{ "$schema": "http://json-schema.org/draft-07/schema#", "title": "ConfigRequirementsReadResponse", "type": "object", "properties": { "requirements": { "description": "Null if no requirements are configured (e.g. no requirements.toml/MDM entries).", "anyOf": [ { "$ref": "#/definitions/ConfigRequirements" }, { "type": "null" } ] } }, "definitions": { "ApprovalsReviewer": { "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.", "type": "string", "enum": [ "user", "auto_review", "guardian_subagent" ] }, "AskForApproval": { "oneOf": [ { "type": "string", "enum": [ "untrusted", "on-failure", "on-request", "never" ] }, { "type": "object", "required": [ "granular" ], "properties": { "granular": { "type": "object", "required": [ "mcp_elicitations", "rules", "sandbox_approval" ], "properties": { "mcp_elicitations": { "type": "boolean" }, "request_permissions": { "default": false, "type": "boolean" }, "rules": { "type": "boolean" }, "sandbox_approval": { "type": "boolean" }, "skill_approval": { "default": false, "type": "boolean" } } } }, "additionalProperties": false, "title": "GranularAskForApproval" } ] }, "ConfigRequirements": { "type": "object", "properties": { "allowManagedHooksOnly": { "type": [ "boolean", "null" ] }, "allowedApprovalPolicies": { "type": [ "array", "null" ], "items": { "$ref": "#/definitions/AskForApproval" } }, "featureRequirements": { "type": [ "object", "null" ], "additionalProperties": { "type": "boolean" } }, "allowedSandboxModes": { "type": [ "array", "null" ], "items": { "$ref": "#/definitions/SandboxMode" } }, "allowedWebSearchModes": { "type": [ "array", "null" ], "items": { "$ref": "#/definitions/WebSearchMode" } }, "enforceResidency": { "anyOf": [ { "$ref": "#/definitions/ResidencyRequirement" }, { "type": "null" } ] } } }, "ConfiguredHookHandler": { "oneOf": [ { "type": "object", "required": [ "async", "command", "type" ], "properties": { "async": { "type": "boolean" }, "command": { "type": "string" }, "commandWindows": { "type": [ "string", "null" ] }, "statusMessage": { "type": [ "string", "null" ] }, "timeoutSec": { "type": [ "integer", "null" ], "format": "uint64", "minimum": 0.0 }, "type": { "type": "string", "enum": [ "command" ], "title": "CommandConfiguredHookHandlerType" } }, "title": "CommandConfiguredHookHandler" }, { "type": "object", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "prompt" ], "title": "PromptConfiguredHookHandlerType" } }, "title": "PromptConfiguredHookHandler" }, { "type": "object", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "agent" ], "title": "AgentConfiguredHookHandlerType" } }, "title": "AgentConfiguredHookHandler" } ] }, "ConfiguredHookMatcherGroup": { "type": "object", "required": [ "hooks" ], "properties": { "hooks": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookHandler" } }, "matcher": { "type": [ "string", "null" ] } } }, "ManagedHooksRequirements": { "type": "object", "required": [ "PermissionRequest", "PostCompact", "PostToolUse", "PreCompact", "PreToolUse", "SessionStart", "Stop", "UserPromptSubmit" ], "properties": { "PermissionRequest": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "PostCompact": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "PostToolUse": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "PreCompact": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "PreToolUse": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "SessionStart": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "Stop": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "UserPromptSubmit": { "type": "array", "items": { "$ref": "#/definitions/ConfiguredHookMatcherGroup" } }, "managedDir": { "type": [ "string", "null" ] }, "windowsManagedDir": { "type": [ "string", "null" ] } } }, "NetworkDomainPermission": { "type": "string", "enum": [ "allow", "deny" ] }, "NetworkRequirements": { "type": "object", "properties": { "allowLocalBinding": { "type": [ "boolean", "null" ] }, "allowUnixSockets": { "description": "Legacy compatibility view derived from `unix_sockets`.", "type": [ "array", "null" ], "items": { "type": "string" } }, "allowUpstreamProxy": { "type": [ "boolean", "null" ] }, "allowedDomains": { "description": "Legacy compatibility view derived from `domains`.", "type": [ "array", "null" ], "items": { "type": "string" } }, "dangerouslyAllowAllUnixSockets": { "type": [ "boolean", "null" ] }, "dangerouslyAllowNonLoopbackProxy": { "type": [ "boolean", "null" ] }, "deniedDomains": { "description": "Legacy compatibility view derived from `domains`.", "type": [ "array", "null" ], "items": { "type": "string" } }, "domains": { "description": "Canonical network permission map for `experimental_network`.", "type": [ "object", "null" ], "additionalProperties": { "$ref": "#/definitions/NetworkDomainPermission" } }, "enabled": { "type": [ "boolean", "null" ] }, "httpPort": { "type": [ "integer", "null" ], "format": "uint16", "minimum": 0.0 }, "managedAllowedDomainsOnly": { "description": "When true, only managed allowlist entries are respected while managed network enforcement is active.", "type": [ "boolean", "null" ] }, "socksPort": { "type": [ "integer", "null" ], "format": "uint16", "minimum": 0.0 }, "unixSockets": { "description": "Canonical unix socket permission map for `experimental_network`.", "type": [ "object", "null" ], "additionalProperties": { "$ref": "#/definitions/NetworkUnixSocketPermission" } } } }, "NetworkUnixSocketPermission": { "type": "string", "enum": [ "allow", "none" ] }, "ResidencyRequirement": { "type": "string", "enum": [ "us" ] }, "SandboxMode": { "type": "string", "enum": [ "read-only", "workspace-write", "danger-full-access" ] }, "WebSearchMode": { "type": "string", "enum": [ "disabled", "cached", "live" ] } } }