e6b93841c5
Adds a built-in `request_permissions` tool and wires it through the Codex core, protocol, and app-server layers so a running turn can ask the client for additional permissions instead of relying on a static session policy. The new flow emits a `RequestPermissions` event from core, tracks the pending request by call ID, forwards it through app-server v2 as an `item/permissions/requestApproval` request, and resumes the tool call once the client returns an approved subset of the requested permission profile.
160 lines
No EOL
3.6 KiB
JSON
160 lines
No EOL
3.6 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"AdditionalFileSystemPermissions": {
|
|
"properties": {
|
|
"read": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"write": {
|
|
"items": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"AdditionalNetworkPermissions": {
|
|
"properties": {
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"GrantedMacOsPermissions": {
|
|
"properties": {
|
|
"accessibility": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"automations": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/MacOsAutomationPermission"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"calendar": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"preferences": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/MacOsPreferencesPermission"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"GrantedPermissionProfile": {
|
|
"properties": {
|
|
"fileSystem": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalFileSystemPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"macos": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/GrantedMacOsPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"network": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/AdditionalNetworkPermissions"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"MacOsAutomationPermission": {
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"none",
|
|
"all"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"bundle_ids": {
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": "array"
|
|
}
|
|
},
|
|
"required": [
|
|
"bundle_ids"
|
|
],
|
|
"title": "BundleIdsMacOsAutomationPermission",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"MacOsPreferencesPermission": {
|
|
"enum": [
|
|
"none",
|
|
"read_only",
|
|
"read_write"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"permissions": {
|
|
"$ref": "#/definitions/GrantedPermissionProfile"
|
|
}
|
|
},
|
|
"required": [
|
|
"permissions"
|
|
],
|
|
"title": "PermissionsRequestApprovalResponse",
|
|
"type": "object"
|
|
} |