[core] Allow Sites terms disclosure under never policy

[yansenzhou-oai]

Summary

• allow the exact host-owned, versioned ChatGPT Sites terms disclosure to remain interactive when AskForApproval::Never suppresses ordinary approval prompts
• continue suppressing generic connector authentication and granular policies with MCP elicitations disabled
• use terms-specific request and completion copy instead of describing this legal flow as authentication
• cover the policy boundary with focused unit tests and a full first-Sites-tool-call integration test

Why

The Codex desktop client pauses a personal user's first Sites tool invocation while it shows a versioned legal disclosure. Full Access maps to AskForApproval::Never, but that policy currently suppresses every connector elicitation. The exception must therefore be narrow enough to keep generic auth prompts disabled while allowing only the trusted Sites terms challenge.

Test plan

• just test -p codex-mcp auth_elicitation
• just test -p codex-core codex_apps_auth_elicitation
• just test -p codex-core sites
• just fix -p codex-mcp
• just fix -p codex-core
• just fmt

The broader codex-core crate run was also attempted earlier; the focused tests above passed, while unrelated sandbox and missing-test-binary cases in the broad run are not caused by this change.

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f8914b89b4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require a visible response before accepting Sites terms

For app-server clients with mcp_elicitations_auto_deny (Xcode 26.4), request_mcp_server_elicitation auto-returns Accept without an event. This Never path tells the model Sites terms were accepted without showing the disclosure; require sent before accepting. guidance

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Use terms-specific UI for Sites disclosure

For the TUI path, this new Sites case only changes the elicitation message, but AppLinkView::from_codex_apps_auth_url_parts still classifies every Codex Apps auth failure as Auth and hardcodes sign-in instructions/actions (app_link_view.rs shows “Sign in…” plus “Open sign-in URL” / “I already signed in”). When Sites publication terms are required under Never, users are prompted with a sign-in flow rather than terms-review copy, so add a terms-specific kind/metadata or route it through the external-action UI.

Useful? React with 👍 / 👎.