build(deps): bump zip from 2.4.2 to 8.4.0 in /codex-rs

Bumps [zip](https://github.com/zip-rs/zip2) from 2.4.2 to 8.4.0. - [Release notes](https://github.com/zip-rs/zip2/releases) - [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md) - [Commits](https://github.com/zip-rs/zip2/compare/v2.4.2...v8.4.0) --- updated-dependencies: - dependency-name: zip dependency-version: 8.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-05-13 15:52:40 +00:00 · 2026-04-23 18:30:45 +00:00
626 changed files with 18532 additions and 36542 deletions
--- a/.bazelrc
+++ b/.bazelrc
@@ -29,6 +29,7 @@ common:linux --test_env=PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
 common:macos --test_env=PATH=/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

 # Pass through some env vars Windows needs to use powershell?
+common:windows --test_env=PATH
 common:windows --test_env=SYSTEMROOT
 common:windows --test_env=COMSPEC
 common:windows --test_env=WINDIR
--- a/.codespellrc
+++ b/.codespellrc
@@ -1,6 +1,6 @@
 [codespell]
 # Ref: https://github.com/codespell-project/codespell#using-a-config-file
-skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts,*.jsonl,frame*.txt,*.snap,*.snap.new
+skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts,*.jsonl,frame*.txt,*.snap,*.snap.new,*meriyah.umd.min.js
 check-hidden = true
 ignore-regex = ^\s*"image/\S+": ".*|\b(afterAll)\b
 ignore-words-list = ratatui,ser,iTerm,iterm2,iterm,te,TE,PASE,SEH
--- a/.devcontainer/Dockerfile.secure
+++ b/.devcontainer/Dockerfile.secure
@@ -4,11 +4,9 @@ ARG TZ
 ARG DEBIAN_FRONTEND=noninteractive
 ARG NODE_MAJOR=22
 ARG RUST_TOOLCHAIN=1.92.0
-# Keep this in sync with .devcontainer/codex-install/package.json and pnpm-lock.yaml.
-ARG CODEX_NPM_VERSION=0.121.0
+ARG CODEX_NPM_VERSION=latest

 ENV TZ="$TZ"
-ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0

 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

@@ -45,18 +43,12 @@ RUN apt-get update \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

-COPY .devcontainer/codex-install/package.json \
-     .devcontainer/codex-install/pnpm-lock.yaml \
-     .devcontainer/codex-install/pnpm-workspace.yaml \
-     /opt/codex-install/
-
 RUN curl -fsSL "https://deb.nodesource.com/setup_${NODE_MAJOR}.x" | bash - \
    && apt-get update \
    && apt-get install -y --no-install-recommends nodejs \
-    && test "$(node -p "require('/opt/codex-install/package.json').dependencies['@openai/codex']")" = "${CODEX_NPM_VERSION}" \
-    && cd /opt/codex-install \
-    && corepack pnpm install --prod --frozen-lockfile \
-    && ln -s /opt/codex-install/node_modules/.bin/codex /usr/local/bin/codex \
+    && npm install -g corepack@latest "@openai/codex@${CODEX_NPM_VERSION}" \
+    && corepack enable \
+    && corepack prepare pnpm@10.28.2 --activate \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

--- a/.devcontainer/codex-install/package.json
+++ b/.devcontainer/codex-install/package.json
@@ -1,13 +0,0 @@
-{
-  "name": "codex-devcontainer-install",
-  "private": true,
-  "description": "Locked Codex CLI install boundary for the secure devcontainer.",
-  "dependencies": {
-    "@openai/codex": "0.121.0"
-  },
-  "engines": {
-    "node": ">=22",
-    "pnpm": ">=10.33.0"
-  },
-  "packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319"
-}
--- a/.devcontainer/codex-install/pnpm-lock.yaml
+++ b/.devcontainer/codex-install/pnpm-lock.yaml
@@ -1,85 +0,0 @@
-lockfileVersion: '9.0'
-
-settings:
-  autoInstallPeers: true
-  excludeLinksFromLockfile: false
-
-importers:
-
-  .:
-    dependencies:
-      '@openai/codex':
-        specifier: 0.121.0
-        version: 0.121.0
-
-packages:
-
-  '@openai/codex@0.121.0':
-    resolution: {integrity: sha512-kCJ2NeATd4QBQRmqV04ymdN1ZU3MSwnJQDm/KzjpuzGvCuUVEn7no/T2mRyxQ2x77AACqriNOyPPoM/yufyvNg==}
-    engines: {node: '>=16'}
-    hasBin: true
-
-  '@openai/codex@0.121.0-darwin-arm64':
-    resolution: {integrity: sha512-ZyBqIB6Fb4I0hGb/h65Vu7ePYjHSmGiqqfm+/1djEuxDPkqjfi4wkxYxNYNY+6najyNGN4UijOSTTf19eDCrqw==}
-    engines: {node: '>=16'}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@openai/codex@0.121.0-darwin-x64':
-    resolution: {integrity: sha512-1/OAtdkAZ5yPI3xqaEFlHuPziS1yCqL2gOZdswE7HTmmwpIxi6Z3FCo60JWDPluIp89z4tftdjq73/OCN0YVcw==}
-    engines: {node: '>=16'}
-    cpu: [x64]
-    os: [darwin]
-
-  '@openai/codex@0.121.0-linux-arm64':
-    resolution: {integrity: sha512-2UgMmdo237o7SCMsfb529cOSEM2HFUgN6OBkv5SBLwfNY1NO2Ex6JnUjlppEXlX6/4cXfZ5qjDghVz5j/+B9zw==}
-    engines: {node: '>=16'}
-    cpu: [arm64]
-    os: [linux]
-
-  '@openai/codex@0.121.0-linux-x64':
-    resolution: {integrity: sha512-vlpNJXIqss800J+32Vy7TUZzv31n61b45OLxmsVQGFkTNLJcjFrj9jDUC7I62eC4F16gLioilefNfv4CdJQOEw==}
-    engines: {node: '>=16'}
-    cpu: [x64]
-    os: [linux]
-
-  '@openai/codex@0.121.0-win32-arm64':
-    resolution: {integrity: sha512-m88q4f3XI5npn1t6OG0nWGHWWAjO5FgjRwxh4hdujbLO6t9CiCNfhfPZIOSsoATbrCNwLC+6S77m3cjbNToPNg==}
-    engines: {node: '>=16'}
-    cpu: [arm64]
-    os: [win32]
-
-  '@openai/codex@0.121.0-win32-x64':
-    resolution: {integrity: sha512-Fp0ecVOyM+VcBi/y4HVvRzhifO9YqRiHzhV3rhtAppC7flh22WPguLC4kmvXYAR0p3RPzbo35M2CedWnkOT+cw==}
-    engines: {node: '>=16'}
-    cpu: [x64]
-    os: [win32]
-
-snapshots:
-
-  '@openai/codex@0.121.0':
-    optionalDependencies:
-      '@openai/codex-darwin-arm64': '@openai/codex@0.121.0-darwin-arm64'
-      '@openai/codex-darwin-x64': '@openai/codex@0.121.0-darwin-x64'
-      '@openai/codex-linux-arm64': '@openai/codex@0.121.0-linux-arm64'
-      '@openai/codex-linux-x64': '@openai/codex@0.121.0-linux-x64'
-      '@openai/codex-win32-arm64': '@openai/codex@0.121.0-win32-arm64'
-      '@openai/codex-win32-x64': '@openai/codex@0.121.0-win32-x64'
-
-  '@openai/codex@0.121.0-darwin-arm64':
-    optional: true
-
-  '@openai/codex@0.121.0-darwin-x64':
-    optional: true
-
-  '@openai/codex@0.121.0-linux-arm64':
-    optional: true
-
-  '@openai/codex@0.121.0-linux-x64':
-    optional: true
-
-  '@openai/codex@0.121.0-win32-arm64':
-    optional: true
-
-  '@openai/codex@0.121.0-win32-x64':
-    optional: true
--- a/.devcontainer/codex-install/pnpm-workspace.yaml
+++ b/.devcontainer/codex-install/pnpm-workspace.yaml
@@ -1,12 +0,0 @@
-packages:
-  - "."
-
-minimumReleaseAge: 10080
-minimumReleaseAgeExclude: []
-
-blockExoticSubdeps: true
-strictDepBuilds: true
-trustPolicy: no-downgrade
-trustPolicyIgnoreAfter: 10080
-trustPolicyExclude: []
-allowBuilds: {}
--- a/.devcontainer/devcontainer.secure.json
+++ b/.devcontainer/devcontainer.secure.json
@@ -8,7 +8,7 @@
      "TZ": "${localEnv:TZ:UTC}",
      "NODE_MAJOR": "22",
      "RUST_TOOLCHAIN": "1.92.0",
-      "CODEX_NPM_VERSION": "0.121.0"
+      "CODEX_NPM_VERSION": "latest"
    }
  },
  "runArgs": [
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1 @@
 codex-rs/app-server-protocol/schema/** linguist-generated
-codex-rs/hooks/schema/generated/** linguist-generated
--- a/.github/actions/linux-code-sign/action.yml
+++ b/.github/actions/linux-code-sign/action.yml
@@ -7,9 +7,6 @@ inputs:
  artifacts-dir:
    description: Absolute path to the directory containing built binaries to sign.
    required: true
-  binaries:
-    description: Space-delimited binary basenames to sign.
-    default: "codex codex-responses-api-proxy"

 runs:
  using: composite
@@ -21,7 +18,6 @@ runs:
      shell: bash
      env:
        ARTIFACTS_DIR: ${{ inputs.artifacts-dir }}
-        BINARIES: ${{ inputs.binaries }}
        COSIGN_EXPERIMENTAL: "1"
        COSIGN_YES: "true"
        COSIGN_OIDC_CLIENT_ID: "sigstore"
@@ -35,7 +31,7 @@ runs:
          exit 1
        fi

-        for binary in ${BINARIES}; do
+        for binary in codex codex-responses-api-proxy; do
          artifact="${dest}/${binary}"
          if [[ ! -f "$artifact" ]]; then
            echo "Binary $artifact not found"
--- a/.github/actions/macos-code-sign/action.yml
+++ b/.github/actions/macos-code-sign/action.yml
@@ -4,9 +4,6 @@ inputs:
  target:
    description: Rust compilation target triple (e.g. aarch64-apple-darwin).
    required: true
-  binaries:
-    description: Space-delimited binary basenames to sign and notarize.
-    default: "codex codex-responses-api-proxy"
  sign-binaries:
    description: Whether to sign and notarize the macOS binaries.
    required: false
@@ -122,7 +119,6 @@ runs:
      shell: bash
      env:
        TARGET: ${{ inputs.target }}
-        BINARIES: ${{ inputs.binaries }}
      run: |
        set -euo pipefail

@@ -138,7 +134,7 @@ runs:

        entitlements_path="$GITHUB_ACTION_PATH/codex.entitlements.plist"

-        for binary in ${BINARIES}; do
+        for binary in codex codex-responses-api-proxy; do
          path="codex-rs/target/${TARGET}/release/${binary}"
          codesign --force --options runtime --timestamp --entitlements "$entitlements_path" --sign "$APPLE_CODESIGN_IDENTITY" "${keychain_args[@]}" "$path"
        done
@@ -148,7 +144,6 @@ runs:
      shell: bash
      env:
        TARGET: ${{ inputs.target }}
-        BINARIES: ${{ inputs.binaries }}
        APPLE_NOTARIZATION_KEY_P8: ${{ inputs.apple-notarization-key-p8 }}
        APPLE_NOTARIZATION_KEY_ID: ${{ inputs.apple-notarization-key-id }}
        APPLE_NOTARIZATION_ISSUER_ID: ${{ inputs.apple-notarization-issuer-id }}
@@ -187,9 +182,8 @@ runs:
          notarize_submission "$binary" "$archive_path" "$notary_key_path"
        }

-        for binary in ${BINARIES}; do
-          notarize_binary "${binary}"
-        done
+        notarize_binary "codex"
+        notarize_binary "codex-responses-api-proxy"

    - name: Sign and notarize macOS dmg
      if: ${{ inputs.sign-dmg == 'true' }}
--- a/.github/actions/macos-code-sign/codex.entitlements.plist
+++ b/.github/actions/macos-code-sign/codex.entitlements.plist
@@ -2,7 +2,15 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>com.apple.application-identifier</key>
+	<string>2DC432GLL2.com.openai.codex</string>
+	<key>com.apple.developer.team-identifier</key>
+	<string>2DC432GLL2</string>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>2DC432GLL2.com.openai.codex</string>
+	</array>
 </dict>
 </plist>
--- a/.github/actions/prepare-bazel-ci/action.yml
+++ b/.github/actions/prepare-bazel-ci/action.yml
@@ -8,7 +8,7 @@ inputs:
    description: Logical namespace used to keep concurrent Bazel jobs from reserving the same repository cache key.
    required: true
  install-test-prereqs:
-    description: Install DotSlash for Bazel-backed test jobs.
+    description: Install Node.js and DotSlash for Bazel-backed test jobs.
    required: false
    default: "false"
 outputs:
--- a/.github/actions/setup-bazel-ci/action.yml
+++ b/.github/actions/setup-bazel-ci/action.yml
@@ -5,7 +5,7 @@ inputs:
    description: Target triple used for cache namespacing.
    required: true
  install-test-prereqs:
-    description: Install DotSlash for Bazel-backed test jobs.
+    description: Install Node.js and DotSlash for Bazel-backed test jobs.
    required: false
    default: "false"
 outputs:
@@ -16,6 +16,12 @@ outputs:
 runs:
  using: composite
  steps:
+    - name: Set up Node.js for js_repl tests
+      if: inputs.install-test-prereqs == 'true'
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      with:
+        node-version-file: codex-rs/node-version.txt
+
    # Some integration tests rely on DotSlash being installed.
    # See https://github.com/openai/codex/pull/7617.
    - name: Install DotSlash
@@ -116,11 +122,6 @@ runs:
          }
        }

-    - name: Compute cache-stable Windows Bazel PATH
-      if: runner.os == 'Windows'
-      shell: pwsh
-      run: ./.github/scripts/compute-bazel-windows-path.ps1
-
    - name: Enable Git long paths (Windows)
      if: runner.os == 'Windows'
      shell: pwsh
--- a/.github/actions/windows-code-sign/action.yml
+++ b/.github/actions/windows-code-sign/action.yml
@@ -4,9 +4,6 @@ inputs:
  target:
    description: Target triple for the artifacts to sign.
    required: true
-  binaries:
-    description: Space-delimited binary basenames to sign.
-    default: "codex codex-responses-api-proxy codex-windows-sandbox-setup codex-command-runner"
  client-id:
    description: Azure Trusted Signing client ID.
    required: true
@@ -36,23 +33,6 @@ runs:
        tenant-id: ${{ inputs.tenant-id }}
        subscription-id: ${{ inputs.subscription-id }}

-    - name: Prepare file list
-      id: prepare
-      shell: bash
-      env:
-        TARGET: ${{ inputs.target }}
-        BINARIES: ${{ inputs.binaries }}
-      run: |
-        set -euo pipefail
-
-        {
-          echo "files<<EOF"
-          for binary in ${BINARIES}; do
-            echo "${GITHUB_WORKSPACE}/codex-rs/target/${TARGET}/release/${binary}.exe"
-          done
-          echo "EOF"
-        } >> "$GITHUB_OUTPUT"
-
    - name: Sign Windows binaries with Azure Trusted Signing
      uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0
      with:
@@ -70,4 +50,8 @@ runs:
        exclude-azure-developer-cli-credential: true
        exclude-interactive-browser-credential: true
        cache-dependencies: false
-        files: ${{ steps.prepare.outputs.files }}
+        files: |
+          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex.exe
+          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-responses-api-proxy.exe
+          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-windows-sandbox-setup.exe
+          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-command-runner.exe
--- a/.github/dotslash-config.json
+++ b/.github/dotslash-config.json
@@ -28,34 +28,6 @@
        }
      }
    },
-    "codex-app-server": {
-      "platforms": {
-        "macos-aarch64": {
-          "regex": "^codex-app-server-aarch64-apple-darwin\\.zst$",
-          "path": "codex-app-server"
-        },
-        "macos-x86_64": {
-          "regex": "^codex-app-server-x86_64-apple-darwin\\.zst$",
-          "path": "codex-app-server"
-        },
-        "linux-x86_64": {
-          "regex": "^codex-app-server-x86_64-unknown-linux-musl\\.zst$",
-          "path": "codex-app-server"
-        },
-        "linux-aarch64": {
-          "regex": "^codex-app-server-aarch64-unknown-linux-musl\\.zst$",
-          "path": "codex-app-server"
-        },
-        "windows-x86_64": {
-          "regex": "^codex-app-server-x86_64-pc-windows-msvc\\.exe\\.zst$",
-          "path": "codex-app-server.exe"
-        },
-        "windows-aarch64": {
-          "regex": "^codex-app-server-aarch64-pc-windows-msvc\\.exe\\.zst$",
-          "path": "codex-app-server.exe"
-        }
-      }
-    },
    "codex-responses-api-proxy": {
      "platforms": {
        "macos-aarch64": {
--- a/.github/scripts/compute-bazel-windows-path.ps1
+++ b/.github/scripts/compute-bazel-windows-path.ps1
@@ -1,105 +0,0 @@
-<#
-BuildBuddy cache keys include the action and test environment, so Bazel should
-not inherit the full hosted-runner PATH on Windows. That PATH includes volatile
-tool entries, such as Maven, that can change independently of this repo and
-cause avoidable cache misses.
-
-This script derives a smaller, cache-stable PATH that keeps the Windows
-toolchain entries Bazel-backed CI tasks need: MSVC and Windows SDK paths, Git,
-PowerShell, Node, Python, DotSlash, and the standard Windows system
-directories.
-`setup-bazel-ci` runs this after exporting the MSVC environment, and the script
-publishes the result via `GITHUB_ENV` as `CODEX_BAZEL_WINDOWS_PATH` so later
-steps can pass that explicit PATH to Bazel.
-#>
-
-$stablePathEntries = New-Object System.Collections.Generic.List[string]
-$seenEntries = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase)
-$windowsAppsPath = if ([string]::IsNullOrWhiteSpace($env:LOCALAPPDATA)) {
-  $null
-} else {
-  "$($env:LOCALAPPDATA)\Microsoft\WindowsApps"
-}
-$windowsDir = if ($env:WINDIR) {
-  $env:WINDIR
-} elseif ($env:SystemRoot) {
-  $env:SystemRoot
-} else {
-  $null
-}
-
-function Add-StablePathEntry {
-  param([string]$PathEntry)
-
-  if ([string]::IsNullOrWhiteSpace($PathEntry)) {
-    return
-  }
-
-  if ($seenEntries.Add($PathEntry)) {
-    [void]$stablePathEntries.Add($PathEntry)
-  }
-}
-
-foreach ($pathEntry in ($env:PATH -split ';')) {
-  if ([string]::IsNullOrWhiteSpace($pathEntry)) {
-    continue
-  }
-
-  if (
-    $pathEntry -like '*Microsoft Visual Studio*' -or
-    $pathEntry -like '*Windows Kits*' -or
-    $pathEntry -like '*Microsoft SDKs*' -or
-    $pathEntry -like 'C:\Program Files\Git\*' -or
-    $pathEntry -like 'C:\Program Files\PowerShell\*' -or
-    $pathEntry -like 'C:\hostedtoolcache\windows\node\*' -or
-    $pathEntry -like 'C:\hostedtoolcache\windows\Python\*' -or
-    $pathEntry -eq 'D:\a\_temp\install-dotslash\bin' -or
-    ($windowsDir -and ($pathEntry -eq $windowsDir -or $pathEntry -like "${windowsDir}\*"))
-  ) {
-    Add-StablePathEntry $pathEntry
-  }
-}
-
-$gitCommand = Get-Command git -ErrorAction SilentlyContinue
-if ($gitCommand) {
-  Add-StablePathEntry (Split-Path $gitCommand.Source -Parent)
-}
-
-$nodeCommand = Get-Command node -ErrorAction SilentlyContinue
-if ($nodeCommand) {
-  Add-StablePathEntry (Split-Path $nodeCommand.Source -Parent)
-}
-
-$python3Command = Get-Command python3 -ErrorAction SilentlyContinue
-if ($python3Command) {
-  Add-StablePathEntry (Split-Path $python3Command.Source -Parent)
-}
-
-$pythonCommand = Get-Command python -ErrorAction SilentlyContinue
-if ($pythonCommand) {
-  Add-StablePathEntry (Split-Path $pythonCommand.Source -Parent)
-}
-
-$pwshCommand = Get-Command pwsh -ErrorAction SilentlyContinue
-if ($pwshCommand) {
-  Add-StablePathEntry (Split-Path $pwshCommand.Source -Parent)
-}
-
-if ($windowsAppsPath) {
-  Add-StablePathEntry $windowsAppsPath
-}
-
-if ($stablePathEntries.Count -eq 0) {
-  throw 'Failed to derive cache-stable Windows PATH.'
-}
-
-if ([string]::IsNullOrWhiteSpace($env:GITHUB_ENV)) {
-  throw 'GITHUB_ENV must be set.'
-}
-
-$stablePath = $stablePathEntries -join ';'
-Write-Host 'Derived CODEX_BAZEL_WINDOWS_PATH entries:'
-foreach ($pathEntry in $stablePathEntries) {
-  Write-Host "  $pathEntry"
-}
-"CODEX_BAZEL_WINDOWS_PATH=$stablePath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
--- a/.github/scripts/run-argument-comment-lint-bazel.sh
+++ b/.github/scripts/run-argument-comment-lint-bazel.sh
@@ -2,6 +2,16 @@

 set -euo pipefail

+ci_config=ci-linux
+case "${RUNNER_OS:-}" in
+  macOS)
+    ci_config=ci-macos
+    ;;
+  Windows)
+    ci_config=ci-windows
+    ;;
+esac
+
 bazel_lint_args=("$@")
 if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
  has_host_platform_override=0
@@ -34,6 +44,29 @@ if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
  bazel_lint_args+=("--skip_incompatible_explicit_targets")
 fi

