mirror of
https://github.com/openai/codex.git
synced 2026-04-25 07:05:38 +00:00
8494e5bd7b
## Why We need `PermissionRequest` hook support! Also addresses: - https://github.com/openai/codex/issues/16301 - run a script on Hook to do things like play a sound to draw attention but actually no-op so user can still approve - can omit the `decision` object from output or just have the script exit 0 and print nothing - https://github.com/openai/codex/issues/15311 - let the script approve/deny on its own - external UI what will run on Hook and relay decision back to codex ## Reviewer Note There's a lot of plumbing for the new hook, key files to review are: - New hook added in `codex-rs/hooks/src/events/permission_request.rs` - Wiring for network approvals `codex-rs/core/src/tools/network_approval.rs` - Wiring for tool orchestrator `codex-rs/core/src/tools/orchestrator.rs` - Wiring for execve `codex-rs/core/src/tools/runtimes/shell/unix_escalation.rs` ## What - Wires shell, unified exec, and network approval prompts into the `PermissionRequest` hook flow. - Lets hooks allow or deny approval prompts; quiet or invalid hooks fall back to the normal approval path. - Uses `tool_input.description` for user-facing context when it helps: - shell / `exec_command`: the request justification, when present - network approvals: `network-access <domain>` - Uses `tool_name: Bash` for shell, unified exec, and network approval permission-request hooks. - For network approvals, passes the originating command in `tool_input.command` when there is a single owning call; otherwise falls back to the synthetic `network-access ...` command. <details> <summary>Example `PermissionRequest` hook input for a shell approval</summary> ```json { "session_id": "<session-id>", "turn_id": "<turn-id>", "transcript_path": "/path/to/transcript.jsonl", "cwd": "/path/to/cwd", "hook_event_name": "PermissionRequest", "model": "gpt-5", "permission_mode": "default", "tool_name": "Bash", "tool_input": { "command": "rm -f /tmp/example" } } ``` </details> <details> <summary>Example `PermissionRequest` hook input for an escalated `exec_command` request</summary> ```json { "session_id": "<session-id>", "turn_id": "<turn-id>", "transcript_path": "/path/to/transcript.jsonl", "cwd": "/path/to/cwd", "hook_event_name": "PermissionRequest", "model": "gpt-5", "permission_mode": "default", "tool_name": "Bash", "tool_input": { "command": "cp /tmp/source.json /Users/alice/export/source.json", "description": "Need to copy a generated file outside the workspace" } } ``` </details> <details> <summary>Example `PermissionRequest` hook input for a network approval</summary> ```json { "session_id": "<session-id>", "turn_id": "<turn-id>", "transcript_path": "/path/to/transcript.jsonl", "cwd": "/path/to/cwd", "hook_event_name": "PermissionRequest", "model": "gpt-5", "permission_mode": "default", "tool_name": "Bash", "tool_input": { "command": "curl http://codex-network-test.invalid", "description": "network-access http://codex-network-test.invalid" } } ``` </details> ## Follow-ups - Implement the `PermissionRequest` semantics for `updatedInput`, `updatedPermissions`, `interrupt`, and suggestions / `permission_suggestions` - Add `PermissionRequest` support for the `request_permissions` tool path --------- Co-authored-by: Codex <noreply@openai.com>
190 lines
4.0 KiB
JSON
190 lines
4.0 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"HookEventName": {
|
|
"enum": [
|
|
"preToolUse",
|
|
"permissionRequest",
|
|
"postToolUse",
|
|
"sessionStart",
|
|
"userPromptSubmit",
|
|
"stop"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"HookExecutionMode": {
|
|
"enum": [
|
|
"sync",
|
|
"async"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"HookHandlerType": {
|
|
"enum": [
|
|
"command",
|
|
"prompt",
|
|
"agent"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"HookOutputEntry": {
|
|
"properties": {
|
|
"kind": {
|
|
"$ref": "#/definitions/HookOutputEntryKind"
|
|
},
|
|
"text": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"kind",
|
|
"text"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"HookOutputEntryKind": {
|
|
"enum": [
|
|
"warning",
|
|
"stop",
|
|
"feedback",
|
|
"context",
|
|
"error"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"HookRunStatus": {
|
|
"enum": [
|
|
"running",
|
|
"completed",
|
|
"failed",
|
|
"blocked",
|
|
"stopped"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"HookRunSummary": {
|
|
"properties": {
|
|
"completedAt": {
|
|
"format": "int64",
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"displayOrder": {
|
|
"format": "int64",
|
|
"type": "integer"
|
|
},
|
|
"durationMs": {
|
|
"format": "int64",
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"entries": {
|
|
"items": {
|
|
"$ref": "#/definitions/HookOutputEntry"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"eventName": {
|
|
"$ref": "#/definitions/HookEventName"
|
|
},
|
|
"executionMode": {
|
|
"$ref": "#/definitions/HookExecutionMode"
|
|
},
|
|
"handlerType": {
|
|
"$ref": "#/definitions/HookHandlerType"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"scope": {
|
|
"$ref": "#/definitions/HookScope"
|
|
},
|
|
"source": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/HookSource"
|
|
}
|
|
],
|
|
"default": "unknown"
|
|
},
|
|
"sourcePath": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"startedAt": {
|
|
"format": "int64",
|
|
"type": "integer"
|
|
},
|
|
"status": {
|
|
"$ref": "#/definitions/HookRunStatus"
|
|
},
|
|
"statusMessage": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"displayOrder",
|
|
"entries",
|
|
"eventName",
|
|
"executionMode",
|
|
"handlerType",
|
|
"id",
|
|
"scope",
|
|
"sourcePath",
|
|
"startedAt",
|
|
"status"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"HookScope": {
|
|
"enum": [
|
|
"thread",
|
|
"turn"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"HookSource": {
|
|
"enum": [
|
|
"system",
|
|
"user",
|
|
"project",
|
|
"mdm",
|
|
"sessionFlags",
|
|
"legacyManagedConfigFile",
|
|
"legacyManagedConfigMdm",
|
|
"unknown"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"run": {
|
|
"$ref": "#/definitions/HookRunSummary"
|
|
},
|
|
"threadId": {
|
|
"type": "string"
|
|
},
|
|
"turnId": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"run",
|
|
"threadId"
|
|
],
|
|
"title": "HookStartedNotification",
|
|
"type": "object"
|
|
} |