Make deny canonical for filesystem permission entries

[viyatb-oai]

Why

Filesystem permission profiles used none for deny-read entries, which is less direct than the action the entry actually represents. This change makes deny the canonical filesystem permission spelling while preserving compatibility for older configs that still send none.

What changed

• rename FileSystemAccessMode::None to Deny
• serialize and generate schemas with deny as the canonical value
• retain none only as a legacy input alias for temporary config compatibility
• update filesystem glob diagnostics and regression coverage to use the canonical spelling
• refresh config and app-server schema fixtures to match the new wire shape

Validation

• cargo test -p codex-protocol
• cargo test -p codex-app-server-protocol
• cargo test -p codex-core config_toml_deserializes_permission_profiles --lib
• cargo test -p codex-core read_write_glob_patterns_still_reject_non_subpath_globs --lib

Earlier in the session, a broad cargo test -p codex-core run reached unrelated pre-existing failures in timing/snapshot/git-info tests under this environment; the targeted surfaces touched by this PR passed cleanly.

[bolinfest]

Here too.

[viyatb-oai]

Done in 12f9df1. This message now uses only deny.

[bolinfest]

Here too.

[viyatb-oai]

Done in 12f9df1. The expected error string now uses only deny.

[bolinfest]

This codegen seems a bit unfortunate...

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 12f9df1292

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve none alias in v2 filesystem access

When an app-server client built against the previous v2 schema replies to item/permissions/requestApproval (or sends an experimental additional-permissions payload) with an entry whose access is still "none", this v2 enum now rejects the JSON before it can be converted to the core type that still has #[serde(alias = "none")]. Since the prior generated TypeScript exposed "none" as the valid value, mixed-version clients will fail permission approvals involving deny-read entries unless this wrapper enum also accepts the legacy alias on Deny.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Allow legacy none in the config schema

For users who still have existing config.toml permission profiles with "none", the Rust deserializer accepts them via the new alias, but the generated config.schema.json no longer does, so schema-based validation/editors will mark otherwise supported configs as invalid. If none is intentionally retained as a temporary compatibility input, this enum should include the legacy value (or another schema allowance) alongside canonical deny.

Useful? React with 👍 / 👎.

[bolinfest]

Once we drop support for the legacy alias, hopefully the codegen will be cleaned up!