tui: add secure /title terminal title config

chore: nit explorer (#12315 )
Set memories phase reasoning effort constants (#12309 )
2026-02-20 15:53:48 +00:00 · 2026-02-20 15:36:50 +00:00 · 2026-02-20 11:24:28 +00:00 · 2026-02-20 09:25:35 +00:00 · 2026-02-20 09:13:35 +00:00 · 2026-02-19 22:06:51 -08:00
456 changed files with 37916 additions and 5915 deletions
--- a/.codespellignore
+++ b/.codespellignore
@@ -1,3 +1,5 @@
 iTerm
 iTerm2
-psuedo
+psuedo
+te
+TE
--- a/.codespellrc
+++ b/.codespellrc
@@ -3,4 +3,4 @@
 skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts,*.jsonl,frame*.txt,*.snap,*.snap.new,*meriyah.umd.min.js
 check-hidden = true
 ignore-regex = ^\s*"image/\S+": ".*|\b(afterAll)\b
-ignore-words-list = ratatui,ser,iTerm,iterm2,iterm
+ignore-words-list = ratatui,ser,iTerm,iterm2,iterm,te,TE
--- a/.github/ISSUE_TEMPLATE/1-codex-app.yml
+++ b/.github/ISSUE_TEMPLATE/1-codex-app.yml
@@ -21,6 +21,13 @@ body:
      label: What subscription do you have?
    validations:
      required: true
+  - type: input
+    id: platform
+    attributes:
+      label: What platform is your computer?
+      description: |
+        For macOS and Linux: copy the output of `uname -mprs`
+        For Windows: copy the output of `"$([Environment]::OSVersion | ForEach-Object VersionString) $(if ([Environment]::Is64BitOperatingSystem) { "x64" } else { "x86" })"` in the PowerShell console
  - type: textarea
    id: actual
    attributes:
--- a/.github/prompts/issue-deduplicator.txt
+++ b/.github/prompts/issue-deduplicator.txt
@@ -1,18 +0,0 @@
-You are an assistant that triages new GitHub issues by identifying potential duplicates.
-
-You will receive the following JSON files located in the current working directory:
- `codex-current-issue.json`: JSON object describing the newly created issue (fields: number, title, body).
- `codex-existing-issues.json`: JSON array of recent issues (each element includes number, title, body, createdAt).
-
-Instructions:
- Load both files as JSON and review their contents carefully. The codex-existing-issues.json file is large, ensure you explore all of it.
- Compare the current issue against the existing issues to find up to five that appear to describe the same underlying problem or request.
- Only consider an issue a potential duplicate if there is a clear overlap in symptoms, feature requests, reproduction steps, or error messages.
- Prioritize newer issues when similarity is comparable.
- Ignore pull requests and issues whose similarity is tenuous.
- When unsure, prefer returning fewer matches.
-
-Output requirements:
- Respond with a JSON array of issue numbers (integers), ordered from most likely duplicate to least.
- Include at most five numbers.
- If you find no plausible duplicates, respond with `[]`.
--- a/.github/prompts/issue-labeler.txt
+++ b/.github/prompts/issue-labeler.txt
@@ -1,26 +0,0 @@
-You are an assistant that reviews GitHub issues for the repository.
-
-Your job is to choose the most appropriate existing labels for the issue described later in this prompt.
-Follow these rules:
- Only pick labels out of the list below.
- Prefer a small set of precise labels over many broad ones.
- If none of the labels fit, respond with an empty JSON array: []
- Output must be a JSON array of label names (strings) with no additional commentary.
-
-Labels to apply:
-1. bug — Reproducible defects in Codex products (CLI, VS Code extension, web, auth).
-2. enhancement — Feature requests or usability improvements that ask for new capabilities, better ergonomics, or quality-of-life tweaks.
-3. extension — VS Code (or other IDE) extension-specific issues.
-4. windows-os — Bugs or friction specific to Windows environments (PowerShell behavior, path handling, copy/paste, OS-specific auth or tooling failures).
-5. mcp — Topics involving Model Context Protocol servers/clients.
-6. codex-web — Issues targeting the Codex web UI/Cloud experience.
-8. azure — Problems or requests tied to Azure OpenAI deployments.
-9. documentation — Updates or corrections needed in docs/README/config references (broken links, missing examples, outdated keys, clarification requests).
-10. model-behavior — Undesirable LLM behavior: forgetting goals, refusing work, hallucinating environment details, quota misreports, or other reasoning/performance anomalies.
-
-Issue information is available in environment variables:
-
-ISSUE_NUMBER
-ISSUE_TITLE
-ISSUE_BODY
-REPO_FULL_NAME
--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml
@@ -65,6 +65,11 @@ jobs:
      - name: Set up Bazel
        uses: bazelbuild/setup-bazelisk@v3

+      - name: Check MODULE.bazel.lock is up to date
+        if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
+        shell: bash
+        run: ./scripts/check-module-bazel-lock.sh
+
      # TODO(mbolin): Bring this back once we have caching working. Currently,
      # we never seem to get a cache hit but we still end up paying the cost of
      # uploading at the end of the build, which takes over a minute!
--- a/.github/workflows/issue-deduplicator.yml
+++ b/.github/workflows/issue-deduplicator.yml
@@ -15,34 +15,68 @@ jobs:
    permissions:
      contents: read
    outputs:
-      codex_output: ${{ steps.codex.outputs.final-message }}
+      codex_output: ${{ steps.select-final.outputs.codex_output }}
    steps:
      - uses: actions/checkout@v6

      - name: Prepare Codex inputs
        env:
          GH_TOKEN: ${{ github.token }}
+          REPO: ${{ github.repository }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
        run: |
          set -eo pipefail

          CURRENT_ISSUE_FILE=codex-current-issue.json
-          EXISTING_ISSUES_FILE=codex-existing-issues.json
+          EXISTING_ALL_FILE=codex-existing-issues-all.json
+          EXISTING_OPEN_FILE=codex-existing-issues-open.json

-          gh issue list --repo "${{ github.repository }}" \
-            --json number,title,body,createdAt \
+          gh issue list --repo "$REPO" \
+            --json number,title,body,createdAt,updatedAt,state,labels \
            --limit 1000 \
            --state all \
            --search "sort:created-desc" \
-            | jq '.' \
-            > "$EXISTING_ISSUES_FILE"
+            | jq '[.[] | {
+                number,
+                title,
+                body: ((.body // "")[0:4000]),
+                createdAt,
+                updatedAt,
+                state,
+                labels: ((.labels // []) | map(.name))
+              }]' \
+            > "$EXISTING_ALL_FILE"

-          gh issue view "${{ github.event.issue.number }}" \
-            --repo "${{ github.repository }}" \
+          gh issue list --repo "$REPO" \
+            --json number,title,body,createdAt,updatedAt,state,labels \
+            --limit 1000 \
+            --state open \
+            --search "sort:created-desc" \
+            | jq '[.[] | {
+                number,
+                title,
+                body: ((.body // "")[0:4000]),
+                createdAt,
+                updatedAt,
+                state,
+                labels: ((.labels // []) | map(.name))
+              }]' \
+            > "$EXISTING_OPEN_FILE"
+
+          gh issue view "$ISSUE_NUMBER" \
+            --repo "$REPO" \
            --json number,title,body \
-            | jq '.' \
+            | jq '{number, title, body: ((.body // "")[0:4000])}' \
            > "$CURRENT_ISSUE_FILE"

-      - id: codex
+          echo "Prepared duplicate detection input files."
+          echo "all_issue_count=$(jq 'length' "$EXISTING_ALL_FILE")"
+          echo "open_issue_count=$(jq 'length' "$EXISTING_OPEN_FILE")"
+
+      # Prompt instructions are intentionally inline in this workflow. The old
+      # .github/prompts/issue-deduplicator.txt file is obsolete and removed.
+      - id: codex-all
+        name: Find duplicates (pass 1, all issues)
        uses: openai/codex-action@main
        with:
          openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
@@ -52,14 +86,17 @@ jobs:

            You will receive the following JSON files located in the current working directory:
            - `codex-current-issue.json`: JSON object describing the newly created issue (fields: number, title, body).
-            - `codex-existing-issues.json`: JSON array of recent issues (each element includes number, title, body, createdAt).
+            - `codex-existing-issues-all.json`: JSON array of recent issues with states, timestamps, and labels.

            Instructions:
            - Compare the current issue against the existing issues to find up to five that appear to describe the same underlying problem or request.
-            - Focus on the underlying intent and context of each issue—such as reported symptoms, feature requests, reproduction steps, or error messages—rather than relying solely on string similarity or synthetic metrics.
-            - After your analysis, validate your results in 1-2 lines explaining your decision to return the selected matches.
-            - When unsure, prefer returning fewer matches.
-            - Include at most five numbers.
+            - Prioritize concrete overlap in symptoms, reproduction details, error signatures, and user intent.
+            - Prefer active unresolved issues when confidence is similar.
+            - Closed issues can still be valid duplicates if they clearly match.
+            - Return fewer matches rather than speculative ones.
+            - If confidence is low, return an empty list.
+            - Include at most five issue numbers.
+            - After analysis, provide a short reason for your decision.

          output-schema: |
            {
@@ -77,6 +114,179 @@ jobs:
              "additionalProperties": false
            }

+      - id: normalize-all
+        name: Normalize pass 1 output
+        env:
+          CODEX_OUTPUT: ${{ steps.codex-all.outputs.final-message }}
+          CURRENT_ISSUE_NUMBER: ${{ github.event.issue.number }}
+        run: |
+          set -eo pipefail
+
+          raw=${CODEX_OUTPUT//$'\r'/}
+          parsed=false
+          issues='[]'
+          reason=''
+
+          if [ -n "$raw" ] && printf '%s' "$raw" | jq -e 'type == "object" and (.issues | type == "array")' >/dev/null 2>&1; then
+            parsed=true
+            issues=$(printf '%s' "$raw" | jq -c '[.issues[] | tostring]')
+            reason=$(printf '%s' "$raw" | jq -r '.reason // ""')
+          else
+            reason='Pass 1 output was empty or invalid JSON.'
+          fi
+
+          filtered=$(jq -cn --argjson issues "$issues" --arg current "$CURRENT_ISSUE_NUMBER" '[
+            $issues[]
+            | tostring
+            | select(. != $current)
+          ] | reduce .[] as $issue ([]; if index($issue) then . else . + [$issue] end) | .[:5]')
+
+          has_matches=false
+          if [ "$(jq 'length' <<< "$filtered")" -gt 0 ]; then
+            has_matches=true
+          fi
+
+          echo "Pass 1 parsed: $parsed"
+          echo "Pass 1 matches after filtering: $(jq 'length' <<< "$filtered")"
+          echo "Pass 1 reason: $reason"
+
+          {
+            echo "issues_json=$filtered"
+            echo "reason<<EOF"
+            echo "$reason"
+            echo "EOF"
+            echo "has_matches=$has_matches"
+          } >> "$GITHUB_OUTPUT"
+
+      - id: codex-open
+        name: Find duplicates (pass 2, open issues)
+        if: ${{ steps.normalize-all.outputs.has_matches != 'true' }}
+        uses: openai/codex-action@main
+        with:
+          openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
+          allow-users: "*"
+          prompt: |
+            You are an assistant that triages new GitHub issues by identifying potential duplicates.
+
+            This is a fallback pass because a broad search did not find convincing matches.
+
+            You will receive the following JSON files located in the current working directory:
+            - `codex-current-issue.json`: JSON object describing the newly created issue (fields: number, title, body).
+            - `codex-existing-issues-open.json`: JSON array of open issues only.
+
+            Instructions:
+            - Search only these active unresolved issues for duplicates of the current issue.
+            - Prioritize concrete overlap in symptoms, reproduction details, error signatures, and user intent.
+            - Prefer fewer, higher-confidence matches.
+            - If confidence is low, return an empty list.
+            - Include at most five issue numbers.
+            - After analysis, provide a short reason for your decision.
+
+          output-schema: |
+            {
+              "type": "object",
+              "properties": {
+                "issues": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "reason": { "type": "string" }
+              },
+              "required": ["issues", "reason"],
+              "additionalProperties": false
+            }
+
+      - id: normalize-open
+        name: Normalize pass 2 output
+        if: ${{ steps.normalize-all.outputs.has_matches != 'true' }}
+        env:
+          CODEX_OUTPUT: ${{ steps.codex-open.outputs.final-message }}
+          CURRENT_ISSUE_NUMBER: ${{ github.event.issue.number }}
+        run: |
+          set -eo pipefail
+
+          raw=${CODEX_OUTPUT//$'\r'/}
+          parsed=false
+          issues='[]'
+          reason=''
+
+          if [ -n "$raw" ] && printf '%s' "$raw" | jq -e 'type == "object" and (.issues | type == "array")' >/dev/null 2>&1; then
+            parsed=true
+            issues=$(printf '%s' "$raw" | jq -c '[.issues[] | tostring]')
+            reason=$(printf '%s' "$raw" | jq -r '.reason // ""')
+          else
+            reason='Pass 2 output was empty or invalid JSON.'
+          fi
+
+          filtered=$(jq -cn --argjson issues "$issues" --arg current "$CURRENT_ISSUE_NUMBER" '[
+            $issues[]
+            | tostring
+            | select(. != $current)
+          ] | reduce .[] as $issue ([]; if index($issue) then . else . + [$issue] end) | .[:5]')
+
+          has_matches=false
+          if [ "$(jq 'length' <<< "$filtered")" -gt 0 ]; then
+            has_matches=true
+          fi
+
+          echo "Pass 2 parsed: $parsed"
+          echo "Pass 2 matches after filtering: $(jq 'length' <<< "$filtered")"
+          echo "Pass 2 reason: $reason"
+
+          {
+            echo "issues_json=$filtered"
+            echo "reason<<EOF"
+            echo "$reason"
+            echo "EOF"
+            echo "has_matches=$has_matches"
+          } >> "$GITHUB_OUTPUT"
+
+      - id: select-final
+        name: Select final duplicate set
+        env:
+          PASS1_ISSUES: ${{ steps.normalize-all.outputs.issues_json }}
+          PASS1_REASON: ${{ steps.normalize-all.outputs.reason }}
+          PASS2_ISSUES: ${{ steps.normalize-open.outputs.issues_json }}
+          PASS2_REASON: ${{ steps.normalize-open.outputs.reason }}
+          PASS1_HAS_MATCHES: ${{ steps.normalize-all.outputs.has_matches }}
+          PASS2_HAS_MATCHES: ${{ steps.normalize-open.outputs.has_matches }}
+        run: |
+          set -eo pipefail
+
+          selected_issues='[]'
+          selected_reason='No plausible duplicates found.'
+          selected_pass='none'
+
+          if [ "$PASS1_HAS_MATCHES" = "true" ]; then
+            selected_issues=${PASS1_ISSUES:-'[]'}
+            selected_reason=${PASS1_REASON:-'Pass 1 found duplicates.'}
+            selected_pass='all'
+          fi
+
+          if [ "$PASS2_HAS_MATCHES" = "true" ]; then
+            selected_issues=${PASS2_ISSUES:-'[]'}
+            selected_reason=${PASS2_REASON:-'Pass 2 found duplicates.'}
+            selected_pass='open-fallback'
+          fi
+
+          final_json=$(jq -cn \
+            --argjson issues "$selected_issues" \
+            --arg reason "$selected_reason" \
+            --arg pass "$selected_pass" \
+            '{issues: $issues, reason: $reason, pass: $pass}')
+
+          echo "Final pass used: $selected_pass"
+          echo "Final duplicate count: $(jq '.issues | length' <<< "$final_json")"
+          echo "Final reason: $(jq -r '.reason' <<< "$final_json")"
+
+          {
+            echo "codex_output<<EOF"
+            echo "$final_json"
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+
  comment-on-issue:
    name: Comment with potential duplicates
    needs: gather-duplicates
@@ -105,11 +315,17 @@ jobs:

            const issues = Array.isArray(parsed?.issues) ? parsed.issues : [];
            const currentIssueNumber = String(context.payload.issue.number);
+            const passUsed = typeof parsed?.pass === 'string' ? parsed.pass : 'unknown';
+            const reason = typeof parsed?.reason === 'string' ? parsed.reason : '';

            console.log(`Current issue number: ${currentIssueNumber}`);
+            console.log(`Pass used: ${passUsed}`);
+            if (reason) {
+              console.log(`Reason: ${reason}`);
+            }
            console.log(issues);