+bazel_startup_args=()
+if [[ -n "${BAZEL_OUTPUT_USER_ROOT:-}" ]]; then
+  bazel_startup_args+=("--output_user_root=${BAZEL_OUTPUT_USER_ROOT}")
+fi
+
+run_bazel() {
+  if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
+    MSYS2_ARG_CONV_EXCL='*' bazel "$@"
+    return
+  fi
+
+  bazel "$@"
+}
+
+run_bazel_with_startup_args() {
+  if [[ ${#bazel_startup_args[@]} -gt 0 ]]; then
+    run_bazel "${bazel_startup_args[@]}" "$@"
+    return
+  fi
+
+  run_bazel "$@"
+}
+
 read_query_labels() {
  local query="$1"
  local query_stdout
@@ -41,10 +74,12 @@ read_query_labels() {
  query_stdout="$(mktemp)"
  query_stderr="$(mktemp)"

-  if ! ./.github/scripts/run-bazel-query-ci.sh \
+  if ! run_bazel_with_startup_args \
+    --noexperimental_remote_repo_contents_cache \
+    query \
    --keep_going \
    --output=label \
-    -- "$query" >"$query_stdout" 2>"$query_stderr"; then
+    "$query" >"$query_stdout" 2>"$query_stderr"; then
    cat "$query_stderr" >&2
    rm -f "$query_stdout" "$query_stderr"
    exit 1
--- a/.github/scripts/run-bazel-ci.sh
+++ b/.github/scripts/run-bazel-ci.sh
@@ -4,6 +4,7 @@ set -euo pipefail

 print_failed_bazel_test_logs=0
 print_failed_bazel_action_summary=0
+use_node_test_env=0
 remote_download_toplevel=0
 windows_msvc_host_platform=0

@@ -17,6 +18,10 @@ while [[ $# -gt 0 ]]; do
      print_failed_bazel_action_summary=1
      shift
      ;;
+    --use-node-test-env)
+      use_node_test_env=1
+      shift
+      ;;
    --remote-download-toplevel)
      remote_download_toplevel=1
      shift
@@ -37,7 +42,7 @@ while [[ $# -gt 0 ]]; do
 done

 if [[ $# -eq 0 ]]; then
-  echo "Usage: $0 [--print-failed-test-logs] [--print-failed-action-summary] [--remote-download-toplevel] [--windows-msvc-host-platform] -- <bazel args> -- <targets>" >&2
+  echo "Usage: $0 [--print-failed-test-logs] [--print-failed-action-summary] [--use-node-test-env] [--remote-download-toplevel] [--windows-msvc-host-platform] -- <bazel args> -- <targets>" >&2
  exit 1
 fi

@@ -244,6 +249,16 @@ if [[ ${#bazel_args[@]} -eq 0 || ${#bazel_targets[@]} -eq 0 ]]; then
  exit 1
 fi

+if [[ $use_node_test_env -eq 1 ]]; then
+  # Bazel test sandboxes on macOS may resolve an older Homebrew `node`
+  # before the `actions/setup-node` runtime on PATH.
+  node_bin="$(which node)"
+  if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
+    node_bin="$(cygpath -w "${node_bin}")"
+  fi
+  bazel_args+=("--test_env=CODEX_JS_REPL_NODE_PATH=${node_bin}")
+fi
+
 post_config_bazel_args=()
 if [[ "${RUNNER_OS:-}" == "Windows" && $windows_msvc_host_platform -eq 1 ]]; then
  has_host_platform_override=0
@@ -291,6 +306,7 @@ if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
    INCLUDE
    LIB
    LIBPATH
+    PATH
    UCRTVersion
    UniversalCRTSdkDir
    VCINSTALLDIR
@@ -307,17 +323,6 @@ if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
      post_config_bazel_args+=("--action_env=${env_var}" "--host_action_env=${env_var}")
    fi
  done
-
-  if [[ -z "${CODEX_BAZEL_WINDOWS_PATH:-}" ]]; then
-    echo "CODEX_BAZEL_WINDOWS_PATH must be set for Windows Bazel CI." >&2
-    exit 1
-  fi
-
-  post_config_bazel_args+=(
-    "--action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-    "--host_action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-    "--test_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-  )
 fi

 bazel_console_log="$(mktemp)"
--- a/.github/scripts/run-bazel-query-ci.sh
+++ b/.github/scripts/run-bazel-query-ci.sh
@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Run Bazel queries with the same CI startup settings as the main build/test
-# invocation so target-discovery queries can reuse the same Bazel server.
-
-query_args=()
-while [[ $# -gt 0 ]]; do
-  case "$1" in
-    --)
-      shift
-      break
-      ;;
-    *)
-      query_args+=("$1")
-      shift
-      ;;
-  esac
-done
-
-if [[ $# -ne 1 ]]; then
-  echo "Usage: $0 [<bazel query args>...] -- <query expression>" >&2
-  exit 1
-fi
-
-query_expression="$1"
-
-ci_config=ci-linux
-case "${RUNNER_OS:-}" in
-  macOS)
-    ci_config=ci-macos
-    ;;
-  Windows)
-    ci_config=ci-windows
-    ;;
-esac
-
-bazel_startup_args=()
-if [[ -n "${BAZEL_OUTPUT_USER_ROOT:-}" ]]; then
-  bazel_startup_args+=("--output_user_root=${BAZEL_OUTPUT_USER_ROOT}")
-fi
-
-run_bazel() {
-  if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-    MSYS2_ARG_CONV_EXCL='*' bazel "$@"
-    return
-  fi
-
-  bazel "$@"
-}
-
-bazel_query_args=(--noexperimental_remote_repo_contents_cache query)
-if [[ -n "${BUILDBUDDY_API_KEY:-}" ]]; then
-  bazel_query_args+=(
-    "--config=${ci_config}"
-    "--remote_header=x-buildbuddy-api-key=${BUILDBUDDY_API_KEY}"
-  )
-fi
-
-if [[ -n "${BAZEL_REPO_CONTENTS_CACHE:-}" ]]; then
-  bazel_query_args+=("--repo_contents_cache=${BAZEL_REPO_CONTENTS_CACHE}")
-fi
-
-if [[ -n "${BAZEL_REPOSITORY_CACHE:-}" ]]; then
-  bazel_query_args+=("--repository_cache=${BAZEL_REPOSITORY_CACHE}")
-fi
-
-bazel_query_args+=("${query_args[@]}" "$query_expression")
-
-if (( ${#bazel_startup_args[@]} > 0 )); then
-  run_bazel "${bazel_startup_args[@]}" "${bazel_query_args[@]}"
-else
-  run_bazel "${bazel_query_args[@]}"
-fi
--- a/.github/workflows/Dockerfile.bazel
+++ b/.github/workflows/Dockerfile.bazel
@@ -8,9 +8,25 @@ FROM ubuntu:24.04

 RUN apt-get update && \
    apt-get install -y --no-install-recommends \
-    curl git python3 ca-certificates && \
+    curl git python3 ca-certificates xz-utils && \
    rm -rf /var/lib/apt/lists/*

+COPY codex-rs/node-version.txt /tmp/node-version.txt
+
+RUN set -eux; \
+    node_arch="$(dpkg --print-architecture)"; \
+    case "${node_arch}" in \
+      amd64) node_dist_arch="x64" ;; \
+      arm64) node_dist_arch="arm64" ;; \
+      *) echo "unsupported architecture: ${node_arch}"; exit 1 ;; \
+    esac; \
+    node_version="$(tr -d '[:space:]' </tmp/node-version.txt)"; \
+    curl -fsSLO "https://nodejs.org/dist/v${node_version}/node-v${node_version}-linux-${node_dist_arch}.tar.xz"; \
+    tar -xJf "node-v${node_version}-linux-${node_dist_arch}.tar.xz" -C /usr/local --strip-components=1; \
+    rm "node-v${node_version}-linux-${node_dist_arch}.tar.xz" /tmp/node-version.txt; \
+    node --version; \
+    npm --version
+
 # Install dotslash.
 RUN curl -LSfs "https://github.com/facebook/dotslash/releases/download/v0.5.8/dotslash-ubuntu-22.04.$(uname -m).tar.gz" | tar fxz - -C /usr/local/bin

--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml
@@ -17,13 +17,6 @@ concurrency:
  cancel-in-progress: ${{ github.ref_name != 'main' }}
 jobs:
  test:
-    # Even though a no-cache-hit Windows build seems to exceed the 30-minute
-    # limit on occasion, the more common reason for exceeding the limit is a
-    # true test failure in a rust_test() marked "flaky" that gets run 3x.
-    # In that case, extra time generally does not give us more signal.
-    #
-    # Ultimately we need true distributed builds (e.g.,
-    # https://www.buildbuddy.io/docs/rbe-setup/) to speed things up.
    timeout-minutes: 30
    strategy:
      fail-fast: false
@@ -92,6 +85,7 @@ jobs:

          bazel_wrapper_args=(
            --print-failed-test-logs
+            --use-node-test-env
          )
          bazel_test_args=(
            test
--- a/.github/workflows/issue-deduplicator.yml
+++ b/.github/workflows/issue-deduplicator.yml
@@ -61,7 +61,7 @@ jobs:
      # .github/prompts/issue-deduplicator.txt file is obsolete and removed.
      - id: codex-all
        name: Find duplicates (pass 1, all issues)
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 # v1.7
+        uses: openai/codex-action@0b91f4a2703c23df3102c3f0967d3c6db34eedef # v1
        with:
          openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
          allow-users: "*"
@@ -195,7 +195,7 @@ jobs:

      - id: codex-open
        name: Find duplicates (pass 2, open issues)
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 # v1.7
+        uses: openai/codex-action@0b91f4a2703c23df3102c3f0967d3c6db34eedef # v1
        with:
          openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
          allow-users: "*"
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -20,7 +20,7 @@ jobs:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - id: codex
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 # v1.7
+        uses: openai/codex-action@0b91f4a2703c23df3102c3f0967d3c6db34eedef # v1
        with:
          openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
          allow-users: "*"
--- a/.github/workflows/rust-ci-full.yml
+++ b/.github/workflows/rust-ci-full.yml
@@ -560,6 +560,10 @@ jobs:

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - name: Set up Node.js for js_repl tests
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        with:
+          node-version-file: codex-rs/node-version.txt
      - name: Install Linux build dependencies
        if: ${{ runner.os == 'Linux' }}
        shell: bash
--- a/.github/workflows/rust-release-windows.yml
+++ b/.github/workflows/rust-release-windows.yml
@@ -40,42 +40,28 @@ jobs:
          - runner: windows-x64
            target: x86_64-pc-windows-msvc
            bundle: primary
-            binaries: "codex codex-responses-api-proxy"
+            build_args: --bin codex --bin codex-responses-api-proxy
            runs_on:
              group: codex-runners
              labels: codex-windows-x64
          - runner: windows-arm64
            target: aarch64-pc-windows-msvc
            bundle: primary
-            binaries: "codex codex-responses-api-proxy"
+            build_args: --bin codex --bin codex-responses-api-proxy
            runs_on:
              group: codex-runners
              labels: codex-windows-arm64
          - runner: windows-x64
            target: x86_64-pc-windows-msvc
            bundle: helpers
-            binaries: "codex-windows-sandbox-setup codex-command-runner"
+            build_args: --bin codex-windows-sandbox-setup --bin codex-command-runner
            runs_on:
              group: codex-runners
              labels: codex-windows-x64
          - runner: windows-arm64
            target: aarch64-pc-windows-msvc
            bundle: helpers
-            binaries: "codex-windows-sandbox-setup codex-command-runner"
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-arm64
-          - runner: windows-x64
-            target: x86_64-pc-windows-msvc
-            bundle: app-server
-            binaries: "codex-app-server"
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-x64
-          - runner: windows-arm64
-            target: aarch64-pc-windows-msvc
-            bundle: app-server
-            binaries: "codex-app-server"
+            build_args: --bin codex-windows-sandbox-setup --bin codex-command-runner
            runs_on:
              group: codex-runners
              labels: codex-windows-arm64
@@ -103,11 +89,7 @@ jobs:
      - name: Cargo build (Windows binaries)
        shell: bash
        run: |
-          build_args=()
-          for binary in ${{ matrix.binaries }}; do
-            build_args+=(--bin "$binary")
-          done
-          cargo build --target ${{ matrix.target }} --release --timings "${build_args[@]}"
+          cargo build --target ${{ matrix.target }} --release --timings ${{ matrix.build_args }}

      - name: Upload Cargo timings
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
@@ -121,9 +103,13 @@ jobs:
        run: |
          output_dir="target/${{ matrix.target }}/release/staged-${{ matrix.bundle }}"
          mkdir -p "$output_dir"
-          for binary in ${{ matrix.binaries }}; do
-            cp "target/${{ matrix.target }}/release/${binary}.exe" "$output_dir/${binary}.exe"
-          done
+          if [[ "${{ matrix.bundle }}" == "primary" ]]; then
+            cp target/${{ matrix.target }}/release/codex.exe "$output_dir/codex.exe"
+            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$output_dir/codex-responses-api-proxy.exe"
+          else
+            cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$output_dir/codex-windows-sandbox-setup.exe"
+            cp target/${{ matrix.target }}/release/codex-command-runner.exe "$output_dir/codex-command-runner.exe"
+          fi

      - name: Upload Windows binaries
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
@@ -144,8 +130,6 @@ jobs:
    defaults:
      run:
        working-directory: codex-rs
-    env:
-      WINDOWS_BINARIES: "codex codex-responses-api-proxy codex-windows-sandbox-setup codex-command-runner codex-app-server"

    strategy:
      fail-fast: false
@@ -177,25 +161,19 @@ jobs:
          name: windows-binaries-${{ matrix.target }}-helpers
          path: codex-rs/target/${{ matrix.target }}/release

-      - name: Download prebuilt Windows app-server binary
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: windows-binaries-${{ matrix.target }}-app-server
-          path: codex-rs/target/${{ matrix.target }}/release
-
      - name: Verify binaries
        shell: bash
        run: |
          set -euo pipefail
-          for binary in ${WINDOWS_BINARIES}; do
-            ls -lh "target/${{ matrix.target }}/release/${binary}.exe"
-          done
+          ls -lh target/${{ matrix.target }}/release/codex.exe
+          ls -lh target/${{ matrix.target }}/release/codex-responses-api-proxy.exe
+          ls -lh target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe
+          ls -lh target/${{ matrix.target }}/release/codex-command-runner.exe

      - name: Sign Windows binaries with Azure Trusted Signing
        uses: ./.github/actions/windows-code-sign
        with:
          target: ${{ matrix.target }}
-          binaries: ${{ env.WINDOWS_BINARIES }}
          client-id: ${{ secrets.AZURE_TRUSTED_SIGNING_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TRUSTED_SIGNING_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID }}
@@ -209,10 +187,10 @@ jobs:
          dest="dist/${{ matrix.target }}"
          mkdir -p "$dest"

-          for binary in ${WINDOWS_BINARIES}; do
-            cp "target/${{ matrix.target }}/release/${binary}.exe" \
-              "$dest/${binary}-${{ matrix.target }}.exe"
-          done
+          cp target/${{ matrix.target }}/release/codex.exe "$dest/codex-${{ matrix.target }}.exe"
+          cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$dest/codex-responses-api-proxy-${{ matrix.target }}.exe"
+          cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
+          cp target/${{ matrix.target }}/release/codex-command-runner.exe "$dest/codex-command-runner-${{ matrix.target }}.exe"

      - name: Install DotSlash
        uses: facebook/install-dotslash@1e4e7b3e07eaca387acb98f1d4720e0bee8dbb6a # v2
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -47,7 +47,7 @@ jobs:

  build:
    needs: tag-check
-    name: Build - ${{ matrix.runner }} - ${{ matrix.target }} - ${{ matrix.bundle }}
+    name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
    runs-on: ${{ matrix.runs_on || matrix.runner }}
    timeout-minutes: 60
    permissions:
@@ -67,53 +67,16 @@ jobs:
        include:
          - runner: macos-15-xlarge
            target: aarch64-apple-darwin
-            bundle: primary
-            artifact_name: aarch64-apple-darwin
-            binaries: "codex codex-responses-api-proxy"
-            build_dmg: "true"
-          - runner: macos-15-xlarge
-            target: aarch64-apple-darwin
-            bundle: app-server
-            artifact_name: aarch64-apple-darwin-app-server
-            binaries: "codex-app-server"
-            build_dmg: "false"
          - runner: macos-15-xlarge
            target: x86_64-apple-darwin
-            bundle: primary
-            artifact_name: x86_64-apple-darwin
-            binaries: "codex codex-responses-api-proxy"
-            build_dmg: "true"
-          - runner: macos-15-xlarge
-            target: x86_64-apple-darwin
-            bundle: app-server
-            artifact_name: x86_64-apple-darwin-app-server
-            binaries: "codex-app-server"
-            build_dmg: "false"
-          # Release artifacts intentionally ship MUSL-linked Linux binaries.
          - runner: ubuntu-24.04
            target: x86_64-unknown-linux-musl
-            bundle: primary
-            artifact_name: x86_64-unknown-linux-musl
-            binaries: "codex codex-responses-api-proxy"
-            build_dmg: "false"
          - runner: ubuntu-24.04
-            target: x86_64-unknown-linux-musl
-            bundle: app-server
-            artifact_name: x86_64-unknown-linux-musl-app-server
-            binaries: "codex-app-server"
-            build_dmg: "false"
+            target: x86_64-unknown-linux-gnu
          - runner: ubuntu-24.04-arm
            target: aarch64-unknown-linux-musl
-            bundle: primary
-            artifact_name: aarch64-unknown-linux-musl
-            binaries: "codex codex-responses-api-proxy"
-            build_dmg: "false"
          - runner: ubuntu-24.04-arm
-            target: aarch64-unknown-linux-musl
-            bundle: app-server
-            artifact_name: aarch64-unknown-linux-musl-app-server
-            binaries: "codex-app-server"
-            build_dmg: "false"
+            target: aarch64-unknown-linux-gnu

