feat: include available decisions in command approval requests (#12758)

Command-approval clients currently infer which choices to show from
side-channel fields like `networkApprovalContext`,
`proposedExecpolicyAmendment`, and `additionalPermissions`. That makes
the request shape harder to evolve, and it forces each client to
replicate the server's heuristics instead of receiving the exact
decision list for the prompt.

This PR introduces a mapping between `CommandExecutionApprovalDecision`
and `codex_protocol::protocol::ReviewDecision`:

```rust
impl From<CoreReviewDecision> for CommandExecutionApprovalDecision {
    fn from(value: CoreReviewDecision) -> Self {
        match value {
            CoreReviewDecision::Approved => Self::Accept,
            CoreReviewDecision::ApprovedExecpolicyAmendment {
                proposed_execpolicy_amendment,
            } => Self::AcceptWithExecpolicyAmendment {
                execpolicy_amendment: proposed_execpolicy_amendment.into(),
            },
            CoreReviewDecision::ApprovedForSession => Self::AcceptForSession,
            CoreReviewDecision::NetworkPolicyAmendment {
                network_policy_amendment,
            } => Self::ApplyNetworkPolicyAmendment {
                network_policy_amendment: network_policy_amendment.into(),
            },
            CoreReviewDecision::Abort => Self::Cancel,
            CoreReviewDecision::Denied => Self::Decline,
        }
    }
}
```

And updates `CommandExecutionRequestApprovalParams` to have a new field:

```rust
available_decisions: Option<Vec<CommandExecutionApprovalDecision>>
```

when, if specified, should make it easier for clients to display an
appropriate list of options in the UI.

This makes it possible for `CoreShellActionProvider::prompt()` in
`unix_escalation.rs` to specify the `Vec<ReviewDecision>` directly,
adding support for `ApprovedForSession` when approving a skill script,
which was previously missing in the TUI.

Note this results in a significant change to `exec_options()` in
`approval_overlay.rs`, as the displayed options are now derived from
`available_decisions: &[ReviewDecision]`.

## What Changed

- Add `available_decisions` to
[`ExecApprovalRequestEvent`](de00e932dd/codex-rs/protocol/src/approvals.rs (L111-L175)),
including helpers to derive the legacy default choices when older
senders omit the field.
- Map `codex_protocol::protocol::ReviewDecision` to app-server
`CommandExecutionApprovalDecision` and expose the ordered list as
experimental `availableDecisions` in
[`CommandExecutionRequestApprovalParams`](de00e932dd/codex-rs/app-server-protocol/src/protocol/v2.rs (L3798-L3807)).
- Thread optional `available_decisions` through the core approval path
so Unix shell escalation can explicitly request `ApprovedForSession` for
session-scoped approvals instead of relying on client heuristics.
[`unix_escalation.rs`](de00e932dd/codex-rs/core/src/tools/runtimes/shell/unix_escalation.rs (L194-L214))
- Update the TUI approval overlay to build its buttons from the ordered
decision list, while preserving the legacy fallback when
`available_decisions` is missing.
- Update the app-server README, test client output, and generated schema
artifacts to document and surface the new field.

## Testing

- Add `approval_overlay.rs` coverage for explicit decision lists,
including the generic `ApprovedForSession` path and network approval
options.
- Update `chatwidget/tests.rs` and app-server protocol tests to populate
the new optional field and keep older event shapes working.

## Developers Docs

- If we document `item/commandExecution/requestApproval` on
[developers.openai.com/codex](https://developers.openai.com/codex), add
experimental `availableDecisions` as the preferred source of approval
choices and note that older servers may omit it.

codex-rs/protocol/src/approvals.rs

@@ -5,6 +5,7 @@ use crate::mcp::RequestId;
 use crate::models::PermissionProfile;
 use crate::parse_command::ParsedCommand;
 use crate::protocol::FileChange;
+use crate::protocol::ReviewDecision;
 use schemars::JsonSchema;
 use serde::Deserialize;
 use serde::Serialize;
@@ -107,6 +108,13 @@ pub struct ExecApprovalRequestEvent {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[ts(optional)]
     pub additional_permissions: Option<PermissionProfile>,
+    /// Ordered list of decisions the client may present for this prompt.
+    ///
+    /// When absent, clients should derive the legacy default set from the
+    /// other fields on this request.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[ts(optional)]
+    pub available_decisions: Option<Vec<ReviewDecision>>,
     pub parsed_cmd: Vec<ParsedCommand>,
 }
 
@@ -116,6 +124,55 @@ impl ExecApprovalRequestEvent {
             .clone()
             .unwrap_or_else(|| self.call_id.clone())
     }
+
+    pub fn effective_available_decisions(&self) -> Vec<ReviewDecision> {
+        // available_decisions is a new field that may not be populated by older
+        // senders, so we fall back to the legacy logic if it's not present.
+        match &self.available_decisions {
+            Some(decisions) => decisions.clone(),
+            None => Self::default_available_decisions(
+                self.network_approval_context.as_ref(),
+                self.proposed_execpolicy_amendment.as_ref(),
+                self.proposed_network_policy_amendments.as_deref(),
+                self.additional_permissions.as_ref(),
+            ),
+        }
+    }
+
+    pub fn default_available_decisions(
+        network_approval_context: Option<&NetworkApprovalContext>,
+        proposed_execpolicy_amendment: Option<&ExecPolicyAmendment>,
+        proposed_network_policy_amendments: Option<&[NetworkPolicyAmendment]>,
+        additional_permissions: Option<&PermissionProfile>,
+    ) -> Vec<ReviewDecision> {
+        if network_approval_context.is_some() {
+            let mut decisions = vec![ReviewDecision::Approved, ReviewDecision::ApprovedForSession];
+            if let Some(amendment) = proposed_network_policy_amendments.and_then(|amendments| {
+                amendments
+                    .iter()
+                    .find(|amendment| amendment.action == NetworkPolicyRuleAction::Allow)
+            }) {
+                decisions.push(ReviewDecision::NetworkPolicyAmendment {
+                    network_policy_amendment: amendment.clone(),
+                });
+            }
+            decisions.push(ReviewDecision::Abort);
+            return decisions;
+        }
+
+        if additional_permissions.is_some() {
+            return vec![ReviewDecision::Approved, ReviewDecision::Abort];
+        }
+
+        let mut decisions = vec![ReviewDecision::Approved];
+        if let Some(prefix) = proposed_execpolicy_amendment {
+            decisions.push(ReviewDecision::ApprovedExecpolicyAmendment {
+                proposed_execpolicy_amendment: prefix.clone(),
+            });
+        }
+        decisions.push(ReviewDecision::Abort);
+        decisions
+    }
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize, JsonSchema, TS)]