-            const filteredIssues = issues.filter((value) => String(value) !== currentIssueNumber);
+            const filteredIssues = [...new Set(issues.map((value) => String(value)))].filter((value) => value !== currentIssueNumber).slice(0, 5);

            if (filteredIssues.length === 0) {
              core.info('Codex reported no potential duplicates.');
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -50,14 +50,15 @@ jobs:
            4. azure — Problems or requests tied to Azure OpenAI deployments.
            5. model-behavior — Undesirable LLM behavior: forgetting goals, refusing work, hallucinating environment details, quota misreports, or other reasoning/performance anomalies.
            6. code-review — Issues related to the code review feature or functionality.
-            7. auth - Problems related to authentication, login, or access tokens.
-            8. codex-exec - Problems related to the "codex exec" command or functionality.
-            9. context-management - Problems related to compaction, context windows, or available context reporting.
-            10. custom-model - Problems that involve using custom model providers, local models, or OSS models.
-            11. rate-limits - Problems related to token limits, rate limits, or token usage reporting.
-            12. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
-            13. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
-            14. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.
+            7. safety-check - Issues related to cyber risk detection or trusted access verification.
+            8. auth - Problems related to authentication, login, or access tokens.
+            9. codex-exec - Problems related to the "codex exec" command or functionality.
+            10. context-management - Problems related to compaction, context windows, or available context reporting.
+            11. custom-model - Problems that involve using custom model providers, local models, or OSS models.
+            12. rate-limits - Problems related to token limits, rate limits, or token usage reporting.
+            13. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
+            14. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
+            15. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.

            Issue number: ${{ github.event.issue.number }}

--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -59,7 +59,7 @@ jobs:
        working-directory: codex-rs
    steps:
      - uses: actions/checkout@v6
-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
        with:
          components: rustfmt
      - name: cargo fmt
@@ -75,7 +75,7 @@ jobs:
        working-directory: codex-rs
    steps:
      - uses: actions/checkout@v6
-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
        with:
          tool: cargo-shear
@@ -196,7 +196,7 @@ jobs:
            fi
            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends "${packages[@]}"
          fi
-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
        with:
          targets: ${{ matrix.target }}
          components: clippy
@@ -513,7 +513,7 @@ jobs:
      - name: Install DotSlash
        uses: facebook/install-dotslash@v2

-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
        with:
          targets: ${{ matrix.target }}

@@ -581,6 +581,17 @@ jobs:
          tool: nextest
          version: 0.9.103

+      - name: Enable unprivileged user namespaces (Linux)
+        if: runner.os == 'Linux'
+        run: |
+          # Required for bubblewrap to work on Linux CI runners.
+          sudo sysctl -w kernel.unprivileged_userns_clone=1
+          # Ubuntu 24.04+ can additionally gate unprivileged user namespaces
+          # behind AppArmor.
+          if sudo sysctl -a 2>/dev/null | grep -q '^kernel.apparmor_restrict_unprivileged_userns'; then
+            sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+          fi
+
      - name: tests
        id: test
        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test --timings
--- a/.github/workflows/rust-release-windows.yml
+++ b/.github/workflows/rust-release-windows.yml
@@ -82,7 +82,7 @@ jobs:
          Write-Host "Total RAM: $ramGiB GiB"
          Write-Host "Disk usage:"
          Get-PSDrive -PSProvider FileSystem | Format-Table -AutoSize Name, @{Name='Size(GB)';Expression={[math]::Round(($_.Used + $_.Free) / 1GB, 1)}}, @{Name='Free(GB)';Expression={[math]::Round($_.Free / 1GB, 1)}}
-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
        with:
          targets: ${{ matrix.target }}

--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -123,7 +123,7 @@ jobs:
            sudo apt-get update -y
            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y libubsan1
          fi
-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
        with:
          targets: ${{ matrix.target }}

@@ -611,7 +611,22 @@ jobs:
            fi

            echo "+ ${publish_cmd[*]}"
-            "${publish_cmd[@]}"
+            set +e
+            publish_output="$("${publish_cmd[@]}" 2>&1)"
+            publish_status=$?
+            set -e
+
+            echo "${publish_output}"
+            if [[ ${publish_status} -eq 0 ]]; then
+              continue
+            fi
+
+            if grep -qiE "previously published|cannot publish over|version already exists" <<< "${publish_output}"; then
+              echo "Skipping already-published package version for ${filename}"
+              continue
+            fi
+
+            exit "${publish_status}"
          done

  update-branch:
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -31,7 +31,7 @@ jobs:
          node-version: 22
          cache: pnpm

-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0

      - name: build codex
        run: cargo build --bin codex
--- a/.github/workflows/shell-tool-mcp.yml
+++ b/.github/workflows/shell-tool-mcp.yml
@@ -105,7 +105,7 @@ jobs:
            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y libubsan1
          fi

-      - uses: dtolnay/rust-toolchain@1.93
+      - uses: dtolnay/rust-toolchain@1.93.0
        with:
          targets: ${{ matrix.target }}

@@ -251,11 +251,11 @@ jobs:
          set -euo pipefail
          if command -v apt-get >/dev/null 2>&1; then
            apt-get update
-            DEBIAN_FRONTEND=noninteractive apt-get install -y git build-essential bison autoconf gettext
+            DEBIAN_FRONTEND=noninteractive apt-get install -y git build-essential bison autoconf gettext libncursesw5-dev
          elif command -v dnf >/dev/null 2>&1; then
-            dnf install -y git gcc gcc-c++ make bison autoconf gettext
+            dnf install -y git gcc gcc-c++ make bison autoconf gettext ncurses-devel
          elif command -v yum >/dev/null 2>&1; then
-            yum install -y git gcc gcc-c++ make bison autoconf gettext
+            yum install -y git gcc gcc-c++ make bison autoconf gettext ncurses-devel
          else
            echo "Unsupported package manager in container"
            exit 1
@@ -391,11 +391,11 @@ jobs:
          set -euo pipefail
          if command -v apt-get >/dev/null 2>&1; then
            apt-get update
-            DEBIAN_FRONTEND=noninteractive apt-get install -y git build-essential bison autoconf gettext
+            DEBIAN_FRONTEND=noninteractive apt-get install -y git build-essential bison autoconf gettext libncursesw5-dev
          elif command -v dnf >/dev/null 2>&1; then
-            dnf install -y git gcc gcc-c++ make bison autoconf gettext
+            dnf install -y git gcc gcc-c++ make bison autoconf gettext ncurses-devel
          elif command -v yum >/dev/null 2>&1; then
-            yum install -y git gcc gcc-c++ make bison autoconf gettext
+            yum install -y git gcc gcc-c++ make bison autoconf gettext ncurses-devel
          else
            echo "Unsupported package manager in container"
            exit 1
@@ -408,9 +408,8 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          git clone --depth 1 https://git.code.sf.net/p/zsh/code /tmp/zsh
+          git clone https://git.code.sf.net/p/zsh/code /tmp/zsh
          cd /tmp/zsh
-          git fetch --depth 1 origin 77045ef899e53b9598bebc5a41db93a548a40ca6
          git checkout 77045ef899e53b9598bebc5a41db93a548a40ca6
          git apply "${GITHUB_WORKSPACE}/shell-tool-mcp/patches/zsh-exec-wrapper.patch"
          ./Util/preconfig
@@ -487,9 +486,8 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          git clone --depth 1 https://git.code.sf.net/p/zsh/code /tmp/zsh
+          git clone https://git.code.sf.net/p/zsh/code /tmp/zsh
          cd /tmp/zsh
-          git fetch --depth 1 origin 77045ef899e53b9598bebc5a41db93a548a40ca6
          git checkout 77045ef899e53b9598bebc5a41db93a548a40ca6
          git apply "${GITHUB_WORKSPACE}/shell-tool-mcp/patches/zsh-exec-wrapper.patch"
          ./Util/preconfig
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -15,6 +15,10 @@ In the codex-rs folder where the rust code lives:
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
 - When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
 - If you change `ConfigToml` or nested config types, run `just write-config-schema` to update `codex-rs/core/config.schema.json`.
+- If you change Rust dependencies (`Cargo.toml` or `Cargo.lock`), run `just bazel-lock-update` from the
+  repo root to refresh `MODULE.bazel.lock`, and include that lockfile update in the same change.
+- After dependency changes, run `just bazel-lock-check` from the repo root so lockfile drift is caught
+  locally before CI.
 - Do not create small helper methods that are referenced only once.

 Run `just fmt` (in `codex-rs` directory) automatically after you have finished making Rust code changes; do not ask for approval to run it. Additionally, run the tests:
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
--- a/README.md
+++ b/README.md
@@ -5,6 +5,7 @@
 </p>
 </br>
 If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href="https://developers.openai.com/codex/ide">install in your IDE.</a>
+</br>If you want the desktop app experience, run <code>codex app</code> or visit <a href="https://chatgpt.com/codex?app-landing-page=true">the Codex App page</a>.
 </br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href="https://chatgpt.com/codex">chatgpt.com/codex</a>.</p>

 ---
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+Thank you for helping us keep Codex secure!
+
+## Reporting Security Issues
+
+The security is essential to OpenAI's mission. We appreciate the work of security researchers acting in good faith to identify and responsibly report potential vulnerabilities, helping us maintain strong privacy and security standards for our users and technology.
+
+Our security program is managed through Bugcrowd, and we ask that any validated vulnerabilities be reported via the [Bugcrowd program](https://bugcrowd.com/engagements/openai).
+
+## Vulnerability Disclosure Program
+
+Our Vulnerability Program Guidelines are defined on our [Bugcrowd program page](https://bugcrowd.com/engagements/openai).
--- a/codex-cli/bin/rg
+++ b/codex-cli/bin/rg
@@ -4,74 +4,74 @@
  "name": "rg",
  "platforms": {
    "macos-aarch64": {
-      "size": 1787248,
-      "hash": "blake3",
-      "digest": "8d9942032585ea8ee805937634238d9aee7b210069f4703c88fbe568e26fb78a",
+      "size": 1777930,
+      "hash": "sha256",
+      "digest": "378e973289176ca0c6054054ee7f631a065874a352bf43f0fa60ef079b6ba715",
      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-aarch64-apple-darwin/rg",
+      "path": "ripgrep-15.1.0-aarch64-apple-darwin/rg",
      "providers": [
        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-aarch64-apple-darwin.tar.gz"
+          "url": "https://github.com/BurntSushi/ripgrep/releases/download/15.1.0/ripgrep-15.1.0-aarch64-apple-darwin.tar.gz"
        }
      ]
    },
    "linux-aarch64": {
-      "size": 2047405,
-      "hash": "blake3",
-      "digest": "0b670b8fa0a3df2762af2fc82cc4932f684ca4c02dbd1260d4f3133fd4b2a515",
+      "size": 1869959,
+      "hash": "sha256",
+      "digest": "2b661c6ef508e902f388e9098d9c4c5aca72c87b55922d94abdba830b4dc885e",
      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-aarch64-unknown-linux-gnu/rg",
+      "path": "ripgrep-15.1.0-aarch64-unknown-linux-gnu/rg",
      "providers": [
        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-aarch64-unknown-linux-gnu.tar.gz"
+          "url": "https://github.com/BurntSushi/ripgrep/releases/download/15.1.0/ripgrep-15.1.0-aarch64-unknown-linux-gnu.tar.gz"
        }
      ]
    },
    "macos-x86_64": {
-      "size": 2082672,
-      "hash": "blake3",
-      "digest": "e9b862fc8da3127f92791f0ff6a799504154ca9d36c98bf3e60a81c6b1f7289e",
+      "size": 1894127,
+      "hash": "sha256",
+      "digest": "64811cb24e77cac3057d6c40b63ac9becf9082eedd54ca411b475b755d334882",
      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-x86_64-apple-darwin/rg",
+      "path": "ripgrep-15.1.0-x86_64-apple-darwin/rg",
      "providers": [
        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-x86_64-apple-darwin.tar.gz"
+          "url": "https://github.com/BurntSushi/ripgrep/releases/download/15.1.0/ripgrep-15.1.0-x86_64-apple-darwin.tar.gz"
        }
      ]
    },
    "linux-x86_64": {
-      "size": 2566310,
-      "hash": "blake3",
-      "digest": "f73cca4e54d78c31f832c7f6e2c0b4db8b04fa3eaa747915727d570893dbee76",
+      "size": 2263077,
+      "hash": "sha256",
+      "digest": "1c9297be4a084eea7ecaedf93eb03d058d6faae29bbc57ecdaf5063921491599",
      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-x86_64-unknown-linux-musl/rg",
+      "path": "ripgrep-15.1.0-x86_64-unknown-linux-musl/rg",
      "providers": [
        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-x86_64-unknown-linux-musl.tar.gz"
+          "url": "https://github.com/BurntSushi/ripgrep/releases/download/15.1.0/ripgrep-15.1.0-x86_64-unknown-linux-musl.tar.gz"
        }
      ]
    },
    "windows-x86_64": {
-      "size": 2058893,
-      "hash": "blake3",
-      "digest": "a8ce1a6fed4f8093ee997e57f33254e94b2cd18e26358b09db599c89882eadbd",
+      "size": 1810687,
+      "hash": "sha256",
+      "digest": "124510b94b6baa3380d051fdf4650eaa80a302c876d611e9dba0b2e18d87493a",
      "format": "zip",
-      "path": "ripgrep-14.1.1-x86_64-pc-windows-msvc/rg.exe",
+      "path": "ripgrep-15.1.0-x86_64-pc-windows-msvc/rg.exe",
      "providers": [
        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-x86_64-pc-windows-msvc.zip"
+          "url": "https://github.com/BurntSushi/ripgrep/releases/download/15.1.0/ripgrep-15.1.0-x86_64-pc-windows-msvc.zip"
        }
      ]
    },
    "windows-aarch64": {
-      "size": 1667740,
-      "hash": "blake3",
-      "digest": "47b971a8c4fca1d23a4e7c19bd4d88465ebc395598458133139406d3bf85f3fa",
+      "size": 1675460,
+      "hash": "sha256",
+      "digest": "00d931fb5237c9696ca49308818edb76d8eb6fc132761cb2a1bd616b2df02f8e",
      "format": "zip",
-      "path": "rg.exe",
+      "path": "ripgrep-15.1.0-aarch64-pc-windows-msvc/rg.exe",
      "providers": [
        {
-          "url": "https://github.com/microsoft/ripgrep-prebuilt/releases/download/v13.0.0-13/ripgrep-v13.0.0-13-aarch64-pc-windows-msvc.zip"
+          "url": "https://github.com/BurntSushi/ripgrep/releases/download/15.1.0/ripgrep-15.1.0-aarch64-pc-windows-msvc.zip"
        }
      ]
    }
--- a/codex-cli/package.json
+++ b/codex-cli/package.json
@@ -18,5 +18,5 @@
    "url": "git+https://github.com/openai/codex.git",
    "directory": "codex-cli"
  },
-  "packageManager": "pnpm@10.28.2+sha512.41872f037ad22f7348e3b1debbaf7e867cfd448f2726d9cf74c08f19507c31d2c8e7a11525b983febc2df640b5438dee6023ebb1f84ed43cc2d654d2bc326264"
+  "packageManager": "pnpm@10.29.3+sha512.498e1fb4cca5aa06c1dcf2611e6fafc50972ffe7189998c409e90de74566444298ffe43e6cd2acdc775ba1aa7cc5e092a8b7054c811ba8c5770f84693d33d2dc"
 }
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -423,16 +423,16 @@ dependencies = [
 "objc2-foundation",
 "parking_lot",
 "percent-encoding",
- "windows-sys 0.60.2",
+ "windows-sys 0.52.0",
 "wl-clipboard-rs",
 "x11rb",
 ]

