Add approval allow-prefix flow in core and tui

codex-rs/app-server/src/bespoke_event_handling.rs

@@ -950,6 +950,7 @@ async fn on_exec_approval_response(
         .submit(Op::ExecApproval {
             id: event_turn_id,
             decision: response.decision,
+            allow_prefix: None,
         })
         .await
     {
@@ -1154,6 +1155,7 @@ async fn on_command_execution_request_approval_response(
         .submit(Op::ExecApproval {
             id: event_turn_id,
             decision,
+            allow_prefix: None,
         })
         .await
     {

codex-rs/core/src/codex_delegate.rs

@@ -285,7 +285,13 @@ async fn handle_exec_approval(
     )
     .await;
 
-    let _ = codex.submit(Op::ExecApproval { id, decision }).await;
+    let _ = codex
+        .submit(Op::ExecApproval {
+            id,
+            decision,
+            allow_prefix: None,
+        })
+        .await;
 }
 
 /// Handle an ApplyPatchApprovalRequest by consulting the parent session and replying.

codex-rs/core/tests/suite/codex_delegate.rs

@@ -95,6 +95,7 @@ async fn codex_delegate_forwards_exec_approval_and_proceeds_on_approval() {
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::Approved,
+            allow_prefix: None,
         })
         .await
         .expect("submit exec approval");

codex-rs/core/tests/suite/otel.rs

@@ -843,6 +843,7 @@ async fn handle_container_exec_user_approved_records_tool_decision() {
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::Approved,
+            allow_prefix: None,
         })
         .await
         .unwrap();
@@ -901,6 +902,7 @@ async fn handle_container_exec_user_approved_for_session_records_tool_decision()
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::ApprovedForSession,
+            allow_prefix: None,
         })
         .await
         .unwrap();
@@ -959,6 +961,7 @@ async fn handle_sandbox_error_user_approves_retry_records_tool_decision() {
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::Approved,
+            allow_prefix: None,
         })
         .await
         .unwrap();
@@ -1017,6 +1020,7 @@ async fn handle_container_exec_user_denies_records_tool_decision() {
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::Denied,
+            allow_prefix: None,
         })
         .await
         .unwrap();
@@ -1075,6 +1079,7 @@ async fn handle_sandbox_error_user_approves_for_session_records_tool_decision()
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::ApprovedForSession,
+            allow_prefix: None,
         })
         .await
         .unwrap();
@@ -1134,6 +1139,7 @@ async fn handle_sandbox_error_user_denies_records_tool_decision() {
         .submit(Op::ExecApproval {
             id: "0".into(),
             decision: ReviewDecision::Denied,
+            allow_prefix: None,
         })
         .await
         .unwrap();

codex-rs/mcp-server/src/exec_approval.rs

@@ -150,6 +150,7 @@ async fn on_exec_approval_response(
         .submit(Op::ExecApproval {
             id: event_id,
             decision: response.decision,
+            allow_prefix: None,
         })
         .await
     {

codex-rs/protocol/src/protocol.rs

@@ -146,6 +146,9 @@ pub enum Op {
         id: String,
         /// The user's decision in response to the request.
         decision: ReviewDecision,
+        /// When set, persist this prefix to the execpolicy allow list.
+        #[serde(default, skip_serializing_if = "Option::is_none")]
+        allow_prefix: Option<Vec<String>>,
     },
 
     /// Approve a code patch