feat: expose codex mcp guardian governance

2026-06-03 12:13:57 +08:00
parent afeb352fe3
commit f23ed9f188
12 changed files with 171 additions and 7 deletions
--- a/tests/codex-app-server-protocol-snapshot-script.test.mjs
+++ b/tests/codex-app-server-protocol-snapshot-script.test.mjs
@@ -92,6 +92,14 @@ if (args[0] === "app-server" && args[1] === "generate-json-schema") {
      { properties: { method: { const: "windowsSandbox/setupCompleted" } } },
      { properties: { method: { const: "fuzzyFileSearch/sessionUpdated" } } },
      { properties: { method: { const: "fuzzyFileSearch/sessionCompleted" } } },
+      { properties: { method: { const: "mcpServer/oauth/login" } } },
+      { properties: { method: { const: "mcpServer/oauthLogin/completed" } } },
+      { properties: { method: { const: "mcpServer/resource/read" } } },
+      { properties: { method: { const: "mcpServer/tool/call" } } },
+      { properties: { method: { const: "mcpServer/elicitation/request" } } },
+      { properties: { method: { const: "item/tool/requestUserInput" } } },
+      { properties: { method: { const: "item/permissions/requestApproval" } } },
+      { properties: { method: { const: "thread/approveGuardianDeniedAction" } } },
      { properties: { method: { const: "skills/extraRoots/set" } } },
      { properties: { method: { const: "hooks/list" } } },
      { properties: { method: { const: "turn/interrupt" } } },
@@ -175,6 +183,13 @@ process.exit(2);
    assert.equal(manifest.supports.windowsSandboxReadiness, true);
    assert.equal(manifest.supports.windowsSandboxSetupStart, true);
    assert.equal(manifest.supports.fuzzyFileSearchEvents, true);
+    assert.equal(manifest.supports.mcpOAuthLogin, true);
+    assert.equal(manifest.supports.mcpResourceRead, true);
+    assert.equal(manifest.supports.mcpToolCall, true);
+    assert.equal(manifest.supports.mcpElicitation, true);
+    assert.equal(manifest.supports.toolRequestUserInput, true);
+    assert.equal(manifest.supports.permissionRequestApproval, true);
+    assert.equal(manifest.supports.guardianDeniedActionApproval, true);
    assert.deepEqual(manifest.methods, [
      "account/chatgptAuthTokens/refresh",
      "account/login/cancel",
@@ -206,9 +221,16 @@ process.exit(2);
      "fuzzyFileSearch/sessionCompleted",
      "fuzzyFileSearch/sessionUpdated",
      "hooks/list",
+      "item/permissions/requestApproval",
+      "item/tool/requestUserInput",
      "marketplace/add",
      "marketplace/remove",
      "marketplace/upgrade",
+      "mcpServer/elicitation/request",
+      "mcpServer/oauth/login",
+      "mcpServer/oauthLogin/completed",
+      "mcpServer/resource/read",
+      "mcpServer/tool/call",
      "plugin/install",
      "plugin/read",
      "plugin/share/checkout",
@@ -221,6 +243,7 @@ process.exit(2);
      "review/start",
      "skills/config/write",
      "skills/extraRoots/set",
+      "thread/approveGuardianDeniedAction",
      "thread/archive",
      "thread/compact/start",
      "thread/fork",
--- a/tests/device-detail-capabilities-route.test.ts
+++ b/tests/device-detail-capabilities-route.test.ts
@@ -249,6 +249,28 @@ test("device detail exposes Codex App Server discovered model and extension summ
          notificationOnly: true,
          labels: ["搜索更新", "搜索完成"],
        },
+        mcpGovernanceSummary: {
+          actionCount: 5,
+          oauthActionCount: 2,
+          resourceActionCount: 1,
+          toolActionCount: 1,
+          elicitationAvailable: true,
+          userInitiatedOnly: true,
+          labels: ["OAuth 登录", "OAuth 完成", "资源读取", "工具调用", "交互请求"],
+        },
+        userInteractionGovernanceSummary: {
+          actionCount: 1,
+          requestUserInputAvailable: true,
+          userInitiatedOnly: true,
+          labels: ["请求用户输入"],
+        },
+        guardianGovernanceSummary: {
+          actionCount: 2,
+          approvalActionCount: 1,
+          permissionRequestEventAvailable: true,
+          userInitiatedOnly: true,
+          labels: ["Guardian 放行", "权限请求"],
+        },
      },
    },
  };
@@ -279,6 +301,9 @@ test("device detail exposes Codex App Server discovered model and extension summ
  assert.equal(cards.capabilities.items.codexReviewGovernance, "审查治理：1 项 · 审查可启动");
  assert.equal(cards.capabilities.items.codexWindowsSandboxGovernance, "Windows 沙箱：3 项 · 设置 1 项 · 准备检查可用");
  assert.equal(cards.capabilities.items.codexFuzzyFileSearch, "文件搜索事件：2 项 · 完成事件可用");
+  assert.equal(cards.capabilities.items.codexMcpGovernance, "MCP 治理：5 项 · OAuth 2 项 · 工具 1 项 · 交互可用");
+  assert.equal(cards.capabilities.items.codexUserInteractionGovernance, "用户交互：1 项 · 输入请求可用");
+  assert.equal(cards.capabilities.items.codexGuardianGovernance, "Guardian 治理：2 项 · 审批 1 项 · 权限事件可用");
 });

 test("device detail exposes folder and project conflict skeleton from workspace policy", async () => {
--- a/tests/local-agent-codex-app-server-runner.test.mjs
+++ b/tests/local-agent-codex-app-server-runner.test.mjs
@@ -209,6 +209,28 @@ test("codex app-server discovery includes governance and MCP summaries without l
    notificationOnly: true,
    labels: ["搜索更新", "搜索完成"],
  });
+  assert.deepEqual(metadata.mcpGovernanceSummary, {
+    actionCount: 5,
+    oauthActionCount: 2,
+    resourceActionCount: 1,
+    toolActionCount: 1,
+    elicitationAvailable: true,
+    userInitiatedOnly: true,
+    labels: ["OAuth 登录", "OAuth 完成", "资源读取", "工具调用", "交互请求"],
+  });
+  assert.deepEqual(metadata.userInteractionGovernanceSummary, {
+    actionCount: 1,
+    requestUserInputAvailable: true,
+    userInitiatedOnly: true,
+    labels: ["请求用户输入"],
+  });
+  assert.deepEqual(metadata.guardianGovernanceSummary, {
+    actionCount: 2,
+    approvalActionCount: 1,
+    permissionRequestEventAvailable: true,
+    userInitiatedOnly: true,
+    labels: ["Guardian 放行", "权限请求"],
+  });

  const serialized = JSON.stringify(metadata);
  assert.equal(serialized.includes("sk-secret-should-not-leak"), false);