mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
2f108f9fd9
## Why Permission profile allowlists are an enterprise security boundary, but they also need to compose across the managed requirements layers added in #24620. A map representation lets each requirements layer add, allow, or revoke individual profiles without replacing an entire array. ## Managed Contract Administrators configure the mergeable allow map with `allowed_permission_profiles`. A recommended enterprise configuration explicitly lists every built-in and custom profile users should be able to select: ```toml default_permissions = "review_only" [allowed_permission_profiles] ":read-only" = true ":workspace" = true review_only = true # ":danger-full-access" is intentionally omitted, so it is denied. [permissions.review_only] extends = ":read-only" ``` - Profiles whose effective merged value is `true` are allowed. - Missing profiles and profiles set to `false` are denied. - This is a closed allowlist: built-in profiles and profiles introduced in future versions are denied unless explicitly allowed. - Explicitly list each built-in profile the enterprise wants to make available. Omit built-ins such as `:danger-full-access` when they should remain unavailable. - Set `default_permissions` explicitly to the allowed profile users should receive when they have no local selection. - Higher-precedence layers override only the profile keys they define. - `false` is only needed when a higher-precedence layer must revoke a `true` inherited from a lower layer. - Explicit keys must refer to known built-in or managed profiles. A custom or narrowed allowlist requires an allowed `default_permissions`. For compatibility, if both `:workspace` and `:read-only` are explicitly allowed, an omitted default resolves to `:workspace`; customer configurations should still set the intended default explicitly. When `allowed_permission_profiles` is absent, existing implicit permission and legacy `sandbox_mode` behavior is unchanged. ## What Changed - Add `allowed_permission_profiles` as a `BTreeMap<String, bool>` that merges per profile across requirements layers. - Enforce managed defaults, strict denial of omitted profiles, and the explicitly allowed standard-pair fallback. - Expose `allowedPermissionProfiles` through `configRequirements/read` and regenerate its schemas. - Add regression coverage for map composition and revocation, managed defaults, strict denial of omitted built-ins, and API output. ## Verification - Focused `codex-config` coverage for layered map composition and revocation - Focused `codex-core` coverage for managed defaults, invalid defaults, strict denial of omitted built-ins, and the standard built-in pair - Focused `codex-app-server` coverage for requirements API output - Scoped Clippy for `codex-config`, `codex-core`, `codex-app-server-protocol`, and `codex-app-server` ## Documentation The managed `requirements.toml` documentation should introduce `allowed_permission_profiles` as a closed permission-profile allowlist before this setting is published on developers.openai.com. --------- Co-authored-by: Codex <noreply@openai.com>
527 lines
12 KiB
JSON
Generated
527 lines
12 KiB
JSON
Generated
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"definitions": {
|
|
"ApprovalsReviewer": {
|
|
"description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
|
|
"enum": [
|
|
"user",
|
|
"auto_review",
|
|
"guardian_subagent"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"AskForApproval": {
|
|
"oneOf": [
|
|
{
|
|
"enum": [
|
|
"untrusted",
|
|
"on-failure",
|
|
"on-request",
|
|
"never"
|
|
],
|
|
"type": "string"
|
|
},
|
|
{
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"granular": {
|
|
"properties": {
|
|
"mcp_elicitations": {
|
|
"type": "boolean"
|
|
},
|
|
"request_permissions": {
|
|
"default": false,
|
|
"type": "boolean"
|
|
},
|
|
"rules": {
|
|
"type": "boolean"
|
|
},
|
|
"sandbox_approval": {
|
|
"type": "boolean"
|
|
},
|
|
"skill_approval": {
|
|
"default": false,
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"required": [
|
|
"mcp_elicitations",
|
|
"rules",
|
|
"sandbox_approval"
|
|
],
|
|
"type": "object"
|
|
}
|
|
},
|
|
"required": [
|
|
"granular"
|
|
],
|
|
"title": "GranularAskForApproval",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"ComputerUseRequirements": {
|
|
"properties": {
|
|
"allowLockedComputerUse": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"ConfigRequirements": {
|
|
"properties": {
|
|
"allowAppshots": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowManagedHooksOnly": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedApprovalPolicies": {
|
|
"items": {
|
|
"$ref": "#/definitions/AskForApproval"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedPermissionProfiles": {
|
|
"additionalProperties": {
|
|
"type": "boolean"
|
|
},
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedSandboxModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/SandboxMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedWebSearchModes": {
|
|
"items": {
|
|
"$ref": "#/definitions/WebSearchMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedWindowsSandboxImplementations": {
|
|
"items": {
|
|
"$ref": "#/definitions/WindowsSandboxSetupMode"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"computerUse": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ComputerUseRequirements"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"defaultPermissions": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"enforceResidency": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ResidencyRequirement"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"featureRequirements": {
