feat: pass through codex permission config

[Disaster-Terminator]

Summary

• pass Codex native permission options through from [projects.agent.options]
• map approval_policy, approvals_reviewer, and sandbox_mode for both codex exec and codex app-server
• document the new Codex options in the example config and usage docs

Details

• exec keeps existing mode flags unless approval_policy or sandbox_mode is explicitly set.
• When one permission axis is overridden, cc-connect expands the selected Codex mode into native config values first, then applies the explicit override so the other axis is preserved.
• approvals_reviewer can be used by itself and supports both auto_review and legacy guardian_subagent values.
• app-server sessions pass the same options at process startup and through thread/turn RPC params.
• approvalPolicy and thread sandbox use the Codex app-server schema values (on-request, untrusted, workspace-write, etc.); turn sandboxPolicy is mapped to the structured app-server policy shape.

Review follow-up

• added hermetic fake codex setup for the New() options test
• centralized permission override merging through a shared effectiveForMode helper used by exec and app-server paths
• added app-server partial override tests for sandbox-only, approval-only, and reviewer-only cases
• documented the app-server sandbox vs sandboxPolicy.type spelling difference in code
• tightened docs so only approval_policy is described as forwarding additional Codex-supported values; sandbox_mode is documented as limited to the three mapped values

Validation

• WSL/Linux: go test ./agent/codex -count=1
• WSL/Linux: go test ./config -run "TestSaveProjectSettings_ExtraFields|TestSaveActiveProvider_PreservesCommentsAndUnknownFields|TestSaveAgentModel_PreservesCommentsAndUnknownFields" -count=1
• Windows: go test ./agent/codex -run "Test(WorkspaceAgentOptions|CodexPermission|CodexNewPreservesNativePermissionOptions|BuildExecArgs|AppServer)" -count=1
• git diff --check
• smoke tested codex app-server -c approval_policy=... -c approvals_reviewer=... -c sandbox_mode=... --listen stdio:// initialize on Windows with Codex CLI 0.125.0-alpha.3
• smoke tested real thread/start with approvalPolicy="untrusted" and sandbox="workspace-write"; app-server accepted the params and returned approvalPolicy="untrusted" plus a workspaceWrite sandbox policy

[Copilot]

Pull request overview

Adds support for passing through Codex native permission configuration from [projects.agent.options] to both codex exec and codex app-server, including partial overrides that preserve the non-overridden permission axis from the selected mode.

Changes:

• Parse and carry approval_policy, approvals_reviewer, and sandbox_mode through Codex agent/session lifecycles.
• Apply shared “effective permission” merging (mode defaults + explicit overrides) for exec/app-server RPC params and app-server startup flags.
• Add unit tests for full/partial override behavior and document the new options in usage docs and example config.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
docs/usage.zh-CN.md	Documents Codex native permission override keys and partial-override behavior (ZH-CN).
docs/usage.md	Documents Codex native permission override keys and partial-override behavior (EN).
config.example.toml	Adds commented examples and caveats for the new Codex permission override keys.
agent/codex/session_test.go	Adds tests for parsing/roundtripping options and for exec arg construction under full/partial overrides.
agent/codex/session.go	Routes exec permission handling through a helper that switches between mode flags vs native -c config args.
agent/codex/codex.go	Introduces codexPermissionOverrides, parses options, propagates them into sessions, and includes them in workspace options.
agent/codex/appserver_session_test.go	Adds tests for app-server startup args and thread/turn RPC params under full/partial overrides, including sandbox_mode validation.
agent/codex/appserver_session.go	Passes native -c args to app-server startup and maps thread/turn RPC permission params (including sandboxPolicy mapping).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chenhg5]

Review Summary

Clean, well-structured feature for passing Codex native permission settings through cc-connect config. Both exec and app-server paths updated consistently.

---

✅ Good:

• codexPermissionOverrides struct cleanly encapsulates the three permission axes (approval_policy, approvals_reviewer, sandbox_mode)
• effectiveForMode() correctly composes user overrides on top of mode defaults — partial overrides work correctly
• appendPermissionArgs preserves backward compat: when no permission override is set, falls back to existing --full-auto / --dangerously-bypass flags
• appServerSandboxPolicy translates config strings to app-server structured types (read-only → readOnly, etc.)
• Error handling: unknown sandbox_mode returns descriptive error
• Comprehensive tests: 7+ test functions covering full overrides, partial overrides, thread params, turn params, error cases
• Config, example TOML, and docs updated
• WorkspaceAgentOptions propagates permissions to workspace agents

---

LGTM. Architecture sound, comprehensive tests, CI green.