fix(tui): render network approval history by target

[fcoury-oai]

Why

Network approval prompts are rendered without a command string on the app-server path. After the user approves one of those prompts, the TUI history cell previously fell back to command-oriented copy and produced malformed lines such as:

You approved codex to run  every time this session

That hid the network target the user actually approved and left a visibly broken transcript entry.

What changed

• Preserve the approval subject as either a command or a network target when recording TUI approval decisions.
• Render target-aware history copy for network approval outcomes:
  • approve once
  • approve for the current session
  • cancel
• Include the approval protocol and preserve the managed-proxy network-access target when present, including non-default ports such as https://example.com:8443.
• Fall back to formatting the network approval context as protocol://host when no generated target command is available.
• Keep ordinary command approval history, Guardian approval history, and persisted network-rule history behavior unchanged.
• Add focused regression coverage and snapshots for the three network-history cases.

How to Test

1. Start Codex in a flow that triggers a network approval prompt.
2. Approve network access only for the current conversation.
3. Confirm the transcript records the approved network target, for example:
   • You approved codex network access to https://example.com:8443 every time this session
4. Trigger the prompt again and verify the one-time approval and cancel paths also record target-specific history text instead of an empty command gap.

Targeted automated coverage:

• cargo test -p codex-tui network_exec_approval_history

Additional verification

• cargo insta pending-snapshots
• git diff --check
• just fix -p codex-tui
• just argument-comment-lint

Known unrelated local test noise

A full cargo test -p codex-tui run still hits a pre-existing stack overflow outside this change:

• tests::fork_last_filters_latest_session_by_cwd_unless_show_all aborts with a stack overflow

[canvrno-oai]

When testing this, the action being performed is not rendered in the message following my approval. Examples:

✔ You approved codex to run this time

✔ You approved codex to run every time this session

[fcoury-oai]

When testing this, the action being performed is not rendered in the message following my approval. Examples:

✔ You approved codex to run this time

✔ You approved codex to run every time this session

Thanks for catching this. I found a fallback path where the approval history could still render an empty command subject, which produced the run this time / run every time this session messages.

Pushed d3797e1 to handle that case by rendering a generic this request fallback instead of a blank action, and by recognizing network-access <target> as a network approval target even when structured network context is missing.

Would you mind doing another pass at your convenience? Thx again.

[canvrno-oai]

Tested with the latest changes, looks good!