codex approvals (#993)

* codex approvals

* send deny feedback

* Normalize user-feedback

* use tool call id to match normalized_entry

* store approvals in executor

* add noop approval for api consistency

---------

Co-authored-by: Gabriel Gordon-Hall <ggordonhall@gmail.com>

shared/schemas/codex.json

@@ -25,6 +25,38 @@
         null
       ]
     },
+    "ask_for_approval": {
+      "anyOf": [
+        {
+          "description": "Determines when the user is consulted to approve Codex actions.",
+          "oneOf": [
+            {
+              "description": "Read-only commands are auto-approved. Everything else will ask the user to approve.",
+              "type": "string",
+              "const": "unless-trusted"
+            },
+            {
+              "description": "All commands run in a restricted sandbox initially.\nIf the command fails, the user is asked to approve execution without the sandbox.",
+              "type": "string",
+              "const": "on-failure"
+            },
+            {
+              "description": "The model decides when to ask the user for approval.",
+              "type": "string",
+              "const": "on-request"
+            },
+            {
+              "description": "Never ask the user to approve commands. Commands that fail in the restricted sandbox will not be retried.",
+              "type": "string",
+              "const": "never"
+            }
+          ]
+        },
+        {
+          "type": "null"
+        }
+      ]
+    },
     "oss": {
       "type": [
         "boolean",