{ "$schema": "http://json-schema.org/draft-07/schema#", "title": "CommandExecutionRequestApprovalParams", "type": "object", "required": [ "itemId", "startedAtMs", "threadId", "turnId" ], "properties": { "turnId": { "type": "string" }, "approvalId": { "description": "Unique identifier for this specific approval callback.\n\nFor regular shell/unified_exec approvals, this is null.\n\nFor zsh-exec-bridge subcommand approvals, multiple callbacks can belong to one parent `itemId`, so `approvalId` is a distinct opaque callback id (a UUID) used to disambiguate routing.", "type": [ "string", "null" ] }, "threadId": { "type": "string" }, "command": { "description": "The command to be executed.", "type": [ "string", "null" ] }, "commandActions": { "description": "Best-effort parsed command actions for friendly display.", "type": [ "array", "null" ], "items": { "$ref": "#/definitions/CommandAction" } }, "cwd": { "description": "The command's working directory.", "anyOf": [ { "$ref": "#/definitions/AbsolutePathBuf" }, { "type": "null" } ] }, "itemId": { "type": "string" }, "networkApprovalContext": { "description": "Optional context for a managed-network approval prompt.", "anyOf": [ { "$ref": "#/definitions/NetworkApprovalContext" }, { "type": "null" } ] }, "proposedExecpolicyAmendment": { "description": "Optional proposed execpolicy amendment to allow similar commands without prompting.", "type": [ "array", "null" ], "items": { "type": "string" } }, "proposedNetworkPolicyAmendments": { "description": "Optional proposed network policy amendments (allow/deny host) for future requests.", "type": [ "array", "null" ], "items": { "$ref": "#/definitions/NetworkPolicyAmendment" } }, "reason": { "description": "Optional explanatory reason (e.g. request for network access).", "type": [ "string", "null" ] }, "startedAtMs": { "description": "Unix timestamp (in milliseconds) when this approval request started.", "type": "integer", "format": "int64" } }, "definitions": { "AbsolutePathBuf": { "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.", "type": "string" }, "AdditionalFileSystemPermissions": { "type": "object", "properties": { "entries": { "type": [ "array", "null" ], "items": { "$ref": "#/definitions/FileSystemSandboxEntry" } }, "globScanMaxDepth": { "type": [ "integer", "null" ], "format": "uint", "minimum": 1.0 }, "read": { "description": "This will be removed in favor of `entries`.", "type": [ "array", "null" ], "items": { "$ref": "#/definitions/AbsolutePathBuf" } }, "write": { "description": "This will be removed in favor of `entries`.", "type": [ "array", "null" ], "items": { "$ref": "#/definitions/AbsolutePathBuf" } } } }, "AdditionalNetworkPermissions": { "type": "object", "properties": { "enabled": { "type": [ "boolean", "null" ] } } }, "AdditionalPermissionProfile": { "type": "object", "properties": { "fileSystem": { "anyOf": [ { "$ref": "#/definitions/AdditionalFileSystemPermissions" }, { "type": "null" } ] }, "network": { "description": "Partial overlay used for per-command permission requests.", "anyOf": [ { "$ref": "#/definitions/AdditionalNetworkPermissions" }, { "type": "null" } ] } } }, "CommandAction": { "oneOf": [ { "type": "object", "required": [ "command", "name", "path", "type" ], "properties": { "command": { "type": "string" }, "name": { "type": "string" }, "path": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": { "type": "string", "enum": [ "read" ], "title": "ReadCommandActionType" } }, "title": "ReadCommandAction" }, { "type": "object", "required": [ "command", "type" ], "properties": { "command": { "type": "string" }, "path": { "type": [ "string", "null" ] }, "type": { "type": "string", "enum": [ "listFiles" ], "title": "ListFilesCommandActionType" } }, "title": "ListFilesCommandAction" }, { "type": "object", "required": [ "command", "type" ], "properties": { "command": { "type": "string" }, "path": { "type": [ "string", "null" ] }, "query": { "type": [ "string", "null" ] }, "type": { "type": "string", "enum": [ "search" ], "title": "SearchCommandActionType" } }, "title": "SearchCommandAction" }, { "type": "object", "required": [ "command", "type" ], "properties": { "command": { "type": "string" }, "type": { "type": "string", "enum": [ "unknown" ], "title": "UnknownCommandActionType" } }, "title": "UnknownCommandAction" } ] }, "CommandExecutionApprovalDecision": { "oneOf": [ { "description": "User approved the command.", "type": "string", "enum": [ "accept" ] }, { "description": "User approved the command and future prompts in the same session-scoped approval cache should run without prompting.", "type": "string", "enum": [ "acceptForSession" ] }, { "description": "User approved the command, and wants to apply the proposed execpolicy amendment so future matching commands can run without prompting.", "type": "object", "required": [ "acceptWithExecpolicyAmendment" ], "properties": { "acceptWithExecpolicyAmendment": { "type": "object", "required": [ "execpolicy_amendment" ], "properties": { "execpolicy_amendment": { "type": "array", "items": { "type": "string" } } } } }, "additionalProperties": false, "title": "AcceptWithExecpolicyAmendmentCommandExecutionApprovalDecision" }, { "description": "User chose a persistent network policy rule (allow/deny) for this host.", "type": "object", "required": [ "applyNetworkPolicyAmendment" ], "properties": { "applyNetworkPolicyAmendment": { "type": "object", "required": [ "network_policy_amendment" ], "properties": { "network_policy_amendment": { "$ref": "#/definitions/NetworkPolicyAmendment" } } } }, "additionalProperties": false, "title": "ApplyNetworkPolicyAmendmentCommandExecutionApprovalDecision" }, { "description": "User denied the command. The agent will continue the turn.", "type": "string", "enum": [ "decline" ] }, { "description": "User denied the command. The turn will also be immediately interrupted.", "type": "string", "enum": [ "cancel" ] } ] }, "FileSystemAccessMode": { "type": "string", "enum": [ "read", "write", "none" ] }, "FileSystemPath": { "oneOf": [ { "type": "object", "required": [ "path", "type" ], "properties": { "path": { "$ref": "#/definitions/AbsolutePathBuf" }, "type": { "type": "string", "enum": [ "path" ], "title": "PathFileSystemPathType" } }, "title": "PathFileSystemPath" }, { "type": "object", "required": [ "pattern", "type" ], "properties": { "pattern": { "type": "string" }, "type": { "type": "string", "enum": [ "glob_pattern" ], "title": "GlobPatternFileSystemPathType" } }, "title": "GlobPatternFileSystemPath" }, { "type": "object", "required": [ "type", "value" ], "properties": { "type": { "type": "string", "enum": [ "special" ], "title": "SpecialFileSystemPathType" }, "value": { "$ref": "#/definitions/FileSystemSpecialPath" } }, "title": "SpecialFileSystemPath" } ] }, "FileSystemSandboxEntry": { "type": "object", "required": [ "access", "path" ], "properties": { "access": { "$ref": "#/definitions/FileSystemAccessMode" }, "path": { "$ref": "#/definitions/FileSystemPath" } } }, "FileSystemSpecialPath": { "oneOf": [ { "type": "object", "required": [ "kind" ], "properties": { "kind": { "type": "string", "enum": [ "root" ] } }, "title": "RootFileSystemSpecialPath" }, { "type": "object", "required": [ "kind" ], "properties": { "kind": { "type": "string", "enum": [ "minimal" ] } }, "title": "MinimalFileSystemSpecialPath" }, { "type": "object", "required": [ "kind" ], "properties": { "kind": { "type": "string", "enum": [ "project_roots" ] }, "subpath": { "type": [ "string", "null" ] } }, "title": "KindFileSystemSpecialPath" }, { "type": "object", "required": [ "kind" ], "properties": { "kind": { "type": "string", "enum": [ "tmpdir" ] } }, "title": "TmpdirFileSystemSpecialPath" }, { "type": "object", "required": [ "kind" ], "properties": { "kind": { "type": "string", "enum": [ "slash_tmp" ] } }, "title": "SlashTmpFileSystemSpecialPath" }, { "type": "object", "required": [ "kind", "path" ], "properties": { "kind": { "type": "string", "enum": [ "unknown" ] }, "path": { "type": "string" }, "subpath": { "type": [ "string", "null" ] } } } ] }, "NetworkApprovalContext": { "type": "object", "required": [ "host", "protocol" ], "properties": { "host": { "type": "string" }, "protocol": { "$ref": "#/definitions/NetworkApprovalProtocol" } } }, "NetworkApprovalProtocol": { "type": "string", "enum": [ "http", "https", "socks5Tcp", "socks5Udp" ] }, "NetworkPolicyAmendment": { "type": "object", "required": [ "action", "host" ], "properties": { "action": { "$ref": "#/definitions/NetworkPolicyRuleAction" }, "host": { "type": "string" } } }, "NetworkPolicyRuleAction": { "type": "string", "enum": [ "allow", "deny" ] } } }