Skip to content

Commit 295b56b

Browse files
celia-oaicelia-oai
authored
chore: add a separate reject-policy flag for skill approvals (#14271)
## Summary - add `skill_approval` to `RejectConfig` and the app-server v2 `AskForApproval::Reject` payload so skill-script prompts can be configured independently from sandbox and rule-based prompts - update Unix shell escalation to reject prompts based on the actual decision source, keeping prefix rules tied to `rules`, unmatched command fallbacks tied to `sandbox_approval`, and skill scripts tied to `skill_approval` - regenerate the affected protocol/config schemas and expand unit/integration coverage for the new flag and skill approval behavior
1 parent 18199d4 commit 295b56b

29 files changed

+346
-12
lines changed

codex-rs/app-server-protocol/schema/json/ClientRequest.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,10 @@
6666
},
6767
"sandbox_approval": {
6868
"type": "boolean"
69+
},
70+
"skill_approval": {
71+
"default": false,
72+
"type": "boolean"
6973
}
7074
},
7175
"required": [

codex-rs/app-server-protocol/schema/json/EventMsg.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4944,6 +4944,11 @@
49444944
"sandbox_approval": {
49454945
"description": "Reject approval prompts related to sandbox escalation.",
49464946
"type": "boolean"
4947+
},
4948+
"skill_approval": {
4949+
"default": false,
4950+
"description": "Reject approval prompts triggered by skill script execution.",
4951+
"type": "boolean"
49474952
}
49484953
},
49494954
"required": [

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6911,6 +6911,11 @@
69116911
"sandbox_approval": {
69126912
"description": "Reject approval prompts related to sandbox escalation.",
69136913
"type": "boolean"
6914+
},
6915+
"skill_approval": {
6916+
"default": false,
6917+
"description": "Reject approval prompts triggered by skill script execution.",
6918+
"type": "boolean"
69146919
}
69156920
},
69166921
"required": [
@@ -9433,6 +9438,10 @@
94339438
},
94349439
"sandbox_approval": {
94359440
"type": "boolean"
9441+
},
9442+
"skill_approval": {
9443+
"default": false,
9444+
"type": "boolean"
94369445
}
94379446
},
94389447
"required": [

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -740,6 +740,10 @@
740740
},
741741
"sandbox_approval": {
742742
"type": "boolean"
743+
},
744+
"skill_approval": {
745+
"default": false,
746+
"type": "boolean"
743747
}
744748
},
745749
"required": [

codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,10 @@
157157
},
158158
"sandbox_approval": {
159159
"type": "boolean"
160+
},
161+
"skill_approval": {
162+
"default": false,
163+
"type": "boolean"
160164
}
161165
},
162166
"required": [

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@
2929
},
3030
"sandbox_approval": {
3131
"type": "boolean"
32+
},
33+
"skill_approval": {
34+
"default": false,
35+
"type": "boolean"
3236
}
3337
},
3438
"required": [

codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@
2929
},
3030
"sandbox_approval": {
3131
"type": "boolean"
32+
},
33+
"skill_approval": {
34+
"default": false,
35+
"type": "boolean"
3236
}
3337
},
3438
"required": [

codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@
3333
},
3434
"sandbox_approval": {
3535
"type": "boolean"
36+
},
37+
"skill_approval": {
38+
"default": false,
39+
"type": "boolean"
3640
}
3741
},
3842
"required": [

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@
2929
},
3030
"sandbox_approval": {
3131
"type": "boolean"
32+
},
33+
"skill_approval": {
34+
"default": false,
35+
"type": "boolean"
3236
}
3337
},
3438
"required": [

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@
3333
},
3434
"sandbox_approval": {
3535
"type": "boolean"
36+
},
37+
"skill_approval": {
38+
"default": false,
39+
"type": "boolean"
3640
}
3741
},
3842
"required": [

0 commit comments

Comments
 (0)