refactor: drop legacy Codex approval support

extensions/codex/app-server/approval-bridge.test.ts

@@ -107,11 +107,17 @@ describe("Codex app-server approval bridge", () => {
   });
 
   it("maps app-server approval response families separately", () => {
-    expect(buildApprovalResponse("execCommandApproval", undefined, "approved-session")).toEqual({
-      decision: "approved_for_session",
+    expect(
+      buildApprovalResponse(
+        "item/commandExecution/requestApproval",
+        { availableDecisions: ["accept"] },
+        "approved-session",
+      ),
+    ).toEqual({
+      decision: "accept",
     });
-    expect(buildApprovalResponse("applyPatchApproval", undefined, "denied")).toEqual({
-      decision: "denied",
+    expect(buildApprovalResponse("item/fileChange/requestApproval", undefined, "denied")).toEqual({
+      decision: "decline",
     });
     expect(
       buildApprovalResponse(

extensions/codex/app-server/approval-bridge.ts

@@ -161,9 +161,6 @@ export function buildApprovalResponse(
     }
     return { permissions: {}, scope: "turn" };
   }
-  if (method === "execCommandApproval" || method === "applyPatchApproval") {
-    return { decision: legacyReviewDecision(outcome) };
-  }
   return {
     decision: outcome === "approved-once" || outcome === "approved-session" ? "accept" : "decline",
   };
@@ -290,16 +287,6 @@ function fileChangeApprovalDecision(outcome: AppServerApprovalOutcome): JsonValu
   return outcome === "approved-session" ? "acceptForSession" : "accept";
 }
 
-function legacyReviewDecision(outcome: AppServerApprovalOutcome): JsonValue {
-  if (outcome === "cancelled") {
-    return "abort";
-  }
-  if (outcome === "denied" || outcome === "unavailable") {
-    return "denied";
-  }
-  return outcome === "approved-session" ? "approved_for_session" : "approved";
-}
-
 function requestedPermissions(requestParams: JsonObject | undefined): JsonObject {
   const permissions = isJsonObject(requestParams?.permissions) ? requestParams.permissions : {};
   const granted: JsonObject = {};

extensions/codex/app-server/client.test.ts

@@ -123,23 +123,6 @@ describe("CodexAppServerClient", () => {
     });
   });
 
-  it("fails closed with legacy review decisions for legacy app-server approvals", async () => {
-    const harness = createClientHarness();
-    clients.push(harness.client);
-
-    harness.send({
-      id: "approval-legacy",
-      method: "execCommandApproval",
-      params: { conversationId: "thread-1", callId: "cmd-1", command: ["pnpm", "test"] },
-    });
-    await vi.waitFor(() => expect(harness.writes.length).toBe(1));
-
-    expect(JSON.parse(harness.writes[0] ?? "{}")).toEqual({
-      id: "approval-legacy",
-      result: { decision: "denied" },
-    });
-  });
-
   it("lists app-server models through the typed helper", async () => {
     const harness = createClientHarness();
     clients.push(harness.client);

extensions/codex/app-server/client.ts

@@ -336,9 +336,6 @@ export function defaultServerRequestResponse(
   ) {
     return { decision: "decline" };
   }
-  if (request.method === "execCommandApproval" || request.method === "applyPatchApproval") {
-    return { decision: "denied" };
-  }
   if (request.method === "item/permissions/requestApproval") {
     return { permissions: {}, scope: "turn" };
   }