 [[package]]
 name = "arc-swap"
-version = "1.8.0"
+version = "1.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d03449bb8ca2cc2ef70869af31463d1ae5ccc8fa3e334b307203fbf815207e"
+checksum = "f9f3647c145568cec02c42054e07bdf9a5a698e15b466fb2341bfc393cd24aa5"
 dependencies = [
 "rustversion",
 ]
@@ -458,58 +458,6 @@ dependencies = [
 "term",
 ]

-[[package]]
-name = "askama"
-version = "0.15.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08e1676b346cadfec169374f949d7490fd80a24193d37d2afce0c047cf695e57"
-dependencies = [
- "askama_macros",
- "itoa",
- "percent-encoding",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "askama_derive"
-version = "0.15.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7661ff56517787343f376f75db037426facd7c8d3049cef8911f1e75016f3a37"
-dependencies = [
- "askama_parser",
- "basic-toml",
- "memchr",
- "proc-macro2",
- "quote",
- "rustc-hash 2.1.1",
- "serde",
- "serde_derive",
- "syn 2.0.114",
-]
-
-[[package]]
-name = "askama_macros"
-version = "0.15.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "713ee4dbfd1eb719c2dab859465b01fa1d21cb566684614a713a6b7a99a4e47b"
-dependencies = [
- "askama_derive",
-]
-
-[[package]]
-name = "askama_parser"
-version = "0.15.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d62d674238a526418b30c0def480d5beadb9d8964e7f38d635b03bf639c704c"
-dependencies = [
- "rustc-hash 2.1.1",
- "serde",
- "serde_derive",
- "unicode-ident",
- "winnow",
-]
-
 [[package]]
 name = "asn1-rs"
 version = "0.7.1"
@@ -1227,9 +1175,9 @@ dependencies = [

 [[package]]
 name = "clap"
-version = "4.5.56"
+version = "4.5.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a75ca66430e33a14957acc24c5077b503e7d374151b2b4b3a10c83b4ceb4be0e"
+checksum = "63be97961acde393029492ce0be7a1af7e323e6bae9511ebfac33751be5e6806"
 dependencies = [
 "clap_builder",
 "clap_derive",
@@ -1237,9 +1185,9 @@ dependencies = [

 [[package]]
 name = "clap_builder"
-version = "4.5.56"
+version = "4.5.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "793207c7fa6300a0608d1080b858e5fdbe713cdc1c8db9fb17777d8a13e63df0"
+checksum = "7f13174bda5dfd69d7e947827e5af4b0f2f94a4a3ee92912fba07a66150f21e2"
 dependencies = [
 "anstream",
 "anstyle",
@@ -1271,9 +1219,9 @@ dependencies = [

 [[package]]
 name = "clap_lex"
-version = "0.7.7"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3e64b0cc0439b12df2fa678eae89a1c56a529fd067a9115f7827f1fffd22b32"
+checksum = "3a822ea5bc7590f9d40f1ba12c0dc3c2760f3482c6984db1573ad11031420831"

 [[package]]
 name = "clipboard-win"
@@ -1406,6 +1354,7 @@ dependencies = [
 "strum_macros 0.27.2",
 "tempfile",
 "thiserror 2.0.18",
+ "tracing",
 "ts-rs",
 "uuid",
 ]
@@ -1420,6 +1369,8 @@ dependencies = [
 "codex-protocol",
 "serde",
 "serde_json",
+ "tungstenite",
+ "url",
 "uuid",
 ]

@@ -1660,7 +1611,6 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "arc-swap",
- "askama",
 "assert_cmd",
 "assert_matches",
 "async-channel",
@@ -1710,6 +1660,7 @@ dependencies = [
 "include_dir",
 "indexmap 2.13.0",
 "indoc",
+ "insta",
 "keyring",
 "landlock",
 "libc",
@@ -2035,6 +1986,7 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "async-trait",
+ "base64 0.22.1",
 "clap",
 "codex-utils-absolute-path",
 "codex-utils-rustls-provider",
@@ -2294,6 +2246,7 @@ dependencies = [
 "codex-utils-oss",
 "codex-utils-pty",
 "codex-utils-sandbox-summary",
+ "codex-utils-sleep-inhibitor",
 "codex-windows-sandbox",
 "color-eyre",
 "crossterm",
@@ -2493,6 +2446,15 @@ dependencies = [
 "regex",
 ]

+[[package]]
+name = "codex-utils-sleep-inhibitor"
+version = "0.0.0"
+dependencies = [
+ "core-foundation 0.9.4",
+ "libc",
+ "tracing",
+]
+
 [[package]]
 name = "codex-utils-string"
 version = "0.0.0"
@@ -3279,7 +3241,7 @@ dependencies = [
 "libc",
 "option-ext",
 "redox_users 0.5.2",
- "windows-sys 0.61.2",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -3475,9 +3437,9 @@ checksum = "dbfd0e7fc632dec5e6c9396a27bc9f9975b4e039720e1fd3e34021d3ce28c415"

 [[package]]
 name = "env_filter"
-version = "0.1.4"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bf3c259d255ca70051b30e2e95b5446cdb8949ac4cd22c0d7fd634d89f568e2"
+checksum = "7a1c3cc8e57274ec99de65301228b537f1e4eedc1b8e0f9411c6caac8ae7308f"
 dependencies = [
 "log",
 "regex",
@@ -3491,9 +3453,9 @@ checksum = "c7f84e12ccf0a7ddc17a6c41c93326024c42920d7ee630d04950e6926645c0fe"

 [[package]]
 name = "env_logger"
-version = "0.11.8"
+version = "0.11.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f"
+checksum = "b2daee4ea451f429a58296525ddf28b45a3b64f1acf6587e2067437bb11e218d"
 dependencies = [
 "anstream",
 "anstyle",
@@ -3524,7 +3486,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
 "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -4917,7 +4879,7 @@ checksum = "3640c1c38b8e4e43584d8df18be5fc6b0aa314ce6ebf51b53313d4306cca8e46"
 dependencies = [
 "hermit-abi",
 "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -5625,7 +5587,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -6191,7 +6153,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d8fae84b431384b68627d0f9b3b1245fcf9f46f6c0e3dc902e9dce64edd1967"
 dependencies = [
 "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.45.0",
 ]

 [[package]]
@@ -6752,7 +6714,7 @@ dependencies = [
 "once_cell",
 "socket2 0.6.2",
 "tracing",
- "windows-sys 0.60.2",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -7578,7 +7540,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys 0.11.0",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -8955,7 +8917,7 @@ dependencies = [
 "getrandom 0.3.4",
 "once_cell",
 "rustix 1.1.3",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -10315,7 +10277,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.48.0",
 ]

 [[package]]
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -54,6 +54,7 @@ members = [
    "utils/elapsed",
    "utils/sandbox-summary",
    "utils/sanitizer",
+    "utils/sleep-inhibitor",
    "utils/approval-presets",
    "utils/oss",
    "utils/fuzzy-match",
@@ -131,6 +132,7 @@ codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-rustls-provider = { path = "utils/rustls-provider" }
 codex-utils-sandbox-summary = { path = "utils/sandbox-summary" }
 codex-utils-sanitizer = { path = "utils/sanitizer" }
+codex-utils-sleep-inhibitor = { path = "utils/sleep-inhibitor" }
 codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
 core_test_support = { path = "core/tests/common" }
@@ -143,7 +145,6 @@ allocative = "0.3.3"
 ansi-to-tui = "7.0.0"
 anyhow = "1"
 arboard = { version = "3", features = ["wayland-data-control"] }
-askama = "0.15.4"
 assert_cmd = "2"
 assert_matches = "1.5.0"
 async-channel = "2.3.1"
@@ -168,7 +169,7 @@ dotenvy = "0.15.7"
 dunce = "1.0.4"
 encoding_rs = "0.8.35"
 env-flags = "0.1.1"
-env_logger = "0.11.5"
+env_logger = "0.11.9"
 eventsource-stream = "0.2.3"
 futures = { version = "0.3", default-features = false }
 globset = "0.4"
--- a/codex-rs/app-server-protocol/Cargo.toml
+++ b/codex-rs/app-server-protocol/Cargo.toml
@@ -25,6 +25,7 @@ strum_macros = { workspace = true }
 thiserror = { workspace = true }
 ts-rs = { workspace = true }
 inventory = { workspace = true }
+tracing = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v7"] }

