docs(agentydragon): add Task 11 for custom approval predicates

agentydragon/README.md

@@ -19,12 +19,18 @@ This file documents the changes introduced on the `agentydragon` branch
 - Added `uuid` crate to `codex-rs/cli` and `codex-rs/tui`.
 
 ## Documentation tasks (under `tasks/`)
+- task-template.md
 - 01-dynamic-mount-commands.md
 - 02-auto-approve-predicates.md
 - 03-live-config-reload.md
 - 04-auto-mount-repo.md
+- 04-auto-mount-repo-plan.md
 - 06-external-editor-prompt.md
 - 07-undo-feedback-decision.md
+- 08-set-shell-title.md
+- 09-file-dir-level-approvals.md
+- 10-inspect-container-state.md
+- 11-custom-approval-predicates.md
 
 ---
 

agentydragon/tasks/01-dynamic-mount-commands.md

@@ -1,5 +1,12 @@
 # Task 01: Dynamic Mount-Add and Mount-Remove Commands
 
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
 ## Goal
 Implement the `/mount-add` and `/mount-remove` slash commands in the TUI, supporting two modes:
 
@@ -17,5 +24,13 @@ These commands should:
 - Symmetrically for `/mount-remove` by container path.
 - The `sandbox_policy` is updated so subsequent shell commands can read/write the newly mounted folder.
 
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
 ## Notes
 - This builds on the static `[[sandbox.mounts]]` support introduced earlier.

agentydragon/tasks/02-auto-approve-predicates.md

@@ -1,5 +1,12 @@
 # Task 02: Granular Auto-Approval Predicates
 
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
 ## Goal
 Let users configure one or more scripts in `config.toml` that examine each proposed shell command and output exactly one of:
 
@@ -15,5 +22,13 @@ If the script exits non-zero or prints anything else, default to `user-confirm`.
 - If a script prints `continue`/`deny`/`user-confirm`, take that action and skip remaining scripts.
 - If all scripts return non-zero or invalid output, pause for manual approval (existing logic).
 
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
 ## Notes
 - This pairs with the existing `approval_policy = "unless-allow-listed"` but adds custom logic before prompting.

agentydragon/tasks/03-live-config-reload.md

@@ -1,5 +1,12 @@
 # Task 03: Live Config Reload and Prompt on Changes
 
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
 ## Goal
 Detect changes to the user `config.toml` file while a session is running and prompt the user to apply or ignore the updated settings.
 
@@ -9,5 +16,13 @@ Detect changes to the user `config.toml` file while a session is running and pro
 - Pause the agent, display the diff in the TUI bottom pane, and offer two actions: `Apply new config now` or `Continue with old config`.
 - If the user applies, re-parse the config, merge overrides, and resume using the new settings. Otherwise, discard changes and resume.
 
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
 ## Notes
 - Leverage a crate such as `notify` for FS events and `similar` or `diff` for unified diff generation.

agentydragon/tasks/04-auto-mount-repo-plan.md

@@ -0,0 +1,48 @@
+# Task 04 Plan: Auto‑Mount Entire Repo & Auto‑CD
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Planning phase; missing Implementation details (How it was implemented and How it works).
+
+We’ll break Task 04 into discrete subtasks so we can implement, review, and test each part in isolation:
+
+## Subtasks
+
+### 04.1 – Config → `ConfigToml` + `Config`
+- Add `auto_mount_repo: bool` and `mount_prefix: String` to `ConfigToml` (with proper `#[serde(default)]` and defaults).
+- Wire these fields through to the `Config` struct.
+
+### 04.2 – Git root detection + relative‐path
+- Implement a helper in `codex_core::util` to locate the Git repository root given a starting `cwd`.
+- Compute the sub‐directory path relative to the repo root.
+
+### 04.3 – Bind‑mount logic
+- In the sandbox startup path (`apply_sandbox_policy_to_current_thread` or a new wrapper before it), if `auto_mount_repo` is set:
+  - Bind‑mount `repo_root` → `mount_prefix` (e.g. `/workspace`).
+  - Create target directory if missing.
+
+### 04.4 – Automate `cwd` → new mount
+- After mounting, update the process‐wide `cwd` to `mount_prefix/relative_path` so all subsequent file ops occur under the mount.
+
+### 04.5 – Config docs & tests
+- Update `config.md` to document `auto_mount_repo` and `mount_prefix` under the top‐level config.
+- Add unit tests for the Git‐root helper and default values.
+
+### 04.6 – E2E manual verification
+- Manually verify launching with `auto_mount_repo = true` in a nested subfolder:
+  - TTY prompt shows sandboxed cwd under `/workspace/<subdir>`.
+  - Commands executed by Codex see the mount.
+
+## Next steps
+Please review the plan above. If it looks good, I’ll implement the subtasks in order.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*

