Celia Chen
5b6911cb1b
feat(skills): add permission profiles from openai.yaml metadata ( #11658 )
...
## Summary
This PR adds support for skill-level permissions in .codex/openai.yaml
and wires that through the skill loading pipeline.
## What’s included
1. Added a new permissions section for skills (network, filesystem, and
macOS-related access).
2. Implemented permission parsing/normalization and translation into
runtime permission profiles.
3. Threaded the new permission profile through SkillMetadata and loader
flow.
## Follow-up
A follow-up PR will connect these permission profiles to actual sandbox
enforcement and add user approval prompts for executing binaries/scripts
from skill directories.
## Example
`openai.yaml` snippet:
```
permissions:
network: true
fs_read:
- "./data"
- "./data"
fs_write:
- "./output"
macos_preferences: "readwrite"
macos_automation:
- "com.apple.Notes"
macos_accessibility: true
macos_calendar: true
```
compiled skill permission profile metadata (macOS):
```
SkillPermissionProfile {
sandbox_policy: SandboxPolicy::WorkspaceWrite {
writable_roots: vec![
AbsolutePathBuf::try_from("/ABS/PATH/TO/SKILL/output").unwrap(),
],
read_only_access: ReadOnlyAccess::Restricted {
include_platform_defaults: true,
readable_roots: vec![
AbsolutePathBuf::try_from("/ABS/PATH/TO/SKILL/data").unwrap(),
],
},
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
},
// Truncated for readability; actual generated profile is longer.
macos_seatbelt_permission_file: r#"
(allow user-preference-write)
(allow appleevent-send
(appleevent-destination "com.apple.Notes"))
(allow mach-lookup (global-name "com.apple.axserver"))
(allow mach-lookup (global-name "com.apple.CalendarAgent"))
...
"#.to_string(),
```
2026-02-14 01:43:44 +00:00
