e8afaed502
## Summary Simplify network approvals by removing per-attempt proxy correlation and moving to session-level approval dedupe keyed by (host, protocol, port). Instead of encoding attempt IDs into proxy credentials/URLs, we now treat approvals as a destination policy decision. - Concurrent calls to the same destination share one approval prompt. - Different destinations (or same host on different ports) get separate prompts. - Allow once approves the current queued request group only. - Allow for session caches that (host, protocol, port) and auto-allows future matching requests. - Never policy continues to deny without prompting. Example: - 3 calls: - a.com (line 443) - b.com (line 443) - a.com (line 443) => 2 prompts total (a, b), second a waits on the first decision. - a.com:80 is treated separately from a.com line 443 ## Testing - `just fmt` (in `codex-rs`) - `cargo test -p codex-core tools::network_approval::tests` - `cargo test -p codex-core` (unit tests pass; existing integration-suite failures remain in this environment)
216 lines
No EOL
4.8 KiB
JSON
216 lines
No EOL
4.8 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"CommandAction": {
|
|
"oneOf": [
|
|
{
|
|
"properties": {
|
|
"command": {
|
|
"type": "string"
|
|
},
|
|
"name": {
|
|
"type": "string"
|
|
},
|
|
"path": {
|
|
"type": "string"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"read"
|
|
],
|
|
"title": "ReadCommandActionType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"command",
|
|
"name",
|
|
"path",
|
|
"type"
|
|
],
|
|
"title": "ReadCommandAction",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"command": {
|
|
"type": "string"
|
|
},
|
|
"path": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"listFiles"
|
|
],
|
|
"title": "ListFilesCommandActionType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"command",
|
|
"type"
|
|
],
|
|
"title": "ListFilesCommandAction",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"command": {
|
|
"type": "string"
|
|
},
|
|
"path": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"query": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"search"
|
|
],
|
|
"title": "SearchCommandActionType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"command",
|
|
"type"
|
|
],
|
|
"title": "SearchCommandAction",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"command": {
|
|
"type": "string"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"unknown"
|
|
],
|
|
"title": "UnknownCommandActionType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"command",
|
|
"type"
|
|
],
|
|
"title": "UnknownCommandAction",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"NetworkApprovalContext": {
|
|
"properties": {
|
|
"host": {
|
|
"type": "string"
|
|
},
|
|
"protocol": {
|
|
"$ref": "#/definitions/NetworkApprovalProtocol"
|
|
}
|
|
},
|
|
"required": [
|
|
"host",
|
|
"protocol"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"NetworkApprovalProtocol": {
|
|
"enum": [
|
|
"http",
|
|
"https",
|
|
"socks5Tcp",
|
|
"socks5Udp"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"approvalId": {
|
|
"description": "Unique identifier for this specific approval callback.\n\nFor regular shell/unified_exec approvals, this is null.\n\nFor zsh-exec-bridge subcommand approvals, multiple callbacks can belong to one parent `itemId`, so `approvalId` is a distinct opaque callback id (a UUID) used to disambiguate routing.",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"command": {
|
|
"description": "The command to be executed.",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"commandActions": {
|
|
"description": "Best-effort parsed command actions for friendly display.",
|
|
"items": {
|
|
"$ref": "#/definitions/CommandAction"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"cwd": {
|
|
"description": "The command's working directory.",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"itemId": {
|
|
"type": "string"
|
|
},
|
|
"networkApprovalContext": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/NetworkApprovalContext"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
],
|
|
"description": "Optional context for managed-network approval prompts."
|
|
},
|
|
"proposedExecpolicyAmendment": {
|
|
"description": "Optional proposed execpolicy amendment to allow similar commands without prompting.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"reason": {
|
|
"description": "Optional explanatory reason (e.g. request for network access).",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"threadId": {
|
|
"type": "string"
|
|
},
|
|
"turnId": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"itemId",
|
|
"threadId",
|
|
"turnId"
|
|
],
|
|
"title": "CommandExecutionRequestApprovalParams",
|
|
"type": "object"
|
|
} |