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
@@ -256,17 +219,13 @@ jobs:
      - name: Cargo build
        shell: bash
        run: |
-          build_args=()
-          for binary in ${{ matrix.binaries }}; do
-            build_args+=(--bin "$binary")
-          done
          echo "CARGO_PROFILE_RELEASE_LTO: ${CARGO_PROFILE_RELEASE_LTO}"
-          cargo build --target ${{ matrix.target }} --release --timings "${build_args[@]}"
+          cargo build --target ${{ matrix.target }} --release --timings --bin codex --bin codex-responses-api-proxy

      - name: Upload Cargo timings
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        with:
-          name: cargo-timings-rust-release-${{ matrix.target }}-${{ matrix.bundle }}
+          name: cargo-timings-rust-release-${{ matrix.target }}
          path: codex-rs/target/**/cargo-timings/cargo-timing.html
          if-no-files-found: warn

@@ -276,14 +235,12 @@ jobs:
        with:
          target: ${{ matrix.target }}
          artifacts-dir: ${{ github.workspace }}/codex-rs/target/${{ matrix.target }}/release
-          binaries: ${{ matrix.binaries }}

      - if: ${{ runner.os == 'macOS' }}
        name: MacOS code signing (binaries)
        uses: ./.github/actions/macos-code-sign
        with:
          target: ${{ matrix.target }}
-          binaries: ${{ matrix.binaries }}
          sign-binaries: "true"
          sign-dmg: "false"
          apple-certificate: ${{ secrets.APPLE_CERTIFICATE_P12 }}
@@ -292,7 +249,7 @@ jobs:
          apple-notarization-key-id: ${{ secrets.APPLE_NOTARIZATION_KEY_ID }}
          apple-notarization-issuer-id: ${{ secrets.APPLE_NOTARIZATION_ISSUER_ID }}

-      - if: ${{ runner.os == 'macOS' && matrix.build_dmg == 'true' }}
+      - if: ${{ runner.os == 'macOS' }}
        name: Build macOS dmg
        shell: bash
        run: |
@@ -307,17 +264,23 @@ jobs:
          # The previous "MacOS code signing (binaries)" step signs + notarizes the
          # built artifacts in `${release_dir}`. This step packages *those same*
          # signed binaries into a dmg.
+          codex_binary_path="${release_dir}/codex"
+          proxy_binary_path="${release_dir}/codex-responses-api-proxy"
+
          rm -rf "$dmg_root"
          mkdir -p "$dmg_root"

-          for binary in ${{ matrix.binaries }}; do
-            binary_path="${release_dir}/${binary}"
-            if [[ ! -f "${binary_path}" ]]; then
-              echo "Binary ${binary_path} not found"
-              exit 1
-            fi
-            ditto "${binary_path}" "${dmg_root}/${binary}"
-          done
+          if [[ ! -f "$codex_binary_path" ]]; then
+            echo "Binary $codex_binary_path not found"
+            exit 1
+          fi
+          if [[ ! -f "$proxy_binary_path" ]]; then
+            echo "Binary $proxy_binary_path not found"
+            exit 1
+          fi
+
+          ditto "$codex_binary_path" "${dmg_root}/codex"
+          ditto "$proxy_binary_path" "${dmg_root}/codex-responses-api-proxy"

          rm -f "$dmg_path"
          hdiutil create \
@@ -332,7 +295,7 @@ jobs:
            exit 1
          fi

-      - if: ${{ runner.os == 'macOS' && matrix.build_dmg == 'true' }}
+      - if: ${{ runner.os == 'macOS' }}
        name: MacOS code signing (dmg)
        uses: ./.github/actions/macos-code-sign
        with:
@@ -351,15 +314,15 @@ jobs:
          dest="dist/${{ matrix.target }}"
          mkdir -p "$dest"

-          for binary in ${{ matrix.binaries }}; do
-            cp "target/${{ matrix.target }}/release/${binary}" "$dest/${binary}-${{ matrix.target }}"
-            if [[ "${{ matrix.target }}" == *linux* ]]; then
-              cp "target/${{ matrix.target }}/release/${binary}.sigstore" \
-                "$dest/${binary}-${{ matrix.target }}.sigstore"
-            fi
-          done
+          cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
+          cp target/${{ matrix.target }}/release/codex-responses-api-proxy "$dest/codex-responses-api-proxy-${{ matrix.target }}"

-          if [[ "${{ matrix.build_dmg }}" == "true" ]]; then
+          if [[ "${{ matrix.target }}" == *linux* ]]; then
+            cp target/${{ matrix.target }}/release/codex.sigstore "$dest/codex-${{ matrix.target }}.sigstore"
+            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.sigstore "$dest/codex-responses-api-proxy-${{ matrix.target }}.sigstore"
+          fi
+
+          if [[ "${{ matrix.target }}" == *apple-darwin ]]; then
            cp target/${{ matrix.target }}/release/codex-${{ matrix.target }}.dmg "$dest/codex-${{ matrix.target }}.dmg"
          fi

@@ -401,7 +364,7 @@ jobs:

      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        with:
-          name: ${{ matrix.artifact_name }}
+          name: ${{ matrix.target }}
          # Upload the per-binary .zst files as well as the new .tar.gz
          # equivalents we generated in the previous step.
          path: |
@@ -651,59 +614,11 @@ jobs:
            prefix="${NPM_TAG}-"
          fi

-          root_tarball="dist/npm/codex-npm-${VERSION}.tgz"
-          sdk_tarball="dist/npm/codex-sdk-npm-${VERSION}.tgz"
-          # Keep this list in sync with CODEX_PLATFORM_PACKAGES in
-          # codex-cli/scripts/build_npm_package.py. The root wrapper advances
-          # @openai/codex@latest as soon as it publishes, so every platform
-          # package it aliases must already exist in the registry first.
-          platform_tarballs=(
-            "dist/npm/codex-npm-linux-x64-${VERSION}.tgz"
-            "dist/npm/codex-npm-linux-arm64-${VERSION}.tgz"
-            "dist/npm/codex-npm-darwin-x64-${VERSION}.tgz"
-            "dist/npm/codex-npm-darwin-arm64-${VERSION}.tgz"
-            "dist/npm/codex-npm-win32-x64-${VERSION}.tgz"
-            "dist/npm/codex-npm-win32-arm64-${VERSION}.tgz"
-          )
-
-          for required_tarball in "${platform_tarballs[@]}" "${root_tarball}"; do
-            if [[ ! -f "${required_tarball}" ]]; then
-              echo "Missing npm tarball: ${required_tarball}"
-              exit 1
-            fi
-          done
-
          shopt -s nullglob
-          other_tarballs=()
-          for tarball in dist/npm/*-"${VERSION}".tgz; do
-            if [[ "${tarball}" == "${root_tarball}" || "${tarball}" == "${sdk_tarball}" ]]; then
-              continue
-            fi
-
-            is_platform_tarball=false
-            for platform_tarball in "${platform_tarballs[@]}"; do
-              if [[ "${tarball}" == "${platform_tarball}" ]]; then
-                is_platform_tarball=true
-                break
-              fi
-            done
-            if [[ "${is_platform_tarball}" == true ]]; then
-              continue
-            fi
-
-            other_tarballs+=("${tarball}")
-          done
-
-          # Publish the platform packages before the root CLI wrapper. The root
-          # wrapper advances @openai/codex@latest, so it should only publish
-          # after the optional dependency versions it references exist.
-          tarballs=(
-            "${platform_tarballs[@]}"
-            "${other_tarballs[@]}"
-            "${root_tarball}"
-          )
-          if [[ -f "${sdk_tarball}" ]]; then
-            tarballs+=("${sdk_tarball}")
+          tarballs=(dist/npm/*-"${VERSION}".tgz)
+          if [[ ${#tarballs[@]} -eq 0 ]]; then
+            echo "No npm tarballs found in dist/npm for version ${VERSION}"
+            exit 1
          fi

          for tarball in "${tarballs[@]}"; do
--- a/.gitignore
+++ b/.gitignore
@@ -52,7 +52,6 @@ yarn-error.log*
 # env
 .env*
 !.env.example
-.venv/

 # package
 *.tgz
@@ -92,3 +91,4 @@ CHANGELOG.ignore.md
 # Python bytecode files
 __pycache__/
 *.pyc
+
--- a/3
+++ b/3
@@ -4,3 +4,6 @@ Copyright 2025 OpenAI
 This project includes code derived from [Ratatui](https://github.com/ratatui/ratatui), licensed under the MIT license.
 Copyright (c) 2016-2022 Florian Dehau
 Copyright (c) 2023-2025 The Ratatui Developers
+
+This project includes Meriyah parser assets from [meriyah](https://github.com/meriyah/meriyah), licensed under the ISC license.
+Copyright (c) 2019 and later, KFlash and others.
--- a/codex-cli/.dockerignore
+++ b/codex-cli/.dockerignore
@@ -0,0 +1 @@
+node_modules/
--- a/codex-cli/Dockerfile
+++ b/codex-cli/Dockerfile
@@ -0,0 +1,59 @@
+FROM node:24-slim
+
+ARG TZ
+ENV TZ="$TZ"
+
+# Install basic development tools, ca-certificates, and iptables/ipset, then clean up apt cache to reduce image size
+RUN apt-get update && apt-get install -y --no-install-recommends \
+  aggregate \
+  ca-certificates \
+  curl \
+  dnsutils \
+  fzf \
+  gh \
+  git \
+  gnupg2 \
+  iproute2 \
+  ipset \
+  iptables \
+  jq \
+  less \
+  man-db \
+  procps \
+  unzip \
+  ripgrep \
+  zsh \
+  && rm -rf /var/lib/apt/lists/*
+
+# Ensure default node user has access to /usr/local/share
+RUN mkdir -p /usr/local/share/npm-global && \
+  chown -R node:node /usr/local/share
+
+ARG USERNAME=node
+
+# Set up non-root user
+USER node
+
+# Install global packages
+ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
+ENV PATH=$PATH:/usr/local/share/npm-global/bin
+
+# Install codex
+COPY dist/codex.tgz codex.tgz
+RUN npm install -g codex.tgz \
+  && npm cache clean --force \
+  && rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/node_modules/.cache \
+  && rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/tests \
+  && rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/docs
+
+# Inside the container we consider the environment already sufficiently locked
+# down, therefore instruct Codex CLI to allow running without sandboxing.
+ENV CODEX_UNSAFE_ALLOW_NO_SANDBOX=1
+
+# Copy and set up firewall script as root.
+USER root
+COPY scripts/init_firewall.sh /usr/local/bin/
+RUN chmod 500 /usr/local/bin/init_firewall.sh
+
+# Drop back to non-root.
+USER node
--- a/codex-cli/package.json
+++ b/codex-cli/package.json
@@ -18,5 +18,5 @@
    "url": "git+https://github.com/openai/codex.git",
    "directory": "codex-cli"
  },
-  "packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319"
+  "packageManager": "pnpm@10.29.3+sha512.498e1fb4cca5aa06c1dcf2611e6fafc50972ffe7189998c409e90de74566444298ffe43e6cd2acdc775ba1aa7cc5e092a8b7054c811ba8c5770f84693d33d2dc"
 }
--- a/codex-cli/scripts/build_container.sh
+++ b/codex-cli/scripts/build_container.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -euo pipefail
+
+SCRIPT_DIR=$(realpath "$(dirname "$0")")
+trap "popd >> /dev/null" EXIT
+pushd "$SCRIPT_DIR/.." >> /dev/null || {
+  echo "Error: Failed to change directory to $SCRIPT_DIR/.."
+  exit 1
+}
+pnpm install
+pnpm run build
+rm -rf ./dist/openai-codex-*.tgz
+pnpm pack --pack-destination ./dist
+mv ./dist/openai-codex-*.tgz ./dist/codex.tgz
+docker build -t codex -f "./Dockerfile" .
--- a/codex-rs/BUILD.bazel
+++ b/codex-rs/BUILD.bazel
@@ -1,5 +1,6 @@
 exports_files([
    "clippy.toml",
+    "node-version.txt",
 ])

 filegroup(
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -424,15 +424,6 @@ dependencies = [
 "wiremock",
 ]

-[[package]]
-name = "arbitrary"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1"
-dependencies = [
- "derive_arbitrary",
-]
-
 [[package]]
 name = "arboard"
 version = "3.6.1"
@@ -1438,11 +1429,11 @@ dependencies = [

 [[package]]
 name = "bzip2"
-version = "0.5.2"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49ecfb22d906f800d4fe833b6282cf4dc1c298f5057ca0b5445e5c209735ca47"
+checksum = "f3a53fac24f34a81bc9954b5d6cfce0c21e18ec6959f44f56e8e90e4bb7c346c"
 dependencies = [
- "bzip2-sys",
+ "libbz2-rs-sys",
 ]

 [[package]]
@@ -1773,7 +1764,6 @@ dependencies = [
 "codex-app-server-protocol",
 "codex-git-utils",
 "codex-login",
- "codex-model-provider",
 "codex-plugin",
 "codex-protocol",
 "codex-utils-absolute-path",
@@ -1841,7 +1831,6 @@ dependencies = [
 "chrono",
 "clap",
 "codex-analytics",
- "codex-api",
 "codex-app-server-protocol",
 "codex-arg0",
 "codex-backend-client",
@@ -1856,10 +1845,8 @@ dependencies = [
 "codex-feedback",
 "codex-file-search",
 "codex-git-utils",
- "codex-hooks",
 "codex-login",
 "codex-mcp",
- "codex-model-provider",
 "codex-model-provider-info",
 "codex-models-manager",
 "codex-otel",
@@ -2049,11 +2036,9 @@ name = "codex-backend-client"
 version = "0.0.0"
 dependencies = [
 "anyhow",
- "codex-api",
 "codex-backend-openapi-models",
 "codex-client",
 "codex-login",
- "codex-model-provider",
 "codex-protocol",
 "pretty_assertions",
 "reqwest",
@@ -2077,11 +2062,11 @@ dependencies = [
 "anyhow",
 "clap",
 "codex-app-server-protocol",
+ "codex-config",
 "codex-connectors",
 "codex-core",
 "codex-git-utils",
 "codex-login",
- "codex-model-provider",
 "codex-utils-cargo-bin",
 "codex-utils-cli",
 "pretty_assertions",
@@ -2100,6 +2085,7 @@ dependencies = [
 "assert_matches",
 "clap",
 "clap_complete",
+ "codex-api",
 "codex-app-server",
 "codex-app-server-protocol",
 "codex-app-server-test-client",
@@ -2116,11 +2102,11 @@ dependencies = [
 "codex-login",
 "codex-mcp",
 "codex-mcp-server",
+ "codex-model-provider",
 "codex-models-manager",
 "codex-protocol",
 "codex-responses-api-proxy",
 "codex-rmcp-client",
- "codex-rollout-trace",
 "codex-sandboxing",
 "codex-state",
 "codex-stdio-to-uds",
@@ -2208,6 +2194,7 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "async-trait",
+ "base64 0.22.1",
 "chrono",
 "clap",
 "codex-client",
@@ -2216,7 +2203,6 @@ dependencies = [
 "codex-core",
 "codex-git-utils",
 "codex-login",
- "codex-model-provider",
 "codex-tui",
 "codex-utils-cli",
 "crossterm",
@@ -2241,7 +2227,6 @@ dependencies = [
 "anyhow",
 "async-trait",
 "chrono",
- "codex-api",
 "codex-backend-client",
 "codex-git-utils",
 "serde",
@@ -2466,7 +2451,6 @@ dependencies = [
 "codex-exec-server",
 "codex-git-utils",
 "codex-login",
- "codex-model-provider",
 "codex-otel",
 "codex-plugin",
 "codex-protocol",
@@ -2485,7 +2469,7 @@ dependencies = [
 "tracing",
 "url",
 "wiremock",
- "zip 2.4.2",
+ "zip 8.5.1",
 ]

 [[package]]
@@ -2498,7 +2482,6 @@ dependencies = [
 "codex-config",
 "codex-exec-server",
 "codex-login",
- "codex-model-provider",
 "codex-otel",
 "codex-protocol",
 "codex-skills",
@@ -2516,7 +2499,7 @@ dependencies = [
 "tokio",
 "toml 0.9.11+spec-1.1.0",
 "tracing",
- "zip 2.4.2",
+ "zip 8.5.1",
 ]

 [[package]]
@@ -2535,7 +2518,6 @@ dependencies = [
 name = "codex-device-key"
 version = "0.0.0"
 dependencies = [
- "async-trait",
 "base64 0.22.1",
 "p256",
 "pretty_assertions",
@@ -2543,7 +2525,6 @@ dependencies = [
 "serde",
 "serde_json",
 "thiserror 2.0.18",
- "tokio",
 "url",
 ]

@@ -2745,7 +2726,6 @@ dependencies = [
 "anyhow",
 "chrono",
 "codex-config",
- "codex-plugin",
 "codex-protocol",
 "codex-utils-absolute-path",
 "futures",
@@ -2860,16 +2840,15 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "async-channel",
- "codex-api",
 "codex-async-utils",
 "codex-config",
 "codex-exec-server",
 "codex-login",
- "codex-model-provider",
 "codex-otel",
 "codex-plugin",
 "codex-protocol",
 "codex-rmcp-client",
+ "codex-utils-absolute-path",
 "codex-utils-plugins",
 "futures",
 "pretty_assertions",
@@ -2924,23 +2903,14 @@ name = "codex-model-provider"
 version = "0.0.0"
 dependencies = [
 "async-trait",
- "codex-agent-identity",
 "codex-api",
 "codex-aws-auth",
 "codex-client",
- "codex-feedback",
 "codex-login",
 "codex-model-provider-info",
- "codex-models-manager",
- "codex-otel",
 "codex-protocol",
- "codex-response-debug-context",
 "http 1.4.0",
 "pretty_assertions",
- "serde_json",
- "tokio",
- "tracing",
- "wiremock",
 ]

 [[package]]
@@ -2964,21 +2934,32 @@ dependencies = [
 name = "codex-models-manager"
 version = "0.0.0"
 dependencies = [
- "async-trait",
+ "base64 0.22.1",
 "chrono",
+ "codex-api",
 "codex-app-server-protocol",
 "codex-collaboration-mode-templates",
+ "codex-config",
+ "codex-feedback",
 "codex-login",
+ "codex-model-provider",
+ "codex-model-provider-info",
 "codex-otel",
 "codex-protocol",
+ "codex-response-debug-context",
+ "codex-utils-absolute-path",
 "codex-utils-output-truncation",
 "codex-utils-template",
+ "core_test_support",
+ "http 1.4.0",
 "pretty_assertions",
 "serde",
 "serde_json",
 "tempfile",
 "tokio",
 "tracing",
+ "tracing-subscriber",
+ "wiremock",
 ]

 [[package]]
@@ -3067,7 +3048,6 @@ dependencies = [
 name = "codex-plugin"
 version = "0.0.0"
 dependencies = [
- "codex-config",
 "codex-utils-absolute-path",
 "codex-utils-plugins",
 "thiserror 2.0.18",
@@ -3165,7 +3145,6 @@ dependencies = [
 "anyhow",
 "axum",
 "bytes",
- "codex-api",
 "codex-client",
 "codex-config",
 "codex-exec-server",
@@ -3225,7 +3204,6 @@ name = "codex-rollout-trace"
 version = "0.0.0"
 dependencies = [
 "anyhow",
- "codex-code-mode",
 "codex-protocol",
 "pretty_assertions",
 "serde",
@@ -3912,6 +3890,12 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"

+[[package]]
+name = "constant_time_eq"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b"
+
 [[package]]
 name = "convert_case"
 version = "0.6.0"
@@ -4642,17 +4626,6 @@ dependencies = [
 "syn 1.0.109",
 ]

-[[package]]
-name = "derive_arbitrary"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "derive_more"
 version = "1.0.0"
@@ -5339,6 +5312,7 @@ dependencies = [
 "crc32fast",
 "libz-sys",
 "miniz_oxide",
+ "zlib-rs 0.5.5",
 ]

 [[package]]
@@ -5683,11 +5657,26 @@ dependencies = [
 "cfg-if",
 "js-sys",
 "libc",
- "r-efi",
+ "r-efi 5.3.0",
 "wasip2",
 "wasm-bindgen",
 ]