 [dev-dependencies]
--- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json
@@ -69,13 +69,46 @@
      "type": "object"
    },
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "AskForApproval2": {
      "description": "Determines the conditions under which the user is consulted to approve running the command proposed by Codex.",
@@ -101,6 +134,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval2",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -711,6 +758,15 @@
      ],
      "type": "object"
    },
+    "HazelnutScope": {
+      "enum": [
+        "example",
+        "workspace-shared",
+        "all-shared",
+        "personal"
+      ],
+      "type": "string"
+    },
    "InitializeCapabilities": {
      "description": "Client-declared capabilities negotiated during initialize.",
      "properties": {
@@ -1128,6 +1184,13 @@
            "null"
          ]
        },
+        "includeHidden": {
+          "description": "When true, include models that are hidden from the default picker list.",
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
        "limit": {
          "description": "Optional page size; defaults to a reasonable server-side value.",
          "format": "uint32",
@@ -1243,6 +1306,15 @@
      ],
      "type": "string"
    },
+    "ProductSurface": {
+      "enum": [
+        "chatgpt",
+        "codex",
+        "api",
+        "atlas"
+      ],
+      "type": "string"
+    },
    "ReadOnlyAccess": {
      "oneOf": [
        {
@@ -1441,6 +1513,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "RemoveConversationListenerParams": {
      "properties": {
        "subscriptionId": {
@@ -2414,20 +2508,38 @@
      "type": "object"
    },
    "SkillsRemoteReadParams": {
+      "properties": {
+        "enabled": {
+          "default": false,
+          "type": "boolean"
+        },
+        "hazelnutScope": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/HazelnutScope"
+            }
+          ],
+          "default": "example"
+        },
+        "productSurface": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ProductSurface"
+            }
+          ],
+          "default": "codex"
+        }
+      },
      "type": "object"
    },
    "SkillsRemoteWriteParams": {
      "properties": {
        "hazelnutId": {
          "type": "string"
-        },
-        "isPreload": {
-          "type": "boolean"
        }
      },
      "required": [
-        "hazelnutId",
-        "isPreload"
+        "hazelnutId"
      ],
      "type": "object"
    },
@@ -3268,6 +3380,24 @@
          "type": "object"
        }
      ]
+    },
+    "WindowsSandboxSetupMode": {
+      "enum": [
+        "elevated",
+        "unelevated"
+      ],
+      "type": "string"
+    },
+    "WindowsSandboxSetupStartParams": {
+      "properties": {
+        "mode": {
+          "$ref": "#/definitions/WindowsSandboxSetupMode"
+        }
+      },
+      "required": [
+        "mode"
+      ],
+      "type": "object"
    }
  },
  "description": "Request from the client to the server.",
@@ -3592,9 +3722,9 @@
        },
        "method": {
          "enum": [
-            "skills/remote/read"
+            "skills/remote/list"
          ],
-          "title": "Skills/remote/readRequestMethod",
+          "title": "Skills/remote/listRequestMethod",
          "type": "string"
        },
        "params": {
@@ -3606,7 +3736,7 @@
        "method",
        "params"
      ],
-      "title": "Skills/remote/readRequest",
+      "title": "Skills/remote/listRequest",
      "type": "object"
    },
    {
@@ -3616,9 +3746,9 @@
        },
        "method": {
          "enum": [
-            "skills/remote/write"
+            "skills/remote/export"
          ],
-          "title": "Skills/remote/writeRequestMethod",
+          "title": "Skills/remote/exportRequestMethod",
          "type": "string"
        },
        "params": {
@@ -3630,7 +3760,7 @@
        "method",
        "params"
      ],
-      "title": "Skills/remote/writeRequest",
+      "title": "Skills/remote/exportRequest",
      "type": "object"
    },
    {
@@ -3896,6 +4026,30 @@
      "title": "McpServerStatus/listRequest",
      "type": "object"
    },
+    {
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "windowsSandbox/setupStart"
+          ],
+          "title": "WindowsSandbox/setupStartRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/WindowsSandboxSetupStartParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "WindowsSandbox/setupStartRequest",
+      "type": "object"
+    },
    {
      "properties": {
        "id": {
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
@@ -113,6 +113,13 @@
    }
  },
  "properties": {
+    "approvalId": {
+      "description": "Unique identifier for this specific approval callback.\n\nFor regular shell/unified_exec approvals, this is null.\n\nFor zsh-exec-bridge subcommand approvals, multiple callbacks can belong to one parent `itemId`, so `approvalId` is a distinct opaque callback id (a UUID) used to disambiguate routing.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
    "command": {
      "description": "The command to be executed.",
      "type": [
--- a/codex-rs/app-server-protocol/schema/json/EventMsg.json
+++ b/codex-rs/app-server-protocol/schema/json/EventMsg.json
@@ -117,6 +117,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -473,6 +487,35 @@
          "title": "WarningEventMsg",
          "type": "object"
        },
+        {
+          "description": "Model routing changed from the requested model to a different model.",
+          "properties": {
+            "from_model": {
+              "type": "string"
+            },
+            "reason": {
+              "$ref": "#/definitions/ModelRerouteReason"
+            },
+            "to_model": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "model_reroute"
+              ],
+              "title": "ModelRerouteEventMsgType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "from_model",
+            "reason",
+            "to_model",
+            "type"
+          ],
+          "title": "ModelRerouteEventMsg",
+          "type": "object"
+        },
        {
          "description": "Conversation history was compacted (either automatically or manually).",
          "properties": {
@@ -620,6 +663,17 @@
            "message": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "type": {
              "enum": [
                "agent_message"
@@ -1423,8 +1477,15 @@
        },
        {
          "properties": {
+            "approval_id": {
+              "description": "Identifier for this specific approval callback.\n\nWhen absent, the approval is for the command item itself (`call_id`). This is present for subcommand approvals (via execve intercept).",
+              "type": [
+                "string",
+                "null"
+              ]
+            },
            "call_id": {
-              "description": "Identifier for the associated exec call, if available.",
+              "description": "Identifier for the associated command execution item.",
              "type": "string"
            },
            "command": {
@@ -1438,6 +1499,17 @@
              "description": "The command's working directory.",
              "type": "string"
            },
+            "network_approval_context": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/NetworkApprovalContext"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "description": "Optional network context for a blocked request that can be approved."
+            },
            "parsed_cmd": {
              "items": {
                "$ref": "#/definitions/ParsedCommand"
@@ -3307,6 +3379,12 @@
      ],
      "type": "string"
    },
+    "ModelRerouteReason": {
+      "enum": [
+        "high_risk_cyber_activity"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "description": "Represents whether outbound network access is available to the agent.",
      "enum": [
@@ -3315,6 +3393,30 @@
      ],
      "type": "string"
    },
+    "NetworkApprovalContext": {
+      "properties": {
+        "host": {
+          "type": "string"
+        },
+        "protocol": {
+          "$ref": "#/definitions/NetworkApprovalProtocol"
+        }
+      },
+      "required": [
+        "host",
+        "protocol"
+      ],
+      "type": "object"
+    },
+    "NetworkApprovalProtocol": {
+      "enum": [
+        "http",
+        "https",
+        "socks5_tcp",
+        "socks5_udp"
+      ],
+      "type": "string"
+    },
    "ParsedCommand": {
      "oneOf": [
        {
@@ -3681,6 +3783,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "RemoteSkillSummary": {
      "properties": {
        "description": {
@@ -5343,6 +5467,35 @@
      "title": "WarningEventMsg",
      "type": "object"
    },
+    {
+      "description": "Model routing changed from the requested model to a different model.",
+      "properties": {
+        "from_model": {
+          "type": "string"
+        },
+        "reason": {
+          "$ref": "#/definitions/ModelRerouteReason"
+        },
+        "to_model": {
+          "type": "string"
+        },
+        "type": {
+          "enum": [
+            "model_reroute"
+          ],
+          "title": "ModelRerouteEventMsgType",
+          "type": "string"
+        }
+      },
+      "required": [
+        "from_model",
+        "reason",
+        "to_model",
+        "type"
+      ],
+      "title": "ModelRerouteEventMsg",
+      "type": "object"
+    },
    {
      "description": "Conversation history was compacted (either automatically or manually).",
      "properties": {
@@ -5490,6 +5643,17 @@
        "message": {
          "type": "string"
        },
+        "phase": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/MessagePhase"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null
+        },
        "type": {
          "enum": [
            "agent_message"
@@ -6293,8 +6457,15 @@
    },
    {
      "properties": {
+        "approval_id": {
+          "description": "Identifier for this specific approval callback.\n\nWhen absent, the approval is for the command item itself (`call_id`). This is present for subcommand approvals (via execve intercept).",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
        "call_id": {
-          "description": "Identifier for the associated exec call, if available.",
+          "description": "Identifier for the associated command execution item.",
          "type": "string"
        },
        "command": {
@@ -6308,6 +6479,17 @@
          "description": "The command's working directory.",
          "type": "string"
        },
+        "network_approval_context": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/NetworkApprovalContext"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Optional network context for a blocked request that can be approved."
+        },
        "parsed_cmd": {
          "items": {
            "$ref": "#/definitions/ParsedCommand"
--- a/codex-rs/app-server-protocol/schema/json/ExecCommandApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/ExecCommandApprovalParams.json
@@ -117,6 +117,13 @@
    }
  },
  "properties": {
+    "approvalId": {
+      "description": "Identifier for this specific approval callback.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
    "callId": {
      "description": "Use to correlate this with [codex_core::protocol::ExecCommandBeginEvent] and [codex_core::protocol::ExecCommandEndEvent].",
      "type": "string"
--- a/codex-rs/app-server-protocol/schema/json/FuzzyFileSearchSessionCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/FuzzyFileSearchSessionCompletedNotification.json
@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "sessionId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "sessionId"
+  ],
+  "title": "FuzzyFileSearchSessionCompletedNotification",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
@@ -165,9 +165,71 @@
        }
      ]
    },
+    "AppBranding": {
+      "description": "EXPERIMENTAL - app metadata returned by app-list APIs.",
+      "properties": {
+        "category": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "developer": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "isDiscoverableApp": {
+          "type": "boolean"
+        },
+        "privacyPolicy": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "termsOfService": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "website": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "isDiscoverableApp"
+      ],
+      "type": "object"
+    },
    "AppInfo": {
      "description": "EXPERIMENTAL - app metadata returned by app-list APIs.",
      "properties": {
+        "appMetadata": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppMetadata"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "branding": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppBranding"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
        "description": {
          "type": [
            "string",
@@ -198,6 +260,15 @@
          "description": "Whether this app is enabled in config.toml. Example: ```toml [apps.bad_app] enabled = false ```",
          "type": "boolean"
        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
        "logoUrl": {
          "type": [
            "string",
@@ -235,6 +306,130 @@
      ],
      "type": "object"
    },
+    "AppMetadata": {
+      "properties": {
+        "categories": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "developer": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "firstPartyRequiresInstall": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "firstPartyType": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "review": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppReview"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "screenshots": {
+          "items": {
+            "$ref": "#/definitions/AppScreenshot"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "seoDescription": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "showInComposerWhenUnlinked": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "subCategories": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "version": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "versionId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "versionNotes": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "AppReview": {
+      "properties": {
+        "status": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "status"
+      ],
+      "type": "object"
+    },
+    "AppScreenshot": {
+      "properties": {
+        "fileId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "url": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "userPrompt": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "userPrompt"
+      ],
+      "type": "object"
+    },
    "AskForApproval": {
      "description": "Determines the conditions under which the user is consulted to approve running the command proposed by Codex.",
      "oneOf": [
@@ -259,6 +454,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -1094,6 +1303,35 @@
          "title": "WarningEventMsg",
          "type": "object"
        },
+        {
+          "description": "Model routing changed from the requested model to a different model.",
+          "properties": {
+            "from_model": {
+              "type": "string"
+            },
+            "reason": {
+              "$ref": "#/definitions/ModelRerouteReason2"
+            },
+            "to_model": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "model_reroute"
+              ],
+              "title": "ModelRerouteEventMsgType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "from_model",
+            "reason",
+            "to_model",
+            "type"
+          ],
+          "title": "ModelRerouteEventMsg",
+          "type": "object"
+        },
        {
          "description": "Conversation history was compacted (either automatically or manually).",
          "properties": {
@@ -1241,6 +1479,17 @@
            "message": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase2"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "type": {
              "enum": [
                "agent_message"
@@ -2044,8 +2293,15 @@
        },
        {
          "properties": {
+            "approval_id": {
+              "description": "Identifier for this specific approval callback.\n\nWhen absent, the approval is for the command item itself (`call_id`). This is present for subcommand approvals (via execve intercept).",
+              "type": [
+                "string",
+                "null"
+              ]
+            },
            "call_id": {
-              "description": "Identifier for the associated exec call, if available.",
+              "description": "Identifier for the associated command execution item.",
              "type": "string"
            },
            "command": {
@@ -2059,6 +2315,17 @@
              "description": "The command's working directory.",
              "type": "string"
            },
+            "network_approval_context": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/NetworkApprovalContext"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "description": "Optional network context for a blocked request that can be approved."
+            },
            "parsed_cmd": {
              "items": {
                "$ref": "#/definitions/ParsedCommand"
@@ -3752,6 +4019,17 @@
      ],
      "type": "object"
    },
+    "FuzzyFileSearchSessionCompletedNotification": {
+      "properties": {
+        "sessionId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "sessionId"
+      ],
+      "type": "object"
+    },
    "FuzzyFileSearchSessionUpdatedNotification": {
      "properties": {
        "files": {
@@ -4162,6 +4440,13 @@
      "type": "string"
    },
    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
+    "MessagePhase2": {
      "description": "Classifies an assistant message as interim commentary or final answer text.\n\nProviders do not emit this consistently, so callers must treat `None` as \"phase unknown\" and keep compatibility behavior for legacy models.",
      "oneOf": [
        {
@@ -4188,6 +4473,45 @@
      ],
      "type": "string"
    },
+    "ModelRerouteReason": {
+      "enum": [
+        "highRiskCyberActivity"
+      ],
+      "type": "string"
+    },
+    "ModelRerouteReason2": {
+      "enum": [
+        "high_risk_cyber_activity"
+      ],
+      "type": "string"
+    },
+    "ModelReroutedNotification": {
+      "properties": {
+        "fromModel": {
+          "type": "string"
+        },
+        "reason": {
+          "$ref": "#/definitions/ModelRerouteReason"
+        },
+        "threadId": {
+          "type": "string"
+        },
+        "toModel": {
+          "type": "string"
+        },
+        "turnId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "fromModel",
+        "reason",
+        "threadId",
+        "toModel",
+        "turnId"
+      ],
+      "type": "object"
+    },
    "NetworkAccess": {
      "description": "Represents whether outbound network access is available to the agent.",
      "enum": [
@@ -4196,6 +4520,30 @@
      ],
      "type": "string"
    },
+    "NetworkApprovalContext": {
+      "properties": {
+        "host": {
+          "type": "string"
+        },
+        "protocol": {
+          "$ref": "#/definitions/NetworkApprovalProtocol"
+        }
+      },
+      "required": [
+        "host",
+        "protocol"
+      ],
+      "type": "object"
+    },
+    "NetworkApprovalProtocol": {
+      "enum": [
+        "http",
+        "https",
+        "socks5_tcp",
+        "socks5_udp"
+      ],
+      "type": "string"
+    },
    "ParsedCommand": {
      "oneOf": [
        {
@@ -4835,6 +5183,28 @@
      ],
      "type": "object"
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "RemoteSkillSummary": {
      "properties": {
        "description": {
@@ -5028,7 +5398,7 @@
            "phase": {
              "anyOf": [
                {
-                  "$ref": "#/definitions/MessagePhase"
+                  "$ref": "#/definitions/MessagePhase2"
                },
                {
                  "type": "null"
@@ -5997,7 +6367,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -6203,6 +6574,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -6224,11 +6603,30 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
+    "ThreadArchivedNotification": {
+      "properties": {
