feat: add guardian network approval trigger context

[viyatb-oai]

Summary

Give guardian network-access reviews the command context that triggered a managed-network approval. The prompt JSON now includes the originating tool call id, tool name, command argv, cwd, sandbox permissions, additional permissions, justification, and tty state when a single active tool call can be attributed.

The implementation keeps the trigger shape canonical by serializing GuardianNetworkAccessTrigger directly and lets each runtime build that trigger from its ToolCtx. Non-guardian approval prompts avoid cloning the full trigger payload.

UX changes

Guardian network-access reviews now include a trigger object that explains what command caused the network approval. Instead of seeing only the requested host, the guardian reviewer can also see the originating tool call, argv, working directory, sandbox mode, justification, and tty state.

Example payload the guardian reviewer can see:

{
  "tool": "network_access",
  "target": "https://api.github.com:443",
  "host": "api.github.com",
  "protocol": "https",
  "port": 443,
  "trigger": {
    "callId": "call_abc123",
    "toolName": "shell",
    "command": ["gh", "api", "/repos/openai/codex/pulls/18197"],
    "cwd": "/workspace/codex",
    "sandboxPermissions": "require_escalated",
    "justification": "Fetch PR metadata from GitHub.",
    "tty": false
  }
}

The network review itself remains scoped to the network decision: target_item_id stays null. trigger.callId is attribution context only, so clients can still distinguish network reviews from item-targeted command reviews.

Verification

• Added coverage for serializing network trigger context in guardian approval JSON.
• Added regression coverage that network guardian reviews do not reuse trigger.callId as target_item_id.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fa8f0f6996

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[dylan-hurd-oai]

couple small comments but overall looks reasonable