agentydragon/tasks/04-auto-mount-repo.md

@@ -1,5 +1,12 @@
 # Task 04: Auto-Mount Entire Repo and Auto-CD to Subfolder
 
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
 ## Goal
 Allow users to enable a flag so that each session:
 
@@ -12,5 +19,13 @@ Allow users to enable a flag so that each session:
 - Before any worktree or mount processing, detect the Git root, bind-mount it to `mount_prefix`, and set `cwd` to `mount_prefix + relative_path`.
 - Existing worktree/session-worktree logic should operate relative to this new `cwd`.
 
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
 ## Notes
 - This offloads the entire monorepo into the session, leaving the user’s original clone untouched.

agentydragon/tasks/06-external-editor-prompt.md

@@ -1,5 +1,12 @@
 # Task 06: External Editor Integration for Prompt Entry
 
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
 ## Goal
 Allow users to spawn an external editor (e.g. Neovim) to compose or edit the chat prompt. The prompt box should update with the editor's contents when closed.
 
@@ -8,6 +15,14 @@ Allow users to spawn an external editor (e.g. Neovim) to compose or edit the cha
 - Upon editor exit, the draft is re-read into the composer widget.
 - Configurable via `editor = "${VISUAL:-${EDITOR:-nvim}}"` setting in `config.toml`.
 
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
 ## Notes
 - Leverage the existing file-opener machinery or spawn a subprocess directly.
   Modify `tui/src/bottom_pane/chat_composer.rs` and command handling in `tui/src/app.rs`.

agentydragon/tasks/07-undo-feedback-decision.md

@@ -1,5 +1,12 @@
 # Task 07: Undo Feedback Decision with Esc Key
 
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
 ## Goal
 Enhance the user-approval dialog so that if the user opted to leave feedback (“No, enter feedback”) they can press `Esc` to cancel the feedback flow and return to the previous approval choice menu (e.g. “Yes, proceed” vs. “No, enter feedback”).
 
@@ -7,5 +14,13 @@ Enhance the user-approval dialog so that if the user opted to leave feedback (
 - While the feedback-entry textarea is active, pressing `Esc` closes the feedback editor and reopens the yes/no confirmation dialog.
 - The cancellation must restore the dialog state without losing any partially entered feedback text.
 
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
 ## Notes
 - Changes in `tui/src/bottom_pane/approval_modal_view.rs` and input handling in the approval modal.

agentydragon/tasks/08-set-shell-title.md

@@ -0,0 +1,37 @@
+# Task 08: Set Shell Title to Reflect Session Status
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Allow the CLI to update the terminal title bar to reflect the current session status—executing, thinking (sampling), idle, or waiting for approval decision—and persist the title with the session. Users should also be able to explicitly set a custom title.
+
+## Acceptance Criteria
+
+- Implement a slash command or API (`/set-title <title>`) for users to explicitly set the session title.
+- Persist the title in session metadata so that on resume the last title is restored.
+- Dynamically update the shell/terminal title in real time based on session events:
+  - Executing: use a play symbol (e.g. ▶)
+  - Thinking/sampling: use an hourglass or brain symbol (e.g. ⏳)
+  - Idle: use a green dot or sleep symbol (e.g. 🟢)
+  - Waiting for approval decision: use an attention-grabbing symbol (e.g. ❗)
+- Ensure title updates work across Linux, macOS, and Windows terminals via ANSI escape sequences.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Use ANSI escape code `\033]0;<title>\007` to set the terminal title.
+- Extend the session JSON schema to include a `title` field.
+- Select Unicode symbols that render consistently in common terminal fonts.