+        "threadId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "threadId"
+      ],
+      "type": "object"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -6266,6 +6664,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -6732,6 +7141,96 @@
      ],
      "type": "object"
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
+    "ThreadStatusChangedNotification": {
+      "properties": {
+        "status": {
+          "$ref": "#/definitions/ThreadStatus"
+        },
+        "threadId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "status",
+        "threadId"
+      ],
+      "type": "object"
+    },
    "ThreadTokenUsage": {
      "properties": {
        "last": {
@@ -6773,6 +7272,17 @@
      ],
      "type": "object"
    },
+    "ThreadUnarchivedNotification": {
+      "properties": {
+        "threadId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "threadId"
+      ],
+      "type": "object"
+    },
    "TokenUsage": {
      "properties": {
        "cached_input_tokens": {
@@ -7044,7 +7554,7 @@
            "phase": {
              "anyOf": [
                {
-                  "$ref": "#/definitions/MessagePhase"
+                  "$ref": "#/definitions/MessagePhase2"
                },
                {
                  "type": "null"
@@ -7698,6 +8208,34 @@
        }
      ]
    },
+    "WindowsSandboxSetupCompletedNotification": {
+      "properties": {
+        "error": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "mode": {
+          "$ref": "#/definitions/WindowsSandboxSetupMode"
+        },
+        "success": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mode",
+        "success"
+      ],
+      "type": "object"
+    },
+    "WindowsSandboxSetupMode": {
+      "enum": [
+        "elevated",
+        "unelevated"
+      ],
+      "type": "string"
+    },
    "WindowsWorldWritableWarningNotification": {
      "properties": {
        "extraCount": {
@@ -7766,6 +8304,66 @@
      "title": "Thread/startedNotification",
      "type": "object"
    },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "thread/status/changed"
+          ],
+          "title": "Thread/status/changedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/ThreadStatusChangedNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "Thread/status/changedNotification",
+      "type": "object"
+    },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "thread/archived"
+          ],
+          "title": "Thread/archivedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/ThreadArchivedNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "Thread/archivedNotification",
+      "type": "object"
+    },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "thread/unarchived"
+          ],
+          "title": "Thread/unarchivedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/ThreadUnarchivedNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "Thread/unarchivedNotification",
+      "type": "object"
+    },
    {
      "properties": {
        "method": {
@@ -8229,6 +8827,26 @@
      "title": "Thread/compactedNotification",
      "type": "object"
    },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "model/rerouted"
+          ],
+          "title": "Model/reroutedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/ModelReroutedNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "Model/reroutedNotification",
+      "type": "object"
+    },
    {
      "properties": {
        "method": {
@@ -8289,6 +8907,26 @@
      "title": "FuzzyFileSearch/sessionUpdatedNotification",
      "type": "object"
    },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "fuzzyFileSearch/sessionCompleted"
+          ],
+          "title": "FuzzyFileSearch/sessionCompletedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/FuzzyFileSearchSessionCompletedNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "FuzzyFileSearch/sessionCompletedNotification",
+      "type": "object"
+    },
    {
      "description": "Notifies the user of world-writable directories on Windows, which cannot be protected by the sandbox.",
      "properties": {
@@ -8310,6 +8948,26 @@
      "title": "Windows/worldWritableWarningNotification",
      "type": "object"
    },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "windowsSandbox/setupCompleted"
+          ],
+          "title": "WindowsSandbox/setupCompletedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/WindowsSandboxSetupCompletedNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "WindowsSandbox/setupCompletedNotification",
+      "type": "object"
+    },
    {
      "properties": {
        "method": {
--- a/codex-rs/app-server-protocol/schema/json/ServerRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerRequest.json
@@ -179,6 +179,13 @@
    },
    "CommandExecutionRequestApprovalParams": {
      "properties": {
+        "approvalId": {
+          "description": "Unique identifier for this specific approval callback.\n\nFor regular shell/unified_exec approvals, this is null.\n\nFor zsh-exec-bridge subcommand approvals, multiple callbacks can belong to one parent `itemId`, so `approvalId` is a distinct opaque callback id (a UUID) used to disambiguate routing.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
        "command": {
          "description": "The command to be executed.",
          "type": [
@@ -264,6 +271,13 @@
    },
    "ExecCommandApprovalParams": {
      "properties": {
+        "approvalId": {
+          "description": "Identifier for this specific approval callback.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
        "callId": {
          "description": "Use to correlate this with [codex_core::protocol::ExecCommandBeginEvent] and [codex_core::protocol::ExecCommandEndEvent].",
          "type": "string"
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
--- a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json
@@ -25,6 +25,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -114,6 +128,28 @@
      },
      "type": "object"
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "SandboxMode": {
      "enum": [
        "read-only",
--- a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json
@@ -117,6 +117,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -473,6 +487,35 @@
          "title": "WarningEventMsg",
          "type": "object"
        },
+        {
+          "description": "Model routing changed from the requested model to a different model.",
+          "properties": {
+            "from_model": {
+              "type": "string"
+            },
+            "reason": {
+              "$ref": "#/definitions/ModelRerouteReason"
+            },
+            "to_model": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "model_reroute"
+              ],
+              "title": "ModelRerouteEventMsgType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "from_model",
+            "reason",
+            "to_model",
+            "type"
+          ],
+          "title": "ModelRerouteEventMsg",
+          "type": "object"
+        },
        {
          "description": "Conversation history was compacted (either automatically or manually).",
          "properties": {
@@ -620,6 +663,17 @@
            "message": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "type": {
              "enum": [
                "agent_message"
@@ -1423,8 +1477,15 @@
        },
        {
          "properties": {
+            "approval_id": {
+              "description": "Identifier for this specific approval callback.\n\nWhen absent, the approval is for the command item itself (`call_id`). This is present for subcommand approvals (via execve intercept).",
+              "type": [
+                "string",
+                "null"
+              ]
+            },
            "call_id": {
-              "description": "Identifier for the associated exec call, if available.",
+              "description": "Identifier for the associated command execution item.",
              "type": "string"
            },
            "command": {
@@ -1438,6 +1499,17 @@
              "description": "The command's working directory.",
              "type": "string"
            },
+            "network_approval_context": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/NetworkApprovalContext"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "description": "Optional network context for a blocked request that can be approved."
+            },
            "parsed_cmd": {
              "items": {
                "$ref": "#/definitions/ParsedCommand"
@@ -3307,6 +3379,12 @@
      ],
      "type": "string"
    },
+    "ModelRerouteReason": {
+      "enum": [
+        "high_risk_cyber_activity"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "description": "Represents whether outbound network access is available to the agent.",
      "enum": [
@@ -3315,6 +3393,30 @@
      ],
      "type": "string"
    },
+    "NetworkApprovalContext": {
+      "properties": {
+        "host": {
+          "type": "string"
+        },
+        "protocol": {
+          "$ref": "#/definitions/NetworkApprovalProtocol"
+        }
+      },
+      "required": [
+        "host",
+        "protocol"
+      ],
+      "type": "object"
+    },
+    "NetworkApprovalProtocol": {
+      "enum": [
+        "http",
+        "https",
+        "socks5_tcp",
+        "socks5_udp"
+      ],
+      "type": "string"
+    },
    "ParsedCommand": {
      "oneOf": [
        {
@@ -3681,6 +3783,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "RemoteSkillSummary": {
      "properties": {
        "description": {
--- a/codex-rs/app-server-protocol/schema/json/v1/GetConversationSummaryResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetConversationSummaryResponse.json
@@ -113,7 +113,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
--- a/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json
@@ -29,6 +29,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -140,6 +154,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "SandboxMode": {
      "enum": [
        "read-only",
--- a/codex-rs/app-server-protocol/schema/json/v1/ListConversationsResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ListConversationsResponse.json
@@ -113,7 +113,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
--- a/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json
@@ -25,6 +25,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -34,6 +48,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "SandboxMode": {
      "enum": [
        "read-only",
--- a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json
@@ -25,6 +25,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -437,6 +451,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "ResponseItem": {
      "oneOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json
@@ -117,6 +117,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -473,6 +487,35 @@
          "title": "WarningEventMsg",
          "type": "object"
        },
+        {
+          "description": "Model routing changed from the requested model to a different model.",
+          "properties": {
+            "from_model": {
+              "type": "string"
+            },
+            "reason": {
+              "$ref": "#/definitions/ModelRerouteReason"
+            },
+            "to_model": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "model_reroute"
+              ],
+              "title": "ModelRerouteEventMsgType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "from_model",
+            "reason",
+            "to_model",
+            "type"
+          ],
+          "title": "ModelRerouteEventMsg",
+          "type": "object"
+        },
        {
          "description": "Conversation history was compacted (either automatically or manually).",
          "properties": {
@@ -620,6 +663,17 @@
            "message": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "type": {
              "enum": [
                "agent_message"
@@ -1423,8 +1477,15 @@
        },
        {
          "properties": {
+            "approval_id": {
+              "description": "Identifier for this specific approval callback.\n\nWhen absent, the approval is for the command item itself (`call_id`). This is present for subcommand approvals (via execve intercept).",
+              "type": [
+                "string",
+                "null"
+              ]
+            },
            "call_id": {
-              "description": "Identifier for the associated exec call, if available.",
+              "description": "Identifier for the associated command execution item.",
              "type": "string"
            },
            "command": {
@@ -1438,6 +1499,17 @@
              "description": "The command's working directory.",
              "type": "string"
            },
+            "network_approval_context": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/NetworkApprovalContext"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "description": "Optional network context for a blocked request that can be approved."
+            },
            "parsed_cmd": {
              "items": {
                "$ref": "#/definitions/ParsedCommand"
@@ -3307,6 +3379,12 @@
      ],
      "type": "string"
    },
+    "ModelRerouteReason": {
+      "enum": [
+        "high_risk_cyber_activity"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "description": "Represents whether outbound network access is available to the agent.",
      "enum": [
@@ -3315,6 +3393,30 @@
      ],
      "type": "string"
    },
+    "NetworkApprovalContext": {
+      "properties": {
+        "host": {
+          "type": "string"
+        },
+        "protocol": {
+          "$ref": "#/definitions/NetworkApprovalProtocol"
+        }
+      },
+      "required": [
+        "host",
+        "protocol"
+      ],
+      "type": "object"
+    },
+    "NetworkApprovalProtocol": {
+      "enum": [
+        "http",
+        "https",
+        "socks5_tcp",
+        "socks5_udp"
+      ],
+      "type": "string"
+    },
    "ParsedCommand": {
      "oneOf": [
        {
@@ -3681,6 +3783,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "RemoteSkillSummary": {
      "properties": {
        "description": {
--- a/codex-rs/app-server-protocol/schema/json/v1/SendUserTurnParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/SendUserTurnParams.json
@@ -29,6 +29,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -225,6 +239,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "SandboxPolicy": {
      "description": "Determines execution restrictions for model shell commands.",
      "oneOf": [
--- a/codex-rs/app-server-protocol/schema/json/v1/SessionConfiguredNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/SessionConfiguredNotification.json
@@ -117,6 +117,20 @@
          ],
          "type": "string"
        },
+        {
+          "additionalProperties": false,
+          "description": "Fine-grained rejection controls for approval prompts.\n\nWhen a field is `true`, prompts of that category are automatically rejected instead of shown to the user.",
+          "properties": {
+            "reject": {
+              "$ref": "#/definitions/RejectConfig"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        },
        {
          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
          "enum": [
@@ -473,6 +487,35 @@
          "title": "WarningEventMsg",
          "type": "object"
        },
+        {
+          "description": "Model routing changed from the requested model to a different model.",
+          "properties": {
+            "from_model": {
+              "type": "string"
+            },
+            "reason": {
+              "$ref": "#/definitions/ModelRerouteReason"
+            },
+            "to_model": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "model_reroute"
+              ],
+              "title": "ModelRerouteEventMsgType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "from_model",
+            "reason",
+            "to_model",
+            "type"
+          ],
+          "title": "ModelRerouteEventMsg",
+          "type": "object"
+        },
        {
          "description": "Conversation history was compacted (either automatically or manually).",
          "properties": {
@@ -620,6 +663,17 @@
            "message": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "type": {
              "enum": [
                "agent_message"
@@ -1423,8 +1477,15 @@
        },
        {
          "properties": {
+            "approval_id": {
+              "description": "Identifier for this specific approval callback.\n\nWhen absent, the approval is for the command item itself (`call_id`). This is present for subcommand approvals (via execve intercept).",
+              "type": [
+                "string",
+                "null"
+              ]
+            },
            "call_id": {
-              "description": "Identifier for the associated exec call, if available.",
+              "description": "Identifier for the associated command execution item.",
              "type": "string"
            },
            "command": {
@@ -1438,6 +1499,17 @@
              "description": "The command's working directory.",
              "type": "string"
            },
+            "network_approval_context": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/NetworkApprovalContext"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "description": "Optional network context for a blocked request that can be approved."
+            },
            "parsed_cmd": {
              "items": {
                "$ref": "#/definitions/ParsedCommand"
@@ -3307,6 +3379,12 @@
      ],
      "type": "string"
    },
+    "ModelRerouteReason": {
+      "enum": [
+        "high_risk_cyber_activity"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "description": "Represents whether outbound network access is available to the agent.",
      "enum": [
@@ -3315,6 +3393,30 @@
      ],
      "type": "string"
    },
+    "NetworkApprovalContext": {
+      "properties": {
+        "host": {
+          "type": "string"
+        },
+        "protocol": {
+          "$ref": "#/definitions/NetworkApprovalProtocol"
+        }
+      },
+      "required": [
+        "host",
+        "protocol"
+      ],
+      "type": "object"
+    },
+    "NetworkApprovalProtocol": {
+      "enum": [
+        "http",
+        "https",
+        "socks5_tcp",
+        "socks5_udp"
+      ],
+      "type": "string"
+    },
    "ParsedCommand": {
      "oneOf": [
        {
@@ -3681,6 +3783,28 @@
        }
      ]
    },
+    "RejectConfig": {
+      "properties": {
+        "mcp_elicitations": {
+          "description": "Reject MCP elicitation prompts.",
+          "type": "boolean"
+        },
+        "rules": {
+          "description": "Reject prompts triggered by execpolicy `prompt` rules.",
+          "type": "boolean"
+        },
+        "sandbox_approval": {
+          "description": "Reject approval prompts related to sandbox escalation.",
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "mcp_elicitations",
+        "rules",
+        "sandbox_approval"
+      ],
+      "type": "object"
+    },
    "RemoteSkillSummary": {
      "properties": {
        "description": {
--- a/codex-rs/app-server-protocol/schema/json/v2/AppListUpdatedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/AppListUpdatedNotification.json
@@ -1,9 +1,71 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
+    "AppBranding": {
+      "description": "EXPERIMENTAL - app metadata returned by app-list APIs.",
+      "properties": {
+        "category": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "developer": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "isDiscoverableApp": {
+          "type": "boolean"
+        },
+        "privacyPolicy": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "termsOfService": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "website": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "isDiscoverableApp"
+      ],
+      "type": "object"
+    },
    "AppInfo": {
      "description": "EXPERIMENTAL - app metadata returned by app-list APIs.",
      "properties": {
+        "appMetadata": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppMetadata"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "branding": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppBranding"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
