feat(core): add structured network approval plumbing and policy decision model (#11672)

### Description #### Summary Introduces the core plumbing required for structured network approvals #### What changed - Added structured network policy decision modeling in core. - Added approval payload/context types needed for network approval semantics. - Wired shell/unified-exec runtime plumbing to consume structured decisions. - Updated related core error/event surfaces for structured handling. - Updated protocol plumbing used by core approval flow. - Included small CLI debug sandbox compatibility updates needed by this layer. #### Why establishes the minimal backend foundation for network approvals without yet changing high-level orchestration or TUI behavior. #### Notes - Behavior remains constrained by existing requirements/config gating. - Follow-up PRs in the stack handle orchestration, UX, and app-server integration. --------- Co-authored-by: Codex <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
2026-05-03 02:46:39 +00:00 · 2026-02-13 20:18:12 -08:00
parent 854e91e422
commit b527ee2890
47 changed files with 1874 additions and 176 deletions
--- a/codex-rs/tui/src/chatwidget/tests.rs
+++ b/codex-rs/tui/src/chatwidget/tests.rs
@@ -2476,6 +2476,7 @@ async fn exec_approval_emits_proposed_command_and_decision_history() {
        reason: Some(
            "this is a test reason such as one that would be produced by the model".into(),
        ),
+        network_approval_context: None,
        proposed_execpolicy_amendment: None,
        parsed_cmd: vec![],
    };
@@ -2520,6 +2521,7 @@ async fn exec_approval_decision_truncates_multiline_and_long_commands() {
        reason: Some(
            "this is a test reason such as one that would be produced by the model".into(),
        ),
+        network_approval_context: None,
        proposed_execpolicy_amendment: None,
        parsed_cmd: vec![],
    };
@@ -2570,6 +2572,7 @@ async fn exec_approval_decision_truncates_multiline_and_long_commands() {
        command: vec!["bash".into(), "-lc".into(), long],
        cwd: std::env::current_dir().unwrap_or_else(|_| PathBuf::from(".")),
        reason: None,
+        network_approval_context: None,
        proposed_execpolicy_amendment: None,
        parsed_cmd: vec![],
    };
@@ -5450,6 +5453,7 @@ async fn approval_modal_exec_snapshot() -> anyhow::Result<()> {
        reason: Some(
            "this is a test reason such as one that would be produced by the model".into(),
        ),
+        network_approval_context: None,
        proposed_execpolicy_amendment: Some(ExecPolicyAmendment::new(vec![
            "echo".into(),
            "hello".into(),
@@ -5506,6 +5510,7 @@ async fn approval_modal_exec_without_reason_snapshot() -> anyhow::Result<()> {
        command: vec!["bash".into(), "-lc".into(), "echo hello world".into()],
        cwd: std::env::current_dir().unwrap_or_else(|_| PathBuf::from(".")),
        reason: None,
+        network_approval_context: None,
        proposed_execpolicy_amendment: Some(ExecPolicyAmendment::new(vec![
            "echo".into(),
            "hello".into(),
@@ -5553,6 +5558,7 @@ async fn approval_modal_exec_multiline_prefix_hides_execpolicy_option_snapshot()
        command: command.clone(),
        cwd: std::env::current_dir().unwrap_or_else(|_| PathBuf::from(".")),
        reason: None,
+        network_approval_context: None,
        proposed_execpolicy_amendment: Some(ExecPolicyAmendment::new(command)),
        parsed_cmd: vec![],
    };
@@ -5912,6 +5918,7 @@ async fn status_widget_and_approval_modal_snapshot() {
        reason: Some(
            "this is a test reason such as one that would be produced by the model".into(),
        ),
+        network_approval_context: None,
        proposed_execpolicy_amendment: Some(ExecPolicyAmendment::new(vec![
            "echo".into(),
            "hello world".into(),