|
|
"additionalProperties": {
|
|
"type": "boolean"
|
|
},
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"ConfiguredHookHandler": {
|
|
"oneOf": [
|
|
{
|
|
"properties": {
|
|
"async": {
|
|
"type": "boolean"
|
|
},
|
|
"command": {
|
|
"type": "string"
|
|
},
|
|
"commandWindows": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"statusMessage": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"timeoutSec": {
|
|
"format": "uint64",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"type": {
|
|
"enum": [
|
|
"command"
|
|
],
|
|
"title": "CommandConfiguredHookHandlerType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"async",
|
|
"command",
|
|
"type"
|
|
],
|
|
"title": "CommandConfiguredHookHandler",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"prompt"
|
|
],
|
|
"title": "PromptConfiguredHookHandlerType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "PromptConfiguredHookHandler",
|
|
"type": "object"
|
|
},
|
|
{
|
|
"properties": {
|
|
"type": {
|
|
"enum": [
|
|
"agent"
|
|
],
|
|
"title": "AgentConfiguredHookHandlerType",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"type"
|
|
],
|
|
"title": "AgentConfiguredHookHandler",
|
|
"type": "object"
|
|
}
|
|
]
|
|
},
|
|
"ConfiguredHookMatcherGroup": {
|
|
"properties": {
|
|
"hooks": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookHandler"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"matcher": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"hooks"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"ManagedHooksRequirements": {
|
|
"properties": {
|
|
"PermissionRequest": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"PostCompact": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"PostToolUse": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"PreCompact": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"PreToolUse": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"SessionStart": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"Stop": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"SubagentStart": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"SubagentStop": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"UserPromptSubmit": {
|
|
"items": {
|
|
"$ref": "#/definitions/ConfiguredHookMatcherGroup"
|
|
},
|
|
"type": "array"
|
|
},
|
|
"managedDir": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"windowsManagedDir": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"PermissionRequest",
|
|
"PostCompact",
|
|
"PostToolUse",
|
|
"PreCompact",
|
|
"PreToolUse",
|
|
"SessionStart",
|
|
"Stop",
|
|
"SubagentStart",
|
|
"SubagentStop",
|
|
"UserPromptSubmit"
|
|
],
|
|
"type": "object"
|
|
},
|
|
"NetworkDomainPermission": {
|
|
"enum": [
|
|
"allow",
|
|
"deny"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"NetworkRequirements": {
|
|
"properties": {
|
|
"allowLocalBinding": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUnixSockets": {
|
|
"description": "Legacy compatibility view derived from `unix_sockets`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"allowUpstreamProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"allowedDomains": {
|
|
"description": "Legacy compatibility view derived from `domains`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowAllUnixSockets": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"dangerouslyAllowNonLoopbackProxy": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"deniedDomains": {
|
|
"description": "Legacy compatibility view derived from `domains`.",
|
|
"items": {
|
|
"type": "string"
|
|
},
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
]
|
|
},
|
|
"domains": {
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/NetworkDomainPermission"
|
|
},
|
|
"description": "Canonical network permission map for `experimental_network`.",
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
},
|
|
"enabled": {
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"httpPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"managedAllowedDomainsOnly": {
|
|
"description": "When true, only managed allowlist entries are respected while managed network enforcement is active.",
|
|
"type": [
|
|
"boolean",
|
|
"null"
|
|
]
|
|
},
|
|
"socksPort": {
|
|
"format": "uint16",
|
|
"minimum": 0.0,
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
]
|
|
},
|
|
"unixSockets": {
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/NetworkUnixSocketPermission"
|
|
},
|
|
"description": "Canonical unix socket permission map for `experimental_network`.",
|
|
"type": [
|
|
"object",
|
|
"null"
|
|
]
|
|
}
|
|
},
|
|
"type": "object"
|
|
},
|
|
"NetworkUnixSocketPermission": {
|
|
"enum": [
|
|
"allow",
|
|
"deny"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"ResidencyRequirement": {
|
|
"enum": [
|
|
"us"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"SandboxMode": {
|
|
"enum": [
|
|
"read-only",
|
|
"workspace-write",
|
|
"danger-full-access"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"WebSearchMode": {
|
|
"enum": [
|
|
"disabled",
|
|
"cached",
|
|
"live"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"WindowsSandboxSetupMode": {
|
|
"enum": [
|
|
"elevated",
|
|
"unelevated"
|
|
],
|
|
"type": "string"
|
|
}
|
|
},
|
|
"properties": {
|
|
"requirements": {
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/ConfigRequirements"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
],
|
|
"description": "Null if no requirements are configured (e.g. no requirements.toml/MDM entries)."
|
|
}
|
|
},
|
|
"title": "ConfigRequirementsReadResponse",
|
|
"type": "object"
|
|
} |