        "description": {
          "type": [
            "string",
@@ -34,6 +96,15 @@
          "description": "Whether this app is enabled in config.toml. Example: ```toml [apps.bad_app] enabled = false ```",
          "type": "boolean"
        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
        "logoUrl": {
          "type": [
            "string",
@@ -55,6 +126,130 @@
        "name"
      ],
      "type": "object"
+    },
+    "AppMetadata": {
+      "properties": {
+        "categories": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "developer": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "firstPartyRequiresInstall": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "firstPartyType": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "review": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppReview"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "screenshots": {
+          "items": {
+            "$ref": "#/definitions/AppScreenshot"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "seoDescription": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "showInComposerWhenUnlinked": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "subCategories": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "version": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "versionId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "versionNotes": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "AppReview": {
+      "properties": {
+        "status": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "status"
+      ],
+      "type": "object"
+    },
+    "AppScreenshot": {
+      "properties": {
+        "fileId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "url": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "userPrompt": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "userPrompt"
+      ],
+      "type": "object"
    }
  },
  "description": "EXPERIMENTAL - notification emitted when the app list changes.",
--- a/codex-rs/app-server-protocol/schema/json/v2/AppsListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/AppsListResponse.json
@@ -1,9 +1,71 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
+    "AppBranding": {
+      "description": "EXPERIMENTAL - app metadata returned by app-list APIs.",
+      "properties": {
+        "category": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "developer": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "isDiscoverableApp": {
+          "type": "boolean"
+        },
+        "privacyPolicy": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "termsOfService": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "website": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "isDiscoverableApp"
+      ],
+      "type": "object"
+    },
    "AppInfo": {
      "description": "EXPERIMENTAL - app metadata returned by app-list APIs.",
      "properties": {
+        "appMetadata": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppMetadata"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "branding": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppBranding"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
        "description": {
          "type": [
            "string",
@@ -34,6 +96,15 @@
          "description": "Whether this app is enabled in config.toml. Example: ```toml [apps.bad_app] enabled = false ```",
          "type": "boolean"
        },
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
        "logoUrl": {
          "type": [
            "string",
@@ -55,6 +126,130 @@
        "name"
      ],
      "type": "object"
+    },
+    "AppMetadata": {
+      "properties": {
+        "categories": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "developer": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "firstPartyRequiresInstall": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "firstPartyType": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "review": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AppReview"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "screenshots": {
+          "items": {
+            "$ref": "#/definitions/AppScreenshot"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "seoDescription": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "showInComposerWhenUnlinked": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "subCategories": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "version": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "versionId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "versionNotes": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "AppReview": {
+      "properties": {
+        "status": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "status"
+      ],
+      "type": "object"
+    },
+    "AppScreenshot": {
+      "properties": {
+        "fileId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "url": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "userPrompt": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "userPrompt"
+      ],
+      "type": "object"
    }
  },
  "description": "EXPERIMENTAL - app list response.",
--- a/codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json
@@ -47,13 +47,46 @@
      "type": "object"
    },
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "Config": {
      "additionalProperties": true,
--- a/codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
@@ -2,13 +2,46 @@
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "ConfigRequirements": {
      "properties": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemCompletedNotification.json
@@ -236,6 +236,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -360,6 +367,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemStartedNotification.json
@@ -236,6 +236,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -360,6 +367,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelListParams.json
@@ -8,6 +8,13 @@
        "null"
      ]
    },
+    "includeHidden": {
+      "description": "When true, include models that are hidden from the default picker list.",
+      "type": [
+        "boolean",
+        "null"
+      ]
+    },
    "limit": {
      "description": "Optional page size; defaults to a reasonable server-side value.",
      "format": "uint32",
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelListResponse.json
@@ -31,6 +31,9 @@
        "displayName": {
          "type": "string"
        },
+        "hidden": {
+          "type": "boolean"
+        },
        "id": {
          "type": "string"
        },
@@ -71,6 +74,7 @@
        "defaultReasoningEffort",
        "description",
        "displayName",
+        "hidden",
        "id",
        "isDefault",
        "model",
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelReroutedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelReroutedNotification.json
@@ -0,0 +1,37 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "ModelRerouteReason": {
+      "enum": [
+        "highRiskCyberActivity"
+      ],
+      "type": "string"
+    }
+  },
+  "properties": {
+    "fromModel": {
+      "type": "string"
+    },
+    "reason": {
+      "$ref": "#/definitions/ModelRerouteReason"
+    },
+    "threadId": {
+      "type": "string"
+    },
+    "toModel": {
+      "type": "string"
+    },
+    "turnId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "fromModel",
+    "reason",
+    "threadId",
+    "toModel",
+    "turnId"
+  ],
+  "title": "ModelReroutedNotification",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json
@@ -350,6 +350,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -474,6 +481,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
--- a/codex-rs/app-server-protocol/schema/json/v2/SkillsRemoteReadParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/SkillsRemoteReadParams.json
@@ -1,5 +1,47 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "HazelnutScope": {
+      "enum": [
+        "example",
+        "workspace-shared",
+        "all-shared",
+        "personal"
+      ],
+      "type": "string"
+    },
+    "ProductSurface": {
+      "enum": [
+        "chatgpt",
+        "codex",
+        "api",
+        "atlas"
+      ],
+      "type": "string"
+    }
+  },
+  "properties": {
+    "enabled": {
+      "default": false,
+      "type": "boolean"
+    },
+    "hazelnutScope": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/HazelnutScope"
+        }
+      ],
+      "default": "example"
+    },
+    "productSurface": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/ProductSurface"
+        }
+      ],
+      "default": "codex"
+    }
+  },
  "title": "SkillsRemoteReadParams",
  "type": "object"
 }
--- a/codex-rs/app-server-protocol/schema/json/v2/SkillsRemoteWriteParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/SkillsRemoteWriteParams.json
@@ -3,14 +3,10 @@
  "properties": {
    "hazelnutId": {
      "type": "string"
-    },
-    "isPreload": {
-      "type": "boolean"
    }
  },
  "required": [
-    "hazelnutId",
-    "isPreload"
+    "hazelnutId"
  ],
  "title": "SkillsRemoteWriteParams",
  "type": "object"
--- a/codex-rs/app-server-protocol/schema/json/v2/SkillsRemoteWriteResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/SkillsRemoteWriteResponse.json
@@ -4,16 +4,12 @@
    "id": {
      "type": "string"
    },
-    "name": {
-      "type": "string"
-    },
    "path": {
      "type": "string"
    }
  },
  "required": [
    "id",
-    "name",
    "path"
  ],
  "title": "SkillsRemoteWriteResponse",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadArchivedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadArchivedNotification.json
@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "threadId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "threadId"
+  ],
+  "title": "ThreadArchivedNotification",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json
@@ -2,13 +2,46 @@
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "SandboxMode": {
      "enum": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
@@ -6,13 +6,46 @@
      "type": "string"
    },
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "ByteRange": {
      "properties": {
@@ -386,6 +419,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "enum": [
        "restricted",
@@ -666,7 +706,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -786,6 +827,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -807,11 +856,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -849,6 +906,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1287,6 +1355,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json
@@ -373,6 +373,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -472,7 +479,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -592,6 +600,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -613,11 +629,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -655,6 +679,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1093,6 +1128,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json
@@ -373,6 +373,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -472,7 +479,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -592,6 +600,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -613,11 +629,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -655,6 +679,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1093,6 +1128,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json
@@ -2,13 +2,46 @@
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "ContentItem": {
      "oneOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
@@ -6,13 +6,46 @@
      "type": "string"
    },
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "ByteRange": {
      "properties": {
@@ -386,6 +419,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "enum": [
        "restricted",
@@ -666,7 +706,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -786,6 +827,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -807,11 +856,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -849,6 +906,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1287,6 +1355,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json
@@ -373,6 +373,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -472,7 +479,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -592,6 +600,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -613,11 +629,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -655,6 +679,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1093,6 +1128,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json
@@ -2,13 +2,46 @@
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "DynamicToolSpec": {
      "properties": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
@@ -6,13 +6,46 @@
      "type": "string"
    },
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "ByteRange": {
      "properties": {
@@ -386,6 +419,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "NetworkAccess": {
      "enum": [
        "restricted",
@@ -666,7 +706,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -786,6 +827,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -807,11 +856,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -849,6 +906,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1287,6 +1355,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json
@@ -373,6 +373,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -472,7 +479,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -592,6 +600,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -613,11 +629,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -655,6 +679,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1093,6 +1128,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStatusChangedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStatusChangedNotification.json
@@ -0,0 +1,101 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    }
+  },
+  "properties": {
+    "status": {
+      "$ref": "#/definitions/ThreadStatus"
+    },
+    "threadId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "status",
+    "threadId"
+  ],
+  "title": "ThreadStatusChangedNotification",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json
@@ -373,6 +373,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -472,7 +479,8 @@
        {
          "enum": [
            "review",
-            "compact"
+            "compact",
+            "memory_consolidation"
          ],
          "type": "string"
        },
@@ -592,6 +600,14 @@
          ],
          "description": "Origin of the thread (CLI, VSCode, codex exec, codex app-server, etc.)."
        },
+        "status": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/ThreadStatus"
+            }
+          ],
+          "description": "Current runtime status for the thread."
+        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -613,11 +629,19 @@
        "modelProvider",
        "preview",
        "source",
+        "status",
        "turns",
        "updatedAt"
      ],
      "type": "object"
    },
+    "ThreadActiveFlag": {
+      "enum": [
+        "waitingOnApproval",
+        "waitingOnUserInput"
+      ],
+      "type": "string"
+    },
    "ThreadId": {
      "type": "string"
    },
@@ -655,6 +679,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
@@ -1093,6 +1128,81 @@
        }
      ]
    },
+    "ThreadStatus": {
+      "oneOf": [
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "notLoaded"
+              ],
+              "title": "NotLoadedThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "NotLoadedThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "idle"
+              ],
+              "title": "IdleThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "IdleThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "systemError"
+              ],
+              "title": "SystemErrorThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SystemErrorThreadStatus",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "activeFlags": {
+              "items": {
+                "$ref": "#/definitions/ThreadActiveFlag"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "active"
+              ],
+              "title": "ActiveThreadStatusType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "activeFlags",
+            "type"
+          ],
+          "title": "ActiveThreadStatus",
+          "type": "object"
+        }
+      ]
+    },
    "Turn": {
      "properties": {
        "error": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchivedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchivedNotification.json
@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "threadId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "threadId"
+  ],
+  "title": "ThreadUnarchivedNotification",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json
@@ -350,6 +350,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -474,6 +481,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
@@ -6,13 +6,46 @@
      "type": "string"
    },
    "AskForApproval": {
-      "enum": [
-        "untrusted",
-        "on-failure",
-        "on-request",
-        "never"
-      ],
-      "type": "string"
+      "oneOf": [
+        {
+          "enum": [
+            "untrusted",
+            "on-failure",
+            "on-request",
+            "never"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "reject": {
+              "properties": {
+                "mcp_elicitations": {
+                  "type": "boolean"
+                },
+                "rules": {
+                  "type": "boolean"
+                },
+                "sandbox_approval": {
+                  "type": "boolean"
+                }
+              },
+              "required": [
+                "mcp_elicitations",
+                "rules",
+                "sandbox_approval"
+              ],
+              "type": "object"
+            }
+          },
+          "required": [
+            "reject"
+          ],
+          "title": "RejectAskForApproval",
+          "type": "object"
+        }
+      ]
    },
    "ByteRange": {
      "properties": {
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json
@@ -350,6 +350,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -474,6 +481,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json
@@ -350,6 +350,13 @@
      ],
      "type": "string"
    },
+    "MessagePhase": {
+      "enum": [
+        "commentary",
+        "finalAnswer"
+      ],
+      "type": "string"
+    },
    "PatchApplyStatus": {
      "enum": [
        "inProgress",
@@ -474,6 +481,17 @@
            "id": {
              "type": "string"
            },
+            "phase": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/MessagePhase"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "default": null
+            },
            "text": {
              "type": "string"
            },
--- a/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupCompletedNotification.json
@@ -0,0 +1,32 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "WindowsSandboxSetupMode": {
+      "enum": [
+        "elevated",
+        "unelevated"
+      ],
+      "type": "string"
+    }
+  },
+  "properties": {
+    "error": {
+      "type": [
+        "string",
+        "null"
+      ]
+    },
+    "mode": {
+      "$ref": "#/definitions/WindowsSandboxSetupMode"
+    },
+    "success": {
+      "type": "boolean"
+    }
+  },
+  "required": [
+    "mode",
+    "success"
+  ],
+  "title": "WindowsSandboxSetupCompletedNotification",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartParams.json
@@ -0,0 +1,22 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "WindowsSandboxSetupMode": {
+      "enum": [
+        "elevated",
+        "unelevated"
+      ],
+      "type": "string"
+    }
+  },
+  "properties": {
+    "mode": {
+      "$ref": "#/definitions/WindowsSandboxSetupMode"
+    }
+  },
+  "required": [
+    "mode"
+  ],
+  "title": "WindowsSandboxSetupStartParams",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartResponse.json
@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "started": {
+      "type": "boolean"
+    }
+  },
+  "required": [
+    "started"
+  ],
+  "title": "WindowsSandboxSetupStartResponse",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/typescript/AgentMessageEvent.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/AgentMessageEvent.ts
@@ -1,5 +1,6 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { MessagePhase } from "./MessagePhase";

