Skip to content

feat: add experimental additionalPermissions to v2 command execution approval requests#12737

Merged
celia-oai merged 2 commits intomainfrom
dev/cc/app-server-change
Feb 25, 2026
Merged

feat: add experimental additionalPermissions to v2 command execution approval requests#12737
celia-oai merged 2 commits intomainfrom
dev/cc/app-server-change

Conversation

@celia-oai
Copy link
Collaborator

@celia-oai celia-oai commented Feb 25, 2026
edited
Loading

This adds additionalPermissions to the app-server v2 item/commandExecution/requestApproval payload as an experimental field.

The field is now exposed on CommandExecutionRequestApprovalParams and is populated from the existing core approval event when a command requests additional sandbox permissions.

This PR also contains changes to make server requests to support experiment API.

A real app server test client test:

sample payload with experimental flag off:

 {
<   "id": 0,
<   "method": "item/commandExecution/requestApproval",
<   "params": {
<     "command": "/bin/zsh -lc 'mkdir -p ~/some/test && touch ~/some/test/file'",
<     "commandActions": [
<       {
<         "command": "mkdir -p '~/some/test'",
<         "type": "unknown"
<       },
<       {
<         "command": "touch '~/some/test/file'",
<         "type": "unknown"
<       }
<     ],
<     "cwd": "/Users/celia/code/codex/codex-rs",
<     "itemId": "call_QLp0LWkQ1XkU6VW9T2vUZFWB",
<     "proposedExecpolicyAmendment": [
<       "mkdir",
<       "-p",
<       "~/some/test"
<     ],
<     "reason": "Do you want to allow creating ~/some/test/file outside the workspace?",
<     "threadId": "019c9309-e209-7d82-a01b-dcf9556a354d",
<     "turnId": "019c9309-e27a-7f33-834f-6011e795c2d6"
<   }
< }

with experimental flag on:

< {
<   "id": 0,
<   "method": "item/commandExecution/requestApproval",
<   "params": {
<     "additionalPermissions": {
<       "fileSystem": null,
<       "macos": null,
<       "network": true
<     },
<     "command": "/bin/zsh -lc 'install -D /dev/null ~/some/test/file'",
<     "commandActions": [
<       {
<         "command": "install -D /dev/null '~/some/test/file'",
<         "type": "unknown"
<       }
<     ],
<     "cwd": "/Users/celia/code/codex/codex-rs",
<     "itemId": "call_K3U4b3dRbj3eMCqslmncbGsq",
<     "proposedExecpolicyAmendment": [
<       "install",
<       "-D"
<     ],
<     "reason": "Do you want to allow creating the file at ~/some/test/file outside the workspace sandbox?",
<     "threadId": "019c9303-3a8e-76e1-81bf-d67ac446d892",
<     "turnId": "019c9303-3af1-7143-88a1-73132f771234"
<   }
< }

Base automatically changed from dev/cc/new-approval-field to main February 25, 2026 03:35
@celia-oai celia-oai force-pushed the dev/cc/app-server-change branch 5 times, most recently from 192db96 to 101290b Compare February 25, 2026 04:02
@celia-oai celia-oai changed the title changes feat: add experimental additionalPermissions to v2 command execution approval requests Feb 25, 2026
@celia-oai celia-oai force-pushed the dev/cc/app-server-change branch from 101290b to d554ad3 Compare February 25, 2026 04:26
@celia-oai celia-oai marked this pull request as ready for review February 25, 2026 04:26
@celia-oai celia-oai force-pushed the dev/cc/app-server-change branch from d554ad3 to 7bd853b Compare February 25, 2026 04:37
@celia-oai celia-oai enabled auto-merge (squash) February 25, 2026 04:42
@celia-oai celia-oai merged commit 1151972 into main Feb 25, 2026
53 of 55 checks passed
@celia-oai celia-oai deleted the dev/cc/app-server-change branch February 25, 2026 05:16
@github-actions github-actions bot locked and limited conversation to collaborators Feb 25, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dylan-hurd-oai dylan-hurd-oai dylan-hurd-oai approved these changes

@bolinfest bolinfest Awaiting requested review from bolinfest

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@celia-oai @dylan-hurd-oai