add session and always permission scopes for command execution

Session-scoped permissions are stored in the run log and rebuilt by
the state-builder, scoping them to a single run. Always-scoped
permissions persist to security.json. The backend derives command
names from the run log instead of receiving them from the frontend.
Uses regex-based command parsing with subshell/parenthesis support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/x/packages/shared/src/runs.ts

@@ -73,6 +73,7 @@ export const ToolPermissionResponseEvent = BaseRunEvent.extend({
     type: z.literal("tool-permission-response"),
     toolCallId: z.string(),
     response: z.enum(["approve", "deny"]),
+    scope: z.enum(["once", "session", "always"]).optional(),
 });
 
 export const RunErrorEvent = BaseRunEvent.extend({
@@ -106,6 +107,7 @@ export const ToolPermissionAuthorizePayload = ToolPermissionResponseEvent.pick({
     subflow: true,
     toolCallId: true,
     response: true,
+    scope: true,
 });
 
 export const AskHumanResponsePayload = AskHumanResponseEvent.pick({