-export type AgentMessageEvent = { message: string, };
+export type AgentMessageEvent = { message: string, phase: MessagePhase | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/AskForApproval.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/AskForApproval.ts
@@ -1,9 +1,10 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { RejectConfig } from "./RejectConfig";

 /**
 * Determines the conditions under which the user is consulted to approve
 * running the command proposed by Codex.
 */
-export type AskForApproval = "untrusted" | "on-failure" | "on-request" | "never";
+export type AskForApproval = "untrusted" | "on-failure" | "on-request" | { "reject": RejectConfig } | "never";
--- a/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
@@ -53,8 +53,9 @@ import type { ThreadUnarchiveParams } from "./v2/ThreadUnarchiveParams";
 import type { TurnInterruptParams } from "./v2/TurnInterruptParams";
 import type { TurnStartParams } from "./v2/TurnStartParams";
 import type { TurnSteerParams } from "./v2/TurnSteerParams";
+import type { WindowsSandboxSetupStartParams } from "./v2/WindowsSandboxSetupStartParams";

 /**
 * Request from the client to the server.
 */
-export type ClientRequest ={ "method": "initialize", id: RequestId, params: InitializeParams, } | { "method": "thread/start", id: RequestId, params: ThreadStartParams, } | { "method": "thread/resume", id: RequestId, params: ThreadResumeParams, } | { "method": "thread/fork", id: RequestId, params: ThreadForkParams, } | { "method": "thread/archive", id: RequestId, params: ThreadArchiveParams, } | { "method": "thread/name/set", id: RequestId, params: ThreadSetNameParams, } | { "method": "thread/unarchive", id: RequestId, params: ThreadUnarchiveParams, } | { "method": "thread/compact/start", id: RequestId, params: ThreadCompactStartParams, } | { "method": "thread/rollback", id: RequestId, params: ThreadRollbackParams, } | { "method": "thread/list", id: RequestId, params: ThreadListParams, } | { "method": "thread/loaded/list", id: RequestId, params: ThreadLoadedListParams, } | { "method": "thread/read", id: RequestId, params: ThreadReadParams, } | { "method": "skills/list", id: RequestId, params: SkillsListParams, } | { "method": "skills/remote/read", id: RequestId, params: SkillsRemoteReadParams, } | { "method": "skills/remote/write", id: RequestId, params: SkillsRemoteWriteParams, } | { "method": "app/list", id: RequestId, params: AppsListParams, } | { "method": "skills/config/write", id: RequestId, params: SkillsConfigWriteParams, } | { "method": "turn/start", id: RequestId, params: TurnStartParams, } | { "method": "turn/steer", id: RequestId, params: TurnSteerParams, } | { "method": "turn/interrupt", id: RequestId, params: TurnInterruptParams, } | { "method": "review/start", id: RequestId, params: ReviewStartParams, } | { "method": "model/list", id: RequestId, params: ModelListParams, } | { "method": "experimentalFeature/list", id: RequestId, params: ExperimentalFeatureListParams, } | { "method": "mcpServer/oauth/login", id: RequestId, params: McpServerOauthLoginParams, } | { "method": "config/mcpServer/reload", id: RequestId, params: undefined, } | { "method": "mcpServerStatus/list", id: RequestId, params: ListMcpServerStatusParams, } | { "method": "account/login/start", id: RequestId, params: LoginAccountParams, } | { "method": "account/login/cancel", id: RequestId, params: CancelLoginAccountParams, } | { "method": "account/logout", id: RequestId, params: undefined, } | { "method": "account/rateLimits/read", id: RequestId, params: undefined, } | { "method": "feedback/upload", id: RequestId, params: FeedbackUploadParams, } | { "method": "command/exec", id: RequestId, params: CommandExecParams, } | { "method": "config/read", id: RequestId, params: ConfigReadParams, } | { "method": "config/value/write", id: RequestId, params: ConfigValueWriteParams, } | { "method": "config/batchWrite", id: RequestId, params: ConfigBatchWriteParams, } | { "method": "configRequirements/read", id: RequestId, params: undefined, } | { "method": "account/read", id: RequestId, params: GetAccountParams, } | { "method": "newConversation", id: RequestId, params: NewConversationParams, } | { "method": "getConversationSummary", id: RequestId, params: GetConversationSummaryParams, } | { "method": "listConversations", id: RequestId, params: ListConversationsParams, } | { "method": "resumeConversation", id: RequestId, params: ResumeConversationParams, } | { "method": "forkConversation", id: RequestId, params: ForkConversationParams, } | { "method": "archiveConversation", id: RequestId, params: ArchiveConversationParams, } | { "method": "sendUserMessage", id: RequestId, params: SendUserMessageParams, } | { "method": "sendUserTurn", id: RequestId, params: SendUserTurnParams, } | { "method": "interruptConversation", id: RequestId, params: InterruptConversationParams, } | { "method": "addConversationListener", id: RequestId, params: AddConversationListenerParams, } | { "method": "removeConversationListener", id: RequestId, params: RemoveConversationListenerParams, } | { "method": "gitDiffToRemote", id: RequestId, params: GitDiffToRemoteParams, } | { "method": "loginApiKey", id: RequestId, params: LoginApiKeyParams, } | { "method": "loginChatGpt", id: RequestId, params: undefined, } | { "method": "cancelLoginChatGpt", id: RequestId, params: CancelLoginChatGptParams, } | { "method": "logoutChatGpt", id: RequestId, params: undefined, } | { "method": "getAuthStatus", id: RequestId, params: GetAuthStatusParams, } | { "method": "getUserSavedConfig", id: RequestId, params: undefined, } | { "method": "setDefaultModel", id: RequestId, params: SetDefaultModelParams, } | { "method": "getUserAgent", id: RequestId, params: undefined, } | { "method": "userInfo", id: RequestId, params: undefined, } | { "method": "fuzzyFileSearch", id: RequestId, params: FuzzyFileSearchParams, } | { "method": "execOneOffCommand", id: RequestId, params: ExecOneOffCommandParams, };
+export type ClientRequest ={ "method": "initialize", id: RequestId, params: InitializeParams, } | { "method": "thread/start", id: RequestId, params: ThreadStartParams, } | { "method": "thread/resume", id: RequestId, params: ThreadResumeParams, } | { "method": "thread/fork", id: RequestId, params: ThreadForkParams, } | { "method": "thread/archive", id: RequestId, params: ThreadArchiveParams, } | { "method": "thread/name/set", id: RequestId, params: ThreadSetNameParams, } | { "method": "thread/unarchive", id: RequestId, params: ThreadUnarchiveParams, } | { "method": "thread/compact/start", id: RequestId, params: ThreadCompactStartParams, } | { "method": "thread/rollback", id: RequestId, params: ThreadRollbackParams, } | { "method": "thread/list", id: RequestId, params: ThreadListParams, } | { "method": "thread/loaded/list", id: RequestId, params: ThreadLoadedListParams, } | { "method": "thread/read", id: RequestId, params: ThreadReadParams, } | { "method": "skills/list", id: RequestId, params: SkillsListParams, } | { "method": "skills/remote/list", id: RequestId, params: SkillsRemoteReadParams, } | { "method": "skills/remote/export", id: RequestId, params: SkillsRemoteWriteParams, } | { "method": "app/list", id: RequestId, params: AppsListParams, } | { "method": "skills/config/write", id: RequestId, params: SkillsConfigWriteParams, } | { "method": "turn/start", id: RequestId, params: TurnStartParams, } | { "method": "turn/steer", id: RequestId, params: TurnSteerParams, } | { "method": "turn/interrupt", id: RequestId, params: TurnInterruptParams, } | { "method": "review/start", id: RequestId, params: ReviewStartParams, } | { "method": "model/list", id: RequestId, params: ModelListParams, } | { "method": "experimentalFeature/list", id: RequestId, params: ExperimentalFeatureListParams, } | { "method": "mcpServer/oauth/login", id: RequestId, params: McpServerOauthLoginParams, } | { "method": "config/mcpServer/reload", id: RequestId, params: undefined, } | { "method": "mcpServerStatus/list", id: RequestId, params: ListMcpServerStatusParams, } | { "method": "windowsSandbox/setupStart", id: RequestId, params: WindowsSandboxSetupStartParams, } | { "method": "account/login/start", id: RequestId, params: LoginAccountParams, } | { "method": "account/login/cancel", id: RequestId, params: CancelLoginAccountParams, } | { "method": "account/logout", id: RequestId, params: undefined, } | { "method": "account/rateLimits/read", id: RequestId, params: undefined, } | { "method": "feedback/upload", id: RequestId, params: FeedbackUploadParams, } | { "method": "command/exec", id: RequestId, params: CommandExecParams, } | { "method": "config/read", id: RequestId, params: ConfigReadParams, } | { "method": "config/value/write", id: RequestId, params: ConfigValueWriteParams, } | { "method": "config/batchWrite", id: RequestId, params: ConfigBatchWriteParams, } | { "method": "configRequirements/read", id: RequestId, params: undefined, } | { "method": "account/read", id: RequestId, params: GetAccountParams, } | { "method": "newConversation", id: RequestId, params: NewConversationParams, } | { "method": "getConversationSummary", id: RequestId, params: GetConversationSummaryParams, } | { "method": "listConversations", id: RequestId, params: ListConversationsParams, } | { "method": "resumeConversation", id: RequestId, params: ResumeConversationParams, } | { "method": "forkConversation", id: RequestId, params: ForkConversationParams, } | { "method": "archiveConversation", id: RequestId, params: ArchiveConversationParams, } | { "method": "sendUserMessage", id: RequestId, params: SendUserMessageParams, } | { "method": "sendUserTurn", id: RequestId, params: SendUserTurnParams, } | { "method": "interruptConversation", id: RequestId, params: InterruptConversationParams, } | { "method": "addConversationListener", id: RequestId, params: AddConversationListenerParams, } | { "method": "removeConversationListener", id: RequestId, params: RemoveConversationListenerParams, } | { "method": "gitDiffToRemote", id: RequestId, params: GitDiffToRemoteParams, } | { "method": "loginApiKey", id: RequestId, params: LoginApiKeyParams, } | { "method": "loginChatGpt", id: RequestId, params: undefined, } | { "method": "cancelLoginChatGpt", id: RequestId, params: CancelLoginChatGptParams, } | { "method": "logoutChatGpt", id: RequestId, params: undefined, } | { "method": "getAuthStatus", id: RequestId, params: GetAuthStatusParams, } | { "method": "getUserSavedConfig", id: RequestId, params: undefined, } | { "method": "setDefaultModel", id: RequestId, params: SetDefaultModelParams, } | { "method": "getUserAgent", id: RequestId, params: undefined, } | { "method": "userInfo", id: RequestId, params: undefined, } | { "method": "fuzzyFileSearch", id: RequestId, params: FuzzyFileSearchParams, } | { "method": "execOneOffCommand", id: RequestId, params: ExecOneOffCommandParams, };
--- a/codex-rs/app-server-protocol/schema/typescript/EventMsg.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/EventMsg.ts
@@ -42,6 +42,7 @@ import type { McpStartupCompleteEvent } from "./McpStartupCompleteEvent";
 import type { McpStartupUpdateEvent } from "./McpStartupUpdateEvent";
 import type { McpToolCallBeginEvent } from "./McpToolCallBeginEvent";
 import type { McpToolCallEndEvent } from "./McpToolCallEndEvent";
+import type { ModelRerouteEvent } from "./ModelRerouteEvent";
 import type { PatchApplyBeginEvent } from "./PatchApplyBeginEvent";
 import type { PatchApplyEndEvent } from "./PatchApplyEndEvent";
 import type { PlanDeltaEvent } from "./PlanDeltaEvent";
@@ -74,4 +75,4 @@ import type { WebSearchEndEvent } from "./WebSearchEndEvent";
 * Response event from the agent
 * NOTE: Make sure none of these values have optional types, as it will mess up the extension code-gen.
 */
-export type EventMsg = { "type": "error" } & ErrorEvent | { "type": "warning" } & WarningEvent | { "type": "context_compacted" } & ContextCompactedEvent | { "type": "thread_rolled_back" } & ThreadRolledBackEvent | { "type": "task_started" } & TurnStartedEvent | { "type": "task_complete" } & TurnCompleteEvent | { "type": "token_count" } & TokenCountEvent | { "type": "agent_message" } & AgentMessageEvent | { "type": "user_message" } & UserMessageEvent | { "type": "agent_message_delta" } & AgentMessageDeltaEvent | { "type": "agent_reasoning" } & AgentReasoningEvent | { "type": "agent_reasoning_delta" } & AgentReasoningDeltaEvent | { "type": "agent_reasoning_raw_content" } & AgentReasoningRawContentEvent | { "type": "agent_reasoning_raw_content_delta" } & AgentReasoningRawContentDeltaEvent | { "type": "agent_reasoning_section_break" } & AgentReasoningSectionBreakEvent | { "type": "session_configured" } & SessionConfiguredEvent | { "type": "thread_name_updated" } & ThreadNameUpdatedEvent | { "type": "mcp_startup_update" } & McpStartupUpdateEvent | { "type": "mcp_startup_complete" } & McpStartupCompleteEvent | { "type": "mcp_tool_call_begin" } & McpToolCallBeginEvent | { "type": "mcp_tool_call_end" } & McpToolCallEndEvent | { "type": "web_search_begin" } & WebSearchBeginEvent | { "type": "web_search_end" } & WebSearchEndEvent | { "type": "exec_command_begin" } & ExecCommandBeginEvent | { "type": "exec_command_output_delta" } & ExecCommandOutputDeltaEvent | { "type": "terminal_interaction" } & TerminalInteractionEvent | { "type": "exec_command_end" } & ExecCommandEndEvent | { "type": "view_image_tool_call" } & ViewImageToolCallEvent | { "type": "exec_approval_request" } & ExecApprovalRequestEvent | { "type": "request_user_input" } & RequestUserInputEvent | { "type": "dynamic_tool_call_request" } & DynamicToolCallRequest | { "type": "elicitation_request" } & ElicitationRequestEvent | { "type": "apply_patch_approval_request" } & ApplyPatchApprovalRequestEvent | { "type": "deprecation_notice" } & DeprecationNoticeEvent | { "type": "background_event" } & BackgroundEventEvent | { "type": "undo_started" } & UndoStartedEvent | { "type": "undo_completed" } & UndoCompletedEvent | { "type": "stream_error" } & StreamErrorEvent | { "type": "patch_apply_begin" } & PatchApplyBeginEvent | { "type": "patch_apply_end" } & PatchApplyEndEvent | { "type": "turn_diff" } & TurnDiffEvent | { "type": "get_history_entry_response" } & GetHistoryEntryResponseEvent | { "type": "mcp_list_tools_response" } & McpListToolsResponseEvent | { "type": "list_custom_prompts_response" } & ListCustomPromptsResponseEvent | { "type": "list_skills_response" } & ListSkillsResponseEvent | { "type": "list_remote_skills_response" } & ListRemoteSkillsResponseEvent | { "type": "remote_skill_downloaded" } & RemoteSkillDownloadedEvent | { "type": "skills_update_available" } | { "type": "plan_update" } & UpdatePlanArgs | { "type": "turn_aborted" } & TurnAbortedEvent | { "type": "shutdown_complete" } | { "type": "entered_review_mode" } & ReviewRequest | { "type": "exited_review_mode" } & ExitedReviewModeEvent | { "type": "raw_response_item" } & RawResponseItemEvent | { "type": "item_started" } & ItemStartedEvent | { "type": "item_completed" } & ItemCompletedEvent | { "type": "agent_message_content_delta" } & AgentMessageContentDeltaEvent | { "type": "plan_delta" } & PlanDeltaEvent | { "type": "reasoning_content_delta" } & ReasoningContentDeltaEvent | { "type": "reasoning_raw_content_delta" } & ReasoningRawContentDeltaEvent | { "type": "collab_agent_spawn_begin" } & CollabAgentSpawnBeginEvent | { "type": "collab_agent_spawn_end" } & CollabAgentSpawnEndEvent | { "type": "collab_agent_interaction_begin" } & CollabAgentInteractionBeginEvent | { "type": "collab_agent_interaction_end" } & CollabAgentInteractionEndEvent | { "type": "collab_waiting_begin" } & CollabWaitingBeginEvent | { "type": "collab_waiting_end" } & CollabWaitingEndEvent | { "type": "collab_close_begin" } & CollabCloseBeginEvent | { "type": "collab_close_end" } & CollabCloseEndEvent | { "type": "collab_resume_begin" } & CollabResumeBeginEvent | { "type": "collab_resume_end" } & CollabResumeEndEvent;
+export type EventMsg = { "type": "error" } & ErrorEvent | { "type": "warning" } & WarningEvent | { "type": "model_reroute" } & ModelRerouteEvent | { "type": "context_compacted" } & ContextCompactedEvent | { "type": "thread_rolled_back" } & ThreadRolledBackEvent | { "type": "task_started" } & TurnStartedEvent | { "type": "task_complete" } & TurnCompleteEvent | { "type": "token_count" } & TokenCountEvent | { "type": "agent_message" } & AgentMessageEvent | { "type": "user_message" } & UserMessageEvent | { "type": "agent_message_delta" } & AgentMessageDeltaEvent | { "type": "agent_reasoning" } & AgentReasoningEvent | { "type": "agent_reasoning_delta" } & AgentReasoningDeltaEvent | { "type": "agent_reasoning_raw_content" } & AgentReasoningRawContentEvent | { "type": "agent_reasoning_raw_content_delta" } & AgentReasoningRawContentDeltaEvent | { "type": "agent_reasoning_section_break" } & AgentReasoningSectionBreakEvent | { "type": "session_configured" } & SessionConfiguredEvent | { "type": "thread_name_updated" } & ThreadNameUpdatedEvent | { "type": "mcp_startup_update" } & McpStartupUpdateEvent | { "type": "mcp_startup_complete" } & McpStartupCompleteEvent | { "type": "mcp_tool_call_begin" } & McpToolCallBeginEvent | { "type": "mcp_tool_call_end" } & McpToolCallEndEvent | { "type": "web_search_begin" } & WebSearchBeginEvent | { "type": "web_search_end" } & WebSearchEndEvent | { "type": "exec_command_begin" } & ExecCommandBeginEvent | { "type": "exec_command_output_delta" } & ExecCommandOutputDeltaEvent | { "type": "terminal_interaction" } & TerminalInteractionEvent | { "type": "exec_command_end" } & ExecCommandEndEvent | { "type": "view_image_tool_call" } & ViewImageToolCallEvent | { "type": "exec_approval_request" } & ExecApprovalRequestEvent | { "type": "request_user_input" } & RequestUserInputEvent | { "type": "dynamic_tool_call_request" } & DynamicToolCallRequest | { "type": "elicitation_request" } & ElicitationRequestEvent | { "type": "apply_patch_approval_request" } & ApplyPatchApprovalRequestEvent | { "type": "deprecation_notice" } & DeprecationNoticeEvent | { "type": "background_event" } & BackgroundEventEvent | { "type": "undo_started" } & UndoStartedEvent | { "type": "undo_completed" } & UndoCompletedEvent | { "type": "stream_error" } & StreamErrorEvent | { "type": "patch_apply_begin" } & PatchApplyBeginEvent | { "type": "patch_apply_end" } & PatchApplyEndEvent | { "type": "turn_diff" } & TurnDiffEvent | { "type": "get_history_entry_response" } & GetHistoryEntryResponseEvent | { "type": "mcp_list_tools_response" } & McpListToolsResponseEvent | { "type": "list_custom_prompts_response" } & ListCustomPromptsResponseEvent | { "type": "list_skills_response" } & ListSkillsResponseEvent | { "type": "list_remote_skills_response" } & ListRemoteSkillsResponseEvent | { "type": "remote_skill_downloaded" } & RemoteSkillDownloadedEvent | { "type": "skills_update_available" } | { "type": "plan_update" } & UpdatePlanArgs | { "type": "turn_aborted" } & TurnAbortedEvent | { "type": "shutdown_complete" } | { "type": "entered_review_mode" } & ReviewRequest | { "type": "exited_review_mode" } & ExitedReviewModeEvent | { "type": "raw_response_item" } & RawResponseItemEvent | { "type": "item_started" } & ItemStartedEvent | { "type": "item_completed" } & ItemCompletedEvent | { "type": "agent_message_content_delta" } & AgentMessageContentDeltaEvent | { "type": "plan_delta" } & PlanDeltaEvent | { "type": "reasoning_content_delta" } & ReasoningContentDeltaEvent | { "type": "reasoning_raw_content_delta" } & ReasoningRawContentDeltaEvent | { "type": "collab_agent_spawn_begin" } & CollabAgentSpawnBeginEvent | { "type": "collab_agent_spawn_end" } & CollabAgentSpawnEndEvent | { "type": "collab_agent_interaction_begin" } & CollabAgentInteractionBeginEvent | { "type": "collab_agent_interaction_end" } & CollabAgentInteractionEndEvent | { "type": "collab_waiting_begin" } & CollabWaitingBeginEvent | { "type": "collab_waiting_end" } & CollabWaitingEndEvent | { "type": "collab_close_begin" } & CollabCloseBeginEvent | { "type": "collab_close_end" } & CollabCloseEndEvent | { "type": "collab_resume_begin" } & CollabResumeBeginEvent | { "type": "collab_resume_end" } & CollabResumeEndEvent;
--- a/codex-rs/app-server-protocol/schema/typescript/ExecApprovalRequestEvent.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ExecApprovalRequestEvent.ts
@@ -2,13 +2,21 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExecPolicyAmendment } from "./ExecPolicyAmendment";
+import type { NetworkApprovalContext } from "./NetworkApprovalContext";
 import type { ParsedCommand } from "./ParsedCommand";