+[[package]]
+name = "getrandom"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
+dependencies = [
+ "cfg-if",
+ "js-sys",
+ "libc",
+ "r-efi 6.0.0",
+ "wasip2",
+ "wasip3",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "gif"
 version = "0.14.1"
@@ -6005,7 +5994,7 @@ dependencies = [
 "prodash",
 "thiserror 2.0.18",
 "walkdir",
- "zlib-rs",
+ "zlib-rs 0.6.3",
 ]

 [[package]]
@@ -7300,6 +7289,12 @@ dependencies = [
 "zerovec",
 ]

+[[package]]
+name = "id-arena"
+version = "2.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954"
+
 [[package]]
 name = "ident_case"
 version = "1.0.1"
@@ -7854,6 +7849,18 @@ dependencies = [
 "spin",
 ]

+[[package]]
+name = "leb128fmt"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
+
+[[package]]
+name = "libbz2-rs-sys"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3a6a8c165077efc8f3a971534c50ea6a1a18b329ef4a66e897a7e3a1494565f"
+
 [[package]]
 name = "libc"
 version = "0.2.182"
@@ -8115,24 +8122,12 @@ dependencies = [
 ]

 [[package]]
-name = "lzma-rs"
-version = "0.3.0"
+name = "lzma-rust2"
+version = "0.16.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "297e814c836ae64db86b36cf2a557ba54368d03f6afcd7d947c266692f71115e"
+checksum = "47bb1e988e6fb779cf720ad431242d3f03167c1b3f2b1aae7f1a94b2495b36ae"
 dependencies = [
- "byteorder",
- "crc",
-]
-
-[[package]]
-name = "lzma-sys"
-version = "0.1.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fda04ab3764e6cde78b9974eec4f779acaba7c4e84b36eca3cf77c581b85d27"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
+ "sha2",
 ]

 [[package]]
@@ -8669,7 +8664,7 @@ version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d"
 dependencies = [
- "base64 0.21.7",
+ "base64 0.22.1",
 "chrono",
 "getrandom 0.2.17",
 "http 1.4.0",
@@ -9137,7 +9132,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d8fae84b431384b68627d0f9b3b1245fcf9f46f6c0e3dc902e9dce64edd1967"
 dependencies = [
 "libc",
- "windows-sys 0.45.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
@@ -9532,6 +9527,12 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"

+[[package]]
+name = "ppmd-rust"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "efca4c95a19a79d1c98f791f10aebd5c1363b473244630bb7dbde1dc98455a24"
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.21"
@@ -9927,6 +9928,12 @@ version = "5.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"

+[[package]]
+name = "r-efi"
+version = "6.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
+
 [[package]]
 name = "radix_trie"
 version = "0.2.1"
@@ -12464,6 +12471,7 @@ checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
 "deranged",
 "itoa",
+ "js-sys",
 "libc",
 "num-conv",
 "num_threads",
@@ -13100,6 +13108,12 @@ dependencies = [
 "rustc-hash 2.1.1",
 ]

+[[package]]
+name = "typed-path"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e28f89b80c87b8fb0cf04ab448d5dd0dd0ade2f8891bae878de66a75a28600e"
+
 [[package]]
 name = "typenum"
 version = "1.19.0"
@@ -13449,6 +13463,15 @@ dependencies = [
 "wit-bindgen",
 ]

+[[package]]
+name = "wasip3"
+version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5"
+dependencies = [
+ "wit-bindgen",
+]
+
 [[package]]
 name = "wasite"
 version = "0.1.0"
@@ -13514,6 +13537,28 @@ dependencies = [
 "unicode-ident",
 ]

+[[package]]
+name = "wasm-encoder"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319"
+dependencies = [
+ "leb128fmt",
+ "wasmparser",
+]
+
+[[package]]
+name = "wasm-metadata"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909"
+dependencies = [
+ "anyhow",
+ "indexmap 2.13.0",
+ "wasm-encoder",
+ "wasmparser",
+]
+
 [[package]]
 name = "wasm-streams"
 version = "0.4.2"
@@ -13527,6 +13572,18 @@ dependencies = [
 "web-sys",
 ]

+[[package]]
+name = "wasmparser"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe"
+dependencies = [
+ "bitflags 2.10.0",
+ "hashbrown 0.15.5",
+ "indexmap 2.13.0",
+ "semver",
+]
+
 [[package]]
 name = "wayland-backend"
 version = "0.3.12"
@@ -13771,7 +13828,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
@@ -14368,6 +14425,88 @@ name = "wit-bindgen"
 version = "0.51.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
+dependencies = [
+ "wit-bindgen-rust-macro",
+]
+
+[[package]]
+name = "wit-bindgen-core"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc"
+dependencies = [
+ "anyhow",
+ "heck 0.5.0",
+ "wit-parser",
+]
+
+[[package]]
+name = "wit-bindgen-rust"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21"
+dependencies = [
+ "anyhow",
+ "heck 0.5.0",
+ "indexmap 2.13.0",
+ "prettyplease",
+ "syn 2.0.114",
+ "wasm-metadata",
+ "wit-bindgen-core",
+ "wit-component",
+]
+
+[[package]]
+name = "wit-bindgen-rust-macro"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a"
+dependencies = [
+ "anyhow",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.114",
+ "wit-bindgen-core",
+ "wit-bindgen-rust",
+]
+
+[[package]]
+name = "wit-component"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2"
+dependencies = [
+ "anyhow",
+ "bitflags 2.10.0",
+ "indexmap 2.13.0",
+ "log",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "wasm-encoder",
+ "wasm-metadata",
+ "wasmparser",
+ "wit-parser",
+]
+
+[[package]]
+name = "wit-parser"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736"
+dependencies = [
+ "anyhow",
+ "id-arena",
+ "indexmap 2.13.0",
+ "log",
+ "semver",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "unicode-xid",
+ "wasmparser",
+]

 [[package]]
 name = "wl-clipboard-rs"
@@ -14457,15 +14596,6 @@ version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4"

-[[package]]
-name = "xz2"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "388c44dc09d76f1536602ead6d325eb532f5c122f17782bd57fb47baeeb767e2"
-dependencies = [
- "lzma-sys",
-]
-
 [[package]]
 name = "yaml-rust"
 version = "0.4.5"
@@ -14692,34 +14822,37 @@ dependencies = [

 [[package]]
 name = "zip"
-version = "2.4.2"
+version = "8.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fabe6324e908f85a1c52063ce7aa26b68dcb7eb6dbc83a2d148403c9bc3eba50"
+checksum = "dcab981e19633ebcf0b001ddd37dd802996098bc1864f90b7c5d970ce76c1d59"
 dependencies = [
 "aes",
- "arbitrary",
- "bzip2 0.5.2",
- "constant_time_eq 0.3.1",
+ "bzip2 0.6.1",
+ "constant_time_eq 0.4.2",
 "crc32fast",
- "crossbeam-utils",
 "deflate64",
- "displaydoc",
 "flate2",
- "getrandom 0.3.4",
+ "getrandom 0.4.2",
 "hmac",
 "indexmap 2.13.0",
- "lzma-rs",
+ "lzma-rust2",
 "memchr",
 "pbkdf2 0.12.2",
+ "ppmd-rust",
 "sha1",
- "thiserror 2.0.18",
 "time",
- "xz2",
+ "typed-path",
 "zeroize",
 "zopfli",
 "zstd 0.13.3",
 ]

+[[package]]
+name = "zlib-rs"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40990edd51aae2c2b6907af74ffb635029d5788228222c4bb811e9351c0caad3"
+
 [[package]]
 name = "zlib-rs"
 version = "0.6.3"
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -387,7 +387,7 @@ which = "8"
 whoami = "1.6.1"
 wildmatch = "2.6.1"
 winapi-util = "0.1.11"
-zip = "2.4.2"
+zip = "8.5.1"
 zstd = "0.13"

 wiremock = "0.6"
--- a/codex-rs/README.md
+++ b/codex-rs/README.md
@@ -94,7 +94,7 @@ In `workspace-write`, Codex also includes `~/.codex/memories` in its writable ro

 This folder is the root of a Cargo workspace. It contains quite a bit of experimental code, but here are the key crates:

- [`core/`](./core) contains the business logic for Codex. Ultimately, we hope this becomes a library crate that is generally useful for building other Rust/native applications that use Codex.
+- [`core/`](./core) contains the business logic for Codex. Ultimately, we hope this to be a library crate that is generally useful for building other Rust/native applications that use Codex.
 - [`exec/`](./exec) "headless" CLI for use in automation.
 - [`tui/`](./tui) CLI that launches a fullscreen TUI built with [Ratatui](https://ratatui.rs/).
 - [`cli/`](./cli) CLI multitool that provides the aforementioned CLIs via subcommands.
--- a/codex-rs/analytics/Cargo.toml
+++ b/codex-rs/analytics/Cargo.toml
@@ -16,7 +16,6 @@ workspace = true
 codex-app-server-protocol = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-login = { workspace = true }
-codex-model-provider = { workspace = true }
 codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }
 os_info = { workspace = true }
--- a/codex-rs/analytics/src/analytics_client_tests.rs
+++ b/codex-rs/analytics/src/analytics_client_tests.rs
@@ -161,7 +161,11 @@ fn sample_thread_start_response(thread_id: &str, ephemeral: bool, model: &str) -
 }

 fn sample_permission_profile() -> AppServerPermissionProfile {
-    CorePermissionProfile::from_legacy_sandbox_policy(&SandboxPolicy::DangerFullAccess).into()
+    CorePermissionProfile::from_legacy_sandbox_policy(
+        &SandboxPolicy::DangerFullAccess,
+        &test_path_buf("/tmp"),
+    )
+    .into()
 }

 fn sample_app_server_client_metadata() -> CodexAppServerClientMetadata {
--- a/codex-rs/analytics/src/client.rs
+++ b/codex-rs/analytics/src/client.rs
@@ -312,9 +312,16 @@ async fn send_track_events(
    let Some(auth) = auth_manager.auth().await else {
        return;
    };
-    if !auth.uses_codex_backend() {
+    if !auth.is_chatgpt_auth() {
        return;
    }
+    let access_token = match auth.get_token() {
+        Ok(token) => token,
+        Err(_) => return,
+    };
+    let Some(account_id) = auth.get_account_id() else {
+        return;
+    };

    let base_url = base_url.trim_end_matches('/');
    let url = format!("{base_url}/codex/analytics-events/events");
@@ -323,7 +330,8 @@ async fn send_track_events(
    let response = create_client()
        .post(&url)
        .timeout(ANALYTICS_EVENTS_TIMEOUT)
-        .headers(codex_model_provider::auth_provider_from_auth(&auth).to_auth_headers())
+        .bearer_auth(&access_token)
+        .header("chatgpt-account-id", &account_id)
        .header("Content-Type", "application/json")
        .json(&payload)
        .send()
--- a/codex-rs/analytics/src/events.rs
+++ b/codex-rs/analytics/src/events.rs
@@ -23,7 +23,7 @@ use codex_app_server_protocol::CodexErrorInfo;
 use codex_login::default_client::originator;
 use codex_plugin::PluginTelemetryMetadata;
 use codex_protocol::approvals::NetworkApprovalProtocol;
-use codex_protocol::models::AdditionalPermissionProfile;
+use codex_protocol::models::PermissionProfile;
 use codex_protocol::models::SandboxPermissions;
 use codex_protocol::protocol::GuardianAssessmentOutcome;
 use codex_protocol::protocol::GuardianCommandSource;
@@ -180,17 +180,17 @@ pub enum GuardianApprovalRequestSource {
 pub enum GuardianReviewedAction {
    Shell {
        sandbox_permissions: SandboxPermissions,
-        additional_permissions: Option<AdditionalPermissionProfile>,
+        additional_permissions: Option<PermissionProfile>,
    },
    UnifiedExec {
        sandbox_permissions: SandboxPermissions,
-        additional_permissions: Option<AdditionalPermissionProfile>,
+        additional_permissions: Option<PermissionProfile>,
        tty: bool,
    },
    Execve {
        source: GuardianCommandSource,
        program: String,
-        additional_permissions: Option<AdditionalPermissionProfile>,
+        additional_permissions: Option<PermissionProfile>,
    },
    ApplyPatch {},
    NetworkAccess {
@@ -684,7 +684,6 @@ fn analytics_hook_source(source: HookSource) -> &'static str {
        HookSource::Project => "project",
        HookSource::Mdm => "mdm",
        HookSource::SessionFlags => "session_flags",
-        HookSource::Plugin => "plugin",
        HookSource::LegacyManagedConfigFile => "legacy_managed_config_file",
        HookSource::LegacyManagedConfigMdm => "legacy_managed_config_mdm",
        HookSource::Unknown => "unknown",
--- a/codex-rs/app-server-client/src/lib.rs
+++ b/codex-rs/app-server-client/src/lib.rs
@@ -42,8 +42,6 @@ use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::ServerRequest;
 use codex_arg0::Arg0DispatchPaths;
 use codex_config::NoopThreadConfigLoader;
-use codex_config::RemoteThreadConfigLoader;
-use codex_config::ThreadConfigLoader;
 use codex_core::config::Config;
 use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
@@ -359,13 +357,6 @@ pub struct InProcessClientStartArgs {
    pub channel_capacity: usize,
 }

-fn configured_thread_config_loader(config: &Config) -> Arc<dyn ThreadConfigLoader> {
-    match config.experimental_thread_config_endpoint.as_deref() {
-        Some(endpoint) => Arc::new(RemoteThreadConfigLoader::new(endpoint)),
-        None => Arc::new(NoopThreadConfigLoader),
-    }
-}
-
 impl InProcessClientStartArgs {
    /// Builds initialize params from caller-provided metadata.
    pub fn initialize_params(&self) -> InitializeParams {
@@ -390,14 +381,13 @@ impl InProcessClientStartArgs {

    fn into_runtime_start_args(self) -> InProcessStartArgs {
        let initialize = self.initialize_params();
-        let thread_config_loader = configured_thread_config_loader(&self.config);
        InProcessStartArgs {
            arg0_paths: self.arg0_paths,
            config: self.config,
            cli_overrides: self.cli_overrides,
            loader_overrides: self.loader_overrides,
            cloud_requirements: self.cloud_requirements,
-            thread_config_loader,
+            thread_config_loader: Arc::new(NoopThreadConfigLoader),
            feedback: self.feedback,
            log_db: self.log_db,
            environment_manager: self.environment_manager,
@@ -2023,42 +2013,6 @@ mod tests {
        );
    }

