Respect explicit untrusted project config

[etraut-openai]

Why

Fixes #18475. A -c override such as projects.<cwd>.trust_level = "untrusted" is meant to be a runtime config override, but app-server thread startup treated any non-trusted project as eligible for automatic trust persistence when a permissive sandbox/cwd was requested. That meant an explicit untrusted session override could still cause config.toml to be updated with trusted.

What changed

The app-server auto-trust path now runs only when the active project trust level is unknown. Explicit trusted and explicit untrusted values are both respected, regardless of whether they came from persisted config or session flags.

A focused thread/start test now covers the explicit untrusted case with a permissive sandbox request.

Verification

• cargo test -p codex-app-server
• just fix -p codex-app-server

[bolinfest]

Is there an easy way to cover this with a test so we don't regress it?

[etraut-openai]

[codex] Added a focused thread_start_preserves_untrusted_project_trust test covering explicit untrusted project trust with a WorkspaceWrite thread start. cargo test -p codex-app-server passed locally.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 43d355fce8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[vieira]

@etraut-openai @bolinfest Is there anything I (OP of #18475) can do to help move this forward?

[etraut-openai]

@vieira, thanks for the ping. I've been really busy the last few days, and this dropped off the radar. Working on it now.