mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
8a556296f0
## Summary PR 3 of 5 in the cloud-managed config client stack. Adds enterprise-managed cloud config as a first-class config layer source. The layer metadata is preserved through config loading, diagnostics, debug output, hook attribution, and app-server protocol surfaces. ## Details - Enterprise-managed config becomes a normal config layer source with backend-supplied `id` and display `name` attached for provenance. - These layers are designed to behave like non-file managed config: they can surface syntax/type diagnostics by layer name even though there is no physical config file. - Relative path settings are resolved from a stored config base so cloud-delivered config remains consistent with existing MDM-delivered config semantics. - Hook attribution distinguishes config-delivered hooks from requirements-delivered hooks via `HookSource::CloudManagedConfig`. - This remains pull-based and snapshot-oriented; the PR adds layer identity/diagnostics, not dynamic reload behavior. ## Validation Validated through the targeted stack checks after rebasing onto current `main`: - Rust crate tests for config/hooks/cloud-config/backend-client/app-server-protocol - Filtered `codex-core` and `codex-app-server` `cloud_config_bundle` tests - Python generated-file contract test - `cargo shear --deny-warnings` - Targeted `argument-comment-lint` for config/hooks
271 lines
7.7 KiB
JSON
Generated
271 lines
7.7 KiB
JSON
Generated
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"AbsolutePathBuf": {
|
|
"description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
|
|
"type": "string"
|
|
},
|
|
"ConfigLayerMetadata": {
|
|
"properties": {
|
|
"name": {
|
|
"$ref": "#/definitions/ConfigLayerSource"
|
|
},
|
|
"version": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"name",
|
|
"version"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"ConfigLayerSource": {
|
|
"oneOf": [
|
|
{
|
|
"description": "Managed preferences layer delivered by MDM (macOS only).",
|
|
"properties": {
|
|
"domain": {
|
|
"type": "string"
|
|
},
|
|
"key": {
|
|
"type": "string"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"mdm"
|
|
],
|
|
"title": "MdmConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"domain",
|
|
"key",
|
|
"type"
|
|
],
|
|
"title": "MdmConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Managed config layer from a file (usually `managed_config.toml`).",
|
|
"properties": {
|
|
"file": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
}
|
|
],
|
|
"description": "This is the path to the system config.toml file, though it is not guaranteed to exist."
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"system"
|
|
],
|
|
"title": "SystemConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"file",
|
|
"type"
|
|
],
|
|
"title": "SystemConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Enterprise-managed config layer delivered by the cloud config bundle.",
|
|
"properties": {
|
|
"id": {
|
|
"description": "Stable identifier for the delivered layer.",
|
|
"type": "string"
|
|
},
|
|
"name": {
|
|
"description": "Admin-facing name for the delivered layer. This is surfaced in diagnostics so users know which cloud layer needs administrator attention.",
|
|
"type": "string"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"enterpriseManaged"
|
|
],
|
|
"title": "EnterpriseManagedConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"id",
|
|
"name",
|
|
"type"
|
|
],
|
|
"title": "EnterpriseManagedConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "User config layer from $CODEX_HOME/config.toml. This layer is special in that it is expected to be: - writable by the user - generally outside the workspace directory",
|
|
"properties": {
|
|
"file": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
}
|
|
],
|
|
"description": "This is the path to the user's config.toml file, though it is not guaranteed to exist."
|
|
},
|
|
"profile": {
|
|
"description": "Name of the selected profile-v2 config layered on top of the base user config, when this layer represents one.",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"user"
|
|
],
|
|
"title": "UserConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"file",
|
|
"type"
|
|
],
|
|
"title": "UserConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Path to a .codex/ folder within a project. There could be multiple of these between `cwd` and the project/repo root.",
|
|
"properties": {
|
|
"dotCodexFolder": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"project"
|
|
],
|
|
"title": "ProjectConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"dotCodexFolder",
|
|
"type"
|
|
],
|
|
"title": "ProjectConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "Session-layer overrides supplied via `-c`/`--config`.",
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"sessionFlags"
|
|
],
|
|
"title": "SessionFlagsConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "SessionFlagsConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"description": "`managed_config.toml` was designed to be a config that was loaded as the last layer on top of everything else. This scheme did not quite work out as intended, but we keep this variant as a \"best effort\" while we phase out `managed_config.toml` in favor of `requirements.toml`.",
|
|
"properties": {
|
|
"file": {
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"legacyManagedConfigTomlFromFile"
|
|
],
|
|
"title": "LegacyManagedConfigTomlFromFileConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"file",
|
|
"type"
|
|
],
|
|
"title": "LegacyManagedConfigTomlFromFileConfigLayerSource",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"legacyManagedConfigTomlFromMdm"
|
|
],
|
|
"title": "LegacyManagedConfigTomlFromMdmConfigLayerSourceType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "LegacyManagedConfigTomlFromMdmConfigLayerSource",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"OverriddenMetadata": {
|
|
"properties": {
|
|
"effectiveValue": true,
|
|
"message": {
|
|
"type": "string"
|
|
},
|
|
"overridingLayer": {
|
|
"$ref": "#/definitions/ConfigLayerMetadata"
|
|
}
|
|
},
|
|
"required": [
|
|
"effectiveValue",
|
|
"message",
|
|
"overridingLayer"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"WriteStatus": {
|
|
"enum": [
|
|
"ok",
|
|
"okOverridden"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"filePath": {
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/AbsolutePathBuf"
|
|
}
|
|
],
|
|
"description": "Canonical path to the config file that was written."
|
|
},
|
|
"overriddenMetadata": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/OverriddenMetadata"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"status": {
|
|
"$ref": "#/definitions/WriteStatus"
|
|
},
|
|
"version": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"filePath",
|
|
"status",
|
|
"version"
|
|
],
|
|
"title": "ConfigWriteResponse",
|
|
"type": "object"
|
|
} |