-    #[tokio::test]
-    async fn runtime_start_args_use_remote_thread_config_loader_when_configured() {
-        let mut config = build_test_config().await;
-        config.experimental_thread_config_endpoint = Some("not-a-valid-endpoint".to_string());
-
-        let runtime_args = InProcessClientStartArgs {
-            arg0_paths: Arg0DispatchPaths::default(),
-            config: Arc::new(config),
-            cli_overrides: Vec::new(),
-            loader_overrides: LoaderOverrides::default(),
-            cloud_requirements: CloudRequirementsLoader::default(),
-            feedback: CodexFeedback::new(),
-            log_db: None,
-            environment_manager: Arc::new(EnvironmentManager::default_for_tests()),
-            config_warnings: Vec::new(),
-            session_source: SessionSource::Exec,
-            enable_codex_api_key_env: false,
-            client_name: "codex-app-server-client-test".to_string(),
-            client_version: "0.0.0-test".to_string(),
-            experimental_api: true,
-            opt_out_notification_methods: Vec::new(),
-            channel_capacity: DEFAULT_IN_PROCESS_CHANNEL_CAPACITY,
-        }
-        .into_runtime_start_args();
-
-        let err = runtime_args
-            .thread_config_loader
-            .load(Default::default())
-            .await
-            .expect_err("configured remote loader should try to connect");
-        assert_eq!(
-            err.code(),
-            codex_config::ThreadConfigLoadErrorCode::RequestFailed
-        );
-    }
-
    #[tokio::test]
    async fn shutdown_completes_promptly_without_retained_managers() {
        let client = start_test_client(SessionSource::Cli).await;
--- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json
@@ -1447,106 +1447,6 @@
      ],
      "type": "object"
    },
-    "HooksConfigWriteParams": {
-      "oneOf": [
-        {
-          "additionalProperties": false,
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            },
-            "key": {
-              "type": "string"
-            },
-            "pluginId": {
-              "type": "string"
-            },
-            "source": {
-              "enum": [
-                "plugin"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "enabled",
-            "key",
-            "pluginId",
-            "source"
-          ],
-          "type": "object"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            },
-            "key": {
-              "type": "string"
-            },
-            "source": {
-              "enum": [
-                "user"
-              ],
-              "type": "string"
-            },
-            "sourcePath": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "enabled",
-            "key",
-            "source",
-            "sourcePath"
-          ],
-          "type": "object"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            },
-            "key": {
-              "type": "string"
-            },
-            "source": {
-              "enum": [
-                "project"
-              ],
-              "type": "string"
-            },
-            "sourcePath": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "enabled",
-            "key",
-            "source",
-            "sourcePath"
-          ],
-          "type": "object"
-        }
-      ]
-    },
-    "HooksListParams": {
-      "properties": {
-        "cwds": {
-          "description": "When omitted or empty, defaults to the current session working directory.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "ImageDetail": {
      "enum": [
        "auto",
@@ -1821,17 +1721,6 @@
      ],
      "type": "object"
    },
-    "MarketplaceUpgradeParams": {
-      "properties": {
-        "marketplaceName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "McpResourceReadParams": {
      "properties": {
        "server": {
@@ -1992,132 +1881,61 @@
      "type": "string"
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
-      "oneOf": [
-        {
-          "properties": {
-            "entries": {
-              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
-              },
-              "type": "array"
-            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
          },
-          "required": [
-            "entries",
-            "type"
-          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+          "type": "array"
        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "unrestricted"
-              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
        }
-      ]
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
    },
    "PermissionProfileNetworkPermissions": {
      "properties": {
        "enabled": {
-          "type": "boolean"
+          "type": [
+            "boolean",
+            "null"
+          ]
        }
      },
-      "required": [
-        "enabled"
-      ],
      "type": "object"
    },
    "Personality": {
@@ -2226,6 +2044,53 @@
      ],
      "type": "object"
    },
+    "ReadOnlyAccess": {
+      "oneOf": [
+        {
+          "properties": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
+              "items": {
+                "$ref": "#/definitions/AbsolutePathBuf"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedReadOnlyAccessType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "RestrictedReadOnlyAccess",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "fullAccess"
+              ],
+              "title": "FullAccessReadOnlyAccessType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "FullAccessReadOnlyAccess",
+          "type": "object"
+        }
+      ]
+    },
    "RealtimeOutputModality": {
      "enum": [
        "text",
@@ -3109,6 +2974,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -3165,6 +3040,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
@@ -3491,15 +3376,6 @@
      ],
      "type": "object"
    },
-    "ThreadGoalStatus": {
-      "enum": [
-        "active",
-        "paused",
-        "budgetLimited",
-        "complete"
-      ],
-      "type": "string"
-    },
    "ThreadInjectItemsParams": {
      "properties": {
        "items": {
@@ -5028,30 +4904,6 @@
      "title": "Marketplace/removeRequest",
      "type": "object"
    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "marketplace/upgrade"
-          ],
-          "title": "Marketplace/upgradeRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/MarketplaceUpgradeParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Marketplace/upgradeRequest",
-      "type": "object"
-    },
    {
      "properties": {
        "id": {
@@ -5436,54 +5288,6 @@
      "title": "Skills/config/writeRequest",
      "type": "object"
    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "hooks/list"
-          ],
-          "title": "Hooks/listRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/HooksListParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Hooks/listRequest",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "hooks/config/write"
-          ],
-          "title": "Hooks/config/writeRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/HooksConfigWriteParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Hooks/config/writeRequest",
-      "type": "object"
-    },
    {
      "properties": {
        "id": {
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
@@ -78,8 +78,7 @@
            {
              "type": "null"
            }
-          ],
-          "description": "Partial overlay used for per-command permission requests."
+          ]
        }
      },
      "type": "object"
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
@@ -1915,7 +1915,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
@@ -3029,93 +3028,6 @@
      ],
      "type": "object"
    },
-    "ThreadGoal": {
-      "properties": {
-        "createdAt": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "objective": {
-          "type": "string"
-        },
-        "status": {
-          "$ref": "#/definitions/ThreadGoalStatus"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "timeUsedSeconds": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "tokenBudget": {
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "tokensUsed": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "updatedAt": {
-          "format": "int64",
-          "type": "integer"
-        }
-      },
-      "required": [
-        "createdAt",
-        "objective",
-        "status",
-        "threadId",
-        "timeUsedSeconds",
-        "tokensUsed",
-        "updatedAt"
-      ],
-      "type": "object"
-    },
-    "ThreadGoalClearedNotification": {
-      "properties": {
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "threadId"
-      ],
-      "type": "object"
-    },
-    "ThreadGoalStatus": {
-      "enum": [
-        "active",
-        "paused",
-        "budgetLimited",
-        "complete"
-      ],
-      "type": "string"
-    },
-    "ThreadGoalUpdatedNotification": {
-      "properties": {
-        "goal": {
-          "$ref": "#/definitions/ThreadGoal"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "goal",
-        "threadId"
-      ],
-      "type": "object"
-    },
    "ThreadId": {
      "type": "string"
    },
@@ -4815,46 +4727,6 @@
      "title": "Thread/name/updatedNotification",
      "type": "object"
    },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "thread/goal/updated"
-          ],
-          "title": "Thread/goal/updatedNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ThreadGoalUpdatedNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Thread/goal/updatedNotification",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "thread/goal/cleared"
-          ],
-          "title": "Thread/goal/clearedNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ThreadGoalClearedNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Thread/goal/clearedNotification",
-      "type": "object"
-    },
    {
      "properties": {
        "method": {
--- a/codex-rs/app-server-protocol/schema/json/ServerRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerRequest.json
@@ -78,8 +78,7 @@
            {
              "type": "null"
            }
-          ],
-          "description": "Partial overlay used for per-command permission requests."
+          ]
        }
      },
      "type": "object"
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
@@ -25,8 +25,7 @@
            {
              "type": "null"
            }
-          ],
-          "description": "Partial overlay used for per-command permission requests."
+          ]
        }
      },
      "type": "object"
@@ -690,30 +689,6 @@
          "title": "Marketplace/removeRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "marketplace/upgrade"
-              ],
-              "title": "Marketplace/upgradeRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/MarketplaceUpgradeParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Marketplace/upgradeRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -1098,54 +1073,6 @@
          "title": "Skills/config/writeRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "hooks/list"
-              ],
-              "title": "Hooks/listRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/HooksListParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Hooks/listRequest",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "hooks/config/write"
-              ],
-              "title": "Hooks/config/writeRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/HooksConfigWriteParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Hooks/config/writeRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -3854,46 +3781,6 @@
          "title": "Thread/name/updatedNotification",
          "type": "object"
        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "thread/goal/updated"
-              ],
-              "title": "Thread/goal/updatedNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/ThreadGoalUpdatedNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Thread/goal/updatedNotification",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "thread/goal/cleared"
-              ],
-              "title": "Thread/goal/clearedNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/ThreadGoalClearedNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Thread/goal/clearedNotification",
-          "type": "object"
-        },
        {
          "properties": {
            "method": {
@@ -5309,22 +5196,6 @@
            ],
            "title": "ChatgptAccount",
            "type": "object"
-          },
-          {
-            "properties": {
-              "type": {
-                "enum": [
-                  "amazonBedrock"
-                ],
-                "title": "AmazonBedrockAccountType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "type"
-            ],
-            "title": "AmazonBedrockAccount",
-            "type": "object"
          }
        ]
      },
@@ -9615,21 +9486,6 @@
        "title": "HookCompletedNotification",
        "type": "object"
      },
-      "HookErrorInfo": {
-        "properties": {
-          "message": {
-            "type": "string"
-          },
-          "path": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "message",
-          "path"
-        ],
-        "type": "object"
-      },
      "HookEventName": {
        "enum": [
          "preToolUse",
@@ -9656,75 +9512,6 @@
        ],
        "type": "string"
      },
-      "HookMetadata": {
-        "properties": {
-          "command": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "enabled": {
-            "type": "boolean"
-          },
-          "eventName": {
-            "$ref": "#/definitions/v2/HookEventName"
-          },
-          "handlerType": {
-            "$ref": "#/definitions/v2/HookHandlerType"
-          },
-          "key": {
-            "type": "string"
-          },
-          "matcher": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "pluginId": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "source": {
-            "$ref": "#/definitions/v2/HookSource"
-          },
-          "sourcePath": {
-            "$ref": "#/definitions/v2/AbsolutePathBuf"
-          },
-          "sourceRelativePath": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "statusMessage": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "timeoutSec": {
-            "format": "uint64",
-            "minimum": 0.0,
-            "type": [
-              "integer",
-              "null"
-            ]
-          }
-        },
-        "required": [
-          "enabled",
-          "eventName",
-          "handlerType",
-          "key",
-          "source",
-          "sourcePath"
-        ],
-        "type": "object"
-      },
      "HookOutputEntry": {
        "properties": {
          "kind": {
@@ -9869,7 +9656,6 @@
          "project",
          "mdm",
          "sessionFlags",
-          "plugin",
          "legacyManagedConfigFile",
          "legacyManagedConfigMdm",
          "unknown"
@@ -9899,164 +9685,6 @@
        "title": "HookStartedNotification",
        "type": "object"
      },
-      "HooksConfigWriteParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "oneOf": [
-          {
-            "additionalProperties": false,
-            "properties": {
-              "enabled": {
-                "type": "boolean"
-              },
-              "key": {
-                "type": "string"
-              },
-              "pluginId": {
-                "type": "string"
-              },
-              "source": {
-                "enum": [
-                  "plugin"
-                ],
-                "type": "string"
-              }
-            },
-            "required": [
-              "enabled",
-              "key",
-              "pluginId",
-              "source"
-            ],
-            "type": "object"
-          },
-          {
-            "additionalProperties": false,
-            "properties": {
-              "enabled": {
-                "type": "boolean"
-              },
-              "key": {
-                "type": "string"
-              },
-              "source": {
-                "enum": [
-                  "user"
-                ],
-                "type": "string"
-              },
-              "sourcePath": {
-                "type": "string"
-              }
-            },
-            "required": [
-              "enabled",
-              "key",
-              "source",
-              "sourcePath"
-            ],
-            "type": "object"
-          },
-          {
-            "additionalProperties": false,
-            "properties": {
-              "enabled": {
-                "type": "boolean"
-              },
-              "key": {
-                "type": "string"
-              },
-              "source": {
-                "enum": [
-                  "project"
-                ],
-                "type": "string"
-              },
-              "sourcePath": {
-                "type": "string"
-              }
-            },
-            "required": [
-              "enabled",
-              "key",
-              "source",
-              "sourcePath"
-            ],
-            "type": "object"
-          }
-        ],
-        "title": "HooksConfigWriteParams"
-      },
-      "HooksConfigWriteResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "effectiveEnabled": {
-            "type": "boolean"
-          }
-        },
-        "required": [
-          "effectiveEnabled"
-        ],
-        "title": "HooksConfigWriteResponse",
-        "type": "object"
-      },
-      "HooksListEntry": {
-        "properties": {
-          "cwd": {
-            "type": "string"
-          },
-          "errors": {
-            "items": {
-              "$ref": "#/definitions/v2/HookErrorInfo"
-            },
-            "type": "array"
-          },
-          "hooks": {
-            "items": {
-              "$ref": "#/definitions/v2/HookMetadata"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "cwd",
-          "errors",
-          "hooks"
-        ],
-        "type": "object"
-      },
-      "HooksListParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "cwds": {
-            "description": "When omitted or empty, defaults to the current session working directory.",
-            "items": {
-              "type": "string"
-            },
-            "type": [
-              "array",
-              "null"
-            ]
-          }
-        },
-        "title": "HooksListParams",
-        "type": "object"
-      },
-      "HooksListResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "data": {
-            "items": {
-              "$ref": "#/definitions/v2/HooksListEntry"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "data"
-        ],
-        "title": "HooksListResponse",
-        "type": "object"
-      },
      "ImageDetail": {
        "enum": [
          "auto",
@@ -10690,64 +10318,6 @@
        "title": "MarketplaceRemoveResponse",
        "type": "object"
      },
-      "MarketplaceUpgradeErrorInfo": {
-        "properties": {
-          "marketplaceName": {
-            "type": "string"
-          },
-          "message": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "marketplaceName",
-          "message"
-        ],
-        "type": "object"
-      },
-      "MarketplaceUpgradeParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "marketplaceName": {
-            "type": [
-              "string",
-              "null"
-            ]
-          }
-        },
-        "title": "MarketplaceUpgradeParams",
-        "type": "object"
-      },
-      "MarketplaceUpgradeResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "errors": {
-            "items": {
-              "$ref": "#/definitions/v2/MarketplaceUpgradeErrorInfo"
-            },
-            "type": "array"
-          },
-          "selectedMarketplaces": {
-            "items": {
-              "type": "string"
-            },
-            "type": "array"
-          },
-          "upgradedRoots": {
-            "items": {
-              "$ref": "#/definitions/v2/AbsolutePathBuf"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "errors",
-          "selectedMarketplaces",
-          "upgradedRoots"
-        ],
-        "title": "MarketplaceUpgradeResponse",
-        "type": "object"
-      },
      "McpAuthStatus": {
        "enum": [
          "unsupported",
@@ -11617,132 +11187,61 @@
        ]
      },
      "PermissionProfile": {
-        "oneOf": [
-          {
-            "description": "Codex owns sandbox construction for this profile.",
-            "properties": {
-              "fileSystem": {
+        "properties": {
+          "fileSystem": {
+            "anyOf": [
+              {
                "$ref": "#/definitions/v2/PermissionProfileFileSystemPermissions"
              },
-              "network": {
+              {
+                "type": "null"
+              }
+            ]
+          },
+          "network": {
+            "anyOf": [
+              {
                "$ref": "#/definitions/v2/PermissionProfileNetworkPermissions"
              },
-              "type": {
-                "enum": [
-                  "managed"
-                ],
-                "title": "ManagedPermissionProfileType",
-                "type": "string"
+              {
+                "type": "null"
              }
-            },
-            "required": [
-              "fileSystem",
-              "network",
-              "type"
-            ],
-            "title": "ManagedPermissionProfile",
-            "type": "object"
-          },
-          {
-            "description": "Do not apply an outer sandbox.",
-            "properties": {
-              "type": {
-                "enum": [
-                  "disabled"
-                ],
-                "title": "DisabledPermissionProfileType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "type"
-            ],
-            "title": "DisabledPermissionProfile",
-            "type": "object"
-          },
-          {
-            "description": "Filesystem isolation is enforced by an external caller.",
-            "properties": {
-              "network": {
-                "$ref": "#/definitions/v2/PermissionProfileNetworkPermissions"
-              },
-              "type": {
-                "enum": [
-                  "external"
-                ],
-                "title": "ExternalPermissionProfileType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "network",
-              "type"
-            ],
-            "title": "ExternalPermissionProfile",
-            "type": "object"
+            ]
          }
-        ]
+        },
+        "type": "object"
      },
      "PermissionProfileFileSystemPermissions": {
-        "oneOf": [
-          {
-            "properties": {
-              "entries": {
-                "items": {
-                  "$ref": "#/definitions/v2/FileSystemSandboxEntry"
-                },
-                "type": "array"
-              },
-              "globScanMaxDepth": {
-                "format": "uint",
-                "minimum": 1.0,
-                "type": [
-                  "integer",
-                  "null"
-                ]
-              },
-              "type": {
-                "enum": [
-                  "restricted"
-                ],
-                "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-                "type": "string"
-              }
+        "properties": {
+          "entries": {
+            "items": {
+              "$ref": "#/definitions/v2/FileSystemSandboxEntry"
            },
-            "required": [
-              "entries",
-              "type"
-            ],
-            "title": "RestrictedPermissionProfileFileSystemPermissions",
-            "type": "object"
+            "type": "array"
          },
-          {
-            "properties": {
-              "type": {
-                "enum": [
-                  "unrestricted"
-                ],
-                "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "type"
-            ],
-            "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-            "type": "object"
+          "globScanMaxDepth": {
+            "format": "uint",
+            "minimum": 1.0,
+            "type": [
+              "integer",
+              "null"
+            ]
          }
-        ]
+        },
+        "required": [
+          "entries"
+        ],
+        "type": "object"
      },
      "PermissionProfileNetworkPermissions": {
        "properties": {
          "enabled": {
-            "type": "boolean"
+            "type": [
+              "boolean",
+              "null"
+            ]
          }
        },
-        "required": [
-          "enabled"
-        ],
        "type": "object"
      },
      "Personality": {
@@ -12559,6 +12058,53 @@
        "title": "RawResponseItemCompletedNotification",
        "type": "object"
      },
+      "ReadOnlyAccess": {
+        "oneOf": [
+          {
+            "properties": {
+              "includePlatformDefaults": {
+                "default": true,
+                "type": "boolean"
+              },
+              "readableRoots": {
+                "default": [],
+                "items": {
+                  "$ref": "#/definitions/v2/AbsolutePathBuf"
+                },
+                "type": "array"
+              },
+              "type": {
+                "enum": [
+                  "restricted"
+                ],
+                "title": "RestrictedReadOnlyAccessType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ],
+            "title": "RestrictedReadOnlyAccess",
+            "type": "object"
+          },
+          {
+            "properties": {
+              "type": {
+                "enum": [
+                  "fullAccess"
+                ],
+                "title": "FullAccessReadOnlyAccessType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ],
+            "title": "FullAccessReadOnlyAccess",
+            "type": "object"
+          }
+        ]
+      },
      "RealtimeConversationVersion": {
        "enum": [
          "v1",
@@ -13767,6 +13313,16 @@
          },
          {
            "properties": {
+              "access": {
+                "allOf": [
+                  {
+                    "$ref": "#/definitions/v2/ReadOnlyAccess"
+                  }
+                ],
+                "default": {
+                  "type": "fullAccess"
+                }
+              },
              "networkAccess": {
                "default": false,
                "type": "boolean"
@@ -13823,6 +13379,16 @@
                "default": false,
                "type": "boolean"
              },
+              "readOnlyAccess": {
+                "allOf": [
+                  {
+                    "$ref": "#/definitions/v2/ReadOnlyAccess"
+                  }
+                ],
+                "default": {
+                  "type": "fullAccess"
+                }
+              },
              "type": {
                "enum": [
                  "workspaceWrite"
@@ -14896,7 +14462,7 @@
              }
            ],
            "default": null,
-            "description": "Canonical active permissions view for this thread."
+            "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
          },
          "reasoningEffort": {
            "anyOf": [
@@ -14942,97 +14508,6 @@
        "title": "ThreadForkResponse",
        "type": "object"
      },
-      "ThreadGoal": {
-        "properties": {
-          "createdAt": {
-            "format": "int64",
-            "type": "integer"
-          },
-          "objective": {
-            "type": "string"
-          },
-          "status": {
-            "$ref": "#/definitions/v2/ThreadGoalStatus"
-          },
-          "threadId": {
-            "type": "string"
-          },
-          "timeUsedSeconds": {
-            "format": "int64",
-            "type": "integer"
-          },
-          "tokenBudget": {
-            "format": "int64",
-            "type": [
-              "integer",
-              "null"
-            ]
-          },
-          "tokensUsed": {
-            "format": "int64",
-            "type": "integer"
-          },
-          "updatedAt": {
-            "format": "int64",
-            "type": "integer"
-          }
-        },
-        "required": [
-          "createdAt",
-          "objective",
-          "status",
-          "threadId",
-          "timeUsedSeconds",
-          "tokensUsed",
-          "updatedAt"
-        ],
-        "type": "object"
-      },
-      "ThreadGoalClearedNotification": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "threadId": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "threadId"
-        ],
-        "title": "ThreadGoalClearedNotification",
-        "type": "object"
-      },
-      "ThreadGoalStatus": {
-        "enum": [
-          "active",
-          "paused",
-          "budgetLimited",
-          "complete"
-        ],
-        "type": "string"
-      },
-      "ThreadGoalUpdatedNotification": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "goal": {
-            "$ref": "#/definitions/v2/ThreadGoal"
-          },
-          "threadId": {
-            "type": "string"
-          },
-          "turnId": {
-            "type": [
-              "string",
-              "null"
-            ]
-          }
-        },
-        "required": [
-          "goal",
-          "threadId"
-        ],
-        "title": "ThreadGoalUpdatedNotification",
-        "type": "object"
-      },
      "ThreadId": {
        "type": "string"
      },
@@ -16430,7 +15905,7 @@
              }
            ],
            "default": null,
-            "description": "Canonical active permissions view for this thread."
+            "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
          },
          "reasoningEffort": {
            "anyOf": [
@@ -16757,7 +16232,7 @@
              }
            ],
            "default": null,
-            "description": "Canonical active permissions view for this thread."
+            "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
          },
          "reasoningEffort": {
            "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
@@ -46,22 +46,6 @@
          ],
          "title": "ChatgptAccount",
          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "amazonBedrock"
-              ],
-              "title": "AmazonBedrockAccountType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "AmazonBedrockAccount",
-          "type": "object"
        }
      ]
    },
@@ -1396,30 +1380,6 @@
          "title": "Marketplace/removeRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "marketplace/upgrade"
-              ],
-              "title": "Marketplace/upgradeRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/MarketplaceUpgradeParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Marketplace/upgradeRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -1804,54 +1764,6 @@
          "title": "Skills/config/writeRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "hooks/list"
-              ],
-              "title": "Hooks/listRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/HooksListParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Hooks/listRequest",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "hooks/config/write"
-              ],
-              "title": "Hooks/config/writeRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/HooksConfigWriteParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Hooks/config/writeRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -6245,21 +6157,6 @@
      "title": "HookCompletedNotification",
      "type": "object"
    },
-    "HookErrorInfo": {
-      "properties": {
-        "message": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "message",
-        "path"
-      ],
-      "type": "object"
-    },
    "HookEventName": {
      "enum": [
        "preToolUse",
@@ -6286,75 +6183,6 @@
      ],
      "type": "string"
    },
-    "HookMetadata": {
-      "properties": {
-        "command": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "enabled": {
-          "type": "boolean"
-        },
-        "eventName": {
-          "$ref": "#/definitions/HookEventName"
-        },
-        "handlerType": {
-          "$ref": "#/definitions/HookHandlerType"
-        },
-        "key": {
-          "type": "string"
-        },
-        "matcher": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "pluginId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "source": {
-          "$ref": "#/definitions/HookSource"
-        },
-        "sourcePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "sourceRelativePath": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "statusMessage": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "timeoutSec": {
-          "format": "uint64",
-          "minimum": 0.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "enabled",
-        "eventName",
-        "handlerType",
-        "key",
-        "source",
-        "sourcePath"
-      ],
-      "type": "object"
-    },
    "HookOutputEntry": {
      "properties": {
        "kind": {
@@ -6499,7 +6327,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
@@ -6529,164 +6356,6 @@
      "title": "HookStartedNotification",
      "type": "object"
    },
-    "HooksConfigWriteParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "oneOf": [
-        {
-          "additionalProperties": false,
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            },
-            "key": {
-              "type": "string"
-            },
-            "pluginId": {
-              "type": "string"
-            },
-            "source": {
-              "enum": [
-                "plugin"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "enabled",
-            "key",
-            "pluginId",
-            "source"
-          ],
