whitelist command prefix integration in core and tui (#7033)

this PR enables TUI to approve commands and add their prefixes to an allowlist: <img width="708" height="605" alt="Screenshot 2025-11-21 at 4 18 07 PM" src="https://github.com/user-attachments/assets/56a19893-4553-4770-a881-becf79eeda32" /> note: we only show the option to whitelist the command when 1) command is not multi-part (e.g `git add -A && git commit -m 'hello world'`) 2) command is not already matched by an existing rule
2026-04-27 16:15:09 +00:00 · 2025-12-04 02:17:02 -05:00
parent ccdeb9d9c4
commit e925a380dc
27 changed files with 733 additions and 155 deletions
--- a/codex-rs/protocol/src/protocol.rs
+++ b/codex-rs/protocol/src/protocol.rs
@@ -1649,14 +1649,16 @@ pub struct SessionConfiguredEvent {
 }

 /// User's decision in response to an ExecApprovalRequest.
-#[derive(
-    Debug, Default, Clone, Copy, Deserialize, Serialize, PartialEq, Eq, Display, JsonSchema, TS,
-)]
+#[derive(Debug, Default, Clone, Deserialize, Serialize, PartialEq, Eq, Display, JsonSchema, TS)]
 #[serde(rename_all = "snake_case")]
 pub enum ReviewDecision {
    /// User has approved this command and the agent should execute it.
    Approved,

+    /// User has approved this command and wants to add the command prefix to
+    /// the execpolicy allow list so future matching commands are permitted.
+    ApprovedAllowPrefix { allow_prefix: Vec<String> },
+
    /// User has approved this command and wants to automatically approve any
    /// future identical instances (`command` and `cwd` match exactly) for the
    /// remainder of the session.