second pass at tui integration

codex-rs/app-server/src/bespoke_event_handling.rs

@@ -153,6 +153,7 @@ pub(crate) async fn apply_bespoke_event_handling(
             cwd,
             reason,
             risk,
+            allow_prefix: _allow_prefix,
             parsed_cmd,
         }) => match api_version {
             ApiVersion::V1 => {
@@ -610,6 +611,7 @@ async fn on_exec_approval_response(
         .submit(Op::ExecApproval {
             id: event_id,
             decision: response.decision,
+            allow_prefix: None,
         })
         .await
     {
@@ -783,6 +785,7 @@ async fn on_command_execution_request_approval_response(
         .submit(Op::ExecApproval {
             id: event_id,
             decision,
+            allow_prefix: None,
         })
         .await
     {

codex-rs/core/src/codex.rs

@@ -845,11 +845,43 @@ impl Session {
         .await
     }
 
+    pub(crate) async fn persist_command_allow_prefix(
+        &self,
+        prefix: &[String],
+    ) -> Result<(), crate::exec_policy::ExecPolicyUpdateError> {
+        let (features, codex_home) = {
+            let state = self.state.lock().await;
+            (
+                state.session_configuration.features.clone(),
+                state
+                    .session_configuration
+                    .original_config_do_not_use
+                    .codex_home
+                    .clone(),
+            )
+        };
+
+        let policy =
+            crate::exec_policy::append_allow_prefix_rule_and_reload(&features, &codex_home, prefix)
+                .await?;
+
+        let mut state = self.state.lock().await;
+        state.session_configuration.exec_policy = policy;
+
+        Ok(())
+    }
+
+    pub(crate) async fn current_exec_policy(&self) -> Arc<ExecPolicy> {
+        let state = self.state.lock().await;
+        state.session_configuration.exec_policy.clone()
+    }
+
     /// Emit an exec approval request event and await the user's decision.
     ///
     /// The request is keyed by `sub_id`/`call_id` so matching responses are delivered
     /// to the correct in-flight turn. If the task is aborted, this returns the
     /// default `ReviewDecision` (`Denied`).
+    #[allow(clippy::too_many_arguments)]
     pub async fn request_command_approval(
         &self,
         turn_context: &TurnContext,
@@ -858,6 +890,7 @@ impl Session {
         cwd: PathBuf,
         reason: Option<String>,
         risk: Option<SandboxCommandAssessment>,
+        allow_prefix: Option<Vec<String>>,
     ) -> ReviewDecision {
         let sub_id = turn_context.sub_id.clone();
         // Add the tx_approve callback to the map before sending the request.
@@ -885,6 +918,7 @@ impl Session {
             cwd,
             reason,
             risk,
+            allow_prefix,
             parsed_cmd,
         });
         self.send_event(turn_context, event).await;
@@ -1383,8 +1417,12 @@ async fn submission_loop(sess: Arc<Session>, config: Arc<Config>, rx_sub: Receiv
                 handlers::user_input_or_turn(&sess, sub.id.clone(), sub.op, &mut previous_context)
                     .await;
             }
-            Op::ExecApproval { id, decision } => {
-                handlers::exec_approval(&sess, id, decision).await;
+            Op::ExecApproval {
+                id,
+                decision,
+                allow_prefix,
+            } => {
+                handlers::exec_approval(&sess, id, decision, allow_prefix).await;
             }
             Op::PatchApproval { id, decision } => {
                 handlers::patch_approval(&sess, id, decision).await;
@@ -1453,6 +1491,7 @@ mod handlers {
     use codex_protocol::protocol::ReviewDecision;
     use codex_protocol::protocol::ReviewRequest;
     use codex_protocol::protocol::TurnAbortReason;
+    use codex_protocol::protocol::WarningEvent;
 
     use codex_protocol::user_input::UserInput;
     use std::sync::Arc;
@@ -1538,7 +1577,28 @@ mod handlers {
         *previous_context = Some(turn_context);
     }
 
-    pub async fn exec_approval(sess: &Arc<Session>, id: String, decision: ReviewDecision) {
+    pub async fn exec_approval(
+        sess: &Arc<Session>,
+        id: String,
+        decision: ReviewDecision,
+        allow_prefix: Option<Vec<String>>,
+    ) {
+        if let Some(prefix) = allow_prefix
+            && matches!(
+                decision,
+                ReviewDecision::Approved | ReviewDecision::ApprovedForSession
+            )
+            && let Err(err) = sess.persist_command_allow_prefix(&prefix).await
+        {
+            let message = format!("Failed to update execpolicy allow list: {err}");
+            tracing::warn!("{message}");
+            let warning = EventMsg::Warning(WarningEvent { message });
+            sess.send_event_raw(Event {
+                id: id.clone(),
+                msg: warning,
+            })
+            .await;
+        }
         match decision {
             ReviewDecision::Abort => {
                 sess.interrupt_task().await;

codex-rs/core/src/codex_delegate.rs

@@ -235,6 +235,7 @@ async fn handle_exec_approval(
         event.cwd,
         event.reason,
         event.risk,
+        event.allow_prefix,
     );
     let decision = await_approval_with_cancel(
         approval_fut,
@@ -244,7 +245,13 @@ async fn handle_exec_approval(
     )
     .await;
 
-    let _ = codex.submit(Op::ExecApproval { id, decision }).await;
+    let _ = codex
+        .submit(Op::ExecApproval {
+            id,
+            decision,
+            allow_prefix: None,
+        })
+        .await;
 }
 
 /// Handle an ApplyPatchApprovalRequest by consulting the parent session and replying.