-          "type": "object"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            },
-            "key": {
-              "type": "string"
-            },
-            "source": {
-              "enum": [
-                "user"
-              ],
-              "type": "string"
-            },
-            "sourcePath": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "enabled",
-            "key",
-            "source",
-            "sourcePath"
-          ],
-          "type": "object"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            },
-            "key": {
-              "type": "string"
-            },
-            "source": {
-              "enum": [
-                "project"
-              ],
-              "type": "string"
-            },
-            "sourcePath": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "enabled",
-            "key",
-            "source",
-            "sourcePath"
-          ],
-          "type": "object"
-        }
-      ],
-      "title": "HooksConfigWriteParams"
-    },
-    "HooksConfigWriteResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "effectiveEnabled": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "effectiveEnabled"
-      ],
-      "title": "HooksConfigWriteResponse",
-      "type": "object"
-    },
-    "HooksListEntry": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "errors": {
-          "items": {
-            "$ref": "#/definitions/HookErrorInfo"
-          },
-          "type": "array"
-        },
-        "hooks": {
-          "items": {
-            "$ref": "#/definitions/HookMetadata"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "errors",
-        "hooks"
-      ],
-      "type": "object"
-    },
-    "HooksListParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "cwds": {
-          "description": "When omitted or empty, defaults to the current session working directory.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        }
-      },
-      "title": "HooksListParams",
-      "type": "object"
-    },
-    "HooksListResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "data": {
-          "items": {
-            "$ref": "#/definitions/HooksListEntry"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "data"
-      ],
-      "title": "HooksListResponse",
-      "type": "object"
-    },
    "ImageDetail": {
      "enum": [
        "auto",
@@ -7364,64 +7033,6 @@
      "title": "MarketplaceRemoveResponse",
      "type": "object"
    },
-    "MarketplaceUpgradeErrorInfo": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "message"
-      ],
-      "type": "object"
-    },
-    "MarketplaceUpgradeParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "marketplaceName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "title": "MarketplaceUpgradeParams",
-      "type": "object"
-    },
-    "MarketplaceUpgradeResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "errors": {
-          "items": {
-            "$ref": "#/definitions/MarketplaceUpgradeErrorInfo"
-          },
-          "type": "array"
-        },
-        "selectedMarketplaces": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "upgradedRoots": {
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "errors",
-        "selectedMarketplaces",
-        "upgradedRoots"
-      ],
-      "title": "MarketplaceUpgradeResponse",
-      "type": "object"
-    },
    "McpAuthStatus": {
      "enum": [
        "unsupported",
@@ -8291,132 +7902,61 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
-      "oneOf": [
-        {
-          "properties": {
-            "entries": {
-              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
-              },
-              "type": "array"
-            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
          },
-          "required": [
-            "entries",
-            "type"
-          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+          "type": "array"
        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "unrestricted"
-              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
        }
-      ]
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
    },
    "PermissionProfileNetworkPermissions": {
      "properties": {
        "enabled": {
-          "type": "boolean"
+          "type": [
+            "boolean",
+            "null"
+          ]
        }
      },
-      "required": [
-        "enabled"
-      ],
      "type": "object"
    },
    "Personality": {
@@ -9233,6 +8773,53 @@
      "title": "RawResponseItemCompletedNotification",
      "type": "object"
    },
+    "ReadOnlyAccess": {
+      "oneOf": [
+        {
+          "properties": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
+              "items": {
+                "$ref": "#/definitions/AbsolutePathBuf"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedReadOnlyAccessType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "RestrictedReadOnlyAccess",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "fullAccess"
+              ],
+              "title": "FullAccessReadOnlyAccessType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "FullAccessReadOnlyAccess",
+          "type": "object"
+        }
+      ]
+    },
    "RealtimeConversationVersion": {
      "enum": [
        "v1",
@@ -10441,6 +10028,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -10497,6 +10094,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
@@ -10735,46 +10342,6 @@
          "title": "Thread/name/updatedNotification",
          "type": "object"
        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "thread/goal/updated"
-              ],
-              "title": "Thread/goal/updatedNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/ThreadGoalUpdatedNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Thread/goal/updatedNotification",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "thread/goal/cleared"
-              ],
-              "title": "Thread/goal/clearedNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/ThreadGoalClearedNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Thread/goal/clearedNotification",
-          "type": "object"
-        },
        {
          "properties": {
            "method": {
@@ -12782,7 +12349,7 @@
            }
          ],
          "default": null,
-          "description": "Canonical active permissions view for this thread."
+          "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
        },
        "reasoningEffort": {
          "anyOf": [
@@ -12828,97 +12395,6 @@
      "title": "ThreadForkResponse",
      "type": "object"
    },
-    "ThreadGoal": {
-      "properties": {
-        "createdAt": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "objective": {
-          "type": "string"
-        },
-        "status": {
-          "$ref": "#/definitions/ThreadGoalStatus"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "timeUsedSeconds": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "tokenBudget": {
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "tokensUsed": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "updatedAt": {
-          "format": "int64",
-          "type": "integer"
-        }
-      },
-      "required": [
-        "createdAt",
-        "objective",
-        "status",
-        "threadId",
-        "timeUsedSeconds",
-        "tokensUsed",
-        "updatedAt"
-      ],
-      "type": "object"
-    },
-    "ThreadGoalClearedNotification": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "threadId"
-      ],
-      "title": "ThreadGoalClearedNotification",
-      "type": "object"
-    },
-    "ThreadGoalStatus": {
-      "enum": [
-        "active",
-        "paused",
-        "budgetLimited",
-        "complete"
-      ],
-      "type": "string"
-    },
-    "ThreadGoalUpdatedNotification": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "goal": {
-          "$ref": "#/definitions/ThreadGoal"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "goal",
-        "threadId"
-      ],
-      "title": "ThreadGoalUpdatedNotification",
-      "type": "object"
-    },
    "ThreadId": {
      "type": "string"
    },
@@ -14316,7 +13792,7 @@
            }
          ],
          "default": null,
-          "description": "Canonical active permissions view for this thread."
+          "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
        },
        "reasoningEffort": {
          "anyOf": [
@@ -14643,7 +14119,7 @@
            }
          ],
          "default": null,
-          "description": "Canonical active permissions view for this thread."
+          "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
        },
        "reasoningEffort": {
          "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
@@ -246,134 +246,110 @@
      "type": "string"
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
+          },
+          "type": "array"
+        },
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "ReadOnlyAccess": {
      "oneOf": [
        {
          "properties": {
-            "entries": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
+                "$ref": "#/definitions/AbsolutePathBuf"
              },
              "type": "array"
            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
            "type": {
              "enum": [
                "restricted"
              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "RestrictedReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
-            "entries",
            "type"
          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "title": "RestrictedReadOnlyAccess",
          "type": "object"
        },
        {
          "properties": {
            "type": {
              "enum": [
-                "unrestricted"
+                "fullAccess"
              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "FullAccessReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
            "type"
          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "title": "FullAccessReadOnlyAccess",
          "type": "object"
        }
      ]
    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "enabled"
-      ],
-      "type": "object"
-    },
    "SandboxPolicy": {
      "oneOf": [
        {
@@ -394,6 +370,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -450,6 +436,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
--- a/codex-rs/app-server-protocol/schema/json/v2/GetAccountResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/GetAccountResponse.json
@@ -42,22 +42,6 @@
          ],
          "title": "ChatgptAccount",
          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "amazonBedrock"
-              ],
-              "title": "AmazonBedrockAccountType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "AmazonBedrockAccount",
-          "type": "object"
        }
      ]
    },
--- a/codex-rs/app-server-protocol/schema/json/v2/HookCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HookCompletedNotification.json
@@ -160,7 +160,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
--- a/codex-rs/app-server-protocol/schema/json/v2/HookStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HookStartedNotification.json
@@ -160,7 +160,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
--- a/codex-rs/app-server-protocol/schema/json/v2/HooksConfigWriteParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HooksConfigWriteParams.json
@@ -1,87 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "oneOf": [
-    {
-      "additionalProperties": false,
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        },
-        "key": {
-          "type": "string"
-        },
-        "pluginId": {
-          "type": "string"
-        },
-        "source": {
-          "enum": [
-            "plugin"
-          ],
-          "type": "string"
-        }
-      },
-      "required": [
-        "enabled",
-        "key",
-        "pluginId",
-        "source"
-      ],
-      "type": "object"
-    },
-    {
-      "additionalProperties": false,
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        },
-        "key": {
-          "type": "string"
-        },
-        "source": {
-          "enum": [
-            "user"
-          ],
-          "type": "string"
-        },
-        "sourcePath": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "enabled",
-        "key",
-        "source",
-        "sourcePath"
-      ],
-      "type": "object"
-    },
-    {
-      "additionalProperties": false,
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        },
-        "key": {
-          "type": "string"
-        },
-        "source": {
-          "enum": [
-            "project"
-          ],
-          "type": "string"
-        },
-        "sourcePath": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "enabled",
-        "key",
-        "source",
-        "sourcePath"
-      ],
-      "type": "object"
-    }
-  ],
-  "title": "HooksConfigWriteParams"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/HooksConfigWriteResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HooksConfigWriteResponse.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "effectiveEnabled": {
-      "type": "boolean"
-    }
-  },
-  "required": [
-    "effectiveEnabled"
-  ],
-  "title": "HooksConfigWriteResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/HooksListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HooksListParams.json
@@ -1,17 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "cwds": {
-      "description": "When omitted or empty, defaults to the current session working directory.",
-      "items": {
-        "type": "string"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    }
-  },
-  "title": "HooksListParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/HooksListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HooksListResponse.json
@@ -1,164 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "HookErrorInfo": {
-      "properties": {
-        "message": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "message",
-        "path"
-      ],
-      "type": "object"
-    },
-    "HookEventName": {
-      "enum": [
-        "preToolUse",
-        "permissionRequest",
-        "postToolUse",
-        "sessionStart",
-        "userPromptSubmit",
-        "stop"
-      ],
-      "type": "string"
-    },
-    "HookHandlerType": {
-      "enum": [
-        "command",
-        "prompt",
-        "agent"
-      ],
-      "type": "string"
-    },
-    "HookMetadata": {
-      "properties": {
-        "command": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "enabled": {
-          "type": "boolean"
-        },
-        "eventName": {
-          "$ref": "#/definitions/HookEventName"
-        },
-        "handlerType": {
-          "$ref": "#/definitions/HookHandlerType"
-        },
-        "key": {
-          "type": "string"
-        },
-        "matcher": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "pluginId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "source": {
-          "$ref": "#/definitions/HookSource"
-        },
-        "sourcePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "sourceRelativePath": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "statusMessage": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "timeoutSec": {
-          "format": "uint64",
-          "minimum": 0.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "enabled",
-        "eventName",
-        "handlerType",
-        "key",
-        "source",
-        "sourcePath"
-      ],
-      "type": "object"
-    },
-    "HookSource": {
-      "enum": [
-        "system",
-        "user",
-        "project",
-        "mdm",
-        "sessionFlags",
-        "plugin",
-        "legacyManagedConfigFile",
-        "legacyManagedConfigMdm",
-        "unknown"
-      ],
-      "type": "string"
-    },
-    "HooksListEntry": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "errors": {
-          "items": {
-            "$ref": "#/definitions/HookErrorInfo"
-          },
-          "type": "array"
-        },
-        "hooks": {
-          "items": {
-            "$ref": "#/definitions/HookMetadata"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "errors",
-        "hooks"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "data": {
-      "items": {
-        "$ref": "#/definitions/HooksListEntry"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "data"
-  ],
-  "title": "HooksListResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "marketplaceName": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "title": "MarketplaceUpgradeParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeResponse.json
@@ -1,51 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "MarketplaceUpgradeErrorInfo": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "message"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "errors": {
-      "items": {
-        "$ref": "#/definitions/MarketplaceUpgradeErrorInfo"
-      },
-      "type": "array"
-    },
-    "selectedMarketplaces": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    },
-    "upgradedRoots": {
-      "items": {
-        "$ref": "#/definitions/AbsolutePathBuf"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "errors",
-    "selectedMarketplaces",
-    "upgradedRoots"
-  ],
-  "title": "MarketplaceUpgradeResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json
@@ -276,132 +276,61 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
-      "oneOf": [
-        {
-          "properties": {
-            "entries": {
-              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
-              },
-              "type": "array"
-            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
          },
-          "required": [
-            "entries",
-            "type"
-          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+          "type": "array"
        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "unrestricted"
-              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
        }
-      ]
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
    },
    "PermissionProfileNetworkPermissions": {
      "properties": {
        "enabled": {
-          "type": "boolean"
+          "type": [
+            "boolean",
+            "null"
+          ]
        }
      },
-      "required": [
-        "enabled"
-      ],
      "type": "object"
    },
    "SandboxMode": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
@@ -900,134 +900,110 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
+          },
+          "type": "array"
+        },
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "ReadOnlyAccess": {
      "oneOf": [
        {
          "properties": {
-            "entries": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
+                "$ref": "#/definitions/AbsolutePathBuf"
              },
              "type": "array"
            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
            "type": {
              "enum": [
                "restricted"
              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "RestrictedReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
-            "entries",
            "type"
          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "title": "RestrictedReadOnlyAccess",
          "type": "object"
        },
        {
          "properties": {
            "type": {
              "enum": [
-                "unrestricted"
+                "fullAccess"
              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "FullAccessReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
            "type"
          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "title": "FullAccessReadOnlyAccess",
          "type": "object"
        }
      ]
    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "enabled"
-      ],
-      "type": "object"
-    },
    "ReasoningEffort": {
      "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
      "enum": [
@@ -1060,6 +1036,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -1116,6 +1102,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
@@ -2510,7 +2506,7 @@
        }
      ],
      "default": null,
-      "description": "Canonical active permissions view for this thread."
+      "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
    },
    "reasoningEffort": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadGoalClearedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadGoalClearedNotification.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "threadId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "threadId"
-  ],
-  "title": "ThreadGoalClearedNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadGoalUpdatedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadGoalUpdatedNotification.json
@@ -1,80 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ThreadGoal": {
-      "properties": {
-        "createdAt": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "objective": {
-          "type": "string"
-        },
-        "status": {
-          "$ref": "#/definitions/ThreadGoalStatus"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "timeUsedSeconds": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "tokenBudget": {
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "tokensUsed": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "updatedAt": {
-          "format": "int64",
-          "type": "integer"
-        }
-      },
-      "required": [
-        "createdAt",
-        "objective",
-        "status",
-        "threadId",
-        "timeUsedSeconds",
-        "tokensUsed",
-        "updatedAt"
-      ],
-      "type": "object"
-    },
-    "ThreadGoalStatus": {
-      "enum": [
-        "active",
-        "paused",
-        "budgetLimited",
-        "complete"
-      ],
-      "type": "string"
-    }
-  },
-  "properties": {
-    "goal": {
-      "$ref": "#/definitions/ThreadGoal"
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "turnId": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "goal",
-    "threadId"
-  ],
-  "title": "ThreadGoalUpdatedNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json
@@ -542,132 +542,61 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
-      "oneOf": [
-        {
-          "properties": {
-            "entries": {
-              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
-              },
-              "type": "array"
-            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
          },
-          "required": [
-            "entries",
-            "type"
-          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+          "type": "array"
        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "unrestricted"
-              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
        }
-      ]
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
    },
    "PermissionProfileNetworkPermissions": {
      "properties": {
        "enabled": {
-          "type": "boolean"
+          "type": [
+            "boolean",
+            "null"
+          ]
        }
      },
-      "required": [
-        "enabled"
-      ],
      "type": "object"
    },
    "Personality": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
@@ -900,134 +900,110 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
+          },
+          "type": "array"
+        },
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "ReadOnlyAccess": {
      "oneOf": [
        {
          "properties": {
-            "entries": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
+                "$ref": "#/definitions/AbsolutePathBuf"
              },
              "type": "array"
            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
            "type": {
              "enum": [
                "restricted"
              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "RestrictedReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
-            "entries",
            "type"
          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "title": "RestrictedReadOnlyAccess",
          "type": "object"
        },
        {
          "properties": {
            "type": {
              "enum": [
-                "unrestricted"
+                "fullAccess"
              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "FullAccessReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
            "type"
          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "title": "FullAccessReadOnlyAccess",
          "type": "object"
        }
      ]
    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "enabled"
-      ],
-      "type": "object"
-    },
    "ReasoningEffort": {
      "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
      "enum": [
@@ -1060,6 +1036,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -1116,6 +1102,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
@@ -2510,7 +2506,7 @@
        }
      ],
      "default": null,
-      "description": "Canonical active permissions view for this thread."
+      "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
    },
    "reasoningEffort": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json
@@ -302,132 +302,61 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
-      "oneOf": [
-        {
-          "properties": {
-            "entries": {
-              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
-              },
-              "type": "array"
-            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
          },
-          "required": [
-            "entries",
-            "type"
-          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+          "type": "array"
        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "unrestricted"
-              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
        }
-      ]
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
    },
    "PermissionProfileNetworkPermissions": {
      "properties": {
        "enabled": {
-          "type": "boolean"
+          "type": [
+            "boolean",
+            "null"
+          ]
        }
      },
-      "required": [
-        "enabled"
-      ],
      "type": "object"
    },
    "Personality": {
@@ -459,21 +388,6 @@
        "clear"
      ],
      "type": "string"
-    },
-    "TurnEnvironmentParams": {
-      "properties": {
-        "cwd": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "environmentId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "cwd",
-        "environmentId"
-      ],
-      "type": "object"
    }
  },
  "properties": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
@@ -900,134 +900,110 @@
      ]
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
+          },
+          "type": "array"
+        },
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "ReadOnlyAccess": {
      "oneOf": [
        {
          "properties": {
-            "entries": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
+                "$ref": "#/definitions/AbsolutePathBuf"
              },
              "type": "array"
            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
            "type": {
              "enum": [
                "restricted"
              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "RestrictedReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
-            "entries",
            "type"
          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "title": "RestrictedReadOnlyAccess",
          "type": "object"
        },
        {
          "properties": {
            "type": {
              "enum": [
-                "unrestricted"
+                "fullAccess"
              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "title": "FullAccessReadOnlyAccessType",
              "type": "string"
            }
          },
          "required": [
            "type"
          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "title": "FullAccessReadOnlyAccess",
          "type": "object"
        }
      ]
    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "enabled"
-      ],
-      "type": "object"
-    },
    "ReasoningEffort": {
      "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
      "enum": [
@@ -1060,6 +1036,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -1116,6 +1102,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
@@ -2510,7 +2506,7 @@
        }
      ],
      "default": null,
-      "description": "Canonical active permissions view for this thread."
+      "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
    },
    "reasoningEffort": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
@@ -326,132 +326,61 @@
      "type": "string"
    },
    "PermissionProfile": {
-      "oneOf": [
-        {
-          "description": "Codex owns sandbox construction for this profile.",
-          "properties": {
-            "fileSystem": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
            },
-            "network": {
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
            },
-            "type": {
-              "enum": [
-                "managed"
-              ],
-              "title": "ManagedPermissionProfileType",
-              "type": "string"
+            {
+              "type": "null"
            }
-          },
-          "required": [
-            "fileSystem",
-            "network",
-            "type"
-          ],
-          "title": "ManagedPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Do not apply an outer sandbox.",
-          "properties": {
-            "type": {
-              "enum": [
-                "disabled"
-              ],
-              "title": "DisabledPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DisabledPermissionProfile",
-          "type": "object"
-        },
-        {
-          "description": "Filesystem isolation is enforced by an external caller.",
-          "properties": {
-            "network": {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            "type": {
-              "enum": [
-                "external"
-              ],
-              "title": "ExternalPermissionProfileType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "network",
-            "type"
-          ],
-          "title": "ExternalPermissionProfile",
-          "type": "object"
+          ]
        }
-      ]
+      },
+      "type": "object"
    },
    "PermissionProfileFileSystemPermissions": {
-      "oneOf": [
-        {
-          "properties": {
-            "entries": {
-              "items": {
-                "$ref": "#/definitions/FileSystemSandboxEntry"
-              },
-              "type": "array"
-            },
-            "globScanMaxDepth": {
-              "format": "uint",
-              "minimum": 1.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
+      "properties": {
+        "entries": {
+          "items": {
+            "$ref": "#/definitions/FileSystemSandboxEntry"
          },
-          "required": [
-            "entries",
-            "type"
-          ],
-          "title": "RestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+          "type": "array"
        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "unrestricted"
-              ],
-              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
-          "type": "object"
+        "globScanMaxDepth": {
+          "format": "uint",
+          "minimum": 1.0,
+          "type": [
+            "integer",
+            "null"
+          ]
        }
-      ]
+      },
+      "required": [
+        "entries"
+      ],
+      "type": "object"
    },
    "PermissionProfileNetworkPermissions": {
      "properties": {
        "enabled": {
-          "type": "boolean"
+          "type": [
+            "boolean",
+            "null"
+          ]
        }
      },
-      "required": [
-        "enabled"
-      ],
      "type": "object"
    },
    "Personality": {
@@ -462,6 +391,53 @@
      ],
      "type": "string"
    },
+    "ReadOnlyAccess": {
+      "oneOf": [
+        {
+          "properties": {
+            "includePlatformDefaults": {
+              "default": true,
+              "type": "boolean"
+            },
+            "readableRoots": {
+              "default": [],
+              "items": {
+                "$ref": "#/definitions/AbsolutePathBuf"
+              },
+              "type": "array"
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedReadOnlyAccessType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "RestrictedReadOnlyAccess",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "fullAccess"
+              ],
+              "title": "FullAccessReadOnlyAccessType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "FullAccessReadOnlyAccess",
+          "type": "object"
+        }
+      ]
+    },
    "ReasoningEffort": {
      "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
      "enum": [
@@ -514,6 +490,16 @@
        },
        {
          "properties": {
+            "access": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "networkAccess": {
              "default": false,
              "type": "boolean"
@@ -570,6 +556,16 @@
              "default": false,
              "type": "boolean"
            },
+            "readOnlyAccess": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/ReadOnlyAccess"
+                }
+              ],
+              "default": {
+                "type": "fullAccess"
+              }
+            },
            "type": {
              "enum": [
                "workspaceWrite"
--- a/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
--- a/codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts
--- a/codex-rs/app-server-protocol/schema/typescript/v2/Account.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/Account.ts
@@ -3,4 +3,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { PlanType } from "../PlanType";

