mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-02 20:32:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

Decouple request permissions feature and tool (#14426)

Browse Source
This commit is contained in:
Jack Mousseau
2026-03-12 14:47:08 -07:00
committed by GitHub
parent bc48b9289a
commit a314c7d3ae
9 changed files with 482 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
codex-rs/app-server/README.md
View File

@@ -928,7 +928,7 @@ Only the granted subset matters on the wire. Any permissions omitted from `resul
Within the same turn, granted permissions are sticky: later shell-like tool calls can automatically reuse the granted subset without reissuing a separate permission request.
If the session approval policy uses `Reject` with `request_permissions: true`, the server does not send `item/permissions/requestApproval` to the client. Instead, the tool is auto-denied and resolves with an empty granted-permissions payload.
If the session approval policy uses `Reject` with `request_permissions: true`, standalone `request_permissions` tool calls are auto-denied and no `item/permissions/requestApproval` prompt is sent. Inline `with_additional_permissions` command requests remain controlled by `sandbox_approval`, and any previously granted permissions remain sticky for later shell-like calls in the same turn.
### Dynamic tool calls (experimental)