[codex] Add Aliyun API permission audit

[guima-why]

Summary

This PR adds explicit permission management for the generic aliyun_api tool and records permission decisions to a local audit log. The core behavior now separates read-only Alibaba Cloud API calls from calls that may modify cloud resources, and protected write APIs require deliberate authorization instead of being covered by a bare tool allow rule.

It also updates the public website documentation and all current website locales (de, es, fr, ja, pt, zh-Hans) so users can see the new permission and audit behavior in published docs.

Feature Details

Aliyun API read/write permission model

• aliyun_api now classifies API calls as read-only or non-read-only before execution.
• Read-only Alibaba Cloud API actions are allowed automatically.
• Non-read-only Alibaba Cloud API actions require explicit approval or an exact trusted rule such as aliyun_api(ros:CreateStack).
• A bare aliyun_api allow rule no longer blanket-approves Alibaba Cloud write APIs.
• bypass_permissions now matches the broader tool bypass behavior for aliyun_api: it auto-approves protected Alibaba Cloud write APIs, while still requiring each protected write approval to be persisted to the permission audit log before execution.
• RPC-style write API persistent allow rules must match the exact canonical product:action pair.
• ROA-style requests are read-only only when the method is GET and there is no request body.
• Non-read-only ROA requests require one-time approval and do not offer persistent allow-rule suggestions, because product/action alone may not uniquely identify the operation shape.
• Malformed or unsafe Alibaba Cloud operation identifiers fail closed rather than being treated as trusted read operations.

Permission audit log

• Adds a structured JSONL permission audit log at <log-dir>/permission-audit.jsonl.
• By default, <log-dir> resolves to ~/.iac-code/logs/, unless overridden with IAC_CODE_LOG_DIR.
• Audit writes are append-based, file-locked, rotated, and protected with private local file permissions where supported by the OS.
• Protected Alibaba Cloud write approvals fail closed if the audit record cannot be persisted.
• Audit records use safe operation metadata and redact sensitive tool input by default.
• Unsafe or malformed action/region/product values are represented by fingerprints instead of raw strings.
• New settings under permissions.audit:
  • include_tool_input: include redacted tool input in audit records.
  • max_file_bytes: rotate the audit log at the configured size.
  • max_files: keep a bounded number of rotated audit files.
• Adds IAC_CODE_PERMISSION_AUDIT_INCLUDE_TOOL_INPUT as an environment override for including redacted tool input.

Runtime coverage

The new permission and audit behavior is wired through:

• normal interactive REPL permission prompts and cached decisions
• shell escape auditing
• headless/non-interactive permission decisions
• ACP permission callbacks and prompt summaries
• A2A stream permission metadata and resolver decisions
• A2A pipeline permission handling
• pipeline mode in the REPL
• AgentTool permission execution paths

A2A and ACP behavior

• ACP permission prompts now expose safer summaries for aliyun_api and preserve redacted decision-critical input for other tools.
• A2A permission metadata now includes safe permission summaries and aliyun_api input summaries.
• A2A auto-approve-permissions records permission decisions to the audit log.
• A2A does not blanket-approve protected Alibaba Cloud write APIs merely because auto-approve-permissions is enabled; use exact aliyun_api(product:action) allow rules or a resolver decision for trusted automation.
• Persistence failures for protected Alibaba Cloud write approvals are surfaced as persistence_failure audit decisions.

Documentation and i18n

• Updates website permission docs for permissions.audit, audit log location, rotation settings, and the aliyun_api(product:action) rule syntax.
• Clarifies that bypass_permissions auto-approves protected Alibaba Cloud write APIs only when the approval audit record is successfully persisted, while a bare aliyun_api allow rule still does not blanket-approve writes.
• Updates ACP and A2A protocol docs for per-API approval, safe permission metadata, and audit behavior.
• Adds real translations for all changed website docs in German, Spanish, French, Japanese, Portuguese, and Simplified Chinese.

User Impact

Users get a safer default for direct Alibaba Cloud API calls: read-only inspection remains smooth, while resource-changing API calls require deliberate authorization or an explicit trusted bypass mode. Teams also get a durable local audit trail for permission decisions, which helps explain who approved what and why when automation or interactive sessions perform sensitive cloud operations.

Validation

• uv run pytest tests/services/permissions/test_pipeline.py::TestPipeline::test_aliyun_api_bypass_mode_allows_write_with_audit tests/services/permissions/test_pipeline.py::TestPipeline::test_aliyun_api_bypass_mode_preserves_explicit_write_rule_audit tests/agent/test_permission_audit_integration.py::test_agent_loop_aliyun_bypass_mode_allows_write_with_audit tests/agent/test_permission_audit_integration.py::test_agent_loop_aliyun_bypass_mode_denies_write_when_audit_fails -q — 4 passed
• uv run pytest tests/services/permissions/test_pipeline.py tests/agent/test_permission_audit_integration.py tests/cli/test_headless_permission_audit.py tests/a2a/test_permission_audit.py tests/a2a/test_pipeline_stream.py::test_publish_direct_auto_approve_denies_untrusted_aliyun_write -q — 69 passed
• uv run pytest tests/acp/test_permission_audit.py tests/acp/test_permission_rules.py -q — 26 passed
• make test — 7183 passed, 268 warnings
• make lint — ruff and ty checks passed
• cd website && npm test — 6 passed
• cd website && npm run typecheck — TypeScript check passed
• cd website && npm run build — Docusaurus build passed for en, zh-Hans, ja, fr, de, es, and pt
• git diff --check — passed