-export type Account = { "type": "apiKey", } | { "type": "chatgpt", email: string, planType: PlanType, } | { "type": "amazonBedrock", };
+export type Account = { "type": "apiKey", } | { "type": "chatgpt", email: string, planType: PlanType, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AdditionalPermissionProfile.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AdditionalPermissionProfile.ts
@@ -4,8 +4,4 @@
 import type { AdditionalFileSystemPermissions } from "./AdditionalFileSystemPermissions";
 import type { AdditionalNetworkPermissions } from "./AdditionalNetworkPermissions";

-export type AdditionalPermissionProfile = {
-/**
- * Partial overlay used for per-command permission requests.
- */
-network: AdditionalNetworkPermissions | null, fileSystem: AdditionalFileSystemPermissions | null, };
+export type AdditionalPermissionProfile = { network: AdditionalNetworkPermissions | null, fileSystem: AdditionalFileSystemPermissions | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HookErrorInfo.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HookErrorInfo.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type HookErrorInfo = { path: string, message: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HookMetadata.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HookMetadata.ts
@@ -1,9 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AbsolutePathBuf } from "../AbsolutePathBuf";
-import type { HookEventName } from "./HookEventName";
-import type { HookHandlerType } from "./HookHandlerType";
-import type { HookSource } from "./HookSource";
-
-export type HookMetadata = { source: HookSource, pluginId: string | null, key: string, eventName: HookEventName, matcher: string | null, handlerType: HookHandlerType, command: string | null, timeoutSec: bigint | null, statusMessage: string | null, sourcePath: AbsolutePathBuf, sourceRelativePath: string | null, enabled: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HookSource.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HookSource.ts
@@ -2,4 +2,4 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-export type HookSource = "system" | "user" | "project" | "mdm" | "sessionFlags" | "plugin" | "legacyManagedConfigFile" | "legacyManagedConfigMdm" | "unknown";
+export type HookSource = "system" | "user" | "project" | "mdm" | "sessionFlags" | "legacyManagedConfigFile" | "legacyManagedConfigMdm" | "unknown";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HooksConfigWriteParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HooksConfigWriteParams.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type HooksConfigWriteParams = { "source": "plugin", pluginId: string, key: string, enabled: boolean, } | { "source": "user", sourcePath: string, key: string, enabled: boolean, } | { "source": "project", sourcePath: string, key: string, enabled: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HooksConfigWriteResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HooksConfigWriteResponse.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type HooksConfigWriteResponse = { effectiveEnabled: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HooksListEntry.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HooksListEntry.ts
@@ -1,7 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { HookErrorInfo } from "./HookErrorInfo";
-import type { HookMetadata } from "./HookMetadata";
-
-export type HooksListEntry = { cwd: string, hooks: Array<HookMetadata>, errors: Array<HookErrorInfo>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HooksListParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HooksListParams.ts
@@ -1,9 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type HooksListParams = {
-/**
- * When omitted or empty, defaults to the current session working directory.
- */
-cwds?: Array<string> | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/HooksListResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/HooksListResponse.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { HooksListEntry } from "./HooksListEntry";
-
-export type HooksListResponse = { data: Array<HooksListEntry>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeErrorInfo.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeErrorInfo.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type MarketplaceUpgradeErrorInfo = { marketplaceName: string, message: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeParams.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type MarketplaceUpgradeParams = { marketplaceName?: string | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeResponse.ts
@@ -1,7 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AbsolutePathBuf } from "../AbsolutePathBuf";
-import type { MarketplaceUpgradeErrorInfo } from "./MarketplaceUpgradeErrorInfo";
-
-export type MarketplaceUpgradeResponse = { selectedMarketplaces: Array<string>, upgradedRoots: Array<AbsolutePathBuf>, errors: Array<MarketplaceUpgradeErrorInfo>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfile.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfile.ts
@@ -4,4 +4,4 @@
 import type { PermissionProfileFileSystemPermissions } from "./PermissionProfileFileSystemPermissions";
 import type { PermissionProfileNetworkPermissions } from "./PermissionProfileNetworkPermissions";

-export type PermissionProfile = { "type": "managed", network: PermissionProfileNetworkPermissions, fileSystem: PermissionProfileFileSystemPermissions, } | { "type": "disabled" } | { "type": "external", network: PermissionProfileNetworkPermissions, };
+export type PermissionProfile = { network: PermissionProfileNetworkPermissions | null, fileSystem: PermissionProfileFileSystemPermissions | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileFileSystemPermissions.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileFileSystemPermissions.ts
@@ -3,4 +3,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { FileSystemSandboxEntry } from "./FileSystemSandboxEntry";

-export type PermissionProfileFileSystemPermissions = { "type": "restricted", entries: Array<FileSystemSandboxEntry>, globScanMaxDepth?: number, } | { "type": "unrestricted" };
+export type PermissionProfileFileSystemPermissions = { entries: Array<FileSystemSandboxEntry>, globScanMaxDepth?: number, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileNetworkPermissions.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileNetworkPermissions.ts
@@ -2,4 +2,4 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-export type PermissionProfileNetworkPermissions = { enabled: boolean, };
+export type PermissionProfileNetworkPermissions = { enabled: boolean | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ReadOnlyAccess.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ReadOnlyAccess.ts
@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AbsolutePathBuf } from "../AbsolutePathBuf";
+
+export type ReadOnlyAccess = { "type": "restricted", includePlatformDefaults: boolean, readableRoots: Array<AbsolutePathBuf>, } | { "type": "fullAccess" };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/SandboxPolicy.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/SandboxPolicy.ts
@@ -3,5 +3,6 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 import type { NetworkAccess } from "./NetworkAccess";
+import type { ReadOnlyAccess } from "./ReadOnlyAccess";

-export type SandboxPolicy = { "type": "dangerFullAccess" } | { "type": "readOnly", networkAccess: boolean, } | { "type": "externalSandbox", networkAccess: NetworkAccess, } | { "type": "workspaceWrite", writableRoots: Array<AbsolutePathBuf>, networkAccess: boolean, excludeTmpdirEnvVar: boolean, excludeSlashTmp: boolean, };
+export type SandboxPolicy = { "type": "dangerFullAccess" } | { "type": "readOnly", access: ReadOnlyAccess, networkAccess: boolean, } | { "type": "externalSandbox", networkAccess: NetworkAccess, } | { "type": "workspaceWrite", writableRoots: Array<AbsolutePathBuf>, readOnlyAccess: ReadOnlyAccess, networkAccess: boolean, excludeTmpdirEnvVar: boolean, excludeSlashTmp: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkResponse.ts
@@ -26,6 +26,8 @@ approvalsReviewer: ApprovalsReviewer,
 */
 sandbox: SandboxPolicy,
 /**
- * Canonical active permissions view for this thread.
+ * Canonical active permissions view for this thread when representable.
+ * This is `null` for external sandbox policies because external
+ * enforcement cannot be round-tripped as a `PermissionProfile`.
 */
 permissionProfile: PermissionProfile | null, reasoningEffort: ReasoningEffort | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoal.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoal.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { ThreadGoalStatus } from "./ThreadGoalStatus";
-
-export type ThreadGoal = { threadId: string, objective: string, status: ThreadGoalStatus, tokenBudget: number | null, tokensUsed: number, timeUsedSeconds: number, createdAt: number, updatedAt: number, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoalClearedNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoalClearedNotification.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type ThreadGoalClearedNotification = { threadId: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoalStatus.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoalStatus.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type ThreadGoalStatus = "active" | "paused" | "budgetLimited" | "complete";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoalUpdatedNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadGoalUpdatedNotification.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { ThreadGoal } from "./ThreadGoal";
-
-export type ThreadGoalUpdatedNotification = { threadId: string, turnId: string | null, goal: ThreadGoal, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeResponse.ts
@@ -26,6 +26,8 @@ approvalsReviewer: ApprovalsReviewer,
 */
 sandbox: SandboxPolicy,
 /**
- * Canonical active permissions view for this thread.
+ * Canonical active permissions view for this thread when representable.
+ * This is `null` for external sandbox policies because external
+ * enforcement cannot be round-tripped as a `PermissionProfile`.
 */
 permissionProfile: PermissionProfile | null, reasoningEffort: ReasoningEffort | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartResponse.ts
@@ -26,6 +26,8 @@ approvalsReviewer: ApprovalsReviewer,
 */
 sandbox: SandboxPolicy,
 /**
- * Canonical active permissions view for this thread.
+ * Canonical active permissions view for this thread when representable.
+ * This is `null` for external sandbox policies because external
+ * enforcement cannot be round-tripped as a `PermissionProfile`.
 */
 permissionProfile: PermissionProfile | null, reasoningEffort: ReasoningEffort | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
@@ -151,11 +151,9 @@ export type { GuardianRiskLevel } from "./GuardianRiskLevel";
 export type { GuardianUserAuthorization } from "./GuardianUserAuthorization";
 export type { GuardianWarningNotification } from "./GuardianWarningNotification";
 export type { HookCompletedNotification } from "./HookCompletedNotification";
-export type { HookErrorInfo } from "./HookErrorInfo";
 export type { HookEventName } from "./HookEventName";
 export type { HookExecutionMode } from "./HookExecutionMode";
 export type { HookHandlerType } from "./HookHandlerType";
-export type { HookMetadata } from "./HookMetadata";
 export type { HookOutputEntry } from "./HookOutputEntry";
 export type { HookOutputEntryKind } from "./HookOutputEntryKind";
 export type { HookPromptFragment } from "./HookPromptFragment";
@@ -164,11 +162,6 @@ export type { HookRunSummary } from "./HookRunSummary";
 export type { HookScope } from "./HookScope";
 export type { HookSource } from "./HookSource";
 export type { HookStartedNotification } from "./HookStartedNotification";
-export type { HooksConfigWriteParams } from "./HooksConfigWriteParams";
-export type { HooksConfigWriteResponse } from "./HooksConfigWriteResponse";
-export type { HooksListEntry } from "./HooksListEntry";
-export type { HooksListParams } from "./HooksListParams";
-export type { HooksListResponse } from "./HooksListResponse";
 export type { ItemCompletedNotification } from "./ItemCompletedNotification";
 export type { ItemGuardianApprovalReviewCompletedNotification } from "./ItemGuardianApprovalReviewCompletedNotification";
 export type { ItemGuardianApprovalReviewStartedNotification } from "./ItemGuardianApprovalReviewStartedNotification";
@@ -185,9 +178,6 @@ export type { MarketplaceInterface } from "./MarketplaceInterface";
 export type { MarketplaceLoadErrorInfo } from "./MarketplaceLoadErrorInfo";
 export type { MarketplaceRemoveParams } from "./MarketplaceRemoveParams";
 export type { MarketplaceRemoveResponse } from "./MarketplaceRemoveResponse";
-export type { MarketplaceUpgradeErrorInfo } from "./MarketplaceUpgradeErrorInfo";
-export type { MarketplaceUpgradeParams } from "./MarketplaceUpgradeParams";
-export type { MarketplaceUpgradeResponse } from "./MarketplaceUpgradeResponse";
 export type { McpAuthStatus } from "./McpAuthStatus";
 export type { McpElicitationArrayType } from "./McpElicitationArrayType";
 export type { McpElicitationBooleanSchema } from "./McpElicitationBooleanSchema";
@@ -283,6 +273,7 @@ export type { RateLimitReachedType } from "./RateLimitReachedType";
 export type { RateLimitSnapshot } from "./RateLimitSnapshot";
 export type { RateLimitWindow } from "./RateLimitWindow";
 export type { RawResponseItemCompletedNotification } from "./RawResponseItemCompletedNotification";
+export type { ReadOnlyAccess } from "./ReadOnlyAccess";
 export type { ReasoningEffortOption } from "./ReasoningEffortOption";
 export type { ReasoningSummaryPartAddedNotification } from "./ReasoningSummaryPartAddedNotification";
 export type { ReasoningSummaryTextDeltaNotification } from "./ReasoningSummaryTextDeltaNotification";
@@ -333,10 +324,6 @@ export type { ThreadCompactStartParams } from "./ThreadCompactStartParams";
 export type { ThreadCompactStartResponse } from "./ThreadCompactStartResponse";
 export type { ThreadForkParams } from "./ThreadForkParams";
 export type { ThreadForkResponse } from "./ThreadForkResponse";
-export type { ThreadGoal } from "./ThreadGoal";
-export type { ThreadGoalClearedNotification } from "./ThreadGoalClearedNotification";
-export type { ThreadGoalStatus } from "./ThreadGoalStatus";
-export type { ThreadGoalUpdatedNotification } from "./ThreadGoalUpdatedNotification";
 export type { ThreadInjectItemsParams } from "./ThreadInjectItemsParams";
 export type { ThreadInjectItemsResponse } from "./ThreadInjectItemsResponse";
 export type { ThreadItem } from "./ThreadItem";
--- a/codex-rs/app-server-protocol/src/protocol/common.rs
+++ b/codex-rs/app-server-protocol/src/protocol/common.rs
@@ -285,21 +285,6 @@ client_request_definitions! {
        params: v2::ThreadSetNameParams,
        response: v2::ThreadSetNameResponse,
    },
-    #[experimental("thread/goal/set")]
-    ThreadGoalSet => "thread/goal/set" {
-        params: v2::ThreadGoalSetParams,
-        response: v2::ThreadGoalSetResponse,
-    },
-    #[experimental("thread/goal/get")]
-    ThreadGoalGet => "thread/goal/get" {
-        params: v2::ThreadGoalGetParams,
-        response: v2::ThreadGoalGetResponse,
-    },
-    #[experimental("thread/goal/clear")]
-    ThreadGoalClear => "thread/goal/clear" {
-        params: v2::ThreadGoalClearParams,
-        response: v2::ThreadGoalClearResponse,
-    },
    ThreadMetadataUpdate => "thread/metadata/update" {
        params: v2::ThreadMetadataUpdateParams,
        response: v2::ThreadMetadataUpdateResponse,
@@ -372,10 +357,6 @@ client_request_definitions! {
        params: v2::MarketplaceRemoveParams,
        response: v2::MarketplaceRemoveResponse,
    },
-    MarketplaceUpgrade => "marketplace/upgrade" {
-        params: v2::MarketplaceUpgradeParams,
-        response: v2::MarketplaceUpgradeResponse,
-    },
    PluginList => "plugin/list" {
        params: v2::PluginListParams,
        response: v2::PluginListResponse,
@@ -440,14 +421,6 @@ client_request_definitions! {
        params: v2::SkillsConfigWriteParams,
        response: v2::SkillsConfigWriteResponse,
    },
-    HooksList => "hooks/list" {
-        params: v2::HooksListParams,
-        response: v2::HooksListResponse,
-    },
-    HooksConfigWrite => "hooks/config/write" {
-        params: v2::HooksConfigWriteParams,
-        response: v2::HooksConfigWriteResponse,
-    },
    PluginInstall => "plugin/install" {
        params: v2::PluginInstallParams,
        response: v2::PluginInstallResponse,
@@ -1050,10 +1023,6 @@ server_notification_definitions! {
    ThreadClosed => "thread/closed" (v2::ThreadClosedNotification),
    SkillsChanged => "skills/changed" (v2::SkillsChangedNotification),
    ThreadNameUpdated => "thread/name/updated" (v2::ThreadNameUpdatedNotification),
-    #[experimental("thread/goal/updated")]
-    ThreadGoalUpdated => "thread/goal/updated" (v2::ThreadGoalUpdatedNotification),
-    #[experimental("thread/goal/cleared")]
-    ThreadGoalCleared => "thread/goal/cleared" (v2::ThreadGoalClearedNotification),
    ThreadTokenUsageUpdated => "thread/tokenUsage/updated" (v2::ThreadTokenUsageUpdatedNotification),
    TurnStarted => "turn/started" (v2::TurnStartedNotification),
    HookStarted => "hook/started" (v2::HookStartedNotification),
@@ -1498,7 +1467,7 @@ mod tests {
                model: "gpt-5".to_string(),
                model_provider: "openai".to_string(),
                service_tier: None,
-                cwd,
+                cwd: cwd.clone(),
                instruction_sources: vec![absolute_path("/tmp/AGENTS.md")],
                approval_policy: v2::AskForApproval::OnFailure,
                approvals_reviewer: v2::ApprovalsReviewer::User,
@@ -1506,6 +1475,7 @@ mod tests {
                permission_profile: Some(
                    codex_protocol::models::PermissionProfile::from_legacy_sandbox_policy(
                        &codex_protocol::protocol::SandboxPolicy::DangerFullAccess,
+                        cwd.as_path(),
                    )
                    .into(),
                ),
@@ -1552,7 +1522,22 @@ mod tests {
                        "type": "dangerFullAccess"
                    },
                    "permissionProfile": {
-                        "type": "disabled"
+                        "network": {
+                            "enabled": true,
+                        },
+                        "fileSystem": {
+                            "entries": [
+                                {
+                                    "path": {
+                                        "type": "special",
+                                        "value": {
+                                            "kind": "root",
+                                        },
+                                    },
+                                    "access": "write",
+                                },
+                            ],
+                        },
                    },
                    "reasoningEffort": null
                }
@@ -2073,76 +2058,6 @@ mod tests {
        let reason = crate::experimental_api::ExperimentalApi::experimental_reason(&request);
        assert_eq!(reason, Some("thread/realtime/start"));
    }
-
-    #[test]
-    fn thread_goal_methods_are_marked_experimental() {
-        let set_request = ClientRequest::ThreadGoalSet {
-            request_id: RequestId::Integer(1),
-            params: v2::ThreadGoalSetParams {
-                thread_id: "thr_123".to_string(),
-                objective: Some("ship goal mode".to_string()),
-                status: Some(v2::ThreadGoalStatus::Active),
-                token_budget: Some(Some(10_000)),
-            },
-        };
-        let get_request = ClientRequest::ThreadGoalGet {
-            request_id: RequestId::Integer(2),
-            params: v2::ThreadGoalGetParams {
-                thread_id: "thr_123".to_string(),
-            },
-        };
-        let clear_request = ClientRequest::ThreadGoalClear {
-            request_id: RequestId::Integer(3),
-            params: v2::ThreadGoalClearParams {
-                thread_id: "thr_123".to_string(),
-            },
-        };
-
-        assert_eq!(
-            crate::experimental_api::ExperimentalApi::experimental_reason(&set_request),
-            Some("thread/goal/set")
-        );
-        assert_eq!(
-            crate::experimental_api::ExperimentalApi::experimental_reason(&get_request),
-            Some("thread/goal/get")
-        );
-        assert_eq!(
-            crate::experimental_api::ExperimentalApi::experimental_reason(&clear_request),
-            Some("thread/goal/clear")
-        );
-    }
-
-    #[test]
-    fn thread_goal_notifications_are_marked_experimental() {
-        let goal = v2::ThreadGoal {
-            thread_id: "thr_123".to_string(),
-            objective: "ship goal mode".to_string(),
-            status: v2::ThreadGoalStatus::Active,
-            token_budget: Some(10_000),
-            tokens_used: 123,
-            time_used_seconds: 45,
-            created_at: 1_700_000_000,
-            updated_at: 1_700_000_123,
-        };
-        let updated = ServerNotification::ThreadGoalUpdated(v2::ThreadGoalUpdatedNotification {
-            thread_id: "thr_123".to_string(),
-            turn_id: None,
-            goal,
-        });
-        let cleared = ServerNotification::ThreadGoalCleared(v2::ThreadGoalClearedNotification {
-            thread_id: "thr_123".to_string(),
-        });
-
-        assert_eq!(
-            crate::experimental_api::ExperimentalApi::experimental_reason(&updated),
-            Some("thread/goal/updated")
-        );
-        assert_eq!(
-            crate::experimental_api::ExperimentalApi::experimental_reason(&cleared),
-            Some("thread/goal/cleared")
-        );
-    }
-
    #[test]
    fn thread_realtime_started_notification_is_marked_experimental() {
        let notification =
--- a/codex-rs/app-server-protocol/src/protocol/v2.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v2.rs
--- a/codex-rs/app-server-test-client/src/lib.rs
+++ b/codex-rs/app-server-test-client/src/lib.rs
@@ -48,6 +48,7 @@ use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::LoginAccountResponse;
 use codex_app_server_protocol::ModelListParams;
 use codex_app_server_protocol::ModelListResponse;
+use codex_app_server_protocol::ReadOnlyAccess;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::SandboxPolicy;
 use codex_app_server_protocol::ServerNotification;
@@ -742,6 +743,7 @@ async fn trigger_zsh_fork_multi_cmd_approval(
            };
            turn_params.approval_policy = Some(AskForApproval::OnRequest);
            turn_params.sandbox_policy = Some(SandboxPolicy::ReadOnly {
+                access: ReadOnlyAccess::FullAccess,
                network_access: false,
            });

