations when `mcp_elicitations = true`
- Ensured approval policy used by MCP elicitation flow stays in sync
with constrained session policy updates.
- Updated app-server v2 conversions and generated schema/TypeScript
artifacts for the new `Reject` shape.
## Verification
Added focused unit coverage for the new behavior in:
- `core/src/exec_policy.rs`
- `core/src/tools/sandboxing.rs`
- `core/src/mcp_connection_manager.rs`
- `core/src/safety.rs`
- `core/src/tools/runtimes/apply_patch.rs`
Key cases covered include rule-vs-sandbox prompt precedence, MCP
auto-decline behavior, and patch/sandbox retry behavior under
`RejectConfig`.
204 lines
4.2 KiB
JSON
204 lines
4.2 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AskForApproval": {
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"untrusted",
|
|
"on-failure",
|
|
"on-request",
|
|
"never"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"reject": {
|
|
"properties": {
|
|
"mcp_elicitations": {
|
|
"type": "boolean"
|
|
},
|
|
"rules": {
|
|
"type": "boolean"
|
|
},
|
|
"sandbox_approval": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"required": [
|
|
"mcp_elicitations",
|
|
"rules",
|
|
"sandbox_approval"
|
|
],
|
|
"type": "object"
|
|
}
|
|
},
|
|
"required": [
|
|
"reject"
|
|
],
|
|
"title": "RejectAskForApproval",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"ConfigRequirements": {
|
|
"properties": {
|
|
"allowedApprovalPolicies": {
|
|
"items": {
|
|
"$ref": "#/definitions/AskForApproval"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedSandboxModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/SandboxMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedWebSearchModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/WebSearchMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"enforceResidency": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ResidencyRequirement"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NetworkRequirements": {
|
|
"properties": {
|
|
"allowLocalBinding": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUnixSockets": {
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUpstreamProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedDomains": {
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowNonLoopbackAdmin": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowNonLoopbackProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"deniedDomains": {
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"httpPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"socksPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"ResidencyRequirement": {
|
|
"enum": [
|
|
"us"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"SandboxMode": {
|
|
"enum": [
|
|
"read-only",
|
|
"workspace-write",
|
|
"danger-full-access"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"WebSearchMode": {
|
|
"enum": [
|
|
"disabled",
|
|
"cached",
|
|
"live"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"requirements": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ConfigRequirements"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
],
|
|
"description": "Null if no requirements are configured (e.g. no requirements.toml/MDM entries)."
|
|
}
|
|
},
|
|
"title": "ConfigRequirementsReadResponse",
|
|
"type": "object"
|
|
} |