fix(security): harden allow-always wrapper persistence

docs/tools/exec-approvals.md

@@ -161,6 +161,9 @@ On macOS companion-app approvals, raw shell text containing shell control or exp
 the shell binary itself is allowlisted.
 For shell wrappers (`bash|sh|zsh ... -c/-lc`), request-scoped env overrides are reduced to a
 small explicit allowlist (`TERM`, `LANG`, `LC_*`, `COLORTERM`, `NO_COLOR`, `FORCE_COLOR`).
+For allow-always decisions in allowlist mode, known dispatch wrappers
+(`env`, `nice`, `nohup`, `stdbuf`, `timeout`) persist inner executable paths instead of wrapper
+paths. If a wrapper cannot be safely unwrapped, no allowlist entry is persisted automatically.
 
 Default safe bins: `jq`, `cut`, `uniq`, `head`, `tail`, `tr`, `wc`.