@@ -883,6 +885,7 @@ async fn trigger_cmd_approval(
            experimental_api: true,
            approval_policy: Some(AskForApproval::OnRequest),
            sandbox_policy: Some(SandboxPolicy::ReadOnly {
+                access: ReadOnlyAccess::FullAccess,
                network_access: false,
            }),
            dynamic_tools,
@@ -909,6 +912,7 @@ async fn trigger_patch_approval(
            experimental_api: true,
            approval_policy: Some(AskForApproval::OnRequest),
            sandbox_policy: Some(SandboxPolicy::ReadOnly {
+                access: ReadOnlyAccess::FullAccess,
                network_access: false,
            }),
            dynamic_tools,
--- a/codex-rs/app-server/BUILD.bazel
+++ b/codex-rs/app-server/BUILD.bazel
@@ -5,13 +5,7 @@ codex_rust_crate(
    crate_name = "codex_app_server",
    integration_test_timeout = "long",
    test_shard_counts = {
-        # Note app-server-all-test has a large number of integration tests, so
-        # even a single shard can be quite slow. When there is a legitimate
-        # test failure in a shard, it will still get run 3x in total, which
-        # can cause us to exhaust our CI timeout if the shard happens to run
-        # long. Using a higher shard count for app-server-all-test should help
-        # mitigate this risk.
-        "app-server-all-test": 16,
+        "app-server-all-test": 8,
        "app-server-unit-tests": 8,
    },
    test_tags = ["no-sandbox"],
--- a/codex-rs/app-server/Cargo.toml
+++ b/codex-rs/app-server/Cargo.toml
@@ -30,7 +30,6 @@ axum = { workspace = true, default-features = false, features = [
    "ws",
 ] }
 codex-analytics = { workspace = true }
-codex-api = { workspace = true }
 codex-arg0 = { workspace = true }
 codex-cloud-requirements = { workspace = true }
 codex-config = { workspace = true }
@@ -40,7 +39,6 @@ codex-device-key = { workspace = true }
 codex-exec-server = { workspace = true }
 codex-features = { workspace = true }
 codex-git-utils = { workspace = true }
-codex-hooks = { workspace = true }
 codex-otel = { workspace = true }
 codex-shell-command = { workspace = true }
 codex-utils-cli = { workspace = true }
@@ -50,7 +48,6 @@ codex-file-search = { workspace = true }
 codex-chatgpt = { workspace = true }
 codex-login = { workspace = true }
 codex-mcp = { workspace = true }
-codex-model-provider = { workspace = true }
 codex-models-manager = { workspace = true }
 codex-protocol = { workspace = true }
 codex-app-server-protocol = { workspace = true }
--- a/codex-rs/app-server/README.md
+++ b/codex-rs/app-server/README.md
@@ -25,7 +25,7 @@ Supported transports:

 - stdio (`--listen stdio://`, default): newline-delimited JSON (JSONL)
 - websocket (`--listen ws://IP:PORT`): one JSON-RPC message per websocket text frame (**experimental / unsupported**)
- unix socket (`--listen unix://` or `--listen unix://PATH`): websocket connections over `$CODEX_HOME/app-server-control/app-server-control.sock` or a custom socket path, using the standard HTTP Upgrade handshake
+- unix socket (`--listen unix://` or `--listen unix://PATH`): websocket frames over `$CODEX_HOME/app-server-control/app-server-control.sock` or a custom socket path without HTTP upgrade
 - off (`--listen off`): do not expose a local transport

 When running with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:
@@ -39,7 +39,7 @@ Websocket transport is currently experimental and unsupported. Do not rely on it
 The unix socket transport is intended for local app-server control-plane clients. `codex app-server proxy`
 opens exactly one raw stream connection to `$CODEX_HOME/app-server-control/app-server-control.sock`
 by default, or to `--sock PATH` when provided, and proxies bytes between that socket and stdin/stdout.
-The proxied stream carries the websocket HTTP Upgrade handshake followed by websocket frames.
+The socket uses websocket framing directly over the Unix socket, without an HTTP upgrade handshake.

 Security note:

@@ -142,7 +142,7 @@ Example with notification opt-out:

 ## API Overview

- `thread/start` — create a new thread; emits `thread/started` (including the current `thread.status`) and auto-subscribes you to turn/item events for that thread. When the request includes a `cwd` and the resolved sandbox is `workspace-write` or full access, app-server also marks that project as trusted in the user `config.toml`. Pass `sessionStartSource: "clear"` when starting a replacement thread after clearing the current session so `SessionStart` hooks receive `source: "clear"` instead of the default `"startup"`. For permissions, prefer `permissionProfile`; the legacy `sandbox` shorthand is still accepted but cannot be combined with `permissionProfile`. Experimental `environments` selects the sticky execution environments for turns on the thread; omit it to use the server default, pass `[]` to disable environments, or pass explicit environment ids with per-environment `cwd`.
+- `thread/start` — create a new thread; emits `thread/started` (including the current `thread.status`) and auto-subscribes you to turn/item events for that thread. When the request includes a `cwd` and the resolved sandbox is `workspace-write` or full access, app-server also marks that project as trusted in the user `config.toml`. Pass `sessionStartSource: "clear"` when starting a replacement thread after clearing the current session so `SessionStart` hooks receive `source: "clear"` instead of the default `"startup"`. For permissions, prefer `permissionProfile`; the legacy `sandbox` shorthand is still accepted but cannot be combined with `permissionProfile`.
 - `thread/resume` — reopen an existing thread by id so subsequent `turn/start` calls append to it. Accepts the same permission override rules as `thread/start`.
 - `thread/fork` — fork an existing thread into a new thread id by copying the stored history; if the source thread is currently mid-turn, the fork records the same interruption marker as `turn/interrupt` instead of inheriting an unmarked partial turn suffix. The returned `thread.forkedFromId` points at the source thread when known. Accepts `ephemeral: true` for an in-memory temporary fork, emits `thread/started` (including the current `thread.status`), and auto-subscribes you to turn/item events for the new thread. Pass `excludeTurns: true` when the client plans to page fork history via `thread/turns/list` instead of receiving the full turn array immediately. Accepts the same permission override rules as `thread/start`.
 - `thread/list` — page through stored rollouts; supports cursor-based pagination and optional `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filters. Each returned `thread` includes `status` (`ThreadStatus`), defaulting to `notLoaded` when the thread is not currently loaded.
@@ -152,11 +152,6 @@ Example with notification opt-out:
 - `thread/metadata/update` — patch stored thread metadata in sqlite; currently supports updating persisted `gitInfo` fields and returns the refreshed `thread`.
 - `thread/memoryMode/set` — experimental; set a thread’s persisted memory eligibility to `"enabled"` or `"disabled"` for either a loaded thread or a stored rollout; returns `{}` on success.
 - `memory/reset` — experimental; clear the current `CODEX_HOME/memories` directory and reset persisted memory stage data in sqlite while preserving existing thread memory modes; returns `{}` on success.
- `thread/goal/set` — create, replace, or update the single persisted goal for a materialized thread; returns the current goal and emits `thread/goal/updated`. Supplying a new `objective` replaces the goal and resets usage accounting. Supplying the current non-terminal objective or omitting `objective` updates the existing goal’s status and/or token budget while preserving usage.
- `thread/goal/get` — fetch the current persisted goal for a materialized thread; returns `goal: null` when no goal exists.
- `thread/goal/clear` — clear the current persisted goal for a materialized thread; returns whether a goal was removed and emits `thread/goal/cleared` when state changes.
- `thread/goal/updated` — notification emitted whenever a thread goal changes; includes the full current goal.
- `thread/goal/cleared` — notification emitted whenever a thread goal is removed.
 - `thread/status/changed` — notification emitted when a loaded thread’s status changes (`threadId` + new `status`).
 - `thread/archive` — move a thread’s rollout file into the archived directory and attempt to move any spawned descendant thread rollout files; returns `{}` on success and emits `thread/archived` for each archived thread.
 - `thread/unsubscribe` — unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server keeps the thread loaded and unloads it only after it has had no subscribers and no thread activity for 30 minutes, then emits `thread/closed`.
@@ -197,7 +192,6 @@ Example with notification opt-out:
 - `skills/list` — list skills for one or more `cwd` values (optional `forceReload`).
 - `marketplace/add` — add a remote plugin marketplace from an HTTP(S) Git URL, SSH Git URL, or GitHub `owner/repo` shorthand, then persist it into the user marketplace config. Returns the installed root path plus whether the marketplace was already present.
 - `marketplace/remove` — remove a configured marketplace by name from the user marketplace config, and delete its installed marketplace root when one exists.
- `marketplace/upgrade` — upgrade all configured Git plugin marketplaces, or one named marketplace when `marketplaceName` is provided. Returns selected marketplace names, upgraded roots, and per-marketplace errors.
 - `plugin/list` — list discovered plugin marketplaces and plugin state, including effective marketplace install/auth policy metadata, fail-open `marketplaceLoadErrors` entries for marketplace files that could not be parsed or loaded, and best-effort `featuredPluginIds` for the official curated marketplace. `interface.category` uses the marketplace category when present; otherwise it falls back to the plugin manifest category (**under development; do not call from production clients yet**).
 - `plugin/read` — read one plugin by `marketplacePath` plus `pluginName`, returning marketplace info, a list-style `summary`, manifest descriptions/interface metadata, and bundled skills/apps/MCP server names. Returned plugin skills include their current `enabled` state after local config filtering. Plugin app summaries also include `needsAuth` when the server can determine connector accessibility (**under development; do not call from production clients yet**).
 - `skills/changed` — notification emitted when watched local skill files change.
@@ -206,8 +200,6 @@ Example with notification opt-out:
 - `device/key/public` — return a device key's SPKI DER public key as base64 plus its `algorithm` and `protectionClass`.
 - `device/key/sign` — sign one of the accepted structured payload variants with a controller-local device key. The only accepted payload today is `remoteControlClientConnection`, which binds a server-issued `/client` websocket challenge to the enrolled controller device without signing the bearer token itself; this is intentionally not an arbitrary-byte signing API.
 - `skills/config/write` — write user-level skill config by name or absolute path.
- `hooks/list` — list discovered hooks for one or more `cwd` values, including source metadata, stable hook keys, and effective per-hook enabled state from user/session config.
- `hooks/config/write` — write user-level hook enablement config for plugin hooks by `pluginId` and for user/project hooks by `sourcePath`.
 - `plugin/install` — install a plugin from a discovered marketplace entry, rejecting marketplace entries marked unavailable for install, install MCPs if any, and return the effective plugin auth policy plus any apps that still need auth (**under development; do not call from production clients yet**).
 - `plugin/uninstall` — uninstall a plugin by id by removing its cached files and clearing its user-level config entry (**under development; do not call from production clients yet**).
 - `mcpServer/oauth/login` — start an OAuth login for a configured MCP server; returns an `authorization_url` and later emits `mcpServer/oauthLogin/completed` once the browser flow finishes.
@@ -477,70 +469,6 @@ Experimental: use `memory/reset` to clear local memory artifacts and sqlite-back
 { "id": 27, "result": {} }
 ```

-### Example: Set and update a thread goal
-
-Use `thread/goal/set` with an `objective` to create or replace the current goal for a materialized thread. Supplying a new objective resets `tokensUsed`, `timeUsedSeconds`, and `createdAt`. Supplying the current non-terminal objective, or omitting `objective`, updates the existing goal’s status or token budget while preserving usage history. Clients can set `budgetLimited` when they stop because a token budget is exhausted or nearly exhausted; the system also sets it when accounting crosses a configured token budget.
-
-```json
-{ "method": "thread/goal/set", "id": 27, "params": {
-    "threadId": "thr_123",
-    "objective": "Keep improving the benchmark until p95 latency is under 120ms",
-    "tokenBudget": 200000
-} }
-{ "id": 27, "result": { "goal": {
-    "threadId": "thr_123",
-    "objective": "Keep improving the benchmark until p95 latency is under 120ms",
-    "status": "active",
-    "tokenBudget": 200000,
-    "tokensUsed": 0,
-    "timeUsedSeconds": 0,
-    "createdAt": 1776272400,
-    "updatedAt": 1776272400
-} } }
-{ "method": "thread/goal/updated", "params": { "threadId": "thr_123", "goal": {
-    "threadId": "thr_123",
-    "objective": "Keep improving the benchmark until p95 latency is under 120ms",
-    "status": "active",
-    "tokenBudget": 200000,
-    "tokensUsed": 0,
-    "timeUsedSeconds": 0,
-    "createdAt": 1776272400,
-    "updatedAt": 1776272400
-} } }
-```
-
-```json
-{ "method": "thread/goal/set", "id": 28, "params": {
-    "threadId": "thr_123",
-    "status": "paused"
-} }
-{ "id": 28, "result": { "goal": {
-    "threadId": "thr_123",
-    "objective": "Keep improving the benchmark until p95 latency is under 120ms",
-    "status": "paused",
-    "tokenBudget": 200000,
-    "tokensUsed": 10000,
-    "timeUsedSeconds": 60,
-    "createdAt": 1776272400,
-    "updatedAt": 1776272460
-} } }
-```
-
-Use `thread/goal/get` to read the current goal without changing it.
-
-```json
-{ "method": "thread/goal/get", "id": 29, "params": { "threadId": "thr_123" } }
-{ "id": 29, "result": { "goal": null } }
-```
-
-Use `thread/goal/clear` to remove the current goal.
-
-```json
-{ "method": "thread/goal/clear", "id": 30, "params": { "threadId": "thr_123" } }
-{ "id": 30, "result": { "cleared": true } }
-{ "method": "thread/goal/cleared", "params": { "threadId": "thr_123" } }
-```
-
 ### Example: Archive a thread

 Use `thread/archive` to move the persisted rollout (stored as a JSONL file on disk) into the archived sessions directory and attempt to move any spawned descendant thread rollouts.
@@ -612,7 +540,7 @@ Turns attach user input (text or images) to a thread and trigger Codex generatio
 - `{"type":"image","url":"https://…png"}`
 - `{"type":"localImage","path":"/tmp/screenshot.png"}`

-You can optionally specify config overrides on the new turn. If specified, these settings become the default for subsequent turns on the same thread. `outputSchema` applies only to the current turn. Experimental `environments` is turn-scoped: omit it to inherit the thread's sticky environments, pass `[]` to run the turn with no environments, or pass explicit environment ids to override the sticky selection for this turn only.
+You can optionally specify config overrides on the new turn. If specified, these settings become the default for subsequent turns on the same thread. `outputSchema` applies only to the current turn.

 `approvalsReviewer` accepts:

@@ -908,8 +836,7 @@ Run a standalone command (argv vector) in the server’s sandbox without creatin
    "env": { "FOO": "override" },                  // optional; merges into the server env and overrides matching names
    "size": { "rows": 40, "cols": 120 },           // optional; PTY size in character cells, only valid with tty=true
    "permissionProfile": {                         // optional; defaults to user config
-        "type": "managed",
-        "fileSystem": { "type": "restricted", "entries": [
+        "fileSystem": { "entries": [
            { "path": { "type": "special", "value": { "kind": "root" } }, "access": "read" },
            { "path": { "type": "special", "value": { "kind": "current_working_directory" } }, "access": "write" }
        ] },
@@ -1304,7 +1231,7 @@ If the session approval policy uses `Granular` with `request_permissions: false`

 `dynamicTools` on `thread/start` and the corresponding `item/tool/call` request/response flow are experimental APIs. To enable them, set `initialize.params.capabilities.experimentalApi = true`.

-Each dynamic tool may set `deferLoading`. When omitted, it defaults to `false`. Set it to `true` to keep the tool registered and callable by runtime features such as `code_mode`, while excluding it from the model-facing tool list sent on ordinary turns. When `tool_search` is available, deferred dynamic tools are searchable and can be exposed by a matching search result.
+Each dynamic tool may set `deferLoading`. When omitted, it defaults to `false`. Set it to `true` to keep the tool registered and callable by runtime features such as `js_repl`, while excluding it from the model-facing tool list sent on ordinary turns. When `tool_search` is available, deferred dynamic tools are searchable and can be exposed by a matching search result.

 When a dynamic tool is invoked during a turn, the server sends an `item/tool/call` JSON-RPC request to the client:

@@ -1452,48 +1379,6 @@ To enable or disable a skill by name:
 }
 ```

-To list discovered hooks:
-
-```json
-{
-  "method": "hooks/list",
-  "id": 28,
-  "params": {
-    "cwds": ["/Users/alice/project"]
-  }
-}
-```
-
-To enable or disable a plugin-bundled hook:
-
-```json
-{
-  "method": "hooks/config/write",
-  "id": 29,
-  "params": {
-    "source": "plugin",
-    "pluginId": "demo-plugin@test-marketplace",
-    "key": "hooks/hooks.json:PreToolUse:0:0",
-    "enabled": false
-  }
-}
-```
-
-To enable or disable a user or project hook, use the hook's `sourcePath` and `key` returned by `hooks/list`:
-
-```json
-{
-  "method": "hooks/config/write",
-  "id": 30,
-  "params": {
-    "source": "project",
-    "sourcePath": "/Users/alice/project/.codex/hooks.json",
-    "key": "PreToolUse:0:0",
-    "enabled": false
-  }
-}
-```
-
 ## Apps

 Use `app/list` to fetch available apps (connectors). Each entry includes metadata like the app `id`, display `name`, `installUrl`, `branding`, `appMetadata`, `labels`, whether it is currently accessible, and whether it is enabled in config.
--- a/Show More
+++ b/Show More