 export type ExecApprovalRequestEvent = { 
 /**
- * Identifier for the associated exec call, if available.
+ * Identifier for the associated command execution item.
 */
 call_id: string, 
+/**
+ * Identifier for this specific approval callback.
+ *
+ * When absent, the approval is for the command item itself (`call_id`).
+ * This is present for subcommand approvals (via execve intercept).
+ */
+approval_id?: string, 
 /**
 * Turn ID that this command belongs to.
 * Uses `#[serde(default)]` for backwards compatibility.
@@ -26,6 +34,10 @@ cwd: string,
 * Optional human-readable reason for the approval (e.g. retry without sandbox).
 */
 reason: string | null, 
+/**
+ * Optional network context for a blocked request that can be approved.
+ */
+network_approval_context?: NetworkApprovalContext, 
 /**
 * Proposed execpolicy amendment that can be applied to allow future runs.
 */
--- a/codex-rs/app-server-protocol/schema/typescript/ExecCommandApprovalParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ExecCommandApprovalParams.ts
@@ -9,4 +9,8 @@ export type ExecCommandApprovalParams = { conversationId: ThreadId,
 * Use to correlate this with [codex_core::protocol::ExecCommandBeginEvent]
 * and [codex_core::protocol::ExecCommandEndEvent].
 */
-callId: string, command: Array<string>, cwd: string, reason: string | null, parsedCmd: Array<ParsedCommand>, };
+callId: string, 
+/**
+ * Identifier for this specific approval callback.
+ */
+approvalId: string | null, command: Array<string>, cwd: string, reason: string | null, parsedCmd: Array<ParsedCommand>, };
--- a/codex-rs/app-server-protocol/schema/typescript/FuzzyFileSearchSessionCompletedNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/FuzzyFileSearchSessionCompletedNotification.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type FuzzyFileSearchSessionCompletedNotification = { sessionId: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/ModelRerouteEvent.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ModelRerouteEvent.ts
@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { ModelRerouteReason } from "./ModelRerouteReason";
+
+export type ModelRerouteEvent = { from_model: string, to_model: string, reason: ModelRerouteReason, };
--- a/codex-rs/app-server-protocol/schema/typescript/ModelRerouteReason.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ModelRerouteReason.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type ModelRerouteReason = "high_risk_cyber_activity";
--- a/codex-rs/app-server-protocol/schema/typescript/NetworkApprovalContext.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/NetworkApprovalContext.ts
@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { NetworkApprovalProtocol } from "./NetworkApprovalProtocol";
+
+export type NetworkApprovalContext = { host: string, protocol: NetworkApprovalProtocol, };
--- a/codex-rs/app-server-protocol/schema/typescript/NetworkApprovalProtocol.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/NetworkApprovalProtocol.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type NetworkApprovalProtocol = "http" | "https" | "socks5_tcp" | "socks5_udp";
--- a/codex-rs/app-server-protocol/schema/typescript/RejectConfig.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/RejectConfig.ts
@@ -0,0 +1,17 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type RejectConfig = { 
+/**
+ * Reject approval prompts related to sandbox escalation.
+ */
+sandbox_approval: boolean, 
+/**
+ * Reject prompts triggered by execpolicy `prompt` rules.
+ */
+rules: boolean, 
+/**
+ * Reject MCP elicitation prompts.
+ */
+mcp_elicitations: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts
@@ -2,6 +2,7 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AuthStatusChangeNotification } from "./AuthStatusChangeNotification";
+import type { FuzzyFileSearchSessionCompletedNotification } from "./FuzzyFileSearchSessionCompletedNotification";
 import type { FuzzyFileSearchSessionUpdatedNotification } from "./FuzzyFileSearchSessionUpdatedNotification";
 import type { LoginChatGptCompleteNotification } from "./LoginChatGptCompleteNotification";
 import type { SessionConfiguredNotification } from "./SessionConfiguredNotification";
@@ -20,22 +21,27 @@ import type { ItemCompletedNotification } from "./v2/ItemCompletedNotification";
 import type { ItemStartedNotification } from "./v2/ItemStartedNotification";
 import type { McpServerOauthLoginCompletedNotification } from "./v2/McpServerOauthLoginCompletedNotification";
 import type { McpToolCallProgressNotification } from "./v2/McpToolCallProgressNotification";
+import type { ModelReroutedNotification } from "./v2/ModelReroutedNotification";
 import type { PlanDeltaNotification } from "./v2/PlanDeltaNotification";
 import type { RawResponseItemCompletedNotification } from "./v2/RawResponseItemCompletedNotification";
 import type { ReasoningSummaryPartAddedNotification } from "./v2/ReasoningSummaryPartAddedNotification";
 import type { ReasoningSummaryTextDeltaNotification } from "./v2/ReasoningSummaryTextDeltaNotification";
 import type { ReasoningTextDeltaNotification } from "./v2/ReasoningTextDeltaNotification";
 import type { TerminalInteractionNotification } from "./v2/TerminalInteractionNotification";
+import type { ThreadArchivedNotification } from "./v2/ThreadArchivedNotification";
 import type { ThreadNameUpdatedNotification } from "./v2/ThreadNameUpdatedNotification";
 import type { ThreadStartedNotification } from "./v2/ThreadStartedNotification";
+import type { ThreadStatusChangedNotification } from "./v2/ThreadStatusChangedNotification";
 import type { ThreadTokenUsageUpdatedNotification } from "./v2/ThreadTokenUsageUpdatedNotification";
+import type { ThreadUnarchivedNotification } from "./v2/ThreadUnarchivedNotification";
 import type { TurnCompletedNotification } from "./v2/TurnCompletedNotification";
 import type { TurnDiffUpdatedNotification } from "./v2/TurnDiffUpdatedNotification";
 import type { TurnPlanUpdatedNotification } from "./v2/TurnPlanUpdatedNotification";
 import type { TurnStartedNotification } from "./v2/TurnStartedNotification";
+import type { WindowsSandboxSetupCompletedNotification } from "./v2/WindowsSandboxSetupCompletedNotification";
 import type { WindowsWorldWritableWarningNotification } from "./v2/WindowsWorldWritableWarningNotification";

 /**
 * Notification sent from the server to the client.
 */
-export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification } | { "method": "authStatusChange", "params": AuthStatusChangeNotification } | { "method": "loginChatGptComplete", "params": LoginChatGptCompleteNotification } | { "method": "sessionConfigured", "params": SessionConfiguredNotification };
+export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification } | { "method": "authStatusChange", "params": AuthStatusChangeNotification } | { "method": "loginChatGptComplete", "params": LoginChatGptCompleteNotification } | { "method": "sessionConfigured", "params": SessionConfiguredNotification };
--- a/codex-rs/app-server-protocol/schema/typescript/SubAgentSource.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/SubAgentSource.ts
@@ -3,4 +3,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ThreadId } from "./ThreadId";

-export type SubAgentSource = "review" | "compact" | { "thread_spawn": { parent_thread_id: ThreadId, depth: number, } } | { "other": string };
+export type SubAgentSource = "review" | "compact" | { "thread_spawn": { parent_thread_id: ThreadId, depth: number, } } | "memory_consolidation" | { "other": string };
--- a/codex-rs/app-server-protocol/schema/typescript/index.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/index.ts
@@ -78,6 +78,7 @@ export type { FunctionCallOutputPayload } from "./FunctionCallOutputPayload";
 export type { FuzzyFileSearchParams } from "./FuzzyFileSearchParams";
 export type { FuzzyFileSearchResponse } from "./FuzzyFileSearchResponse";
 export type { FuzzyFileSearchResult } from "./FuzzyFileSearchResult";
+export type { FuzzyFileSearchSessionCompletedNotification } from "./FuzzyFileSearchSessionCompletedNotification";
 export type { FuzzyFileSearchSessionUpdatedNotification } from "./FuzzyFileSearchSessionUpdatedNotification";
 export type { GetAuthStatusParams } from "./GetAuthStatusParams";
 export type { GetAuthStatusResponse } from "./GetAuthStatusResponse";
@@ -124,7 +125,11 @@ export type { McpToolCallBeginEvent } from "./McpToolCallBeginEvent";
 export type { McpToolCallEndEvent } from "./McpToolCallEndEvent";
 export type { MessagePhase } from "./MessagePhase";
 export type { ModeKind } from "./ModeKind";
+export type { ModelRerouteEvent } from "./ModelRerouteEvent";
+export type { ModelRerouteReason } from "./ModelRerouteReason";
 export type { NetworkAccess } from "./NetworkAccess";
+export type { NetworkApprovalContext } from "./NetworkApprovalContext";
+export type { NetworkApprovalProtocol } from "./NetworkApprovalProtocol";
 export type { NewConversationParams } from "./NewConversationParams";
 export type { NewConversationResponse } from "./NewConversationResponse";
 export type { ParsedCommand } from "./ParsedCommand";
@@ -148,6 +153,7 @@ export type { ReasoningItemContent } from "./ReasoningItemContent";
 export type { ReasoningItemReasoningSummary } from "./ReasoningItemReasoningSummary";
 export type { ReasoningRawContentDeltaEvent } from "./ReasoningRawContentDeltaEvent";
 export type { ReasoningSummary } from "./ReasoningSummary";
+export type { RejectConfig } from "./RejectConfig";
 export type { RemoteSkillDownloadedEvent } from "./RemoteSkillDownloadedEvent";
 export type { RemoteSkillSummary } from "./RemoteSkillSummary";
 export type { RemoveConversationListenerParams } from "./RemoveConversationListenerParams";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AppBranding.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AppBranding.ts
@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * EXPERIMENTAL - app metadata returned by app-list APIs.
+ */
+export type AppBranding = { category: string | null, developer: string | null, website: string | null, privacyPolicy: string | null, termsOfService: string | null, isDiscoverableApp: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AppInfo.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AppInfo.ts
@@ -1,11 +1,13 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AppBranding } from "./AppBranding";
+import type { AppMetadata } from "./AppMetadata";

 /**
 * EXPERIMENTAL - app metadata returned by app-list APIs.
 */
-export type AppInfo = { id: string, name: string, description: string | null, logoUrl: string | null, logoUrlDark: string | null, distributionChannel: string | null, installUrl: string | null, isAccessible: boolean, 
+export type AppInfo = { id: string, name: string, description: string | null, logoUrl: string | null, logoUrlDark: string | null, distributionChannel: string | null, branding: AppBranding | null, appMetadata: AppMetadata | null, labels: { [key in string]?: string } | null, installUrl: string | null, isAccessible: boolean, 
 /**
 * Whether this app is enabled in config.toml.
 * Example:
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AppMetadata.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AppMetadata.ts
@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AppReview } from "./AppReview";
+import type { AppScreenshot } from "./AppScreenshot";
+
+export type AppMetadata = { review: AppReview | null, categories: Array<string> | null, subCategories: Array<string> | null, seoDescription: string | null, screenshots: Array<AppScreenshot> | null, developer: string | null, version: string | null, versionId: string | null, versionNotes: string | null, firstPartyType: string | null, firstPartyRequiresInstall: boolean | null, showInComposerWhenUnlinked: boolean | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AppReview.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AppReview.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type AppReview = { status: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AppScreenshot.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AppScreenshot.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type AppScreenshot = { url: string | null, fileId: string | null, userPrompt: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AskForApproval.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AskForApproval.ts
@@ -2,4 +2,4 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-export type AskForApproval = "untrusted" | "on-failure" | "on-request" | "never";
+export type AskForApproval = "untrusted" | "on-failure" | "on-request" | { "reject": { sandbox_approval: boolean, rules: boolean, mcp_elicitations: boolean, } } | "never";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts
@@ -5,6 +5,16 @@ import type { CommandAction } from "./CommandAction";
 import type { ExecPolicyAmendment } from "./ExecPolicyAmendment";

 export type CommandExecutionRequestApprovalParams = { threadId: string, turnId: string, itemId: string, 
+/**
+ * Unique identifier for this specific approval callback.
+ *
+ * For regular shell/unified_exec approvals, this is null.
+ *
+ * For zsh-exec-bridge subcommand approvals, multiple callbacks can belong to
+ * one parent `itemId`, so `approvalId` is a distinct opaque callback id
+ * (a UUID) used to disambiguate routing.
+ */
+approvalId?: string | null, 
 /**
 * Optional explanatory reason (e.g. request for network access).
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HazelnutScope.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HazelnutScope.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type HazelnutScope = "example" | "workspace-shared" | "all-shared" | "personal";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MessagePhase.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MessagePhase.ts
@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type MessagePhase = "commentary" | "finalAnswer";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/Model.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/Model.ts
@@ -5,4 +5,4 @@ import type { InputModality } from "../InputModality";
 import type { ReasoningEffort } from "../ReasoningEffort";
 import type { ReasoningEffortOption } from "./ReasoningEffortOption";

-export type Model = { id: string, model: string, upgrade: string | null, displayName: string, description: string, supportedReasoningEfforts: Array<ReasoningEffortOption>, defaultReasoningEffort: ReasoningEffort, inputModalities: Array<InputModality>, supportsPersonality: boolean, isDefault: boolean, };
+export type Model = { id: string, model: string, upgrade: string | null, displayName: string, description: string, hidden: boolean, supportedReasoningEfforts: Array<ReasoningEffortOption>, defaultReasoningEffort: ReasoningEffort, inputModalities: Array<InputModality>, supportsPersonality: boolean, isDefault: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ModelListParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ModelListParams.ts
@@ -10,4 +10,8 @@ cursor?: string | null,
 /**
 * Optional page size; defaults to a reasonable server-side value.
 */
-limit?: number | null, };
+limit?: number | null, 
+/**
+ * When true, include models that are hidden from the default picker list.
+ */
+includeHidden?: boolean | null, };
--- a/Show More
+++ b/Show More