agentydragon/tasks/09-file-dir-level-approvals.md

@@ -0,0 +1,39 @@
+# Task 09: File- and Directory-Level Approvals
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Enable fine-grained approval controls so users can whitelist edits scoped to specific files or directories at runtime, with optional time limits.
+
+## Acceptance Criteria
+
+- In the approval dialog, offer “Allow this file always” and “Allow this directory always” options alongside proceed/deny.
+- Prompt for a time limit when granting a file/dir approval, with default presets (e.g. 5 min, 1 hr, 4 hr, 24 hr).
+- Introduce runtime commands to inspect and manage granular approvals:
+  - `/approvals list` to view active approvals and remaining time
+  - `/approvals add [file|dir] <path> [--duration <preset>]` to grant approval
+  - `/approvals remove <id>` to revoke an approval
+- Persist granular approvals in session metadata, keyed by working directory. On session resume in a different directory, warn the user and discard all file/dir approvals.
+- Automatically expire and remove approvals when their time limits elapse.
+- Reflect file/dir-approval state in the CLI shell prompt or title for quick visibility.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Store approvals with {id, scope: file|dir, path, expires_at} in session JSON.
+- Use a background timer or check-before-command to prune expired entries.
+- Reuse existing command-parsing infrastructure to implement `/approvals` subcommands.
+- Consider UI/UX for selecting presets in TUI dialogs.

agentydragon/tasks/10-inspect-container-state.md

@@ -0,0 +1,37 @@
+# Task 10: Inspect Container State (Mounts, Permissions, Network)
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Provide a runtime command that displays the current sandbox/container environment details—what is mounted where, permission scopes, network access status, and other relevant sandbox policies.
+
+## Acceptance Criteria
+
+- Implement a slash command or CLI subcommand (`/inspect-env` or `codex inspect-env`) that outputs:
+  - List of bind mounts (host path → container path, mode)
+  - File-system permission policies in effect
+  - Network sandbox status (restricted or allowed)
+  - Any additional sandbox rules or policy settings applied
+- Format the output in a human-readable table or tree view in the TUI and plaintext for logs.
+- Ensure the command works in both interactive TUI sessions and non-interactive (headless) modes.
+- Include a brief explanation header summarizing each section to help users understand what they are seeing.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Leverage existing sandbox policy data structures used at startup.
+- Reuse TUI table or tree components for formatting (e.g., tui-rs widgets).
+- Include clear labels for network status (e.g., `NETWORK: disabled` or `NETWORK: enabled`).

agentydragon/tasks/11-custom-approval-predicates.md

@@ -0,0 +1,41 @@
+# Task 11: User-Configurable Approval Predicates
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Allow users to plug in an external executable that makes approval decisions for shell commands based on session context.
+
+## Acceptance Criteria
+
+- Support a new `[[custom_approval_predicates]]` section in `config.toml`, each with an `executable = "..."` field.
+- Before prompting the user, invoke each configured predicate in order, passing the following (via CLI args or env vars):
+  - Session ID
+  - Container working directory (CWD)
+  - Host working directory (CWD)
+  - Candidate shell command string
+- The predicate must print exactly one of `allow`, `deny`, or `ask` on stdout:
+  - `allow`  → auto-approve and skip remaining predicates
+  - `deny`   → auto-reject and skip remaining predicates
+  - `ask`    → open the standard approval dialog and skip remaining predicates
+- If a predicate exits non-zero or outputs anything else, treat it as `ask` and continue to the next predicate.
+- Write unit and integration tests covering typical and edge-case predicate behavior.
+- Document configuration syntax and behavior in the top-level config docs (`config.md`).
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Consider passing context via environment variables (e.g. `CODEX_SESSION_ID`, `CODEX_CONTAINER_CWD`, `CODEX_HOST_CWD`, `CODEX_COMMAND`).
+- Reuse invocation logic from the auto-approval predicates feature (Task 02).

agentydragon/tasks/task-template.md

@@ -0,0 +1,28 @@
+# Task Template
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started / Started / Done / Cancelled  
+**Summary**: Brief summary of current status.
+
+## Goal
+
+Describe the objective of the task.
+
+## Acceptance Criteria
+
+List the measurable criteria for completion.
+
+## Implementation
+
+**How it was implemented**  
+Provide details on code modules, design decisions, and steps taken during implementation.
+
+**How it works**  
+Explain the runtime behavior and overall operation to help engineers understand the feature.
+
+## Notes
+
+Any additional notes or references.