Cleanup: gut singular exec.approval.* stranded surface (#2606 follow-up)

[alexey-pelykh]

Background

#2606 (closed via PR #2609) audited the singular exec.approval.* (request/decision/resolve) subsystem and confirmed the wire-path is broken: gateway handlers were deleted in two stages (PR #70/#71 stubbed empty; PR #2375 deleted the stubs), but the protocol surface and 4 live callers survive. Every caller currently receives INVALID_REQUEST: unknown method from the gateway.

The audit deferred the cleanup-vs-restore decision. Decision: CLEANUP. The macOS-mediated singular exec.approval.* path is not being restored. A future channel-mediated approach for node-host exec approvals (sister surface to the AgentRuntime tool-approval routing being scoped separately) will be designed when needed; not part of this work.

Audit reference: docs/refactor/exec-approval-singular-audit-2606.md in this repo (from PR #2609).

Acceptance criteria

Delete stranded callers

For each of these, either delete the caller entirely or replace its approval-requiring path with a clear failure response (no silent breakage):

• src/agents/tools/nodes-tool.ts:550 — callGatewayTool("exec.approval.request", ...) invoked when node.invoke for system.run returns SYSTEM_RUN_DENIED: approval required. Without the gateway handler, this currently throws unknown method. Decide between: keep the SYSTEM_RUN_DENIED path but return a clear "approval required; not currently supported" error to the agent, OR delete the entire approval-request branch
• src/cli/nodes-cli/register.invoke.ts:247 — same pattern, CLI side
• app.ts:467 (web UI) — same pattern, browser side
• apps/macos/Sources/RemoteClaw/GatewayConnection.swift:91 — macOS app's exec.approval.* subscription (would receive unknown method). Either delete the subscription or document as "subscription preserved for future restoration; currently inactive"

Delete protocol declarations

• src/gateway/method-scopes.ts:33-35 — remove exec.approval.request, exec.approval.waitDecision, exec.approval.resolve declarations
• src/gateway/protocol/schema/protocol-schemas.ts:265-266 — remove ExecApprovalRequestParams and ExecApprovalResolveParams registrations
• src/gateway/protocol/schema/exec-approvals.ts — delete the request/decision/resolve schema definitions

Do NOT touch the plural exec.approvals.* (policy/storage) subsystem — exec.approvals.node.get etc. are in active use (e.g. register.invoke.ts:198). Out of scope.

Documentation

• Add an "ICED" banner at the top of docs/concepts/exec-approvals-architecture.md:

  ⚠️ ICED 2026-04-27 — The architecture described here is not currently implemented. The gateway handlers for exec.approval.{request,waitDecision,resolve} were deleted by PR gut: delete 8 zero-caller EXCLUDE-STUB files in src/gateway/ #2375; the macOS-mediated path is broken (verified by Audit: exec-approvals request/decision/resolve subsystem registration survives a gut — wire-path or unregister #2606 audit). RemoteClaw is committing to a future channel-mediated approval surface for node-host exec (sister to the AgentRuntime tool-approval routing being designed separately); this doc is preserved for historical context only and will be replaced when the new approach ships.

  Keep the rest of the doc intact for historical context.

• Update docs/concepts/middleware-architecture.md § "The Middleware Boundary Principle" table — add a row to RemoteClaw's responsibility column: "AgentRuntime tool-approval routing (capture and surface to channels)" — counterpart row stays in agent's responsibility for "Tool execution (web search, file I/O, shell)"

• Audit docs/tools/exec-approvals.md (user-facing) for references to the singular exec.approval.* interactive prompt path; remove or rewrite to describe the static ~/.remoteclaw/exec-approvals.json allowlist as the only currently-supported approval gating

Tests

• Existing tests touching the singular subsystem: delete or update to assert the removal
• Existing tests touching the plural exec.approvals.* (policy/storage): unaffected

Non-goals

• Building the new channel-mediated approval surface (separate, future design)
• Touching the plural exec.approvals.* (policy/storage) subsystem
• Restoring the deleted gateway handlers

Effort

1-2 days. Pure deletion + doc updates.

[alexey-pelykh]

PR #2619 delivers the documentation acceptance criteria of this issue ahead of the code surgery:

• ICED banner on docs/concepts/exec-approvals-architecture.md
• Boundary-table row + clarifying paragraph in docs/concepts/middleware-architecture.md
• docs/tools/exec-approvals.md audit/rewrite is NOT in docs: ice exec-approvals-architecture, refine middleware-arch boundary (#2618) #2619 — still part of this issue's scope.

When picking up this issue, the remaining ACs are: (a) delete 4 stranded callers + protocol declarations + tests, (b) audit/rewrite docs/tools/exec-approvals.md. The other doc updates listed in the original AC are done.