feat(zsh-fork): update patch to support command origins

[owenlin0]

Summary

Update the zsh patch to support associating commands by origin, plus a reproducible local build script.

This PR is intentionally scoped to artifact/tooling only:

• updates the vendored zsh patch used by Codex (zsh-exec-wrapper.patch)
• adds a build-patched-zsh.sh to build that patched zsh at a pinned upstream commit (found this helpful when developing locally)

Motivation

To support zsh-based execve interception, we need to figure out whether commands were run as part of startup scripts or whether they were actually model-generated commands.

What’s in this PR

1) Patch update for zsh exec wrapper support
Key additions in the patch:

• [existing] hooks EXEC_WRAPPER handling in zsh exec path
• [new] forwards wrapper origin metadata via env (CODEX_ZSH_EXEC_BRIDGE_WRAPPER_ORIGIN)
• [new] introduces origin categories to distinguish user command vs startup contexts
• [new] tags startup script execution paths with origin markers (login/rc startup) and restores defaults after sourcing

This allows us to skip approvals when running startup scripts (i.e. ~/.zlogin, etc. ) while still intercepting model-generated subcommand execs.

2) Build helper for patched zsh
Script behavior:

• checks out pinned upstream zsh commit
• applies zsh-exec-wrapper.patch
• builds/install binaries to configurable prefix
• supports common overrides (CODEX_REPO, ZSH_SRC_DIR, INSTALL_PREFIX, JOBS, etc.)
• prints post-build smoke-check commands

This provides a repeatable local flow for producing the patched zsh binary. Found this helpful when developing locally.

[owenlin0]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4784ac20bf

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Honor ZSH_REMOTE when fetching existing clones

The script advertises ZSH_REMOTE as an override, but the fetch step is hardcoded to origin. If ZSH_SRC_DIR already exists and origin points elsewhere (or lacks the pinned commit), the build fails or fetches from the wrong upstream. This makes the documented override ineffective for common existing-clone workflows.

Useful? React with 👍 / 👎.

[owenlin0]

discussed with @nornagon-openai offline, will close for now and let execve trigger whenever it's triggered, and rely on execpolicy approvals and persistence to shore things up. much safer to do it this way.

there could be a followup here though if users get confused in a scenario like this:

• command is zsh -lc 'git status && make test', and then get an approval request for source ~/.nvmrc without knowledge that it's coming from ~/.zshrc or something